Slashdot Mirror
Is the CAN-SPAM Act Working?
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
I get as much SPAM as ever, and it's not even fried with cheese between two pieces of bread.
It seems to be working about as well as the War on Poverty and the War on Drugs.
The only thing I have noticed is that spam to my junk Hotmail accounts has dropped to almost nothing. I think this is due to a change in MSN's filtering, and has nothing to do with the legislation.
Don't blame Durga. I voted for Centauri.
am getting more spam than ever before. Since the spammers are operating out of foreign bases, I fail to see how the Act will do anything.
It is hard to shut down a worldwide, decenteralized group of people in a single country! It is a good thought, but it is not practical.
My Bayesian filters are starting to pick up on the snailmail addresses the compliant spams contain...
So maybe there was one minor positive point to the law after all. Unless they're simply fraudulent, it's a lot tougher to change a snailmail address than an email or URL address.
We now return you to your regularly scheduled thread.
Bring back public floggings or at least the stocks for offenders for god sakes.
I Am My Own Worst Enemy
Free viagra with every order
"If you think nobody cares if you're alive, try missing a couple of car payments." Earl Wilson
Now I start receiving spams that come with a nice big attached image which tells me that particular email is complied with the Can-Spam ACT.
Rock that crushes, Paper & Scissors that don't matter.
is producing legislation that takes the power away from the spammer and puts it in the hands of either the end user or their ISP so we can filter the crap out.
If it's legit email then they can discuss it. If it's not we should be able to block it. I'm sick of paying for this rubbish.
I am a leaf on the wind
It's working in the meaning of the word that means "not doing anything."
Anything in parenthesis may (not) be ignored.
Under capitalism man exploits man. Under communism it's the other way around.
Eventually people will start using an alternative that is a little more spam-resistant.
There was an article about a new spam filter just a couple of hours ago, they were supposed to remove 50% of spam emails. 50% of spam stopped sounds good, but what if 50% is 350 Billion email messages? Spammers only have to double their messages to go around this 'filter' to produce the same volume tomorrow as they produce today.
What I would like to see is a spam signature sharing, Spam Detection Servers SDS would collect hash per spam email sent within a time period. An email will have to be stopped on any email server and verified against an SDS to see if it is not spam before sending it further. How would these SDSs collect the signatures? Feedback from email users, black lists, good filters etc. All email servers will have to register with SDSs, or they become black listed.
But you probably can tell me why this is not going to work, can you?
You can't handle the truth.
What would really help would be placing a $10K bounty on spammers head. As in you bring in the proof of spamming on an individual and you get 10K and their head on a pike on your front lawn.
"If a quarter is two bits, then a dollar's a byte." -R Deric Miller
I recently signed up for an AOL 'free trial.' It took about five minutes before spam started showing up in the mailbox. I was amazed.
(BTW, if you're on a Mac, don't bother--the Mac software for AOL doesn't appear to have been upgraded for a couple years--commercials be damned.)
One man's -1 Flamebait is another man's +5 Funny.
What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement.
I thought one of the big problems with CAN-SPAM act was that it said that no one could set "standards" for what UCE was required to contain.
No [ADV] or anything at the beginning of the subject line. Spammers know that requiring them to do that would make it significantly easier to trash Spam at the ISP level. They must have lobbied hard to make sure that the bill says that the FCC is *not* able to set "standards" for that identifying marks Spam must have.
If you are going to write a law that tries to fight Spam (questionable intentions in the first place), at least give it some power to set "Standards".
- (c) 2018 Hank Zimmerman
Big unsurprise, no CAN-SPAM isn't working (assuming by "working" you mean reducing spam).
A sample from my spam-bucket this morning (one of those logo design offers) :
[snip]This mailing has been performed by Internet Marketing Solutions, 1719 University Avenue, Bronx NY 10453 USA,in compliance with the CAN-SPAM Act of 2003,
approved and signed by the president of
The United States of America on Dec. 16, 2003.
For this reason, this email cannot be considered SPAM.
