MS Speaks Out Against New Zealand's Anti Spam Bill

out_sp0k1n writes "Ryan Hamlin, head of Microsoft's Technology Care and Safety Group spoke out against New Zealand's proposed anti-spam legislation, warning that it could impinge on 'the amazing vehicle of e-mail marketing'. He also suggests that CAN-SPAM has been effective in deterring spammers. From The Article: 'Though often criticized as too meek, US anti-spam legislation - which relies on people opting out of spam - has proved effective in supporting prosecutions and deterring spammers.' Anyone else think that one message doesn't count as spam?"

CAN-SPAM effective?

[Elias+Ross]

Can anybody point to any research (or, frankly pundit or blogger) that has concluded that CAN-SPAM has had any effect at all? So far, it sounds like CAN-SPAM has bene "toothless", made "zero impact", etc.

Wonderful Spam

[Doc+Ruby]

When Microsoft gets CAN-SPAM, instead of the people of a country getting real spam protection, Microsoft gets to sue spammers on behalf of their customers for damages. Even after getting revenue from spammers, and selling antispamware that doesn't work so good. And buying Gator, the infamous spammer. Microsoft doesn't want the government protecting you or your privacy from spammers. Because Microsoft takes on the job, privatizing privacy, they get paid every which way. And we get spam out our pieholes.

In other news, Microsoft sues 235 spammers

Meanwhile, Left Hand continues to disclaim all knowledge of rumors of the existence of so-called "Right Hand"

How would you handle this under anti-spam?

[xxxJonBoyxxx]

Here's one very basic, very common problem anti-spam legislation doesn't solve.

1) Someone registers your email at ACME's web site.
2) ACME wants to know if you are legit or not, so they send you a "please click on this link if you really requested this" email.
3) You didn't request email from ACME, but now you have an "are you you?" email from ACME.

Is the "please click on this link" email spam?

If so, what should ACME do to verify you are you instead?

If not, what's to stop a spammer from sending their advert along with the "click to confirm" email? (I know, they already do.)

Re:How would you handle this under anti-spam?

[Vancorps]

I recently ran into this issue with our mailing list which consists of about 55,000 people. This list is 100% opt-in but regardless, someone didn't like us, so they submitted spamcops trap email address to our list. We included them in our email blast and naturally received a complaint.

When I followed up with SpamCop they weren't helpful at all, they would not tell me why it happened, who was involved or how I could stop it from happening again. They just labeled my company as one that bought an email list and said to hell with us.

Naturally this wasn't acceptable to me so I moved to their parent company where I actually got some help. I explained to them exactly how we got the email addresses we used and that we understood there was some abuse of the system, so we asked them how to proceed without making the problem worse.

The solution was to send out an email blast asking everyone to confirm their wish to be on the list. This would be the only thing we were allowed to ask in the email. No advertising, not even any logos, just a simple plain email with a link to our website. Yes this shrunk our list a little bit but the majority of people on it were customers of ours and wanted to be there.

So yes, if I had mod points I'd mod you up. Its very important not promoting any products. That is the difference between spam and legitimate messaging.

There's a better idea...

[Antony-Kyre]

There is a better idea, and here it is.

Why not create legislation requiring all commercial e-mail to have HOW they got your e-mail address in the first place, under penalty of a huge fine. This would be in addition to any other laws in place. So if someone doesn't say, at the bottom of the e-mail, how or where your e-mail address was obtained, it would be illegal. Also, lying about where they got it would be illegal too.

Or is this just a stupid idea?

Re:Spam is spam

[aero2600-5]

"Hell, I don't even like it when a family member get's ahold of my address and adds it to their inane ('joke of the day'/sappy inspirational message) cc list."

Agreed. I've lost contact with friends after telling them to stop sending me worthless crap because they're too lazy to understand why they may need an e-mail list of people that want to receiver their worthless crap, rather than just sending it to everyone in their address book. I actually send nasty replies now, especially for 'warnings' that almost always a hoax, and usually 3 or 4 years old at that.

Once I signed up for Hot Mail... got spam instead.

Microsoft, ya gotta wonder?
I once signed up for a Hot Mail Account, years ago and never used it, never told a sole about it, never shared the email address with anyone, not one person or other... guess what? Within days my inbox was loaded full of Porn and other spam... my guess is that Microsoft fed them my email address and got paid for it.

You can never trust Microsoft. Too greedy. Computers users to them are just cash machines and not private citizens.

M$ is now an arbiter of the democratic process?

[weighn]

What strikes me is how M$ can see fit to even comment on the laws of a foreign country. What are they headed by some section of the Bush administration?

Re:Just Curious...

My arabic teacher fell for one of those email scams. She was hard up for money and was emailed about one of those schemes that claim that you can make money by reading webpages, ads, or something like that. She ended up only losing around $25-30 USD, but it was enough to cause her some minor financial ache. I would assume that the people like her, that are innocent and not technologically aware, are the ones that fall for the majority of this kida crap.

