Slashdot Mirror
No Federal Do-Not-Spam Registry For Now
Decaffeinated Jedi writes "The AP reports today that the U.S. government has no plans to create a do-not-spam registry in the immediate future. Why not? They argue that the proper technology is not yet in place. 'A national do-not-e-mail registry, without a system in place to authenticate the origin of e-mail messages, would fail to reduce the burden of spam and may even increase the amount of spam received by consumers,' said the commission." The moral of the story is: never try. See the FTC's press release or their report (pdf).
Homer: Trying is the first step towards failure.
Life is the leading cause of death in America.
I'm glad that they haven't jumped in headfirst, I can't imagine how they could enforce such a list right now with so much spam coming from outside of the United States and from unknowing zombie PCs within the US. If they did create a list it would place an expectation in the public eye that the US government can enforce it, when it obviously (to us slashdot readers) cannot.
Like it or not, we need to come up with more clever hardware or software solutions like Yahoo's "Domain Keys", Meng Weng Wong's SPF (Sender Policy Framework), or god forbid, Microsoft's Caller ID for E-mail.
Urge to post... fading... fading... RISING!... fading... fading... gone.
I thought they had this now: Isn't it the "Opt-Out" thingy?
My processed lunch meat business will continue for now.
The moral of the story is: never try.
Funny, when someone does propose an anti-spam solution, people here can't poke holes in it fast enough.
So you want to hear these lame proposals so you can scoff at them and feel superior? Or what?
Toronto-area transit rider? Rate your ride.
At least they are smart enough to realize that it is not technically feasible yet. Score 1 for the FTC.
Billions of messages are sent every day, the majority of which are spam. That's different than telemarketing calls, which require a live person-to-person (or at least phone circuit-to-person) connection. Also, even if volume wasn't the problem, the fact that spammers are almost always either outside the US or using compromised zombie PCs is just going to complicate things immensely.
The moral of the story is: never try.
Come now, michael. If it is most likely going to CAUSE more spam, its something that shouldn't be done.
Its a "damned if you do, damned if you don't by people with kneejerk reactions that normally hate everything you do anyway" thing, isn't it?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
And que the SPF-Zelots saying SPF is the answer!
Your hair look like poop, Bob! - Wanker.
A do-not-spam list right now would be a spam-me-now list. So many spammers are beyond the reach of the law at the moment that adding your address or domain to this list would be like adding it to WHOIS.
sulli
RTFJ.
I completely agree. How do you intend to enforce such a registry? People are forever insulting the gov't for creating unenforceable laws, and the FCC is right to hold back. You must remember that CAN-SPAM makes it a civil crime, while a national registry would make it a federal crime, requiring the gov't to spend money trying cases that obviously won't be won (and could also implicate a lot of innocents).
Read jack phelps dot net
Don't hand the spammers what would probably be the worlds largest distribution list on a silver platter.
There is a lack of proper legislation. The fundamental property of the Do-Not-Call list is that violators will be prosecuted by the FCC and can be held accountable with serious punishments. Quite frankly the current state of things leaves much to be desired in terms of punishment for spammers.
Fist I want to see some good national anti-spam legislation; then I'll ask for a national Do-Not-Spam list.
100% Crunchier
They should have a do not spam list. It will kill off at least one segment of spam. Spam mails trying to sell you a list of valid email adresses.
They actually have reason for the rejection of a do not psam list; How would they enforce it?
How can you say who spammed you? Is it the email referrer who spammed you, the zombie machine that used the referrer or the person from Russia?
And how would they enact vengeance upon said spammer? We have to have a system in place first so that even the slickest lawyer couldn't wiggle through a loophole.
This is my sig. There are many like it but this one is mine.
Spammed if you do, spammed if you don't.
"How am I supposed to remember you, when you won't let me forget?" --Bare Naked Ladies
This ignores the fact that a national 'do-not-spam registry' would provide a wealth of mostly valid email addresses allowing spammers to focus their efforts. Without an authentication mecahnism the registry is a useless list. This submitter is idiotically biased since he ignores a very valid issue that would give any straight thinking individual pause about such a registry.
Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
If a registry is ever created, it cannot be a list that people can download. It needs to be a query system that gets fed an address or list of addresses, and returns whether or not each one is on the list.
Otherwise we'll just have spammers downloading the list and using that.
Need Free Juniper/NetScreen Support? JuniperForum
Isn't this precicely what Microsoft's Caller-ID for email technology is supposed to solve? Did nobody contact Microsoft to ask them about licencing the technology for a national do-not-email registry?
Say what you will about Microsoft as a company, nobody can deny that they are serious about taking on spam.
Your message probably best sums up the response to this, and nothing else really needs to be said by anyone. If you create a list of email addresses and attach to it an American law governing their use, then someone from China isn't going to care one bit. The global nature of the Internet (which defies censorship) is also the same thing that allows for spam.
Personally, I'd get a little scared if they can legalize away spam. Although a different medium, if they go all-out for spam, it probably makes for a good sign/precident for 'other things' to be eliminated from the Internet. (Be it pirated files, porn, 'ideas that my citizens shouldn't be having', etc.)
But I still wish spam would go away, like everyone else.
The do not call list has been working well for me with phone calls... until recently. Now I get calls from people with heavy accents! I suppose they are calling from a different country? All of these spammers, email and phone, are always going to try to find a work around.
Click for offensive t-sh
A national list of valid email addresses sure sounds like a good way to reduce spam to me...
This side up.
For once stopped legislation regarding spam is a good thing.
Think about how successful the Do-Not-Call list is right now.
"Hi, I'm not calling to 'sell' you something. I'm doing a survey for INSERT COMPANY HERE. There is an option to buy, but that's not the reason for our call...."
Right...I said 'Do not call' that means 'No calls'
spammers lie.
Great the FTC caught on to that..
Now if only all those idiots actually ordering Viagra, Vicodin, larger penisses and mortgage quotes would get the message..
Perhaps a more viable option for enforcement would be sting-operations, where if you buy a spamvertized good, you the exact opposite of the advertized benefit. Higher mortgage! Smaller penis!
SCO employee? Check out the bounty
... I'm gonna report myself as '*@*.*'.
"Derp de derp."
Why pass unenforceable legislation which has a good chance of making matters worse?
For once it looks like a responsible decision has been made, lets not mistakenly equate that with doing nothing.
Imagine the screaming you would have done had they tried and failed miserably, or tried and made things worse.
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
Unlike the You CAN-SPAM Act, this decision by the FTC shows that they have two clues to rub together. There's no guarantee that spammers would adhere to the list..witness the fact that telephone spammers are moving their operations offshore to evade the do-not-call list.
The only way to stop spam is to hammer the advertisers. Follow the money. Penalize the folks who benefit. No other law-based solution will work.
