Slashdot Mirror
Is the CAN-SPAM Act Working?
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
I get as much SPAM as ever, and it's not even fried with cheese between two pieces of bread.
It seems to be working about as well as the War on Poverty and the War on Drugs.
The only thing I have noticed is that spam to my junk Hotmail accounts has dropped to almost nothing. I think this is due to a change in MSN's filtering, and has nothing to do with the legislation.
Don't blame Durga. I voted for Centauri.
am getting more spam than ever before. Since the spammers are operating out of foreign bases, I fail to see how the Act will do anything.
It is hard to shut down a worldwide, decenteralized group of people in a single country! It is a good thought, but it is not practical.
It was written to ensure that we CAN be spammed into senslessness. Mine has doubled since the bill took effect.
Professional Politicians are not the solution, they ARE the problem.
The heads of all caught spammers on a sticks in the town square!
My Bayesian filters are starting to pick up on the snailmail addresses the compliant spams contain...
So maybe there was one minor positive point to the law after all. Unless they're simply fraudulent, it's a lot tougher to change a snailmail address than an email or URL address.
We now return you to your regularly scheduled thread.
Bring back public floggings or at least the stocks for offenders for god sakes.
I Am My Own Worst Enemy
Free viagra with every order
"If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
Geek Vigilante-justice with cluebats and larts.
Now I start receiving spams that come with a nice big attached image which tells me that particular email is complied with the Can-Spam ACT.
Rock that crushes, Paper & Scissors that don't matter.
is producing legislation that takes the power away from the spammer and puts it in the hands of either the end user or their ISP so we can filter the crap out.
If it's legit email then they can discuss it. If it's not we should be able to block it. I'm sick of paying for this rubbish.
I am a leaf on the wind
Yet Another message about Spam... I don't like spam. I don't even like to read about it...
my endian is bigger than yours!
It's working in the meaning of the word that means "not doing anything."
Anything in parenthesis may (not) be ignored.
Who actually thought that the US goverment would sucsesfully regulate spam? Its ludicrious, how hard is it for a spammer to set up a server in a country that doesn't enforce such laws?
The only chnage I've noticed is that my filters are no longer as effective, now that some of the spams are trying to look legitimate.
Under capitalism man exploits man. Under communism it's the other way around.
Eventually people will start using an alternative that is a little more spam-resistant.
There was an article about a new spam filter just a couple of hours ago, they were supposed to remove 50% of spam emails. 50% of spam stopped sounds good, but what if 50% is 350 Billion email messages? Spammers only have to double their messages to go around this 'filter' to produce the same volume tomorrow as they produce today.
What I would like to see is a spam signature sharing, Spam Detection Servers SDS would collect hash per spam email sent within a time period. An email will have to be stopped on any email server and verified against an SDS to see if it is not spam before sending it further. How would these SDSs collect the signatures? Feedback from email users, black lists, good filters etc. All email servers will have to register with SDSs, or they become black listed.
But you probably can tell me why this is not going to work, can you?
You can't handle the truth.
What would really help would be placing a $10K bounty on spammers head. As in you bring in the proof of spamming on an individual and you get 10K and their head on a pike on your front lawn.
"If a quarter is two bits, then a dollar's a byte." -R Deric Miller
I recently signed up for an AOL 'free trial.' It took about five minutes before spam started showing up in the mailbox. I was amazed.
(BTW, if you're on a Mac, don't bother--the Mac software for AOL doesn't appear to have been upgraded for a couple years--commercials be damned.)
One man's -1 Flamebait is another man's +5 Funny.
Did this guy pay the slightest bit of attention when the law was drafted?
Then again, this is the same "tech" columnist who bitches about taxi lines at CES, clearly a major issue in the world of computing.
sulli
RTFJ.
Anti-spam laws would work so much better if, say, they started chopping off the fingers of those involved.
Then we could coat the fingers in chocolate and sell them as 'delicacies' in hollywood.
Vengeance AND revenue!
What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement.
I thought one of the big problems with CAN-SPAM act was that it said that no one could set "standards" for what UCE was required to contain.
No [ADV] or anything at the beginning of the subject line. Spammers know that requiring them to do that would make it significantly easier to trash Spam at the ISP level. They must have lobbied hard to make sure that the bill says that the FCC is *not* able to set "standards" for that identifying marks Spam must have.
If you are going to write a law that tries to fight Spam (questionable intentions in the first place), at least give it some power to set "Standards".
- (c) 2018 Hank Zimmerman
What's the point of having this anti-spam law in the US anyways? The real point I mean. Is it an attempt to make American citizens or the people of the world think that the US is tough on spam or something? I mean all that stuff about real address and markers for porn are nice and all, but without the rule of opt-in, you may as well not bother having an anti-spam law at all.
An anti-spam law ought to ensure that people do not receive spam. Period. It doesn't matter if the addresses are real or not. It does not matter if they are marked for pornigeraphic content or not. They should not be receiving that kind of e-mail in the first place, and it should not be a burden upon the people to ensure non-receipt of spam. And if for some reason someone or other wants this kind of e-mail, they should explicitly consent to itsreceipt.
Big unsurprise, no CAN-SPAM isn't working (assuming by "working" you mean reducing spam).
A sample from my spam-bucket this morning (one of those logo design offers) :
[snip]This mailing has been performed by Internet Marketing Solutions, 1719 University Avenue, Bronx NY 10453 USA,in compliance with the CAN-SPAM Act of 2003,
approved and signed by the president of
The United States of America on Dec. 16, 2003.
