Getting on Top of Spam Down Under

The Register is reporting that Australia has implemented a new industry code for the regulation of email with respect to spam. From the article: "Under the new code, internet service providers (ISPs) will bear some of the responsibility for helping fight spam. Service providers must offer spam-filtering options to their subscribers and advise them on how to best deal with and report the nuisance mail. ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email."

Hmm

[Vokbain]

While this is a good idea, I'm surprised most ISPs wouldn't do this anyways. It's a considerable waste of bandwidth, and their best interest to reduce spam.

Re:Hmm

[Bromskloss]

I'm surprised most ISPs wouldn't do this anyways. It's a considerable waste of bandwidth

I'd say the kind of spam filter I'd prefer does not delete any mails, just tags them so I easily can do any filtering I want with them. But oh, I forgot. You don't have to know how to use a computer to use a computer. That is, people could never be bothered with something like that.

Re:Hmm

[arivanov]

Dealing with lusers who have been quarantined costs much more than the actual cost of the uplink bandwidth of a DSL line. In addition to that in an ISP which does not do significant amounts of colocation the overall balance of traffic is towards incoming. As a result extra outgoing traffic is usually outright ignored.

So the economic driver to quarantine Typhoid Marries is simply not there. As a result the Telcos and access ISPs will continue not to care until the rest of the industry (banks, e-commerce, etc) buy enough congress(or MP)critters to force a regulatory regime through.

Personally I am all for the immediately quarantining utility customers on the first SPAM sent out and forcing the mandatory usage of relays. Same for DDOS, so on so fourth. And anyone who does not want to be subjected to this regime should simply pay an extra for not having it.

Re:Hmm

[grasshoppa]

I'd say the kind of spam filter I'd prefer does not delete any mails, just tags them so I easily can do any filtering I want with them. But oh, I forgot. You don't have to know how to use a computer to use a computer. That is, people could never be bothered with something like that.

While elitest, you fail to grasp what the grand parent was saying;

ISPs should be doing this anyway, to save on bandwidth. This has nothing to do with a user. Hell, I'm careful with my email address, and I still get spam.

It can be considered a truth; The probability of any email address recieving spam approaches 1 in direct relation to said address's age.

So your comment really makes no sense. Yes, I tag my spam and filter it on my own. But I also have my mail server setup to check spamhaus so I can *NOT* recieve that mail in the first place.

Re:Hmm

[Punkrokkr]

I worked at an ISP for a while, we were attempting to implement some sort of spam filtering; yet our biggest problem was giving the users a choice. Why are there spammers? Why is spamming such a lucrative thing to do? Because somewhere there is some moron who wants the spam. That was our problem, we couldn't filter out all the spam because some of our customers wanted the spam. It took a bit for me to wrap my head around that one.

Re:Hmm

[turbidostato]

"But I also have my mail server setup to check spamhaus so I can *NOT* recieve that mail in the first place."

Then, you know where this road takes you.

Dear Mr grasshoppa, in our fight against spam, side by side with the legal forces and (somehow) following their indications, we have to tell you we're going to shut down all your towards-port-25 traffic. Sorry for the incoveniencies.

Only they won't send the letter, you'll find suddenly because your mailq is steadily growing and no mail is going off.

And among the minority that will pay a bit of attention to it at all, quite a big percentage will be saying "after all, no honest individual has any need for a local MTA; they should be using their ISP's anyway".

paid spam

[dotpavan]

How would this clash with the pay-for-spamming option by AOL?

Agh

[c0dedude]

What a stupid law. Why put enforcement on the ISP's? There aren't that many spammers, the key is to go after them with harsh penalties. The rest will wake up after a few test cases.

Re:Agh

[Tweekster]

Most spammers are already committing multiple felonies as it is that would result in pretty harsh sentances. There is no point in NEW laws that wont be enforced when there are already laws that exist that attack the actual important laws being broken.

Re:Agh

[nickh01uk]

I agree, having worked at an ISP... cracking down on the network operators just tends to lead to spammers migrating more and more frequently to new hosted servers and providers. Spammers find it pretty easy to up-sticks and leave at short notice, and most providers pride themselves on getting new customers up and running fast.

There was a newsletter I caught recently talking about some of the successful prosecutions for spam 'downunder'. It sounds like they are making progress.

The full text of that newsletter is here.

Nick.

Re:Agh

[gurps_npc]

That just means they need to put in smarter controls, rather than none.

For example, you can easily arrange for all accounts to be limited to 50 outgoing email/day unless the person has a valid credit card that gets charged a $1 set up fee, or they receive by regular mail a form, that they must sign and mail back.

The few NON-spammers that send more than 50 out going/day should be either willing to wait for their 51st email per day or pay $1. I can't see anyone except spammers being pissed off about this.

Hmm...

[jamesgamble]

So the law states that ISPs have to give consumers a choice on their spam protection. Does the law mention anything about if the ISPs can charge the customer for that option?

Hows does it define SPAM ?

[DrSkwid]

Anyone got a link to the *actual* legislation ?

Re:Hows does it define SPAM ?

[tpgp]

Anyone got a link to the *actual* legislation ?

Here you go (pdf warning)

It's not legislation, but a code of practice (a sort of howto follow the legislation). from the linked pdf:

means commercial electronic messages that:
          (a) are unsolicited within the meaning of section 16
                  of the Act; or
          (b) do not include accurate sender information as
                  required by section 17 of the Act; or
          (c) do not contain a functional unsubscribe facility
                  as required by section 18 of the Act.'

