Slashdot Mirror

← Back to Stories (view on slashdot.org)

CAN-SPAM Is A Bust

Posted by timothy on from the hundreds-per-day-here dept.

Doc Ruby writes "The Congressional chatter about 'canning spam', in the CAN-SPAM law since January, has turned out to really mean 'they can still spam'. TechWeb News reports that 'In July, compliance fell for the first time under one percent to a measly 0.54 percent', from its 3% max. The researchers claim the ball has been dropped by 'law enforcement'. Those police are probably too busy deleting the 80% spam from their email, like everyone else."

18 of 305 comments (clear)

  1. proposed amendment to CAN-SPAM by erroneus · · Score: 5, Funny

    I propose they add a vigilante provision that allows anonymous receivers of SPAM to seek out and beat the shit out of anyone found to be sending SPAM.

  2. If they only.. by Orgazmus · · Score: 4, Insightful

    If they only were using the time to catch real criminals like rapists and robbers, I could live with this. But since the money is used to catch potsmokers and the people driving 4mph too fast, I say fsck it.

    Spamfiltering in all clients is a better aproach.
    Making spam illegal wont help, making spam useless does!

    --
    The system had the verbosity of HTML combined with all the readability of compiled assembly viewed as bitmap images
    1. Re:If they only.. by SQLz · · Score: 4, Interesting
      If they only were using the time to catch real criminals like rapists and robbers, I could live with this. But since the money is used to catch potsmokers and the people driving 4mph too fast, I say fsck it.

      They do use money and time to catch real criminals....unfortunately society has deemed pot smokers and speeders 'real criminals'.

    2. Re:If they only.. by PhoenixOne · · Score: 4, Insightful
      > If they only were using the time to catch real criminals like rapists and robbers,
      >
      Yes, that's right. The three cops who enforce all law in the US are all busy fighting spam.

      Remember, just because you got a ticket for doing 90 in a school zone doesn't mean doesn't mean a rapist goes free... Bad logic kills.

      --
      Spell cheek you've failed me four the last thyme!
    3. Re:If they only.. by Jetson · · Score: 4, Informative

      Yes, really. Accidents are not caused by driving fast (excepting "too fast for conditions", which is a different issue entirely), but by speed differences. If you are driving slower than the surrounding traffic then you are causing compression and the need for lane-changing behind you, both of which increase the risk of collision. As my driving instructor once said "the measure of a driver's skill is not how few accidents he's been in, but how few he's caused".

  3. Not enough! by Trillan · · Score: 4, Informative

    We also need a clause that allows us to beat anyone who buys stuff from spam.

    (Note: It's spam, not SPAM. SPAM is a registered trademark of a certain food company that is graciously not suing the ass off of everyone, and asks only that we not capitlize the word.)

  4. You mean criminals aren't abiding by the law? by BeneathTheVeil · · Score: 5, Funny

    Well, I for one, am shocked. Shocked, I tell you.

  5. Re:Social engineering anyone? by Anonymous Coward · · Score: 4, Insightful
    Similarly here, an act that's got good intentions ends up having a few well paid government people slip in an exception here for telemarketers or a leniency for charities etc, and when it comes to implementation, the whole thing falls down

    You're misunderstanding the problem. It's not that there are exceptions in the act for charities and such. It's that spammers are breaking the law overwhelmingly and are not being stopped. The researchers are blaming law enforcement, not Congress.

  6. Spam is getting to be such BS by ghettoboy22 · · Score: 4, Interesting

    I run a small home server off my cable modem for myself only - no big commercial operation. Been doing this for about 5 years or so... finally gave up last week after my spam flow increased from ~100/day up to ~100,000 (yes, one hundred thousand) per week in the past month or so.... Tried RBL's, Razor, SpamAssassin, DSPAM, Apple's Mail.app client.... stuff only helped so much. Constanting having to fine-tweak filters, re-train Bayes. It's too much of a hassle. Now I've given up. Set Postfix to forward all my mail to my Gmail account. Has helped quite a bit, plus when I do get a message that makes it into my Inbox, Gmail's UI makes it pretty easy to mark it as spam. I'll try this for a while.

  7. Is this really a suprise? by cluge · · Score: 5, Insightful

    Slow news day?

    Lets look at some quick facts.

    1. The can spam law gave you and I (collectively the little people) exactly zero ability to extract anything from a spammer (like money) for damages.

    2. The can spam law requires law enforcement to track down spammers. Honestly - does anyone think Johnny Law is going to be going through those mail headers looking for the true source of spam? Lets be honest, the first chinese IP and they quit.