For this reason, this email cannot be considered SPAM.
My next sig will be ready soon, but subscribers can beat the rush
Mr. Habeeeb Von Dusseldorf who has been in exile in South Africa for the last twenty-three years has recently passed away, his estate is interested in transferring US$450,000 into an american account for use in the fight against the resistance in the colonies. Please reply w/ your Banking information including ABA routing number and account number. following will be vital information for which to you to transfer the money. Your reward for said actions will be 20%.
Thank-you, Have a great day.
Col. Maj. Fariziq Mouselli Achmed.
That's Stanislaw Lem...
Follow the money trail. Get the people committing outright theft (ie, no product), selling fraudulent products ("your dick a yard long in 24 hours"), or otherwise illegal products ("valium overnight"). Make a few RICO cases where you can ensare anyone even remotely involved in the business. Send them all to jail for 20 years with millions in fines.
Why is this so hard? This will put an immediate dent in spam. I'm not naive enough to think it will end it forever, but if enough people get nailed hard enough (including ISPs, banks, and others through a RICO prosecution) it will be damn difficult and daunting to even BE a spammer, let alone make any money at it.
Instead we'll waste countless hours talking about making spam illegal, when it's the smallest of all the crimes involved in a typical spam message.
Follow the cash. How does spam work? It works by getting someone to give the spammer money. Go after the money. Unfortunately, the CAN-SPAM act makes this more difficult, since individuals cannot go after the spammers, only ISPs.
Here's what we need to have in law:
Our office probably gets more SPAM than ever. Just wish those SPAMers stop sending it to old user e-mails...
Hmm, maybe if I send the SPAMers an e-mail to take off the old addresses, that may work...
It's easier to say what you want, when you realize that your opinion is Flamebait to someone without a sense of humor.
It was just a pathetic attempt by the politicians to show that they have done something in an ellection year to the newbie voters in computing. The only thing that would work is what microsoft propozed, which is to have to pay a fraction of a cent, to solve a puzzle which would take 10 sec of computing time.
Doesn't this act allow certain types of political spam as well?
What if spammers just had one person run for public office (oficially on paper but not seriously) and then just say, I'm running for blah blah... and P.S. Is your penis too small? I'm here to help. *SPAM*
I fact the political statement could be a tiny bit of text at the bottom under the 'opt out' link.
My spam is canned and put on pallettes now and delivered by semi truck.
Before CAN SPAM.. my SpamKiller trap had about 3100 spam per month.
After CAN SPAM... my SpamKiller trap has about 4200 spam per month. Steadily growing, as always.
Yes, we did.
I don't know anyone from Argentina, Brazil, China, Hong Kong, Malaysia, etc., so I blackhole their addresses (along with ISP's dynamic IPs). This can sometimes cause problems, but as far as a home solution, it's great.
I block the addresses at my firewall so I automatically eliminate most of my spam as well as most port scans and scripted exploits (since a lot of them are foreign/rooted systems).
I wouldn't do this at a large company, but you can probably get away with it at a small domestic U.S. business that doesn't need international communication through the Internet.
In my not so humble opinion these types of laws & legistlation,
is just about as effective as curbing spam distribution as screendoors
would be at stopping water from coming in on a submarine
I love being a pessimist and this is one thing that I see
no easily stoppable solution for.
I wish I had an idea of how to stop spam being sent out
rather than a lot of people who try to fight it on the receiving side.
Not that it's a bad thing to fight, or that we should just accept
it as the norm, it's just getting to the point of complete futility.
I'm not trying to encourage anyone to throw their hands up and submit
But seriously, without a total "re-do" of the internet and it's connected
servers/services, there's nothing that can stop them because they're simply
too hard to track down and more importantly prosecute effectively.
As usual, I'm reminded of a movie quote, this time, from
Apocalypse Now where at the beginning the General is telling
Martin Sheen's character about Colonel Kurtz and how he's had a break with
reality/sanity, he mentions "...there's a struggle within every human between the rational and the irrational, good and evil... and good does not always win..."
That's my point, even those of us who hate spam more than we hate our own lives
are on the *right* side, we're just not going to win...
Need I say more?
.il, .cz. .ru, .tw, etc, has increased quite a
bit. So, since I block all of them, the amount of
spam I actually see has dropped. Otherwise,
no change in the total volume.
Grr... Okay, the lameness filter has forced me to say more. Fine.
I receive roughly one thousand spam messages per day.
Since the passage of the CAN SPAM act, that has not decreased in the slightest. I have noticed only a single difference, which actually has benefitted me, but won't work for everyone - The proportion of messages coming from "suspicious" foreign domains, like
There is law, and then there is enforcement. I'm sure there is still a no-jaywalking law in New York City. Does anyone care? No, because there is no penalty. When some spammer does Kevin Mitnick-style time for his crime, the law will mean something.
Why would I buy Viagra from someone who can't spell it?
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Actually, no... you can't. Spammer. (Oh, the irony.) ...
(Double irony, even, since you can't first post on your self-proclamation of your ability to first post in response to an anti-spam article.)
Yahoo has been doing a fantastic job of filtering spam. Of the hundreds (a thousand?) spam messages I get each week, only a handful make it to my inbox. The rest get put in the bulk mail folder. However, without their excellent filtering, email would be unusable.
