FTC Defines Spam

Iphtashu Fitz writes "The FTC has just issued its final report on how it will define Spam with regards to the federal CAN-SPAM act. According to the FTC, bulk e-mail is commercial if it includes advertising and promotion or if the subject line or beginning of the message would be reasonably considered to be advertising or promotion. This is very similar to the proposed rules that were announced back in August. The modified rules also deal with the issues of transactional messages (an e-mail regarding an order that also includes advertising) and relationship-based e-mail (messages about product updates, etc)."

Great

Now they'll put the public domain literary quote at the start of the email to trip up the Bayesian filter AND to call themselves not-spam. It's not spam if the ad is at the end of the email.

Re:Great

[techno-vampire]

RTFA. If it *either* contains advertising *or* starts off as though it does, it's spam. Just putting a quotation in front of an ad doesn't make it no less of an ad and it's still spam.

Re:Great

[spac3manspiff]

Im glad our tax money is still being directed useless attempts as solving problems.
Why cant our government realize that being nice to China is not cutting it. Since most of the spam out on the internet is coming from China, we should be screaming at them instead of doing shit like defining what spam is.

Re:Great

[Andy_R]

It's spam if (to quote the FTC site) "a recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is commercial."

So this get-out doesn't apply, for which we can be thankful.

Re:Great

[dustinbarbour]

"Fool me once, shame on you. Fool me twice, shame on me!"

Your bayesian filter should be able to handle the changes without much more than a hiccup.

Re:Great

[dustinbarbour]

If you don't know what spam is, how can you tell teh Chinese what to stop? Secondly, why do you think the Chinese are gonna do a damn thing about it? Notoriously, the CHinese don't give a damn about it. In addition, the US government isn't going to appl;y any pressure on the Chinese over it. So quit your damn bitching.

Re:Great

[WhatAmIDoingHere]

Doesn't make it no less of an ad?

So it DOES make it less of an ad?

Re:Great

[techno-vampire]

Correction: it doesn't make it any less of an add. That'll teach me not to poorfraed my posts.

Re:Great

Statistics say most spam comes from the US itself... so stop blaming others and take the responsibility yourself.

Re:Great

[humblecoder]

With apologies to Justice Potter Stewart:

"I shall not today attempt further to define the kinds of material I understand to be embraced, but I know it when I see it... "

Re:Great

No. Most of the spam emails don't come from China. They come from the US. They are just 'store and forward' from China. Those terribly managed state-owned ISPs in China just don't care whether their bandwidth/mail servers are being used by spammers.

Re:Great

[WhatAmIDoingHere]

...

Read what you typed again.

Re:Great

It was a dingus, joke.

Re:Great

[WhatAmIDoingHere]

What the hell does that even mean?

Re:Great

[tacocat]

So if I make a post to a mailing list advocating the use of such-and-so software for solving some problem, like filtering spam, does that make me a spammer?

Honestly, they can call it whatever the heck they want. It's like trying to define porn. "I don't know how to define it, but I'll sure know it when I see it." We have a lot of filtering systems that seem to be much more effective at identifying spam than the congress-critters can. So if you don't mind, I'll just keep by bogofilter and ignore the rest.

It's fairly obvious that the U.S. Congress is not longer representative of the people who elect them. They get spam and they know what it is. We get spam and we know what it is. So why do you think it is that they just can't make a determination of what spam actually is?

How about something like this: If I didn't ask for it, or I don't already know who you are via mailing lists, orginazations that I belong to, or products that I have purchased directly from your company and have selected the "send me mail" box (which is OFF by default) then you are spam. In short -- no cold calling on the internet.

How hard can that be to actually write down? I did it and I'm not a congress-critter.

Re:Great

[tacocat]

I'm an advocate for blocking all Chinese IP addresses from the Western Hemisphere. We've managed doing business for the last 2000 years without them, we won't die if we blow them off. It's going to screw them up not doing business with us a lot more than it will screw us up. In a few years we won't be able to say that.

Look at the American IP subnets. If you try to run a business from a DHCP IP address you'll get so badly blocked you'll be hardly able to talk to yourself. So what do you do? You take the initiative to conduct your business from a non-DHCP IP address. And there's no way in hell that anyone can ever get that changed no matter what they do. The Administrators just simply will not tolerate it.

So why can't the same be applied to a nation of spammers? I really don't see any serious difference between RBL on DHCP IP addresses and RBL on Chinese IP addresses. If they can't do business with you via email, then it's their problem to figure something of a solution.

Re:Great

[techno-vampire]

In short -- no cold calling on the internet.

Good, if there were any way of proving that you didn't request the email. It boils down to waiting until there's a complaint, followed by your trying to get a conviction when it's your word against theirs. Much better is a way of idendifying forbidden emails by their content only, as that's fixed at the time of sending. Granted, this definition has loopholes, but spammers are stupid. There will be ID01Ts sending out spam that can be caught this way, and they'll be sent to the slammer where they belong. This will scare off some of the more timid wanna-bees, lowering the quantity a little. And, once this is working, it can always be extended.

Re:Great

[tacocat]

I think you missed something. If you make a warm call to me then you can make a reference to the original connection. An example would be to have a purchase order or customer number identified as a part of the email (header or body). That would identify that they either made up the number if they can't present it or didn't provide one because they don't have one.

And spammers are not stupid. You under-estimate them. With a business of $21Billion it's not going to attract only the idiots. But that kind of money will attract a lot of really smart people too.

Re:Great

[techno-vampire]

No, I didn't miss that. "Warm calls," where there is a history of communications both ways, aren't covered by this. If the caller can make a connection between this call and the past it's a different ball game.

As far as spammers being stupid, no generalization like this can be completely correct. However, I've seen many spam trying to fool me into reading them by having seeminly reasonable subjects and most of them wouldn't fool a child. As an example, I've seen spam with a subject like, "You told me this on December 23" sent to me on December 1, or "Daniel, this doesn't make sense" where my name isn't Daniel. If the spammers sending these out think they're clever, that just shows how stupid they are.

Pretty vague definition

[nizo]

And it hardly includes everything. What about those freaky religious spams from strange cults trying to save my soul? And what about spam in some weird language that my mail reader can't even render properly, with a free bonus virus attachment? What about spam that has no subject or message, just a url to a website (or even a picture)? Personally I think we should just broaden the definition of spam to be "any weird crap that I didn't ask for in my inbox" and be done with it.

Re:Pretty vague definition

[techno-vampire]

And it hardly includes everything.

"It isn't perfect, therefore it's no good." That's basically what you're saying. This is a first effort at banning spam, so it isn't going to catch everything. Let's see how it works, and expect it to be extended as time goes on.

Re:Pretty vague definition

[murphyslawyer]

Here's a curious one: if an email just contains a link to "Advertisement or Promotion" and the content itself is not contained in the email, does that count? I know I get a lot of spam that is pretty much just HTML containers for images located elsewhere.

Re:Pretty vague definition

[Andy_R]

Surely that mail is "advertising" the advert content it points to?

Re:Pretty vague definition

[Saint+Stephen]

The definition is not a definition of spam. The definition is a definition of "bulk unsolicited commercial e-mail."

Re:Pretty vague definition

[Steve+Franklin]

Sorry, my linguistic parsers don't go down to quite that thin a slice.

The definition of UCE is actually a bit broader than my own particular definition of spam, which is basically mass-mailed ads for something either unsavory in its nature or for something I could not reasonably be expected to want. Some guy wants to send me an ad for a book on Jewish genealogy in India, which I could conceivably be expected to be interested in, though I never asked for it, doesn't bother me, since this fits into the image I have put on public view on my website. It's the infernal baboons who send me this "Taken your meds yet today?" crap I would seriously like to see disemboweled on worldwide TV. And I'm afraid that's what it would take to get through to these lunkheads. Not that I'm advocating any more "reality TV"....

Re:Pretty vague definition

[Xiph]

I think you could interpret freeing your soul, as being a service.
So if they in any way, shape or form want you to pay for that, my guess is that freeing your soul would be a commercial service, thus making the content of the body primarily commercial.

Re:Pretty vague definition

[jc42]

Hmmm ... Lately I've been receiving a lot of spam that starts with a joke. Sometimes they're pretty good jokes, though usually I've heard them (having read rec.humor.funny since before it was on a web site ;-).