Disinfect the GNU General Public Virus!
Apparently someone with limited resouces can build a map of the greatest spam producers but the federel government can't figure it out.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
If they determine that something isn't going to work, I'd prefer they not do it, rather than spending tax dollars on what they believe to be a failed attempt. My stance does consider whether they are correct in their belief. It is irrelevant to them taking action on a belief. The first question that would be asked, if it did not work, would be "Why did you spend money on this if you KNEW/BELIEVED it wasn't going to work?!". If they're just being stupid in their belief, that's another issue.
"A man talking sense to himself is no madder than a man talking nonsense not to himself."
...but that it is better to understand a problem before foolishly misapplying a non-working supposed solution. It's great to do the right thing. In the case, it's simply not doing the wrong thing.
I don't subscribe to RMS's GNUtopian vision.
For the zillionth time, can we put an end to boneheaded ideas like this?
Almost all spammers are violating Federal law right now. A do-not-email list would be the most ridiculous thing ever heard of, and would more likely serve as a great source of addresses for spammers.
The problem is there is no enforcement of existing laws in this area. We don't need more laws; we don't need more goofy schemes. We need resources dedicated towards educating and funding law enforcement authorities on how to catch and prosecute spammers.
If the US Govt. Imposed a draconian policy regarding spam and the technology was dicey or imposed on end user rights (such as no more anonimity) you would see the admin here go apeshit.
Michael also seems to think that whatever is decided in the US will magically become policy for the whole net. After all, if the US govt says you must comply with a no spam list, we must expect the rest of the world is going to suddenly stop sending spam. Right?
No, Michael, it's not. What they said was
And quite frankly they're right. Additionally, it's not in the FTC's jusrisdiction, I don't believe, to change the SMTP protocol. As such, they do not have the ability to actually solve the problem.
Given the degree to which the FTC fought for the Do-not-call registry, I think they deserve more credit than Michael's snide editorial remarks. They also deserve credit for having the courage to admit that they can't solve the problem under the current situation and providing a damned good reason why, as well as leaving bad enough alone and not doing something simply for the sake of doing it. Sometimes, inaction is the best course, and it takes maturity to realize it.
Right now, setting up a do-not-email registry would be as smart as responding to the "Please remove me" addresses. In short, it would be absolutely stupid.
So let's leave the FTC alone, shall we?
They are suggesting a fall conference with private industry regarding better identifiers in emails. Personally, I think that if there was a way to close down all open and proxy relays and educate dumb computer users than we might have a chance. Otherwise, I do not see what private industry can do. But then, I am not a computer expert.
What is so difficult about authenticating emails? Is there any way to encrypt something which says where an email originated from? How about routers that do not forward anything without the correct authentication? It would take big companies and schools signing on first, and then that would force free services like yahoo to have to be more responsible. I think those free email providers make it easier for people to spam by forging headers. There has to be a way to authenticate.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Right, michael. Like you wouldn't have been the first to complain about how the government's antispam list does nothing if they had decided to create a do-not-spam list. At least it sounds like they gave the idea some consideration, and had a real reason not to do it.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
I have some asswipe forging my domain right now which is a form of identity theft. I could call the FBI, but who would bother answering my call. Forget the local police department.
Fact is that eliminating spam is a 3 part solution:
- Technical, make it such that it cannot be transmitted or very easily filtered with minimal to no false positives.
- Laws, make it illegal to send spam
- Enforce laws - Ralsky and others like him should hang. They know what they are doing pisses off millions, they are nothing but sociopaths and should be treated as such. Spammers should pay 2-4x the money spent to investigate and prosecute them.
It's sad, spammers IMHO are doing far more damage that Mitnick ever did or could. Yet they are not being taken down as publically or as hard as he was.it's too bad.. i mean that federal do-not-call list works SO well.
for a minute there, i lost myself...
GAAAAAH. Sometimes, Michael, you are the biggest idiot.
Did you ever stop to think that sometimes just doing "anything" is not the best way to go? Can we please give the government a little credit for not jumping in and just "doing something" to score political points?
Creating a do-not-spam list just creates a beautifully maintained list of people to spam.
Sometimes it's best to just let stupid people be stupid.
it probably makes for a good sign/precident for 'other things' to be eliminated from the Internet. (Be it pirated files, porn, 'ideas that my citizens shouldn't be having', etc.)
I am certain that's exactly what they are looking to do. They do plenty of law making that is questionable but it falls under the guise of protection or something that is "good" for us.
We all nod our heads in unison as they wipe away the rights of terrorists because afterall, we're not terrorists. We all nod in unison as they give us national ID numbers because, afterall, it's so much easier to just use that rather than having this card and that card and that card, right? We all nod our heads in unison as they eliminate our rights to privacy because, afterall, when you're in a public place you shouldn't have the right to privacy -- you should have your every movement tracked by a central governing body, right?
Slippery slope.
... at least when setting standards with technology. the US Gov. has messed up technology enough as it is.
ex. See Cellphones.
Let some geek come up with the answer and get enough geek power behind him to implement it into standard.
Besides... the government can't even track down all those Nigerian email frauds, what makes me think they can be trusted with several MILLION more complaints?
"If I were bound by all laws everywhere I'm sure I would have committed a capital crime somewhere."
they gave spammers the md5 hash to every person on the do-not-spam registry. that way they can't find out who is on the list unless they already have them on their list.
you need not give out the addresses to would-be non-spammers, giving out MD5 hashes would be enough to check for non-spamming without revealing the addresses.
In an opt-out system without a Do-Not-Spam Registry, is one supposed to use guns to stop the spammers (i.e. shoot them on the spot or what)?!
I think a more problematic aspect of an email "do not call" list is the fact that it is so easy to get and change email addresses these days. There are millions of active email addresses that will be discarded shortly after they are created. I myself create a new email address every time I register for some on-line service or fill out some promo form. What might be nice is whole do not call domains
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
The moral of the story is: never try.
No, the moral is, "that it's better to allow thousands of illegal spam emails go free than block an innocent email." In other words, the attempt would be useless until all emails are authenticated.
Also cue the spelling zealots!
P.S. SPF is the answer!
Try not, do or do not, there is no try
I don't think there should be any government do-not-spam list.
Among other reasons, it intrudes on the right of people to advertise their political opinions, which is crucial to a democracy.
It's pretty easy to filter out spam. Bayesian filters block nearly all spam, and have the benefit of being tailored to the user's interests, not the spam definitions of the government (which will inevitably hurt those who oppose government policies).
Use Mozilla's mail application: It has excellent spam filtering built right in. If you don't want to use Mozilla, than use Popfile or Spambayes to accomplish the exact same thing: Bayesian Filtering that will nearly eliminate your spam headache.
Check out my blog: My Galaxy is Milky Way Adjacent
This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?
