Slashdot Mirror

← Back to Stories (view on slashdot.org)

CAN-SPAM Act Turns 5 Today — What Went Wrong?

Posted by kdawson on from the calling-mister-hormel dept.

alphadogg writes "Five years ago, the US tech industry, politicians, and Internet users were wringing their hands over the escalating problem of spam. This prompted Congress to pass a landmark anti-spam bill known as the CAN-SPAM Act in December 2003. Fast forward five years. The number of spam messages sent over the Internet every day has grown more than 10-fold, topping 164 billion worldwide in August 2008. Almost 97% of all e-mails are spam, costing US ISPs and corporations an estimated $42 billion a year. What went wrong here?"

15 of 301 comments (clear)

  1. hint:criminals don't follow laws by hguorbray · · Score: 5, Insightful

    especially when they are anonymous(or at least obfuscated) and in many cases, overseas and therefore beyond prosecution under this law

    'I'm just saying

    1. Re:hint:criminals don't follow laws by Chris+Burke · · Score: 5, Funny

      Thanks for the hint! Now I know why my life of crime has been so slow to take off.

      --

      The enemies of Democracy are
    2. Re:hint:criminals don't follow laws by SgtAaron · · Score: 5, Interesting

      especially when they are anonymous(or at least obfuscated) and in many cases, overseas and therefore beyond prosecution under this law

      After tiring of the increasing load on our incoming mail servers running spamassassin, I undertook to spend a couple of days finding as many netblocks that ONLY have spam coming from them.

      It's shocking really, that I ended up spending more than two days since there were so many spread out all over the place at various colo companies. And I'm sorry to say that what I found is that nearly all of the snowshoe spammers I found were riddled around in colos here in the US. There are a bunch of ISPs out there that seem to be making a bunch of money from snowshoe spammers, so much so that they don't mind allocating half of a damned /19 for the spammers to use and populate with randomly generated domain names. And, of course, just to make it easier for us poor and broke sysadmins, these colos don't just put them all into nice contiguous blocks of IP addresses. I've about given up complaining to the likes of GalaxyVisions, Pacific Internet Exchange, AboveNet (yes, Abovenet is these days hosting lots of snowshoe spammers--sad). The list goes on and on.

      I'm up to ~375 netblocks we no longer accept SMTP connections from. The load average on our three MXs is usually about half what it used to be now.

    3. Re:hint:criminals don't follow laws by the_womble · · Score: 5, Insightful

      It may be obvious, but it was not obvious to legislators....

      Unless, of course, its more important to them to be seen to do something, rather than actually do something effective (like providing a budget for enforcement).

  2. What went wrong here? by flaming+error · · Score: 5, Insightful

    1) Legislation was flawed
    2) Problem transcends US Jurisdiction
    3) Enforcement is spotty at best
    4) Idiots buy their stuff

  3. Re:More enforcement would help by SomeJoel · · Score: 5, Insightful

    Yes, well, while the RIAA can evidently track down and prosecute a 6 year old downloading "Wheels on the Bus", the U.S. government can't seem to figure out which companies are responsible for the SPAM, even with all the contact information that must be available for the SPAM to have any value whatsoever.

    --
    <Complete your profile by adding a signature!>
  4. what went wrong? by Anonymous Coward · · Score: 5, Insightful

    Anything that fails to remove the financial motivation behind sending SPAM will fail to prevent SPAM.

    No one in their right mind ever thought CAN-SPAM would have any tangible benefit.

  5. Making things illegal WORKS by Anonymous Coward · · Score: 5, Insightful

    Remember when we made weed illegal and now you can't buy... ooh, wait a second.

  6. What went wrong? What could have gone right? by Antique+Geekmeister · · Score: 5, Insightful

    Quite seriously, this law was specifically not aimed at spam. It was aimed at certain types of online fraud, and it deliberately took power away from local law enforcement to put it in the hands of a federal power that does _nothing_ about mere spam. It was carefully designed to allow 'opt-out' advertisements, and that first advertisement from any spammer, and it was carefully legislated that way by the Direct Marketing Association to avoid interfering with the advertisements of their funding agancies. It was also carefully designed to overrule more effective, state efforts.

    Such laws should instead be modeled on the junk fax law, which has withstood the test of free speech challenges and ease of prosecution.

  7. Obligatory by Anonymous Coward · · Score: 5, Insightful

    Your Congress advocates a

    ( ) technical (X) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    (X) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    (X) Lack of centrally controlling authority for email
    (X) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    (X) Asshats
    (X) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    (X) Willingness of users to install OS patches received by email
    (X) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    (X) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    (X) Technically illiterate politicians
    (X) Extreme stupidity on the part of people who do business with spammers
    (X) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (X) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    (X) Any scheme based on opt-out is unacceptable
    (X) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (X) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    (X) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    (X) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your
    house down!

  8. Re:More enforcement would help by thetoadwarrior · · Score: 5, Funny

    But the spammer is just a business man trying to make money. However the 6 year old is an evil communist terrorist trying to spread socialist values by stealing music. He deserves nothing less than a good water boarding at Guantanamo Bay.

  9. Re:Nothing went wrong by dgcaste · · Score: 5, Funny

    Or better yet, read the page title. Pretty sure it reads "I can spam". Yes I can.

  10. Re:Legislation fixes nothing by dgatwood · · Score: 5, Interesting

    Just to clarify, it is technologically trivial, but nearly impossible to actually implement in a way that completely blocks spam for everyone because it requires complete adoption before you can start rejecting all non-compliant email. Basically, we'd be better off just starting a new email system in parallel and letting the old one die off as people stop using it.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  11. Re:Laws just hamper the law abiding by gandhi_2 · · Score: 5, Funny
    In the town of Virgin, Utah it is legally mandated that every household that can legally have a firearm must have one.

    You don't see too many terrorists there. QED.

    --
    THL phish sticks
  12. Re:Laws just hamper the law abiding by geckipede · · Score: 5, Funny

    I would really like to see (preferably from a safe distance) that approach tried in a large city, but only because years of action films have desensetised me to violence and I think it would be hilarious.