I can see them arguing that this directly addresses my interests, based on my long-term reading of r.h.f and Dave Barry, and the couple dozen online cartoons that I have bookmarked.

But I'd still consider them spam.

Re:Pretty vague definition

[NitsujTPU]

Doubt it.

My bet is that the terminology used here will be used in future decisions by defendants justifying that their email is not spam because it conforms to the guidelines.

"We built a relationship with user x when he submitted his email to enter a contest"

Re:Pretty vague definition

[iocat]

That's legit. Don't want spam, don't try and get something for nothing. Don't click the monkey, put the lobster in the pot, etc. WTF do you think will happen when you send some random company your email address?

Re:Pretty vague definition

[St.+Arbirix]

The technology should be stopping spam, not the FTC. As much as Slashdot complains about government oversight...

Re:Pretty vague definition

[phaze3000]

"It isn't perfect, therefore it's no good."

Actually, for once I think this is exactly the point. By giving a very specific set of guidlines which much spam already falls outside, the FTC is actually lending legitimacy to spam which doesn't fit their definition of spam. Alredy much spam has non-sensical subject lines and random setences at the beginning, followed by a huge advertising banner. According to the FTC, this isn't spam.

Re:Pretty vague definition

I received an 'spam' from a senator during campaign, then I complain to senate. The senator replied to me that it wasn't spam because isn't commercial.

Re:Pretty vague definition

[legirons]

""It isn't perfect, therefore it's no good." That's basically what you're saying."

He also knows that it will become the single legal definition of spam in many places

"This is a first effort at banning spam"

No, it replaces better attempts at banning spam, and those state laws won't have been the first either (UDP anyone?)

"it isn't going to catch everything"

If I got a dollar for every time I heard this phrase from vendors of absolutely useless spam-filters...

"Let's see how it works, and expect it to be extended as time goes on."

Why not make suggestions that would help it to work better now?

Re:Pretty vague definition

[techno-vampire]

However, having a definition that makes part of the spam forbidden is better than no definition at all. And, once it's in place, it can be adjusted. Given time, it can get better and more restrictive. If you insist on refusing to accept any definition that isn't perfect, you'll never get one and nothing will ever be done. Is that what you want?

Re:Pretty vague definition

[samantha]

No. It isn't remotely adequate to start with therefore it isn't worth farting around with. Go back for a more adequate definition and other requirement refinements.

Finally

[exigentsky]

I never knew what it was till now. I always thought they missplled Sam. Thanks to the FTC I now know it is a type of food!

Re:Finally

[dacarr]

this is food?!

Definition not broad enough?

[KillerDeathRobot]

It seems like the definition could be more inclusive. I get plenty of emails that have totally meaningless text and then sometimes (but not always!) a link at the bottom to something I could buy. I'm guessing that some of these are an attempt to see if there's anyone at my inbox reading mail, but in any case I'd definitely call these spam.

Re:Definition not broad enough?

[Andy_R]

This is explicitly mentioned in the PDF (buried away on page 63), and the definition DOES include this kind of mail, since it's the recipient's perception about it being spam or not that counts:

"As the Commission noted in the NPRM, one of its concerns in this proceeding has been that "spammers not be able to structure their messages to evade CAN-SPAM by placing them outside the technical definition of 'commercial electronic mail message.' A typical example is a hypothetical message, unrequested by the recipient, that begins with a Shakespearean sonnet (or paragraphs of random words) and concludes with a one-line link to commercial website."170 As the Commission noted, a recipient of such a message could reasonably conclude that the message's primary purpose is commercial."

Agreed

[mfh]

Yeah, what about all the spam I get that has things like "RE: your account" in the subject? Or "this is for you" ?

It is clear that CAN-SPAM is nothing but a can of spam.

Re:Agreed

[cdrguru]

Understand that none of this is "spam". It is coming from a PC infected with one of 1,000s of script-kiddy worm programs that blasts out email by the thousands.

Since you can't just use the Outlook Express contacts list anymore, they scan the computer looking for email addresses. And they find them. And, anyone that ever been sent email or participated in an email discussion with that person gets a worm email.

And worse, everyone likes to get the latest information about "their account", so they open the attachments. And send more worm email around the world.

This helps?

[One+of+the+abnormals]

I appricate the FCC for actually improving on the CAN-SPAM act, however... Will this really do anything? Most spammers will continue to plunder our inboxes with usless crap that we don't want. And it's not exactly like it is easy to report spammers anyway. I Googled for the e-mail address of the place to forward spam to. It took me about 25 minutes. This is the biggest problem that the FCC faces. Actually getting people to report spammers, rather than simply deleting the e-mails.

Re:This helps?

[drinkypoo]

Most public schools will continue to teach kids to misuse words like 'plunder' so they continue to plague slashdot with their inexplicable grammar.

Re:This helps?

[jsidious]

What possible misuse of plunder could one be taught? I also do not understand the need to plug a useless post regarding grammar into every thread. Where, in the course of either the article or the thread, did anyone use the words "plunder" or "plague," save you? Please, tell me. Moderators, please mod parent down, way down for being offtopic and completely nonsencical.

Re:This helps?

[Vengie]

One entry found for diction.
Main Entry: diction
Pronunciation: 'dik-sh&n
Function: noun
Etymology: Latin diction-, dictio speaking, style,
from dicere to say; akin to Old English tEon to
accuse, Latin dicare to proclaim, dedicate,
Greek deiknynai to show, dikE judgment, right
1 obsolete : verbal description
2 : choice of words especially with regard to
correctness, clearness, or effectiveness


Main Entry: grammar
Pronunciation: 'gra-m&r
Function: noun
Etymology: Middle English gramere, from Middle
French gramaire, modification of Latin grammatica, from Greek grammatikE, from feminine
of grammatikos of letters, from grammat-, gramma -- more at GRAM
1 a : the study of the classes of words, their
inflections, and their functions and relations in the sentence
b : a study of what is to be preferred and what avoided in
inflection and syntax
2 a : the characteristic system of inflections and
syntax of a language b : a system of rules
that defines the grammatical structure
of a language
3 a : a grammar textbook b : speech or writing
evaluated according to its conformity to
grammatical rules
4 : the principles or rules of an art, science, or
technique a grammar of the theater


S/He had the right word class (transitive verb in the infintive form) -- but a poor word choice.
Her/His grammar and syntax were correct. S/He was wrong in the semantics of his word choice. Grammar defines what classes of words are acceptable in what order. Clearly, the statement that someone is "... plunder[ing] slashdot" doesn't mean the same thing as someone "... harassing slashdot" -- yet in that context, plunder is not grammatically incorrect. It makes no sense, but it is by no means an improperly formed statement. [See also Chomsky and every compilers class EVER to implement LALR(1) for more on parsing/grammars/et cetera]

If you're going to be a "Language Nazi", be sure of your exact type....

Re:This helps?

The post to which drinkypoo (not me) was replying referred to the plundering of inboxes. Remember to browse at low thresholds if you want to see all the posts.

Re:This helps?

[Vengie]

GGP wrote "plunder" our inboxes. Clearly, no one is stealing anything from our inboxes. (They have no capacity to rapaciously steal everything in sight, leaving destruction in their wake.) Clearly, GGP meant "plague" our inboxes, as pointed out by GP's oh-so-witty "plague" Slashdot. (in ITALICS) However, GP is a douche that doesn't know what grammar really is, as GGP was grammatically correct, albeit with nonsensical diction.

Re:This helps?

[drinkypoo]

Sorry, next time I flame someone for this I will be sure to use the correct word. I, too, am a product of the public education system. If I learned anything useful, you can be sure that it was on my own.

Re:This helps?

[Vengie]

I'm a product of the (high school) public education system as well. There is nothing wrong with public schooling in many parts of the country. The generalizations that "ALL public schools are x" or "they cannot produce students capable of y" are pure bull. Public school has taken me quite far in life. Let poor Horace Mann sleep in peace; just because *you* wasted your time in public school doesn't imply that the rest of us did.

However, bonus points for the honesty to admit you made a mistake. Perhaps that is one benefit of coming from a public school background? Many of the Adoverites and Exeterites I went to college with were incapable of doing so... (Public school got me into a wonderful university [check post history] ...so don't knock it. )

-b

Re:This helps?

