Slashdot Mirror
Is the CAN-SPAM Act Working?
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
am getting more spam than ever before. Since the spammers are operating out of foreign bases, I fail to see how the Act will do anything.
It is hard to shut down a worldwide, decenteralized group of people in a single country! It is a good thought, but it is not practical.
Yet Another message about Spam... I don't like spam. I don't even like to read about it...
my endian is bigger than yours!
Who actually thought that the US goverment would sucsesfully regulate spam? Its ludicrious, how hard is it for a spammer to set up a server in a country that doesn't enforce such laws?
Eventually people will start using an alternative that is a little more spam-resistant.
What's the point of having this anti-spam law in the US anyways? The real point I mean. Is it an attempt to make American citizens or the people of the world think that the US is tough on spam or something? I mean all that stuff about real address and markers for porn are nice and all, but without the rule of opt-in, you may as well not bother having an anti-spam law at all.
An anti-spam law ought to ensure that people do not receive spam. Period. It doesn't matter if the addresses are real or not. It does not matter if they are marked for pornigeraphic content or not. They should not be receiving that kind of e-mail in the first place, and it should not be a burden upon the people to ensure non-receipt of spam. And if for some reason someone or other wants this kind of e-mail, they should explicitly consent to itsreceipt.
come on, spam isn't THAT bad. Yes, its annoying, yes it takes time away from real things, but is it really so bad that you'd actually want to flog someone publicly?
I get thousands of spam messages per day and I don't consider it anything more than a very slight annoyance.
there are a lot of things that should recieve legislative attention long before spam recieves it. think about that next time you complain that your favorite cause isn't getting enough attention.
There is law, and then there is enforcement. I'm sure there is still a no-jaywalking law in New York City. Does anyone care? No, because there is no penalty. When some spammer does Kevin Mitnick-style time for his crime, the law will mean something.
Why would I buy Viagra from someone who can't spell it?
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Yahoo has been doing a fantastic job of filtering spam. Of the hundreds (a thousand?) spam messages I get each week, only a handful make it to my inbox. The rest get put in the bulk mail folder. However, without their excellent filtering, email would be unusable.
exposing spammers' real-life addresses on slashdot has worked wonders in the past against some notorious spamkings...
i think we should double our efforts.
There are existing solutions that work like this. Brightmail comes to mind. These types of solution still do not stop all spam, because spammers insert random characters into their emails so that each email will 'hash' to a different value.
Until the spammers money flow is cut off no amount of laws making it illegal will have any effect. What should be happening and I find this RARELY addressed is holding the businesses that spam links to responsible.
Passing laws like that is nothing but a show folks. Put on by our inept governmental leaders (that's a stretch of terms) to say they are working on the issue. Until those businesses that use spam to sell their products are held accountable my tax dollars (once again) are being pissed down the toilet.
My karma is not a Chameleon.
I've had more than one piece of unsolicited junk hit my inbox with the justification that it is "CAN-SPAM" complaint. Given that the law was essentially written by the DMA so that they could get the whores in congress to legalize theft by conversion as an advertising model, it looks like it's working. Working to encourage spammers and spam-friendly ISPs, that is.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Of course the law is working! Look at the evidence:
1. Everyone is getting just as much as ever - if not more.
2. The spammers are basically protected now. They can do what they want, and corporations have to accept it. And they can't sue either - the US fed govt reserves that right (and will not exercise it, except for show, when the peanut gallery gets a bit too suspicious).
So it's pretty obvious then, that it's working? So what is everybody worried about?
- Friends or family members forwarding articles to me via the "email this story" link instead of just sending me the URL.
- Same as #1 except with online card sites or some other stupid dot com site that wants your email address.
- Posting to newsgroups before spam existed
- Posting to forums that don't mask email addresses
- Used to have unobfuscated email address on web site
- Email address sold by / misused by marketing folk
- Email address in domain whois records for over a decade
- Email address harvested from mailing lists I post to
That's just what I can think of off the top of my head.All of that combined with the fact that I've had my email address since before the first Canter & Siegal spam on usenet even happened. After having my email address for over a decade I don't feel like changing it now.
