Slashdot Mirror
U.S. Spam Law to Take Effect Jan. 1
We lead with news that the U.S. 'anti'-spam law, written largely by the Direct Marketing Association, will enter into effect on January 1. The bill preempts existing state laws which are tougher (states' rights anyone?), so for many citizens, this is purely a pro-spam law. The FTC is thinking about bounty hunters to enforce the new law (which you can and probably should read for yourself).
The problem is that our current email system is flawed... one of the best solutions (or actually work-arounds) for the current protocol is obvious, and already being used by several major ISPs... opt-in for ALL email. I know a few people who do this (their server rejects email from all senders except those on an approved list) and it works very well for them, but the average Joe wants both convenience AND security for their email, so the hassle of having to "approve" folks is not worth it (apparently it's easier to weed the 30 or 40 legit emails out of the 100's of spam messages)
Face it, email, in its current incarnation, is inherently flawed. Until we actually change the way we implement and use email (perhaps even changing protocols) we will continue to have spam problems. Even Britain's "opt-in" version of anti-spam legislation has done little to curb the problem. The US "opt-out" version is even worse! When a prominent spammer is quoted as saying this 'anti'-spam legislation "makes my day", you KNOW it's a bad law!
I think that the problem needs to be tackled from a technical standpoint, rather than a legal one. If we were able to improve the system, legislation like this wouldn't be necessary!
Hell, I'll work as a bounty hunter for free, as long as I get to bash the spammer in the head... That's my "payment" for my "work".
The federal law is general - you can't escape it across the state borders?
The owls are not what they seem
Yes, this is a great law. Even if spammers follow the law, you'd have to opt-out for every
"company" spams you.
That is going to work great. Put this one right up there with the Medicare Bill on the list of "2003 Who Cares If It Doesn't Work, We Passed It" legislation.
Its a step in the right direction, but isn't what you think it is.
Its a law that forces soliciters to acknowledge who they are (nothing really big), but the one kicker is to enforce that if you opt out, the spammer actually opts you out.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
From the FTC article:
The bounty-hunter idea was promoted this year primarily by Rep. Zoe Lofgren, D-Calif., and Sen. Jon Corzine, D-N.J., who called upon Congress to allow individuals who identify and help locate spammers to receive at least 20 percent of any fines collected.
I hereby stake my claim to the 20 percent bounty on one Flo Fox , of Slidell, LA. Hands off!Tubal-Cain smokes the white owl.
Somebody please compress the text of law
i ca ATTHEFIRSTSESSIONBegunandheldattheCityofWashington onTuesday,theseventhdayofJanuary,twothousandandthr eeAnActToregulateinterstatecommercebyimposinglimit ationsandpenaltiesonthetransmissionofunsolicitedco mmercialelectronicmailviatheInternet.Beitenactedby theSenateandHouseofRepresentativesoftheUnitedState sofAmericainCongressassembled,SECTION1.SHORTTITLE. ThisActmaybecitedasthe`ControllingtheAssaultofNon- SolicitedPornographyandMarketi.....
It's not very efficient, but here goes:
OneHundredEighthCongressoftheUnitedStatesofAmer
(oh, like somebody ELSE wasn't going to do that?)
I have to wonder if some spammers are already backing off in anticipation of this or if hotmail did something about spam. I went from about 200/day to about 4/day as of about 3 days ago. I thought my account was messed up and had to email myself to see if it was working.
Wouldn't it be great if that was a preview of things to come if this bill works? Yeah it's not exactly what we wanted but it does restrict them quite a bit and opens them up for legal repercussions for spam-blasting pron to teenagers. Things won't be as easy as harvesting addresses & blasting users with crap. I personally like it. If they don't have working unsubscribe mechanisms, forge headers, relay off of unsuspecting users, etc they can be prosecuted.
Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
This seems like another useless law around here. As others have pointed out, off-shore spam won't change a bit from this. Also, this won't affect the most annoying spam I get, the junk email from companies that I have an account with. No matter how many times I check my privacy preferences they send me email about how I can pay my bill online.
Technology could have solved this problem a better way. But leave it to the federal gov't to reign over another portion of our lives.
-t
http://unmoldable.com W:"No one of consequence" I:"I must know" W:"Get used to disappointment"
For those looking, the section on bounties is on page 19 of the pdf file: Improving Enforcement by Providing Rewards etc
It basically says that within 9 months of the enactment of the act, the commission is to set forth a system for rewarding those who supply information about violators; the first person who supplies the required information is to recieve a reward of not less than 20% of the total civil penalty collected.
I only scanned the file and I'm not sure how large the fines are expect to be; it does say that all property traceable to illegal spamming proceeds and all equipment used for such is forfiet.
Twenties Retirement
No Child Left Behind
Healthy Forests
Patriot Act
Doublethink doubleplusgood!
As long as the term dead or alive is included, I want in!
I'm an American. I love this country and the freedoms that we used to have.
(2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,
(3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,
It prohibits Fake headers and abusing relays and proxies. Granted, this will only start the use of throw away email addresses that are used once for sending the 20 billion pieces of spam.
People are complaining that it's pro-spam... I see that it is a start in the right direction. 99% of the spam I get is from outside the US anyways so I expect that it will not do much to change the amount of spam out there and in that note, if mister spammer moves his spamming operation outside the country then this law has no teeth.
Do not look at laser with remaining good eye.
After the war on drugs, the wars on poverty, the war on terror... no the war on spam?
You cannot legislate away structural problems. Spam is the direct consequence of having an unprotected communications ecosystem. Communications represent a resource and spammers exploit weaknesses in protocols, interfaces, and operating systems to steal this resource from others.
This law will simply harden the existing bonds between spammers, criminals, and virus writers. Expect the fight to escalate, and your inbox to get fuller of junk.
Legislating against spammers will simply mean that spamming will become a criminal activity. Since some of the largest and most profitable and fastest growing businesses in the world are criminal (drugs, weapons, slavery, stolen antiques & art), what government can be so naive as to hope that this can succeed?
There is only one answer and I've bored Slashdotters with this often enough. Understand that the Internet acts like an organic ecosystem, where parasites evolve according to basic and unalterable rules that govern all ecosystems, natural or artificial. Understand that there are also ways to combat such parasites, based on variation, mutation, and recombination. Explore and develop these techniques.
Ceci n'est pas une signature
"It is hard to locate spammers, and it'd be very hard without subpoena power,".
And once you do find one (with or without the help of bounty hunters), what then? Im sure law enforcement will really care. Maybe the politicians will push for an example or two, but this will have no real impact.
Meet the new sig, same as the old sig
But most of us are just sick of getting 500 "PAR1S H1LTON S*X TAPE!!!!!" emails every day. And I'm particularly sick of the assholes forging my domain in headers, further flooding my inbox and prompting mailbombs and death threats from the aforementioned righteous and holy. If a measure bans domain forging and creates a national Do Not Spam list, I can more than live with the occasional opt-out mail from E-Bay. Sorry.
What I'm listening to now on Pandora...
The problem with "opt-out" is two-fold:
If the law mandated that opt-out must be implemented by use of a web link (e.g. "This message was addressed to john.doe@mail.us, click the link below and you will be removed immediately"), that would be a little better. None of this detracts from the overriding issue, and that is by requiring opt-out instead of opt-in (either double opt-in or a verification link) this law essentialy legalizes, indeed encourages, spam.
How can anyone complain about and Anti-SPAM law?
How could anyone complain about my new (patented) Hugs And Kisses greeting? Of course, its actually punching you in the face and dropping a brick on your foot, buts its called "hugs and kisses", so how could anyone complain about that?
You can't take the sky from me...
