E.U. Employers To Be Held Liable For Porn Spam?

Cowards Anonymous writes "Yahoo News has a story about a study of Europe's new anti-spam legislation. The overly broad wording of the legislation, according to the study, could allow employees to sue employers for not doing enough to stop porn spam. Businesses could be sued by their workers for allowing a hostile work environment. The author of the study advises companies running email servers to use filtering technology, and warn employees about the sometimes sleazy content of spam."

SMTP must die!

[LostCluster]

E-mail, as we know it today, has got to go. Non-authenticatable sending is a bug, not a feature. For as long as businesses allow incoming SMTP e-mail, their employees will always be exposed to all forms of Spam, including pornographic.

So, if the law basically makes it impossible to run an SMTP-based e-mail system in a business, that could be just the knockout blow it takes for businesses to finally see an incentive on picking a tigher protocol that allows better tracing of senders.

Re:SMTP must die!

[DR+SoB]

Funny part is snail mail has the same bugs and I don't hear anybody yelling "Snail mail must die!"

Re:SMTP must die!

[Xaymot]

I doubt this new law will cause any type of lawsuit. Holding a company responsible for having a crappy spam filter is ridiculous.

It is one thing if they are contributing to the hostile work environment but failing to prevent a hostile work environment is not the same thing. This is like suing a company for a gay co-worker grabbing your ass as if the company somehow created a randy gay guy in accounting that loves Christopher Lowell and your ass.

As for SMTP based e-mail; it's like VHS to Beta. They'll use it just because it's cheaper even with the porn. And who doesn't like a little bit of donkey love on a Monday morning?

Re:SMTP must die!

[Cable_Monkey]

I agree with this. This might help reduce the number of viruses today as well.

Is there any such project currently being pushed to resolved this?

Re:SMTP must die!

[October_30th]

I fully agree.

SMTP must die and robust authentication must be implemented.

Re:SMTP must die!

[gcaseye6677]

That's because there is a cost to the sender involved in sending snail mail. Sure you can send a lot of it without a return address, but you are limited by how much money you can spend on postage. SMTP does not have this limitation which is why spam is such a problem. Also, the penalties for mail fraud are so severe that most people won't even try it.

Re:SMTP must die!

[lcsjk]

Try sending 100,000 letters without postage and you will see how effective the USPS spam blocker is!

Re:SMTP must die!

[Kenja]

You first. Stop using email amd we'll talk. Of course you'll have no way to talk to me, but that sounds like a good idea. I for one have a problem with punishing everyone because some people are being jerks.

Re:SMTP must die!

[Kaa]

E-mail, as we know it today, has got to go.

Speak for yourself. Nobody forces you to use email, right? You want to use a "tigher protocol", be my guest.

Oh, you want ME to stop using email..? Umm... how do you say "fuck off" in a polite way?

Re:SMTP must die!

[SlayerofGods]

For as long as businesses allow incoming SMTP e-mail, their employees will always be exposed to all forms of Spam, including pornographic.
I don't know about that.... I haven't received a single piece of spam my entire time working here, and none of my coworkers have ever mentioned it either. So I guess the head office must be doing something right.
Or maybe they're just afraid to spam @doj.gov ;)

Re:SMTP must die!

[Tenebrious1]

Funny part is snail mail has the same bugs and I don't hear anybody yelling "Snail mail must die!"

After a few truckloads a day of snail mail spam, I'm sure that thought must have crossed Ralsky's mind.

Re:SMTP must die!

[SlayerofGods]

So wrong....
You think all those million dollar sexual harassment lawsuits are paid for by the harasser?
A company is VERY liable if it doesn't try to prevent a hostile workplace. Especially if it knows its happening.

Re:SMTP must die!

[lightspawn]

Your post advocates a

(x) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(x) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:SMTP must die!

[cperciva]

Anyone see a downside to this besides the annoying move to such a system?

Yes. It wouldn't work.

I send mail from several different places, with several different return addresses. The mail server for foo.com doesn't know anything about most of the email which I (legitimately) send with my @foo.com return address.

Also, there's a huge amount of mangling which happens to email messages. Headers are added, removed, or modified; line breaks are changed; some characters or strings are escaped... you'll have trouble finding something you can rely upon for your hashing.

Re:SMTP must die!

None of your reasons for it not working are true.
get a life.

Re:SMTP must die!

[rokzy]

>Nobody forces you to use email, right?

er, yes they do actually. it's a requirement for study at my uni at least.

(next lame argument: "no-one's forcing you to get an education...")

it's also a requirement for many other things that aren't gun-to-head-forced but neither do they actually truely require email anyway e.g. buying things online.

Re:SMTP must die!

Your joke was posted here in Slashdot less than two days ago: (x) It was old and unfunny then (x) It hasn't improved since Furthermore, this is what I think about you: (x) Yawn...

Re:SMTP must die!

[rokzy]

I don't give a shit about mailing list people. they are insignificant and can find another way.

Re:SMTP must die!

[IdleTime]

I don't think we will see huge lawsuites on this issue in EU since their judical system is not based on the type of litigation that exists in the US. You will never see a typical US lawsuite (I.e no $250 million in settlement) in EU. This is something that is unique to USA.

Re:SMTP must die!

[JPriest]

SMTP will probably never die, and SMTP does need a rebust authentication. All this filtering and rate limiting on SMTP does jack becasue spammers can just bypass having to usee a valid SMTP server and offload everyone@blah.com right at mx.blah.com with almost no limitations.

The answer to this is so simple it frustrates me, just add a DNS record for SMTP servers and the problem is solved! It stops spammers from sending mail from unauthorized hosts and hijacked PC's and lets SMTP filtering and rate limiting do its job.

Re:SMTP must die!

[The_K4]

Hmmm...that might a a good thing. Maybe someone needs to set up a domain and have mail.domain.com alias to mail.doj.gov. It would be a fun trap, let the sampers spam @domain.com. :)

Re:SMTP must die!

[Cruciform]

If we started slapping "Return to sender" stickers on flyers and other unaddressed promotional garbage, would it actually make it back to the companies? Or would the postal service just dispose of it.

Re:SMTP must die!

[Ytsejam-03]

That's because there is a cost to the sender involved in sending snail mail.

There is also a cost involved to the receiver of spam. Most corporations these days have purchased and implemented spam filters. They must pay someone to maintain these systems and train their users. Although these filters are annoying (the one my employer uses frequently blocks legitimate messages to my account) they probably help to increase employee productivity overall and decrease liability (think sexual harassment lawsuit from porn spam).

While a legal solution to this problem may help a little, it's not going to be a sliver bullet. What we really need is a technological solution.

Re:SMTP must die!

[SlayerofGods]

Anyone see a downside to this besides the annoying move to such a system?
You'd have to get all the mail servers in the world to update their software, but I've always thought such an approach would be a good idea.
Downside is though it would still be a rather easy to change your ip addy or bounce it off a proxy to escape a blacklist. And god knows how many poorly made free mail servers there are out there for spamers to abuse.

Re:SMTP must die!

[JPriest]

That would force everyone to use an email address of which ever ISP they happen to be using bandwidth from. The hashing would add overhead to mail platforms. The answer though, is actually very simple.

It would take me about 40 seconds to add these records to my DNS servers and make all 20 of my SMTP servers compatible.

Re:SMTP must die!

[eugene+ts+wong]

Holding a company responsible for having a crappy spam filter is ridiculous.
[snip]
As for SMTP based e-mail; it?s like VHS to Beta. They'll use it just because it?s cheaper even with the porn. And who doesn't like a little bit of donkey love on a Monday morning?

Yeah, but the company chose a bad protocol & a bad way of establishing contact with the outside world. The investors seem to be saving money by hiring Indian programmers. So, the investors ought to take that money & build better software to avoid receiving spam.

I can assure you that anything that stops spam & improves communications between employees & customers will almost always pay off under normal circumstances.

Re:SMTP must die!

[Xaymot]

Dude, you're agreeing with me. Look:

It is one thing if they are contributing to the hostile work environment but failing to prevent a hostile work environment is not the same thing. - XAYMOT

Now you:

A company is VERY liable if it doesn't try to prevent a hostile workplace.

Let me be more clear. By my use of the word "failing" I meant that there was an attempt made by the company.

Re:SMTP must die!

[Cruciform]

Might want to think that through before setting up your "Sting" operation.

Guess who gets arrested first?

On "Cops", a woman sick of crack dealers in her neighborhood walked into a crackhouse, bought some, then walked back out to the cops who had said they couldn't do anything without seeing a crime in progress. She presented the crack to them, and they arrested her for drug possession.

You think that little domain trick would go over any better? :)

Re:SMTP must die!

[Nicolas+Pillot]

> There is also a cost involved to the receiver of spam.
To the receiver, not the sender, so this is not a limitation for them. And furthermore, if you had to pay to receive email, i think spammers would send you many times more spam...

Re:SMTP must die!

[Eastree]

Maybe it just hasn't reached you yet. I'm in the military, and until recently I had never seen spam (from an outside source -- that is disregarding announcments for going away parties and such for people I don't know and events I do not wish to attend). However that has recently changed. Soeone somewhere has begun making up email addresses and attaching @af.mil or .army.mil and such. According to the network people on this base, the origin of the emails is uknown (I know it's easy to at least find the originating IP address, proxy or not). But they are warning people that more names and domains are being spoofed daily.

Re:SMTP must die!

[The_K4]

IANAL or a cop so I have no idea if just aliasing mail.domain.com to mail.doj.gov is legal, and if it is, i'm not sure if you could be charged with spamming for the mail that traverses that alias. I, however, am not going to try and find out. BTW I would bet in that case the DA would offer the lady immunity to testify against the drug dealer. The Cop's can't offer deals, only the DAs can do that. (Again IANAL so this is only as good as what I see on Law and Order!) :)

Re:SMTP must die!

[Detritus]

There may not be an IP address associated with "xxx.stuff.com". The system in question may not even use TCP/IP, although that is becoming more of a rarity. Mail can be transported over networks other than ones based on TCP/IP.

Re:SMTP must die!

[DR+SoB]

There is also a cost to the sender of spam.. It's called bandwidth, time, resources, etc, and it can be just as expensive as hand delievery. Everyone is quoting this 40 cent per package price, but that's meaningless since most of the junkmail I get is hand delievered.. (You pay some kids 5 cent a house to drop it off, for example)..

IMHO spam is very much user fault. Even my specially created spam email accounts get hardly any spam, my house gets hardly any junkmail (except, as I said, the junkmail that's hand-delievered, because obviously, they don't need an address to send it to you). And what about junk phone calls? Aren't they the cheapest medium?? Face it, as long as people subscribe with there ISP email accounts (or work email accounts) to dumb ass promotions, give out their business card to every raffle they see, etc. etc. the problem will never be solved.

Maybe one solution would be whenever you get spam, and your thinking about buying a product, make _SURE_ you go to the competitors that aren't spamming..

Re:SMTP must die!

[ichimunki]

So the real question: what's so hostile about images of people engaging in acts normally associated with intimacy and love? If this is the direction that western civilization is really headed, I... I don't know. But the idea that an employer can be sued because a third party, acting criminally, happens to sneak a message to an employee, strikes me as worlds apart from the traditional problem where we have bosses demanding services from employees that were not part of the original job description.

Re:SMTP must die!

[Alyred]

Unfortunately, it would probably only cause the US Postal Service to raise the postal rates again because of the massive amount of mail they'd have to return to the sender.

Their services cost them money as well, which is what you are paying for when you use a stamp.

As the original poster stated, the problem with spam is that all the costs are on the receiving end, and the route in between. There is virtually NO cost (per mail) to the spammer.

Re:SMTP must die!

[damium]

This is like suing a company for a gay co-worker grabbing your ass

But the company would be in a lot of trouble if they let it continue. Not that I agree that holding them accountable for spam is a good thing.

Re:SMTP must die!

[Alyred]

IMHO spam is very much user fault. Yes, except for those people who have had their e-mail address scammed from dishonest things ("please give us your e-mail address so we can contact you in the event of problems"), or if their mail was harvested from spyware running on someone ELSE'S machine, or posted on an innocent webpage.

I agree to the basic premise of your post, but not everyone can be as informed as /. posters, especially if they are new to the internet.

Yes, there are steps people can take to help reduce the possibility. But that won't solve everything.

For instance, I work for a helpdesk that has it's e-mail address on a webpage for those using our product to e-mail us if they need help, which generates a new ticket. Now, None of the 5 of us here at our helpdesk used that address to sign up for ANY dumb-ass promotion, etc. But we still get 5-10 spam mails a DAY, which costs time and money deleting the garbage trouble tickets that are automatically entered about buying V.!.A.G.A.R.A and so forth.

Oh, and not everyone knows that you can create additional mailboxes, or has access to mailservers that they can create their own.

Re:SMTP must die!

[Ytsejam-03]

To the receiver, not the sender, so this is not a limitation for them. And furthermore, if you had to pay to receive email, i think spammers would send you many times more spam...

I think you misunderstand. I'm not suggesting that anyone pay to recieve email. The grandparent to my original post said:

Funny part is snail mail has the same bugs and I don't hear anybody yelling "Snail mail must die!"

Perhaps the cost to the receiver has something to do with the reason that people tend to get more upset about spam than snail mail.

Re:SMTP must die!

[DR+SoB]

That's really strange, I used to work on a helpdesk and our helpdesk email never received any spam (it was on our homepage as well). Not that I am trying to say your wrong, I totally believe you, I just wonder why your helpdesk (only 5 of you?) and our helpdesk (~30) would be so different?

Even some of the most computer illiterate people I know, know they can create hotmail accounts for free.. I simple told them to set up those accounts and use them for signing up to any newsgroups, chainmail, etc. they want to send (anything at all that's "questionable" in their mind) and that generally helps prevent spam from showing up in their treasured work/isp accounts. Maybe the government should host a website about fighting spam, think that would help fight the problem? I dunno, just trying to throw idea's out!

Re:SMTP must die!

[SlayerofGods]

I think we're close to agreeing.... but not quite.
You said 'Holding a company responsible for having a crappy spam filter is ridiculous.'
But this is not really that far off from current laws. If an employee complains about something or someone that is making them uncomfortable in their job and the company doesn't take adequate steps to prevent it then they are liable. Though what adequate is will depend on the jury. But not filtering spam is by no means ridiculous especially if you compare it to some of the lawsuits that are currently being filed.

Re:SMTP must die!

[Xaymot]

Right, but that isn't what we are discussing. A continued issue that is left unaddressed is a different matter.

Re:SMTP must die!

[Dave2+Wickham]

LKML is insignificant?

Re:SMTP must die!

[utarif]

Try sending 100,000 letters without postage and you will see how effective the USPS spam blocker is!

Nah, you don't need 100,00 letters. You can do that even with 1 letter.

Re:SMTP must die!

[lacrymology.com]

"Funny part is snail mail has the same bugs..."

