Slashdot Mirror
New Opt-Out Clause Makes CAN-SPAM Worse
snydeq writes "Three years of mulling, and the FTC has made the CAN-SPAM Act worse, writes Gripe Line's Ed Foster. Chief among the offenses in the FTC's updated rules is an even worse approach to opt-out procedures. In the future, in scenarios where multiple marketers use a single email message to spam you, 'only one of the senders — the one in the From: field — need be designated the official sender who is responsible for honoring opt-outs,' Foster writes. Translation? 'Other "marketers" who used that spam message, not to mention the spamming service that actually provided the email address list, don't need to honor opt-outs. So try as you might to get yourself off a list, the real spammer can just keep changing the designated sender in the From: field and legally keep on spamming you.' The irony of the CAN-SPAM moniker gets thicker."
At least the accuracy of the moniker is increasing. Better than PATRIOT act, digital rights management, etc.
They should have named it "MAY-SPAM"
Come on folks you've got to admire sheer dumb ass brilliance of this level. This isn't a matter of minor incompetence this is world class stupidity. Checking my SPAM folder at the moment I picked out a few that looked similar and everyone had a different email address
So in other words this brilliant change in the rules now means that SPAM isn't SPAM. Maybe that is the real way to get rid of it... just define that it doesn't exist.
There is no poverty in North Korea either apparently.
An Eye for an Eye will make the whole world blind - Gandhi
Just think I can have all kinds of people who had a dead uncle leave me millions of dollars in a Nepal lottery and now can't touch the money without offering me a job processing money orders for 50% of the take and a free bottle of Viagr14!!!!
Like arts? Like cheesy little Indie mags? Check out www.artwerkmag.com, and don't laugh at the bad coding please.
Whitelist is your friend
2. Things that are done for money are good. Corollary: people wouldn't do good things but for being given money. Well, we wouldn't, and we have no problem extrapolating to everybody.
3. Spamming is done for money.
4. Therefore spamming is good.
Other "marketers" who used that spam message, not to mention the spamming service that actually provided the email address list, don't need to honor opt-outs
Damn! I guess this means an end to the three wonderful years of relief we've all enjoyed from spam thanks to the oh-so-effective initial rules.
Seriously, this change really doesn't matter, except it will let the FTC claim success due to a massive drop in the number of "valid" complaints against spammers. Whining that it weakens the existing law strikes me as similar to complaining that a serial killer violated a restraining order.
I fully expect within the next few years we will see average Joe hacker ... as in a person who likes to fool with technology ... begin a personal and secret computer assault against any business or organization who uses the services of spammers.
In other words, if those in power won't protect me, why should I feel I am doing anything wrong to try and protect myself?
If using the services of a spammer gets your network shot down with any sort of reliable regularity, it seems logical that using them is going to become a harder and harder decision to justify. Make 40G's using the spammer, spend 37G's fixing the network damage that follows.
In the long run, I see this fight as one that cannot go any other way.
In B.C., our fascism is green.
It seems that they managed to take a completely toothless act, and make it even less helpful.
I guess it is no wonder that congress has managed to somehow attain an even lower approval rating than our current commander-in-chief, seeing as they managed to squirt out something like this instead of dealing with important national issues.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
This can work. After all, most spammers comply with the rest of the act and are legitimate, honest and upright business owners, right?
I mean, such good people would surely include a visible and operable unsubscribe mechanism, honored quickly and used only for compliance purposes.
And they would provide relevant subject lines, legitimate physical addresses, and adult-content labels on their "value-added, pre-solicited sales invitation messages."
And, of course, never falsify header information, use open relays, or send messages to a harvested email address. Right?
Seriously, what are they really hoping to accomplish with this act? Has it done any significant good?
Who do these lawmakers use as expert advisors on technical issues? Members of the Geek Squad that worked for Best Buy for a month, before being let go?
Steve Richter, father and lawyer to "SPAM KING" Scott Richter helped write the CAN-SPAM act. The act is a joke.
and make it easier to transport, for a wider audience.
two more changes, and they can change the name of the bill as well, to "MUST spam."
if this is supposed to be a new economy, how come they still want my old fashioned money?
