Slashdot Mirror


E.U. Employers To Be Held Liable For Porn Spam?

Cowards Anonymous writes "Yahoo News has a story about a study of Europe's new anti-spam legislation. The overly broad wording of the legislation, according to the study, could allow employees to sue employers for not doing enough to stop porn spam. Businesses could be sued by their workers for allowing a hostile work environment. The author of the study advises companies running email servers to use filtering technology, and warn employees about the sometimes sleazy content of spam."

15 of 314 comments (clear)

  1. SMTP must die! by LostCluster · · Score: 5, Interesting

    E-mail, as we know it today, has got to go. Non-authenticatable sending is a bug, not a feature. For as long as businesses allow incoming SMTP e-mail, their employees will always be exposed to all forms of Spam, including pornographic.

    So, if the law basically makes it impossible to run an SMTP-based e-mail system in a business, that could be just the knockout blow it takes for businesses to finally see an incentive on picking a tigher protocol that allows better tracing of senders.

    1. Re:SMTP must die! by Cruciform · · Score: 5, Interesting

      If we started slapping "Return to sender" stickers on flyers and other unaddressed promotional garbage, would it actually make it back to the companies? Or would the postal service just dispose of it.

  2. It's not just a good idea, it's the law! by LostCluster · · Score: 4, Interesting

    I know of one business that is still running Windows 98 based computers in the office, with very little preventing the employees from wandering on the Internet to wherever they want. Not surprisingly, the employees end up contracting spyware and browser hijackers on a regular basis.

    The management has had enough of the IT department having to clean up the infected computers, and has basically ordered them to stop wasting their time on such machines. As a result, one machine's homepage is now perma-set to a porn site. There's a running process that resets it whenever the user attempts to change the home page by any way, but it's using rootkit tactics to shield itself from being uninstalled by anything. The OS is hosed, it needs to be reinstalled.

    I just can't wait until the first female employee notices what's happened to this male employee's computer and files the lawsuit. Sometimes, IT spending is just plain mandatory...

  3. i'd roll back to etch-a-sketches by geekbruin · · Score: 5, Interesting

    Sounds like that is going to put a huge amount of burden on the companies. If I were running my own private business, I'd be inclined to unplug everyone's network connections and hand out typewriters. I don't know how strict the legistlation is, but it sounds to me that this might promote anti-technology.

  4. This law is irrelevent. by Chiasmus_ · · Score: 4, Interesting

    The law is irrelevent, because not too many countries are following it.

    From BBC news:

    They also found that eight EU member nations have yet to implement the directive despite the deadline for compliance falling more than six months ago.

    The rogue nations - Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal and Finland - have been threatened with legal action.


    The problem with international laws is that nationalistic countries are generally inclined to ignore them.

    Honestly, since I couldn't find a single link to the actual legislation, it's hard to tell whether employers could actually be held liable for spam, or whether this is just FUD.

    Obviously, if an employer intentionally turns off the spam safeguards on one woman's machine, because she's very religious and he knows it'll freak her out, then that's sexual harassment through spam.

    But spam that slips through the cracks despite reasonable efforts to stop it... I have to say, I don't think any court in the world would find a tort there.

    --
    "Beware he who would deny you access to information, for in his heart he deems himself your master."
  5. Very Sticky Subject by Prince+Vegeta+SSJ4 · · Score: 5, Interesting

    "European employers must be aware of the risk of new computer-related liabilities," said the researcher for the University of Amsterdam's Institute for Information Law.

    "An important example of such a potential new liability is the risk of being held accountable for not protecting employees against unsolicited pornographic e-mail."

    This could encourage companies from denying Internet access to employees, after all why risk sexual harassment lawsuits for something that is so difficult to stop.

    On one hand you can have an opt-in list for employees, where someone must "allow" a person to send mail to an inbox. I use this for my Dads email account due to all of the spam (however, being his personal and business email address, I must constantly monitor the mail so that nothing important gets caught in the SPAM TRAP)

    Which leads to the other hand, opt-in limits your ability to do certain things, for instance if you pass out business cards with an email or want legitimate, but currently unkown people to contact you it is a pain in the ass.

  6. True Story... by Noryungi · · Score: 4, Interesting

    Slightly OT, but still...

    One day, one of my colleagues came to me and asked (absolutely furious) " Why do you send me gay porn on my email address? ".

    Turned out that some sleazeball spamfscker had harvested my work email address and was using it to send gay porn HTML email, using 'clever' JavaScript to open dozens of windows containing images of a nature I will not describe here (Think group goatse.cx here -- yes, it was that bad). The 'From:' header contained, of course, my spoofed address.

    Fortunately, this was a rather tech-friendly company and the colleague was also a good friend. I was able to explain to her that this was, in fact, not coming from me. And I showed her how to disable JavaScript in Netscape Mail. She, in turn, relayed the information to the rest of her open-space co-workers.

    I still shiver when I think of the potential consequences if she had shown the email to our bosses, instead of closing down all the windows and going into my office... A short time after this incident, our sysadmins (bless their souls) installed SpamAssassin on the Postfix server, with a very threshold. And that was the end of spam.

    --
    The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  7. Snail mail screening? by michaelmalak · · Score: 4, Interesting
    As often stated, follow pre-Internet laws unless absolutely necessary.

    Is an employer required to open all snail mail to screen it for porn? Would that, actually, be illegal?

  8. I posted an Ask Slaskdot on this... by Gudlyf · · Score: 3, Interesting

    ...and of course, it wasn't accepted, but that's beside the point.