Tru tru... but I can't recall the last time that I received a piece of snail mail about "Wet Teens", "Want a Hard c0ck?!?!", or "The Amazing BLUE PILL!".
-m

Re:SMTP must die!

[Greedo]

Please ... I bet most spammers are sending out their filth through trojaned Windows boxes.

The bandwidth costs are borne by the end-users twice: once when their hacked machines send the spam, and again when they receive it.

Re:SMTP must die!

If it says it came from bob@stuff.com, but it came from an IP address that does not translate to some xxx.stuff.com, drop it.
...
Anyone see a downside to this besides the annoying move to such a system?

your system breaks email forwarding and does not completely fix the problem. The majority of spam comes from real domains, and usually from open relays or hijacked accounts -unless the domain owner is in on it too. I think I'll stick with Procmail and SpamAssassin, thank you very much.

However, I doubt anyone will ever come up with an elegant fix to spam that makes everyone happy. Prolly what will happen is that some email servers will use whitelists, some blacklists, some will use SPF, and some will let the users filter spam with their own tools. Obviously, those who want to still use email forwarding will migrate (or stay with) the servers NOT using SFP or your-type above.

Re:SMTP must die!

[coyote_oww]

Funny part is snail mail has the same bugs and I don't hear anybody yelling "Snail mail must die!"

No, it doesn't. I don't receive ANY porn come-ons via USPS. I get lots via e-mail.

I am not and never have been a subscriber or user of porn. I don't want it, and find it offensive. I certainly hope both my company and ISP adopt a more authenticatable mail protocol.

Frankly, I do not see great value in anonimity. If you seriously think John Ashcroft is going to get you for speaking your mind, you're smoking too much pot. Or your suggesting killing the president or something that you SHOULD be investigated for.

Re:SMTP must die!

[cayenne8]

At the very least, the company would be responsible for paying said co-worker's hospital bill after his post-grab ass 'beating' he'd get from anyone I know here at work if he pulled that kind of stunt...

:-)

Re:SMTP must die!

[WinDoze]

most of the junkmail I get is hand delievered

Report this to your local postmaster. Mailboxes are considered federal property according to federal law (Title 18, United States Code, Section 1705). Access is limited to yourself or an authorized delivery agent.

Re:SMTP must die!

[Nintendork]

I checked into this about a year ago. Bulk mailings will not get returned to the sender, so you're just wasting the USPS resources. Here's a link to more information.

-Lucas

Re:SMTP must die!

[Cruciform]

The drawback to that, is if you need to cross any borders after the fact. It doesn't matter that the charges aren't followed through. It only matters that you were charged, and suddenly you lose the ability to move freely between countries.

Re:SMTP must die!

[DR+SoB]

Whoa dude, you're wacky!!

Okay, let's start with the first sentence, guess what, I don't receive any porn to my email account, by your logic, that means that it doesn't exist, so what the hell are you talking about?

Second line: Porn is mmmm yummy. If you don't like it, simple stop forwarding those stupid joke/chain letters, stop having your friends send them to you with your name in the cc: list (have them add it as bcc if you just can't miss their humour), stop subscribing to news groups (or setup an email specifically for high risk activities), etc. I could go on, but I'll leave the rest for you to figure out, but FYI, I've sent and received over 30,000 emails in my lifetime, and never once received unsolicited porn. (unfortunate as it may be!)

And your last line, DAMN, say WTF? What the heck are you talking about? As for anonimity if you feel that way, why don't you search /. using your real name instead of coyote oww? Obviously there is some need for anonimity.

Re:SMTP must die!

[zcat_NZ]

which is why you should stuff as much as you can into the 'prepaid reply envelopes' that they generously provide. :-)

Re:SMTP must die!

[mdfst13]

"And what about junk phone calls? Aren't they the cheapest medium??"

Err...no. Spam can be sent out at a rate of 100,000 messages per hour by a rather weak machine ($500, call it $50 per month with electric). Assuming 1K per message, that's 800 million bits per hour. Call it 250,000 bits per second, within the capibilities of a $50/month internet connection. For a $100 per month, that's 65 million messages per month. That's 6500 messages per penny.

Mailings are pennies per *message*. Even $.05 is still 30,000 times the cost of spam, not to mention printing costs. Phone calls are going to have similar cost (about $.06 per connection). Phone soliciting is the most popular because of its high closing rate, not costs.

Both junkmail (disposal costs and time) and phone soliciting (just time) cost the recipient less than the sender. SPAM costs recipients much more than the sender. The sender stores the mailing list and one copy of the message (which can be amortized over the entire list). Each recipient has to store their own copy of the message. The sender pays one bandwidth; the recipient pays 3 (receiving the message, sending the message to the client, getting the message for the client).

Personal initiatives against spam will not have much impact in an industry where one can send 650,000 messages to get one purchase with a $1 margin. Since most spam is not sent by the actual producer, refusing to buy their products is not going to affect spam unless *everyone* does it. More organized efforts are needed (for example, closing off the seller's supply of the actual good or auctioning off their Porsche to pay their fines; shut down their merchant account; or simply preventing the intended recipient from seeing it with filters, etc.).

Re:SMTP must die!

[Xugumad]

Interesting. It does seem to work in the UK - having been moving house every 9-12 months for the last seven years (living in a student town, permanent accomodation is apparently impossible to find), and each time having to deal with the previous owner's post, sending it back "NOT AT THIS ADDRESS", seems to cut down on the junk...

Re:SMTP must die!

[IncohereD]

I've read examples of employees at different companies who would flirt with each other over e-mail (i.e. both parties were fine with it), but then one side's boss would decide it was harassment and sue the other party without consulting the parties involved (or ignoring them). A lot of companies are overzealous in the CYA departmetn, and this may be one of the reasons.

Re:SMTP must die!

[samhalliday]

that is a ridiculous anti-spam method... it may come in as a weighing factor into indentifying spam, but it does not catch all spam, and in my experience falsely tags ham (i.e. non spam) as spam. i can't even count the number of people i know who use yahoo (as an example) accounts, but use their university or personal SMPT server to send emails (i also do this).

add on top of that the possibility of faking the IP (i've seen it... it happens). when people talk about authentication... they don't mean IP authenticated... they mean using crypt keys (and then there are the unrealistic CPU cycle "payment" ideas)

long story short... until the whole protocol gets rewritten (very unlikely) or politically it is impossible to send spam from anywhere in the world (also unlikely), then the best we can hope for is programs like spamassassin which have weightings for all the telltale signs of spam.

for some reason people like yourself seem to think there is "one big telltale sign to identify all spam"; well, in spamassassin you can assign that telltale sign to give a million spam points if you want. the rest of us will continue to let the people that know what they are doing assign more sane points to individual telltale signs... because by your reasoning, my inbox would most likely be empty.

Re:SMTP must die!

[samhalliday]

in my post i was referring only to the ip reverse lookup bit... the md5sum check i missed the first time; it sounds like an overweight version of "greylisting" which is when a receiving mail server gives a temporary failure to all emails, any self respecting (i.e. non spammer) SMTP will move along and not resend the message... but the respectable ones will. any resending servers will be whitelisted.

that is actually a damn good idea... but it's already been done, but the whole md5sum and reverse lookup bits are total overkill. using greylisting, my university account has gone down from 100+ spam emails a week in my inbox to about 10 a week.

Re:SMTP must die!

[samhalliday]

doh! (hits head)

any self respecting (i.e. non spammer) SMTP will resend the message

damn my posting on slashdot when tired!!!

Re:SMTP must die!

And who doesn't like a little bit of donkey love on a Monday morning?

Yeah especially that grandma and shemale love. I checked my Hotmail account the other day for the first time in about 2 months, and I had 2 new emails - 1 that I knew was important. The other had an unassuming sender/topic, but you know what it was pictures of? You guessed it, an old lady half-naked and, I'm assuming some nasty ass looking shemale - didn't really feel like looking any further to figure out what the fuck it was.

Worst thing of all was I don't think I was spammed for any sick porn service or otherwise - this person just felt like doing it just to fuck with someone... who knows? Maybe get them fired... maybe get them to puke up their breakfast onto the keyboard.. etc..

Re:SMTP must die!

[BunnyClaws]

We did this in government class when I was in college. Each student mailed a letter to the professor without postage. He recieved 12 letters out of 35 sent.

Re:SMTP must die!

[Alyred]

Yeah, I know... and by telling them those steps I've probably saved untold numbers of inboxes the horror of some spam.

But ya can't reach everyone...

Re:SMTP must die!

[ThaReetLad]

Snail mail must die!!!

I hate having to actually spend time opening and reading it, and most of it is either junk, or demands for money (with menaces).

Worst of all the demands for money expect me to spend time using an arcaic device known as a "pen" to fill in some forms and then actually leave my house to send them my reply!!!

Damn it all to hell I say.

Sweet....

[w.p.richardson]

Gimme a raise or you get a lawsuit!

Lather, rinse, repeat...

Re:Sweet....

[AaronD12]

The question is, if I give my company's e-mail address to some pr0n sites and get pr0n e-mails, will I get to sue my employer? How will they know?

I stole this sig.

Re:Sweet....

Only if you give me a raise too! :)

Re:Sweet....

[Jim_Maryland]

What about the situations where someone who knows your work email address submits you to the p0rn sites and you start receiving messages. I had this happen to me a couple years back where a college buddy of mine decided it would be funny to sign me up for "p0rn picture of the day".

Could be difficult to prove that you weren't the one to do it, plus you'd be a lot more careful in who gets your email address.

Jim

Re:Sweet....

[nkh]

Sue me and you're fired!

Re:Sweet....

[NuclearDog]

Yeah, I've had quite a few asshats sign me up for gay porn sites, thinking it was funny.

Simple solution, though. I change the alias that they send e-mail to (and had signed up) to point to their own e-mail address. Hope they like gay porn...

Problem solved :)

It's not just a good idea, it's the law!

[LostCluster]

I know of one business that is still running Windows 98 based computers in the office, with very little preventing the employees from wandering on the Internet to wherever they want. Not surprisingly, the employees end up contracting spyware and browser hijackers on a regular basis.

The management has had enough of the IT department having to clean up the infected computers, and has basically ordered them to stop wasting their time on such machines. As a result, one machine's homepage is now perma-set to a porn site. There's a running process that resets it whenever the user attempts to change the home page by any way, but it's using rootkit tactics to shield itself from being uninstalled by anything. The OS is hosed, it needs to be reinstalled.

I just can't wait until the first female employee notices what's happened to this male employee's computer and files the lawsuit. Sometimes, IT spending is just plain mandatory...

Re:It's not just a good idea, it's the law!

[Kenja]

"Sometimes, IT spending is just plain mandatory..."

So is firing employees who cause unnecessary IT expenses. But it seems that the current managment thinking is that its the IT departments fault when other people look at porn and download spyware.

Re:It's not just a good idea, it's the law!

[silas_moeckel]

It is in a way there fault for allowing people unrestricted access to the internet at least force them through URL filtering.

Re:It's not just a good idea, it's the law!

[87C751]

Why can't ID10T lusers be simply backcharged for the costs of cleanup? Give them a stern lecture and one warning incident, then dock their pay. Put up an intranet page with all the approved anti-virus and spyware-sweeper packages and then hold the employees responsible for their own actions.

Oops... I said "responsible", didn't I? Well, so much for that idea.

Re:It's not just a good idea, it's the law!

[Tackhead]

> [...Windows 98 based computers] There's a running process that resets it whenever the user attempts to change the home page by any way, but it's using rootkit tactics to shield itself from being uninstalled by anything. The OS is hosed, it needs to be reinstalled.

Rant: WTF d00d?

If we were talking NT, 2K, or XP, I'd agree.

Win95/98? Set BootGui=0 in MSDOS.SYS. Reboot the pig. Look, Ma, no running processes on boot! Type DELETE WHATEV~1.EXE (whateverthefucktheproblemis.exe) and type WIN.

I'm not saying 9x belongs in an office environment full of clueless lusers who don't know how to secure their machines. It's got no security model, blah blah blah. But compared to the useless "recovery console" (where XP's security model "protects" you from fixing anything), when a 9x box gets fucked up, it's amazingly easy to pop the hood and unfuck it.

Re:It's not just a good idea, it's the law!

[Brandybuck]

Yes, its' easy. But their IT department isn't doing it. That's the whole point of the post.

Re:It's not just a good idea, it's the law!

[pclminion]

I think his point just flew by you at Mach 2.

The IT department has been forbidden to fix these things. Yes. It can easily be fixed. No. They are not allowed to.

Try thinking harder next time. Thanks.

I support this

[rokzy]

my uni is pathetic and refuses to implement any kind of anti-spam at all just so they can't be held accountable for anything.

force them to sort it out. and if they can't fix it then get rid of it. something will fill the void and either way the problem is solved.

i'd roll back to etch-a-sketches

[geekbruin]

Sounds like that is going to put a huge amount of burden on the companies. If I were running my own private business, I'd be inclined to unplug everyone's network connections and hand out typewriters. I don't know how strict the legistlation is, but it sounds to me that this might promote anti-technology.

Re:i'd roll back to etch-a-sketches

[spellraiser]

If I were running my own private business, I'd be inclined to unplug everyone's network connections and hand out typewriters.

I think this is pure overkill. You would lose much, much more than you would gain by implementing a scheme such as this. Morale, for one, would suffer immensely. If they had connected computers before, and are suddenly forced into accepting a more inferior arrangement, they are bound to feel the loss. This, along with the loss of access to the information resource that the Internet is (yes, yes, I know 90% of the Internet is crap, but that still leaves 10% non-crap), will probably mean a considerable loss in productivity.

Also, I would like to say that I find the idea of making employers responsible for offensive, outside email unappealing (this is my personal opinion - I am not considering the legal aspects). Where would that stop? Would ISPs then be held accountable for all the spam that their users receive? This is just shifting the blame onto a more visible target. It's hard to attack the spammers directly, so to some it makes sense to blame someone else. It does not, however, make sense to me.

Re:i'd roll back to etch-a-sketches

[techno-vampire]

If we replace SMTP with something more secure, as one poster suggested, it would help. Of course it would also cost quite a bit, as we'd have to have both systems running during the changeover. Once that's done, the spam drops, causing everybody to use less bandwidth on a day-to-day basis. Not only does this cut costs directly, but the time saved on legitimate net business would add to the savings. I wouldn't be at all surprised to find that the savings would pay for the change in short order.

