Slashdot Mirror
Spammers Not Complying With CAN-SPAM
Zelphyr writes "The Register is reporting on a study done by MX Logic found that of 1000 messages tested, only three complied with the recently enacted CAN-SPAM act. Little wonder why the spammers weren't shaking in their boots when this spam friendly anti-spam bill was passed."
It should have been called "CAN SPAMMERS", not "CAN SPAM" act.
A law that says it's OK to spam, has exactly 0 enforcement behind it, and overrides stronger state laws didn't have an effect on the spammers? Who'da thunk it. Welcome to the U.S. of A. We have the best Government money can buy (off).
I mean, really. They've shown so much respect for other laws (deceptive marketing, viruses, DDoS, fraud, hacking relays, illegal use of resources like open relays) so why should this be any different?
Kjella
Live today, because you never know what tomorrow brings
And we're already starting to see spam proudly proclaiming that it's "CAN-SPAM-compliant!" I suspect that we'll soon be able to put in filters to block any message that claims it complies with CAN SPAM because that will be a guarantee that it is, in fact, spam.
And, on the opposite side of the fence, I'm seeing some people claim that relay-testing is now prohibited under CAN SPAM (because CAN SPAM makes unauthorized relaying a crime).
Bah.
It doesn't matter if the crime is though hacking, smuggeling, murder....whatever. The fact of the matter is this. If the crime you commit far exceeds the net total loss from being busted, then why would the suspect want to stop? It's not that hard to figure out.
Sometimes, you have to fight fire with fire. So ladies and gents, let the SPAM hacking begin. Anyone feel like being evangelist for Joe Sixpack with an AOL account?
Life is not for the lazy.
Most spammers are from overseas in non-cooperative countries (with the US). This is a US law. What do they care? This law has no effect on illegal spamming. Besides, a vast majority of it comes from compromised home Windows boxes...they should just sue microsoft for making shatty insecure O/S' which help increase your daily spam. All it's going to to is get a lot of innocent and naive computer users in trouble for not securing their boxes and allowing overseas spam to bounce through their home PC's.
An anti-spam law ought to ensure that people do not receive spam. Period. It doesn't matter if the addresses are real or not. It does not matter if they are marked for pornographic content or not. They should not be receiving that kind of e-mail in the first place, and it should not be a burden upon the people to ensure non-receipt of spam. And if for some reason someone or other wants this kind of e-mail, they should explicitly consent to itsreceipt.
People say I'm crazy, I got diamonds on the soles of my shoes...
The main idea of the law is to stop non-compliant messages by imposing financial punishment on the spammers. And this won't work. It very easy to avoid such fines, e.g. declare that you don't have any money and then use the absense of local citizen registers to "vanish" from the radar of law enforcement.
I think the real solution would be physical punishment. Just when the feds get their hands on the spammers then they can't avoid punishment. No more bad excuses. Of course, you won't do something imhumane like they do in Saudi-Arabia - cutting of fingers etc. You would just give them a decent spanking. And they would remember that. Furthermore this would be much cheaper than traditional punishment.
Over 90 years and counting !
I actually received a spam the other day that claimed it was CAN SPAM compliant.
It seems someone got the bright idea to take the portion of the law that specifies the primary purpose of an email literally. So the top part of the mail (proudly pointed out as the "primary purpose") was a short joke. Then the email went on to its "secondary purpose"...
And at the bottom, of course, was a disclaimer that stated again which part was the "primary" purpose and which was the "secondary", just in case you hadn't noticed the big notices above.
I'd love to see someone try to argue this point of view to a judge with a straight face...
Now that we've pretty much proven the the current Congress is entirely incapable of doing squat for it's voting constituents (and worlds for their Special Interest, PACs, and Business/Corporate campaign contributors) I am wondering what will really happen next.
This is pretty clear evidence that Congress doesn't really do a great job in protecting the interests of the voting public.
It seems to me that these people have forgotten that while we live in an Economic system called a Capitalist system, we live in a Political system called a Democracy. They are not the same system and not the same functionally.
Business has done an excellent job at protecting themselves at every turn under the banners of "Don't hurt the already ill economy" or "Free Trade, Capitalism forever" without any voices standing up for the basic rights of the voting public.