[drinkypoo]

well, i'm a product of california's public school system, maybe that helps. my problem in school was that I was too smart for the curriculum, so I got bounced around, skipped out of first grade, and never fit in anywhere. I was raised by my mother in a very safe place (Aptos, CA) and so by the time I got to junior high I was a pussified mama's boy who had to spend his time dodging ass-kickings instead of being in a learning environment. I never did grow a pair until long after I dropped out as a sophomore in high school and took the CHSPE and both my junor high schools and my first high school were sports-oriented, systems designed to punish those with more brain than brawn. Learning was far from my first priority...

Re:This helps?

[woodlander]

"This is the biggest problem that the FCC faces. Actually getting people to report spammers, rather than simply deleting the e-mails." I am not so sure about that. I have reported spam religiously for the last yeat, but I receive more now than a year ago. I think the laws need some teeth, and some way of forcing the ISPs to actually DO SOMETHING. I have been recieving viruses from the same address withing the SBC network for months. I have reported them many times, but nothing happens. When this part of the problem is addressed, spam will slow down.

Re:This helps?

Pretentious twit *rolls eyes*

like that'll help

Great. So now we'll see spam in the form of spoofed junk saying "Hey, remember when we were talking about blah blah blah. Check this out!".

definition...

[_PimpDaddy7_]

Main Entry: 1spam
Pronunciation: 'spam
Function: noun
Etymology: from a skit on the British television series Monty Python's Flying Circus in which chanting of the word Spam (trademark for a canned meat product) overrides the other dialogue
: unsolicited usually commercial e-mail sent to a large number of addresses

SPAM?

SPAM: Pink, canned, eaten by non-veggies?

I'm pink, therefore I'm SPAM.

BUY NOW!!!

[scribblej]

Wow, so it's spam if the subject line reads like an advertisment.

I guess I'm through sending my boss transaction reports with the subject line "ENLARGE YOUR PENIS!"

Aw, just as well, I'm sure she would have slapped me with a sexual harassment suit if I kept it up.

Re:BUY NOW!!!

[Not+The+Real+Me]

But will "ENLARGE YOUR PENIS!" be considered sexually explicit or just pandering to just the gullible?

I found found this item on the FTC site:
"Finally, the final Rule incorporates the Sexually Explicit Labeling Rule as promulgated in April 2004. The Commission vote approving publication of the Federal Register notice was 4-0-1, with Commissioner Jon Leibowitz not participating."

Does this mean that Playboy, a soft-core magazine, or Maxim, even softer but orientated towards the adult male, would be considered "sexually explicit" or would the "sexually explicit" label be limited to hardcore pornography (sex, penetration, etc)?

Definition Leads to Regulation?

The definition of spam by the FTC should lead to tough enforcement since the government cannot enforce regulations governing something that is poorly defined. However, the essential problem remains. Namely, most spam comes from China. How does the American government expect to enforce its laws in China?

When was the last time that American police arrested a Chinese thug for torturing a Tibetan child? See what I mean?

Re:Definition Leads to Regulation?

[jc42]

There have been some fun reports from people who have replied to spam from Chinese servers by sending back a message thanking them for their support of Falun Gong. It seems that the Chinese government has filters looking for messages that use those two words ...

Of course, this doesn't work for servers in Taiwan, and I've noticed that that's where most of my Chinese spam comes from, for some reason.

Definition Leads to Enforcement? Not Always.

The definition of spam by the FTC should lead to tough enforcement since the government cannot enforce regulations governing something that is poorly defined. However, the essential problem remains. Namely, most spam comes from China. How does the American government expect to enforce its laws in China?

When was the last time that American police arrest a Chinese thug for torturing a Tibetan child? See what I mean?

What about a header?

Perhaps this has already been suggested; however, what about requiring a special header that deals with the message type. For example, "MessageType: advertisement" could be used for promotions and ads, "MessageType: receipt" could be used to confirm an order or to e-mail you a receipt. This would allow e-mail clients to filter based on the message type.

Unfortuately, you would still have to download the message in order to determine if it was an advertisement or not.

Re:What about a header?

[Spy+der+Mann]

Unfortu[n]ately, you would still have to download the message in order to determine if it was an advertisement or not.

Not necessarily! The POP3 mail server can read the headers and use filtering, then reject the file if it looks like SPAM. Additionally, if the laws require that advertisement MUST HAVE these headers, under penalty of prison, the server could be programmed to store the message and record the mail transaction to be given to the corresponding authorities.

This is specially true if the spammer tries to do multiple (read: thousands) mail requests per day.

Spam definition?

[Dorsai65]

1) I didn't ask for it.
2) It isn't in my (native) language.
3) I have no pre-existing relationship with the company being mentioned.
4) The subject line must parse as normal language - |\|0 l33t-5p34| 5) May not include any attachments.
6) May not consist of only a graphic or link to a website.

For additional protection, hold the companies being advertised liable for the actions of the company doing the "promotion".

Re:Spam definition?

[Vengie]

> For additional protection, hold the companies being advertised liable for the actions of the company doing the "promotion".

NATCH! It is great in theory...until Company A Joe-Jobs Company B. (google "joe job" or check it on wikipedia....)

Re:Spam definition?

6a) Or be in html.

While there are some legit uses for having html, spammers abuse this feature so much by adding trackers, obscuring urls, running codes, etc.

Re:Spam definition?

[winwar]

"It is great in theory...until Company A Joe-Jobs Company B."

Well, a reasonable person would conclude (with supporting information) that Company A in your example is actually doing the promotion.

If you want to be more specific (assuming that the police and courts are not reasonable), hold the company that is PAYING for the promotion to be held liable for the actions of the company doing the promotion (in addition to the promoting company).

Sure, it would cost legitimate companies money. But spam already does. But they might like to know about their unethical competitors-and this would bring it to their attention.

Re:Spam definition?

[Dorsai65]

From what I read on Wikipedia, Joe-jobs aren't that common. I would suspect that any company that's the target of such an attack will have a pretty good idea of who's doing it, and why - and have ways of dealing with it. I would also expect that a Joe-job would be missing the link of funds being transferred from the target to the spamvertiser, which would be a good start toward demonstrating innocence to the authorities.

Re:Spam definition?

[Vengie]

You joe-job your competitor from a comprimised relay in China. There is no money trail to follow. Punitive solutions will *not* work. (Far worse to punish one innocent small-business than it is to let 10 spammers go free...)
-b

Re:Spam definition?

[Dorsai65]

I think you just said what I did, only differently.
I was trying to say that a company that used a spammer to contract advertising WOULD have a money trail; the target of a Joe-job wouldn't: the competitor that I spammed from that relay in China would _not_ have a financial link, and would thus have prima facie evidence of innocence in the eyes of the law.
Even routing the money through a middleman or three before it got to a spammer would leave a money trail to be followed; an innocent victim would be able to show that there was no expenditure to justify the "advertising".
Better to investigate the hell out of a dozen Joe-job victims and apologize afterwards than to let one spamvertiser go free.

Re:Spam definition?

[Epistax]

I consider spam any advertisement that enters my email, regardless of all considerations.

Let's equate this to murder since people nowadays only understand harsh things.
1) I am killed for no apparent reason (duh)
2) I am killed by someone who does not me, nor I him
3) I am killed by someone who I might know, or might know me, however no relationship existed.
4) I am killed by someone from whom I am currently buying things.
5) I am killed by someone from whom I have told I might buy future products.

So as you can see, I'm still winding up dead. Now change that to "annoyed" if you so must.

Re:Spam definition?

[Dorsai65]

I was just trying to point out that defining "spam" isn't quite as hard as the government dipshits are trying to make it.

Re:Spam definition?

[Vengie]

Who pays the cost of said investigations? So long as *No* expense is incurred on behalf of the joe-jobee, I have no problem with it.

Re:Spam definition?

[Dorsai65]

The investigation would be paid for by the government, since the government is the one that is making spamming illegal.

Re:Spam definition?

[deblau]

What about joe-jobs, or malicious false advertising? Say I spam you with a million emails a day, claiming to be a long distance carrier. You gonna hold Sprint liable for my spam, just because I have a grudge against Sprint?

Oh yeah, and even if #3 gets implemented, the burden shifts to you to keep the filters up-to-date. Normally, legit companies generally call you on the phone (or you opt-in to an email list). They have to figure out if they have a relationship with you before they contact you. Now, you have to figure it out ahead of time, to program the filters. Yuck.