Most people I know say they get tons of spam... I really just don't see how. Are you posting it to the web somewhere? Are you giving it away to pr0n sites? Do you still insist on useing that aol, earthlink, hotmail, etc address for no good reason? I never get any spam. I don't work too hard for it either. I create a new email account when I want to order something online, and then delete it when my order ships. I have an account for ebay, and paypal and the like. To be honest, that one gets 1-4 spams a week. And then I have a personal account that NEVER gets any spam. I don't have a filter, I don't do anything special really. Can someone tell me how they manage to get so much?
I am a viral sig. Please help me spread.
exposing spammers' real-life addresses on slashdot has worked wonders in the past against some notorious spamkings...
i think we should double our efforts.
Maybe we can use the DMCA here -- they're trying to circumvent SPAM detection technology...sure it's a pretty serious stretch, it'd be applying a bad law to a bunch of bastards. Bad law (applied to) bad people is just like multiplying two negatives to equal a positive, right?
-Turkey
This bill, as federal, superceded it. Lamely.
Which is pathetic and sad. /me wants to see a spammer get REAL jail time for
stealing computer resources on high-jacked machine
pushing scams that are ALREADY illegal
Real jail time in a real jail with real property seizure. Loudly.
There are existing solutions that work like this. Brightmail comes to mind. These types of solution still do not stop all spam, because spammers insert random characters into their emails so that each email will 'hash' to a different value.
I don't know why people complain about email spam. It's still a thousand times better than real junk mail in your house mailbox.
-Do you need a new credit card
-You have won 1 million dollars
-Missing child, help donate
-Important please open: Do you need a new credit card
At least email spam is creative.
go to an internet cafe
reply to an offer of viagra pills delivered overnight, and pay with a credit card, and give a fake address.
wait for the spammer to process the charge.
call credit card company and ask "WTF is THAT charge all about?!"
Until the spammers money flow is cut off no amount of laws making it illegal will have any effect. What should be happening and I find this RARELY addressed is holding the businesses that spam links to responsible.
Passing laws like that is nothing but a show folks. Put on by our inept governmental leaders (that's a stretch of terms) to say they are working on the issue. Until those businesses that use spam to sell their products are held accountable my tax dollars (once again) are being pissed down the toilet.
My karma is not a Chameleon.
I've had more than one piece of unsolicited junk hit my inbox with the justification that it is "CAN-SPAM" complaint. Given that the law was essentially written by the DMA so that they could get the whores in congress to legalize theft by conversion as an advertising model, it looks like it's working. Working to encourage spammers and spam-friendly ISPs, that is.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
but you're right, AOL for Mac OS 9 or less, is still at v5.
So, update your Mac, then try out AOL for Mac OS X --- it's Carbon, not Cocoa, so no Services &c. but is serviceable enough --- I'm even able to use it to get a 'net connection on my wife's PowerBook for it to share over its AirPort card so that I can do the wireless web surfing thing on my pen slate.
And to get back on topic, AOL for Mac OS X offers the same ``Report Spam'' button on the incoming mail dialog list as the Windows version does. Sure wish the mail controls offered subject-based filtering though....
William
Sphinx of black quartz, judge my vow.
Well, since I read most of his stuff in Russian, I read his name as Stanislav (where the last letter is pronounced fully.) So the English translation of his name is immaterial.
You can't handle the truth.
Of course the law is working! Look at the evidence:
1. Everyone is getting just as much as ever - if not more.
2. The spammers are basically protected now. They can do what they want, and corporations have to accept it. And they can't sue either - the US fed govt reserves that right (and will not exercise it, except for show, when the peanut gallery gets a bit too suspicious).
So it's pretty obvious then, that it's working? So what is everybody worried about?
What we need are a bunch of lawyers who are techy/geeks (like us). They form an LLC partnership. All of us submit to them our spam, they prosecute under the law for us. We give them a cut of the money once it rolls in. A legal lawfirm with lots of good lawyers, adept at what they do, can make the spammers pay. If they don't pay get an injunction on the spammer's assets--which we sell at auction--splitting the proceeds with the lawyers. Since spam isn't going to get better, this would be a perpetual motion machine...and just might make a couple of bucks at the same time.
Hell, it's never been tried, so it has a chance, although I still predict failure.
What I would like to see is some kind of convenient exothermic chemical reaction, which would convert abundant materials -- such as, say, wood, or possibly carbonaceous minerals -- into glowing gases we could use to heat things up with. This would be of great use in preparing food and keeping warm in the winter.
Little hint: Before you say "I wish a thing like this existed," you might want to do some research in the field. As a matter of fact, a few projects along the lines of what you describe already do exist. Google for "Distributed Checksum Clearinghouses" (DCC, created by Vernon Schryver) and "Vipul's Razor" (created by Vipul Ved Prakash).
Aside from trying to set law in another country, to dare ask if the United States can 'force' (because that's the only means they can use to accomplish the act) countries to comply, if US politrixters think some war torn poor country is going to focus on cracking down on people who are actually making money for their country via taxes, or whatever the case, those politrixters must be on the Rush Limbaugh oxycodone bandwagon.
As for filtering, companies try and try, and the more they try, the more spammers adapt and find other means to send messages. Section 1(a)(b(d)c)) of subsection 2(4)a(v(z)) states no one can send text messages unsolicitied. Know what? The spammers will send jpegs and so on and so on. Nothing more than playing the psyche of the people for votes. Spam has been an issue for a while now, so why is it come crunch time, they're rushing to pass laws.