Three things strike me about this law:
1. After reading the text, it does not include the word "bulk" in any context for spam, which basically means that any single person email to another person (even if sent in good faith) could be applicable to the law if the receiver deems it "spam." I think that is a mistake.
2. It limits statutory damages for civil violations. This is ridiculous, is it really necessary to protect the spammers, basically the most hated group of people within the net?.
3. It still allows "spam" email from charities, religious organisations and government bodies. Now all I need is my penis enlargement emails coming to me from the church of large testicles. Seriously though, why is junk mail from churches or the even the government for that matter better than my daily breast enlargement emails?
Well, at least no spammer would ever ruin their great brand recognition and close down shop only to open up again under a new name every couple weeks...
You can't take the sky from me...
So for any spam that has a forged header or a misleading subject, California's new law, with the $1000 per spam penalty, will still apply. California allows private suits in small claims court by any party. So you can haul the bozos into court. Maybe even across state lines.
A year or two from now, we'll be rid of the chickenboners, but we'll be getting even more spam from "legitimate businesses".
Here's my version: The Direct Marketing Association drafted an anti-spam law to protect US from THEM.
We're screwed.
"How do you expect me to see the forest with all these damn trees in the way?!"
Are there enough spammers in the United States to make it worth the bounty?
:)
Not for long -- anti-spam bounties will drive the remaining US spammers offshore.
Maybe we should just keep the vile stuff here at home. I think Lyndon Baines Johnson put it well when he said "Better to have the skunk inside the tent pissing out, than outside pissing in."
But seriously -- no US bounty is going to affect non-US spammers. And if the bounty does actually hit US spammers where they live, expect international spammers to pick up the slack.
"Abandon hope, all ye who enter here."
-kgj
-kgj
The weak Federal law was specifically advanced/signed to supercede and eliminate the tough state laws. The spam industry (and those who benefit from them) feared aggresive state level prosecutions (think what Eliot Spitzer could do to them). They got a "law" that says it is doing something, doesn't actually stop anything, and protects them from everyone who might try to stop them legally.
People complain about the bill because, due to the way it is written, it is likely to actually increase spam as people reply to spams believing they'll actually be removed.
:-p
And the parent is NOT flamebait
It's a valid question.
Twenties Retirement
In SOVIET RUSSIA (Score:1, Funny)
All your e-mail belong to government.
-----
Good God man! I pity the man who modded you as funny!
1. Use cliched Slashdot joke
2. Mess up formatting
3. ???
4. Profit!!
There are two ways to interpret your attempt. You could have been going for a Soviet Russia joke, which could have been better worded as "In SOVIET RUSSIA, spam law makes YOU!"
Or you could have been going for the all your base parody which could have been worded as "All your email are belong to U.S.!"
In either case, respectfully, YOU FAIL IT.
(Anyone with karma to burn want to count how many cliches I've used?)
You're right, I wouldn't steal a car. But if it were possible, I sure as hell would download one!
The marijuana issue you raise is a horse of a different color - and is, strictly speaking, an issue caused by being the subject of two sovereign powers, (so-called "dual sovereignty") the state and federal government. Technically speaking, the Feds can prosecute one for many crimes which are usually handled by the States, but simply don't. U.S. Attorneys save their resources for true "federal cases" or for areas in which they have exclusive jurisdiction (i.e., interstate trafficking of some kind (usually drugs, money, or kiddie porn), crimes committed on federal property, or crimes directed at a federal-regulated activity (like insider trading), and so forth.)
An example would be a hypothetical ex-nfl running back who is acquitted (or even convicted) of murder by a state jury who is then indicted and tried under an equivalent offense under the United States Code by the local U.S. Attorney. The first case is "State v. Running Back" the second case would be "United States v. Running Back." It's rather rare for both sovereigns to prosecute for the same crime, but it happens to the truly deserving, I believe most recently to one of the OKC bombing geniuses. More often, the decision between a State and Federal prosecution in a high-profile cases is based upon the availability of certain punishments, like the death penalty which is not available in all states, or may be available if the prosecution takes place under Federal, rather than State law.