Re:Spam definition?

[Dorsai65]

Joe-jobs were addressed in the first set of replies to my comment (Vengie).

As for #3, what filtering? If I get a spam from some outfit like an online pharmacy, why shouldn't I be able to just forward it to the appropriate authorities? If I (and a lot of others being spammed for them) do it, then the penalties for spamming us are enough to convince them not to do it again.

My opinion is that it shouldn't have to be up to all the people being spammed to filter or block the crap; there should be penalties to the spammers, and if necessary, the companies that hire them. Millions of people shouldn't have to be PROactive when the solution is to convince a few thousand people to be INactive.

Re:Spam definition?

[legirons]

Definition taken from SpamHaus:

A message is Spam only if it is both Unsolicited and Bulk.

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent.

Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.

Unsolicited non-bulk email is normal email, e.g. first contact enquiries, job enquiries, sales enquiries

Bulk non-unsolicited email is normal email, e.g. subscriber newsletters, customer communications, discussion lists

Making that into a legal definition:
An electronic message is "spam" if (a) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients, and (b) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.

Re:Spam definition?

For additional protection, hold the companies being advertised liable for the actions of the company doing the "promotion".

Ah, no.

Or your enemies will use spam to advertise you.

in china..

[radon28]

..these definitions are always positive!

Unfortunate Necessary Evil

The kind of folks that read /. want complete freedom on the internet. They also want no more spam.

The sad truth is that you can't have both. You either have an international body that regulates the internet (which personaly I don't want, and I assume most /.ers agree), or you have spam.

Spammers and anoyed people will continue to fight for a long long time.

Re:Unfortunate Necessary Evil

[antispam_ben]

The kind of folks that read /. want complete freedom on the internet. They also want no more spam.

The sad truth is that you can't have both.

Spam is NOT freedom, it is ABUSE of email. I (and I presume the majority of slashdotters, certainly the majority of email users) don't send email to people who don't want it (whether COMMERCIAL or not - The "C" word is a red herring). Stopping those who do would NOT involve (depending on how it's done) increased regulation of the Internet.

You either have an international body that regulates the internet (which personaly I don't want, and I assume most /.ers agree), or you have spam.

The way things are going, we're bound to have more and more of BOTH.

Re:Unfortunate Necessary Evil

[dustinbarbour]

Precisely.. The ONLY successful (legally and substantively) way to stop spam is at its terminus, the inbox. That's it. Delete it when it arrives.

Re:Unfortunate Necessary Evil

You either have an international body that regulates the internet (which personaly I don't want, and I assume most /.ers agree), or you have spam.

Or issuing spam could be illegal in every wired country in the world.

I don't think it is a necessary evil. I could do without the kiddy porn spams... I really could.

Re:Unfortunate Necessary Evil

[corsec67]

what about a technical solution, where mail is only sent from authenticated servers or something similar?
Due to the jurisdictional issues, a technical solution is just about the only solution that has any hope of working, as that wouldn't be limited to a single country.

Re:Unfortunate Necessary Evil

Hi spammy! Not only are you proving spammers are watching and astroturfing slashdot, but you are bringing up the censorship is EVIL claim again.

What about my right to ignore your crap? I have the right not to listen about your morgues, v1gr4, enlarge your p3n1s, latest MLM scam, etc and what ever other fraudulent stuff you maybe pushing. And I would hope that companies pushing their wares online do not have the freedom to do what ever they want, and there was some regulation as to what companies can and can't do with email!

Heck the spam doesn't have to be commercial, I can see people who don't share one's opinion spamming the hell into someone's email just to make their point. And the same thing goes for those who forge people's emails to Joe-Job them, sending out lots of emails with some enemies address and sending messages like ones pledging your support for pedophiles and child porn.

You do not have the right to force your way into MY mail box, hawk you "wares," nor waste MY bandwidth, time, and money. Don't give me that "just hit delete" or "just unsubscribe" bullshit because you know darn well that shit doesn't work, and why should I be punished for your actions?

Re:Unfortunate Necessary Evil

[fname]

The problem isn't that spam deserves freedom of speech protections. The problem is that in order to control spam, you need to control the internet. As soon as these restrictions start popping up, it makes it oh so easy to start controlling the internet to start limiting other "bad things" like porn, racism, subversive speech and p2p. What's the old saying... you can't put the genie back in the bottle? If you really think you can limit/eliminate spam without making it very easy for governments & corporations to limit a wide variety of other topics, then you are much less cynical than I am.

Re:Unfortunate Necessary Evil

[AmberBlackCat]

The kind of folks that read /. want complete freedom on the internet. They also want no more spam. The sad truth is that you can't have both.

They're not giving us either one. Given a choice, I would choose freedom on the internet. But since they're not giving us that, I think it's reasonable to call for spam laws that can actually be used to fight spam.

Re:Unfortunate Necessary Evil

[Vicsun]

blockquoth the parent:

Spammers and anoyed people will continue to fight for a long long time.

Spammers spam because someone pays them to. Those who pay the spammers pay them because they think someone will buy the product being spammed.
And so remains the question: who buys h3rb41 v14gR4? No, you aren't allowed to answer 'clueless (l)users' because, in my experience at least, even the most clueless will delete spam on sight. And anyway, will someone who just started to 'surf the web' even be able to read h3rb41 v14gR4?

Re:Unfortunate Necessary Evil

[bombshelter13]

I know what you're getting at... that the same complete freedom that lets us do whatever we want on the net lets them send us piles and piles of spam, right?

What you've missed is that this same 'complete freedom on the internet' would allow us to DDOS their servers into oblivion.

It'd even allow us to set up something kinda like SETI@home, only that instead of using your spare CPU power and bandwidth to find aliens, it'd be donated to DDOSing spam servers.

Re:Unfortunate Necessary Evil

[Lost+Race]

Heh, how about the complete freedom not to accept any mail from spam-friendly operations? Imagine two separate, distinct Internets: one that allows spam and one that doesn't. They're both worldwide, but they're not connected to each other. You can choose which one to be on, unless you spam, then your node gets cut off from the spam-unfriendly network and the spam-friendly network is your only option. Spam all you want; your only victims will be other spammers.

That is already happening. In a few more years spammers won't be able to stay on the spam-unfriendly Internet long enough to make any money, so they'll go into some other sleazy business instead.

Re:Unfortunate Necessary Evil

[Sein]

So, you support the Microsoft Tax on Email (Bonded Sender) where even non-profit mailing lists like the Linux developement lists have to pay IronPort/Bonded Sender to be able to send mail to people who've asked for the mail?

I think the consequences of that are likely to be far more unpleasant than the current spam situation....

Re:Unfortunate Necessary Evil

[Sein]

Yeah, that worked real well for Lycos, didn't it?

Re:Unfortunate Necessary Evil

[bombshelter13]

Yeah, because we don't have this hypothetical 'complete freedom on the internet'.

Re:Unfortunate Necessary Evil

[martinX]

But there's a difference between spam, that is pushed at you, and the other 'nasties' you mentioned, which must be sought.

Real world comparison: it's easy enough to stop unsolicited commercial mail. Put a sign on your letterbox saying "no junk mail" and have laws to back your choice not to receive it. It would be difficult to then turn those laws, or the thinking responsible for those laws, into laws banning an adult porn shop.

Two different things accessed in very different ways.

Re:Unfortunate Necessary Evil

[MightyMartian]

We have customers who have got as much as two hundred spam a day. Frequently they manage to delete good mail with the bad at these high volumes, and are thus forced to wade through the mess.

We have had enormous success with using a Postfix server sitting between the outside world and our mail server. With greylisting in place, we've seen 90%+ drop in spam and worms.

Re:Unfortunate Necessary Evil

[samantha]

This is equivalent to saying that I can have freedom from full police surveillance AND protection from random persons crashing through my house whenever they wish. Perhaps more to the point, this is equivalent to saying that I can't both be free of government agents listening to every call and have a do not call list to block commercial phone spam. What is so hard about a "no unrequested spam email" list and procedures to register complaints and or automagically detect violations? Why would such a list take away internet freedoms?

Or was that just hyperbole?