MoFscker
I basically tried to sort out which spams were legitimately adhering to the law (which wasn't too hard), and if anything was iffy I would fill out the unsubscribe link with a throwaway e-mail to see if I got spam from it.
long story short 4 weeks later I'm getting about 170 spams/days. A decrease of 60 messages/day or about 25% less. Not a huge decrease, but noticeable.
The big benefit though is that the spam that is left is more "spammy" than before - hence my bayesian filter has achieved a slighly higher success rate which is good.
Maybe you'd be interested in a free Rolex Replica?
If the congresscritters that sponsored it get re-elected, than it worked! What... you mean is it working to eliminate spam? Do you really think that was it's purpose?
"Freedom means freedom for everybody" -- Dick Cheney
exactly
It's very simple, really. Make the sender pay for every message they send. How?
Simply reverse the email architecture on the 'net. Turn the current method of sending and receiving mail around. Instead of messages being immediately sent to the recipient's server, send the recipient a very tiny message saying that a message with this subject is waiting on the sender's computer for the recipient to pick up.
It would require a change in all the email software currently in use, and the only real hurdle that it provides is that people who are no longer on the Internet all the time can't send mail, but I'm sure someone would be willing to provide that service for a fee.
This would also make it much more difficult to forge headers on a mail, since you would need a valid IP address and/or domain name in order for anyone to get the actual mail that you wanted to send them.
Now, if you spam millions of people peddling whatever it is you're peddling, you'll be using very little bandwidth, a hundred or so bytes compared with several K, until those people come to pick up your message.
Furthermore, you won't be able to hide the originator of the mail nor would you have the problem of open relays spewing a constant stream of junk.
Couple this with PKI and you have a very flexible and very fair system.
The problem that I have with spam is that the current email architecture places 99% of the costs of email on the recipient. If you swing that around and make the spammers have their own, high end servers for handling the millions of mails that they want to send, then spamming will vanish in a hurry.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
What about the part where the SMTP servers that do not use these methods of stopping spam are black listed by those who do?
This will only work when most email servers participate.
You can't handle the truth.
December 2003
Total messages: 162,564
Total messages blocked by SpamAssassin: 36,927
January 2004
Total messages: 180,375
Total messages blocked by SpamAssassin: 48,661
So what we have is 10% growth in total messages, but a 31% growth in spam.
Making spam illegal isn't working. Not surprising to me.....
FWIW, I attribute the 10% growth to MyDoom and its ilk - my user base did not grow 10%, nor do I think my users suddenly started sending more email - they just received more stuff that got deleted (but counted) by the virus scanner.
"The most sensible request of government we make is not, "Do something!" But "Quit it!"
BTW. aren't software patents great? I came up with this idea of Spam Detection Servers and it appears that someone else already has Distributed Checksum Clearinghouses (same thing) but when a software patent is granted, it prevents everyone else from using the idea even if it was independently created.
You can't handle the truth.
Before January 1, I was receiving a fairly steady 90-110 spam messages per day (of which Spam Assassin would catch about 50). Come the new year, it ramped up sharply, leveling off at 250 messages per day since February 1. Spam Assassin only recognizes 30-40 of them per day now.
Let's hear it for more effective federal legislation.
Was it supposed to work? It was obvious to anyone with a semblance of a clue that it wasn't going to have an immediate impact. Its just supposed to try and firm up the ground for something more effective I think.
This is not the greatest sig in the world, this is just a tribute.
A US politician realized there are other countries in the world?
I don't believe it.
If you add in all the virus mail floating around, the load has only increased on my systems.
At last check, I blocked about 700 netsky messages today.
Yes Francis, the world has gone crazy.
Spam Assassin weeds out more than 50%, I run it on my server and I would say I block 90% or better on spam, and in 2 years I have only gotten 2 false positives, and to solve that I added them to my white list. So i don't think 50% is a good number to brag about. (No I didnt read that article).
-G
A man, a plan, a canal, panama
I had my university email addy, which used to be spam-free. How they got their hands on it, I'll never know but I assume it was one of the stupid Uni pages where you can find class lists etc.
Once they know it's a working addy, you're pretty much screwed. They never stop sending, as long as it doesn't bounce it's 99% more likely to actually arrive at someone than just random brute force/dictionary attempts.
It gets put on lists and sold around to other spammers, and it never stops. Even if they've realized they'll never get anything from me, they can still sell it as one of many addys that don't bounce.
I'm not at the massive levels just yet. But I can tell you that it is continously growing. Sooner or later it will become unbearable here too, it's simply a matter of time.
Kjella
Live today, because you never know what tomorrow brings
about as well as the Do Not Call list.
This has only served to increase spam by preventing individuals from filing lawsuits on their own. Without this law in place California law would have allows residents to sue for $1000 per spam. That would have gotten rid of many spammers.
Fight Spammers!
well, Frankenstein is not thankful for your wish on Thanksgiving, that's for sure. I can't speak for Tarzan and Tonto though
Hint : When your subject is "I, for one..." your post should continue "...welcome our new spam overlords".
But I think someone needs to buy the man a clue about the location of spammers
Worried you might not keep your virginity forever? Try new Linux(TM), guaranteed twice as effective as LARPing
Be listed as the domain contact for a domain where a working address is mandatory. Failure to have a working address is grounds to have your domain cancelled. (Fortunately many registrars offer filtered address these days, but that doesn't help for the addresses that were visible before and are already on lists.