Re:i'd roll back to etch-a-sketches

[geekbruin]

i agree. my typewriter statement was factitious in order to show how the law could adversely affect small business. my point is that it should be important for these legislators to consider the financial impact that this would have. not only would it drive up cost for everyone but would favor large businesses with preexisting IT infrastructures over smaller companies whose IT person might some multipurpose employee that by chance knows how to reboot computers, share printers, and run windows update (which, for a majority of small businesses, is all the IT expertise you need).

more importantly, the whole premise of the law, in my opinion, is garbage. i believe that the law puts an unreasonable amount of responsibility on the employer rather than the employees. people need to start being proactive in protecting themselves from the internet.

if implemented, choosing *who* to sue would also be a litigious nightmare. do you sue the IT girl? if so, do we start selling IT malpractice insurance (i would need some)? do you sue the 3rd party ISP? What about the company that wrote the spam filter, should it fail to work? if a company filters their corporate mail but not, say, the employee's hotmail account, are they still liable for damages?

but even if i can prove that the legislation would create a litigious nightmare isn't sufficient to show that the law shouldn't exist. The *real* problem with this legislation is how it holds the entity that provides the transport for the offensive material responsible for the offensive material. would we sue the phone company or the USPS for sending us audio and paper versions of porn spam? do we do so now? no, we (united states) create things like the do-not-call list and find methods of empowering the consumer rather than punishing the provider. to me, and i think most people, holding the service provider responsible sounds absurd.

however it seems that legislators have taken a different view of this in when it comes to the internet (the first death of napster, for example, and all the stuff that's happened in the wake of the DMCA). i have theories, but i'm not yet sure why this is.

i have to admit that i'm really excited to see what happens. thankfully, i'm not in the E.U. so i can watch from afar. and after belaboring the topic a bit more, an etch-a-sketch is sounding pretty appealing. ^_^

Re:i'd roll back to etch-a-sketches

[geekbruin]

yes, you may very well be right. estimates say that employees spend so much time per day cleaning up spam that email's efficiency over a phone call or a paper memo has been called into question.

the legislation's purpose, however, is not to increase efficiency nor reduce costs. and if a small or struggling company decides that either the upfront cost of the switchover is too expensive or that the legal liability would be too high, they still might roll back to more low tech ways of doing things.

Re:i'd roll back to etch-a-sketches

running a business you learn that most new EU legislation is designed to preserve civil service jobs in an increasingly automated environment.

Businesses that have a problem which impacts the bottom line - spam or otherwise - will do something about it.

All this legislation is such utter BS heck I am really suprised they haven't thought of a 20 page form (with heavy fines for not filling it out) and an annual license fee.

Fear not though... in 20 years time we will ALL be government bots playing a game of monopoly in a false economy with the real commerce innovation and production being done elsewhere.

US is the same

[gorbachev]

You can do the same for any US employer using existing discrimination / harrassment laws.

Re:US is the same

[geekbruin]

But would you be able the prove that the company providing the method in which the offensive material is delivered is responsible for that material? if porn telemarketing existed, for example, would it makes sense to blame the company for giving you a phone number that a 3rd party obtained and and diailed to solicit porn to you? same goes for snail mail. do you hold the USPS responsible for potentially offensive junk mail?

Re:US is the same

absolutely correct

fortunalty email does provide some capabilities to remvoe those items, but thats not foolproof and should not be required like the law is saying.

they confuse the fact taht since some filtering can be done, it should be done and it will result in a flawless ssystem.

thats the problem

Re:US is the same

[Brandybuck]

Could you please respond with the specific law that covers this? Because my European employer doing business in the US has refused to do anything about the nearly 150 spams a day I get, many of them pornographic. I was told "deal with it, everyone else does." I started forwarding the more explicit spam to IT guy in charge of the spam filter, but I was told to stop before the company sued me.

Re:US is the same

[gorbachev]

Sexual harrassment laws. One interpretation of such laws claims porn spam in employee's inboxes create a hostile work environment, of which the employer is responsible for.

There are several references to porn spam and hostile work environment. One such reference is at http://www.dynamicnet.net/news/articles/sexual_har assment_from_spam.html

Re:US is the same

[Brandybuck]

Your link is a page full of supposition and what-ifs. It's trying to sell its services!

To quote: "Many legal analysts said there is a growing belief that employers will be subjected to a wave of lawsuits if they don't implement systems to stop spam."

This is a "belief". I'm hardly going to stick my neck out and sue my fortune 500 company on the basis of this. I don't want to be the legal guinea pig.

Re:US is the same

[gorbachev]

If one would use Google, one might find references to at least one real lawsuit, one that was settled out of court (hence no case law).

Remember, in the US, you can sue anyone for anything at any time.

I won't be suing my employer for any porn spam I get either. The same will probably hold true for a large majority of US citizens. But then there're the bible beating soccer moms...

More work for us!

[LostCluster]

We should be celebrating laws that require business to do something about user-annoying IT problems. Legislating a need for IT translates to tech jobs that can't be cut... and that's more work for us.

There are solutions to Spam that companies can use, they just keep getting killed because PHB's say they fail the cost-benefit tests. However, when you throw the prospect of a big lawsuit in the face of a PHP, it changes the balance of the scale.

Re:More work for us!

[Darth+RadaR]

Fast food for thought:

By the same token, a company could/should be able to sue a user dumb enough to download a screensaver virus, etc.

Re:More work for us!

[gcaseye6677]

Its beyond me how some manager can claim that spam filtering isn't worth it. A company's biggest expense is salary, and how much time (and therefore money) do employees waste filtering out spam manually?

Re:More work for us!

[i8a4re]

cost-benefit analysis??? Let's see, I run a Windows network with Exchange. I went to source forge, got E-MailRelay and SpamAssassin. Total cost was my time and it catches 99.994% of spam. Based on that, the cost/benefit ratio is exceptional.

Re:More work for us!

[Kjella]

There are solutions to Spam that companies can use, they just keep getting killed because PHB's say they fail the cost-benefit tests. However, when you throw the prospect of a big lawsuit in the face of a PHP, it changes the balance of the scale.

Actually, I think the PHP as well as the web server it runs on will silently ignore you. Certain other TLAs might react though.

Kjella

Re:More work for us!

And you are saying you'd want to have job of maintaining fucking spam filters? It's like saying let's protect McDonalds to make sure they have plenty of career opportunities.

Re:More work for us!

[Warlok]

Legislating a need for IT translates to tech jobs that can't be cut...

And fifty years from now, when e-mail is archaic and everyone has a solution from one of several competitive vendors, do you think that legislated government job is going to go away? Look at the Prohibition agents in the early 20th century in the U.S. - the "Untouchables" that are touted and deified. When Prohibition was repealed, where did those agents go? Were they fired, as the law that created their agency and jobs was repealed? No, they were subsumed into a new agency to police guns in America. Government doesn't cut jobs, they shuffle them, and legislating a job into place means we'll have it forever, whether it's necessary or not.

Who's going to pay that guys salary? The corporate entity who was dictated to carry him? They'll turn that cost into higher prices for their products, which means you, as a consumer, will be paying higher costs for the products you buy, which means you'll have less money to buy all the things you need, which means companies will be reporting less profit, which drives down stock prices, which means they'll have to find a way to be profitable, which means cutting costs, which usually means job loss, which means you'll have less job security in the long run - unless you're the happy guy with the unnecessary government job that can't be cut.

Re:More work for us!

[surstrmming]

We should be celebrating /.../ Legislating a need for IT translates to tech jobs that can't be cut... and that's more work for us.

That's the kind of thinking that causes more and more jobs to be outsourced to India where they can be more efficient.

Cool

[tbjw]

If this makes employers consider better spam-filtering mechanisms, surely that's a good thing for everyone. We know that it is more-or-less impossible to stem spam at the source, so legislating to impede spam at some other point is not entirely a bad thing.

Of course, the tinfoil-hat folks will be vomiting to themselves over the evil intrusive regulation, but come on, how hard is it to try to filter spam?

Re:Cool

because the law requires something that is impossible.

thats why it is an evil intrusive regulation.

spam filters are not perfect ands never will be, suddenly a company is liable for someone else sendign their employee material.

i never realized employers had to shield the employee from reality

Re:Cool

[wkitchen]

If this makes employers consider better spam-filtering mechanisms, surely that's a good thing for everyone.

The more likely response is an increased prevalence of "obscene" content filtering, without regard to whether the offending mail is spam. That is not such a good thing.

It's true that that kind of thing shouldn't be going on at work anyway, but such filters lack human judgement and therefore usually have to be a bit over agressive if they're to be effective at all.

Re:Cool

[tbjw]

That's not quite how the law works, as a rule. If the employers are seen to be making a reasonable attempt to filter obscene spam, then that should suffice. I do agree though that employers have a duty to ensure that their employees are not pissed off by circumstances they can easily mitigate. Think of it as similar to installing air-conditioning; it's not perfect, and it may not _strictly speaking_ be necessary in all cases, but it's certainly a good thing for employees.

Porn Spam?

I just get spam telling me how small my penis is. I never get pictures of naked people!

How comes I have to miss out? :(

Re:Porn Spam?

Mod parent up; it's funny.

I have to admit it's the same with my e-mail too; probably because the porn companies want you to pay for the images first and don't just mail people free porn.

However, even advertisements for porn or penis extensions could cause offence, so that's the problem really.

If I had a choice I'd insist on life sentences with no chances for parole for all spammers.

Re:Porn Spam?

[Nuclear+Elephant]

Porn spams are the easiest to filter out, because they contain so much guilty data in the HTML and message content. I don't think you'd want to get the porn spams though, they'd make your penis feel even smaller.

Re:Porn Spam?

[Kenja]

"I just get spam telling me how small my penis is. I never get pictures of naked people!"

That's because we keep getting pictures of you naked. Can't you take some constructive criticism?

Re:Porn Spam?

[YankeeInExile]

Well -- get some of that h3rb@l v|@9RA and you will have non-stop naked people :)

I had to stop buying things from spammers when my breasts got so big that I couldn't see my enormous penis, and I had no need to work because I lowered the interest on my mortgage so much, the bank was paying me!

(This is parallel to an old aviation joke: If I put everything on my PA22 that would shave a half-gph off my fuel consumption and give me an extra knot of airspeed, I could go mach2, but would have to stop every couple of hours to drain my tanks as they accumulated fuel)

Re:Porn Spam?

[Lxy]

Quick hint: stop using pine.

Seriously, I had no clue what people were talking about until I started using webmail. Everyone was talking about obscene pictures in their e-mail, why didn't I get any of those? I finally realized I was getting them, I just had a really nice filter.

If you want to avoid pr0n spam, use pine. If you want pr0n spam, stop using pine.

This law is irrelevent.

[Chiasmus_]

The law is irrelevent, because not too many countries are following it.

From BBC news:

They also found that eight EU member nations have yet to implement the directive despite the deadline for compliance falling more than six months ago.

The rogue nations - Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal and Finland - have been threatened with legal action.

The problem with international laws is that nationalistic countries are generally inclined to ignore them.

Honestly, since I couldn't find a single link to the actual legislation, it's hard to tell whether employers could actually be held liable for spam, or whether this is just FUD.

Obviously, if an employer intentionally turns off the spam safeguards on one woman's machine, because she's very religious and he knows it'll freak her out, then that's sexual harassment through spam.

But spam that slips through the cracks despite reasonable efforts to stop it... I have to say, I don't think any court in the world would find a tort there.

Re:This law is irrelevent.

[burtman007]

I agree with you, but I do have a question then: How do you define reasonable effort? Is a Spam-filter that is 2 years old a reasonable effort? What about a new one that only searches keywords, but not phrases?

Re:This law is irrelevent.

[wolverian]

Finland at least has actually stricter anti-spam laws than the EU directive calls for. Whether Finland fully implements the directive or not, I don't know, but at least the right thing is being done with spam.

Re:This law is irrelevent.

[bvdbos]

Over here in Holland, I didn't read anything about protecting the employee. The oncoming implementation of the antispam-law (sorry, didn't find English version yet) protects consumers, not employees. This protection is for dutch spam only. The law will be effective any day now (just has te be published in the official newspaper). Our government is of the opinion that unsolicited email received at the workplace is usefull for employees... Fortunately this is not the USA where people sue for seeing a nipple... Any employee which sues his/her employer because the employee receives spam will be laughed at...

What is 'enough' ?

[nurb432]

Problem is with vague rules, they are easily taken advantage of..

Sonuds like a lot of lawsuits in waiting.. Easy money... ( for the lawyers )

Re:What is 'enough' ?

[Nuclear+Elephant]

Well to play devil's advocate for a moment, if a stranger walked into your place of business and began sexually harrassing you, the company wouldn't be immediately liable, but they would become liable if they failed to remove the stranger from the premises. In the same way, a company that failed to provide a reasonably secure environment for individuals to work in resulting in them being robbed or raped while on the premises *could* potentially be held liable. This seems to be the same premise that this law is built upon, where the business needs to exercise some attempt to provide a hostile-free environment for their employees. A couple spams managing to get through I doubt would allow the company to be held liable, but if the company failed to perform any type of filtering whatsoever they could appear as wreckless. This doesn't appear to force a company to use any particular type of spam filter, so it won't force the copmany to spend any money if they don't want to - on top of the many free open source projects out there to filter, the company would also have the choice of implementing whitelists, challenge/response, or one of the many other approaches to filtering.

Very Sticky Subject

[Prince+Vegeta+SSJ4]

"European employers must be aware of the risk of new computer-related liabilities," said the researcher for the University of Amsterdam's Institute for Information Law.

"An important example of such a potential new liability is the risk of being held accountable for not protecting employees against unsolicited pornographic e-mail."

This could encourage companies from denying Internet access to employees, after all why risk sexual harassment lawsuits for something that is so difficult to stop.

On one hand you can have an opt-in list for employees, where someone must "allow" a person to send mail to an inbox. I use this for my Dads email account due to all of the spam (however, being his personal and business email address, I must constantly monitor the mail so that nothing important gets caught in the SPAM TRAP)

Which leads to the other hand, opt-in limits your ability to do certain things, for instance if you pass out business cards with an email or want legitimate, but currently unkown people to contact you it is a pain in the ass.

In Europe?

[Shoten]

I thought the U.S. had the market cornered when it came to ridiculous PC requirements in the workplace. Honestly, you'd think that in all places, EUROPE...where there is topless advertising in magazines...would be sensible enough to tell its users, "Look, we're all grownups here, and we all know how hard spam is to deal with. There is no magic solution yet, you're going to have to deal with it." I mean honestly, how many people have spam tackled at home on their own, anyways? It seems nuts to ignore the difficulty of stopping spam in an enterprise environment when coming up with guidelines to punish companies for not doing so.

Women's Studies Department: Useful Idiots

[Tackhead]

> my uni is pathetic and refuses to implement any kind of anti-spam at all just so they can't be held accountable for anything.

Delete a few of the mortgage spams, leave in the "Tentacle Rape" and "Beat her to death with your horse cock" spams.

Then run the mess through SpamAssassin, and say "Here's what we'd be free of if we could just get the administration to authorize installation of this Free software on our mail servers."

Hand both printouts to a female accomplice (preferably lesbian, or at least able to fake it), and have her do the talking to the Dean of Womyn's Studies office. "Demand the Right to be Free of Harassment and Traumatization in Our Free Speech" or something.

Your university's Women's Studies Department is a powerful weapon, but maybe it's time to use it as a force for good.

woohoo!

[fateswarm]

woohoo! britney boobies AND boss lawsit!

profit!

Re:woohoo!

