MS Speaks Out Against New Zealand's Anti Spam Bill

out_sp0k1n writes "Ryan Hamlin, head of Microsoft's Technology Care and Safety Group spoke out against New Zealand's proposed anti-spam legislation, warning that it could impinge on 'the amazing vehicle of e-mail marketing'. He also suggests that CAN-SPAM has been effective in deterring spammers. From The Article: 'Though often criticized as too meek, US anti-spam legislation - which relies on people opting out of spam - has proved effective in supporting prosecutions and deterring spammers.' Anyone else think that one message doesn't count as spam?"

oh, so that's why

[omeomi]

He also suggests that CAN-SPAM has been effective in deterring spammers.

Oh, so that's why I don't get any spam any more...

Well, off to clean my Inbox of spam.

Tom

Re:oh, so that's why

[Tackhead]

> > He also suggests that CAN-SPAM has been effective in deterring spammers.
>
> Oh, so that's why I don't get any spam any more...
>
> Well, off to clean my Inbox of spam.

That's not spam, those are amazing offers to which you just haven't opted out yet! Haven't you listened to Gator, uh, Claria, uh, the new Microsoft Secure Safety Technology that gives you access to the Amazing Vehicle of E-Mail Marketing?

In other news today, Microsoft executives report that dipping your balls in sweet cream and squatting in a kitchen full of kittens may be hazardous to your health.

Re:oh, so that's why

[omeomi]

In other news today, Microsoft executives report that dipping your balls in sweet cream and squatting in a kitchen full of kittens may be hazardous to your health.

Phew. I was just about to do that...good thing you stopped me.

Too meek...

[Nuclear+Elephant]

Though often criticized as too meek, US anti-spam legislation - which relies on people opting out of spam - has proved effective in supporting prosecutions and deterring spammers

Well the first draft, which involved a carving knife and a band-aid, would have been more effective.

That's the idea.

[hungrygrue]

warning that it could impinge on 'the amazing vehicle of e-mail marketing'.

So their warning is basically that it might work?

Re:That's the idea.

[Antique+Geekmeister]

Worse. They're concerned that it will cut into their profits on selling spam-filters, such as their patented and amazingly stupid SenderID concept, and that it will interfere with the bulk mailing list management tools they sell tightly integrated for use in Microsoft Outlook.

Couple that with their need for your name and personal details with every product registration, and the default settings of those forms to permit them to advertise at you, and we're seeing a company geared up for bulk marketing under the excuse of "customer notices".

Microsoft follows the money?

I never get how anyone can ever use the argument that some people might "want" spam. If you want to buy something, you can find it on the net. I NEVER want to be inundated with junk adverts.

Mailinator lets me avoid getting spam in the first place. Good luck microsoft.

Re:Microsoft follows the money?

[Pig+Hogger]

I never get how anyone can ever use the argument that some people might "want" spam. If you want to buy something, you can find it on the net. I NEVER want to be inundated with junk adverts.

Marketer brains are totally out of whack with reality. They operate not only in a different universe, but in a totally orthogonal plane of reality. It is therefore not surprising that they cannot understand nor fathom the motivations of normal people who are sick and tired of advertising being plastered all over the available meatspace.

Re:Microsoft follows the money?

[Nasarius]

It is therefore not surprising that they cannot understand nor fathom the motivations of normal people who are sick and tired of advertising being plastered all over the available meatspace.

The cleverer ones do understand this, which is why they're trying to poison word-of-mouth recommendations as well (see: astroturfing).

Re:Microsoft follows the money?

[Freexe]

you do realise that in google if you have the gmail user id no.spam.for.haydn that messages sent to n.o.s.p.a.m.f.o.r.h.a.y.d.n@gmail.com will get to your inbox, in fact you can add dots wherever you like, then if a dot combination gets too much spam you can put a filter on it. This way you don't have to cycle so many accounts.

Spam is spam

[JesseL]

If it's unsolicited then it's spam. If you give spammers one freebie then they'll just form a new corporation every time they want to send a new batch of crap.