Oh, add lazyness to the list. I could make up a new email address for each company or person I deal with but it's too much work. I'd rather let spamassassin sort it all out. That's what computers are for, AFAIC.
Prevent email address forgery. Publish SPF records for y
In what way is this different than the current situation?
What sort of legislation would increase your ability or right to block or filter?
What "power" are you thinking of? Do you have to be born on Krypton to get it?
Do you suggest legislating the structure of the internet? How would you go about doing that and enforcing it? If it can be done by altering the structure of the internet what is the need of legislation?
Yes, I too am sick of paying for it, seeing it, filtering it, having it clog up the whole bloody net, etc.
The spammer's "power" is no different than my own though. The power to use email. The primary difference is that I'm not an asshole.
If one could legislate away assholes, hey, I'd be the first to endorse it. The instant the bill passed there would be a loud sort of "Whoooooph!" inside the Capitol Building, followed closely by the implosion of the dome as a result of the sudden low pressure inside.
Suppose you were an idiot. Suppose you were a member of Congress? But I repeat myself. --Mark Twain
KFG
KFG
What might make a real difference, according to any intelligent person not tied monitarily to the spammers, is a bill that isn't so forking full of holes, exceptions, and limitations that it does more dammage than good.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
Stop and think a minute, people. Where are our priorities? On the evening news last night, I heard a man convicted of killing a two year old by punching her with his fist (seven times!) sentenced to five years. Five years. The two men who beat my brother in law to death got fifteen years apiece. You can sometimes get a total sentence of seven years (with time off for good behavior) when you roll up and shoot someone you don't know in the head.
Spam is annoying, and undoubtedly a drain on resources, and a problem to be addressed - but I promise you that I would accept a thousand spam emails per day if it would save the life of one little child.
Where are our priorities?
Thinking outside my Head
come on, spam isn't THAT bad. Yes, its annoying, yes it takes time away from real things, but is it really so bad that you'd actually want to flog someone publicly?
Heck, I'd consider that a very *light* penalty, maybe for first-time offenses. For second offense, rubbing their back down in chili-pepper oil before flogging. For a third offense, I'd say they were completely unsalvageable, which would rate a public hanging. (Yes, I'm very serious.)
stealing from who though? they're certainly not stealing from me.
They are most certainly stealing from me. They utilize my bandwidth, which I pay for. They also cause me several hours/month of customer support time, educating customers on how to deal with spam, tweaking filters, etc. And, a couple hours a week in system maintenance time, clearing mail queues of undeliverable bounces, etc. All of this time *could* have been spent on things resulting in billable hours, instead, it's time completely lost. This means that either I have to eat it, or I have to pass the cost on to my customers, or a mixture of both.
So yes, spammers are thieves, and I'm afraid that your delicate sensibilities would be severely offended by what I'd *really* do to one of them if I ever had the opportunity.
The message would be something like:
User XYZ123@yahoo.com has a message for you.
Subject: Get A BI99ER P3N1S
Probably with date info. attached, including an expiration.
Here's why it reduces spam. For XYZ123 to actually send a message with a URL and the sales pitch, they would 1) actually have to have an account at yahoo.com, 2) yahoo.com would have to store the message until either every listed recipient picked it up or the message expired, and 3 XYZ123 would have to be the actual sender of the message, he wouldn't be able to forge a "From:" or glom on bogus Received headers to hide his location. Since yahoo.com has a stated policy against spam, such accounts would quickly be terminated as it would actually cost yahoo.com money to support spammers.
Additionally, it removes my need as the recipient of emails to install spam filters and spend valuable time and money on spam. The onus is now on the sender of the message as they are paying almost the full cost of sending the email and I am only using my bandwidth and time to retrieve their message if I deem it worthy of my attention. The idea here is to push as much of the cost of sending spam as possible onto the actual spammer and the servers that support spammers as possible, thereby making spam unprofitable.
