Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Not Complying With CAN-SPAM

Posted by timothy on from the shocked-shocked-i-tell-you dept.

Zelphyr writes "The Register is reporting on a study done by MX Logic found that of 1000 messages tested, only three complied with the recently enacted CAN-SPAM act. Little wonder why the spammers weren't shaking in their boots when this spam friendly anti-spam bill was passed."

17 of 296 comments (clear)

  1. What a fscking shock... by geminidomino · · Score: 5, Insightful

    A law that says it's OK to spam, has exactly 0 enforcement behind it, and overrides stronger state laws didn't have an effect on the spammers? Who'da thunk it. Welcome to the U.S. of A. We have the best Government money can buy (off).

    1. Re:What a fscking shock... by haxor.dk · · Score: 5, Insightful

      Don't attribute to conspiracy what can adequately be explained by stupidity.

      The US gov't doesn't hold its hand over the spammers - not intentionally anyways. They're just utterly ignorant about the extent of the SPAM problem. Hence the weak legislation that has been passed.

    2. Re:What a fscking shock... by Tehrasha · · Score: 5, Insightful

      What conspiracy? A conspiracy would imply that something was done behind closed doors, covertly away from the public eye. The DMA (Direct Marketing Association), remember those guys, the ones who opposed the junk-fax ban and Do-Not-Call list? They supported the senators who wrote the freaking bill!! There was no conspiracy. Fox/Henhouse.

  2. Anyone surprised? by Kjella · · Score: 5, Insightful

    I mean, really. They've shown so much respect for other laws (deceptive marketing, viruses, DDoS, fraud, hacking relays, illegal use of resources like open relays) so why should this be any different?

    Kjella

    --
    Live today, because you never know what tomorrow brings
  3. Crime pays by DigiShaman · · Score: 5, Interesting

    It doesn't matter if the crime is though hacking, smuggeling, murder....whatever. The fact of the matter is this. If the crime you commit far exceeds the net total loss from being busted, then why would the suspect want to stop? It's not that hard to figure out.

    Sometimes, you have to fight fire with fire. So ladies and gents, let the SPAM hacking begin. Anyone feel like being evangelist for Joe Sixpack with an AOL account?

    --
    Life is not for the lazy.
  4. Why even bother? by tuxette · · Score: 5, Insightful
    What's the point of having this anti-spam law in the US anyways? The real point I mean. Is it an attempt to make American citizens or the people of the world think that the US is tough on spam or something? I mean all that stuff about real address and markers for porn are nice and all, but without the rule of opt-in, you may as well not bother having an anti-spam law at all.

    An anti-spam law ought to ensure that people do not receive spam. Period. It doesn't matter if the addresses are real or not. It does not matter if they are marked for pornographic content or not. They should not be receiving that kind of e-mail in the first place, and it should not be a burden upon the people to ensure non-receipt of spam. And if for some reason someone or other wants this kind of e-mail, they should explicitly consent to itsreceipt.

    --
    People say I'm crazy, I got diamonds on the soles of my shoes...
    1. Re:Why even bother? by pjrc · · Score: 5, Insightful
      An anti-spam law ought to ensure that people do not receive spam. Period.

      No. Not period. Saddly, life just isn't that simple. In fact, there isn't even a precise, widely accepted definition of exactly what is and is not "spam".

      The precise definition problem is not with obvious ads for viagra, get rich quick scams, debt consolidation and mortgages, porn, and so on. It's with the fringe cases. Defining "spam" precisely enough that a ban could be meaningful is a giant problem. It's a problem most of the anti-spam community has recognized for quite some time.

      It's easy to be an armchair politician and declare "all spam should be illegal, period".... but what exactly is you definition of spam that will be banned? Something more precise that "I know it when I see it"?

      Anyone who administers mail lists, for example, will be able to tell you that even benign non-commercial lists regularily get complaints about being "spam". Many would call those end users "clueless", in that they signed up for announcement or to participate in the list (often with a double-confirm process), but later forget they had ever expressed an interest and accuse the mail list operator of spamming them.

      It does not matter if they are marked for pornographic content or not.

      Yes, it does. At least that's what the research has said. Perhaps you missed the article months ago, where researches surveyed how spam impacts real people, and found that the overwhelmingly strongest frustration with spam is the inability to filter porn spam.

      It doesn't matter if the addresses are real or not.

      Yes, it does matter.

      It's also a lot easier to define and verify whether message header and envelope information (used by SMTP) are a legitimate, good-faith representation of who transmitted the message, than it is to define whether the content of the message is "spam".

      .

      However, your message does make the very good point than an opt-in standard is the only real, long term solution. Saddly, it looks like there is not enough political support for a true opt-in standard in US law (like we currently have for faxes).