Post to usenet. I stopped doing that years and years ago, but I got on spammers lists back then and those addresses still circulate.
Have your job require that your email address be on the web. Similarlly, be responsible for a business address (like "support") that has to be on the web.
Post to a publically archived mailing list that doesn't remove email addresses. Posting to said list may be part of your job and can't be avoided.
Have someone else post your mailing address to a publically archived mailing list
Have someone else send you a e-card from a sleazy site that resells addresses
Have a moderately common name and use a moderately popular email host, you might get dictionary attacked
Ultimately, if you use the same address for long enough it will leak somewhere, possibly without your knowledge. Are you sure no one you know isn't posting a "Hey, my friend bob@example.com knows about this, as him" to a publically archived mailing list? Switching addresses isn't a very good option; it cuts off communication with other people. Throwaway addresses help (I use them myself), but to suggest that it's a reasonable option for Joe Random User is silly.
Count yourself lucky that you haven't had a problem. I got a new email address with a new job about two years ago. That address has never been used for personal use, just work. I've always obfuscated it on my web page (I need to have it available as part of my job). But I'm already getting 10 or so spam a day. (Although that's an improvement over the 80 or so a day I get at my various personal accounts.)
Search 2010 Gen Con events
Stop and think a minute, people. Where are our priorities? On the evening news last night, I heard a man convicted of killing a two year old by punching her with his fist (seven times!) sentenced to five years. Five years. The two men who beat my brother in law to death got fifteen years apiece. You can sometimes get a total sentence of seven years (with time off for good behavior) when you roll up and shoot someone you don't know in the head.
Spam is annoying, and undoubtedly a drain on resources, and a problem to be addressed - but I promise you that I would accept a thousand spam emails per day if it would save the life of one little child.
Where are our priorities?
Thinking outside my Head
You can't judge the effectiveness of regulation until there has been enforcement. Then you need to wait until "the world" has had time to weigh the risks of future infraction. E.g. it can only succeed if well enforce - strongly enough to send a message to make people think twice before spamming.
There exists no way of exchanging information without making judgments. --Bene Gesserit Axiom
There are a number of criticisms that come to mind when I read that. First of all, I find the conclusion lacking in objectivity:
The typical American defined as "poor" by the government has a car, air conditioning, a refrigerator, a stove, a clothes washer and dryer, and a microwave. He has two color televisions, cable or satellite TV reception, a VCR or DVD player, and a stereo. He is able to obtain medical care. His home is in good repair and is not overcrowded. By his own report, his family is not hungry and he had sufficient funds in the past year to meet his family's essential needs.
What that says is that the percentages of ownership for each of those items among the officially poor is above 50%. What it implies is that the majority of poor people have all those things. But the question needs to be asked: what 50%? Being poor is not being able to buy everything you need. If someone decides to buy adequate food, clothing and shelter instead of adequate healthcare, they'll be added to the "sufficient" categories for food, clothing and so on, but will fall short in the healthcare demographic. However, since every family makes unique decisions in this matter, I'm afraid one just can not overgeneralise in this way to make statements about the "typical" poor person. It's a misuse of statistics.
I also don't like the remarks that poor people are only poor because they don't work enough (which implies that poor people are inherently lazy). There is such a thing as structural unemployment. Some people won't get jobs, regardless of how much they want them. How big is structural unemployment in the US? Does it match the amount of poor in some way? This article doesn't say. That makes it biased in my opinion.
*looks at spam count for yesterday* "23,916"
*Looks at spam count for last year, same date* "14,525"
Wow, that CAN-SPAM act sure as hell is workin'.
On that topic:
This is rather amusing if want a bit of reading.
They continue to spam you after you "remove" yourself from the list. I've been doing controlled experiments on these sort of things.
Somebody spidered an autogenerated e-mail address *once* from my webpage (the address encodes the time and IP address of the requester) in violation of the robots.txt file.
This has proven most instructive. I've written up some of my experiences on my weblog. That single address has since been sold, resold, and resold again to a variety of folks. At one point, it was sent an e-mail trojan. It's received all kinds of different spam. Interestingly enough, it has not received any Nigerian advance-fee fraud scams.
Lately, there was a removal form with a JavaScript script included that would prevent you from typing in an address to be removed.
One really funny spam is a dating site that said that one of my friends has set me up on a blind date. To an address only known by spammers.
Gentoo Sucks
I dunno if it's working, but it sure was a hell of a lot of work for my shop to change all our legitimate email campaigns to conform to it requirements.
It's just like car door locks.. the CAN-SPAM will only keep the already honest guys honest.
Spammers are gonna be spammers.
It does regulate spam. It legalized it.
Spam is now legal insofar as the spammer includes adv: and a working email address (doesn't even have to check it).
Working state laws have been pre-empted. Many victims of spammers in Michigan and California received judgments, but no longer. Those judgments kept spammers on the run, making them hide their money in offshore accounts and keeping their apparent net worth=0 (excepting Ralsky).
Since spam benefits American companies owned by American citizens, real anti-spam legislation would have included sanctions against the beneficiaries of spam, including double penalties for income tax evasion and money laundering.
Heck, I just sue them. See the check.