    3. This law does not place real world consequences for those breaking "cyber law". (It's supposed to, but the proof is in the pudding!)

    4. It does not allow you to complain about spam as a denial of service attack (which it most certainly is!)

    Until we start putting spammers in jail, or start forcing them to pay, and pay and pay and pay, you will continue to get spammed. Until then, lets be honest, the community is doing a better job of removing spam than the government is. Thanks NJABL, SORBS, Spam Haus et al.

    cluge

    --
    "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
    1. Re:Is this really a suprise? by AllUsernamesAreGone · · Score: 4, Interesting

      2. The can spam law requires law enforcement to track down spammers. Honestly - does anyone think Johnny Law is going to be going through those mail headers looking for the true source of spam? Lets be honest, the first chinese IP and they quit.

      The problem is that the most famous spammers, the ones responsible for the majority of the spam, make absolutely no attempt to hide what they are doing. Hell, if they prosecuted Alan Ralsky (who even slashdot readers managed to pin down a while ago, without access to many resources the police would have) then there would be a dramatic message sent to the spammers. Ralsky has given numerous interviews and has admitted what he does repeatedly yet he still walks free. Why?

      (oh, and a google search will show you that, at least last year, only 6% of spam is Chinese , 58% was American...)

  8. the little people? by nomadic · · Score: 4, Funny

    1. The can spam law gave you and I (collectively the little people)

    That's what the spammers are after; our pots of gold.

  9. And the general public doesn't realize... by Kjella · · Score: 4, Interesting

    ...they complain about the 0.2% that make it past the filters and blocklists to them. With the current growth, sooner or later it is going to collapse as even the 0.2% overflow their inboxes.

    Kjella

    --
    Live today, because you never know what tomorrow brings
  10. Great by mcc · · Score: 4, Insightful

    So we were initially worried CAN-SPAM would fail because we feared it was so weak it might actually protect certain "marketers" who bothered to follow its provisions to the letter. Now it turns out that it's going to fail because even it its weakened form, it isn't being enforced...

    I think CAN-SPAM could be a good thing if they did enforce it. Even if some spammers were able to still "legally" operate under it, it would at least rise the cost of spamming, shoving many spammers out of business. It would also shut down the worst spammers-- the ones who are [i]already[/i] using illegal methods to push their spam, such as mail server hijacking. We'd have a culling of the herds, as it were.

    Of course, this gets to something I never figured out. If Company A in the united states hires Spammer B in Burma to spam U.S. citizens, and Spammer B violates the CAN-SPAM act in doing so, can Company A be prosecuted under CAN-SPAM?

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts
  11. We need to fix this on the pay side by Animats · · Score: 5, Insightful
    We need to fix this on the pay side, where the spammers make their money.

    In many US states, it's a criminal offense to operate an anonymous business. California has a specific requirement that a business selling on the Internet must disclose their actual name and address before accepting a credit card number. Few spammers do that. We need to put teeth into that law by making the bank that processes the credit card transaction an accessory to that offense. It's aiding and abbetting money-laundering.

    On a state level, make it illegal for a bank to charge a consumer's account for an Internet transaction unless the web site complies with that requirement. That would work as a state law, because it applies to the in-state bank that has the consumer's credit card account.

    The card-issuing banks would push the requirement back through the system to avoid liability. They would force banks to insist that MasterCard and Visa International issue rules which require merchant banks to change their merchant agreement to prevent anonymous merchants.

    With penalties applied through the banking system, spammers would find their ability to collect money much reduced. They'd be kicked out of banks the way they used to be kicked off ISPs.

  12. Technology hasn't stepped up to the plate... by fmaxwell · · Score: 5, Interesting

    I really think my tax dollors could be spent on something better..like maybe giving it back to me.

    I don't want to hear any more right-wing whining about getting tax dollars back until the federal debt is paid down. I don't want my taxes to be wasted to pay for interest on a debt accrued largely by fiscally irresponsible Republicans like Reagan, Bush, and the younger Bush.

    spam is a techinical problem that can be solved through technical means.

    THEN FUCKING SOLVE IT ALREADY! We've had this problem for a decade and people like you keep saying that technology can solve it. So invent the technology, get support for it, get it deployed, and solve the problem. You're watching people drown in spam and you keep telling us that the government should do nothing because you're planning to pull a technical solution out of your ass. Some day.

    Anything else is just an excuse to have government regulate computer use.