I may not be able to define it

[RealAlaskan]

I may not be able to define it, but I know it when I see it!

``Unsolicited bulk email'' seems like a pretty good definition to me, but I guess that's not quite good enough for the brainiacs at FTC.

Goodbye Yahoo Groups!

[Andy_R]

Yahoo's business model for it's mailing list service (Yahoo Groups) is to attach ads to 'legitimate' mail it's users send.

These mails fit the new definition of spam: "bulk e-mail is commercial if it includes advertising and promotion ".

The same also applies to Topica, and no doubt many other ad-funded list servers.

Re:Goodbye Yahoo Groups!

[Andy_R]

Hmm, replying to my own post here, but I wonder how 'bulk' is defined?

Does putting the same ad on lots of different indiviual mails from customers count as 'bulk'? If so, Yahoo Mail and Hotmail have to die too!

Re:Goodbye Yahoo Groups!

[Cmdr+TECO]

No, if you actually read the FTC document, the third bullet point covers this:

... a recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is commercial.

Re:Goodbye Yahoo Groups!

[Andy_R]

That's a grey area, I tink since Yahoo's primary purpose is clearly commercial, it's not just running a listserv out of the goodness of it's heart!

If there are 30,000 characters of jpg advert and 7 characters of "me too!" in a mail (or as sometimes happens, no characters of actual content at all), surely the advert is it's 'primary purpose'?

Re:Goodbye Yahoo Groups!

[humblecoder]

I think Yahoo Group emails would still be allowed since they are usually solicited. Normally, you only receive emails from a Yahoo Group if you explicitly sign up for them.

Likewise to other ad-funded mailing lists...

Re:Goodbye Yahoo Groups!

I'm sure it's been covered in the legal disclaimer when you joined Yahoo Groups.

Re:Goodbye Yahoo Groups!

[yelvington]

Yahoo's business model for it's mailing list service (Yahoo Groups) is to attach ads to 'legitimate' mail it's users send.

These mails fit the new definition of spam: "bulk e-mail is commercial if it includes advertising and promotion ".

This is very wrong, and it's unfortunate that someone moderated it up. The rules clearly address "primary purpose." The FTC has no authority to ban sponsorship messages in Yahoo Groups emails, whose primary purpose is other than to deliver that advertising, and whose delivery was specifically requested by the recipient.

In addition, the headline on this slashdot posting is wrong, as is the summary. The FTC specifically says:

A few comments suggested definitions of the term "spam." In the CAN-SPAM Act,
Congress set forth a regulatory scheme built around the defined terms "commercial electronic
mail message" and "transactional or relationship message." Because this structure is provided in
the Act, it is unnecessary to define the term "spam" in the context of this rulemaking, and the
Commission declines to do so.

The FTC is not trying to keep advertising out of subscription-based services.

Re:Goodbye Yahoo Groups!

[Andy_R]

I'm glad you are in charge of what's right and wrong, as well as determining the limits of the FTC's authority :-)

However, if you actually read the FTC's comment you'll find this bit on page 36 of the pdf: "As the Commission noted in the NPRM, however, CAN-SPAM refers to the primary purpose of the message, not of the sender. The primary purpose of an email message may be fairly determined by looking at the sender's intent or the recipient's interpretation. The latter is the better choice because it is consistent with the Commission's approach to analyzing deception in advertising. The "recipient's interpretation" approach also eliminates a vast potential loophole for spammers."

Spam is wrong, and there is no exemption for spam sent via a subscription based service. What counts is if the recipient interprets it as spam.

Re:Goodbye Yahoo Groups!

[AndroidCat]

I thought most people blocked Topica years ago.

Re:Goodbye Yahoo Groups!

[yelvington]

Spam is wrong, and there is no exemption for spam sent via a subscription based service. What counts is if the recipient interprets it as spam.

Again, the FTC did not define "spam." It defined mail that can be considered "commercial" and therefore subject to the rules laid down by the CAN-SPAM act.

If an email is considered "commercial," it is not necessarily prohibited. You should read the entire act carefully. It doesn't prohibit transmission of emails that have been requested by the recipient, and when you subscribe to an email list, you are doing exactly that. The inclusion of advertising in the list may cause it to be subject to rules governing false headers, opt-out (unsubscribing), et cetera, that do not necessarily apply to purely private mail. But that should not create a problem for any competently run commercially backed list.

Hey, this is funny stuff

[lheal]

"FTC serves up fully baked spam recipe"

Stop, yer killin' me! I can't breathe!

"Spam" as in the Hormel product and "spam" as in email sent to multiple recipients who didn't ask for it.

I'll never get tired of that one. If only it could be put to music...

Re:Hey, this is funny stuff

[Lost+Race]

The Hormel meat product trademark is "SPAM" (all-caps). See here: SPAM and the Internet

That's OK then

[Nine+Tenths+of+The+W]

I mean, "Greetings, I am the son of the former Nigerian dictator" isn't advertising or promotional, is it?

Re:That's OK then

[Fareq]

Its not spam.

It is, however, [e-]mail fraud

Re:That's OK then

[OnlineAlias]

Actually, there is another nice silly internet word for it. That is a phish.

Re:That's OK then

[TheDauthi]

Only if you're NOT the son of a former Nigerian dictator.

Re:That's OK then

[Vicsun]

Fraud is already illegal. And the above is e-mail fraud, not spam.

Mail Abuse

[Chandon+Seldon]

I really don't care what the definition of Commercial Bulk Email is in the context of Spam.

Someone is abusing the email network if:
They are intentionally sending email messages to a bunch of people who didn't ask for them.

Counterexample?

Re:Mail Abuse

[ebrandsberg]

There is a fine line between spam and unsolicited commercial e-mail. Spam won't be targeted to a particular group of people that may actually WANT to see the contents, it's just a shotgun. It won't provide contact information for the business behind it, and it won't provide a means of being removed that will actually work. An example of UCE that makes some sense is for one realtor to provide to other realtors in their region with new listing sheets, because it can help BOTH parties, even if one didn't ask for it. My mom does this (she is a realtor) and had one realtor complain about it. About a month later, that realtor lost a sale because she didn't get the later e-mails. She asked to get them from then on. This is NOT saying all companies should do this, it is a VERY specefic case where both parties can actually benefit from the information provided, but would still be considered "spam".

Re:Mail Abuse

[Chandon+Seldon]

When she started this, she had a short list of people she wanted to send the messages to, right?

The appropriate protocal would have been to individually mail the people on the list with "Would you like me to send out my listing sheets to you?"

Everyone who responded "yes" should have been added to the "mailing list", everyone else should have been left to ask to join themselves.

If at some point in the future there was a new person who would be appropriate to send the messages to who had not been asked before, a single email asking if they wanted to be added to the list is appropriate.

The key is:
Personal messages are fine, but people shouldn't get onto mailing lists without explicitly asking to be on them.

Re:Mail Abuse

[ebrandsberg]

Actually, no. She had a list of the e-mail addresses of everybody on the board of realtors mailing list, and used that. And from your example, even the first mailing would have been incorrect, if it was an ad, be it a "friend" list or not, should she have sent it?

Re:Mail Abuse

[Chandon+Seldon]

People shouldn't be added to mailing lists unless they request it.

Her sending personal emails to the people inviting them to be on her mailing list wouldn't be a problem.

Bulk mailing the invitation is quesitonable. If she could send messages to the "board of realtors mailing list", that would be an appropriate place for the message. If not, it would require a judgement call to decide if the existing business relationship is close enough to send the invitation.

Re:Mail Abuse

[antispam_ben]

Bulk mailing the invitation is quesitonable.

Bulk mailing of an unsolicited message is unquestionably spam.

In this example, she can take an ad out in a newspaper/magazine/meduium other local realtors would read, offering to add them to her mailing list. Yes, this involves paying money for advertising, but advertising the list through unsolicited bulk email, while 'free' (no incremental cost above email access), is spam.

Re:Mail Abuse

[MightyMartian]

Basically we've set up a web page where are our customers can control how the anti-spam controls work. If a customer wants, they can whitelist absolutely everything coming to their address.

There's no 100% guarantee short of total whitelisting, of course. Even the cleverest spam filters are going to take down a legit mail.

Re:Mail Abuse

[Chandon+Seldon]

Bulk mailing of an unsolicited message is unquestionably spam.