Bush Lies On the Record.
Technology could have solved this problem a better way. But leave it to the federal gov't to reign over another portion of our lives.
BULLSHIT, BULLSHIT, BULLSHIT! I've been listening to this anti-government crap for the past 5+ years in the discussions of spam. If technology has had the ability to solve this problem, then just when the hell was it going to happen? Are you waiting for Moses to come down from the mountain with a stone tablet proclaiming that it's time for you to deploy your technological solution? Spam has been increasing at an alarming rate and, with the exception of a tiny percentage of technically savvy users, most people have no technical solution to the problem. This law doesn't prevent you from rolling out the technical solution that you've been witholding for the past few years. Go ahead. Let me know when you've gotten every ISP, business, and individual running a mail server to adopt your heretofore secret spam solution.
It's like suggesting that we abolish laws against rape by reasoning that technology can solve that problem using chastity belts, mace, pepper spray, stun guns, and whistles.
If something is unethical and harms innocent people, then it should be illegal. The problem with the federal law is that it doesn't do nearly enough. But I'd rather that they outlaw some spam than make it all legal. Having a legitimate return address to clog with complaints is worth something to me.
Do you want the US business reputation to sink to that of Nigeria?
/. much. With SCO, Microsoft, Halliburton and others the question should be, "Don't you wish the US business reputation could rise to the level of Nigeria?"
Uh...apparently you don't read
I believe you've confused "April 1st" with "December 25th".
CAUCE's response to the law can be read here.
A copy of the final version of the law can be found here.
According to CAUCE, the law was passed without any public hearings. What a shame.
It's funny, many of those authoring "cyber" legeslation, never seem to understand the scope or technology behind the problems they attempt to solve. For example, what stops me from setting up a machine in Ethiopia and sending my important msg about erectile dysfunction, and my new miracle cream to millions of US addresses? What stops me from plucking any number of wide open .hk hosts of the network and using them to send out my spam?
This "Anti-Spam" law is merely an attempt to appease he voting public, and show that our government is "doing something about the problem".
The best way to get rid of spam is to target the companies using it as a means of advertising.
Online money transactions have the longest paper trail and validation setup of any other consumer service online. If they're capable of receiving payments online, they're capable of being tracked down.
The fix... OK.
:) (but not geeks, oh no!)
Being a product of my time, my proposal is simply a mix of what I already see and know. Presumably what will actually happen is going to be totally different.
But here goes anyhow:
- First, treat viruses and worms and trojans as natural phenomena rather than the consequence of directed human activity. Assume that there will always be a new, smarter, more capable virus able to get around whatever locks we put into place.
- Second, assume that all data passing into a computer system is suspect, and must be discarded unless it can be accepted. Apply this paranoia at all levels from individual packets up to the contents of web forms.
- Third, use the techniques of genetic programming to evolve filters that work at each of these levels. Allow them to evolve rules for identifying valid and invalid data, and run them on live data mirrored from many places on the Internet. Use honeypot systems to attract parasitical software, and integrity checks to see how well filters perform, and to cull those that do worst.
In the final goal, every computer has a slightly different set of filters, inherited from other computers, recombined and improved over time.
Not just more variation in the landscape, but total variation, to the point where viruses will have to actively work to crack each individual computer (for this is the logical next step: if defences are built using the techniques of evolution, so will the parasites).
Using a biological model lets me predict some more effects:
- filters that find ways to co-opt parasitical software into the defense system
- computers having sex
- plagues
Ceci n'est pas une signature
I'd love to be contacted by strangers, depending on the distributed reputation of the person or machine contacting me.
If "James T. Kirk" sends me a message, and the fringes of my weighted Six Degrees of Separation net have never seen him before (newly generated cert for spam), or have seen him but say that he's a spammer (or maybe just an asshole in general), then I'll just ignore him.