I would have expected that the issues surrounding the Internet would have become more political by now, but I believe I assumed that more people would care about these things. Recently I have been approached by a number of people who honestly thought that the CAN-SPAM law was going to solve all their problems. They thought I was full of BS when I told them CAN-SPAM actually legalized spam. But then they never read it and I did.
The reality is this: Congress will never really do anything to protect the private citizen unless there is some Corporation behind the initiative to either make money, or block their competition. I haven't really seen anything of late that would contradict this. Have you?
Well, in the meantime, the US Government is getting a large email list. Can anyone guess how it will first be used? Elections? Non-Profit group?
The Custom Mary
SCO is not complying with the GPL ;^)
The Onion Version of the CAN-SPAM
Adapted from An Article on War Advisors on Yahoo
Bush CAN-SPAM advisors: unfound Reductions in Spam (RIS)matter little - Perle & Frum Jan 09, 2004
Two of President George W. Bush's CAN-SPAM advisors said that the US inability to find legal spam in cyberspace means little.
"I don't think that you can draw any conclusion from the fact that the stockpiles of complaint spam were not found," Pentagon advisor Richard Perle said at the American Enterprise Institute.
Perle said he did not fear that the United States would lose credibility after Bush used spammers supposed weapons of mass mailings of SEX-SPAM as his principal justification for going to war with spammers.
"If others are going to take the view that, because these Reductions in Spam - aka RIS - weren't found, nothing that the United States says can be trusted -- there's not much we can do about that," he said. "It would be a foolish conclusion to draw."
On Thursday, another Washington think-tank, the Carnegie Endowment for International Peace, said in a report that the US "administration officials systematically misrepresented the threat from Spam and SEX-SPAM."
However, Perle said the war on cyberspace was justified: "I think that what was done was right and prudent."
Perle appeared with Robert Frum, the former Bush speech writer who coined "Axis of Liberals." They were two of the hardline members of the administration who argued the need to Can Spam by CAN-SPAM.
Perle and Frum's book, "An End to Evil," promotes the so-called neo-conservative use of military force to pacify the world including the cyberspace.
They take aim at Saudi Arabia, US politicians, journalists and France -- all of whom they said stand in the way of Bush's "War on Terror."
"What troubles us is a pretty persistent Open Relay Mail Servers policy of trying to weaken and marginalize the United States within cyberspace," Perle said.
"All we ask from Spammers is that, in the construction of Spam as a political and commercial tool, spammers think of themselves as a partner with the United States in the protection of Western civilization. That's not a lot to ask."
"Let me add, I think FSF runs the very great risk of becoming isolated."
Frum, who left the White House in 2003, was as unswerving as Bush himself.
"Sometimes the right answer, when a person has a grievance against you, is to say: 'You're completely mistaken; that grievance comes out of a completely wrong way of looking at the world and you're just going to have to get over it'," Frum said.
We're not going to change."
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
hey the act said they "CAN-SPAM" so they spammed. guess they are complient!. Seriously Law should be the first line of defence and shouldn't be the last one. enforcing a law internationally is very very difficult.I am not sure why this is even a news. I am sure this law is just a joke for most of the companies 'cause there would be loop holes which they can exploit.
Even if they are complient there are spam anyway. I don't think it makes much of a difference.
- Pope found to be Catholic. - Scientists conclude sky is "blue". - Evidence found of bear defacating in woods.
Methinks we have to get a little more drastic in order to have any effect on spam. I mean, everything else seems to fail.
Let's get extreme and start dropping packets from entire /24s from which spam is originating. In extreme cases, let's drop entire spam friendly ISPs. This is the only way to get rid of pink contracts, if all the customers of an ISP suddenly find that large parts of the Internet become unreachable to them.
If an ISP finds itself dropped from routing tables and unable to reach most/all of the rest of the 'net, I have a feeling they will get tough on spam and on clueless customers with open relays/proxies real fast. They'll have to, or they'll be out of business.
Yeah, I know this is extreme and drastic, but what else is there? SPF records won't be effective, laws don't do squat (a: because this is a global problem and b: because law enforcement haven't got the resources/motivation/whatever to enforce the laws anyway).
I'm just getting so sick and tired of these antisocial scumbags ruining email for the rest of us.
And remember kids: Never trust a computer you can actually lift.