Stone cold dead.
If you mod me down, I shall become more powerful than you could possibly imagine.
Why not just cut out the middleman and write the spammers directly, giving them my address and asking them to please stop sending me anything, or not to do so in the future if they didn't already have it?
Wish I hadn't just used my mod points today, that was damn funny. I guess some mod just got his first points and doesn't understand humor very well.
0x09F911029D74E35BD84156C5635688C0
First let me qualify by saying that I am not only a lawyer in the Internet and anti-spam industry, but I helped author the "affiliate spam" section of CAN-SPAM, to which this clause is a natural extension. We are also fresh from a teleseminar which we provided on this very subject.
The following is an excerpt from our CAN-SPAM compliance page, which is at http://www.isipp.com/can-spam.php:
In large part, this requirement is an effort to hold affiliate programs responsible for how their affiliates promote them. If the affiliate is honest about who they are, and their "From address", and if they put something in the email about themselves, then the user will be able to unsubscribe from the affiliate's list. But if the affiliate is dishonest, and hides their true identity, then the affiliate program for the product featured in the email (which will be the product being sold under the affiliate program) becomes responsible. In other words, if you are advertised in the affiliate's email, and the affiliate cloaks who they are, you become responsible. By shifting responsiblity for mislabled email to the companies being advertised in the email, there is an incentive for affiliate program managers to more tightly police their affiliates.
Anne P. Mitchell, Esq.
CEO/President
Institute for Spam and Internet Public Policy
http://www.isipp.com/
SO if i opt out of the gripe-line newletter the other 393473 infoworld divisions won't be affected......
wait...what was the gripe again?
ok, not really a problem with them but it does make a nice example
Find the spammers, and impale them. DEATH TO SPAMMERS!
I write sci-fi for metalheads
imagine if I obfuscate all my emails, but always mention an item avaialble from amazon.
every day http://en.wikipedia.org/wiki/Special:Random
The whole opt-out procedure is not practical, unless you could check the certificate of the spammer website maybe :)
Just click on the opt-out link to assure spammers of an active email address (in the best case).
Oh great, more junk on my mail server. Someone lobbied the heck out of the FTC to allow more people to spam us. We need to start with an clean sheet so no one in the USA is on any mailing list then opt in to any list one may like. Opting out of every mailing list is nearly impossible since most of the mailing list "we signed up for" were either stolen from legitimate companies or companies that gone bye-bye and people have "acquired" these list. Most spammer may put a "opt-out" link or email address but reality are just another "sign up" for more spam. Also most spam come from other countries where FTC has no jurisdiction.
Please FTC, start us with the "clean sheet" method so we can properly opt-in to the mailing we want from legitimate USA companies since already get tons of spam from foreign countries in which you have no control over.
Your post advocates a
( ) technical (X) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
(X) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
( ) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
(X) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Kayamon
Spam lacks sufficient definition. While there are certain things that most of us can agree are spam, there is a sufficiently large gray area that it's not really possible to define clearly as law.
However, some things are absurdly easy to define -- take freedom of speech. You are allowed to say pretty much what you want, where you want, short of "Fire!" in a crowded theater. No one has yet found a way to twist the First Amendment into meaning something it doesn't -- into somehow meaning, for example, that all speech except blasphemy is protected.
Murder is another one. Killing someone on purpose is murder, short of self-defense or actual war.
I think net neutrality is sufficiently easy to define that if we can get any law right, it should be this one. ISPs should transfer all packets to where they are addressed, with no preference given to one packet over another -- except for a specific customer, at their explicit request (if I ask for a spamfilter, they may intercept port 25.)
Granted, telcos may subvert the process, but I'd rather at least try than have no legislation at all.
Don't thank God, thank a doctor!
Did anyone actually think CAN-SPAM would actually help?
I want to delete my account but Slashdot doesn't allow it.
How about we just allow fucking Viagra to be sold over the counter, without a prescription at any drug store? Pick up a hot dog, slurpee, the latest issue of Low Rider, oh, yeah, and a vial of Viagra.
