Slashdot Mirror
CAN-SPAM Is A Bust
Doc Ruby writes "The Congressional chatter about 'canning spam', in the CAN-SPAM law since January, has turned out to really mean 'they can still spam'. TechWeb News reports that 'In July, compliance fell for the first time under one percent to a measly 0.54 percent', from its 3% max. The researchers claim the ball has been dropped by 'law enforcement'. Those police are probably too busy deleting the 80% spam from their email, like everyone else."
Do we say it now, or do we still have wait?
If they only were using the time to catch real criminals like rapists and robbers, I could live with this. But since the money is used to catch potsmokers and the people driving 4mph too fast, I say fsck it.
Spamfiltering in all clients is a better aproach.
Making spam illegal wont help, making spam useless does!
The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
You're misunderstanding the problem. It's not that there are exceptions in the act for charities and such. It's that spammers are breaking the law overwhelmingly and are not being stopped. The researchers are blaming law enforcement, not Congress.
A generally accepted change in email specificaitons will prevent much of the spam. What does a law on the net prevent?
Slow news day?
Lets look at some quick facts.
1. The can spam law gave you and I (collectively the little people) exactly zero ability to extract anything from a spammer (like money) for damages.
2. The can spam law requires law enforcement to track down spammers. Honestly - does anyone think Johnny Law is going to be going through those mail headers looking for the true source of spam? Lets be honest, the first chinese IP and they quit.
3. This law does not place real world consequences for those breaking "cyber law". (It's supposed to, but the proof is in the pudding!)
4. It does not allow you to complain about spam as a denial of service attack (which it most certainly is!)
Until we start putting spammers in jail, or start forcing them to pay, and pay and pay and pay, you will continue to get spammed. Until then, lets be honest, the community is doing a better job of removing spam than the government is. Thanks NJABL, SORBS, Spam Haus et al.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Not spam per se, but stuff like this:
The researchers claim the ball has been dropped by 'law enforcement'.
This is no different than Bush blaming the CIA for doing exactly what he told them to do and composing reports and briefings that said exactly what he wanted them to say about Iraq's WMD capabilities.
It appears that "law enforcement" is going to be the next whipping boy for the failures and excesses of Congress and the Administration. The result of this legislative abuse of intelligence and law-enforcement agencies will be widespread demoralization and attrition. Think about it: do you see the CIA as a place to build a productive career? How about joining the FBI instead, where your job will be to carry the blame for failing to enforce the CAN-SPAM act? You'd be better off joining the Army, where you'll probably get to fight Gulf/Chevron/Texaco/ExxonMobil War III(tm) in the Sudan.
When you misuse tools, even good ones, they break. Why is nobody concerned about this?
So we were initially worried CAN-SPAM would fail because we feared it was so weak it might actually protect certain "marketers" who bothered to follow its provisions to the letter. Now it turns out that it's going to fail because even it its weakened form, it isn't being enforced...
I think CAN-SPAM could be a good thing if they did enforce it. Even if some spammers were able to still "legally" operate under it, it would at least rise the cost of spamming, shoving many spammers out of business. It would also shut down the worst spammers-- the ones who are [i]already[/i] using illegal methods to push their spam, such as mail server hijacking. We'd have a culling of the herds, as it were.
Of course, this gets to something I never figured out. If Company A in the united states hires Spammer B in Burma to spam U.S. citizens, and Spammer B violates the CAN-SPAM act in doing so, can Company A be prosecuted under CAN-SPAM?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
In many US states, it's a criminal offense to operate an anonymous business. California has a specific requirement that a business selling on the Internet must disclose their actual name and address before accepting a credit card number. Few spammers do that. We need to put teeth into that law by making the bank that processes the credit card transaction an accessory to that offense. It's aiding and abbetting money-laundering.
On a state level, make it illegal for a bank to charge a consumer's account for an Internet transaction unless the web site complies with that requirement. That would work as a state law, because it applies to the in-state bank that has the consumer's credit card account.
The card-issuing banks would push the requirement back through the system to avoid liability. They would force banks to insist that MasterCard and Visa International issue rules which require merchant banks to change their merchant agreement to prevent anonymous merchants.
With penalties applied through the banking system, spammers would find their ability to collect money much reduced. They'd be kicked out of banks the way they used to be kicked off ISPs.
More importantly ( and worrisome ) is that it setup a precedent, with public support, for criminalizing behaviors on the 'internet'. Opening a Pandora's box for the future..
Perhaps a better idea would have been to hold the end companies liable, civilly not criminally, with hefty fines.
Many forms of "behavior" are ciminalized on the Internet already, just as they are elsewhere. Threats, libel, slander, copyright infringement and many other on- and offline activities are illegal in all forms.
CAN-SPAM may apply only to the Internet, but it is hardly unique. There are many systems around the world protecting against unsolicitated offerings by (regular) mail, phone or fax. There's no precendent being made by making a law specificly for the medium.
The problem with holding the end companies responsible is that you must show they authorized it. Otherwise someone, without knowledge or approval could send spam FOR [company], and that company would get in trouble through to fault or action of their own. A Joe job, if you know the expression.
Kjella
Live today, because you never know what tomorrow brings
So basically we've learned that when people advance their careers by committing health fraud, insurance fraud, selling animal-abuse porn, and running pyramid schemes, they don't obey the law. Maybe next we'll learn that when politicians advance their careers by soliciting donations from corporations, they don't act against the interest of those corporations.