I can definitely say that Can-Spam is not working. I saw a definite increase in the amount of spam I receive per day. My employer is also trying to deal with it, but so far without a lot of success. With around 500 employees, we're receiving on the order of 300,000 emails per day, most of which are spam. I like the idea of a bounty on spammers. They should legalize bounty hunting of spammers, where a licensed bounty hunter sues a spammer at the request of the spam recipient. Bounty hunters could compete by offering different percentages of their winnings. If we did this, I imagine spam would dry up in this country real fast. Besides going after the spammer, they should also be able to sue the company paying the spammer to spam. Of course if it's a joe-job then the spammer should get fined triple damages, with the extra damages going to the victim. I'm getting hit right now. Some spammer is using one of my email addresses as his from address to mass-spam a virus. I've received literally hundreds of bounced emails, unfortunately most of which do not have enough information to track down the perpetrator. I know I've probably pissed off a lot of spammers because I typically report any spam I receive immediately through Spamcop. It's a bit of work, but anything to cost a spammer money and hurt a spammer is a good thing.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
I haven't heard of a single case being brought against a spammer. WTF are the FTC and FCC doing?!? A few high profile cases should scare the bejeezus out of most spammers...
I'm sure this will get flamed to a crisp, but too bad, I have to say it....
The only way to kill the spam is to openly and agressively retaliate against the source nodes. The spam is coming from open mail relays, hijacked ip blocks, and Aunt Bessie's exploited cable-internet connected Windows98 pc.
If we want to stop the spam we have to shut down these nodes. In any other aspect of life this would be called "self defense", but in the digital world this would be a fellony
I want a law passed that says my smtp server can scan an incoming message, and if identified as spam by a network of peers... DDOS the node it came from. Aunt Bessie will notice her internet stoped working and will call 'Mobile Comuter Fixit Guy' who will check her box and find it running everything from Back Orofice to MyDoom. He'll fix it for her and we're all better off, Aunt Bessie included.
If you knock out the offending nodes, someone will notice and go fix them. Otherwise they continue to spew spam indefinitely.
You can spout all the moral arguments you want, but this is the only way it's going to be stopped.
Now, I haven't done this, won't do it, and don't advocate it - it would be a crime. I'm saying I wish it wasn't.
-=-=-=-=- osjedi uses Debian GNU/Linux. -=-=-=-=-
Since the CAN-SPAM bill, I've been receiving way more spam than before. Before the bill, I was getting an average of 15 - 20 spams/day to my yahoo account; since the bill, I now receive upwards of 80 - 100 spams/day.
:)
I think one of the biggest issues with an opt-out bill like this is that, basically, they have given every business and person in the world permission to send you as many emails as they want until you spefically tell them to stop. This is particular silly since in many cases you can not tell the legitimate commercial spam from the email harvesting spam, so you can not safely respond to any of them which means you will continue to receive spam after spam.
On top of this, who in the fuck has time to respond to every single piece of junk email they get every day to tell these people to fuck off? There aren't enough hours in the day which means that (even though the spammers were already doing it) Congress has given every business on the planet permission to deluge your email with commercial spam and there's nothing you can do about it other than try to filter.
The problem with filtering is that since these spammers are using your bandwidth and your mail server's processing cycles when they send you their message, they are effectively stealing time and effort from you or your business to deal with determining whether the message should be forwared on to your email client.
So, it seems there are a few things that need to be done:
* all non-"traditional" marketing must be opt-in. I don't want spim, spam, junk snail mail, phone spam, etc. TV and Radio? Fine, the advertisers pay for it, I can change the channel, they aren't depriving me of anything but some thumb power to operate the knobs and buttons.
* any commercial email must apply to the domain admin of the target for permission to send email to the domain (this can be automated to some extent), otherwise, no email is accepted from the commercial entity. It wouldn't take much to set up a system which can tell that multiple emails are coming in to a domain from the same sender....if this sender hasn't applied for permission, the mail server does not even allow the messages to be uploaded to the server.
* HUGE penalties for spammers along with HUGE pentalties for the hosting companies and governments if they do not take action to prevent known spammers from continuing to operate.
* a Known Spammers public registry (similar to the Sex Offenders registry), so that hosting companies can have ready access to prevent selling these people account and the public is aware of who these people are and where they are operating
* all sorts of other stuff that I don't have time to go into
Of course, one of the biggest impediments to a lot of this stuff is that congress and the president will never fully fund any of these efforts, so there will be no enforcement
I got this in my email box today at work. I have removed the domain, for obvious reasons..
Email Delays Addressed
We are working hard to manage the situation. The problem is linked to a tremendous increase in SPAM e-mail being sent to addresses within XYZ.com. We are now processing up to 11,000,000 messages per day, compared to 2,000,000 messages per day three months ago. Of that volume, 92%-98% is SPAM.
I have been keeping detailed records of all email received for the past 450 days. For the first 350 days, the volume of spam I have received has increased exponentially. For the past 100 days, my spam rate has levelled off at approximately 275 messages per day. I have not cancelled any domain names or changed my internet habits in any way, but my spam quantities are no longer increasing. This is great news, since I will now not need to improve my Bayesian filter as early as I had expected. Currently, about 3-5 spams reach my inbox weekly, with no false positives in the past 6 months.
Bad law (applied to) bad people is just like multiplying two negatives to equal a positive, right?
Negative. While it sounds enticing at first, the end result will be that bad law also being applied to "good" people. Just like bad people, bad laws cause harm to everyone, good or bad.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
Ceci n'est pas une sig.