Re:Microsoft follows the money?

[Freexe]

you do realise that in google if you have the gmail user id no.spam.for.haydn that messages sent to n.o.s.p.a.m.f.o.r.h.a.y.d.n@gmail.com will get to your inbox, in fact you can add dots wherever you like, then if a dot combination gets too much spam you can put a filter on it. This way you don't have to cycle so many accounts.

Re:oh, so that's why

[mhearne]

The first thing I do when I go online is to check my inboxes for spam. For the past 6 months or so it's been pretty similar - The same old pitches but now in broken, foreign sounding English. If that's due to CANSPAM, then it must be doing some good.

The thing is, that most of the headers seem to originate in the United States. I mark them as junk and destroy them right away to prevent web-bugs, but when they seem to be persistent I'll run a host and whois, and finally make a complaint to the originating ISP.

Not that it does any good. My own ISP, Earthlink, won't even talk to you unless the spam originated on one of their servers.

At least I'm not getting plastered like I was a few years ago. It seems that my address ended up on a CD or something, because I was getting all this Chinese spam that I couldn't even read (hundreds per day).

Not so bad these days, but it's still a distraction that I don't like.

Michael

Re:Translation: If MSFT doesn't make money on it

[ultracool]

I live in New Zealand and I'm glad they said no to M$. I'm glad that every so often, the government does *something* sensible. We seem to have a good history of saying no to things from the US...

Re:That's the idea.

[Antique+Geekmeister]

Worse. They're concerned that it will cut into their profits on selling spam-filters, such as their patented and amazingly stupid SenderID concept, and that it will interfere with the bulk mailing list management tools they sell tightly integrated for use in Microsoft Outlook.

Couple that with their need for your name and personal details with every product registration, and the default settings of those forms to permit them to advertise at you, and we're seeing a company geared up for bulk marketing under the excuse of "customer notices".

Better ways to present check boxes

[jesterzog]

I think one of the problems with this method at the moment is that most organisations don't provide clear information about exactly what someone can expect by checking the box. Often it's buried somewhere deep within the privacy policy, but it's not exactly obvious.

Before I check such a box, I like to be confident that I understand basic things like:

• How frequently I'm likely to receive mail.
• What type of content it will contain. For me, there's a big difference between something like:
  • "Try our cheap trip to Hawaii", and
  • "We've reduced the cost for upgrading to business class. Would you like to do this for the trip that we have you on record as having booked a month ago?"
• How easy it's going to be to get off the list. Ideally I want to know how to get off the list before signing up to it. I also want to have some clear contact information for someone who I can contact if their unsubscription system breaks.
• Who's actually going to be mailing me. Often businesses like to be able to send emails for their "business partners", but I want to know what this means. If it means that they're going to send me any old spam that someone pays them to send me (which is often the case). Basically you go down in their book as an asset after ticking the box, because they can make money off other people by sending you email. I normally won't check the box if there's any doubt about it. But it might mean that every so often, there actually are things that they think I might find useful, and they might want to let me know because of that rather than because someone's paying them. If this is the case, and I trust them, then I might consider signing up.

Most boxes don't actually do this. They just say inane things like "Click here to receive great deals from us and our partners in your email." I'd rather they said something like:

"Click here and we'll keep you informed about deals we have in the future.

"For examples of what you'll receive, check out [this list of some of our past deals]. We'll send about one email a week, and you stop us from sending them whenever you like. ([Click here for more info about how this works.]) We might also send you information from other businesses if we think it's of use to you, but we won't be give them your contact details (without specific permission), or accept money from them to forwarding it."

I guess it's a bit more verbose, but to me it's a hell of a lot clearer and more trustworthy. Then again, I realise that most people don't seem to think/care about this type of thing as much as I do. I'm sure I'm not the main target of many marketing people... I just get annoyed as collateral damage.

How to stay relatively spam free

[dennypayne]

I have hit upon a decent method for not having to wade through a ton of spam in my inbox.

Tools Required:

1. A domain that you administer mail accounts for
2. The ability to define a catch-all account for mail

The method:

I have defined my "regular" email address as the catch-all. Whenever a website requests an email address, I use something unique to that site. The account does not exist, but mail from them will still get delivered to me via the catch-all account.

Example:

I sign up for email for my Hilton account with hilton@mydomain.com. The account is not defined but the catch-all will deliver the mail to me nonetheless.

The benefit:

If I start getting spam to that email address, I now have several options. First, I know who sold or gave out my address so I can hammer them if I choose. Second, I can simply begin filtering everything from that address into a "known spam folder" and never have to deal with it other than to delete the contents of that folder. Third, I can setup nasty autoresponders that mimic bounce messages or something on that account if I wish (I know, this may not be doing much good but it's fun).

By doing this I keep the spam in my inbox down to 2 or 3 messages a day.

Denny