My next sig will be ready soon, but subscribers can beat the rush
Mr. Habeeeb Von Dusseldorf who has been in exile in South Africa for the last twenty-three years has recently passed away, his estate is interested in transferring US$450,000 into an american account for use in the fight against the resistance in the colonies. Please reply w/ your Banking information including ABA routing number and account number. following will be vital information for which to you to transfer the money. Your reward for said actions will be 20%.
Thank-you, Have a great day.
Col. Maj. Fariziq Mouselli Achmed.
Follow the money trail. Get the people committing outright theft (ie, no product), selling fraudulent products ("your dick a yard long in 24 hours"), or otherwise illegal products ("valium overnight"). Make a few RICO cases where you can ensare anyone even remotely involved in the business. Send them all to jail for 20 years with millions in fines.
Why is this so hard? This will put an immediate dent in spam. I'm not naive enough to think it will end it forever, but if enough people get nailed hard enough (including ISPs, banks, and others through a RICO prosecution) it will be damn difficult and daunting to even BE a spammer, let alone make any money at it.
Instead we'll waste countless hours talking about making spam illegal, when it's the smallest of all the crimes involved in a typical spam message.
Follow the cash. How does spam work? It works by getting someone to give the spammer money. Go after the money. Unfortunately, the CAN-SPAM act makes this more difficult, since individuals cannot go after the spammers, only ISPs.
Here's what we need to have in law:
My spam is canned and put on pallettes now and delivered by semi truck.
Before CAN SPAM.. my SpamKiller trap had about 3100 spam per month.
After CAN SPAM... my SpamKiller trap has about 4200 spam per month. Steadily growing, as always.
I don't know anyone from Argentina, Brazil, China, Hong Kong, Malaysia, etc., so I blackhole their addresses (along with ISP's dynamic IPs). This can sometimes cause problems, but as far as a home solution, it's great.
I block the addresses at my firewall so I automatically eliminate most of my spam as well as most port scans and scripted exploits (since a lot of them are foreign/rooted systems).
I wouldn't do this at a large company, but you can probably get away with it at a small domestic U.S. business that doesn't need international communication through the Internet.
Need I say more?
.il, .cz. .ru, .tw, etc, has increased quite a
bit. So, since I block all of them, the amount of
spam I actually see has dropped. Otherwise,
no change in the total volume.
Grr... Okay, the lameness filter has forced me to say more. Fine.
I receive roughly one thousand spam messages per day.
Since the passage of the CAN SPAM act, that has not decreased in the slightest. I have noticed only a single difference, which actually has benefitted me, but won't work for everyone - The proportion of messages coming from "suspicious" foreign domains, like
There is law, and then there is enforcement. I'm sure there is still a no-jaywalking law in New York City. Does anyone care? No, because there is no penalty. When some spammer does Kevin Mitnick-style time for his crime, the law will mean something.
Why would I buy Viagra from someone who can't spell it?
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Yahoo has been doing a fantastic job of filtering spam. Of the hundreds (a thousand?) spam messages I get each week, only a handful make it to my inbox. The rest get put in the bulk mail folder. However, without their excellent filtering, email would be unusable.
Most people I know say they get tons of spam... I really just don't see how. Are you posting it to the web somewhere? Are you giving it away to pr0n sites? Do you still insist on useing that aol, earthlink, hotmail, etc address for no good reason? I never get any spam. I don't work too hard for it either. I create a new email account when I want to order something online, and then delete it when my order ships. I have an account for ebay, and paypal and the like. To be honest, that one gets 1-4 spams a week. And then I have a personal account that NEVER gets any spam. I don't have a filter, I don't do anything special really. Can someone tell me how they manage to get so much?
I am a viral sig. Please help me spread.
exposing spammers' real-life addresses on slashdot has worked wonders in the past against some notorious spamkings...
i think we should double our efforts.
This bill, as federal, superceded it. Lamely.
Which is pathetic and sad. /me wants to see a spammer get REAL jail time for
stealing computer resources on high-jacked machine
pushing scams that are ALREADY illegal
Real jail time in a real jail with real property seizure. Loudly.
Until the spammers money flow is cut off no amount of laws making it illegal will have any effect. What should be happening and I find this RARELY addressed is holding the businesses that spam links to responsible.