If "Juicy Jane" sends me a message, and a few friends of friends trust her, even just a little bit, I'll give her the time of day.
--
Power to the Peaceful
I've always been leary about OPT-OUT options on shady spam emails. On more "legitimate" advertisement spams, like maybe concert updates from a venue I bought tickets from, there is always a tag-line at the bottom that gives instructions for how to be removed from the list. I trust this to a degree and believe that it will get my email taken off of the list.
:) ). Another thing I've always thought of is that if I send a message to be removed from their list then all I'm doing is confirming that my email address is valid and currently in use. Sure I may get removed from that one list, but now my email address has been confirmed as active and can be put on a whole crop of new spam lists. I don't have any proof that this is what happens, but in my paranoid mind it makes alot of sense.
When I get spam for "make your penis bigger and keep it up all weekend", I wouldn't trust any link they put in their email anyways. For one it could be a link to a site that might try to hijack my browser or do something else nasty (although that wouldn't happen because we all keep current on our patches and use less vulnerable browsers like Mozilla
Yes, that's why it's called the Can Spam Act. Perhaps someday it will be replaced with a Cannot Spam Act.
For a quarantine system to actually improve the spam problem, you need some way of allowing legitimate email to get through without you having to check the list. In the case of C/R only people with legitimate email addresses who respond to your challenge get out of quarantine. Since 99.9% of spam uses fake addresses, C/R is incredibly effective.
Personally, I think that we need two additional things in order to start having effective spam prevention and enforcement:
- A socially accepted introduction mechanism which allows us to introduce ourselves to each other only if we have real, working email addresses. (C/R is one way to do this.)
- A legal framework for enforcing spam restrictions on anyone who continues to spam even though they have a real, working email address.
I like C/R. I think it's a good idea. I wish that everyone would get accustomed to it. Then everyone (including businesses) would be able to use it. Right now businesses don't like telling their customers that their email hasn't gotten through yet. That's a good way to lose a customer. But if everyone knew that this was the way that we had to operate, then even businesses could implement it. If everyone did this, then the cost of spamming would dramatically increase because every spammer would have to have a working email address. And if they had a working email address, then they'd have to deal with the bandwidth to handle all of the challenges (and bounces).But even then I think that spammers will continue to spam even from working email addresses. Which is where I think a legal framework comes in. If everyone uses C/R, and everyone has to have a real working email address in order to get through, then everyone who spams is trackable and enforcement can have some meaning.
$.02
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
No no no! You're only supposed to talk about states' rights when a Democrat is in office! Only traitors and terrorist-sympathizers would disagree.
[o]_O
Actually, don't bother, I can tell that your definition would almost certainly suck.
I don't know about his definition of it, but mine is pretty good. I've gotten my last three jobs because of email from people I didn't know. Former co-workers had referred me...co-workers whose current addresses I don't know. If email were opt-in, I'd probably still be fixing printers for $8 an hour.
And let's not forget this one: you email help@somecompany.com and get a personal response from JoeTheThirdLevelTech@somecompany.com. Guess what? Your email server bounces it. No help for you, opt-in boy!
Webslum, and hundreds of other businesses, rely on email as its sole infallible point of contact between customers, potential customers, and the supply chain. There's no way we'd survive opt-in only. We'd have to use a new method of contact that was wide open, like IM...and then the spammers would just use that!
And lastly: your girlfriend visits her uncle's house, and can't get her email working. She misses you, and sends a message from his account. You don't respond, so she sends another. Now she's pissed. Your smug opt-in ass has no way to reach her.
Opt-in only is the most retarded idea I've ever heard for the problem of spam aside from the email tax (buhahahahaha). It's throwing out the baby, the bathwater, and a whole bunch of other shit to solve a comparably minor problem.
Hey freaks: now you're ju