Counterexample:
If you have a list of 7 friends/relitives and you CC them all a "Merry Christmas" message, that's not spam due to a pre-existing relationship.

The real question there may be what number makes up "bulk", but sending 7 viagra ads to spidered addresses is definately spam.

Going back to the realtor example, I'm sure the following wouldn't be spam, as long as the recipients are aquainted with the sender by name.

To: "Jack", "Liz", "Bob"
From: "Sal"
Subject: Price Sheets

Dear Jack, Liz, and Bob:

I'm going to be emailing out price sheets every couple weeks. You interested in getting them?

-- Sal

So Much for My Festive Christmas Mass-Emails....

[muntumbomoklik]

Dear All, ---- addressing people 'en masse', strike 1

Hope you enjoy the presents that I sent out!---- advertising and self-promotion of products, strike 2

With Sincerity, ---- blatant lies, strike 3

arrested

Re:Definition Leads to Enforcement? Not Always.

I like your trolling within context. I wish to subscribe to your newsletter.

That's a strange definition.

According to your proposed definition:

• Anything in your native language is not spam.
• Anything with a normal text subject line is not spam.
• Anything without an attachment is not spam.
• Anything with any amount of normal text is not spam.

That's pretty weird.

This is stupid, and doomed to make things worse.

[qtp]

The FTC defining spam is the first step to a "protected speech" claim by at least a segment of the direct email marketing industry. Laws are going to be inneffective due to the interrnational nature of the problem, and due to the sub-sub-sub-contractor practices that dominate.

The only possibly effective remedy I have come accross is the widespread addoption of SPF (as long as domains are publishing sufficiently restrictive policies), beysian filters, and blacklisting (either by users, by admins, or some combination of both).

Before anyone gets thier panties in a knot over blacklisting, SPF changes the nature of blacklisting by making it possible to identify which persons, hosts, or domains are responsible for the offending emails. The problem of false positives goes away if sending and recieving domains are using SPF (and the persons maintaining the blacklist are behaving in a reasonable manner).

The FTC cannot define spam, as what is spam to one might be truffles and cheese to another. Only I can decide what is spam (in my account). Quit bugging the legislators and start bugging the admins (or, better yet, the executives) to implement some simple, common sense measures (such as, if it originates at a "martian IP addy", it's probably not wanted), checking the legitimacy of the sender (SPF), allowing your users to help identify spam by submitting examples for your beyesian filters, and taking part in creating/maintaining a blacklist of the very worst offenders.

Re:FTC is so stupid

HAHAHAHAHAHA I get it!!!!! You make joke on ENGLISH!!!!!!!!! Artikel say 'FTC make spam definition', but you twist secret words to make new message about canned foodgoods!!!!!!!!!!!!!!! I am laughing at the joke with my face!!!!!! :) :) :)

Advice for how to

[AGTiny]

At work we have a project on the table to develop a web-based tool to spam a lot of people, and to try to avoid getting blacklisted by hopping mail servers.

I have ethical concerns over having any part in the development of this software.

Any advice on how to talk the business people out of doing this? I've sent them all the CAN-SPAM stuff I can think of, but I'm not sure they are scared yet.

Re:Advice for how to

[skraps]

If you don't do it, someone else will. I'd say just collect your paycheck and go about your business. I don't think you can be personally held liable.

SPF and other technological measures will deal with spam just the same, regardless of whether you are a good samaritan. No need to risk your livelihood.

Re:Advice for how to

[techno-vampire]

There is no way. If they're planning to hop servers to avoid blacklisting, they already know the possible consequences and don't care. My advice is to start looking for a job right now, and get out of there ASAP. Don't do anything to sabotage the project, either now or after you leave; you don't want to descend to their level. Of course, making sure the spam hunters know exactly where it came from isn't sabotage...

Re:Advice for how to

[rewt66]

There are two ways that I can see to go about it. The first (and more honorable way) is to calmly inform your boss, and perhaps his/her boss, that you cannot in good conscience work on a project that will have the primary result of irritating, annoying, and enraging innocent people whose only "crime" was having an e-mail address. Tell them that if they persist in this project, you will quit rather than have anything to do with it. And tell them that you will let it be publicly known that their company is working on such a tool, so that the public can express to the company how they feel about said company helping the slimeballs who fill all our inboxes with junk. Note that you would not be exposing any of their trade secrets or techniques; merely letting people know what they are building. That's the honorable (and potentially very expensive) way. The less honorable way is to anonymously inform the press, the FTC, and /. which company it is and what they are working on. But I think these are the only two ways, because nothing but public pressure is going to stop them.

Re:Advice for how to

[Indy1]

whats the name of your company, who do they host with, etc? Nothing like a pre-emptive firewalling to keep my inbox clean.

Btw: tell your bosses that hopping mail servers is a good way to get your entire isp firewalled by a zillion mail admins, or sbl'ed, or listed in spews.

Re:Advice for how to

[AGTiny]

They host through the same ISP as my home DSL connection (on which I run a mailserver), but luckily they have their own class B address space that can be easily blacklisted. :)

Re:Advice for how to

We call this "The Wernher Von Braun," or simply "The Wernher." Despite Hitler murdering Jews and gypsies and faggots, Wernher still stuck it out like a real man and made those rockets for his Fuhrer. Always take orders, it's what a real man does. You got to learn to take orders before you can give them. Pull yourself up by the bootstraps. Always be Christian, but never be communistic and anti-materialist like Christ was, that's just being a stupid liberal, but still be a Christian! Quit daydreaming! Always watch the television, especially the news, and always read the newspaper, and always listen to political talk radio. And vote! Always be voting! Always be voting, and filling out surveys! Surveys! And explore your sexuality sometimes too. You must explore! And learn! Always learn more, and read, and educate, and work. Always work, and learn, and spend, and give your opinion, and work some more. And spread the word why don't you!

Re:Advice for how to

[skraps]

Fascinating response. I am moved.

Re:Advice for how to

[JoeF]

http://www.spamhaus.org/news.lasso?article=152
http://www.spamhaus.org/news.lasso?article=155
http://writ.news.findlaw.com/ramasastry/20041215.h tml
And lots more... Google is your friend...

Re:Advice for how to

[mforbes]

As am I, but it's more of a bowel movement. The grandparent of this post makes me feel like shit for being a programmer.

Re:Advice for how to

Well don't dwell on it! Don't be a self-hating, self-defeating, nihilistic liberal! Pull yourself up the bootstraps! Don't be a self-loathing libbie! Get out there and shake it up! Go write some code! Go write code! And be quick about it so you can finish! So you can finish, and then write some more! If you get tired, go to sleep quickly so you can get up early and get right back it! Don't stop! Don't stop and dwell! Idle hands are the Devil's playthings! Do you have a wife yet? Get on that! Get out there and get yourself a good wife! And have some kids why don't you. Three or four or more. Raise them up right. Feed them well and get them on the football team for Christ's sake! Keep them busy and doing lots of chores! Teach them to be like Werhner. Always remember Werhner: never stop.

Re:Advice for how to

Good! Keep on moving! Don't stop! Never stop! Stay encouraged! God is with you son!

Re:Advice for how to

[dcslyone]

You might refer your employer to their ISP's Acceptable Use Policy and explain how bad things might happen to thier connectivity if they go forward with this plan.

"UBE" is a GREAT definition

[antispam_ben]

... I sure wish the FTC would use that definition, otherwise we're bound to start getting tons of political unsolicited messages (see my journal about the Kerry spam, though of course that was just a scam (does that make it "commercial" and fall under the FTC's claim as spam?) to steal donations to the campaign), religious unsolicited messages, and just plain garbage unsolicited messages: spam promoting beliefs and ideas instead of products and, uh, "services."

Years ago they promoted the address uce@ftc.gov for sending spam (that I heard they stored in a refrigerator-sized database, sorted by content type - mortgage, pr)n, 419, and a bunch of other totally useless categories), perhaps we should have flooded ube@ftc.gov as well or instead (and maybe use a bounce address of uce@ftc.gov).

The same emerging problem with unsolicited faxes was nipped in the bud over ten years ago with the whatever-it-was Telecommunications Act, and it's surprising that junk faxes still exist - way too few people know about that law. A similar law could send many spammers running like cockroaches in the light as millions go for their $500 per spam - unfortunately, spammers have a reputation for being small-time "checkenboners" and are thus judgement proof. But one or two states (ISTR Washington Sate) have had similar laws, and (apparently a very few) people have actually got judgements and/or collected from spammers.