    We had an issue here in the workplace where porn spam was getting through to a list. Basically this was the equivalent to an "info@..." list, where potential customers would email for product information. One woman who was required to read those emails started to complain about the porn spam. Even though I had spamassassin doing a heck of a lot of blocking, plenty still got through.

    Let's put aside the web form option for the moment. Could she really sue the company for making her read the email to that address? From what I was told, I don't think so, since we had proof that we were at least trying to remedy the situation any way we could. Has anyone else run into a similar situation and had someone really sue the company?

    --
    Trolls lurk everywhere. Mod them down.
  9. Saw this one coming... by pointbeing · · Score: 4, Interesting
    In the federal agency where I work I've been hollering about hostile work environments for more than a year.

    My primary job function is R&D and I've told bosses for quite awhile that I thought it exposed the government to liability if we weren't using industry best practices to combat spam.

    I even offered to ask the agency's legal section what our exposure was and was 'discouraged' from bringing this to Legal - I think because if the lawyers *do* find a risk the problem would be immediately escalated to HQ for resolution ;-)

    Anyway, I researched several client, server and mail gateway products - everybody thinks combating spam is a good thing, but the higher-ups can't decide whether to automagically delete spam at the gateway (lousy idea) or just tag it and use client-based rules to quarantine it (much better idea).

    Anytime you do rule-based mail deletion you open up the opportunity for me to explain to my boss that the reason he didn't receive my project was because the mail gateway ate it.

    IM frequently less than HO corporations need to protect both themselves and their employees.

    --
    we see things not as as they are, but as we are.
    -- anais nin
  10. Re:Sweet.... by Jim_Maryland · · Score: 3, Interesting

    What about the situations where someone who knows your work email address submits you to the p0rn sites and you start receiving messages. I had this happen to me a couple years back where a college buddy of mine decided it would be funny to sign me up for "p0rn picture of the day".

    Could be difficult to prove that you weren't the one to do it, plus you'd be a lot more careful in who gets your email address.

    Jim

  11. This is what happens by KalvinB · · Score: 3, Interesting

    when politicians get involved with problems that aren't political.

    What's stopping these users from installing their own filters?

    Next thing you know, empolyees will be suing employers for lost e-mails killed by the main filter.

    As for SMTP being broken...you can already trace spam back to it's origin. All the way back to that open relay. It doesn't take brain surgery to fire up a DNS server or use an already existing one like DNSMadeEasy.com and assign your spam domain to the IP of the proxy you'll be using. The owner of the IP can in no way shape or form prevent "unuauthorized" domains from pointing to their IP. I pointed linux.icarusindie.com at Microsoft's web-site and windows.icarusindie.com at linux.org for awhile. MS's site automatically fixes the url while Linux.org showed up as my domain no matter where I went on the site.

    Spammers already use tons of domains to host the product page linked to by the "click me." All they're going to do is put a mail server on that domain. So now all you're going to have are spams where the "click me" domain and from domain match. Whoopee.

    You can already filter out "click me" domains which results in 100% accuracy (as long as you're not silly enough to think a computer can do all the work) and 0% collateral damage.

    If your plan of attack involves some kind of "accountability," forget it. The internet is an anonymous place. You have to find a way to deal with the problem without this silly idea that spammers are somehow going to surrender and identify themselves just because you changed the protocol.

    Ben

  12. Take some responsibility by Ungulate · · Score: 3, Interesting

    I think it's absurd for users to demand protection from the spam that THEY CAUSED by being promiscuous with their email address. I've had my work email address for almost five years now, and I've never gotten a single piece of spam because I'm not dumb. My coworkers complain about spam endlessly, and I have not an ounce of sympathy for them. Hotmail has great spam filtering these days, maybe they should be using it instead of their employers' email.

    I dont know why this was posted as AC because I was logged in.

  13. Companies can make spam a non-issue for employees by ron_ivi · · Score: 5, Interesting
    At the company I work, we make it easier. Everyone can have 2 (or more if needed) email addresses. One for reliable business partners, and a second one for less trusted business partners, mailing lists, etc. For example our affiliate manager may actually need to contact porn sites.

    For another example, our CEO wants to sign up to mailinglists of all our partners, competitors, etc. Both use their "secondary" email address for this spam-ridden mail.

    Most of the "legimite" "corporate" use of email doesn't actually get your email address listed with porn spammers. People just like giving out their email addresses to everyone, and that's what gets them in spam-trouble. By giving a second throwaway account, most people's primary account stays nice and spam-clean.

  14. It's called SPF by mdfst13 · · Score: 3, Interesting

    SPF ( http://spf.pobox.com ) does this at the domain level. At the username level, authentication would be guaranteed by the domain server.

    The grandparent post's issues can be solved by always using the domain SMTP server (as opposed to using an ISP server or sending direct). Most people already do this. If the ability to send from a dynamic IP is really needed, I notice that DynDNS is listed as an SPF supporter at http://spf.pobox.com/faq.html .

    A second conversation (to verify) is not needed. Just push all mail through the SMTP servers. Then the receiving server can verify the sender on receipt (the sender's IP is known as part of the TCP conversation).

    There is also a proposal called IM2000 that would offer most of what you want as well. With IM2000 only a message notification is sent. Using that info, your email client then gets the actual message from the sending server. If you verify the sending server in DNS prior to retrieving the message, you can be guaranteed that it is sent by the correct server.