      Maybe the failure of this CAN-SPAM law will prompt opt-in? But I would expect first a modification that adds some real enforcement and penalties for forged headers/envelope and mis-labeled porn.... which are both easy to prove and will provide at least some relief.

      --
      PJRC: Electronic Projects, 8051 Microcontroller Tools
  5. "compliant" spam... by Doppleganger · · Score: 5, Interesting

    I actually received a spam the other day that claimed it was CAN SPAM compliant.

    It seems someone got the bright idea to take the portion of the law that specifies the primary purpose of an email literally. So the top part of the mail (proudly pointed out as the "primary purpose") was a short joke. Then the email went on to its "secondary purpose"...

    And at the bottom, of course, was a disclaimer that stated again which part was the "primary" purpose and which was the "secondary", just in case you hadn't noticed the big notices above.

    I'd love to see someone try to argue this point of view to a judge with a straight face...

  6. Re:Duh! by GammaTau · · Score: 5, Informative

    Most spammers are from overseas in non-cooperative countries (with the US).

    There is evidence to the contrary.

  7. And now what? by tacocat · · Score: 5, Insightful

    Now that we've pretty much proven the the current Congress is entirely incapable of doing squat for it's voting constituents (and worlds for their Special Interest, PACs, and Business/Corporate campaign contributors) I am wondering what will really happen next.

    This is pretty clear evidence that Congress doesn't really do a great job in protecting the interests of the voting public.

    It seems to me that these people have forgotten that while we live in an Economic system called a Capitalist system, we live in a Political system called a Democracy. They are not the same system and not the same functionally.

    Business has done an excellent job at protecting themselves at every turn under the banners of "Don't hurt the already ill economy" or "Free Trade, Capitalism forever" without any voices standing up for the basic rights of the voting public.

    I would have expected that the issues surrounding the Internet would have become more political by now, but I believe I assumed that more people would care about these things. Recently I have been approached by a number of people who honestly thought that the CAN-SPAM law was going to solve all their problems. They thought I was full of BS when I told them CAN-SPAM actually legalized spam. But then they never read it and I did.

    The reality is this: Congress will never really do anything to protect the private citizen unless there is some Corporation behind the initiative to either make money, or block their competition. I haven't really seen anything of late that would contradict this. Have you?

  8. In Other News... by thrills33ker · · Score: 5, Funny

    - Pope found to be Catholic. - Scientists conclude sky is "blue". - Evidence found of bear defacating in woods.

  9. Internet Death Penalty by Graabein · · Score: 5, Interesting
    Anyone remember the USENET Death Penalty?

    Methinks we have to get a little more drastic in order to have any effect on spam. I mean, everything else seems to fail.

    Let's get extreme and start dropping packets from entire /24s from which spam is originating. In extreme cases, let's drop entire spam friendly ISPs. This is the only way to get rid of pink contracts, if all the customers of an ISP suddenly find that large parts of the Internet become unreachable to them.

    If an ISP finds itself dropped from routing tables and unable to reach most/all of the rest of the 'net, I have a feeling they will get tough on spam and on clueless customers with open relays/proxies real fast. They'll have to, or they'll be out of business.

    Yeah, I know this is extreme and drastic, but what else is there? SPF records won't be effective, laws don't do squat (a: because this is a global problem and b: because law enforcement haven't got the resources/motivation/whatever to enforce the laws anyway).

    I'm just getting so sick and tired of these antisocial scumbags ruining email for the rest of us.

    --
    And remember kids: Never trust a computer you can actually lift.
    1. Re:Internet Death Penalty by xlsior · · Score: 5, Interesting

      Let's get extreme and start dropping packets from entire /24s from which spam is originating

      Nice... Except you need to be *very* cautious about which /24's you're willing to drop, because part of the problem of spam these days is that is originates everywhere.Zombies, free trial accounts, hit-and-run dialup spammers, open relays, etc. Spam is something that affects every ISP these days, to greater or lesser extend.

      As soon as you start blocking AOL and Earthlink's IP blocks because of the high volume of spam you get from them, you will also lose customers by the droves because all of a sudden they can't receive mail from their grandma anymore.

      Don't get me wrong, I'm all for spam filtering, as well as hitting the spammers themselves where it hurts, but 'extreme blocking' will hurt you and your own customers more than it will hurt the spammer.

      Most spammers won't even see the rejections caused by your networks, since some other poor guy will be on the receiving end of all their bounces, and they truly won't care.

      I personally use SpamBayes (Free, open source) for my spam filtering, which does an unbelievably good job of detecting spam, with no false positives so far. Written in Python, runs on Windows as well as Linux. http://spambayes.sourceforge.net

  10. Re:Obvious flaw by Anonymous Coward · · Score: 5, Insightful

    No, it's an accurate description of the law. It means you CAN SPAM.