All they need to do is set up a web service that responds YES or NO to whether an address is blocked. There is NO NEED to publish the list itself. In a single line:
wget http://nospam.gov?address=some@address
which would return:
Content-Type: text\plain
NO|YES
Why is that so hard?
----- Refactoring is the reason why man does not mistake himself for a god.
I find it interesting to note the apparent opinions of the slashdot editors when it comes to government. Usually the slashdot crowd is quite gung-ho in the direction of "Government bad! Free-markets! Regulation is evil, leave us alone! Ahhhh, censorhip!" etc. But as soon as they get irritated by a few spam messages in their mailbox, they start whining "Uncle Sam, save us from the spam! We need big and intrusive government protection! Someone please think of the children!"
A most interesting duality, and it's shameful that they depart from a stance of pure self-regulation. It would be much more productive to work on real technical solutions to the problem of spam, rather than whining that the government should bail us out. Hopefully most people realize this, and we'll get real technical solutions, without having to spend millions of taxpayer dollars.
Freedom is the freedom to say that 2 + 2 = 4
Well wouldn't being able to identify all e-mail that is SPAM solve the problem without the database? They let junk mail go because of postage $ I believe, but what incentive would there be to not just block all SPAM (if there was an infalliable way to id it)?
in bed.
There is a key difference between telemarketing and spamming. Even if you had a prerecorded voice message (which is illegal) these phone calls cost money, tune the tune of a several cents a call and up. Adding an operator costs more, even with the scams they play on their own operators. So it's actually in the best interests of the telemarketers to have some sort of don't-waste-your-time list.
Spammers, on the other hand, can pay as little as $0 (0 for you foreigners) by using open relays, zombies, etc. So it's in their best interests to hit everybody, even if they're not interested. Rather than miss somebody, they'll hit everybody. A do-not-spam list would only provide a list of verified addresses.
So "never try" is definitely the right response here, at least at the moment, since it will be ignored by the spammers in a way that the do-not-call list avoids. The only question at this point is, who hasn't signed up for the do-not-call list:
* Very lonely people
* Very ignorant people
* People with a higher tolerance for telemarketing than me
Unfortunately, this probably just thrills the telemarketers. They can't call your grandma (since you signed her up) but it means that people who haven't signed up for the list are more likely to be scammable. (No offense to your grandma or anything. I'm sure she's a sweet lady but statistically speaking the elderly are more suceptible to scams, and less likely to take advantage of technological solutions.)
Is pick the fights you can win. Right now, this isn't one of them.
Get the technology in place to make anonymously spamming people harder, and you can start thinking about this again.
It's official. Most of you are morons.
That's odd, toothless legislative spam fixes never got vetoed in the past just because they'd do nothing to stop the problem - or make it worse. Wonder what makes this one so special?
-- I'm not a pessimist, I'm a realist. It's not my fault that life sucks so much. --
"The moral of the story is: never try"
Um no. The moral of the story is do not kick a dead horse. Email as it is needs a fundemental change. I mean, come on, clear text passwords over a network? You can sniff out 99.9% of all email traffic on the internet easily. Nevermind how easy it is to spam and exploit the vast majority of systems out there. Yes I know email can now be encrypted, blah blah blah, almost no one on the net knows what that means let alone knows how to use it.
I personally do not want my tax money being spent kicking a dead horse. They would spend millions on a system that's unmanagable at best when they could instead spend that money on developing a better email system.
The moral of the story perhaps, is fiscal responsibility. While not kicking a dead horse and picking their battles wisely they will save us tax payers a fair amount of money. This is probably the best news I've heard all week.
"The moral of the story is: never try."
Geez, clearly you've thought this through and thus haven't given a typical, knee-jerk reaction. Nice.
So what's next that you'd like to see the Feds pursue? A national "Do not rob me while I'm gone on a lengthy vacation" list that all potential robbers must consult before robbing someone's home?
The Feds got this one right. But you didn't.
"Michael" works the FBI or another government agency and they are bummed out that this bogus do-not-spam list would have given them a nifty database to cross-reference with all the other databases the government has been collecting on people.
The only productive purpose for such a stupid database would be to encroach upon the privacy and security of the populace. Spammers would never follow the guidelines. Unlike telemarketing, which uses a communications medium that is more easily trackable and regulated by the government, an e-mail do-not-call list would only serve to compile information on people that would obviously be used for less-than-honorable purposes. Slashdot needs to refresh their moderator staff.
Can someone post the list of spammer's addresses?
Why does it have to be do-not-spam registry. Why not please-spam-me-registry. Just make spamming illegal to all addresses, but those that are in the registry.
Wouldn't it be a lot easier to make a law that would condemn spamming, period. I bet about 90% of voters don't like to receive spam. Why we have to make the effort to block spammers, when lawmakers should be on our side?
If you create a list of email addresses and attach to it an American law governing their use, then someone from China isn't going to care one bit. The global nature of the Internet (which defies censorship) is also the same thing that allows for spam.
This isn't really true, however. Research has shown that almost all spam actually comes from America. Much, if not most, of it is routed through either Chinese servers or worm-hijacked PCs, but the origin is still American.
The problem with this whole idea is enforcement. I think a "do not spam" list would be great if there were serious investigation into tracing who sends spam to addresses on this list, and then extremely harsh penalties for sending spam to people on this list (like a public execution). If there's no serious penalty when a spammer misuses this list, then it will only serve to help them by providing them with more email addresses.
And yes, I really do advocate public executions of spammers. Back in the colonial days, public executions were commonplace for serious criminals, and surprise, surprise, they didn't have a serious problem with crime.
pateNTdead PostBlock devise. where did they ever get all those dialups?
more guys like this, a few less billyonerror/stock markup FraUD softwar gangster felons, & the wwworld would be a better place.
HELSINKI, Finland, June 13 - If Tim Berners-Lee had decided to patent his idea in 1989, the Internet would be a different place.
Instead, the World Wide Web became free to anyone who could make use of it. Many of the entrepreneurs and scientists who did use it became rich, among them Jeffrey P. Bezos ( Amazon.com), Jerry Yang ( Yahoo), Pierre Omidyar ( eBay) and Marc Andreessen (Netscape).
But not Mr. Berners-Lee, a British scientist working at a Geneva research laboratory at the time. That is why some people think it is fitting - or about time - that on Tuesday, Mr. Berners-Lee will finally be recognized, with the award of the world's largest technology prize, the Millennium Technology Prize from the Finnish Technology Award Foundation. The prize, valued at 1 million euros ($1.2 million) is supported by the Finnish government and private contributors.
The Internet has many fathers: Vinton Cerf and Robert Kahn, who came up with a system to let different computer networks interconnect and communicate; Ray Tomlinson, the creator of e-mail and the "@" symbol; Ted Nelson, who coined the term hypertext; and scores of others.
