While the porn industry certainly uses spam, there are (hard to believe) some companies which run fully confirmed opt-in mailings that outsource because (hard to believe) email done right is not in most company's capabilities.
These 3rd parties are concerned about the abusive use of the do-not-email list, including the following: 1) The only company providing those services (http://www.unspam.com/) is the one lobbying for the laws. We don't seem to appeciate things like Cheney pushing Halliburton; should we accept the same for the do-not-email? Their solution is the very one the FTC suggested was a disaster in the report linked below; should we assume that the states did a deeper investigation of the implementation issues than the multi-year FTC one? 2) The list doesn't solve the very problem it is supposed to handle. That is, it provides an easy way to detect who are kids on the list, and then hammer-mail them with kid-oriented spam. Sure, less porn, but more spam. That seems like a problem to me. 3) Others have mentioned the forgery issues: If you get joejobbed, the current law in MI (and proposed in Utah) doesn't care. You are liable. Too bad. 4) Its a state level law, meaning that its close to impossible to use against international mailers. 5) Legit companies _agree with you_ that spam is bad. However, like many slashdotters, they think dumb laws (like DMCA) i.e. poor implementations, are bad and should be removed. The Mich and Utah laws and approaches are bad ways to solve important problems.
Previous posters are correct about spamgangs and other issues there... but not all direct marketers are spammers. If you are stupid enough to believe that all marketing is bad, etc. etc., feel free to put your name on the current do-not-email http://www.ftc.gov/reports/dneregistry/report.pdf is the link to the FTC's report, which includes many of these ideas expanded.
Ok, hold off on the trojan thing for just a second. If they are logging IPs that they believe pirated software, and they report these on a site, then they are doing nothing wrong. They are doing the same thing that an anti-spam blacklist (or blocklist) does: They report their opinion about specific IPs.
Obviously, spam IPs are handed out on message headers, while these people used a software tool to get them. But IPs aren't all that hard to snag; they could just have easily taken pirated software, re-zipped them with a password, and then packed them into another zip file with a readme.html containing the password. That readme.html would have an image tag, iframe, or other server request to give the IP. User loads up readme.html to get the password, IP is logged, and in the passworded zip file is a corrupted file that is the right size, but won't execute, so it looks like "legit 0-day" but isn't. These vigilantes wouldn't be guilty of distributing anything, and they would still have the IPs of the downloaders.
So, I agree that the use of the spyware oriented sw is not cool. But as much as I think they are jerks, I can't fault them for just reporting IPs and their opinions about them. IANAL, so I have no idea about legality of this, but if MAPS is legal, then so is this.
The classic problem with so many "click the picture to prove you are human" email checks is that we don't always care if the user is human.
The default case, my friend sending mail to me, is easy to come up with. And for signups for services, its nice to know that we have a breather on the other end of the line.
But I don't really care that the "your order has been shipped" email or my "$100 gift certificate code" is sent by a person. If I have a turing test on my email system, no one will click... and I will never see my messages. And will I really, honestly add domains or ips of every company I interact with to some whitelist? Should companies have to hire "clickers" to just deal with all these turing responses?
And, of course, don't forget all those lists you are on: the "new version" announcement lists, the "changed page" lists, the "weather alert" mailers... there are lots of mails I do want, which are machine generated, and will never have a human to turing test with.
The average user has no way of knowing the mailer IPs or domains of all the mail they may want to get... and so requiring all those mails to have a human behind them means that we give up some of the power and magic of our technology.
Tech, from the lever to the rocket, is about empowering a person to do more than they could do alone. Instead of requiring a person to send out thousands of "your order has shipped" announcements manually, we empower him or her to send out thousands automatically in seconds. Let's not throw away some of this power just because we think every mail should be sent and confirmed just by a person.
Let's make sure to differentiate "person to person" messages from "entity to person" messages, where entity may be a company, a service, an alert, or any other type of object which can message me. Whatever solution we wind up with, we have to find a way to make it easy to know about and allow these, while still eliminating bad bulk.
They came up with similar processes to both filter and to categorize. Bayesian analysis is a very flexible, and while Paul Graham is not the first to try this, his work looks very exciting.
I had nothing to do with any of this work; just a fan of Bayesian research.
Look at http://guggenheim.org/exhibitions/virtual/index.ht ml to see the great virtual exhibits, including Cyberatlas (reachable directly at http://cyberatlas.guggenheim.org/home/index.html). These are some of the most innovative of the many "internet maps", reflecting the variety of ways to understand the internet as a communications medium.