I'll dig up the 2003 legislation, but you will be sorely dissapointed when I do, as our lying, Saddam-conspiring, refugee hating, spamming bastard of a prime minister is a spammer himself

Re:Hows does it define SPAM ?

[tpgp]

means commercial electronic messages that: [emphasis mine]

Here's the legislation - and a link to the rather more helpful plain english explanation of what constitutes a commercial message

Quoting it:

EXAMPLES OF COMMERCIAL ELECTRONIC MESSAGES
The following are common examples of electronic messages which are likely to be considered a commercial electronic message:
* offers of stock-market options, credit and mortgage arrangements;
* offers of computer goods including software and hardware;
* promotions of pharmaceutical and health-related products;
* promotions of sales at markets, shops or warehouses;
* sale of franchises or business ventures;
* advertisements for restaurants, exhibitions or trades services;
* promotions of pornographic websites or services; and
      advance fee or Nigerian scam2 emails, get-rich-quick schemes and gambling services.
*
EXAMPLES OF ELECTRONIC MESSAGES THAT MAY NOT HAVE A COMMERCIAL PURPOSE
The following are examples of electronic messages which are not likely to be considered commercial electronic messages:
* community-focussed messages, for example, about the closure of local riding and walking tracks;
* surveys, for example, collecting statistics about the use of public services and utilities; and
* newsletters, for example, providing updates about matters of interest to the local community.

Nuisance messages such as those containing viruses may also not have a commercial purpose and may not be considered to be spam.

Messages of these types however may be subject to separate Australian legislation.

So... if you're a marketing company (doing a survey), a church, political party or charity, feel free to spam whomever you choose - in Australia, or abroad, the government wont touch you.

Re:getting on top of the comments page

[athakur999]

Brilliant!

"No post shall be made until another post has been made first."

I predict the end of all Slashdot troll posts!

Those Aussies...

[nathan+s]

...have some bizarre fetishes.

Unimpressed.

[tpgp]

Colour me unimpressed - the Prime Minister of this country (John Howard) phone spammed the continent prior to the last election, then paid his smug looking son to spam the nation.

Anyway, back on topic, here's an article from a local paper - it contains a link to the actual code of practice (pdf warning)

Should be running already

[fak3r]

Why wouldn't they have this running already? It would reduce wasted bandwith, and make users happier. ISPs should do their best, and let users know in case some crappy 'joke' fwd'd to 100s didn't get through. My suggestions: Graylisting Mailscanner ClamAV Bitdefender Spamassassin DCC checks This will help reduce things CONSIDERABLY - again, if I can do it at home, why can't an ISP have a dedicated FreeBSD box (or two) that just handle this step, and then pass it on IF it passes?

It's appreciated, but...

[Weaselmancer]

It's another token effort.

internet service providers (ISPs) will bear some of the responsibility for helping fight spam.

Some is not all, which means that any percentage they block meets the requirement. If they delete one, and pass 1000 - that fits the definition of some.

ISPs will also be compelled to impose 'reasonable' limits on subscribers' sending email.

Do any spammers use their own account for outbound spam?

Re:Why not implement SPF?

[Bromskloss]

(-- this comment has not yet been proved to be non-spam and is therefore not visible to you --)

psst.. because people want to communicate sometimes also.

hear, hear

[XanC]

SPF, I think, is a great idea. And it can be implemented gradually. The receiving server doesn't have to simply drop messages without SPF; that's just one input to that decision.

As more and more people put SPF into their DNS, the punishment for a message not having it can increase. In turn, then, more and more people put SPF into their DNS.

Let's get the ball rolling!

http://en.wikipedia.org/wiki/Sender_Policy_Framewo rk

What gives?

[Khammurabi]

The title of the article is "Getting on Top of Spam Down Under," and I haven't even seen one v1@grA joke yet.

Re:ISP

[hedwards]

Personally, I still have my first email address from circa 1997. I have used it for a number of years on forms and I am sure that a google search would find numerous listings.

Right now I get approxamtely 10-15 spam messages a day. That is without any sort of blocking and is on the high end of what I generally get.

Surprisingly the majority of spam actually goes away if you unsubscribe from it at the bottom. I used to get 1500-2000 spam messages a week until I started unsubscribing.

I am currently trying out http://www.bluesecurity.com/ to see if that improves things even further.

It had to be done.

[HUADPE]

Your government advocates a

(x) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid government for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Laws hit ISPs because Foreign Spammers ignore them

[billstewart]

The reason to make laws telling ISPs to fix the problem is because laws telling spammers not to spam at best would only stop domestic spammers, not foreign spammers. So if Australia actually wrote an effective anti-spammer law, it would push Aussie spammers offshore (or get them to spam Americans and leave spamming Aussies to us and the Chinese.) Of course, the politicians haven't written an effective anti-spam law, and it's not clear that such a thing is possible, so they're dealing with their previous failures by telling somebody else to fix the problems, and the ISPs are the other people who've got some ability to do it.

If they write laws that are too draconian, they'll break all the Aussie email providers and ISPs, and you'll will be stuck using Telstra to reach email providers in the US or Hong Kong - and Linux users probably won't be able to run their own email at home unless UUCP slides by the rules...

"Getting on Top of Spam Down Under"

[SeaFox]

Hey, that sounds like the title of a spam message I recieved recently.