But only one person conceived of the World Wide Web (originally, Mr. Berners-Lee called it a "mesh" before changing it to a "web"). Before him, there were no "browsers," nothing known as "hypertext markup language," no "www" in any Internet address, no "U.R.L.'s," or uniform resource locators.
Because he and his colleague, Robert Cailliau, a Belgian, insisted on a license-free technology, today a Gateway computer with a Linux operating system and a browser made by Netscape can see the same Web page as any other personal computer, system software or Internet browser.
If his employer at the time, CERN, the European Particle Physics Laboratory in Geneva, had sought royalties, Mr. Berners-Lee said he thought the world would have 16 different "Webs" on the Internet today.
"Goodness knows, there were plenty of hypertext systems before that didn't interoperate," he said in an interview on Sunday as three days of award ceremonies began here.
"There would have been a CERN Web, a Microsoft one, there would have been a Digital one, Apple's HyperCard would have started reaching out Internet roots," he said. "And all of these things would have been incompatible."
Software patenting today, Mr. Berners-Lee said, has run amok. In April, Microsoft was awarded a United States patent for the use of short, long or double-clicks on the same button of a hand-held computer to start applications, according to a report earlier this month on eWeek.com. At the same time, Microsoft said last week that it was appealing a $521 million judgment - the second-biggest patent-infringement award - won by a Chicago company called Eolas Technologies over plug-in applications in Internet browsers.
Due to excessive bad posting from this IP or Subnet, anonymous comment posting has temporarily been disabled. You can still login to post. However, if bad posting continues from your IP or Subnet that privilege could be revoked as well. If it's you, consider this a chance to sit in the timeout corner or login and improve your posting . If it's someone else, this is a chance to hunt them down. If you think this is unfair, we just don't care. if you want to whine, go get yOUR own fauxking corepirate nazi puppet blog.
As you've guessed, the headline was supposed to read
High time for a merger of Spamhaus.org & the NRA?!
until some slashcode bug struck...
Why does everyone seem to think that if a do-not-spam list was created. They'd just hand it over in plain text to the spammers. To do it right, they'd either distribute a list of MD5 hashes, or setup a system where the spammers sent their list and the feds told them which ones were ok to spam.
Non gratis rodentus anus
1. Do you really think that if the US passed such a law that the spammers wouldn't run, not walk, to any country they could? Of course they would.
2. Are you seriously suggesting that we have more serious crime now than we did back in the colonial days?
In this case i totally agree. Adding another governmental body to oversee something that is a lost cause would be stupid and only cause more money to be wasted.
I'm really surprised to hear some intelligence from them..
Now, the next logical step would be to help move things along so that it the list WOULD be of value...
---- Booth was a patriot ----
Q: What do you call a spammer wearing a suit and tie?
A: The Defendant.
To do it right, they'd either distribute a list of MD5 hashes, or setup a system where the spammers sent their list and the feds told them which ones were ok to spam.
True. But if the latter were implemented wouldn't a spammer just send a file containing millions of *possible* email addresses? Then the US government would send them a list of the addresses not in their records. Taking the difference between the two lists would provide you with a list of the valid addresses.
What do they mean by "the origin"?
The originating IP of the spam is already easily tracable, so they can't mean that. They must be concerned about identifying the spammer. But... tracing the source of the message is unnecessary if that's what you need to do.
See, spam with no mechanism to reach the spammer is profitless. You don't need to authenticate the sender, you need to follow the money and deal with whoever is profiting from the spam. THEY are the ones who need to be held responsible.
Yes, I know about "Joe Jobs", but they're not a problem unique to email, and dealing with them is a matter for investigators.
Do I have to take a number and stand in line to execute some of them?
Seriously, one of the reasons they aren't going forward with it is that they believe the list would mostly just serve as a golden list of known good addresses for spammers, who don't much care about legality and even less about ethics, anyway. I work for a large email security firm, and I completely agree with that. I have a front-row seat to the effect that YOU CAN SPAM act had on reducing spam, and it was zero, at best. At worst, it encouraged it by superceding existing state laws while simultaneously granting spammers free reign to spam as long as they put in a working remove link.
Some put in the link, most don't. Among the ones that do, it seems to be the case that they remove you only from that one list but not from all their lists. And since you have now confirmed your address as working, you probably go on their gold master list.
The CAN SPAM act seems like something the DMA must have bought and paid for. It's certainly no friend of spam victims, but to the extent that it boost our business by granting a (queue James Bond music) License to Spam, it helps companies like mine.
Almost all spammers are violating Federal law right now.
Truth. Plain and simple. Giving them another law to violate would do squat.
In fact, I've always wondered why the feds haven't used this fact to go after them. I know, I know - you can't track down the spammer, since they're mostly launching spam from bots in China.
But the point of all spam is to sell something, and that requires a somebody. And that somebody has to be able to take a payment, or the spam has no point, correct? Money is changing hands here. I don't think there's a single spammer in it for the love of the game.
The feds need to get in touch with that somebody and arrest them. Nail them as an accessory, or "conspiracy to".
Then, when they've got that hanging over their head, give them a break if they'll give up the spammer.
That'll fix the problem. Spam works because there's money there and no chance to get caught. Turn the industry against itself. Use the system they're using. The key lies in the money. The money idiots pay to the guy doing the selling, who in turn hires spammers. Follow the trail, guys.
Heck, if you don't want to do it, pay me. I'll betcha I can find me a spammer or two, no problem.
Weaselmancer
Weaselmancer
rediculous.
Left to themselves, spammers tend to go from bad to worse
Just to clarify (gotta preview more often :-p) it boosts our business by making spam worse, thus driving more customers our way in search of relief from spam.
PDF. Why not have a look at it?
The DNS registry just went down for many of the major internet sites today.
Something makes me think that this whole DNS registry won't continue to work in the long run.
Yes, everyone really loves it when the government creates ineffective bureaucracies that waste tax payers money and don't solve the problem in the least.
Speak truth to power.
I wrote the original "I Don't Want the Gov't Telling Me What's Spam!" message. That message has now been modded down "overrated", presumably because I argued that people have a right to send out political email.
I understand you may disagree, but to mod me down for that reason is pretty heavy handed. Obviously, the points I brought up were interesting, since it spawned a highly rated discussion.
Courts have held that the right to political free speech is expansive. You may disagree, and that's a legitimate opinion, but please don't mod me down simply because I've voiced an opinion different than yours.
Check out my blog: My Galaxy is Milky Way Adjacent
Distribution of the list would be easy: "Here Mr. Spammer, when you're done with this floppy disk containing all the existing email addresses who wish to be spammed, please pass it along..."
"The moral of the story is: never try."