...spammers lie. What's to stop them for lying about their real name and address? The banks, VISA, merchant banks etc. would all pass blame along. They are usually breaking fraud laws, deceptive marketing laws and now can-spam. Why shouldn't they ignore those laws as well? It's the same kind of bullshit ISPs pull with their pink contracts. Claim ignorance, and at worst, pull the plug to run the same scam all over again.
Kjella
Live today, because you never know what tomorrow brings
http://thomas.loc.gov/cgi-bin/query/z?c108:S.877:
and spend some time to boil off all the legalese, you will see that the bill is not intended to prevent spamming. That was used as a sales point, but is not supported anywhere in the text. The bill is written obscurely enough that ordinary people cannot read or understand it. I assume that is by design.
Some of the main things it does do:
It destroys all existing state and local level anti-spam laws. Some of them were actually becoming effective, so they had to go.
It removes any legal right of action from 99.99% of the population. The only entities who can bring action under it are ISPs and a few governmental agencies.
If these ISPs/Agencies want to bring suit they must do so in a federal court, not state, local, or small claims. If you don't have $10,000 (US) that you can throw away to make a point, there is no reason to go there. You cannot represent yourself and even normal attournies are not all qualified to go there.
The few federal agencies that can apply the law, such as state attourney generals, tend to already be fully occupied with things like rape, murder, grand theft, and chasing down workers in the drug and terrorism industries.
If you come up to them looking for help, they have to decide whether to look into a few annoying emails, or go out and catch passing speeders and arsonists and burglars. Because they only see 1/10,000,000 of any given spam run, it will look like nothing more than a misdemeanor. It will usually look like it is not even in their jursdiction. Guess who wins?
Small ISPs are unlikely to have the money to pursue cases under this law. Some of the major ISPs have gone after a dozen or so spammers. Even if they win every case, twelve or so prosecutions a year is not a noticable deterent for the remaining hundred thousand or so spammers.
The net effect is that this bill ought to be called the I-CAN-SPAM act, as this would represent it accurately.
Spam laws you want enforced because they hurt you, I personally couldn't care less since I don't get more then 1 or 2 a year. I do however have to deal with the aftermath of speeding in the form of taking a good friend who is a ambulance medic drinking after he scraped yet another child out of a car hit by some speeder.
So you think your concerns are more important then mine? Either enforce all laws or enforce none. Spammers got the same excuses (they are not really hurting anyone) as speeders. Last time I checked spam never killed anyone.
I am glad the police has better things to do then catch spammers. Also your example about rapist and traffic violations is wrong. Wasn't ted bundy or another serial rapist/murdered arrested for traffic violation? So going after traffic netted the police a violent criminal. Not bad.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
There's two things missing.
First, the law must allow anyone to sue the spammer in civil court. Law enforcement has more than enough work to do, and limited resources to do it with.
Second, the law must target the actual problem. It will always come back, so long as there's no law that bans unsolicited broadcast advertising over networks paid for by the recipient. You get stealth spam, astroturf spam, spam pushing political parties and politicians, preeachers and churches, products and categories, lifestyles and cults, spam over SMS and instant messenger networks and on web boards and everything else.
If they initially limit it to unsolicited bulk commercial email, that will at least dry up the core of it for a while, until people start spamming public service notices and political messages to drive traffic to their sites, but this late in the game I'd be happy with a reprieve.
But opt-out lists and tagging and being an "honest spammer" doesn't cut it. Get a sunday newspaper. Make an estimate of all the ads in there, including the classifieds. That's the number of people just in your city who are willing to pay on average the equivalent of a month's service on a throwaway cable account to get their message in front of a few percent of a few million people, most of whom will ignore them. JUST from your city alone. On the Internet, every city in the world is the same distance from you... make allowance for the "honest spammer" and that's how many people will be lining up to hit your mailbox.
Every week of the year.
There's no room for the "honest spammer", unsolicited broadcast email (and unsolicited broadcast advertising on any media that's effectively free for the sender) has to go. No exceptions.
An effective law has to allow for civil suits by the injured party, it has to require explicit audited requests for the mail unless there's an equally explicit equally auditable relationship (like, it's a club you're a member of), and it has to target bulk mail.
Anything else just has too many loopholes to make a difference.
First, this is a straw man.
Second, spyware and spam work together. Spam can (and allegedly has) carry spyware, and spyware is certainly used to gather information for spammers. You don't need to treat resources spent on fighting spam as wasted, because the spammers and spyware publishers are intersecting sets.
Third, spam is a harder problem, and a bigger problem: while each piece of spyware is more abusive than each piece of spam, you can avoid getting spyware. There are well known and effective technical responses to the spyware problem. Not only are there programs like Spyware Search and Destroy on Windows, but you can pretty much avoid spyware with a little care: don't run Internet Explorer, or Outlook, or Netscape, and be careful about the kinds of software you download.
And consider... there's no spyware in open-source software. Not that it's technically impossible to write open-source spyware, of course. But if someone did, someone else would download the source and fork off a spyware-free version.
The only way to reliably avoid spam is to quit using email.
How would you feel if you had to pay 5c to everyone who reads your message every time you posted to slashdot, unless they said "OK, I'll take this without a fee".
That's what fee based services look like to people who run or are active in mailing lists. Yes, there's always built-in loopholes you can use to get around this, but every one I've seen depends on people not being stupid.
If you could depend on people not being stupid, we wouldn't have a spam problem because there wouldn't be any money in it.