I don't care if they send me 'just one' or a million, either way it is infintley more than I want.

Re:Spam is spam

[TheOtherAgentM]

I see a problem with this thinking, not for most Slashdotters, but the average user doesn't even know what he subscribes to as far as mailing lists go. When I get email I think about where I have bought stuff from recently, to make sure I didn't forget to opt out of something. I give that vendor the benefit of the doubt. Most users out there won't think twice and legitimate operations are going to come under fire. While they may not shut down, the costs to prove they are in the right is a waste of their time. This may effectively raise operating costs of any operation that relies on email to do its marketing.

Re:Spam is spam

[JesseL]

Companies that don't want that hassle can make it very explicit when you sign up for their mailing list. They should make sure that the default option on their web forms is not to subscribe, and their email should be explicit about how you got opted in.

Here's a big clue, IF YOU DON'T MAKE SPAMMING DIFFICULT IT WON'T STOP.

Re:Spam is spam

[aero2600-5]

"Hell, I don't even like it when a family member get's ahold of my address and adds it to their inane ('joke of the day'/sappy inspirational message) cc list."

Agreed. I've lost contact with friends after telling them to stop sending me worthless crap because they're too lazy to understand why they may need an e-mail list of people that want to receiver their worthless crap, rather than just sending it to everyone in their address book. I actually send nasty replies now, especially for 'warnings' that almost always a hoax, and usually 3 or 4 years old at that.

Re:Spam is spam

[zippthorne]

I usually just reply to friends and family with the snopes link to whatever "virus warning" or "bill gates gives $1000 per forward" they send me. Then I chew them out for not removing the two hundred headers and the ten levels of 'forwarding' markers. I actually don't care if a relative wants to forward me the latest joke or what have you as long as they take the time to fix up the formatting a bit so I can read it without getting a headache.

Re:Spam is spam

[UnrepentantHarlequin]

Some numbers to scare yourself to sleep with:

There are roughly 25 million businesses in the US alone. Let's say each of them sent just one spam per year. Let's also assume that your software automatically junks any further mail from someone who has spammed you already. That would be 68,493 emails hitting you per day.

Let's say you could opt out at the rate of one every 5 seconds. That would be 12 per minute, 720 per hour, or 28,800 per 40-hour work week.

Assuming you take a couple of weeks vacation a year, in 50 weeks you can deal with 1,440,000 out of the 25,000,000 spam emails you got this year.

At that rate, it will take you 17.36 years to opt out of just the first year's spam.

But wait! There's more! New businesses open up every year. Just pulling a number out of the air here, let's say that they are established (and send out their annual spam) at a rate of 1 million per year. So by the time you've cleaned out your first year's spam, you have 17,360,000 more to go.

That's another 12 years of opting out ... at the end of which you have 12,055,555 more ... 8.37 more years ... another 5.8 years ... another 4 years ... another 2.8 years ... another 1.9 years ... another 1.35 years ... at the end of which, you're actually caught up.

So, 53 years from the date every business in the USA sent you one single spam, you've finally opted out of all of their lists.

You're still getting new ones, of course, at a rate of 2,740 per day, or 4,000 per working day. The first five and a half hours of every working day -- 70% of your workday -- you spend cleaning that day's spam out of your work email account. When you get home, you spend another 3.8 hours cleaning your home account.

And that's assuming ONLY spam from US-based spammers, and ONLY one from each, and ALL of them honor opt-out instructions (which are, of course, usually just verification of a live address)

53 years to opt out of all of it.

If you start work at age 18, you'll be 71 ... past when most people retire ... by the time you're breaking even on the spam. (and still, remember, opting out for 5.5 hours a day, and 3.8 more at home)

The Yes-You-Can-Spam act was a Bad Thing.

I want to be able to use my emailbox for EMAIL. Not to provide free advertising services for companies I want nothing whatsoever to do with.

can't can spam

[dankelley]

"He also suggests that CAN-SPAM has been effective in deterring spammers"

Yeah, right. And there's this swamp land you might want to buy.

CAN-SPAM effective?