Passing laws like that is nothing but a show folks. Put on by our inept governmental leaders (that's a stretch of terms) to say they are working on the issue. Until those businesses that use spam to sell their products are held accountable my tax dollars (once again) are being pissed down the toilet.
My karma is not a Chameleon.
I've had more than one piece of unsolicited junk hit my inbox with the justification that it is "CAN-SPAM" complaint. Given that the law was essentially written by the DMA so that they could get the whores in congress to legalize theft by conversion as an advertising model, it looks like it's working. Working to encourage spammers and spam-friendly ISPs, that is.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Of course the law is working! Look at the evidence:
1. Everyone is getting just as much as ever - if not more.
2. The spammers are basically protected now. They can do what they want, and corporations have to accept it. And they can't sue either - the US fed govt reserves that right (and will not exercise it, except for show, when the peanut gallery gets a bit too suspicious).
So it's pretty obvious then, that it's working? So what is everybody worried about?
What we need are a bunch of lawyers who are techy/geeks (like us). They form an LLC partnership. All of us submit to them our spam, they prosecute under the law for us. We give them a cut of the money once it rolls in. A legal lawfirm with lots of good lawyers, adept at what they do, can make the spammers pay. If they don't pay get an injunction on the spammer's assets--which we sell at auction--splitting the proceeds with the lawyers. Since spam isn't going to get better, this would be a perpetual motion machine...and just might make a couple of bucks at the same time.
Hell, it's never been tried, so it has a chance, although I still predict failure.
I basically tried to sort out which spams were legitimately adhering to the law (which wasn't too hard), and if anything was iffy I would fill out the unsubscribe link with a throwaway e-mail to see if I got spam from it.
long story short 4 weeks later I'm getting about 170 spams/days. A decrease of 60 messages/day or about 25% less. Not a huge decrease, but noticeable.
The big benefit though is that the spam that is left is more "spammy" than before - hence my bayesian filter has achieved a slighly higher success rate which is good.
If the congresscritters that sponsored it get re-elected, than it worked! What... you mean is it working to eliminate spam? Do you really think that was it's purpose?
"Freedom means freedom for everybody" -- Dick Cheney
It's very simple, really. Make the sender pay for every message they send. How?
Simply reverse the email architecture on the 'net. Turn the current method of sending and receiving mail around. Instead of messages being immediately sent to the recipient's server, send the recipient a very tiny message saying that a message with this subject is waiting on the sender's computer for the recipient to pick up.
It would require a change in all the email software currently in use, and the only real hurdle that it provides is that people who are no longer on the Internet all the time can't send mail, but I'm sure someone would be willing to provide that service for a fee.
This would also make it much more difficult to forge headers on a mail, since you would need a valid IP address and/or domain name in order for anyone to get the actual mail that you wanted to send them.
Now, if you spam millions of people peddling whatever it is you're peddling, you'll be using very little bandwidth, a hundred or so bytes compared with several K, until those people come to pick up your message.
Furthermore, you won't be able to hide the originator of the mail nor would you have the problem of open relays spewing a constant stream of junk.
Couple this with PKI and you have a very flexible and very fair system.
The problem that I have with spam is that the current email architecture places 99% of the costs of email on the recipient. If you swing that around and make the spammers have their own, high end servers for handling the millions of mails that they want to send, then spamming will vanish in a hurry.
Just be sure to wear the gold uniform when you beam down -- you know what happens when you wear the red one.
December 2003
Total messages: 162,564
Total messages blocked by SpamAssassin: 36,927
January 2004
Total messages: 180,375
Total messages blocked by SpamAssassin: 48,661
So what we have is 10% growth in total messages, but a 31% growth in spam.
Making spam illegal isn't working. Not surprising to me.....
FWIW, I attribute the 10% growth to MyDoom and its ilk - my user base did not grow 10%, nor do I think my users suddenly started sending more email - they just received more stuff that got deleted (but counted) by the virus scanner.
"The most sensible request of government we make is not, "Do something!" But "Quit it!"