  11. No kidding, violation logs from today... by Anonymous Coward · · Score: 5, Informative
    As I understand it, CAN-SPAM makes it illegal to use open proxies to relay messages. We run a proxy scanner on every email that comes into our server, through an exim pipe. Any sending host which is an open proxy on a common port is reported to us via IRC. The following IRC log can be explained one of three ways:
    [01:02] <SpamBot> SpamTrap found a proxy! 82.138.193.50 (host1.greenwichtraining.adsl.telecomplete.net)
    [ 01:05] <SpamBot> SpamTrap found a proxy! 200.95.36.167 (dsl-200-95-36-167.prod-infinitum.com.mx)
    [01:08] <SpamBot> SpamTrap found a proxy! 200.45.247.170 (host247170.arnet.net.ar)
    [01:41] <SpamBot> SpamTrap found a proxy! 200.90.212.26 (26-212-90.adsl.terra.cl)
    [01:41] <SpamBot> SpamTrap found a proxy! 200.95.74.41 (dsl-200-95-74-41.prod-infinitum.com.mx)
    [01:59] <SpamBot> SpamTrap found a proxy! 218.75.131.4 (218.75.131.4)
    [02:10] <SpamBot> SpamTrap found a proxy! 194.2.149.201 (194.2.149.201)
    [02:18] <SpamBot> SpamTrap found a proxy! 61.233.205.110 (61.233.205.110)
    [02:29] <SpamBot> SpamTrap found a proxy! 200.84.79.92 (dC8544F5C.dslam-03-24-3-02-01-01.rmg.dsl.cantv.ne t)
    [02:37] <SpamBot> SpamTrap found a proxy! 81.134.29.16 (host81-134-29-16.in-addr.btopenworld.com)
    [02:55 ] <SpamBot> SpamTrap found a proxy! 200.43.19.71 (dsl-200-43-19-71.users.telpin.com.ar)
    [02:57] <SpamBot> SpamTrap found a proxy! 200.225.210.173 (iplus-ura-225-210-173.xdsl-fixo.ctbcnetsuper.com. br)
    [03:07] <SpamBot> SpamTrap found a proxy! 200.42.43.63 (200-42-43-63.dsl.prima.net.ar)
    [03:27] <SpamBot> SpamTrap found a proxy! 62.236.142.192 (62-236-142-192.hpna.wlannet.com)
    [04:50] <SpamBot> SpamTrap found a proxy! 81.225.52.204 (h204n5c1o1044.bredband.skanova.com)
    [Note: rogue spaces in the timestamps were inserted by Slashdot.]

    1) USA-based spammers don't give a shit about the new law

    2) Overseas-based spammers have increased exponentially

    3) USA-based spammers are offshoring just like every other IT industry

    Will we soon be inundated with reports of Bangalore being the spam capitol of the world? After all, they aren't subject to the jurisdiction of USA-based spam laws. Forget offshoring your tech support, now you can offshore your spamming operations and be in total compliance with the law...
  12. Re:No, you got it all wrong... by fjin · · Score: 5, Informative
    You haven't heard before about:

    Spamassassin
    SpamAssassin(tm) is a mail filter to identify spam.
    Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.

    and Razor
    What is Vipul's Razor?
    Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

  13. Silly Fools.... by Gorillaka · · Score: 5, Insightful

    Analogy: Certain groups are upset with the amount of rugby being played over in Austailia. So they lobby congress and have a bill passed against it. But wait! They're still playing rugby in Austrailia.. what happened, we passed laws against it!?

    Most of the spam does NOT come from the US. It's retarded to assume that these spammers all over the world are expected to change their core business model because the US passes some law.

    "But wait, I know that a lot of the ringleaders behind all this MUST be in the US". Sure.. but the reason they can hide themselves so well is because they're breaking a dozen other more serious laws in the process of sending out their crap. CANSPAM is seriously the least of their worries.

    The spam situation in the world right now is one of those things we'll tell our grandchildren about some day.. as someone growing up under globalization will laugh at the 'crazy' notion that two individuals on the same internet weren't governed by the exact same set of laws.

    So anyway, until full globalization is upon us (hey.. I guess the one perk is that it'll cut down on spam), your best bet is to upgrade your filters and use Shadango.com. In case any of you haven't heard yet, Shadango allows you to check all of your accounts from one interface (imap, pop, aol, y!, hotmail, etc), PLUS if filters ALL of them for you in real time. I seriously did not believe it worked until I tried it.. I've actually had the first spam-free week since the mid 90s. Check it out.. it works.

    That's my two cents

    Kevin