Shouldn't that at least cut out the Viagra spam?
It would hinge on the definition of the word "advertise." Since a court would be the one to define that word (unless it's defined in the act), I highly doubt they (or the legislature) would define "advertising" as you mentioning an item available from amazon.
The law is ridiculous, but not that ridiculous.
CAN-SPAM is a farce, anyone who believes otherwise either does not have an inbox or thinks the Internet is made of tubes.
This change essentially has no effect for me or anyone with half a brain. You should never respond to the "remove me" link in spam. It only serves to tell the sender that a human actually read the message and confirms your existence. This is dealing-with-spam 101.
There is currently no better or more lucrative way for a terrorist organization to raise funds than by spamming: 1. Billions of dollars spread across a multitude of tiny transactions are moved using this method, 2. The U.S. government hasn't made anti-spamming a priority and is thus far helpless to stop spammers, 3. Nothing puts a smile on a terrorist's face like purchasing a load of weapons using money generated by marketing drugs to the people he hates.
Support a jihad! Buy some V14gar4 today!
You are lazy. How about *you* look up a link which you think either supports or refutes the claim, and then post it here to share with the rest of us, rather than wasting electrons, and oxygen, come to think of it.
It is clear to all sufficiently-experienced observers that the CAN-SPAM act was designed and intended to provide a legal pretext for spam. The earnest support and widespread participation of some of the largest and most notorious spammers provided ample evidence of that, even before the precise language was agreed to. Everyone who is actually anti-spam opposed CAN-SPAM and continues to do so -- they recognize that the bill is utterly worthless, e.g., it fails to even use the correct definition of spam. (To wit, "unsolicited bulk email"; all other definitions are put forth by ignorant newbies or spammers; there are no exceptions.) Best practice is to instantly and permanently blacklist anyone or anything citing CAN-SPAM compliance for their actions: they are the enemy.
I've spent a lot of time training SpamAssassin and exim with RBLDNS lists of known spammers. And feeding spamassassin with corpuses of spam on a regular basis. I've reduced the spam incoming to peoples boxes from 1000's to 18 per day throught the whole organisation. The boss hasn't given em a promotion yet but I deserve one for being the SPAMINATOR!! SO CAN-SPAM VERSUS THE SPAMINATOR, lets get ready to ruuuuuummmmmbbbbblllllleeeeee!
It seems to me that we could do a lot better just by taking a few smaller, more realistic steps.
For example, "e-mail 2.0" could provide a standardised way of identifying legitimate sending relays for given domain names, the kind of technique currently used (but in a non-standard, loophole-ridden, poorly-supported fashion) by SenderID, DomainKeys et al.
We could improve the error message system, as well. Just this week, a domain I administer got hit with hundreds of bounce messages per minute for a while, because someone kindly sent out a mass spam run with "webmaster@my.domain" as the From: address and a zillion lemming sysadmins kindly bounced it back to me. This is not a commercial set-up and beyond a certain threshold I have to pay for the bandwidth I use, so this did not amuse me: I have decent spam filtering myself, and I don't need thousands of systems who don't to wrap up the spam in a nice, relatively filter-proof way and send it right back to me!
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
and doesn't have to.
I'm not going to bother getting into the specifics again, but if you want no spam and no lost email - just write a program that does the same thing with your email that you do. It's really not that hard, you can even do with using just a series of cascading filters. The only spam I've gotten in the last *decade* was 2 instances of a clueless spammer who was manually verifying himself to my system. And I've never had anyone tell me they sent me an email that I didn't get.
Spam is a *very* easy problem to fix, because all spammers know about you is your email address - whereas anyone you'd actually want to hear from either knows a wee bit more, or can pass a simple challenge-response sent to the reply to address(because real people don't use fake ones).
The only pisser is that automating it ain't cheap, because you have to do a lot of processing to really simulate how you do things. Oh, and you can get your web host black listed if you try to process more than 2 high spam accounts because it sends out so many non-deliverable challenge response emails. You won't have the problem if you write it on the client side though - and trust me, it takes less time than dealing with spam.