:wq!
I noticed that my Yahoomail account experienced a *dramatic* drop in spam levels for the first week or two after the CANSPAM Act was enacted.
What's more, the very few spam that did arrive were liberally laced with physical addresses, opt-out links and other concessions to the provisions of the Act.
It's quite likely that spammers were worried about sending spam to "big name" domains for fear that they'd be prosecuted under the Act.
Of course those prosecutions didn't happen so the spam levels have gradually risen back to their pre-Act levels and few of them bother to try and comply with the provisions of the Act any longer.
A law is only any use and only has an effect if the authorities are prepared to back it up with consistent, stiff and timely enforcement.
In that regard, the CANSPAM Act is nothing more than a joke.
CAN-SPAM appears to be working much as designed and intended. Spam is now legal in the US. We get more, Congress-critters get less, they get to campaign that they took action, problem solved (hint: California law superseded).
What? You didn't honestly believe it would result in any less spam, did you?
Yahoo Mail is extremly good as far as canning the whole spam issue. For as long as I can remember, all of the spam I ever receieved went straight to my Bulk Mail folder. Good job Yahoo!
No. It hasn't even made a dent.
--
If I actually could spell I'd have spelled it right in the first place.
Yes, but the fact it came out with zero 'false positives' means that it's handy to use in parallel with more conventional beyesian and list type spam filters.
Backbone providers get paid by the amount of traffic, not the type or quality of traffic. It is in their financial interests to pass any kind of traffic and sign up anyone who will generate alot of traffic. There was a recent Slashdot article about how spammers are just acting logically, in their best financial interests. Isn't this equally true of backbone providers?
While I'd prefer to see a solution in code, like some kind of server authentication/certificate. If we want an effective law, I think it needs to be directed at backbone providers. Spammers are many in number, always moving and hard to regulate. Backbone providers are few in number and more likely to feel the reach of Law. We've all heard of "pink" or spam-friendly contracts that go against the TOS. That's one target. If we wanted someting really effective, how about a law that says ISP's only have to pay for legitimate traffic, or perhaps pay a reduced rate for spam traffic? That would light a fire under backbone providers to do something about spam!
Competition Good, Monopoly Bad.
I keep (quasi-) daily count on the amount of spam I receive. Today is actually my 4-month anniversary of my data set, so I've taken extra time to compile my data and post a chart of my spam over this period. The CAN-SPAM act (introduction and effective dates) have been marked, and the data shows that it's not doing a thing (for me at least).
There are a few dips for holidays, and since CAN-SPAM became effective on New Year's, there was a corresponding dip. But the amount my spam went down was roughly between the Thanksgiving dip and the Christmas dip, so nothing that would indicate there was anything else going on other than the holiday. Afterwards it shot right back up again.
I've also included a line on the chart to show my average spam, only after the CAN-SPAM act, just to make sure the data was not effected by my numbers from last year. And sure enough -- a steady rise.
total spam since 10/19/03: 84,415
most spam in one day: 1,054 (12/3/03, during some kind of wild post-Thanksgiving holiday surge)
percent filtered: 78.05%
total ham since 10/19/03: 1,702
spam to total email ratio: 97.98%
Punctanym: alternate spelling of words using punctuation or numerals in place of some or all of its letters; see 'leet'
no
According to the 40 messages in my Inbox, CAN-SPAM is working just fine!
I was thinking of converting to paganism, but where the hell can you find sacrificial virgins these days?
Isn't this what Vipul's Razor and DCC are supposed to do?
The real "Libtards" are the Libertarians!
Did I miss something. The spammers still "can spam" us. Wasn't this what the legislation was all about?
JET Program: see Japan, meet intere
First a short bit of introduction, I own a web hosting company, we host over 13,000 web sites across over 50 web servers, so SPAM is part of my life.
CAN-SPAM is a dismal failure, I would call it a joke, but it is far, far from funny.
Now not only do I have to deal with the usual spammers, and open formmail scripts getting us aggravated by the anti spam groups (will people EVER learn to install formmail.php|pl|cgi securely?) But now I have a new aggravation, people who want to spam citing CAN-SPAM because they are using it to legitimize their spam "But we're following ALL of the rules in CAN-SPAM we are NOT breaking any laws!!!" I'm hearing this quite a bit, and it's pissing me off.
I just point to the part of our AUP that says "no bulk email, period" and send them on their way. But now not only do I have to worry about shutting down spammers and open scripts and dealing with spews and spamcop (et al) about the spam, I have to worry that some damned spammer is gonna sic his lawyers on us because we won't let him spam yet he's staying within the CAN-SPAM guidelines.
Somedays I am tempted to enroll in some junior college and learn how to be a mechanic, or welding, welding is cool, take two pieces of metal, and make them into one! haha
--- www.f-theocean.com
Since the law was written by technical illiterates who wrote a law that didn't actually outlaw spam, I'd say the law is working to spec.
How many times was it stated here on Slashdot and on several other geek-sites that this law would help spammers? Why is this reviewer shocked!?
There's a "Center" for just about everything - maybe some Slashdotters need to form a Center for Evaluating Technical Subjects of Public Importance. The great cetspi.Then, when there is a simple, easy to understand and use header, and it's normalized and standardized.... Most email clients will adapt a way of dealing with them. Emails with your "key," or a key you accept as from someone you know on your key ring come in and go right to you. No key, no entry.