    I think that the government should regulate computer use so that idiot conspiracy theories like yours don't waste bandwidth and storage on the net.

  13. I-CAN-SPAM Act Flawed By Design by Ken+McE · · Score: 5, Insightful
    If you take a look at the actual bill ~

    http://thomas.loc.gov/cgi-bin/query/z?c108:S.877:

    and spend some time to boil off all the legalese, you will see that the bill is not intended to prevent spamming. That was used as a sales point, but is not supported anywhere in the text. The bill is written obscurely enough that ordinary people cannot read or understand it. I assume that is by design.

    Some of the main things it does do:

    It destroys all existing state and local level anti-spam laws. Some of them were actually becoming effective, so they had to go.

    It removes any legal right of action from 99.99% of the population. The only entities who can bring action under it are ISPs and a few governmental agencies.

    If these ISPs/Agencies want to bring suit they must do so in a federal court, not state, local, or small claims. If you don't have $10,000 (US) that you can throw away to make a point, there is no reason to go there. You cannot represent yourself and even normal attournies are not all qualified to go there.

    The few federal agencies that can apply the law, such as state attourney generals, tend to already be fully occupied with things like rape, murder, grand theft, and chasing down workers in the drug and terrorism industries.

    If you come up to them looking for help, they have to decide whether to look into a few annoying emails, or go out and catch passing speeders and arsonists and burglars. Because they only see 1/10,000,000 of any given spam run, it will look like nothing more than a misdemeanor. It will usually look like it is not even in their jursdiction. Guess who wins?

    Small ISPs are unlikely to have the money to pursue cases under this law. Some of the major ISPs have gone after a dozen or so spammers. Even if they win every case, twelve or so prosecutions a year is not a noticable deterent for the remaining hundred thousand or so spammers.

    The net effect is that this bill ought to be called the I-CAN-SPAM act, as this would represent it accurately.

    1. Re:I-CAN-SPAM Act Flawed By Design by gujo-odori · · Score: 5, Insightful

      Yeah, what he said.

      I work for a large email security company, and before CAN-SPAM was even passed into law, it was obvious that it would be a total balls-up from the standpoint of preventing spam. Our network processes over 100 million messages per day, the great majority of it spam. Almost none of that spam contains a CAN-SPAM compliant notice, and one good reason it doesn't is the few spammers who tried that found our right away that having such a notice makes it very difficult to delivery your spam.

      In anti-spam circles, the act has long been known as the YOU-CAN-SPAM act for precisely the reasons that you state: it overturned all existing anti-spam laws (which were far more effective) and gave spammers a free pass to spam you.

      They have to stop if you use the unsub link, but let's face it, after years of unsub links that just confirm that you have a working address, no one would ever trust an unsub link in a spam, even one that purported to be CAN-SPAM compliant.

      Nor should they. I will tell you exactly what happens if you use the working unsub link. They drop you from the list for that exact pill which will get you 3+ inches in length and at least an inch in girth. Of course, they also have now confirmed that your address is working and being read, so you get on the list for the patch which gives you 1 - 3 inches in length and a substantial increase in girth. Or the simple, effective exercises, because as everyone knows, pumps, pills, patches, and surgery don't work. And of course, then you'll need an online bored housewife dating site with which to use your newly enhanced manh00d.

      CAN-SPAM has done absolutely nothing to can spam; indeed, it allows spammers to operate with near-impunity and it's the reason Scott the Snot Richter walked out of court in New York recently with a slap on the wrist (yes, to an enterprise spammer like Richter, a $40,000 fine and no jail time is a slap on the wrist, and was a great disappointment to the DA).

      It's really unfair of the people who WTFA to blame law enforcement; CAN-SPAM was bought and paid for by the DMA, who obviously owns the finest politicians money can buy. CAN-SPAM is functioning *exactly* as intended. If you read the details of CAN-SPAM, it is impossible to believe that it's authors were not precisely aware that they were legalizing spamming. Prior to CAN-SPAM, there was no federal law stating whether spam itself was legal or illegal. There were plenty of state laws that said much of it wasn't, and no state law that said it was. Now we have a federal law which explicitly legalizes spamming and destroys all state anti-spam laws Accident? Cluesslessness? Not a chance.

      CAN-SPAM has been very good for companies like mine, which provide services to keep spam out of companies' mail systems. Business is better than ever for us, and I'm sure our competitors are seeing similar business conditions. It has been pretty good for spammers, too, since they can carry out business as usual and do so without fear of prosecution or even, in most cases, of civil suit - something they could never do before.