Re:"UBE" is a GREAT definition

[Lost+Race]

UBE = email spam, plain and simple. (The term "spam" can also apply to other media besides mail; I'm not aware of any all-encompasing general definition of "spam".)

The FTC has to stick "commercial" in there somewhere, because that's the only way it has jurisdiction. Remember, it's the Federal Trade Commission.

Re:"UBE" is a GREAT definition

[SetupWeasel]

Good luck stopping political email. It will be a cold day in hell when that is stopped. Same goes for all non-profit organizations.

In all honesty these are not the beasts we are worried about. They are only the small fraction of bulk emailers we could find.

All your spam belong to us...

I shall now patent the term, SPAM, and use it for my profits!

FTC Issues Hot Air

[IO+ERROR]

Your post advocates a

( ) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
( ) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:

and the following philosophical objections may also apply:

(x) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(x) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
( ) Other:

Furthermore, this is what I think about you:

(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Re:FTC Issues Hot Air

Are you people insane? Every time some fucker posts this stupid form, some idiots moderate it +5 Insightful. Well that's fucking nice, we've only seen this stupid fucking form only 10E43 times.

what about those poor people

[Kanasta]

in Nigeria who need my help in transferring their money from their politically assassinated parents to the US (which strangely is not where I live so I don't know how I could be of any help)

well, it's not like there's anywhere we can easily report the stuff anyway

Re:what about those poor people

[ydra2]

Well it depends. If it's the wife of assasinated:

1) Secretary of Finance
2) Chief Director of Foreign Accounts Payable
3) Head of International Investments Agency

then you say you need at least a hundred gajillion bazillion dollars to become interested.

But if he/she is the (not assasinated):

A) Minister of National Insurance Payments Division
B) Comptroller of State Bank Finances
C) Under Secretary of Lost Moneys

then tell them you need to see a bazillion gajillion dollars upfront first.

Then and only then do you start negotiations. And don't let them snow you with poor relatives and legal issues and what not. Collect the first hundred billion in ernest money before you commit to anything. After that you take them to the cleaners for everything they're worth.

Re:Michael Shut the Fuck up!!

[mabinogi]

what the hell are you talking about?

Michael didn't make any comment at all...

and if you're talking about the from the.....dept line, then you need to step away from the computer, and go take a walk outside for a bit.

Re:Pretty vague definition- Better than nothing ?

What you're advocating is that something is better than nothing. Are you sure about that ?

In the world I'm living in *some* help is regarded as helpfull (By many parties) (which, in many cases, isn't), and a reason to reject any (further) involvement from parties that could be really be helpfull, but would rather not burn their fingers on you/do any real work, or want to be assocciated with whomever is "helping" you.

In less words : "some" help could actually be quite the opposite ...

vote

I think we can let the receivers vote. An email is spam if more than 50% people say so. :-).

And then the result could be used to determine if the web site should be shutdown or not.

Not just bulk mail!

[Andy_R]

Buried on page 16 of the full PDF text is this little gem....

"The text of the Act has no business-to-business exemption and
[i]does not establish a minimum number of email messages that must be sent before the Act applies.[/i]" (my emphasis added)

There is no requirement for the mail to be bulk, which the article implies there is. This is (imho) a very wise move, just because someone sends 1 spam instead of a million doesn't mean it's legal or morally acceptable!

Re:Not just bulk mail!

[WhatAmIDoingHere]

Come on, your UID is so low and you don't know how to use /. yet?

Read the "Allowed HTML" under the Submit button.

Re:Not just bulk mail!

[cpt+kangarooski]

114,137 is a low UID now? Damn.

Mine would be lower, but I didn't sign up until they stopped allowing non-anonymous posts w/o accounts.

Do you Yahoo!?

[rice_burners_suck]

...if it includes advertising and promotion...

In other words, if I send an email to my mother to tell her Merry Christmas, and I send it from Yahoo!, then the crap that Yahoo! appends to the email causes my email to become spam under this rule.

I think that really sucks.

________________________________________________ __
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/

Frank Castle style!

[Scrameustache]

At work we have a project on the table to develop a web-based tool to spam a lot of people, and to try to avoid getting blacklisted by hopping mail servers. Any advice on how to talk the business people out of doing this?

I reccommend a killing spree.
Please? We'll hide you once it's done, promise!

Re:Frank Castle style!

"At work we have a project on the table to develop a web-based tool to spam a lot of people, and to try to avoid getting blacklisted by hopping mail servers. Any advice on how to talk the business people out of doing this?"

Just quietly start giving evidence to the FBI/FTC, and try to get the business raided, same as you would if they were using "pirated" software

may i be the furst to say

[CobwoyNeal]

burn, spammers! Your end is at hand!

CAN-SPAM

[mantle_etching]

The FTC are defining "puns" next.

spam needn't be a problem anyhow...

[tdhillman]

As much as the stuff can drive me crazy, after nearly 15 years of expereince with e-mail, H've discovered that it isn't hard to stop the spam once you put your mind to it.

The Mailblocks challenge/response system has virtually stopped spam dead in its tracks. A $10 a year fee is almost to little for what gets blocked.

Add in a gmail account, and mail is clean as a whistle.

However, there are a few girls on mailblocks that do want to show me their picture....

Re:spam needn't be a problem anyhow...

[AndroidCat]

How does that challenge/response system avoid sending unwanted email to forged "senders"? How well does it work when initiating email with someone that uses the XYZ C/R system?

Re:spam needn't be a problem anyhow...

[tdhillman]

Experience with challenge response systems indicates that nothing ever ends up in the inbox without having been verified by either the system or me (I do confess to looking into my pending box and finding spam there, where it is supposed to be.

If anyhting does miraculously get through, it can be stopped just as easily.

Phishing too gets eliminated- without the response they get nothing.

Ultimately dealing with spam is akin to putting a decent security system on the house. Intruders can be kept at bay by solid security practice.

AS to xyz c/r, I confess to ignorance-

Re:spam needn't be a problem anyhow...

[AndroidCat]

I'm sure that C/R keeps your mailbox clear, but I was wondering what it does to other people's boxes. If a spammer forges joe@example.com as the sender, does joe@example.com get an unwanted email asking for a response?

If your C/R system sends a challenge to someone with a different C/R system, what happens when a challenge is challenged?

Systems that dump your spam on someone else aren't very useful.

Re:spam needn't be a problem anyhow...

[tdhillman]

As to spam getting sent on to another, I've yet top see any evidence of that occuring...theoretically it could, but I see more spam with pure nonsense addresses than any other kind....

And as to a challenge asking for a resonse and then getting challenged, of both user have got C/R, the spam wold go into a cycling death spiral, and be stopped after neither user responded. A solid C/R marks the address as undesirable and kills it upon attempted entry.

So long as we dont have legalistic controls, there will always be a way to beat the system, but C/R has worked with astonishing ease in my case.

And, as I don't want governemtn control over the net, end user filtering seems the most positive response.

Re:spam needn't be a problem anyhow...

[cpghost]

but C/R has worked with astonishing ease in my case.

/me too/

I'd highly recommend (well implemented) C/R systems to anyone out there. Even in the case of unwanted challenges, there's often a work-around: most challanges do carry very specific X-*** headers that let the receiving system know to filter accordingly (if they so wished).

Because (headers of) challenges are easily recognizable (an RFC regarding this would be a nice thing to have!), one can configure their e-mail servers or inboxes in such a way as to ignore unwanted challenges completely, and only let those challenges through from addresses that the user already sent a message to (where a challenge would be expected within a specific time frame)

There's IMHO no good reason to scorn C/R systems besides laziness.

Define? Bah!

[skoda]

Define spam? I wish they'd defy spam. That might make my email life better.

Bah, humbug!

Re:Define? Bah!

[AndroidCat]

Add this: #define spam 1

Happy now?

Not quite commercial emails

What about the emails that are blank except for the 1x1 pixel transparent GIF that lets the spammer know the account is active?

Re:Definition Leads to Enforcement? Not Always.

[www.sorehands.com]

No, it does not lead to tough enforcement. It only makes enforcement a little easier. I am waiting for them to issue a report on required labeling so that we can program spam filters.