[NuclearDog]

No, you do it like this:

1) Sign up for porn.
2) Receive a bunch of porn e-mails.
3) Sue employer.
4) ???
5) Profit!

No no no!

Next on their list is... copyright extention, everyone knows that.

European rational? "We have to extend to make our laws better then the American law, +40 years!".

American response, "Our copyright extention is only 20 years behind the europeans, +40 for us too!" the very next day.

The next day...

True Story...

[Noryungi]

Slightly OT, but still...

One day, one of my colleagues came to me and asked (absolutely furious) " Why do you send me gay porn on my email address? ".

Turned out that some sleazeball spamfscker had harvested my work email address and was using it to send gay porn HTML email, using 'clever' JavaScript to open dozens of windows containing images of a nature I will not describe here (Think group goatse.cx here -- yes, it was that bad). The 'From:' header contained, of course, my spoofed address.

Fortunately, this was a rather tech-friendly company and the colleague was also a good friend. I was able to explain to her that this was, in fact, not coming from me. And I showed her how to disable JavaScript in Netscape Mail. She, in turn, relayed the information to the rest of her open-space co-workers.

I still shiver when I think of the potential consequences if she had shown the email to our bosses, instead of closing down all the windows and going into my office... A short time after this incident, our sysadmins (bless their souls) installed SpamAssassin on the Postfix server, with a very threshold. And that was the end of spam.

Re:True Story...

[GoofyBoy]

Like a dream I had last night...

One day, one of my colleagues came to me and asked (absolutely furious) " Why do DON'T you send me gay porn on my email address? ".

Then the 70's pr0n music started ...

Re:True Story...

The only thing you need to do is send an email with some content she doesn't like (but it is still legal) with her name to the rest of the company, then show her how easy it is to do.

That should convince her

Re:True Story...

[VanillaCoke420]

And what happens when I block on sight without checking headers or anything? Is it possible that people will start blocking each other in an attempt at blocking the barbarians?

Can I file workers comp...

...for that goatsex man I was subjected to?

Money making scheme

[WwWonka]

1. Get Hired
2. Use new company email to sign up 4 LOTS of porn.
3. Wait
4. Get LOTS of porn oriented SPAM
5. Read the good ones.
6. Sue company for sexual harrasment
7. Make $$$ leave company
8. Buy fast computer for better looking porn.

Re:Money making scheme

God you really missed the boat on how to create these jokes? I guess you missed that simpsons episode huh? Well, just FYI: 1. Surf porn on company computer. 2. ??? 3. Profit!

Re:Money making scheme

[WwWonka]

God you really missed the boat on how to create these jokes? I guess you missed that simpsons episode huh? Well, just FYI: 1. Surf porn on company computer. 2. ??? 3. Profit!

God, I guess you're one who just follows in line with what the masses do. It wasn't meant to be a joke just an observation on the way that typical thinking will take place if this law gets passed in the EU.

Everything in life doesn't have to be a joke or relate to the Simpsons...aye carumba.

Surely they must already be held accountable?

Surely there are common decency laws in place already? If as an employer i bring porno into work, i would expect the sack, in additon on possible civil lawsuits. Whats the difference when compared to allowing spam / adware?

Re:Surely they must already be held accountable?

[phorm]

Because as an employer you aren't bringing porno into work. Would you be held liable is some dumphuck taped porn flyers onto the building entrance?

Re:Another Example..

Is it any wonder why the best and brightest businesses and innovation come from the USA and Asia?

... and move to india or mexico

Todays company memo

[Darth+RadaR]

Thanks to the new E.U. standards, there will be no more email. Frankly, we at $company can't be bothered to keep up with their standards much less justify the expense. Please go back to inter-office memos, fax, & snailmail.

:)

But seriously, does the E.U. really have to impose itself on businesses this badly?

Spam can be compared to other societal ills.

[commo1]

We have a problem here. How do we stop the spammers from distributing unwanted spam? We can't. If they're running their operations from outside industrialized and regulated countries, there is virutually no legal recourse. My favorite solution is to have all websites pertaining to porn be labelled with an .XXX suffix. Problem? Unenforcable.

Now, the same problem exists with panhandlers. They are a societal ill that hinders commerce, encourages substance and welfare abuse, yet bylaws and law enforcement are impotent against the panhandlers themselves.

So: As my suggestion to local city council goes: if you can't fine the panhandlers (what are you going to do, take their "panhandled" money away?), fine the people patronizing the panhandlers!

Some big issues here that have to be worked out... liberty of speech comes to mind, but somehow make it illegal or a fineable offense to support unsolicited spam or pornography by way of spam. If the market dries up, so do the merchants. If the demand drops, so does the supply.

Re:Spam can be compared to other societal ills.

[mcx101]

My favorite solution is to have all websites pertaining to porn be labelled with an .XXX suffix.

That possibility was discussed on /. once before. However, a lot of people thought it could result in governments censoring material they found unfavourable by insisting it by on a .xxx domain that people are less likely to take seriously.

I think the compromise policy here would be for companies to make reasonable attempts to block spam and provide warnings to employees about potential nature of spam. That's all they can practically do. They can't block out everything that could be offensive, any more than they could if it were spam sent by snailmail or offensive prank telephone calls, etc.

Re:Spam can be compared to other societal ills.

If the governments of the US and Europe were serious about stopping SPAM they could.

Any country that can be shown to be harbouring spammers or allowing SPAM should be disconneted from the net where practical. I'd imagine that caribean islands for example could be disconneted reasonably easily.

Contries that cannot be easily or completely disconnected should face sever economic sanctions. Very few, if any, countries would want to fight for the right of their citizens/guests to SPAM so I suspect they would take action to close down spammers and if necessary their ISP's and impose very hefty penalties to prevent spammers (million dollar fines/10's of years in jail).

The fines could help pay for the effort and the richer governments should also help finance the cost of serious anti-spam efforts.

Of course before this could be done, the US and Eurpopean governments would have to start taking action against Spammers within their own borders, no more slapping them on the wrist or turning a blind eye, Lock those bastards up until they're too old to understand the technology available when they get let out.

Well Meaning People Can Be Idiots

[List+of+FAILURES]

Or is it vice-versa? Idiots can be well-meaning people?

Where I work, we installed a Barracuda Spam Firewall. It works fairly well, but crap still gets through. And as we add our own REGEX filters, we find the false-positive rate increasing. The only real solution is to expand existing mail protocols to account for spam. Specifically, some changes to the SMTP protocol that require the sender definitively ID themselves before sending. This would provide accountability of some sort. I know, I know. Some people are going to attack me for proposing the modification of SMTP. What, then, do YOU suggest Oh mighty one?

Re:Well Meaning People Can Be Idiots

[JaxWeb]

I say we just keep SMTP so we can sue our employers. Sounds good to me.

Re:Well Meaning People Can Be Idiots

I set up DSpam on my home mail server and it is doing a very good job of catching and blocking spam. What is more is that out of the thousands of email messages it's processed, I have yet to get a single false positive, despite the fact I'm on some mailing lists that are unsuitable for those under 18. It's catching well over 90%. I just train it when it misses a spam, kind of like Mozilla, but it's much more accurate than Mozilla. It's also resistant to the spammers trying to poison filters with a bunch of random words since if a word is uncommon and not used for some time, it forgets.

I've been trying to convince my employer to switch from Spam Assassin, where they have the threshold set to 9. As far as I can tell, SA is almost useless, even after training it on my spam collection of several thousand spams.

Snail mail screening?

[michaelmalak]

As often stated, follow pre-Internet laws unless absolutely necessary.

Is an employer required to open all snail mail to screen it for porn? Would that, actually, be illegal?

Re:Snail mail screening?

[fmaxwell]

As often stated, follow pre-Internet laws unless absolutely necessary.

Is an employer required to open all snail mail to screen it for porn? Would that, actually, be illegal?

If an employee was receiving pornographic advertisements in his/her work snail mail, that person might have grounds for a suit. But since that really doesn't happen to many people, there is not a lot of caselaw, precedence, and legislation surrounding it, so it makes a weak analogy and a poor model for handling the problem.

A key point about this is that employers do have the means to drastically reduce the quantity of porn spam that employees receive. There are blacklists, Bayesian filters, and spam filtering services (e.g. Brightmail). They can use web forms rather than mailto links. They can provide employees with separate addresses for trusted senders and untrusted senders (e.g., what the employee fills out on an information request card). If they decide not to employ any of these tools, then they should be held liable for how their decision affects the people working for them.

I'm not suggesting that it's appropriate for someone to sue their employer if they get three porn spams in a year. But if they are getting them every day AND the employer has not taken reasonable steps to alleviate the problem, a lawsuit might be reasonable.

That also means that business will start pressuring legislators to create real anti-spam legislation with actual "Federal pound-me-in-the-*** prison time for offenders. We've all seen that it does little good when individuals complain, but, somehow, big business seems to have the ear of lawmakers...

Re:Snail mail screening?

Along similar lines, does your employer record all telephone conversations and archive them? And if not, why are they so keen to deal with emails in that way???

Sleazy?

[tds67]

The author of the study advises companies running email servers to use filtering technology, and warn employees about the sometimes sleazy content of spam.

Sometimes sleazy content of spam? Since when has spam not been "sleazy?"

Uk likewise already

[Alan+Cox]

While there doesn't appear to be any caselaw handy there is a consensus view that it falls under the "duty of care" an employer has to their employees. That isn't a disaster since the law revolves around the ficticious "reasonable person" so it requires reasonable effort rather than perfection.

Similarly although case-law has yet to appear there are good arguments that someone failing to take reasonable care of their systems and getting viruses/being used to spam others could be liable for negligence.

"for every right there is a duty" is the basis of a lot of UK law

Re:Another Example..

[kfg]

Damn straight! That's why Finland is now ranked as the number one most technologically advanced nation on earth, but I'm sure that private enterprise friendly China will be playing catch up.

KFG

Take it all away!

If people used their email for legitimate work purposes it would limit the exposure to possible pr0n spam. In most cases people don't need internet or email access at work in the first place, hence this post :p

As an employer I would just take away the access (except from mine of course)

Re:Take it all away!

[gcaseye6677]

At the risk of feeding a possible troll, I never gave out my hotmail address to any porn site, but its inbox gets filled with porn spam. You don't have to give out your address to get spam. Secondly, I don't know any professional who doesn't use email in their work. Your proposal would pretty much get rid of tech companies.

Her Impression of you??/Damage control

[spineboy]

I'm just kinda curious as to why she thought THAT you would be sending her gay-pron and why she automatically assume that it was spam. You had better hope (if you're straight) that certain rumors haven't started - maybe you had better date a few of the ladies in the typing-pool and leave a few copies of Stuff/Maxim on your desk.

Re:Her Impression of you??/Damage control

shouldn't you emphasize the "you" after the "that" for that sentence to sound right?

Re:Her Impression of you??/Damage control

[IANAAC]

You had better hope (if you're straight) that certain rumors haven't started

Then there are those of us that work in environments where no one cares what another person's sexual orientation is and don't really need to prove anything by dating "a few of the ladies in the typing-pool".

Re:Her Impression of you??/Damage control

Hey, I think we've found a civilized human being! We should have him stuffed.

actually...

[tuxette]

...in most cases, mail sent to you at your place of employement is considered business mail (i.e. the secretary or your boss can open it) unless it is specifically marked private or confidential.

Re:actually...

[tandr]

here we go... Do you want all spam to be marked as private or as confindential?

Someone said it right -- 'E-mail is like postcard, someone else WILL read too"

Re:actually...

[Ralman]

From what I have seen most adult oriented snail mail SPAM is usually marked "Private" or "Confidential".

Before any of you get all worked up, let me explain. When I recently moved, the previous owners were on just about every damn mailing list on the planet. I get 3-5 mail order catalogs a day. Some of them adult oriented. These are generally the ones in the envelope or wrapper marked as stated above.

Perhaps Uninformed

[fateswarm]

That's a perhaps uninformed suggestion from the EU council. Spam varies from a worm to a porn advert. From a hardware store ad to money frauds from nigeria. And more than that, spam changes each day. You CAN fight it if there's a person working on your company on it 24 hours a day but you can NOT guarantee it will be 100% spam free.

Giving the right to people even for one single spam message to sue is totally a harsh decision.

Simple Solution: Don't give out email addresses!

[Jerk+City+Troll]

Perhaps employeers could require employees not to give their email address to anyone. That would, of course, preclude them from sending any emails. This would definitely prevent their addresses from getting into the hands of spammers. Problem solved! No spam!

Or if that seems a little extremely, there could be an Email Czar that reads every email coming in and only passes the ones that aren't porn off to the recipient.

Hey, stupid laws require stupid solutions!

Depends on actions of the mail client

[Black+Art]

No e-mail client should ever request content from a remote server and/or load images without a direct action by the user.

Most porn spam loads images via html image tags or some other remote mechanism. (Usually with a web bug to figure out which address downloaded it so they can send you more spam.)

If the user has an e-mail client configured by default to download contact automatically then it needs to be corrected. That is the fault of their IS/IT department or whoever ordered the IS/IT department to use that client. I don't even think Outlook is that stupid anymore.

The other problem is that there are a whole lot of people who are unable or unwilling to just grow the hell up. So you get e-mail that describes sex. So what? Big deal! Sex is a part of life. Just delete it and move on.

But instead, these growth stunted pod people want to obscess over that part of life that they have not learned to accept. Instead of blaming themselves and their upbringing (or lack thereof) they are going to take it out on ANYONE else.

The best thing to do to avoid such legal problems is find out who these people are in your company and deny them ANY outside e-mail whatsoever until they can behave like a grownup.

Re:Depends on actions of the mail client

[87C751]

No e-mail client should ever request content from a remote server and/or load images without a direct action by the user.

You are correct, sir!

A question for the audience: where did HTML email originate? A Google search on 'origin html email' and 'first appearance html email' came up empty.

Re:Depends on actions of the mail client

No e-mail client should ever request content from a remote server and/or load images without a direct action by the user.

True, but I deal with it on the server. Use Anomy to filter out the crap. It removes harmful html and inline images leaving behind harmless html that still has bold, underline, etc. It can be run standalone or from mimedefang (or another perl script).

It's great. The annoyance of spam drops dramatically when it is reduced to simple text.

Re:Depends on actions of the mail client

[molo]

FYI, Mozilla's implementation is not perfect. No images will load, but it is still possible to have server hits on other data types.

See Mozilla bug #28327.

http://bugzilla.mozilla.org/show_bug.cgi?id=2832 7

(I would make a hyperlink, but Mozilla blocks anything with a slashdot referrer)

-molo

Re:Depends on actions of the mail client

[NuclearDog]

"I don't even think Outlook is that stupid anymore."

As of Outlook 2003 (that comes with ms office) it downloads them by default. The only way I could find around this (was just doing this for a friend, didn't have much time, though) was to simply tell it to show all messages as plain text.

