Is the CAN-SPAM Act Working?
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
It seems to be working about as well as the War on Poverty and the War on Drugs.
The only thing I have noticed is that spam to my junk Hotmail accounts has dropped to almost nothing. I think this is due to a change in MSN's filtering, and has nothing to do with the legislation.
Don't blame Durga. I voted for Centauri.
My Bayesian filters are starting to pick up on the snailmail addresses the compliant spams contain...
So maybe there was one minor positive point to the law after all. Unless they're simply fraudulent, it's a lot tougher to change a snailmail address than an email or URL address.
We now return you to your regularly scheduled thread.
Now I start receiving spams that come with a nice big attached image which tells me that particular email is complied with the Can-Spam ACT.
Rock that crushes, Paper & Scissors that don't matter.
is producing legislation that takes the power away from the spammer and puts it in the hands of either the end user or their ISP so we can filter the crap out.
If it's legit email then they can discuss it. If it's not we should be able to block it. I'm sick of paying for this rubbish.
I am a leaf on the wind
I recently signed up for an AOL 'free trial.' It took about five minutes before spam started showing up in the mailbox. I was amazed.
(BTW, if you're on a Mac, don't bother--the Mac software for AOL doesn't appear to have been upgraded for a couple years--commercials be damned.)
One man's -1 Flamebait is another man's +5 Funny.
What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement.
I thought one of the big problems with CAN-SPAM act was that it said that no one could set "standards" for what UCE was required to contain.
No [ADV] or anything at the beginning of the subject line. Spammers know that requiring them to do that would make it significantly easier to trash Spam at the ISP level. They must have lobbied hard to make sure that the bill says that the FCC is *not* able to set "standards" for that identifying marks Spam must have.
If you are going to write a law that tries to fight Spam (questionable intentions in the first place), at least give it some power to set "Standards".
- (c) 2018 Hank Zimmerman
In actuality, a lot of spammers are located within the US. They only use remote facilities to mask their identities and cover up what they are doing. No, 'international enforcement' would not likely even have much of an effect either.
Follow the money trail. Get the people committing outright theft (ie, no product), selling fraudulent products ("your dick a yard long in 24 hours"), or otherwise illegal products ("valium overnight"). Make a few RICO cases where you can ensare anyone even remotely involved in the business. Send them all to jail for 20 years with millions in fines.
Why is this so hard? This will put an immediate dent in spam. I'm not naive enough to think it will end it forever, but if enough people get nailed hard enough (including ISPs, banks, and others through a RICO prosecution) it will be damn difficult and daunting to even BE a spammer, let alone make any money at it.
Instead we'll waste countless hours talking about making spam illegal, when it's the smallest of all the crimes involved in a typical spam message.
Follow the cash. How does spam work? It works by getting someone to give the spammer money. Go after the money. Unfortunately, the CAN-SPAM act makes this more difficult, since individuals cannot go after the spammers, only ISPs.
Here's what we need to have in law:
I don't know anyone from Argentina, Brazil, China, Hong Kong, Malaysia, etc., so I blackhole their addresses (along with ISP's dynamic IPs). This can sometimes cause problems, but as far as a home solution, it's great.
I block the addresses at my firewall so I automatically eliminate most of my spam as well as most port scans and scripted exploits (since a lot of them are foreign/rooted systems).
I wouldn't do this at a large company, but you can probably get away with it at a small domestic U.S. business that doesn't need international communication through the Internet.
Most people I know say they get tons of spam... I really just don't see how. Are you posting it to the web somewhere? Are you giving it away to pr0n sites? Do you still insist on useing that aol, earthlink, hotmail, etc address for no good reason? I never get any spam. I don't work too hard for it either. I create a new email account when I want to order something online, and then delete it when my order ships. I have an account for ebay, and paypal and the like. To be honest, that one gets 1-4 spams a week. And then I have a personal account that NEVER gets any spam. I don't have a filter, I don't do anything special really. Can someone tell me how they manage to get so much?
I am a viral sig. Please help me spread.
This bill, as federal, superceded it. Lamely.
Which is pathetic and sad. /me wants to see a spammer get REAL jail time for
stealing computer resources on high-jacked machine
pushing scams that are ALREADY illegal
Real jail time in a real jail with real property seizure. Loudly.
What we need are a bunch of lawyers who are techy/geeks (like us). They form an LLC partnership. All of us submit to them our spam, they prosecute under the law for us. We give them a cut of the money once it rolls in. A legal lawfirm with lots of good lawyers, adept at what they do, can make the spammers pay. If they don't pay get an injunction on the spammer's assets--which we sell at auction--splitting the proceeds with the lawyers. Since spam isn't going to get better, this would be a perpetual motion machine...and just might make a couple of bucks at the same time.
Hell, it's never been tried, so it has a chance, although I still predict failure.
It's very simple, really. Make the sender pay for every message they send. How?
Simply reverse the email architecture on the 'net. Turn the current method of sending and receiving mail around. Instead of messages being immediately sent to the recipient's server, send the recipient a very tiny message saying that a message with this subject is waiting on the sender's computer for the recipient to pick up.
It would require a change in all the email software currently in use, and the only real hurdle that it provides is that people who are no longer on the Internet all the time can't send mail, but I'm sure someone would be willing to provide that service for a fee.
This would also make it much more difficult to forge headers on a mail, since you would need a valid IP address and/or domain name in order for anyone to get the actual mail that you wanted to send them.
Now, if you spam millions of people peddling whatever it is you're peddling, you'll be using very little bandwidth, a hundred or so bytes compared with several K, until those people come to pick up your message.
Furthermore, you won't be able to hide the originator of the mail nor would you have the problem of open relays spewing a constant stream of junk.
Couple this with PKI and you have a very flexible and very fair system.
The problem that I have with spam is that the current email architecture places 99% of the costs of email on the recipient. If you swing that around and make the spammers have their own, high end servers for handling the millions of mails that they want to send, then spamming will vanish in a hurry.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
They continue to spam you after you "remove" yourself from the list. I've been doing controlled experiments on these sort of things.
Somebody spidered an autogenerated e-mail address *once* from my webpage (the address encodes the time and IP address of the requester) in violation of the robots.txt file.
This has proven most instructive. I've written up some of my experiences on my weblog. That single address has since been sold, resold, and resold again to a variety of folks. At one point, it was sent an e-mail trojan. It's received all kinds of different spam. Interestingly enough, it has not received any Nigerian advance-fee fraud scams.
Lately, there was a removal form with a JavaScript script included that would prevent you from typing in an address to be removed.
One really funny spam is a dating site that said that one of my friends has set me up on a blind date. To an address only known by spammers.
Gentoo Sucks