Slashdot Mirror
While the porn industry certainly uses spam, there are (hard to believe) some companies which run fully confirmed opt-in mailings that outsource because (hard to believe) email done right is not in most company's capabilities.
These 3rd parties are concerned about the abusive use of the do-not-email list, including the following:
1) The only company providing those services (http://www.unspam.com/) is the one lobbying for the laws. We don't seem to appeciate things like Cheney pushing Halliburton; should we accept the same for the do-not-email? Their solution is the very one the FTC suggested was a disaster in the report linked below; should we assume that the states did a deeper investigation of the implementation issues than the multi-year FTC one?
2) The list doesn't solve the very problem it is supposed to handle. That is, it provides an easy way to detect who are kids on the list, and then hammer-mail them with kid-oriented spam. Sure, less porn, but more spam. That seems like a problem to me.
3) Others have mentioned the forgery issues: If you get joejobbed, the current law in MI (and proposed in Utah) doesn't care. You are liable. Too bad.
4) Its a state level law, meaning that its close to impossible to use against international mailers.
5) Legit companies _agree with you_ that spam is bad. However, like many slashdotters, they think dumb laws (like DMCA) i.e. poor implementations, are bad and should be removed. The Mich and Utah laws and approaches are bad ways to solve important problems.
Previous posters are correct about spamgangs and other issues there... but not all direct marketers are spammers. If you are stupid enough to believe that all marketing is bad, etc. etc., feel free to put your name on the current do-not-email http://www.ftc.gov/reports/dneregistry/report.pdf is the link to the FTC's report, which includes many of these ideas expanded.
Obviously, spam IPs are handed out on message headers, while these people used a software tool to get them. But IPs aren't all that hard to snag; they could just have easily taken pirated software, re-zipped them with a password, and then packed them into another zip file with a readme.html containing the password. That readme.html would have an image tag, iframe, or other server request to give the IP. User loads up readme.html to get the password, IP is logged, and in the passworded zip file is a corrupted file that is the right size, but won't execute, so it looks like "legit 0-day" but isn't. These vigilantes wouldn't be guilty of distributing anything, and they would still have the IPs of the downloaders.
So, I agree that the use of the spyware oriented sw is not cool. But as much as I think they are jerks, I can't fault them for just reporting IPs and their opinions about them. IANAL, so I have no idea about legality of this, but if MAPS is legal, then so is this.
Michael
The classic problem with so many "click the picture to prove you are human" email checks is that we don't always care if the user is human.
The default case, my friend sending mail to me, is easy to come up with. And for signups for services, its nice to know that we have a breather on the other end of the line.
But I don't really care that the "your order has been shipped" email or my "$100 gift certificate code" is sent by a person. If I have a turing test on my email system, no one will click... and I will never see my messages. And will I really, honestly add domains or ips of every company I interact with to some whitelist? Should companies have to hire "clickers" to just deal with all these turing responses?
And, of course, don't forget all those lists you are on: the "new version" announcement lists, the "changed page" lists, the "weather alert" mailers... there are lots of mails I do want, which are machine generated, and will never have a human to turing test with.
The average user has no way of knowing the mailer IPs or domains of all the mail they may want to get... and so requiring all those mails to have a human behind them means that we give up some of the power and magic of our technology.
Tech, from the lever to the rocket, is about empowering a person to do more than they could do alone. Instead of requiring a person to send out thousands of "your order has shipped" announcements manually, we empower him or her to send out thousands automatically in seconds. Let's not throw away some of this power just because we think every mail should be sent and confirmed just by a person.
Let's make sure to differentiate "person to person" messages from "entity to person" messages, where entity may be a company, a service, an alert, or any other type of object which can message me. Whatever solution we wind up with, we have to find a way to make it easy to know about and allow these, while still eliminating bad bulk.
Michael
Feel free to review the work at http://research.microsoft.com/~horvitz/junkfilter. htm
They came up with similar processes to both filter and to categorize. Bayesian analysis is a very flexible, and while Paul Graham is not the first to try this, his work looks very exciting.
I had nothing to do with any of this work; just a fan of Bayesian research.
Michael
http://cyberatlas.guggenheim.org/home/index.html
Enjoy, Michaelhttp://www.cybergeography.org/ perhaps?
Look at http://guggenheim.org/exhibitions/virtual/index.ht ml to see the great virtual exhibits, including Cyberatlas (reachable directly at http://cyberatlas.guggenheim.org/home/index.html). These are some of the most innovative of the many "internet maps", reflecting the variety of ways to understand the internet as a communications medium.
Michael