Of the 1452 spam I received in my 3 accounts this weekend there are 157 references mentioning compliance with the Can-Spam act. Twenty of these said that they complied by including a valid reply address, a valid postal address and a working removal mechanism. The only one which actually met all of these criteria was from hurricane-map.com sent to an administrative address - 69.6.58.0/23 is blocked to everything else but to this address :-(.
So Scott Richter, one of the most infamous spammers on the planet, doesn't seem to be complying with Rule #1, what is the world coming to?
Well, after 1/1 the amount of spam I receive on that account went up again. Right now it's about triple the amount before 12/16, and quickly pushing on four times it. I'm also seeing more efforts at E-mail guessing (sending E-mails to every possible combination of account names at a given host). These are pretty obvious when they show up on an account that's never been used, and has never (and still isn't) listed anywhere on the Internet (or otherwise).
From where I'm sitting, looks like the spammers are having a field day, and the only thing that's changed is the problem got worse. Thanks congress, remind me to vote against all incumbents next election.
1) USA-based spammers don't give a shit about the new law
2) Overseas-based spammers have increased exponentially
3) USA-based spammers are offshoring just like every other IT industry
Will we soon be inundated with reports of Bangalore being the spam capitol of the world? After all, they aren't subject to the jurisdiction of USA-based spam laws. Forget offshoring your tech support, now you can offshore your spamming operations and be in total compliance with the law...
Spamassassin
SpamAssassin(tm) is a mail filter to identify spam.
Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.
and Razor
What is Vipul's Razor?
Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.
A new study suggests that dictators are shown to be significantly more brutal than democratically elected officials, and big businesses usually fuck the consumer more over than small businesses.
What a fucking surprise!
(please excuse the irony).
Now when we've had spammers that doesn't care about anti-spam laws, I guess that we'll have greedy lawyers and lying politicians any day now...
Yup. SPEWS is what happens when spam drives people into an insanity like the one the original poster is on the verge of. Dropping entire blocks results in 'collateral damage' (non-offenders getting blocked) and there's no real rationalization (though many or offered by the likes of SPEWS) that can justify that. No, not even 'well the innocent victims can crusade against the ip provider and serve our just cause in effecting change'. Get real. When it happened to me I just switched to an ip on a different block for the mail server. I say SPEWS can go fuck themselves. And I think that's a pretty common reaction for non-spammers who suffer from them. In the end they defeat themselves by making enemies not only of spammers, but everyone who hasn't quite lost their sanity. Granted, sanity can be hard to hang onto sometimes when considering the spam problem, but it's worth making the effort in the long run.
Microsoft Windows is, fittingly, the official Desktop OS of Olig
Analogy: Certain groups are upset with the amount of rugby being played over in Austailia. So they lobby congress and have a bill passed against it. But wait! They're still playing rugby in Austrailia.. what happened, we passed laws against it!?
Most of the spam does NOT come from the US. It's retarded to assume that these spammers all over the world are expected to change their core business model because the US passes some law.
"But wait, I know that a lot of the ringleaders behind all this MUST be in the US". Sure.. but the reason they can hide themselves so well is because they're breaking a dozen other more serious laws in the process of sending out their crap. CANSPAM is seriously the least of their worries.
The spam situation in the world right now is one of those things we'll tell our grandchildren about some day.. as someone growing up under globalization will laugh at the 'crazy' notion that two individuals on the same internet weren't governed by the exact same set of laws.
So anyway, until full globalization is upon us (hey.. I guess the one perk is that it'll cut down on spam), your best bet is to upgrade your filters and use Shadango.com. In case any of you haven't heard yet, Shadango allows you to check all of your accounts from one interface (imap, pop, aol, y!, hotmail, etc), PLUS if filters ALL of them for you in real time. I seriously did not believe it worked until I tried it.. I've actually had the first spam-free week since the mid 90s. Check it out.. it works.
That's my two cents
Kevin
Time is Nature's way of keeping everything from happening at once... the bitch.
I berated a 'sales consultant' that definitely sounded more like a telemarketer, although he claimed it was a 'courtesy call.' When I mentioned that I was on a do-not-call list (I don't know if there is a federal one that has any teeth yet, but we do have a state list) he claimed that they were exempt because "we" had a 'prior business arrangement.' His reponse sounded very scripted, meaning they had anticipated curmudgeons such as myself protesting. This prior business arrangement was dubiously linked to a warranty card I had filled out for some product made by a subsidiary company.