The US can enforce our laws in other countries where there is a treaty that permits it. The FTC has gone after Global Web Promotions in Australia. The FTC was aided by the Australian authorities.

No, it makes it worse

[AndroidCat]

You can bet that spammers will study this definition and come up with many lame excuses why their shit doesn't (a) stink (b) meet the official definition of spam and it is therefore illegal to call them spammers and against their frea speach and their imaginary lawyers will be suing you.

Stopping Spam won't work until...

[Zaphod_Beebleburp]

We make it unprofitable for the those that distribute spam. Now most of you are probably thinking that I'm talking about the spammers, but this is a problem that existed long before the internet.

Look at the Postal Service. How many unwanted items, advertisements, credit card offers, coupons, etc... get delivered that are immediately thrown in the trash? And if you write return to sender on the next Capitol One credit card offer, or on the next AOL CD you receive, the USPS knows to just throw it in the trash instead of returning it. Why?, because they have already made a profit.

Look at your telephone service. How many people actually have to screen their calls with answering machines and caller-id to avoid those annoying interruptions and solicitations during dinner or at odd hours? Why is block caller-id even available if it wasn't profitable.

Now look at SPAM. Once again, we all know about the annoyances of this junk.

Asking the government to enforce any kind of policy to prevent it is rediculous. First of all, Spam through the postal mail is probably what is keeping residential postal rates so cheap. Now herein lies the rub. If it can be done legally through the govt. postal service, all other avenues are fair game. And so the legal finger pointing begins, if he can do it, so can I.

When the govt. has it's own hands in the same honeypot that telemarketers, spammers, and bulk-mailers do, it's a no win situation.

Until that changes, avoiding spam without having to download some anti-spam tool, or anti-pop-up browser, or placing a no soliciting sign on your front door, it won't stop. Call me cynical, or even a conspiracy theorist, but public nuisances normally follow trends. One of the true pleasures of living in a capalist society.

Re:This is stupid, and doomed to make things worse

[ydra2]

I agree its stupid because it just defines the parameters of legal spam for the spammers. But I disagree that legislation won't work. It worked for the junk FAX problem and it worked for the telemarketing phone problem. I can now use my phone and answer it with confidence that it is not a telemarketer.

The big difference with spam is that there is no law against it. Only laws that define it (which simply provides the spammers with all the information they need to circumvent the (yes you) CAN-SPAM act. Oh they claim to make it illegal and punishable by up to 3000 days in jail and a $50000.00 fine. That's great, but as long as the punishment is just a cost of doing business and the qualifications for actually being convicted are so narrow and exclusive as to be nil, whats the deterrent?

The real solution is to make it illegal and give a harsh sentence for violators. And to do that you have to define spam. There is only one definition that will ever work. Its the same definition we use for sexual harrasment. If the victim (reciever) thinks its spam, then its spam! Period.

Some people argue that you can't track them down. Well then how the hell do you think they get money from their victims? That money must go somewhere. Its really easy to track them down. Just buy a sample of their product and trace the money flow. The money always goes somewhere. If they can track money freom charity to terrorists they can track the money from joe victim to spammer. Then just follow the money and arrest the recipient of the money. Thats all there is to it.

My solution of making it illegal would stop the flow of spam dead cold, in its tracks. The problem would simply cease to exist.

Lest you think the problem is international, 99.9% of all spammers are U.S. fly by night companies. The rest are so insignificant that I could live with the one spam a month I'd get from them.

Re:Pretty vague definition- Better than nothing ?

[techno-vampire]

What you're advocating is that something is better than nothing. Are you sure about that ?

That depends, of course. A step in the right direction is better than no step at all and that's what I think we have here.

The sad thing is...

This is a much better definition, of course. 'Unsolicited' is the most important part. But of course, corporations wouldn't like it if sending out unsolicited email was banned completely, so we have all these useless and dangerous hit-and-miss measures instead.

What's the problem?

Exactly. I hate getting emails with spam on the bottom, just because someone doesn't have the brains to find out how real email accounts work.

damn skippy.

[crovira]

I've been saying "hold the companies being advertised liable for the actions of the company doing the "promotion" for years.

Follow the money, honey and squeeze where it stops.

If there are no takers for Spam, there won't be any Spam. Market forces will work to make Spammers go and do something else.

If you know that buying an ad over the internet will suddenly go from costing you peanuts to costing you $50k per email sent, payable to the local police force, I don't think you're going to be interested. "Viagrea" is not that profitable.

FTC just doesn't get it

For instance, this little turd in my in-box:
URGENT and CONFIDENTIAL:
Dear Sir/Madam, I am Barrister Lister Rimmer an attorney at law. A deceased client of mine, by name Mr. Bob Mason, who here in after shall be referred to as my client,died as a result of Cancer here in London....
I wonder if that is "commercial" ..I mean its was addressed to me personally and it has no product mentioned or promoted. I'd rather my government sent marines to nigeria than to iraq.

Mmmmm.... Tasty!

Time to send out advertisements for Spam!

Fake Subject

[hhawk]

What about fake subjects and Phising trips..

"Mom needs Help"
"Thanks for the Gift"

Things are clearly not advertising..?

they should use my definition

[m2bord]

if it's in my inbox and it's not from a friend or family and i didn't ask for it...it's spam.

i cannot tell you how many messages i get with no subject line and no body.

it would seem that the purpose of that email is to test the spam list.

counter-example

In my department, notices are sent to all graduate students via a mailing list which I did not ask to be on, though I'm very glad that I am on it. It may seem pedantic, but I think there are vagueries in the realm of what constitutes consent that need discussing.

What constitutes "a bunch of people" needs discussing, though that would be much easier to solve (I'll just go out on a limb and say "a bunch" = 5).

With that taken care of, it may be sound, but it's nowhere near complete (better than the other way around). My guess is there's going to be an emergence of individualized spam (much like real-world spam is today). Instead of "Dear sir or madam" it will start out as "Dear so-and-so", at which point it can't plausibly be considered one email that's being sent to a bunch of people.

More to the point, I can't come up with a principled argument as to why spamming a bunch of people should be treated any differently than spamming one person.

Re:l33t-5p34|5?

[Shag]

Spammers don't actually speak l33t very well. They're far more prone to have problems with punctuation or "stuck keys," in my experience. Recent messages Gmail has dutifully filed under "spam" include such subject non-words as:

P*H*A*R*M*A*C*Y
oxxxyyyconntin
scripttt
viiii codin
Ciali's
pppain killllers
weiight
doccctor
P.H.A.R.M.A.C.Y
Bu' y C'ialis soft''tabs
ppennnnny st000ckkk

Bleah.

I have more trouble with the russian mail-order-bride spams, since they've started using single large words as subjects. Mail with a subject of "radioastronomy" doesn't look like spam when you work at an observatory...

Re:l33t-5p34|5?

[Dorsai65]

Granted that the spammers don't do 1eet well, but I still get a lot of crap for C|AL|S and V|aGRA and such on my disposable (hotmail) account. So, when does your new missus arrive, anyway? :-)

Religious spam

I've received spam from Hare Krishnas before, I kid you not. I'm not the only one.

It is not a definition of spam

[hadaso]

It is not a definition of spam. Just of "commercial email message". To define spam one must throw in the "bulk" nature of the mailing.

But I think the way most people think about spam is wrong. What really makes makes it spam is that it was not sent to you! People send email to people. Spammers send email to email addresses. They don't know if the email address is related to a real person, and they don't care. They would send spam to setA4@printer4.bldg3.example.com

An email address is not a person or the address of a person, but rather a routing instruction. And what anti-spam laws should try to do is to utilize the nature of issuing those routing instructions in bulk by senders who have no idea what they do. That is, if it is quite obvious that the sender didn't know the identity of the recipient, and it was not a mistake, then it's spam. If it was sent in bulk, and the sender cannot show a linkage between the email address lists and the identities of real people behind those lists then it is spam. And this applies equally well to all other kinds of spam, such phone spam, fax spam, SMS spam, IM spam...

Re:Definition Leads to Enforcement? Not Always.

[WilliamProxmire]

Same way we enforced our laws in Iraq...

Hi Dick

Richard Gere, the "phrusa.org" troll strikes again!

mod him to oblivion.