/. should change "Comments" to "Bitching and Moaning."
i hope this wasn't sarcasm. everyone bitched about CanSpam because they tried to do something that was destined to fail, now you're bitching because they're not trying something that's destined to fail. maybe
In this case, the feds had a very good reason for not setting up a No-Spam registry. Spammers would simply use it to get our email addresses. Here's how the AP story actually begins:
That sensible decision hardly deserves the snide remark, "The moral of the story is: never try."The real moral is to read the article before you post.
--Mike Perry, Inkling blog , Seattle
Result - Slashdot complains about how ignorant and evil the US government is.
Option 2) The US government concludes a do not spam list will cause more problems and the correct solution is to fix email itself.
Result - Slashdot complains about how lazy and evil the US government is.
I'm surprised more people haven't banded together and put up bounties on spammers. What, are we going to let AOL, Yahoo, and Microsoft, wage our war for us? We should be dragging the bastards out of their hidey holes and doing mass class actions on their asses for fraud and tresspass (not to mention violation of the CAN-SPAM act for forging from addresses.)
In fact, I've always wondered why the feds haven't used this fact to go after them. I know, I know - you can't track down the spammer, since they're mostly launching spam from bots in China.
You can track them, no matter where they're from.
I had a friend who filed a case with the Feds, and took it to the DA in two jursidictions - he had spammers on multiple felony crimes and even knew where they lived and worked and had tons of evidence to nail them. The DAs with both jurisdictions refused to prosecute the case.
This is the problem. All these spammers can be easily, EASILY tracked whether they go through a foreign country or not.
They argue that the proper technology is not yet in place
Unless I'm mistaken, we've had laser-guided missiles since the first gulf war which is all the technology we need to deal with spammers. It didn't take some Navy supercomputer to find Eric Head or Scott Richter and any half-assed napalm-delivery system would easily show them the error of their ways.
the only workable environment involves a combination of Bayesian-style filters coupled with white lists for known good addresses
And that's a pile of "I read it on Slashdot a lot so it must be true!" crap.
Spammers are just putting non-spam words in their spam, or just not putting words in there at all. Now the odd non-spam words the spammers use in their spam are causing false-positives on my legit email (to the tune of 2-5%) while 10-20% of spam is getting through (since it contains words that had only appeared in the non-spam potion of my corpus to that point.)
Gradually, more and more words are showing up in both the spam and non-spam parts of the corpus, making them all useless for making a spam determination and rendering the whole system about as effective as Bob Dole's member without the little blue pill.
And whitelists are a partial solution for many reasons - the first of which being you have to know the address someone is going to send you something from before you can receive it. That's fine when you just get email from your girlfriend (oh, who are we kidding, we mean your mother), but not so great when you actually want to receive your receipts for online purchases or not make potential new clients jump through hoops.
The REAL solution is there needs to be a second class of email - email that you have to pay money to send. The recipient could even refund your "postage" if they like your message. Then we can all set our filters to let paid-for email through and throw the rest in the trash - just like we do with real vs. bulk mail in the post office box.
paintball
It'd be like creating a list of adolescent girls home alone from 3-5pm, with their addresses, and calling it a "Do Not Molest" list, in hopes that child molesters will honor the intent.
The problem is that a do-not-spam list is really a list of known-good addresses, which would be highly valuable to a spammer.
It'd be a matter of time before the database left the country, at which point addresses on the list would receive even more spam, sent from locations beyond the reach of the US law.
It might take moments, if the database is just a big plaintext file which bulk emailers are provided. It might take longer if there's some effort to limit access or encrypt the actual addresses.
Even a service which just takes an address and replies Yes or No depending on whether the address is on the list, without exposing other addresses, would be problematic because spammers could use it to determine which addresses are valid and which are not.
Why create a list. WHO WANTS TO BE SPAMMED?!?
It's incredibly silly to make a list and try to maintain it, enforce it, keep it out of the wrong hands, etc.
Just make it completely illegal to send unsolicited garbage messages and start making money trails to follow and nail some people.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
This is not a problem.
USA can mandate all govt agencies, federally funded schools, and telcommunications companies in the USA to include some special Private Key signature doohicky in their emails.
Companies will quickly sign on.
Now all legitimate mail from the US is signed and verifiable.
Many foreigners will jump on board.
Now any mail that isnt signed can be ranked hiegher by your filters as spam (there will be some legit unsigned email that isnt spam, but you can 2x the weight of any spam words in an unsigned email or something)
Foreign companies that want to get to US markets will comply with the signing.
Foreign users will demand that their companies get on board, so they dont have to have spam either.
All that is needed is critical mass, or a few critical users.
Spammers would just get a copy of the do-not-spam list and start spamming it! There's absolutely nothing to stop them.
We need SMTP v2.0, and we need it soon.
The DAs with both jurisdictions refused to prosecute the case.
Kee-rist but that's depressing. Any reason why? Is your friend in any sort of law enforcement?
I can see not taking evidence from "just anyone", but yeah...you'd think given enough, they'd have some fed somewhere follow up.
All these spammers can be easily, EASILY tracked whether they go through a foreign country or not.
Yup, I know. That's why I'm offering to be paid to track 'em down. I could do with a nice cushy job. The karma wouldn't hurt either. =)
Weaselmancer
Weaselmancer
rediculous.
If we shift to email that is nothing but a link back to a content server, and delete anything that doesn't match that, we'll have a means of tracking back to a responsible party and enforcing Don't-Spam.
International spam can be filtered out by blocking email linked to servers in countries that don't enforce Don't-Spam. Also block any email that links using a straight IP address (or simply don't support that in the email linking protocol).
If an email content server can turn over the spammer who violated Don't-Spam, the spammer gets fined. If someone lets their server get hijacked for spam (or claims that is what happened), they deserve a fine.
I took a chance and signed up to be on the FCC's Do-Not-Call list. All the telemarketer calls just dried up. So the telemarketers are toeing the line. For now.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Please let me know if there is a way I can get more information about your friend's case. I'm completely powerless, so I can't help, but I'm curious.
Why do I have this? I don't smoke.
They already have legalized spam. It is called the I-CAN_SPAM act.
Fight Spammers!
As the article suggests, spammers conducting business outside of the US would simply take the "Do Not Spam" list and spam it heavily. After all, it would be a list of verified, active email addresses. Such a list would be of great value to spammers.
While I can't say I know the author's intent, my first thought upon reading this was that it's a Simpsons quote (or actually, a mis-quote). From the episode "Burns' Heir":
Marge: I think Bart and Lisa are feeling a little upset right now. Isn't there something you'd like to say?
Homer: There sure is. Kids, you tried your best, and you failed miserably. The lesson is, never try.
(thanks to snpp)...it's the guy making money off the "product" that is. The Chinese may be hosting spammers and the Russian mob may be selling zombies, but how many of the people collecting the dollars are living here in the USA?