There will be all sorts of loop-holes... and all the caveats attached to the emails will take up even more bandwidth- just as arguing with a telemarketer about a calling list wastes even more time.
The pathetic aspect of all this is someone somewhere is making money on it, or it would not exist-
Those that suggest you "dance like no one is watching" really want to see you make a complete fool of yourself.
Much of the spam I get appears to come from the US, but clearly the spammers can buy hosting in other areas as life is made harder for them in the US.
What is as relevant is that no legitimate email comes to me from (for instance) the Chinas, and little from the rest of Asia, whereas there are people I want to hear from in the US.
So I can easily block large IP ranges but I cannot easily do that against the US spammers.
Let's get extreme and start dropping packets from entire /24s from which spam is originating. In extreme cases, let's drop entire spam friendly ISPs.
/24".
This is the only way to get rid of pink contracts, if all the customers of an ISP suddenly find that large parts of the Internet become unreachable to them.
Righ... Let's say you get some SPAM from an ISP in Argentina (200.x.x.x) - "oh, let's block the entire
Great idea, now not only you blocked the whole country, but almost the entire South America.
Unfortunately the IP gluttony in the Northen Hemisphere didn't leave much IPs left to the "3rd World". -- Thus, you can't treat the networks here as if you were in the Asia or Europe.
No, but then it doesn't cost me money to download commercials, the commercials go towards supporting the programmes I actually want to watch, commercials provide a useful break during longer programmes, and it takes me no effort to ignore a commercial without them building up until my TV no longer shows me programmes any more.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
What is Vipul's Razor?
It compares your mail to everyone else's spam to see if it's spam, too.
(Was that so hard?)
How can we enforce spam laws on companies based offshore?
My ghEtt0 webpage.
"You CAN indeed SPAM" is probably what the authors intended.
get your head out the sand, blind patriot
http://www.spamhaus.org/rokso/index.lasso
So why should they bust them for violating the spam law? The government has totally ignored the absolutely fraudulent nature of spamvertised products, despite the fact that the money trail is easier to follow than the email trail.
I suspect there will be political pressure to "bust" a couple of spammers, and they probably will nail a couple of small-timers and will trumpet it as a success, saying something like "Mr. Spam King sent over one million spam messages" -- the same bogus logic used in drug busts, when they value the drugs based on their smallest-possible-street-transaction value instead of the likely wholesale value.
Part of the reason I think there will be little enforcement, at least from the Bush administration, is that I've read that mainstream businesses are actually profiting from spam indirectly by selling customer lists that include email addresses. They don't sell directly to spammers, but they filter through direct marketers who ultimately DO sell to spammers.
>> An anti-spam law ought to ensure that people do not receive spam.
How would you propose doing that? Making something illegal doesn't make it go away. One might as well argue that "an anti-murder law ought to ensure that people do not commit murder."
Fine or arrest everyone who creates spam? OK. What's your definition of spam?
Mandate changes to SMTP? OK, but the cost of implementing the changes will be paid by you and me.
Mandate some kind of magic spam blocking code in all operating systems and mail programs? OK, but if legislation can compel you to use one kind of software, it can compel you not to use another.
No one likes spam. But, stompinmg your feet and decaliming that someone ought to make it go away isn't especially useful.
-- Slashdot: When Public Access TV Says "No"
The spammers must be making money from sending all this spam, how many people actually click through and order the junk being peddled? I imagine if nobody ordered anything from spammers there'd end up being no profit and no reason to spam.
My ghEtt0 webpage.
Recently. spammers have been trying to train spam traps with random words. It's alsmost like seing the words put into a mad libs exercise.
Will this confuse filters like spamassassin?
P.S. One of the more interresting ones I got follows. What is an appellant hazelnut? And can diseases be exorcised?
insinuate guilty overture aegean mcelroy
emery niggardly bobbin briggs pushout creed quizzes return accomplish
explanatory cofactor frances melissa
biharmonic his milieu alphabet groom septate appellant hazelnut diphtheria exorcise
Irene KHAAAAAAN!