[Elias+Ross]

Can anybody point to any research (or, frankly pundit or blogger) that has concluded that CAN-SPAM has had any effect at all? So far, it sounds like CAN-SPAM has bene "toothless", made "zero impact", etc.

Re:CAN-SPAM effective?

[javaxman]

So far, it sounds like CAN-SPAM has bene "toothless", made "zero impact", etc.

Are you sure it hasn't actually "made the problem worse" by giving spam an air of legitimacy?

What's up with his title?

[Nuclear+Elephant]

Ryan Hamlin, head of Microsoft's Technology Care and Safety Group

Is it just me or does his title sound like the Microsoft equivalent of an airline stewardess? And how come everyone we hear from Microsoft is the head of something? Were they all promised head to come work at Microsoft?

Re:What's up with his title?

[Maax]

The Departments of Truth, Peace and Love would have been just too much of a give away.

That's how I read it.

[Swamii]

Ryan Longfellow, head of Bigandlong's Technology Care and Safety Survey spoke out against New Rolex's proposed anti-spam legislation, warning that it could imflate on 'the amazing effects of Viagra'.

He also suggests that his product has been effective in enlarging members from 100% to 200%.

From The Article: 'Though often criticized as too meek, click here for a free IPod - which relies on people starting their own home business - has proved effective in supporting the former great king of Nimbabwatsu' through verification of you PayPal account.

Wonderful Spam

[Doc+Ruby]

When Microsoft gets CAN-SPAM, instead of the people of a country getting real spam protection, Microsoft gets to sue spammers on behalf of their customers for damages. Even after getting revenue from spammers, and selling antispamware that doesn't work so good. And buying Gator, the infamous spammer. Microsoft doesn't want the government protecting you or your privacy from spammers. Because Microsoft takes on the job, privatizing privacy, they get paid every which way. And we get spam out our pieholes.

Re:Do Not Call List

[TheOtherAgentM]

The problem is that much of the spam out there is sent illegally. There is no care for who wants in or not with these guys. Sending from a remote, infected machine takes care of sending from your own server and being identified. So, we don't get mail from mailserver.com, but we get mail from every infected computer on XO's broadband and other ISPs that don't seem to care about the spam out there.

As a kiwi

[simonharvey]

As a New Zealander I am surprised that the government is showing this much common sense:

"Mr Cunliffe says Microsoft's proposed "opt out" approach is too weak and has been rejected.
"We decided it's going to be opt-in. End of story. Why should you have to opt out of spam?"

And that common sense is prevailing over US law.
*duck*

Simon

How would you handle this under anti-spam?

[xxxJonBoyxxx]

Here's one very basic, very common problem anti-spam legislation doesn't solve.

1) Someone registers your email at ACME's web site.
2) ACME wants to know if you are legit or not, so they send you a "please click on this link if you really requested this" email.
3) You didn't request email from ACME, but now you have an "are you you?" email from ACME.

Is the "please click on this link" email spam?

If so, what should ACME do to verify you are you instead?

If not, what's to stop a spammer from sending their advert along with the "click to confirm" email? (I know, they already do.)

Re:How would you handle this under anti-spam?

[Vancorps]

I recently ran into this issue with our mailing list which consists of about 55,000 people. This list is 100% opt-in but regardless, someone didn't like us, so they submitted spamcops trap email address to our list. We included them in our email blast and naturally received a complaint.

When I followed up with SpamCop they weren't helpful at all, they would not tell me why it happened, who was involved or how I could stop it from happening again. They just labeled my company as one that bought an email list and said to hell with us.

Naturally this wasn't acceptable to me so I moved to their parent company where I actually got some help. I explained to them exactly how we got the email addresses we used and that we understood there was some abuse of the system, so we asked them how to proceed without making the problem worse.

The solution was to send out an email blast asking everyone to confirm their wish to be on the list. This would be the only thing we were allowed to ask in the email. No advertising, not even any logos, just a simple plain email with a link to our website. Yes this shrunk our list a little bit but the majority of people on it were customers of ours and wanted to be there.