Spam laws starting to look like crap

[t_allardyce]

I think its time to stop this bullshit and wake up. Email is a medium where anyone can contact anyone else without prior permission. Therefore fundamentally you will get spam. If you want the system to allow anyone to email anyone else then you will get people emailing you things you dont want. No-one likes it, but thats how it is, and how ever hard you try and stop it by giving a computer the task of filtering mail someone will find a way around that, how-ever carefully you design a system so that the source of a message can be guaranteed, someone will abuse the system, get hold of a "certificate" and keep moving around! If you make it cost money, people will will start using different incompatable systems ? some free, some not. If you make laws, spam will come from other countries. If you make laws, people will take advantage of them and start suing everyone, and finally, if you make laws then you're going to stop someone somewhere from doing something good. If you want you can swap email addresses with people you want to talk to and only have mail from those addresses come through. You can use feed-back forms on your websites, and even human-checking "type the number you see" or "if jack is a red dog, what colour is he?" systems. Telemarketing is only slightly different in that the telephone network is more controlled and its more costly to hire lots of people to call 1000's than to get one computer to email millions. When you're on the bus and some weird guy comes up to you and starts talking about the alien race of chicken people you might not like it but you can always walk away, use a car, or carry a gun. Email might suffer from spam, but look at the advantages: its free, its globally recognised and compatible, and it doesn't need a central monopolistic system that could be open to abuse.

Re:Spam laws starting to look like crap

[Steve+B]

how ever hard you try and stop it by giving a computer the task of filtering mail someone will find a way around that

Well, there's the proper point of attack for the law. We throw people in jail for cracking other forms of computer security in order to gain unauthorized access to other people's systems; we need to enforce the same laws against this subspecies of cracking.

Re:Spam laws starting to look like crap

[t_allardyce]

This isnt cracking! getting around an anti 'fuck' filter by typing 'f.u.c.k' is not cracking, trying to send someone an email is not cracking. This isnt gaining unauthorised access - you cannot gain any information from someones computer just by sending an email (attaching vb-script worms or seeing if the mail server bounces doesnt count) you cannot damage a computer by sending an email. The only unathorised thing you could do is flood one system with emails and that would count as a DoS attack. Spammers may be a sub-species of basterds and dont get me wrong i'd have fun capping them all, but you cant make being a basterd illigal on its own!

Re:Spam laws starting to look like crap

[Tackhead]

> This isnt cracking! getting around an anti 'fuck' filter by typing 'f.u.c.k' is not cracking, trying to send someone an email is not cracking. This isnt gaining unauthorised access - you cannot gain any information from someones computer just by sending an email (attaching vb-script worms or seeing if the mail server bounces doesnt count) you cannot damage a computer by sending an email. The only unathorised thing you could do is flood one system with emails and that would count as a DoS attack.

[Emphasis in your quotation added by me]

If every one of your employees has to delete 95 copies of...

"XX3NICAL__ ULTR@M__ F!0RIC3T__"
" Pills You Want. Many On Stocks. abreact omrgphh"
"G.1.ANT T.1TS 4 HER 4914"
"horse fux my girl N.U.D.E on internet" and
"hoi pliancy herbul penls"
[remainder of my past hour's spam filter hits deleted for brevity]

...for every legitimate business email they receive, and that doesn't constitute a Denial of Service attack, may I politely inquire as to what the f.u.c.k. would?

Re:Spam laws starting to look like crap

[Steve+B]

This isnt gaining unauthorised access

Nonsense. A spam filter is erected to keep out spam (duh). If a spammer deliberately circumvents it to get spam in, then he's gained unauthorized access.

you cannot gain any information from someones computer just by sending an email

Irrelevant. Entering private property without permission (in this case, against an express prohibition) is trespassing whether or not you deliberately remove anything you find there (if you do, you commit an additional crime of theft, but it's a separate issue).

you cannot damage a computer by sending an email

Also irrelevant. Repeat above paragraph, replacing "remove" with "damage" and "theft" with "vandalism".

The only unathorised thing you could do is flood one system with emails and that would count as a DoS attack.

More and more irrelevant. Trespassing is trespassing whether you do it once or ten thousand times.

Spammers may be a sub-species of basterds and dont get me wrong i'd have fun capping them all, but you cant make being a basterd illigal on its own!

No, you can't make it illegal to be a bastard. You can, and all civilized societies do, make it illegal to intrude on other people's property after you have been put on notice that you aren't welcome (and the use of any filter-evasion technique is prima facie evidence that the spammer is wilfully doing just that).

Re:Spam laws starting to look like crap

[t_allardyce]

erm to quote my-self:
The only unathorised thing you could do is flood one system with emails and that would count as a DoS attack.

if someone sends you 1 junk email (if you get 100 from 100 different sources then thats tough) its no problem. If someone sends you allot of junk emails then its a DoS attack.

Re:Spam laws starting to look like crap

[t_allardyce]

I dont know why i bother replying to this crap, maybe its a sense of needing to feel the winner?

Irrelevant. Entering private property without permission (in this case, against an express prohibition) is trespassing whether or not you deliberately remove anything you find there (if you do, you commit an additional crime of theft, but it's a separate issue).

You are not entering private property, and if you want to equate a packet on your network to a person, then the real-life version would be you walking into the public reception of a building where members of the

public can enter and giving the receptionist an envelope. Or it would be similar to posting in someones letter box.

If you enter the building once and are thrown out and told never to come back then yes you can say that you personally cannot enter that building without trespassing.

A filter is not an access control mechanism and bypassing it is no different to bypassing a door-man at a club by actually dressing well. If you come in scraggy clothes you wont get let in, if you come dressed smart you could still be intending to cause trouble, but he'll let you in!

Unauthorised access means you or something you can control or pre-program can interact with a system or place. If you enter the private part of a building thats access, if you drop a robot on a remote control through a letter box thats also unauthorised access, so is using a virus, trojan, spyware or script to allow you to interect with a system.

Re:Spam laws starting to look like crap

[Steve+B]

A filter is not an access control mechanism

Did Bill Clinton teach you how to redefine ordinary English words, or did you teach him?

Of course a filter is an access control mechanism -- denying access to some and granting it to others is its entire function.

A filter is not an access control mechanism and bypassing it is no different to bypassing a door-man at a club by actually dressing well.

Nope; the filter-cracking techniques of spammers are instead equivalent to bypassing a door-man by wearing a forged badge that makes you appear to be a legitimate visitor when you aren't.

Unauthorised access means you or something you can control or pre-program can interact with a system or place.

No, unauthorized access means access that is not authorized by the owner of the property. For example, if I put up a spam filter to keep out the spam you send and you use some trick to get it into my inbox anyway, then you have gained [drum roll] unauthorized access.

Re:Spam laws starting to look like crap

[t_allardyce]

"Nope; the filter-cracking techniques of spammers are instead equivalent to bypassing a door-man by wearing a forged badge that makes you appear to be a legitimate visitor when you aren't."

Thats two different systems. In one, only specific people have 'access' and they are actually pre-chosen, thats like authorising someone to send you an email. The second is where you say anyone can enter/send email aslong as it fits the purpose of the system - i.e you're not a trouble maker or your email isnt spam. Theres a distinct difference, look at real life examples: you wont get arrested for turning up at the door, even if you pretend to be good until you get inside and start making trouble you'll be kicked out but thats all. If you forged a company ID card to get in then you would be invading private property, or as clinton might have put it "invading privates". Similarly if you run a shop, it is a semi public place - anyone can walk in, but you can kick them out at will or stand at the door screening them. But theres a difference between someone forcing themselves past your screening and just pretending to be legit. i learnt english from the best! ;)

Mod parent up

Good point

Easy solution!

Counter-sue the employees for downloading pornographic images while working.

And for using their work email address to subscribe to dubious web sites.

The reverse may be true

What employee, unless a complete and deliberate virgin, is going to complain about porn spam at work? I, for one, welcome our sleaze sending overlords.

Hey, you can always say "that damn porn spam!" as soon as your boss starts looking.

I posted an Ask Slaskdot on this...

[Gudlyf]

...and of course, it wasn't accepted, but that's beside the point.

We had an issue here in the workplace where porn spam was getting through to a list. Basically this was the equivalent to an "info@..." list, where potential customers would email for product information. One woman who was required to read those emails started to complain about the porn spam. Even though I had spamassassin doing a heck of a lot of blocking, plenty still got through.

Let's put aside the web form option for the moment. Could she really sue the company for making her read the email to that address? From what I was told, I don't think so, since we had proof that we were at least trying to remedy the situation any way we could. Has anyone else run into a similar situation and had someone really sue the company?

Re:I posted an Ask Slaskdot on this...

So why don't you just filter out the crap? Use Anomy to filter out the inline images and harmful html. It leaves behind harmless html that still has bold, underline, etc.

Anomy can be used standalone or as part of mimedefang (or another perl script).

The annoyance of spam drops dramatically when it is reduced to plain text.

Re:I posted an Ask Slaskdot on this...

[Gudlyf]

"The annoyance of spam drops dramatically when it is reduced to plain text."

We use anomy, actually. We use it to drop all attachments. As for images, we've just turned off loading images on the users' mail programs, which stops the porn images. This does not however stop the trashy text, which is still a problem.

Saw this one coming...

[pointbeing]

In the federal agency where I work I've been hollering about hostile work environments for more than a year.

My primary job function is R&D and I've told bosses for quite awhile that I thought it exposed the government to liability if we weren't using industry best practices to combat spam.

I even offered to ask the agency's legal section what our exposure was and was 'discouraged' from bringing this to Legal - I think because if the lawyers *do* find a risk the problem would be immediately escalated to HQ for resolution ;-)

Anyway, I researched several client, server and mail gateway products - everybody thinks combating spam is a good thing, but the higher-ups can't decide whether to automagically delete spam at the gateway (lousy idea) or just tag it and use client-based rules to quarantine it (much better idea).

Anytime you do rule-based mail deletion you open up the opportunity for me to explain to my boss that the reason he didn't receive my project was because the mail gateway ate it.

IM frequently less than HO corporations need to protect both themselves and their employees.

Re:Saw this one coming...

[GPLDAN]

corporations need to protect both themselves and their employees.

Corporations have more leeway to do such things than a Federal agency, though, correct? While a corporation would be subject to state laws regarding sexual harrassment in the workplace, you are subject to federal guidelines. Is this right?

Re:Saw this one coming...

[pointbeing]

Corporations have more leeway to do such things than a Federal agency, though, correct? While a corporation would be subject to state laws regarding sexual harrassment in the workplace, you are subject to federal guidelines. Is this right?

Yes - that means is the employee has to sue in federal court ;-)

Re:Saw this one coming...

[slazar]

Tagging and client based rules aren't really that great of a solution. If you trap and quarantine based on rules it is much better. Then you whitelist companies and email addresses that you do business regularly with. Make the quarantined emails available to the user by sending a report every day or hourly if need be. Or have a web interface that they can go to at any time to retreive quarantined email. Sophos Puremessage can do this... Then your email server is not impacted by the deluge of spam, and your clients hard drives and network don't have to process it either.

Re:Another Example..

[The+Ultimate+Fartkno]

The average Slashdotter: Visits Europe, eats posts, and leaves.

Re:Simple Solution: Don't give out email addresses

The Email Czar would also be an employee and would be exposed to more porn spam than the average user. Thus, this Email Czar would be able to sue the company for a really large amount of compensation !!!

Modded down but...

I've seen this "person" comment in every single thread I've ever read.

And with a sig that links to a site I think it's pretty obvious that this is not one person making the comment but rather the staff from said webpage that collectively comment on everything.

And then, and this is a bit harder to prove, use other "smurf" accounts to then mod this account's posts up.

Re:Modded down but...

This is an interesting point, and I think you just might be right. For instance, for this story, this 'person' has posted 3 comments so far; the second one 2 minutes after the first one, and the third one 3 minutes after that. All the comments are top-level, and unrelated. Is this normal? Hmmm ...

I'm not so sure about the "smurf" accounts though. If you post early, have interesting things to say, and write well (all this applies to all 3 previously mentioned posts), you will get modded up immediately. So, you have no need for a "smurf" account, but it would obviously help ...

Allow employees to sue?

[hackstraw]

The overly broad wording of the legislation, according to the study, could allow employees to sue employers for not doing enough to stop porn spam.

I know pretty much nothing about European law, but here in the US we can sue anybody for anything. There are horror stories of criminals suing their victems for being injured in the course of their crime and winning. I've read the article twice and saw nothing that said this legislation would "allow employees to sue".

Spam has really gotten out of hand. I run an email server and run spamassassin with many custom rules and trap very close to 100% of spams. I kinda like challenges like this, so I don't mind (regexpressions out the wazoo, trying to teach a computer to be more "humanlike" throgh pattern matching, etc). But the time I have spent on this is amazing. I'm on the spamassassin mailinglist, and its the heaviest traffic mailinglist that I am on. So much time and effort is being wasted on spam, its not funny.

One proposal that a coworker suggested, that I had never considered would to _not_ filter, but instead do exactly the opposite. Respond to all spam mails! Think about it. If there were robots to auto reply to any email remove or go and follow all of the urls recursively on their server, especially https signup pages, we could DOS the hell out of these guys with their own spam.

Oh yeah, and its salisbury steak day children!

Re:Allow employees to sue?

[Dwedit]

Yeah, send me more junk since usually the TO and FROM fields are contructed from the same list of email addresses.

Re:Allow employees to sue?

[NuclearDog]

"Respond to all spam mails!"

Do that, and I will personally hunt you down and do something nasty to you, like make you sit in a IRC room full of AOL users for a few hours...

Seriously, though. I get about 5-10 spam messages a day (without filtering, even), and about 40-50 bounces\replies from people because some asshat is sending out spam with my address.

As for recursively visiting URLs, I'll agree to that :) I personally use a script from glowingplate.com. (Don't kill his site!) Here's the script:

#!/bin/bash

OUR_PID=$$
renice 19 $OUR_PID

COUNT=0
while [ $COUNT -lt 2000 ]; do

lynx -dump -useragent="By sending e-mail to my domain, you agreed to the published Terms of Service of my privately owned domains and servers, including the stipulation that all spam would result in your webserver log being filled with garbage. If you don't like it, don't send e-mail to my domains. If you don't want me to visit your website, don't solicit my visit by sending me unsolicited e-mail, because EACH unsolicited e-mail will result in your server logs being filled with this junk. You do not have a First Amendment right to waste my bandwidth, electricity, CPU time or hard disk drive space with your crap, characteristically illiterate or otherwise. Furthermore, I pray to The Lord Satan below that you get colorectal cancer and die a slow, horribly painful and undignified death." $1?YOU_FILL_MY_MAILBOX_WITH_UNSOLICITED_CRAP_AND_W E_WILL_DO_THE_SAME_TO_YOUR_WEBLOGS

let COUNT=COUNT+1
echo $COUNT
done

I just run that a couple times for each e-mail I receive. The messages have slowly tapered off...

Re:US is the same, NO ITS NOT

[kfg]

The discrimination / harrassment laws in the US put the responsibility on the individual accused.