I say, don' make it "highly secure and encrypted" just easy. And, if someone hijacks a key, and uses it for spam... It's the act of cracking and stealing the key that is illegal, not the spam... That could be prosecuted.
Hardly an original idea, but I see a new standardized mail header going a lot further than another US law...
I'm pretty sure that's what Vipul Razor2 (part of SpamAssassin) does.
Share and Enjoy!
Very true indeed. I think to work properly you need a three-legged approach to spam:
1: legislation - to make sure there's no comeback
2: technology - to give us a chance to make a difference on a daily basis
3: education - to teach people not to click on the links and to teach companies not to use spam as a marketing tool. What are they thinking?!
I am a leaf on the wind
That means it's working right??, if they didn't want to make things worse, why the hell did they come up with legislation thats spammer friendly.
in my life God comes first.... but Linux is pretty high after that
Francis Smit
But not the problem of networks of zombie machines taken over by trojans and viruses.
If the crooks send millions of items of spam from thousands of compromised home computers, then they won't be deterred by having the sending machine incur the storage costs.
Hmm, though -- you've actually facilitated anonymous email with your proposed architecture. Imagine "pick up email from _whistleblower_ at http://www.anonymizer.com?id=687VGW789".
I haven't really had a problem with getting SPAM at my yahoo email account but SPAM seems to be hitting my companies email server worse then ever. Our exchange servers get hit with several thousand emails of viagra ad's a day. Not to mention those herbal viagra ad's with the email subject "Turn your spud into a stud" or "Do you have a micro d*ck". I know they only need a few people to buy it to make the SPAM profitable but really who at work is actually thinking "my spud is to small"? Its not the size that counts its how you use it!
"Anything tastes good if you deep fry it."
Anyone who wants to now CAN-SPAM you as much as they like, legally.
Whoever was silly enough to think the Act was meant to do something else?
"Why are you watching the washing machine?"
"I love entertainment, as long as it's clean"
I automatically send all spam to uce@ftc.gov and let them deal with it. If the client starts getting notes from the FTC that they are about to be investigated as part of an ongoing investigation of a spammer they are using, maybe they will decide to forego using spammers if they keep getting investigated too.
I think the subject line says it all.
I noticed that neither proponents of CAN-SPAM is willing to take thier own medicine and post their e-mail addresses on their web sites. Maybe we should help educate them and try and guess what their e-mail addresses are -- For exmaple, the following would be good guesses:
n ate.govn .senate.gov
senator@burns.senate.gov
conrad_burns@burns.se
senator@wyden.senate.gov
ron_wyden@wyde
ronald_wyden@wyden.senate.gov
Anybody got and better guesses?
An engineer who ran for Congress. http://herbrobinson.us
Thousands of messages since February contain paper mail addresses. No reason given, and no mention at all of CAN SPAM.
"Wireless : LAN
The Bronx is the total opposite of Manhattan in terms of Internet/Tech Business, and only 3 or 4 opportunities have come up in my job search. BUT the zip code seems like a quiet hotspot for tech biz.
This DID piss me off: it is STILL spam, law or no law, but they just cannot be CANNED if they follow the law, like medical marihuana users VS anyone living with these users.
I'm mighty curious to go to the address again and see the real business growing there. I just imagined non-zombie spam coming from Florida or important locations like Manhattan itself, and not this god-forsaken location for IT.
The effective enforcement is when their neighbours cease to sell them groceries.
The problem with the CAN SPAM act is that it didn't make spam illegal.
I think most folks (except spammers) will agree with this definition: spam is unsolicited bulk email (UBE):
Unsolicited: I didn't ask for it.
Bulk: They sent more than a few.
Email: Duh.
CAN SPAM made "opt-out" spam *legal*. It preempted stronger state laws that demanded *opt-in*.
opt-in: You asked to receive it *before* receiving it. Opt-in means *confirmed* opt-in, meaning that you ask for it, then you get a confirmation email that you have to respond to. If you don't respond, you are dropped from the list.
opt-out: You have to ask *not* to receive it *after* receiving it.
Spammers *love* this law. For them, it is the "YOU CAN SPAM!" act. They get one free chance to spam you before you opt out. Then they can change their name, and they get *another* chance to spam you. Lather. Rinse. Repeat. They can still send UBE with impunity.
Even if the government had any will to *enforce* CAN SPAM (and they don't - there's little funding for enforcement), they couldn't stop spammers from working around this law.
IOW, the law is worse than useless. The only reason it exists is so that congress could say "they did something about spam" before election season. I think the Direct Marketing Association actually *wrote* the damn thing. If not, they certainly had significant input, because the law is *exactly what they wanted*. I'm certain that the DMA has lots of nice fat campaign contributions for everyone who voted for it. Please find out whether your representative voted for this joke of a law. If they did, they were essentially *lying* to you, because the law doesn't do jack to prevent spam.
-- The pinhead celt
It can be made self-supporting by fines. (If the spammer doesn't have any assets, no problem; the Thriteenth Amendment has an exemption for criminal convicts.)
/. If the government wants us to respect the law, it should set a better example.
It can partially work when spammers are sued or prosecuted.
If you read the fine print, I get the feeling that even for the foreign spam operators who send the spam on behalf of the company that is marketing the product/service, that the marketing company can be as liable as the spammer. It would be great if someone could confirm this and if they were directly pursued.