Targeting those people should be easier (you can follow the money trail), and if they see themselves facing big fines or jail time, I'm pretty sure they'll roll over on any US contacts they have for the people sending the actual spam messages.
It really doesn't work.
The only way you could operate a do-not-spam list would be to have the FCC provide the SMTP servers. And once that happens, it would become trivial for everyone to block those servers. Anything else is exploitable by discovering the content of the list and exporting it.
Wait... the FCC provides the servers and everyoen blocks them? What was my problem with a do not spam list again? :)
Colorado developed this idea and it works great. The technology is totally in place. What I find funny about this is that the feds stoped it at the last second and still distribute the info to the spammers. I suspect that for those of you who are not fortunate to live in Colorado are having to suffer numerous calls now.
I prefer the "u" in honour as it seems to be missing these days.
1. Do you really think that if the US passed such a law that the spammers wouldn't run, not walk, to any country they could? Of course they would.
Maybe, or they might just find a less dangerous job. As has been discussed many times here on Slashdot, emigrating from the USA is easier said than done. Where are they going to go, Mexico? Spamming usually requires an internet connection with decent bandwidth, and that may be hard to find in many places. The fact is that most spammers live in the USA, and I think that fact is important. If spamming were really easy to do and made lots of money from anywhere in the world, then we'd be getting a lot more spam from other places, which we don't.
2. Are you seriously suggesting that we have more serious crime now than we did back in the colonial days?
Actually, yes. Maybe I'm misremembering my history, but I don't remember things like serial killers, drive-by shootings, murders, thefts, kidnappings, assaults, etc. being commonplace in those days. Of course, the population was lower, but I do think the harsh penalties involved helped keep crime low back then.
Back in the 1800's, men were hanged for stealing a horse. How often were horses stolen? The average person probably had to worry a lot less about getting his horse stolen back then than a person has to worry about having his car stolen now.
In case the ambiguity is over:
I mean this literally. ie someone who's not on the list may find their first email filtered, but once they try enough times (assuming they're not a spammer), they'll get through - so you'll receive at least one email from them. Once they're through for the first time, they're easy to whitelist.It doesn't mean "The first email from an unknown address should always be accepted".
You are not alone. This is not normal. None of this is normal.
Then the government could legitimately and reasonably hand out the list to mass mailers without concern that it would harm any uninformed consumer.
This would would be a very efficient process, because such a list would probably be empty.
Seriously, the answer is, the government needs laws with teeth, then it needs enforcement. If they can't put those two things together, they need to stay out of it. The citizens will solve it themselves at one level or another.
I've fallen off your lawn, and I can't get up.
So if they ask my for ID, they can try to scan the prints on my middle finger.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's easy. Organisers of music festivals, record labels etc. get fined if someone fly-posts adverts for their stuff. Even if we can't prove who actually put up the poster.
Spam is no use unless it's actually trying to sell something - be it porn, V1@grA or whatever. If an advert for your herbal weightloss drug ends up in my inbox, it should cost you, say, $100. If you spam, you'll soon go broke.
1. Add another line in the header that specifies the host where the message originated, and implement a way to ask the host whether it sent the message, e.g, something like an MD5 hash of the message.
2. Once you can verify the source of the message, then you can enforce spam laws and identify zombies.
3. ISPs need to cut off zombies once identified.
...a death sentence for words in a story on /.
;)
Of course, CmdrTaco got one too, but he was asking for it when he proposed.
'A national do-not-e-mail registry, without a system in place to authenticate the origin of e-mail messages, would fail to reduce the burden of spam and may even increase the amount of spam received by consumers,'
Keep a list of do-not-spam addresses, with each entry securely hashed. Bulk mailers would then hash each prospective recipient address, search for it in the list, and reject any that match. The main requirement here is that the hash function should work in only one direction.
So, it's not like you have to provide spammers with a list of actual live e-mail addresses in order to let them comply with a do-not-spam list.
Something along these lines should really be used for the national do-not-call list as well.
And law enforcement could/should set up some addresses that are published nowhere except to the Do Not Email list. If the Do Not Email list were used to find valid addresses, it would end up including some of those.
And any mail coming to those would signal "Here is a spammer who is not just ignoring the laws, but who is actively trying to use the Do Not Email list to harvest new addresses." That would make them a primary, and fairly easy to prosecute, target.
Depending on your level of web presence, there's a much greater chance they /won't/ have your email address if you don't send it to them in a list. At the very least, a new domain will take longer for them to locate and try dictionary attacks against than if they have your domain name provided to them.
Or he probably didn't
Maby you are misremember histroy because you shouldn't be remember the ever obscure 'those days' at all. You, as with most people, have a very biased picture of what thigns where like 'back then.' And more importantly you have a very biased view of how things are now. Serial killers, drive by shootings (onyl really a factor since the advent of cars and guns), murder, theft, kindnapping, and assault where not common place back 'then' where then is all of human history. Nor are they common place now.
What you say!!!
Just because the news sensationalises stories does not mean they are by any approximation common place. The fact is that the percentage of people who are psychopaths is mroe or less a constant (there aer enviromental variables that have an influence, but a person could just easily have a bad childhood now as back anytime, though many would agree you are more likely to have a healthy childhood now). But, without wide spread communication you never heard about serial killers. And with poor forensics many crimes just went unsolved. Jack the ripper, one of the most notorious serial killers, was never caught.
Back in the 1800s men could be lynched for being black. The average person probably had to worry a lot more about being black, or gay, or just generally disliked, then they do now. Lack of accountability, mob rules, and poorly defined social structure meant that having your horse stolen was generally a minor concern.
Stop living in the glory days of a past that never existed and you know nothign about. And stop being paranoid about the world we live in. Having come to North America from a country that actually has serious crime of the level Grishnakh believes this fair continent to be in (South Africa routinly sets world records for heights rape, murder, and auto theft), I can tell you that we are not living in the midst of civil unrest.
Oh and Grishnakh, there are a lot of other places in the world spammers could go. Every where else isnt' the third world mud hole many people believe it to be.
And yes, I know, I was just trolled...
The Neo-Bohemian Techno-Socialist
You're all cheering the US government on when they publicly broadcast their decision to do absolutely nothing about spam. Do you all love spam that much?
The FTC's position is that you can not trace email messages back to their source, which is absolute bull. You can't track them all back, but you can track enough back to go after spammers. If it really was impossible to trace communications on the internet, the dmca would be unenforceable, worm writers would never get caught, and there would be no internet branch of echelon.
Now, the spam bill sucked. We knew it wasn't going to improve the situation, but that they're not even going to try something that was intentionally made as weak as possible shows that the FTC is on the side of the spammers. So pooh to them.
Remember, although a lot of spam gets sent from china, most spammers are US citizens. They ARE within the reaches of US law. All that's needed is for congress to grow a pair.