So yes, if I had mod points I'd mod you up. Its very important not promoting any products. That is the difference between spam and legitimate messaging.

There's a better idea...

[Antony-Kyre]

There is a better idea, and here it is.

Why not create legislation requiring all commercial e-mail to have HOW they got your e-mail address in the first place, under penalty of a huge fine. This would be in addition to any other laws in place. So if someone doesn't say, at the bottom of the e-mail, how or where your e-mail address was obtained, it would be illegal. Also, lying about where they got it would be illegal too.

Or is this just a stupid idea?

Re:There's a better idea...

[AaronStJ]

Your post advocates a
 
( ) technical (X) legislative ( ) market-based ( ) vigilante
 
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
 
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(X) Anyone could anonymously destroy anyone else's career or business
 
Specifically, your plan fails to account for
 
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
 
and the following philosophical objections may also apply:
 
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
 
Furthermore, this is what I think about you:
 
(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Err, no offest, but someone had to do one.

I actually think this isn't a bad idea, it would just never work. The "Requires too much cooperation from spammers" point in enormous. They just simply wouldn't put where your email address was obtained, and there's be nothing we could do about it, and life would go on as normal.

Re:There's a better idea...

[cduffy]

Send spam in a competitors' name without the legally required trailer. Watch said competitor get hit with lawsuits.

Send spam in your own name. Blatently lie about where you got the addresses. Someone objects? Their word against yours.

Send spam from offshore. Don't bother with the legally required trailer. How's it going to get enforced?

Re:Translation: If MSFT doesn't make money on it

[slavemowgli]

When you think about it, this story, and the fact that it is considered news, is actually rather funny - or disturbing, depending on how you look at it.

Why does it matter what M$ thinks about a proposed new anti-spam bill - or any bill, for that matter? Shouldn't the only thing that matters be what the *people* of New Zealand think?

Duh!

[Locke2005]

Microsoft makes money by providing Spam filtering and by suing spammers under CAN-SPAM. Anybody that expects Microsoft to be in favor of anything that reduces one or more of their revenue streams is obviously delusional.

Microsoft serious about squashing SPAM?

[Eric+Damron]

"Mr Hamlin says Microsoft would like to see the bill changed so that businesses could be confident they could continue to use databases that they had already compiled to send out e-mail."
i.e. So that businesses could continue to SPAM.
"He also wants definitions in the bill changed so that companies would be able to e-mail information about new products and services to customers, even if they had opted out of receiving e-mail about other services they had bought from the company in the past."
So if I tell a company that I don't want their penis enlargement ads they can SPAM me with an ad for their latest p0rn and so on and so on and. . ."
"Though often criticised as too meek, US anti-spam legislation - which relies on people opting out of spam - has proved effective in supporting prosecutions and deterring spammers, he says."
Right, that's why my filters catch move SPAM every month than the previous. It's only the filtering technology that keeps email usable.

Is Microsoft really serious about squashing SPAM or just in finding another cow to milk? What was this I heard about Microsoft wanting to buy the company that use to be called Gator? Seems to me that SPAM and AD ware go hand in hand.

Re:Microsoft serious about squashing SPAM?

[Moraelin]

It's especially that part about allowing them to send notifications for "new" stuff, regardless of whether you opted out before or not, that's especially worrying me. It's a free license to spam.

Think about it. It doesn't say new _categories_, so it doesn't even have to mean they'd have drop penis enlargement pills once you've opted out. They can make you opt out of _one_ _product_ at a time, then rename it or call it a new version, and spam you some more.

E.g., spam advertising porn, could spam you with a different combination of web site and category in each batch of mails, and opting out of one wouldn't prevent them from sending the next batch. They could just make a bogus "hosted site" for each batch, which just redirects to the main one, but hey, it's for a "new" service (site) you haven't yet opted out of. So they're allowed.

In fact, it makes it worse than no opt-out at all. To actually unsubscribe from all that, you'd have to actually open the message and look for the unsubscribe link for that product, then email the spammer. From a spammer's perspective it's actually better: they made you open and read his spam instead of just looking at the message and deleting it.

