Australian Rules to Crackdown on Spam

siffty writes "Internet service providers could face huge fines if they do not provide spam filtering or impose email sending limits under new rules set down by a communications watchdog. The Australian Communications and Media Authority ( ACMA Media Release ) today registered the world's first legislative code of practice for internet and email service providers. Dealing with unsolicited email or spam costs business and home internet users millions of dollars each year in wasted time and upgrading security systems. But under the new code, ISPs will have to offer spam filtering options to subscribers and provide a system of handling complaints. They will also have to impose reasonable limits on the rate at which subscribers can send email."

That's all fine & good

[70Bang]

But here in the US, we need to have something which actually works. The DMA (Direct Marketing Association) wrote the law - in order to guarantee opt-in wasn't a premise because they didn't believe it to be "financially viable option" translated: if we can't ensure our ability to make money, it's its a bad thing. Those who have been interviewed about the issue and have been willing to discuss it have admitted it left a long skid mark.
I can pull up the cite if someone wants it.


If spam legislation is supposed to work, why do we get more? It can't be because we don't click on the opt-out list. Those are a crock. I've seen some which do nothing more than display text files which say, "Thanks!" and an error is produced because they didn't know what they were doing with VBScript under ASP.

Depends on what the % means.

[Chuck+Chunder]

The quote only really makes sense if it means that 1% of all email sent in Australia is spam, not that 1% of spam is Australian.

It's so badly worded it could mean anything though...

1/sec, 50/min, 200/hour, 1,000/day.

[khasim]

Now, 1,000 messages a day should far exceed the needs of 99% of the legitimate home users out there.

The problem with rate limits is that there are a few people who will have a legitimate need to send more than 1,000 messages a day, every day.

And the ISP costs go up once any of their tech support people have to answer a phone because your joke of the day list is being blocked after 1,000 sendings.

There's no easy way around this. Somewhere, someone is going to have to pay money to start solving this problem.

Conflicting agendas.

[khasim]

I don't know about you, but here's what I want:
#1. No one sending me ads if I haven't, personally, given you my email address.

#2. When I opt out, you drop me from all further ads and "informational" mailings. You only send me my invoice and my shipping notification.

#3. You send me, once a month/quarter/year, a notification that I am on your list so that I may change my address or opt out at that point. This is very helpful if I am an email admin and I'm trying to be nice and opt-out people who are no longer at the company.

Now, what the advertisers want is:
A. A list of people that they can send ads to, cheaper than snail mail.

B. See A.

So, looking at it in that fashion, you can see why there is a problem.

If the legitimate retailers would just start behaving like legitimate retailers, a big chunk of the spam problem would vanish. But they won't.

Re:Conflicting agendas.

[ahodgson]

Technically, without fully signed messages, theres no way a business can determine if YOU signed up for a mailing list or if somebody else did it for you.
There is no way round this with current practices.

Confirmed opt-in is the industry standard. Send one message with a cryptographically strong token that must be clicked on or returned to confirm that the addressee wants to be on the list. If you don't get confirmation, you never email that address again. It's been available forever and works fine. "Marketers" may not like it, because it doesn't integrate with their CRM crap spamming software, but it has to be done.

So is political spam still exempt?

[0x00]

The Prime Minister, John Howard, used spam provided by his son's company in the last election campaign. Unsoliticated email was sent containing Liberal Party election material to voters.

http://www.abc.net.au/news/newsitems/200408/s11863 89.htm

--

0x00

Re:Oi

It really does seem that there's no situation that Australian politicians don't reflexively pass laws to address. It's a sign of an unstable society, quite frankly.

I once asked an Australian why a country that's stereotyped as being full of rugged individualist types was so hell-bent on becoming an Orwellian nanny state. He replied, "Aw, nobody pays attention to all those laws anyway."

I guess that works OK, until they come for you with the heavy artillery.

Re:Logging IP Address

[grrrl]

7 days is a bit of a joke.. what this means in reality is that ISP's will now have to store your account name, IP address and logon-logoff times in a db. Sounds to me like law enforcement want more evidence available for either prosecution or spying.

well, I can log into my ISP's web-based account manager and get my login/logout times and IP details for the last month.

how can you assume they aren't keeping track already?? the implementation seems trivial.

Re:Stupid.

[FireFury03]

If the ISPs, all ISPs, set a maximum of, say, 1 outgoing email per second for all of their general users, wouldn't that make a zombied PC too slow to be viable? If not, how about 1 per 5 seconds? Or 10?

It would do absolutely no good because the limits would almost certainly be placed on the number of mails being relayed through the ISP's servers and spammers don't do this - they either send directly from a compromised machine or via an open relay.

Stopping people sending directly would be a Bad Thing (I for one only use my ISP for an internet connection, I don't use their mail servers, etc).

Passing some laws that require ISPs to kick customers off who run open relays would be a good start (and very easilly testable). Kicking customers who don't patch their machines would also be an excellent idea but hard to test.

IMHO the ISPs should do a "credit rating" type system like the banks use - if you're shown to get cracked regularly and/or don't clear up your mess quickly then you get a bad "internet rating" and no ISP will give you an unfiltered account. I.e. persistent offenders will end up with only being able to surf the web. At the moment there really is no motivation for people to run secure systems - most trojans and worms don't actually cause much trouble for the owner of the compromised machine. (If people lost all their work whenever they got compromised they might give more of a damn :)

A Real Spam Solution

[trazom28]

How about a law that requires up to date anti-virus software on everyone's computer. Granted, enforcement would be a bitch, but hear me out on this one..

Judging from the customers that come through the door and the complaints, a good.. 75-80% of spam seems to originate not from one person sending out massive emails.. but rather trojan zombie computers. 300 compromised computers on a high speed connection of any kind, sending a small volume of spam mail make a significantly bigger impact than one uncompromised machine at a spammer's house sending out email.

Ok.. now you may shred this idea up :)

Re:Oi

[aXis100]

It's just a slow news week is all. The Australian government regularly does stupid things, it's just this week it got noticed by the press.

Most of it never eventuates because Howard does a backflip once he's reminded that 80% of the Australian people think he's a twit.