<hat form=foil material=tin> But maybe somebody -- like the DMA -- doesn't want that. </hat>
All my respect to the FTC and their spam efforts, and especially Commissioner Orson "What we need is a few good old fashioned hangings" Swindell. Hopefully it's merely having to work within the beltway mentality that caused this conclusion to be reached and announced at this late time, because this is precisely what everyone (except the few spammers present) told them at the spam conference 15 months ago.
Ensconsed in Commissioner Swindell's colorful words is a hint of the real problem: The problem is a social one, not a technological one.
The means of execution (no pun intended, but I'll take it) may be technological, but not the cause. Trying to solve it technologically will be equivalent to allopathic medicine where the symptoms are treated instead of the cause. Sure, you can kill the tumor, but if you don't remove the cause of the cancer, the problem remains.
Stop treating spam as though it came forth by breaking the vaccuum symmetry and existed suddenly where nothing had before. It's a new face on an old problem and could easily be treated as such, if it weren't for the mentality that still thinks that anything printed in dot matrix on green and white line tractor feed paper is more real and authoritive than handwriting.
The TCPA works for junk faxes. Rewrite it so as not to be strictly telecom.
When people hijack machines as spam drones, catch their ass and prosecute them under computer crimes laws.
There are STILL cops who refuse to handle stalking cases where email is involved because they're allowed to claim their ignorance prevents them from acting, when the fact is the stalking laws say nothing like "unless it's in email".
Stop treating it as if it's all new and different. It's all just new ways of doing the same old things, and the old ways of stopping it would still work.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
So all I have to do... start sending spam from a well-hidden server in Korea. They can't go after me... but they can fine Microsoft(or Sun, Dell, Best Buy, or whoever else you'd like to screw today.) Yeah, that'd be a great freakin' idea.
Have you been touched by his noodly appendage?
Wouldn't it be a much more efficient use of tax dollars to create a Federal PLEASE SPAM ME registration list?
Similarly, why not an opt-in telemarketing list? This would seem to be much more efficient, as few people would want to register to receive either spam or telemarketing.
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
you mean EFFECT change. Make it happen. Otherwise you're saying, essentially, "modify the change"
That's one of the few times that "effect" can be used this way.
But I still wish spam would go away, like everyone else.
I havent used email in 6 years, and I tell you this..I dont get any spam.
Slippery slope or not, they will never take away our right to choose which hand our sex-monitoring chip is installed in.
Yes I am curious to get the obligatiry "anti-spam checklist" on it, but hey... try to be constructive and positive please. We are here to find a solution, not to shoot everything down.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
1) Buy whatever they are selling. ....
2) Subpoena the bank that cached the check or processed the credit card.
3) Arrest the spammer and jail them.
4)
5) End of spam
evil is as evil does
The law that needs teeth is US Criminal Code Section 18, paragraph 2701. That's the junk fax law, which could be extended by only a few words to cover spam as well as junk fax.
Voila! A constitutional law with lots of solid court precedent, a law with teeth, and a clear mechanism of enforcement already in place.
Of course, with the DMA running their lobbying circles around the issues in DC, it ain't gonna happen. But we can dream, can't we?
just dont send spam to anybody
if an do-not-spam list is enforceable this should be enforcable more easyly
My friend doesn't want to make a big stink about the issue, but the case was filed with the FBI and the DA turned it down. The spammer broke into his server and repurposed a formmail script that had been lying around for awhile. The FBI felt it was a very strong case and all the data was compiled. But the DA turned down prosecution of the case.
What are you going to do? One problem is, making a big stink about federal agencies can tend to come back to haunt you. It's such a demoralizing process trying to get others to do the right thing. My friend is burned out and has no faith in the system. I don't blame him.
Implementing a do-not-spam registry is only infeasible if you're a technical imbecile (it's trivial to do - even trivial to do right).
Yes, if you want to give spammers outside the reach of the law a very convenient large list of new spam victims and those within the reach of the law an excuse to send spam to everyone not on the list, it's trivial - and very stupid.
Spammers who "abide by the law" would spam everyone who is not on the list (whether in the US or not) and think they are entitled to it.
On the other hand, other spammers who don't care about the laws send spam to everyone on the list because that will be the best e-mail collection for spammers available.
If such a list was created it certainly shouldn't consist of large numbers of e-mail addresses that are publicly available and can easily be used by spammers. But since it is not acceptable to make all those e-mail addresses public, it is very difficult to find a practical solution (one might require that spammers send all their spam - with recipients' addresses - to some trusted central service, which then forwards all spam to those who are not on the list.
That wouldn't be so trivial. And it's not clear if it would make sense, either. Why forward the spam to those whose addresses aren't on the list? Most of them probably wouldn't really want spam, but just didn't know how to add their address to the do-not-spam list. So, I think it's much better and easier not to allow spam to anyone - who wants it can sign up for it.
So first "we" get upset when the government proposes regulations on internet technologies and then when the government can't regulate something we all hate(like spam), we get pissed that the government isn't trying to regulate an aspect of the thing we think should remain inherently unregelated.
This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?
Publishing such hashes would, of course, not be as irresponsible as publishing the addresses in clear text (provided the encryption is strong enough), but it would still benefit spammers: dictionary attacks would be quite easy to do: just try out common names at common domains. Spammers can, of course, do that now, but it would be more convenient with the hashes than actually sending mail and checking from a valid account whether an error messages comes back. Furthermore, spammers who use dictionary attacks would have better chances to send their spam to e-mail accounts that are actually used. When no error message comes back, it can still be an abandoned or throwaway account, but if it is actually on a do-not-spam list, it is most likely in use and therefore of more value for spammers.
And even if the e-mail addresses are encrypted, I wouldn't trust that the key isn't leaked somehow. Then, suddenly, spammers had their wonderful list of e-mail addresses. I would find adding my e-mail addresses to a list that would be so much scrutinized by spammers too risky in any case.
Technical reasons haven't worked so far, but the justice system in America has a shot of at least reducing the SPAM problem.
How do you ask?
$100 fine for every SPAM e-mail reported.
But how exactly are you suppossed to find out who sent the SPAM?
That's the beauty of it all. We don't fine the spammer, we fine the company who's product was advertised in the spam.
Of course this opens up the possibility of say, sending out a few million spams for Windows XP. That would mean you'd have to construct a careful audit of the company whom you were investigating for illegal advertising via spam.
It's not perfect, but a few major corporations (most likely porn companies) receiving a nasty audit that runs up several million in spam damages and maybe even some things they should have claimed on their taxes and didn't should intimidate others into not spamming.
Slackware, what else when it must be secure, stable, and easy?