So seeing MS back such a license to spam with impunity, makes me really worry.

Yeah? Well as an American

[Belial6]

As an America, I'd love to see this bill come into effect too. The fewer havens for spammers the better.

Re:I don't get it.

[Daniel+Phillips]

when an otherwise publicity-savvy company steps forward to fight for something which is not only stupid but also wildly unpopular, there's got to be some explanation

How about: Microsoft has plans to sell an anti-spam serivce.

Opt Out

I think Ryan Hamlin needs a lesson in the limitations of opt-out systems. To teach him this lesson, all /. readers who happen to meet Mr. Hamlin should kick him in the nuts. Keep kicking him until he asks you to stop (e.g. opts out). There is often a delay in processing opt out requests, so it's OK to kick him a few times even after he opts out. After you've accepted and processed Mr. Hamlin opt out requst and have stopped kicking him in the nuts, feel free to begin kicking him in the ass. After all, just because he opted out of being kicked in the nuts, doesn't mean he also opted out of being kicked somewhere else.

Better ways to present check boxes

[jesterzog]

I think one of the problems with this method at the moment is that most organisations don't provide clear information about exactly what someone can expect by checking the box. Often it's buried somewhere deep within the privacy policy, but it's not exactly obvious.

Before I check such a box, I like to be confident that I understand basic things like:

• How frequently I'm likely to receive mail.
• What type of content it will contain. For me, there's a big difference between something like:
  • "Try our cheap trip to Hawaii", and
  • "We've reduced the cost for upgrading to business class. Would you like to do this for the trip that we have you on record as having booked a month ago?"
• How easy it's going to be to get off the list. Ideally I want to know how to get off the list before signing up to it. I also want to have some clear contact information for someone who I can contact if their unsubscription system breaks.
• Who's actually going to be mailing me. Often businesses like to be able to send emails for their "business partners", but I want to know what this means. If it means that they're going to send me any old spam that someone pays them to send me (which is often the case). Basically you go down in their book as an asset after ticking the box, because they can make money off other people by sending you email. I normally won't check the box if there's any doubt about it. But it might mean that every so often, there actually are things that they think I might find useful, and they might want to let me know because of that rather than because someone's paying them. If this is the case, and I trust them, then I might consider signing up.

Most boxes don't actually do this. They just say inane things like "Click here to receive great deals from us and our partners in your email." I'd rather they said something like:

"Click here and we'll keep you informed about deals we have in the future.

"For examples of what you'll receive, check out [this list of some of our past deals]. We'll send about one email a week, and you stop us from sending them whenever you like. ([Click here for more info about how this works.]) We might also send you information from other businesses if we think it's of use to you, but we won't be give them your contact details (without specific permission), or accept money from them to forwarding it."

I guess it's a bit more verbose, but to me it's a hell of a lot clearer and more trustworthy. Then again, I realise that most people don't seem to think/care about this type of thing as much as I do. I'm sure I'm not the main target of many marketing people... I just get annoyed as collateral damage.

How to stay relatively spam free

[dennypayne]

I have hit upon a decent method for not having to wade through a ton of spam in my inbox.

Tools Required:

1. A domain that you administer mail accounts for
2. The ability to define a catch-all account for mail

The method:

I have defined my "regular" email address as the catch-all. Whenever a website requests an email address, I use something unique to that site. The account does not exist, but mail from them will still get delivered to me via the catch-all account.

Example:

I sign up for email for my Hilton account with hilton@mydomain.com. The account is not defined but the catch-all will deliver the mail to me nonetheless.

The benefit:

If I start getting spam to that email address, I now have several options. First, I know who sold or gave out my address so I can hammer them if I choose. Second, I can simply begin filtering everything from that address into a "known spam folder" and never have to deal with it other than to delete the contents of that folder. Third, I can setup nasty autoresponders that mimic bounce messages or something on that account if I wish (I know, this may not be doing much good but it's fun).

By doing this I keep the spam in my inbox down to 2 or 3 messages a day.

Denny