Slashdot Mirror
Is the CAN-SPAM Act Working?
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
The only chnage I've noticed is that my filters are no longer as effective, now that some of the spams are trying to look legitimate.
Under capitalism man exploits man. Under communism it's the other way around.
and I've recently noticed that all email from my domains is blocked by Hotmail. I guess thats one way to stop the spam -- just block everything.
These pretzels are making me thirsty.
IIRC, the law does empower the FCC or FTC to set these standards. It requires spam to have a subject tag, and indicates that the F[TC]C should choose one within a certain number of months.
So it didn't say "all spam must start with [ADV]," but "all spam must start with a tag to be chosen by the FCC within x months of this law going into effect."
What I would like to see is some kind of convenient exothermic chemical reaction, which would convert abundant materials -- such as, say, wood, or possibly carbonaceous minerals -- into glowing gases we could use to heat things up with. This would be of great use in preparing food and keeping warm in the winter.
Little hint: Before you say "I wish a thing like this existed," you might want to do some research in the field. As a matter of fact, a few projects along the lines of what you describe already do exist. Google for "Distributed Checksum Clearinghouses" (DCC, created by Vernon Schryver) and "Vipul's Razor" (created by Vipul Ved Prakash).
I basically tried to sort out which spams were legitimately adhering to the law (which wasn't too hard), and if anything was iffy I would fill out the unsubscribe link with a throwaway e-mail to see if I got spam from it.
long story short 4 weeks later I'm getting about 170 spams/days. A decrease of 60 messages/day or about 25% less. Not a huge decrease, but noticeable.
The big benefit though is that the spam that is left is more "spammy" than before - hence my bayesian filter has achieved a slighly higher success rate which is good.
December 2003
Total messages: 162,564
Total messages blocked by SpamAssassin: 36,927
January 2004
Total messages: 180,375
Total messages blocked by SpamAssassin: 48,661
So what we have is 10% growth in total messages, but a 31% growth in spam.
Making spam illegal isn't working. Not surprising to me.....
FWIW, I attribute the 10% growth to MyDoom and its ilk - my user base did not grow 10%, nor do I think my users suddenly started sending more email - they just received more stuff that got deleted (but counted) by the virus scanner.
"The most sensible request of government we make is not, "Do something!" But "Quit it!"
Counter to that: it's a lot easier to track, serve, and enforce against a snail address than it is to get that info out of an ISP, with PO Boxes being a middle ground somewhere.
This sig no verb.
Spam Assassin weeds out more than 50%, I run it on my server and I would say I block 90% or better on spam, and in 2 years I have only gotten 2 false positives, and to solve that I added them to my white list. So i don't think 50% is a good number to brag about. (No I didnt read that article).
-G
A man, a plan, a canal, panama
IIRC, the law does empower the FCC or FTC to set these standards. It requires spam to have a subject tag, and indicates that the F[TC]C should choose one within a certain number of months.
So it didn't say "all spam must start with [ADV]," but "all spam must start with a tag to be chosen by the FCC within x months of this law going into effect."
You don't quite have it right. All porn spam needs a standard identifier (to be set by "the Commission", not sure which one), not all spam. See the text of the CAN-SPAM act, in particular section 5 (d) (3). This has to be done within 120 days of Jan 7, 2004.
Chances are that you are getting spam that has been directed at your AOL username for quite some time. An AOL username gets released back into the wild at some point after the user has cancelled their AOL subscription. It used to be six months. I don't know what the time frame is now. You probably just picked a screen name that had been used before and has had spam sent to it since it was first created.
Not all of the dns blacklists are created equal, but I have enough confidence in both the spamhaus and spamcop lists to automatically mark a message as spam if either of those tests fail.
Roving Web-Teleoperated Robot
Wrong, although you fell for that the Bush administration wanted you to fall for, so it is easy to see how that happened.
The actual law says:
(b) LIMITATION- Subsection (a) may not be construed to authorize the Commission to establish a requirement pursuant to section 5(a)(5)(A) to include any specific words, characters, marks, or labels in a commercial electronic mail message, or to include the identification required by section 5(a)(5)(A) in any particular part of such a mail message (such as the subject line or body).
Now, the FTC is required to report back in less than 18 months about the feasibility of requiring ADV: or other indicators, but does not authorize them to require it in the meantime.
Want to try again?
They are basically passing the buck off to whomever has to vote on it in 18 months. [You were right about one thing - it is the FTC, not my idiotic FCC]
- (c) 2018 Hank Zimmerman
But I think someone needs to buy the man a clue about the location of spammers
Worried you might not keep your virginity forever? Try new Linux(TM), guaranteed twice as effective as LARPing
Be listed as the domain contact for a domain where a working address is mandatory. Failure to have a working address is grounds to have your domain cancelled. (Fortunately many registrars offer filtered address these days, but that doesn't help for the addresses that were visible before and are already on lists.
Post to usenet. I stopped doing that years and years ago, but I got on spammers lists back then and those addresses still circulate.
Have your job require that your email address be on the web. Similarlly, be responsible for a business address (like "support") that has to be on the web.
Post to a publically archived mailing list that doesn't remove email addresses. Posting to said list may be part of your job and can't be avoided.
Have someone else post your mailing address to a publically archived mailing list
Have someone else send you a e-card from a sleazy site that resells addresses
Have a moderately common name and use a moderately popular email host, you might get dictionary attacked
Ultimately, if you use the same address for long enough it will leak somewhere, possibly without your knowledge. Are you sure no one you know isn't posting a "Hey, my friend bob@example.com knows about this, as him" to a publically archived mailing list? Switching addresses isn't a very good option; it cuts off communication with other people. Throwaway addresses help (I use them myself), but to suggest that it's a reasonable option for Joe Random User is silly.
Count yourself lucky that you haven't had a problem. I got a new email address with a new job about two years ago. That address has never been used for personal use, just work. I've always obfuscated it on my web page (I need to have it available as part of my job). But I'm already getting 10 or so spam a day. (Although that's an improvement over the 80 or so a day I get at my various personal accounts.)
Search 2010 Gen Con events
I hardly ever get spam e-mails with attatched images - they usually just send HTML messages, and link the image in from a website (I guess spammers are worried about bandwidth bills too). So just disabling HTML will save your connection.