I'm sure that Mitsubishi USA and Carnival Cruise Lines will be glad to hear that, as well as hundreds of other firms who have been found liable for creating/allowing a "hostile" work/customer enviroment.

I take it you're American? You should spell cheese K-R-A-F-T. Just don't eat any of the stuff, 'K? It's apparently unamerican, or something.

I don't know if you're from Wisconson though, so I don't know whether calling you a K-R-A-F-Thead would be considered a compliment or an insult, so I'll refrain.

KFG

No penis pills for me! No MCSE either!

[Saeed+al-Sahaf]

You know what I wonder about? Why is it while I have a military email address that is out there ALL OVER the internet, and I get HUNDREADS of emails every day, I get no spam at all except from the occasional boiler-room that thinks I need an MCSE? No porn, no penis pills... What is it that DoD/USAF is doing to stop spam that others are not?

Re:No penis pills for me! No MCSE either!

[Queuetue]

Shooting at people.

Re:No penis pills for me! No MCSE either!

[Saeed+al-Sahaf]

Shooting at people.

Hahhaaaa! But seriously, spammers are like cockroaches. The US military could nuke whatever part of the planet these things live (all over?), and they would just crawl out from under the rock and keep going.

This is what happens

[KalvinB]

when politicians get involved with problems that aren't political.

What's stopping these users from installing their own filters?

Next thing you know, empolyees will be suing employers for lost e-mails killed by the main filter.

As for SMTP being broken...you can already trace spam back to it's origin. All the way back to that open relay. It doesn't take brain surgery to fire up a DNS server or use an already existing one like DNSMadeEasy.com and assign your spam domain to the IP of the proxy you'll be using. The owner of the IP can in no way shape or form prevent "unuauthorized" domains from pointing to their IP. I pointed linux.icarusindie.com at Microsoft's web-site and windows.icarusindie.com at linux.org for awhile. MS's site automatically fixes the url while Linux.org showed up as my domain no matter where I went on the site.

Spammers already use tons of domains to host the product page linked to by the "click me." All they're going to do is put a mail server on that domain. So now all you're going to have are spams where the "click me" domain and from domain match. Whoopee.

You can already filter out "click me" domains which results in 100% accuracy (as long as you're not silly enough to think a computer can do all the work) and 0% collateral damage.

If your plan of attack involves some kind of "accountability," forget it. The internet is an anonymous place. You have to find a way to deal with the problem without this silly idea that spammers are somehow going to surrender and identify themselves just because you changed the protocol.

Ben

europe

[sstory]

one reason europeans move to the US to start companies is european governments strangle their entrepreneurs with regulations and taxes. It does not surprise me to see this.

Re:europe

Ah yes, crap old Europe and it's dreadful archaic rejection of free-market sensibility. However if you are laid off from your job through no fault of your own you will receive unemployment benefits and free training. You may receive world-class University education for free. If you are run over by a bus you will be treated in a hospital for free. If you are elderly, you will pay nothing anywhere on the national public transportation system, nor will you pay for your prescription drugs, nor wil you pay for your doctor's visits.

Oh, and you will have had a sexy and tiny mobile phone for the past decade or more.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Yet another example...

[grunt107]

of businesses mandated to babysit their employees. I do not get spam on my work PC. I do not give out the email address when ordering, do not access non-business sites. People that did either of those above actions do get spam. So the only solution to this is to not only make said actions grounds for immediate termination, employers should also let it be known that whatever spam/spyware removal costs (and legal costs) incurred by the company will be passed on to the offending (former) employees.

Re:Yet another example...

I have a related anectode.

I followed the same practice as you. Never subscribed to anything with my corp email address and was very carefull/protective about giving it to vendors, sales weasels, etc.

I never recieved any spam at this address ... until

The mail admin added my account to the corp Postini spam filter. Now, instead of no spam, I get 10 messages a day from Postini telling me about a blocked/quaranteened messages suspected to be spam and/or viruses.

I really think that either Postini leaked my address or it was harvested somehow from them.

So, instead of no spam - I get unsolicited "see how great Postini is" messages. I can't go off the filter, becasue now, apparently my address is in the wild and getting spammed. Damn.

Re:I'm voting for Bush

[Jerk+City+Troll]

He is too dangerous to the terrorists, that is all.

Bush has done nothing but give poster examples as to why outranged people should join terrorist organizations and help fight America. The US, under Bush's lead, has committed horrible attrocities and it only goes to support the agenda of the terrorists: that we are a dangerous, threating force that must be stopped at all costs.

What you and many other conservatives don't seem to understand is that we are not the only people in the world with a political agenda. The people who have pitted themselves against us do so not because they are "jealous, freedom-hating evil doers in league with Satan", but because they have a grievance with us and they have no other recourse.

We need to quantify the injustices we have committed (and we have committed quite a few) and then figure out how to resolve those injustices. That's how we will achieve peace, but we will never do it because it requires us to get off our righteous high-horse and take a hit to our pride. Instead, we opt for the brain-dead solution of simply killing people, a course of action that will never solve the problem. Instead, it will create a never-ending cycle of violence.

Re:US is the same, NO ITS NOT

[gorbachev]

"Go back and eat some cheese, you euro-fag."

I find the American cheese quite satisfying, although it does not suit all occasions. In fact, why don't I go and eat some cheese that tonight after work while laughing at the expense of the US worker I displaced by working in the US for the past 6 years.

Goatse is gonna kill somebody

[Tablizer]

Someday goatse is going to cause somebody with a frail heart to have a heart-attack, and lawsuits are gonna fly.

Take some responsibility

I think it's absurd for users to demand protection from the spam that THEY CAUSED by being promiscuous with their email address. I've had my work email address for almost five years now, and I've never gotten a single piece of spam because I'm not dumb. My coworkers complain about spam endlessly, and I have not an ounce of sympathy for them. Hotmail has great spam filtering these days, maybe they should be using it instead of their employers' email.

Re:Take some responsibility

[stratjakt]

I have to agree, in the four years I've worked hear and had the same email address, I've gotten not a single spam to it. One coworker in particular gets literally hundreds of porn spams in a day. He thinks it happens to everyone, and doesnt realize that I know the only reason he gets it is because he stays late browsing the web's stickier side.

I use my work email only for work and personal correspondance, not to sign up for websites, etc.. I use a hotmail address for that, and lo and behold - it's crammed with spam.

My home email, on comcast.net gets the odd spam - maybe 3 or 4 in a week. I hardly ever use it and have never given it out. Big domain names like hotmail or comcast or aol are just going to be targets no matter what.

All the same, I agree. I'm tired of peoples lack of personal responsibility these days, laws like this make me sick. So Vladimir stays late one night, browsing pictures of hot man-cow anal action - then sues his employer when his inbox floods with man-cow advertisements?

It's like saying you're going to jerk off in the washroom, then sue your boss when your dicks sore because he didn't provide vaseline in the stalls.

Re:Take some responsibility

[rokzy]

my uni has the ingenious system of assigning everyone a 5-letter username that is their email address. they also assign your name to the same account.

this 5-letter system means I inherited all the spamming from whoever had the code before me. everyone has it quite bad anyway with it being such a perfect system for spammers, but mine is especially bad: aaaaa-zzzzz@my_uni.ac.uk - some don't work but guaranteed to reach every member of the uni. if you're a clever spammer who likes to be efficient you may also realise the first 2 letters stand for the departments.

this is also the uni with retard computer admins who refuse any kind of spam-filtering.

Re:Take some responsibility

ISPs should also stop assigning usernames like

XYnnnnn

I am getting about a spam a day on my ISP mail account that fits into this pattern and some spam company figured out trying XY00001 XY00002 XY00003...

Re:Take some responsibility

Try telling that girl you met three years ago in a club who you thought you might like to get jiggy with but didn't to stop incuding you in her tiresome forwards of "if you send this to five people you'll get lucky tonight" chain letters especially when she puts all 400 of her friends in the To: field and then they all Reply To All to tell her how "she rocks" and how they "haven't seen her in SOOOO long" and then a week later your email address is as common as pictures of Anna Kournikova's ass and you start in with the "p.e.n.i.s" this and the "cia'li_s" that.

You get spam through no fault of your own, and that's just that.

Re:Simple Solution: Don't give out email addresses

[Nuclear+Elephant]

Obfuscating your email address doesn't prevent spam, although it also helps to stop the spread to some degree. Dictionary attacks are used to brute force spam into a company's email server, using the most commonly used names and phrases to guess the names of your inboxes. Unless you plan on also using very obfuscated addresses, throttling, and never posting your email address (even on the web), this plan won't work. Even if you did all of this, the next smartworm that infected somebody with your address in their addressbook would wind you up on a harvest bot somewhere. If you don't want to but a few people, just set up a Challenge/Response system.

Take some responsibility

[Ungulate]

I think it's absurd for users to demand protection from the spam that THEY CAUSED by being promiscuous with their email address. I've had my work email address for almost five years now, and I've never gotten a single piece of spam because I'm not dumb. My coworkers complain about spam endlessly, and I have not an ounce of sympathy for them. Hotmail has great spam filtering these days, maybe they should be using it instead of their employers' email.

I dont know why this was posted as AC because I was logged in.

Re:It's Really Sad..

[gorbachev]

Fuck off. I wasn't bashing the US, but merely pointing out EU, in its everlasting quest to imitate everything the US does, has, once again, managed to update their laws to copy what US already does.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Spam is not an SMTP problem

[Frater+219]

Spam is not a technical result of the email system, the way that (say) packet collisions are a technical result of shared-media Ethernets. Rather, spam -- just like theft -- is a result of individual human beings (the spammers) choosing to offend. They are aided in this choice by other individuals (employees and managers of spam-supporting ISPs) choosing to permit their resources to be used for this offense.

It is a category error to treat spam as a software bug rather than as human misbehavior. It's true that technical measures can reduce or ameliorate the spam problem, just as technical measures such as locks and sturdy vaults can reduce or deter robbery. However, that doesn't make spam (or robbery) a technical rather than a behavioral problem.

There is no technical fix for spam. Real fixes for the spam problem must take place on the human level: enforcement of laws against spam and spam-related computer crime; refusal of connectivity to spammers and spam supporters; boycotting of firms which spam or benefit from spam.

Re:Spam is not an SMTP problem

you are a fool if you think laws will stop spam.
Just like they stop drugs and fraud right?
And spam is a LOT easier to do that fraud and drugs.

Re:Spam is not an SMTP problem

[the+MaD+HuNGaRIaN]

Why not just invent a better protocol that can't be abused as easily?

Re:Spam is not an SMTP problem

[Alyred]

My question is: Who in the hell actually BUYS from spam? Why would anyone click on these websites/links/etc?

Pr0n spam I can understand, because hey, you're buying pictures/movies/etc. You're not getting a tangible product of unknown quality. You know what you are getting pretty straight away.

But Viagra, etc? Who in the hell buys this stuff and then ingests it? At best, you are getting the product described, but at worst, you could be getting something harmful or dangerous.

Spammers indulge in this behavior because PEOPLE CLICK ON THE LINKS and make them money. If noone clicked on the links, then they would not make money. Spammers would have to move on to the next scam, or get real jobs.

Re:Spam is not an SMTP problem

[Frater+219]

Why not just invent a better protocol that can't be abused as easily?

Take a shot. Some design criteria you should keep in mind:

• People need to be able to send messages to people they don't know, and have no common contacts with. A system which relies on "introducers" can be layered on top of a more open system (think PGP) but is not adequate alone. If one user can't send email to any other off-the-cuff, you lose, since people will have to resort to SMTP when they need it ... and if they have to do that, why use your system?
• Sites require their own servers, and no dependence on a central authority to process messages. They can choose to delegate authority over filtering (as with DNSBLs) but it can't be a requirement. If you (the system's creator) or any other power (say, Verisign) can monitor, censor, or shut off anyone's email, you lose -- why should General Electric trust your system?
• A new mail system must support gateways to SMTP. After all, SMTP would never have replaced UUCP, BITNET, and Fidonet mail if it had not been able to gateway to them. (If the only mail system you know about is SMTP, you don't know enough to build a new mail system.) These gateways must not themselves be easily abusable, or users of SMTP will reject mail from them. If that happens, your gateways get kicked off their ISPs for being spam sources, and you lose.
• A new mail system must offer its early adopters immediate benefit. If a new system doesn't offer real benefits until 51% of the world is using it, then no more than 0.1% will ever adopt it. If the only way your abuse-proof protocol is abuse-proof is to reject email from the whole dirty SMTP world, you lose.
• The standard must be a single open protocol, not a single implementation. Developers must be able to implement that protocol on disparate platforms on all different scales. Any implementation conformant with the standard must be able to talk to any other. Handing the world a Perl script and saying "this is the new email system" means you lose -- most people don't have Perl on their Windows and Palm systems and aren't going to install it to try out a new mail system.

Think you're up to it? Go for it. You have nothing to lose, right?

Re:It's Really Sad..

[Red+Alastor]

Even more to post this as an Anonymous Coward, isn't it ? The article say that EU do this, if US also do it and someone say it, it is informative. If US don't do it then it's bullshit but not because US was mentionned in the post.

Productivity?

[Famatra]

"probably mean a considerable loss in productivity. "

You then fire the lazy workers. No? Oh yes I forgot, no one gets fired anymore unless you goto work with a gun and kill a few people.

Then you get a few weeks of suspended pay.

Re:Simple Solution: Don't give out email addresses

I believe you are lacking a sense of humor.

Certainly belongs in the "Oddly Enough" category

[wcrowe]

I've always had the impression that Europeans generally don't care about pr0n and tolerate great amounts of it. My European friends have chided Americans for years for being too prudish.

Can any Europeans out there enlighten me on this?

Re:I'm voting for Bush

"Bush has done nothing but give poster examples as to why outranged people should join terrorist organizations and help fight America"

He has done nothing of the sort. In fact, he has provided a strong disincentive and discouragement for them to join terror groups.

"The US, under Bush's lead, has committed horrible attrocities"

The opposite is true. He has stopped terrorists and tyrants from committing atrocities.

"The people who have pitted themselves against us do so not because they are "jealous, freedom-hating evil doers in league with Satan""

The Satan thing you made up, but the rest is true. Al Quada has gone on record that the real opposition to us is due to hatred of freedom, especially religious freedom. Did you know that the terrorists that attacked Spain had planned their attack long before the Spanish government joined the US to help Iraq? Their main grievance was that the Spanish people had thrown out the Muslim Moorish invaders hundreds of years ago. You think that is legitimate????

"but because they have a grievance with us and they have no other recourse."

Since the main grievance is "You are not Muslims!", a better recourse on the terrorist's part is to learn tolerance.

"We need to quantify the injustices we have committed (and we have committed quite a few)

You are lying, actually.

"Instead, we opt for the brain-dead solution of simply killing people, a course of action that will never solve the problem."

It sure worked in WW2. I suppose you think that the Gestapo had a legitimate grievance!