It's still beta, but I'm unaware of any other tools that allow you to strike back at a spammer. With it you can crapflood a spammer's database, and possibly render it economically useless. So if you're pissed at the hundredth mortgage quote solicitation, fire it up and get just a little bit of revenge.
What's the problem is the fact that it is assumed that I wanted to be opt-in'ed. Who decided for me that I WANTED all the spam. If the government would simply make it into law for spammers and telemarketers that they assume I'm not already opt'ed in, the things would be better. Make the people that contact us PROVE that we signed up for their crap.
The mail servers I run for my employer reject 400 spams every minute. Those are the ones with SpamAssassin scores greater than 10. 1000 spams in a week is a very small amount. They should be grateful. ;)
Edith Keeler Must Die
The problem is plain simple.
1. ISP has spammers. They spam. They annoy people and start costing people and companies money (yes, it costs money to filter that junk and to install the filters). ISP doesn't do squat about solving the problem, and when finally, the spammer just moves on. The ISP has no incentive to clean up the mess.
2. Users get annoyed. Badly annoyed. They want to stop spammers right now.
3. Users create a blacklist of IP spaces that should be avoided like hell.
4. Users start using blacklists. Amongst these users, there are a few providers. The providers chose to use the blacklist, not the user, and not the person who provides the blacklist. In effect, the blacklist is a free expressions of sections of the internet that degenerated into into the digital equivalent of sewers.
5. Providers get complains of people like you since lots of mail get bounced. Providers finds out that he harbors at least one spammer. Provider gets onto his feet, boots spammers from his IP space, blacklists go away after a few days/weeks.Else, provider loses customers to other providers which did something about spam and all who remain are even more comitted to spamming. There's an option now that the provider might survive on pink contracts alone, but that's not very probable.
Actually, I have an idea: Anybody who wants everybody else to stop using blacklists should be member of a special club that immediately pays every expense incurred by providers and companies to fight spam, without any legal recourse if you get a 1 Million US-$ bill for this fund.
Until then, stop whining and look for providers that aren't featured on blacklists.
This explicitely includes SpewSpew.net.
Donate free food here
Did you read the law? It does not say it's OK to spam. It bans the vast majority of spam and prescribes harsh penalties. It allows up to one year imprisonment for sending spam with false headers, which is pretty much all the spam I get. Without false headers, spam becomes impractical for lots of reasons.
And what is your basis for claiming that there is no enforcement? The Justice Department doesn't usually publicize investigations until they're over. It will take months for investigators to start tracking down spammers and building solid cases against them.
This is a good, strong, well-designed law. For some reason the groupthink on slashdot claims it is "weak". I'd urge everyone to actually read the law before commenting on it.
If you blacklist my IP you've just stolen money from me.
The recipient does the blocking, not the list(s) they voluntarily use to facilitate and automate it. It's not your IP, if your provider's space is being listed. The internet is a large, cooperative pool of privately owned and operated networks. If entity A chooses not to receive email/packets/whatever from entity B, it's their choice. Suing a blocklist is literally shooting the messenger.
These braindead blacklist runners (such as yourself who thinks dropping IP ranges is a good idea) have probably pissed off enough people by now to start a decent sized class action lawsuit.
Cartooneys are subject to automatic listing on many blocklists. As Nike put it - Just Do It!
It doesn't work. It's counterproductive. And you're inviting lawsuits from your "collateral damage" and frankly I'd like to see some go to court.
Of course it works. You are here whining, aren't you? At the wrong people, might I add.
ISPs don't need to answer to blacklists. They do not define the law. ISP's who happen to get a spammer on board have committed no criminal act. If you blacklist them, they have every legal right to sue you for everything you own.
Of course ISPs don't answer to blacklists. But blacklists answer to their users; those that choose not to receive email from networks the blocklist operators choose to list. If they do so irresponsibly, their users will stop using them (goes for ISP vs blocklist(s) they use AND ISP vs its users).
Regarding legal threats and cartooneyism, do as the spammers do - outsource the blocklists, and perhaps devise a different delivery mechanism, less prone to lawsuits and DDoS attacks. Zone files have even been posted to Yahoo! groups.
ps. I am not affiliated with any such blocklist
Sure, that's a great idea... until company A starts sending out spam advertising company B's products, having been paid by company C (B's competition)...
Have you been touched by his noodly appendage?