France Launches Anti-Spam Platform

njondet writes "French-law.net reports that the French government has just launched 'Signal Spam', an anti-spam platform created in association with public entities and private companies, such as Microsoft. Internet users will be able to report spam messages by mailing them to this platform which will act as a centralised monitor of spamming activities. The platform will generate a blacklist and help initiate prosecutions against spammers."

Better as a Private Service?

[MankyD]

This is where the libertarian in me comes out and wonders if these things aren't better left to the private sector. On the other hand, perhaps having this information sent directly to authorities will result in more prosecutions (or more successful prosecutions) under laws similar to CAN-SPAM, (or maybe that's just wishful thinking.)

I wonder how long before...

I wonder how long before we see a massive DDOS attack against the infrastructure used to run this.

Reinventing the wheel?

[Arkaic]

This seems like an unnecessary duplication of effort. There are already established providers of blacklists, such as spamcop. Why not work with them and help develop easier ways for users to report spam via their email client?

Yes this'll work

[Colin+Smith]

Because.

1: We all know how quickly the law works... Talk about a bottleneck.
2: Most spammers operate outwith the control of any single government.
3: Many spammers operate through compromised proxy systems.

Still, at least they're being seen to be doing something and this is the important bit for the politicians.

How much input to the citizens have?

[ancientt]

I'm thinking this is a good idea, get a serious organization behind fighting spam, not just one with serious goals and effort but one with serious authority. I wonder if the citizens (who are ultimately paying for it of course) have much control over how it is set up? I can envision a conflict between our marketing department and the government going something like this:
Marketing: "No, it's not spam, we put in opt out links and only send it to people we have a relationship with."
Gov: "But 200 people called it spam, you're now listed as a spammer. Sorry."
Marketing: "That's no fair! How do we change our status?"
Gov: "The will of the people has spoken, but I don't have lunch plans, maybe the people could buy....?"
Marketing: "Do you like steak?"
....Fast forward two years...
Gov: "I realize our office receives a lot of criticism for not allowing the public to mark mail as spam, but in reality many of the emails we receive are legitimate businesses using legal means to advertise. We will not allow the public to slur the good name of reputable companies."

more like ENABLE-SPAM Act ..

[rs232]

'having this information sent directly to authorities will result in more prosecutions .. under laws similar to CAN-SPAM'

CAN-SPAM doesn't ban SPAM, what it does do is legitimise the sending of unsolicited commercial e-mail and specifically forbids e-mail recipients from suing the spammers. It's one of those Acts that do the exact opposite of what the name means. As such it should really be called the ENABLE-SPAM Act of 2003.

was Re:Better as a Private Service?

Re:more like ENABLE-SPAM Act ..

[Phroggy]

CAN-SPAM doesn't ban SPAM, what it does do is legitimise the sending of unsolicited commercial e-mail and specifically forbids e-mail recipients from suing the spammers. It's one of those Acts that do the exact opposite of what the name means. As such it should really be called the ENABLE-SPAM Act of 2003. Not quite. CAN-SPAM does legitimize the sending of unsolicited commercial e-mail with certain restrictions, but it also clearly defines e-mail that doesn't meet those requirements as being illegal. Virtually every single piece of spam I get violates the requirements of CAN-SPAM and is therefore illegal under US law. If CAN-SPAM were aggressively enforced, it would have a huge impact in reducing the amount of spam that gets sent. Any spam that is legal under CAN-SPAM is trivially easy to filter out through technical means, and if we did start to see legal spam, Congress could simply amend the law to address the problem.

To reiterate: while CAN-SPAM does define certain types of spam as legitimate, that's OK because none of the spam being sent is that kind of spam. If this changes, the law can be fixed later.

However, you are correct that CAN-SPAM also prohibits individuals from suing spammers. If the government were doing its job and aggressively prosecuting them, then private lawsuits would be redundant and unnecessary, and I'm sure that was the original thinking. However, that's not happening. That's a problem.

Your post advocates a...

[RareButSeriousSideEf]

Your post advocates a

(x) technical (x) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

It may help.

[khasim]

Depending upon how it is implemented and how they evolve it.

1: We all know how quickly the law works... Talk about a bottleneck.

But it seems to be the only way to actually get the spammers. Filtering doesn't affect them. Their bandwidth is essentially free.

2: Most spammers operate outwith the control of any single government.

Not really. Each individual spammer lives in a country and is governed by the laws of that country. No single set of laws govern ALL spammers, but you can target some of them.

3: Many spammers operate through compromised proxy systems.

The technology should just be one aspect of this.

The spammers usually don't send out crap on their own (unless it is to advertise their services). This is one of the classic "follow the money" issues.

The Register ran an article that I cannot find right now. It was about how Company A hired Company B to send out ads to certain addresses. Company B hired Company C to send the ads. Company C needed more names so it bought a list of email addresses off of eBay from Person D.

It's easy for a government to handle research like that. Companies respond a LOT quicker when the request for information comes from their government.

And companies don't like having the government digging through their paperwork.

Sure, you risk "Joe Jobs", but overall, it should get the legitimate companies to be a LOT more careful before they outsource their next "email advertising campaign".

And that means that some of the money in spamming will dry up.

Better idea

[OldManAndTheC++]

Duplicate the platform onto a series of servers and put them into reinforced bunkers strung along the border. That ought to stop spam from entering the country.

Oh, and be sure not to leave a gap in the Ardennes...

Re:Centralized Service?

[Kjella]

Haven't we learned by now that centralized services don't exactly function as advertised?

Yes, it's terrible how the DNS root server farm is constantly hacked. Or how the google server farm gets hacked every day to redirect to the goatse guy. What? That doesn't happen? What's happnened in the past with a few is that they've managed to DDoS them out of business, or sue them out of business. The government can throw hardware and bandwidth at it. If people come to rely on it, call it "critical infrastructure". Prosecute anyone trying to hack it as cyberterrorists (sic). Let the spammers threaten to sue it, and laugh at them. And if they do it, pass special laws to protect it from liability. Link it up so whenever there's a penny stock scam, start a SEC (or whatever the French version is) investigation. If there's a drug scam, start a FDA (or similar) investigation.

I'm sure this scares the hell out of spammers - someone with more power than to simply blacklist the servers after the fact, which honestly is running around putting out fires instead of catching those starting them. And even if they turn out to be completely incompetent, nothing stops the current blacklists from running...

Re:Its SO French....

[Ckwop]

They are at it again. Snob, uppish, wants whole world do things in their own way, learn french and whatnot. They isolate themselves, dont join in the international community, and they want whole 250+ countries in the world to listen to what they say.

That sounds an awful lot like the US to me. The US/France relationship reminds me of two brothers who "hate" each other for no other reason that they are so similar. The French are a proud, strong and patriotic nation and so are the citizens of the United States.

On top of this, the French are also more internationally minded than the US. They did start the European Union after all and relinquished control of interest rates to Brussels to adopt the single currency.

Simon.

I wrote Signal Spam

[JohnGrahamCumming]

I wrote the code that is behind this web site. I'll try to answer questions without giving up confidential information if people are interested.

John.