"Instead, it will create a never-ending cycle of violence"

Like it did in WW2? You must be in a fantasy world.

ignore this

[6824ego1]

a crappy comment.

Re:Fallujah is the new Warsaw Ghetto

History is written by the victorious. We have yet to see the outcome of this. Fallujah will never be the new Warsaw Ghetto unless the freedom fighters win. Right now they are terrorists, and will remain so if the Yankees are triumphant.

I would personally like to see George Bush Jr. and Saddam Hussein duke it out in a mud-wrestling contest, but that will never happen, more's the pity.

what counts as enough?

[mattyrobinson69]

blocking keywords like p0rn, porn, virgins etc if one gets through by using words like p.o.r.n for example - does that count as enough?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Simple Solution: Don't give out email addresses

[Red+Alastor]

And how do you stop co-workers from sending giving your e-mail address to spammers by sending you "virtual postcards" ? It's as hard as stopping them from opening every attachement they receive.

Re:It's Really Sad..

Maybe the EU should try to imitate the US's prosperity and freedom first.

The antispam debunker checklist

[87C751]

Usually, I find the checklist humorous, but there's one point that needs to change.

(x) Armies of worm riddled broadband-connected Windows boxes

Might as well take this off the list because it's never optional and is often orthogonal to the proposed solution. All those zombies are in place and speak the current flavor of SMTP. If a successful solution moves the greater net off of SMTP, the zombies are irrelevant. Solutions that stay with SMTP have to put up with the zombies just as email presently does. Zombies are to SMTP what atmospheric noise is to radio. A successful solution must be able to withstand noise because, to be frank, nothing under the sun can clean up the zombies. Not to mention that many (if not most) of the zombies are field-upgradable and will soon be attacking the new system.

Would-be spam solvers are also well advised to remember that securing the entry point to the system is both the most important point of preventing spam and the hardest problem to solve. Explaining why clients cannot be trusted is left as an exercise for the reader.

A recent frustration to my own email

[JetScootr]

I've had an email account for 3 years that was totally spam-free. I was careful with it, wasn't "promiscuous" with it. I carefully shielded it by using a "spamtrap" address to vet companies - any company I start doing bidniz with is "on probation" for a coupla months, then if they behave and don't send me ads, I'll update my addy with them to my protected account. I do several other things also to protect myself.
Then a person to whom I'd given my email to stupidly answered the ebay-phishing email, got trojan'd and harvested. No, I wasn't stupid to give my email to that person. I needed to communicate.
I received 10 spams the next day, and I'm "WTF is all this $&#^@????". I'm soon gonna have to change my email cuzza this.
No matter how careful a user is, he/she must actually share his/her email address for it to be of any use at all (by definition).
There's no way to be sure that absolutely everyone to whom you MUST provide an email is as careful as you are.
Even if they and you are both careful, there's no garauntee that the M$ critical-security-flaw-of-the-week isn't going to be exploited and hit you or them 10 seconds before you/they click the button to apply the patch.

Why do we need images in email?

We wouldn't even be discussing this issue here if email clients did the reasonable thing and didn't load images until asked. Sounds like an MS marketing feature that, naturally, everyone felt the need to duplicate. If an email client cannot have this functionality disabled, it is flawed software and is not suitable for a business environment. If the functionality can be disabled but is not being disabled, the IT personnel responsible for maintaining affected desktop systems should be reprimanded for creating unnecessary liability for the company.

This is yet another example of the government getting involved and creating harsher guidelines than necessary because companies refuse to act in the best interests of their employees. They deserve every last word of obnoxious legislation until they learn!

Understanding is not fear

[divine_13]

I do think that the employees are aware of what kinds of contents sex-spam include. So, is there any reason for them not go inside and have a peek? I thought all normal people do :S ;)

Re:Certainly belongs in the "Oddly Enough" categor

[pete-classic]

You took the words right out of my mouth. This story is supposed to have a bunch of comments about "stupid, prudish, litigious, usaians" posted by indignant, self-righteous Europeans.

I expect to step out of my office and find that everyone has a "goatee" (vandyke).

-Peter

Re:It's Really Sad..

"Maybe the EU should try to imitate the US's prosperity and freedom first."

Cut taxes. A lot

Privatise health care so that the people control it, and not the State

Privatise the official state media organs like the BBC.

Knock the unions down a peg by instituting "right to work".

Re:It's Really Sad..

[Some+Bitch]

Maybe the EU should try to imitate the US's prosperity and freedom first.

No thanks, I rather like having some.

Re:I'm voting for Bush

[wcrowe]

... but because they have a grievance with us and they have no other recourse...

I'm am not buying the argument that they have no other recourse. Far too often, people do the most outrageous things because, in their opinion, they have no other recourse. ...We need to quantify the injustices we have committed (and we have committed quite a few) and then figure out how to resolve those injustices...

What injustices? List some.

Pornographic spam by snail mail??

[Ra5pu7in]

Snail mail does not have the same problem (in the US, at least). The most important reason is the cost per piece mailed. At nearly 40 cents per item, sending out the massive quantities spam is known for is prohibitive. If they want bulk discounts, they must be legitimately registered with a permit. That permit can easily be revoked and there is no other service waiting in the wings to pick up the business. Air mail doesn't sneak past - in fact, it costs more and still must move through the US postal service. There is no competing postal service within the US. The US postal service is a federal entity and there is a fairly good-sized body of federal law related to posted mail. This also means it has federal entities (FBI comes to mind) in place to handle investigation and enforcement when violations occur.

The only "spam" I get through snail mail is 1) local business ads (grocery store sheets that are not addressed, but delivered to EVERY mailbox), 2) political pamphlets (but this is because I don't ask off), and 3) those with whom I have had a relationship (BofA's many offers, SBC's nonsense, and so on). I have only twice in my life received chain letters. I have never seen a "Nigerian scam" or pornographic materials (that I didn't personally request).

==========

Until we have a system in which every person is accountable for the email they send and an international body of enforceable laws to prevent abuses, we will not have protection from spam. I prefer not to go the way of charging for emails just to stop spammers -- because that enriches one group at the expense of another to combat a third, when the first group could have come up with better options.

===========

On a side note, what filters out there can scan the content of the images embedded in the email for pornography? What filters can find every single misspelling of every term considered offensive? (Not to mention one I ran into trouble with. Trying to trim spam offering stock tips I tried filtering out the word stock. Unfortunately, stock has other meanings that various customers use it for.)

The only way for an employer to really cover their ass would be to review every email that comes in -- and this is guaranteed to get privacy fanatics up in arms. Of course, if it comes in on company email lines and is supposed to only pertain to company business, but that still puts at least one employee in the unenviable position of having to review every email and make a judgment call. (Hey, maybe that's the next big employment opportunity - email reviewer.)

In closing, I haven't read the actual text of the legislation, but I would think there is a pretty wide gray area here. Are the "online pharmacies" spams considered pornographic if they offer viagra? Or would only those with images or explicit text count?

Re:Pornographic spam by snail mail??

[DR+SoB]

That's funny because my email account has never received pornographic material, nor anything about a Nigerian scam either. I did receive a couple chain letters (you mentioned you've got 2), but after politely asking my ex-gf to stop sending them, she did, and I never got any others. My current email statistics are: 16,231 Received, 24,321 Sent, quite a large number I'd say. Oh yeah, I've never received stock tips in my email either (except from my broker). So I guess since this is my personal experience it must be the same for everybody right? So why is everyone complaining then? Why was everyone complaining 5 years ago about the amount of junk mail they receive? I mean, you've made it very clear that junk mail, simply doesn't exist?! Maybe because it's moved to electronic medium? In that case, isn't it more environmentally friendly? (I remember that being a huge argument against junk mail myself), so maybe your just anti-environment?

I don't like spam, but people are so damn aggressive and bitchy these days. RELAX!! Learn how to joke around again. Life is short, enjoy it. In Canada we all joke about the constant frivolous lawsuits that happen in the USA (burglar sue's homeowner after falling threw roof), creating laws, and sueing everyone into bankruptcy isn't the answer. You want to set up a spam filter, great! But don't get so worked up because someone wants to make your penis bigger.

Re:Pornographic spam by snail mail??

[InfiniteWisdom]

(burglar sue's homeowner after falling threw roof)

Good idea. Let's start by making jokes about Canadian grammar and spelling!

Re:Pornographic spam by snail mail??

[DR+SoB]

Honestly, that'd be funny.. I have a sense of humour, and I can take a joke. I guess you missed the jist of that email, RELAX, enjoy life, don't take these things so seriously!

So don't'cha wanna go first, eh? I hain't gonna get upset. You have'ta 'mit d'oh, it r funny that a burglar could sue a home-owner!

Re:Pornographic spam by snail mail??

[InfiniteWisdom]

Just for the record... its spelt gist ;)

Re:Pornographic spam by snail mail??

[DR+SoB]

Haha, good one!

attention stiff-necked posters: THIS IS A JOKE

it's funny. laugh

and get a fucking sense of humor you quacks

Re:I'm voting for Bush

"What injustices? List some."

You will see the same tired list originally written by Stalinists whining that the US helped Chile kick out Soviet overlords in 1973, and the tragedy of the Soviets colonialists also being kicked out of Guatemala in the mid-1950s.

They will use this to justify terrorism. Expect silence when you point out that Guatemalans and Chileans are not part of the terrorist movement at all.

Re:I'm voting for Bush

[wcrowe]

All I ever hear is the "US supports Israel" complaint. Since it is clearly their desire to wholly wipe from the face of the Earth every single Jew, I can't buy into the argument that anything the U.S. does to stop that is an "injustice."

What most Muslims have a problem with are their own governments and corrupt rulers. Naturally they can't do much about that because the regimes they live under are so repressive. The USA becomes an easy, "safe" target. For their part, the repressive regimes encourage this behavior, in part because it shifts the focus of violence from them to someone else.

You've obviously never encountered the nasties...

[Kjella]

...you can delete them once, they hide in some other start-up file reinfecting the machine. Trust me, some of these are near totally uninstallable by anything else but a clean reinstall.

Kjella

Re:You've obviously never encountered the nasties.

[nathan+s]

"...you can delete them once, they hide in some other start-up file reinfecting the machine. Trust me, some of these are near totally uninstallable by anything else but a clean reinstall."

That's why you check autoexec.bat, config.sys, system.ini, win.ini and the registry */Software/Microsoft/CurrentVersion/Run* keys.

I love 98SE for this - it's extremely easy to un-fuck-up provided that no important system files were replaced with trojans, and even then a date check and extract /a from the CD usually fixes it.

Absolute worst case, an install of 98 OVER the existing install usually fixes any problems, while retaining your files and a lot of Windows settings.

Huh-Wha?! WTF?!

[Darth+Hubris]

"Europe's new anti-spam legislation"

"The overly broad wording of the legislation, according to the study, could allow employees to sue employers for not doing enough to stop porn spam."

Jesus H. Fucking Christ on a Popsickle stick.

I'm sorry, but weren't these the same people that laughed at us, considered us backward, for being upset with Janet Jackson's breast being exposed on TV?

WTF?? Where is the precedent?

[serutan]

If it works for email, then you should be able to sue an employer if somebody from outside the company mails you porn in an envelope. There's no precedent for employers being responsible for censoring incoming mail, and I certainly wouldn't want a few litigious opportunists to force it on society. Ridiculous.

Acutally the future is easy to predict

[m0smithslash]

Spammers are parasites. Like parasites, they live off the host, eventually killing the host and themselves. So, here is what happens if someone successfully sues a company for allowing spam. All companies do a ROI on email and decide:

1. email costs the company X dollars per year in servers, spam filters, network, etc.
2. email now presents a risk of Y dollars in terms of possible lawsuits
3. the cost of doing business without internet email is Z dollars

Do the math: Is X + Y > Z? Then get rid of internet email access. They my keep the inhouse email, but no internet gateway. Other technologies for allowing cooperation among employees will be used.

You might complain its not fair or believe it could never happen. Haven't you seen things that are perceived to be mostly "employee benefits" get dropped? I sure have.

So, the spammer-parasites are coming very close to killing the host upon which they depend. Its on life-support now and it won't take much of a shock to push it over the edge. In 5 years, you will see posting on Slash dot like, "Hey, remember in the bad-old-days when you had an email address? Can you believe people actually got spam? ha ha ha".

Re:You've obviously never encountered the nasties.

[ticktockticktock]

And that kind of spyware isn't classified as a virus or trojan by antivirus vendors because......"the user consented to it" and a corporation made it?

Re:I'm voting for Bush

"Since it is clearly their desire to wholly wipe from the face of the Earth every single Jew"

"You are clearly biased by the jewish-owned corporate media and its servants in the Zionist occupied government!"

(Watch someone attempt to insult you by calling you a Jew when you dare to question the oft-stated Muslim goal of extermination of the Israelis).

Alternate situations

[phorm]

How about if the employee mistypes a URL or clicks a bad link ending in goat.cx (please don't go there) - is the employer liable because they didn't block that site. How about any other site

How about if it's a ground-level building with windows, and there's a flasher across the street... is the company liable for not shading the windows?

Now, if an employee had a known porn-spam problem, reported he/she was offended by it, and no steps were taken, that's a maybe. But even then the stuff is hard to cut off without sometimes impacting legitimate traffic.

Holding the employers liable for somebody else's misconduct is not very reasonable.

Simple solution

[mwood]

Take out all that multimedia gunk and give all employees Pine. You can still communicate just fine but images don't show. I receive lots of spam and a good deal of it is probably pornographic, but I never see the pic.s so it's no problem for me. (Okay, every once in a while I turn on full headers so I can look at the URLs and guess what kind of junk I'm enjoying not seeing.)

And if someone answers "Yes" to "really follow link to http://sickos-r-us.com/horrible-disgusting-porn.jp g?" then he has nothing to complain of.

Re:Certainly belongs in the "Oddly Enough" categor

[bw5353]

There are dozens of countries and hundreds of millions of "Europeans", and they have very different opinions. A big but actually ridiculous divider between the US and Europe is whether you show naked breasts on public television. In the US it isn't done. In most European countries it is no problem - even in family programs. That's about the only big difference.

However, when it comes to showing pornography for sexual pleasure we ("Europeans") get much more restrictive. No country I know of shows pornography on public television before children are supposed to sleep, and it is unusual that it is done even in the middle of the night on public television.

Without referring to opinion polls in different countries, my guess is that a definite majority of Europeans is against unrestricted pornography in general - and definitely so in spam.

Artistic photography and films with occasional nudity is a different matter.

Its not a law...

[zoney_ie]

...it's a directive, and as such, must be implemented in national law, fulfilling certain stipulations. Those aside, there's a reasonable amount of leeway, and various States end up producing somewhat different legislation. So any theories as to what implications may result from this directive are theoretical (hence the word theories).

The eight countries mentioned comprise less than half the EU, even before enlargement this weekend.