Be listed as the domain contact for a domain where a working address is mandatory. Failure to have a working address is grounds to have your domain cancelled. (Fortunately many registrars offer filtered address these days, but that doesn't help for the addresses that were visible before and are already on lists.
Post to usenet. I stopped doing that years and years ago, but I got on spammers lists back then and those addresses still circulate.
Have your job require that your email address be on the web. Similarlly, be responsible for a business address (like "support") that has to be on the web.
Post to a publically archived mailing list that doesn't remove email addresses. Posting to said list may be part of your job and can't be avoided.
Have someone else post your mailing address to a publically archived mailing list
Have someone else send you a e-card from a sleazy site that resells addresses
Have a moderately common name and use a moderately popular email host, you might get dictionary attacked
Ultimately, if you use the same address for long enough it will leak somewhere, possibly without your knowledge. Are you sure no one you know isn't posting a "Hey, my friend bob@example.com knows about this, as him" to a publically archived mailing list? Switching addresses isn't a very good option; it cuts off communication with other people. Throwaway addresses help (I use them myself), but to suggest that it's a reasonable option for Joe Random User is silly.
Count yourself lucky that you haven't had a problem. I got a new email address with a new job about two years ago. That address has never been used for personal use, just work. I've always obfuscated it on my web page (I need to have it available as part of my job). But I'm already getting 10 or so spam a day. (Although that's an improvement over the 80 or so a day I get at my various personal accounts.)
Search 2010 Gen Con events
Stop and think a minute, people. Where are our priorities? On the evening news last night, I heard a man convicted of killing a two year old by punching her with his fist (seven times!) sentenced to five years. Five years. The two men who beat my brother in law to death got fifteen years apiece. You can sometimes get a total sentence of seven years (with time off for good behavior) when you roll up and shoot someone you don't know in the head.
Spam is annoying, and undoubtedly a drain on resources, and a problem to be addressed - but I promise you that I would accept a thousand spam emails per day if it would save the life of one little child.
Where are our priorities?
Thinking outside my Head
Regular junk mail is a problem to. I discovered this when I moved to a new house. The previous owners were catalog shoppers. I was receiving 110 catalogs a week to the former occupants. I sometimes had to put some of them in my neighbors' recycling bins since mine were always full. Often important mail (e.g., bills) would be jammed in between the pages of the catalogs.
In the past four years, I've sent 450 letters and made more than 100 phone calls to catalog companies to make them stop. I've made a big dent, but I still get a dozen or so catalogs addressed to the previous owners each week.
Opt-out is not an option.
They continue to spam you after you "remove" yourself from the list. I've been doing controlled experiments on these sort of things.
Somebody spidered an autogenerated e-mail address *once* from my webpage (the address encodes the time and IP address of the requester) in violation of the robots.txt file.
This has proven most instructive. I've written up some of my experiences on my weblog. That single address has since been sold, resold, and resold again to a variety of folks. At one point, it was sent an e-mail trojan. It's received all kinds of different spam. Interestingly enough, it has not received any Nigerian advance-fee fraud scams.
Lately, there was a removal form with a JavaScript script included that would prevent you from typing in an address to be removed.
One really funny spam is a dating site that said that one of my friends has set me up on a blind date. To an address only known by spammers.
Gentoo Sucks
Backbone providers get paid by the amount of traffic, not the type or quality of traffic. It is in their financial interests to pass any kind of traffic and sign up anyone who will generate alot of traffic. There was a recent Slashdot article about how spammers are just acting logically, in their best financial interests. Isn't this equally true of backbone providers?
While I'd prefer to see a solution in code, like some kind of server authentication/certificate. If we want an effective law, I think it needs to be directed at backbone providers. Spammers are many in number, always moving and hard to regulate. Backbone providers are few in number and more likely to feel the reach of Law. We've all heard of "pink" or spam-friendly contracts that go against the TOS. That's one target. If we wanted someting really effective, how about a law that says ISP's only have to pay for legitimate traffic, or perhaps pay a reduced rate for spam traffic? That would light a fire under backbone providers to do something about spam!
Competition Good, Monopoly Bad.