I've come to the conclusion that the real reason we have spam is a technical one, rather than political. Under the current system, the sender pays next to nothing to send an email, and the recipient (or their ISP) bears almost all the cost for any given email. This is because under the current system email servers will accept mail for any local user and have no real method of verifying the sender of the message. If you are going to filter out spam, then it is the recipient who bears the cost in time and money of setting up spam filters and black lists.
Under the system that I describe, it is the sender who bears the cost of storing email messages until the recipients pick them up. It also would make it more difficult for spam to pose as though it came from a legitimate server when it did not. In order for a message to actually get delivered the spammer's mail server cannot hide behind open relays or forged From: headers.
I was trying to come up with a system where the sender actually bears the cost of sending email that is both fair and doesn't require any taxes or artificial levies per message sent. A complete change in email architecture would seem to do that.
The biggest roadblock to implementation is that it is a complete 180 on current store and forward mail architectures. It is more a store and notify and wait for pickup architecture.
I have been giving this a good deal of serious thought from an implementation perspective, and now, I am not the first person to think of this or even to mention it publicly.
As for implementation, I have considered some a few of the details and will get in touch with someone else that I know is interested in this idea as well. It will, however, be a very difficult sell as it would require the replacement of all email software in existence with new versions to handle this new architecture. I see that being a very difficult political fight, and I see it taking a long time to implement the change on an Internet-wide scale.
Clearly, though, the current architecture that was designed in a more casual era when the Internet was less well known and certainly less used has run its course. It cannot stand up to the realities of the Internet as it is (ab)used today.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
Backbone providers get paid by the amount of traffic, not the type or quality of traffic. It is in their financial interests to pass any kind of traffic and sign up anyone who will generate alot of traffic. There was a recent Slashdot article about how spammers are just acting logically, in their best financial interests. Isn't this equally true of backbone providers?
While I'd prefer to see a solution in code, like some kind of server authentication/certificate. If we want an effective law, I think it needs to be directed at backbone providers. Spammers are many in number, always moving and hard to regulate. Backbone providers are few in number and more likely to feel the reach of Law. We've all heard of "pink" or spam-friendly contracts that go against the TOS. That's one target. If we wanted someting really effective, how about a law that says ISP's only have to pay for legitimate traffic, or perhaps pay a reduced rate for spam traffic? That would light a fire under backbone providers to do something about spam!
Competition Good, Monopoly Bad.
First a short bit of introduction, I own a web hosting company, we host over 13,000 web sites across over 50 web servers, so SPAM is part of my life.
CAN-SPAM is a dismal failure, I would call it a joke, but it is far, far from funny.
Now not only do I have to deal with the usual spammers, and open formmail scripts getting us aggravated by the anti spam groups (will people EVER learn to install formmail.php|pl|cgi securely?) But now I have a new aggravation, people who want to spam citing CAN-SPAM because they are using it to legitimize their spam "But we're following ALL of the rules in CAN-SPAM we are NOT breaking any laws!!!" I'm hearing this quite a bit, and it's pissing me off.
I just point to the part of our AUP that says "no bulk email, period" and send them on their way. But now not only do I have to worry about shutting down spammers and open scripts and dealing with spews and spamcop (et al) about the spam, I have to worry that some damned spammer is gonna sic his lawyers on us because we won't let him spam yet he's staying within the CAN-SPAM guidelines.
Somedays I am tempted to enroll in some junior college and learn how to be a mechanic, or welding, welding is cool, take two pieces of metal, and make them into one! haha
--- www.f-theocean.com
How many times was it stated here on Slashdot and on several other geek-sites that this law would help spammers? Why is this reviewer shocked!?
There's a "Center" for just about everything - maybe some Slashdotters need to form a Center for Evaluating Technical Subjects of Public Importance. The great cetspi.