While some EU countries ignore various directives, they quite often get in trouble, eventually at least. Ireland, where I am, is shortly to get in deep doodoo over non-compliance with environmental issues (Not enough special areas of conservation (SACs), and not protecting the few we have). In theory, the State may end up having to fork out millions until they sort out the issues (They've already been given a LOT of time).

EU directives, laws, etc. are supra-state in nature, not just vague international stuff, so can't be ignored indefinately. The EU is an extra layer of governance above national governments, despite not being federal.

Anonymous speach is an important privacy right.

[ron_ivi]

Non-Authenticable sending is an important privacy right.

Just because someone has a problem with giving their email address to unscrupulous spammers doesn't mean they should start whining to remove freedoms.

IMnsHO the answer is on the receiving end - people should learn not to give out emails to everyone if they don't want to get spammed.

For an interesting article, check out Wired
" In times past, anonymous speech sheltered the Founding Fathers' revolutionary arguments and emboldened commentators such as Mark Twain (aka Samuel Langhorne Clemens) to criticize common ignorance.

Last April, in MacIntyre v. Ohio Elections Commission, the US Supreme Court reaffirmed that the First Amendment protects the right to anonymous speech. Anonymity, the court reasoned, helps speech stay free. Focusing on political speech - the sort of speech that lies at the core of the First Amendment - the MacIntyre ruling stipulated that restrictions on anonymous political speech must be narrowly tailored and serve an over-riding state interest. "

Re:Anonymous speach is an important privacy right.

[nuggetboy]

But I shouldn't have to incur the cost of RECEIVING said anonymous speech. I'm not violating someone's rights by demanding they identify themselves to post a message on MY billboard. Rights schmights.

Or the entire company...

When I got made redundant last time, about half the company went. I later heard that someone in that half subscribed everyone in the other half to what must have been every pr0n-in-your-email service they could find (which must then have sold the addresses on). The IT department (now person) was apparently powerless to stop it.

I think there were about 2 people I felt sorry for (both lovely girls who would have been mortified to receive this stuff), but otherwise I thought it was bloody hilarious and wished I'd thought of it.

How hard would it have been, with a copy of the staff list and the knowledge that everyone's address is firstname.lastname@company.com? Are the company negligent for having easily-guessable addresses? Or for firing most of the IT department?

Companies can make spam a non-issue for employees

[ron_ivi]

At the company I work, we make it easier. Everyone can have 2 (or more if needed) email addresses. One for reliable business partners, and a second one for less trusted business partners, mailing lists, etc. For example our affiliate manager may actually need to contact porn sites.

For another example, our CEO wants to sign up to mailinglists of all our partners, competitors, etc. Both use their "secondary" email address for this spam-ridden mail.

Most of the "legimite" "corporate" use of email doesn't actually get your email address listed with porn spammers. People just like giving out their email addresses to everyone, and that's what gets them in spam-trouble. By giving a second throwaway account, most people's primary account stays nice and spam-clean.

This is provably impossible!

There are two ways to filter: use purely mechanical methods (manually create filters for 'porn', 'p0rn', 'p.o.r.n', etc); or use some sort of machine-learning technique (e.g. Bayesian filters).

The problem with the first technique is that you will never be able to filter properly, because in order to prevent all spam from coming in, you will block important emails.

The problem with the second method is that SOMEBODY still has to look at emails and classify them in order to "teach" the filter. This is either the end user or some guy in the IT department. The point being, that SOMEBODY still has to look at it. Even if you can prevent the poor HR gal from seeing the man-cow anal action spam, some poor schmuck in IT can still sue you for forcing him to filter the whole company's email stream!

In other words, this has to be handled just the same way prank phone calls are handled. The company may be required to block certain sources of constant annoyance, but under most circumstances an employee should just hang up when a caller starts moaning and panting. Likewise, an employee should just hit 'delete' when they see porn spam.

aQazaQa

Not realistic

[flibuste]

As an european living in North-America, this article , although true in its content, plays a lot of noisy drums for nothing.
Contrary to USA, europe does not have a culture of suing people or companies, and in particular against "hostile work environment".
I don't think the situation were an employee sues his company for receiving p0rn spam will arise often, since the employee will have nothing to win apart from losing his job and never find another one (suing your company is generally not a good thing on a resume). (I dont say you lose your job if you sue your company - legally you cannot, but we all know how easy it is to for companies to find other supposedly legal reasons to fire you).
Moreover, if your receive spam, it generally means that you have used your work e-mail address for non-business related issues, and you'll end up walking on dangerous grounds if you try suing your company for that.
So, to me, this article has been written by someone who knows laws, can forsee their effect, but do not know the european culture enough and makes the common mistake of comparing it to north-america. Or maybe he never worked in a company where e-mail is used for work.

Re:Huh-Wha?! WTF?!

[49152]

Europeans is capable of telling the difference between nudity and pornography. Janet showing her breast on TV was not pornography, it was just stupid.

Thef

[siriuskase]

http://research.microsoft.com/~mbj/Smiley/Smiley.h tml

It's called SPF

[mdfst13]

SPF ( http://spf.pobox.com ) does this at the domain level. At the username level, authentication would be guaranteed by the domain server.

The grandparent post's issues can be solved by always using the domain SMTP server (as opposed to using an ISP server or sending direct). Most people already do this. If the ability to send from a dynamic IP is really needed, I notice that DynDNS is listed as an SPF supporter at http://spf.pobox.com/faq.html .

A second conversation (to verify) is not needed. Just push all mail through the SMTP servers. Then the receiving server can verify the sender on receipt (the sender's IP is known as part of the TCP conversation).

There is also a proposal called IM2000 that would offer most of what you want as well. With IM2000 only a message notification is sent. Using that info, your email client then gets the actual message from the sending server. If you verify the sending server in DNS prior to retrieving the message, you can be guaranteed that it is sent by the correct server.

Re:Certainly belongs in the "Oddly Enough" categor

[wcrowe]

Can't argue with the "bared breast" difference. As for myself, I definitely don't mind bared breasts at all (but that's probably because, like most American men, I am obsessed with them ).

The best duty I ever pulled in the Navy was the day I was assigned Shore Patrol on the beach in Malaga, Spain. Imagine being FORCED to patrol up and down a topless beach filled with hundreds of high-school and college-aged European girls sunning themselves.

PKI, the web of trust?

[GPLDAN]

Any cogent whitepapers out there detailing SMTP reform using digital signatures?

Most of the stuff I've been reading on PKI don't extend the problem set to Email verification on a global scale.

I use digitial signatures with PGP, and people who know me, can tell if the mail has been spoofed, if they are also running PGP. But that's a very small set. We use public keyring servers to upload our public keys.

Thinking seriously about the problem is difficult. Every solution I think of has an obvious weakness. Early on in the 90's, when I ran a small (500 user) ISP, it used to piss me off that all SMTP senders didn't have reverse DNS lookup. I hacked sendmail to drop mail from recipients that didn't reverse resolve. That, as you might imagine, didn't last long.

I then began quite enamored by a whitepaper that I read from a graduate student at the University of Washington. It detailed a plan for embedding a kind of "reverse traceroute" in the IP header of every packet sent. When you got a packet with a forged src-ip, the actual traceroute it took was embedded in the header of the packet. He managed to devise a way to represent the route in hex in a way that didn't blow past the IP header specs. I forget if he was "borrowing" the TOS field or what. Then I realized that was never going to happen, and even if it somehow found it's way into router code, many ISPs would probably disable it.

The question of doing strong authentication against an incoming SMTP connection always ends up being a Layer 8 discussion about who is the root of trust. Any opt-in system with a set of root trust delegators like Verisign would meet with widespread dissent at first, but could take hold over time. But I think rebeliions would take hold in large sections of the net. If you thought Alternet DNS was bad, imagine the ways a system like that would be corrupted. People would join the hierarchy of trust and then allow SMTP relaying to happen, deliberately, just to break the system down. Your machine would be busy every day just downloading revocation lists deciding who to trust THAT DAY.

I think the final answer is, everyone should just shut Email down, and the whole world has to use Google's GMail. All those Ph.Ds over there at Google, we can trust those guys to do the right thing, no?

Pay ME to open spam

[siriuskase]

The funny thing about the PO is that they give the bulk mailers the discount.

I know what I want, I want to be paid to open my email. The postage would be some sort of token that I and my legitimate corresponders would pass back and forth. Anyone with a need to mail more than he receives would be required to buy postage. The problem is that these tokens may be too easy to coounterfeit.

How does the Post Office sell postage on the internet? I mean, can't you just download postage and pay for it with a credit card?

It's worse.

[rew]

I store all my incoming Email. including the spam.

I could be sent to jail for that: I have kiddy porn on my drive. Just having the stuff on your drive makes you in violation of the Dutch law, and you can go to jail for that. Simple.

(The spam is useful for training filters, or to calculate statistics after the fact. If I know in advance I want to know how many spams I got every day, I can just tabulate them, but I might want to collect some other statistic and need info I didn't keep. So I just store everything. Costs me some disk space, but it's cheap nowadays.)

English common sense

[siriuskase]

Although American law is based on English Common Law, Americans see a loophole where ever anything isn't spelled out in plain legalese. If Common sense was assumed to be part of the system, we wouldn't have so many frivolous lawsuites. As it is, any creative person can be a victim of something.

Re:Another Example..

fucking crack smoking mods...
it's a joke.
maybe it's offtopic, but it's a joke first and foremost.

*grumble*

or...

American taxes just favor the rich.

"...sometimes sleazy content of spam."

Spam == Sleaze; // Sleaze - its not just for cheap porn anymore!

Re:I'm voting for Bush

[Alyred]

All I ever hear is the "US supports Israel" complaint.

Why anyone would fight over that godforsaken dry strip of sand in the first place is what I don't get. At least in Unreal Tournament (etc) it's all about a spectator sport. :)

Get rid of email

[BradNelson]

My solution, of course, would then just be to get rid of all email access for employees if one of them decides to sue, or even complains.

Where are the lawsuits

[aggles]

The threat of lawsuits for accidental porn has been around for years. Where is the flood of them? Can you even find a dozen? This sounds like a plot cooked up by a content filtering vendor. What a crock!

You forgot to mention where to write him :)

I'm sure that old Al wouldn't mind a single letter asking him to politely stop emailing you. Or perhaps he would be interested in legitimate business opportunities you might want to share with him?

Al Ralsky
5016 Patrick Rd.
West Bloomfield, Mi 48322-1543
1-888-531-4793

(248)661-3355
(248)661-5166

al@rxpoint.com

Rip up junk and put it in junksters free envelopes

[Alan+Cox]

It seems to help. And the more people who send them their own junk back in their envelopes with "no thanks" written on it the better.

[OT] Re:Well Meaning People Can Be Idiots

[pclminion]

And as we add our own REGEX filters, we find the false-positive rate increasing.

Just for your information, the term 'regex' is a shortening of 'regular expression.' It isn't an acronym and shouldn't be written in all caps.

Funny situation

[kop]

Prostitution is legal in the Netherlands,
So now a brothel here cannot receive its own spam because the whores might complain about its sleazy content.

Aargh!

My 2 cents:

[Cow007]

All I can think of is how my mother used to go on her email account and find the most disgusting spam messages imaginible. I definentley think that people should be held liable for things like this! However the reason that she got in this situation in the first place was beacause she was on windows with and wasn't carefull with her email address. Avoiding spam is common sense on the part of isp/company AND the user! I think if users are being bombarded by spam, especially pornagraphic on the fault of the isp/company then there has to be accountability. Just remember that if you use common sense then you might not have a problem with spam at all.

Post

[samhalliday]

so what if i was to post Pr0n spam using a letter as the medium to a company's employees? is it the employer who gets brought up in court? and i walk away? no way! and why should email be any different? this is just stupid madness... what is the EU thinking?

He's not saying one person should start it

[brucmack]

If all the businesses at once decided that they would move to a new system, what's the problem?

Also, why does implementing a new system imply ceasing to use the old system? There is absolutely nothing that requires the old system be completely scrapped before the new one can start.

Interesting Story

[npsimons]

If we started slapping "Return to sender" stickers on flyers and other unaddressed promotional garbage, would it actually make it back to the companies? Or would the postal service just dispose of it.

Actual story:

After filling out and mailing all the forms at Junkbuster's declaraion page and it not having enough of an effect, I tried this: everything I got in the mail that I didn't want I wrote "Return to sender" on and stuck in the out box. Some of it went back. Most of it the post office stuck back in my mailbox saying "we can't return bulk mail" or some other BS. I just kept writing "Return to sender" on it and sticking it back in the out box.

One day, I got a note in my mailbox from the post office. It said to come down to pick up my mail. So I went down to the post office. As soon as I handed over the note, the clerk took back to the offices. A little later a stern looking man came out and had a little "talk" with me about how they would have to discontinue delivering my mail if I continued to "abuse" the system (I was halfway tempted to continue ;).

What it comes down to, even after getting off of all the junk mailing lists, and contacting all the companies that send you junk mail to tell them to FOAD, you will STILL get mail that you can't return to sender or have turned off. For me, it's the flyers I get from the local grocery store, cingular and the penny pincher, even though I never read them.

These ones never have return addresses, and I have been severely tempted to start a movement to get a bill passed in congress to disallow these kind of "mailings" anymore. But, I'm lazy, and most days there's not a thing in my mailbox anymore. Wish I could say the same for spam, but that will be fixed soon . . .

Re:I'm voting for Bush

You will see the same tired list originally written by Stalinists whining that the US helped Chile kick out Soviet overlords in 1973

Learn history from the same place you got your degree - the back of a cereal box - did we?

They weren't "Soviet overlords" you gibbering idiot, they were a democratically elected government. But what's the point talking to a retard like yourself? You'll never read a book, go to a real library or anything similar, will you? You've got Fox News!

Fucktard.

fuck you!

[PostHuman7]

fuck you!

My solution: Reduced charset eliminates spam

[iamcf13]

Read about it here.

Seriously....

Short of scrapping SMTP with a replacement, this is the only effective way to quash spam....By making it effectively impossible to spam.

All other SMTP-level solutions I've seen introduce more overhead into an already spam-ridden communications medium....

Re:I'm voting for Bush

"They weren't "Soviet overlords" you gibbering idiot, they were a democratically elected government"

...which immediately preceeded to institute a Stalinist economic system. Since Allende was owned by the USSR, the Soviets actually shipped in stormtroopers from East Germany to crush resistance in Chile. By the time Allende was overthrown, the Soviets were well on their way to consolidating single-party stalinist rule (and it wasn't democratic)

"You'll never read a book, go to a real library or anything similar, will you?

I've read more than you will ever know.

"You've got Fox News!"

Yes. A great source of information, but not the only source.

"Learn history from the same place you got your degree - the back of a cereal box - did we?"

I think you learned yours from a Bazooka Joe comic book. You are so gullible, to believe the lies that Allende's fascist dictatorship was "democratic".

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I'm voting for Bush

[hesiod]

> Funny I was always of the opinion that peace came when you stopped shooting.

It does, but he said "promoting peace," which is not the same as "enacting peace." Dick.... Cheney!