Yeah, no duh!!! I know some folks who put their name and number on the national do-not-call registry before the law took effect, and guess what? The number of telemarketing calls nearly tripled!!! What kind of common sense is that?!
The way I see it, the email protocol needs to be updated so that the email header really shows where the email originates. Yes, it will break a lot of things, but do you mean to tell me that the ISPs and businesses - who are dealing with the flood of junk mail they receive and the bad image associated with Joe Lusers receiving spoofed mail with their names on it - will hesitate to modify their sendmail installation if it means that spam will be nearly eliminated? I don't think so.
What we need is an opt-in, DO-SPAM list. That way, those people who really don't mind getting spam can selectively do so. Then we make it illegal to spam anyone NOT on the list.
Give me my freedom, and I'll take care of my own security, thank you.
So these people will register with the US government, give them all their contact information including exact geographical location of their operation, and then illegally spam people on the list. Seems unlikely. There's more inconspicuous ways to go about acquiring email addresses.
This is sort of a pedantic post, but it's important: what we should be upset about is the loss of rights for suspected terrorists, not of actual terrorists. With the exception that they shouldn't be subjected to cruel and unusual punishment (not saying this doesn't occur), convicted terrorists (granted, not many exist at the moment) don't deserve many rights.
It's subtle but important: we need to argue for the rights of suspects, as the government should do all number of not-so-nice things to actual, convicted terrorists. If you confuse the two, you weaken your own argument.
It wouldn't frickin' work is the reason why. Without enforcement of existing fraud, tresspass-to-chattel, and denial of service laws, what difference would this make. Spammers are criminals in the first place, this won't deter them in the least.
Regrettably, there are no adequate instructive manuals for http://www.spamassassin.org
Apparently, to be certain about the possibility of false positives you have to go through all the messages at some point anyway.
OK. Here is my hair brained scheme. If they put out a "Do Not Spam" list then all the spammers have your e-mail address.
So, instead of doing that, how about any e-mail address that has ".ns." in it would be considered a flag that the individual does not want to be spammed. e.g. username.ns.domain.com
This way, the spammer (if caught) could be penalized in the same manner as the Do Not Call list. And this would not provide spammers with your e-mail address.
The down side is that anyone one who would like to add the ".ns." or "No Spam" designation to their e-mail address would have to change their e-mail address. But, if I could get the power of a "Do Not Call" list & law enforcement behind my new e-mail address for a 1 time change I would do it in a heart beat!
Heck, I'm going to have to change my e-mail address every 2-3 years anyway (damn viral spammers).
OK. Just to get a jump on things, I've gone down the check list. I still think the down sides or by far outwayed by the positives. AND IT'S OPTIONAL! & It's no worse than changing an e-mail address.
My post advocates a
( ) technical (*) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(*) Mailing lists and other legitimate email uses would be affected
MY RESPONSE: No worse than us changing our e-mail address now to avoid spam & it's a 1 time deal.
(*) No one will be able to find the guy or collect the money
MY RESPONSE: Sometimes yes, Sometime no. I'll take my chances with some good solid laws backing my *ss up. Free speach is protected & so is my right not to hear it.
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(*) Many email users cannot afford to lose business or alienate potential employers
** OK. So they don't have to "sign up" for it. They can keep their old e-mail addresses. Then again, how difficult would it be for an old customer to add a ".ns." to oldemailadress.ns.domain.com?
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(*) Open relays in foreign countries
**OK, but at least we can nail the US spammers & marketers.
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(*) Jurisdictional problems
**OK, but at least we can nail the US spammers. If it's popular, maybe other countries will sign up with similar plans to create a web of legistation to &(#@%)_@ spammers to the wall. Except for China of cours.
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
a
Every problem will be solved with a "PLEASE DO SPAM" list.
Think about it.
Government: Heres a list of people not to spam.
Spammer: Thanks for the list, im gonna go spam these people.
Government: Ah dammit.
Citizen: WTF LOL OMG BBQ TEH SPAM
Frink: Nice try floyd, but you were designed for scrubbing, and scrubbing is what you shall do.
but I run my own domains. If I don't make a big online publicity push, don't publish my email addresses, and don't list my page with any directories or search engines, it will at very least take much longer for them to find my address. If it takes them six months to get ahold of me, I'm 50% less likely to get spam the first year.
However, if I add one email address from my domain, they then have another domain name against which to run a dictionary attack.
I'd never thought I'd defend this kind of decision, but they have an (admittedly small) point:
Without some assurance of the identity of the originator of an email, making it a crime to send an email is an invitation to framing others. Also, it's not yet a crime to falsify headers or otherwise bypass the email identification process(there are laws that make it illegal to pretend you're someone else, even in email, but nothing says you can't pretend you're "nobody", nor does it mean you will necessarily be caught impersonating others(and a do-not-spam registry would be liable if it accused someone of spamming by going on what information is there, without some indication it's the whole of the true, that's called due process).
Let's hope the IETF finishes its sender-id mechanism soon, I can predict it will be illegal to circumvent it in short order, and the do not spam list will come into effect(but by then we won't need it anymore... We don't really need a do not spam law, as long as a person's email filters can gleefully butcher any email, with a 100% certainty that the email is legit, or not). We might find useful a clarification of the law that specifies explicitly that header-falsification IS indeed equivalent to the presenting of a false passport, in the eyes of the false document laws... But that could also be performed by jurisprudence. On second thought, let's get that clarification in the books right now, we don't want a judge to think that false id isn't false id if it's only 2.5 billion emails instead of just one passport...
That's right: all my spam comes from comcast selling my email address. Period
Does someone else have a similar situation?
-- I was raised on the command line, bitch
You are an idiot. It is trivial to do this in a way that doesn't give them anything of the sort. I hate it when unqualified and incompetent people like you don't know when to shut up.
Have a look at UK Mail Preference Service, also see Fax preference service and Telephone preference service. I've found these to be effective blockers.
The key elements of their success are:
So far there is not the same backing for email. The US Direct Marketing Association's eMPS service provides a limited service for honest suppliers, but does not have the legal teeth of TPS, MPS or FPS.
I'm aware that trans-national issues could cause some problems of using a Do Not Spam list within another country. However, for most non-electronic services it's unlikely that most trans-national advertising would be profitable. From the UK I'm not going to buy US inkjet carts, US student loans, Taiwanese products that I can't even read - so such emails are a waste of time to the seller. A properly filtered list could even be a business advantage to a bulk emailer or their customers.
Andrew Yeomans
Result - very little difference in spam volume. Maybe you could filter by the domains used - but these will also come and go rapidly.
I suggest you follow the money with SPF/etc - a few years downstream, you will need to pay someone to get your sent mail approved, either for an SPF/etc signature from your ISP or for your own domain. It's like paying someone to throw away all your mail unless it was posted in the mailbox you paid to use.
Andrew Yeomans