You apparently didn't RTFA that you just linked to. The Senate has passed a bill. The Senate has passed another bill which is similar, but different. Before anything goes to the president (who I'm sure will sign whatever nonsense they eventually agree on) they have to pass the same bill. That has not yet happened.
I'd just as soon they agree, pass it, and see just how useless it is. After that, maybe they'll consider a true anti-spam law, instead of one designed to make spamming OK.
I agree. I believe this law will lead to more spam, not less. However, I'm still in favor of it.
Why? Because the politicians are not going to outlaw spam until they've tried some nonsense approach like this one. A year or two from now, it will be clear that this law was completely useless and did not help. At that time, it's possible that they'll do what they should have done in the first place, and require confirmed opt in for any email advertising.
Without this step, the next step will never happen. So while I consider it useless, I still think it is necessary.
The DMA admins the MPS - Mail Preference Service. Likewise, they have something called EMPS - EMail Preference Service. You can sign asking that they not market to you.
The DMA requests that their members honor those lists. The DMA does not, however, require their members to honor those lists.
I'm sure that some of the marketers actually do remove you. I've also heard of people signing up using a fake name, or adding a apartment number (even though they have a house), and having mail come to the fake name or with the Apt # in the address, so at least some of the marketers use that list as a way to *find* people to market to.
Personally, I get very little junk mail, and I haven't signed up, because in my case I think it would be more likely to increase the amount I get than to reduce it. If I were already getting a lot of junk mail, I'd sign up.
Most of the spam you get may be routed through machines overseas, but most of it is still probably advertising for businesses located here in the US. It's sent by US spammers, advertising for US businesses and US conmen. (From where I sit, any business advertised by spam is a con, but I'm assuming there may be a dividing line that I can't see.)
See http://www.spamhaus.org/rokso/index.lasso
for their list of the top 200 spammers. I counted (once, quickly) by hand, and actually found 160 listings. Then I counted just the ones that were not based in the US. 30 entries from other places, and 130 from the US.
And I suspect that every spammer on the list, US based or not, is in favor of the "You Can Spam" law that they are trying to pass.
Yes, most good anti-spam filters are server side. And if you run your own server, you have a lot of options.
The vast majority of people on the net do not run the servers. I'd love to run my own, but I can't even get DSL/Cable in this area. I've got to deal with a dial-up. That means I have to let someone else run the server. At that point, anything I want to have any control over is client side. No, I don't use Outlook - but I still end up with a very similar situation, because no matter what email client I use, I'm logging into a POP3 server to download my mail.
Much of the discussion in this thread is interesting to me - but it's also mostly completely useless considering that I'm not able to set up my own server. Give me a static IP and a 24 hour connection (even if it's a slow connection) and I'd do things quite different from the way I do now.
I have no idea what he's talking about when he says "invisible HTML characters", but it does seem to point to a certain technical incompetence, similar to the ostritch belief - "If I can't see you, then you can't see me."
I have no idea how well SpamAssasin handles them, but I know exactly what he's talking about. I've seen a lot of HTML spam where if you read it in a HTML viewer, it looks OK, but if you look at the HTML code itself (I don't allow unknown HTML to process until I see what the hell it is) it looks like crap. The spsm is designed that way. They don't write "Viagra" or "V1agre" or whatever. They put V and some garbage HTML (most HTML viewers throw away nonsense HTML code) and then an "a" and more garbage and so forth. To scan for keywords, you can't just scan for the keyword, you have to parse all the other crap to find out what the text really is. You can use tricks such as #47 and URL obfuscating, in combination.
A good filtering program should also be able to recognize this, not by thinning out the crap, but simply by recognizing that the vast majority of it is crap that is there specifically to thwart the filter. The fact that they are trying to hide what they are saying is pretty good evidence that it's spam. When I email my friends, I want them to see the message, not have to figure it out.
Regardless of what the spammers try, if you don't know what he's talking about, then it's your fault, not his, because it does happen.
You are filtering using a client, not a mail server. Filtering at the mail server level should be done different than mail you sort at the end-user/client level. Using Eudora, OE, Outlook or anything similar, your best bet is to start off with *every* piece of mail being put into one folder. By default, that is you "In" box. In order to get into another mailbox - the ones you really want to read - the mail needs to pass a test. You can't blacklist using keywords or email addresses and filter out all the spam. Whitelist, and make sure that once you've talked to someone once, their mail will go where you want it. It doesn't stop the spam, but it helps insure that the most important mail (mail from people you've talked with before and added to the whitelist) gets seen first.
when you send a 500k listserv digest email to 2,000 people, in the default spam assassin config, it would spawn a perl process for each attempted email.
If SpamAssasin is filtering your outgoing mail, then you aren't very convinced that you don't have spammers. If you know that you don't have any spammers, you don't need to scan your outgoing mail for spam.
POP3 and SMTP are different. I'm not an admin, but I know enough to distrust anyone who tells me that in order to scan incoming mail that you have to scan outgoing mail.
I've only received one spam larger than 256k since setting up spamassassin. Somebody recently sent me a 1MB PDF file. I responded to her, thanking her for it and sending back 3 copies for her to mail on to other people.
I don't mind large emails. Step 1, either they get through the filtering, or they don't. If they don't, they get dumped and I never notice them. Step 2, even the stuff that comes from a friends address doesn't download large messages, it just downloads the headers. Eudora handles that well. I set the size (no, I don't remember what I've got it set to) and on anything larger, I just see a header, the first few lines (if any) of the message, and a size. I can click on "delete from server" or "download next time".
If you were an ISP, you couldn't just throw away everything over 256K without a lot of upset users. I couldn't use your service, as you would be intentionally throwing away a fair amount of my mail. Most of the time, it's jokes and such. Sometimes it's a lot more important than that. Either way, I wouldn't want my provider saying "256K limit" and dumping it. Most real ISP's (not counting freebies like Hotmail or NetZero or AOL) have a much larger limit. If/When that happens, I'll arrange a FTP transfer. With a 256K limit, I would have to do that a lot.
I don't have a problem due to too many large messages. I have a problem with the 400+ small junk messages that I have to sort through before I can get to the good messages.
Most of what they spend my tax money on right now is junk I don't want. I would love for them to spend my tax money making sure that spammers get raped.
The email address in the From line and the computer sending the spam are not related.
Spammers forge email addresses without having to hack into anybodys computer. They haven't hacked mine, but they are certainly sending out spam using my domain name. I know because I see the bounces.
Spammers do, as you say, hack other peoples machines and use them to send spam. If that happens to you, then your computer is sending spam. Unless you let it send a *ton* of spam that way, I don't think you'll have to worry about a $2 million fine. But if your computer is sending spam, you *should* be fined. Secure your system and you won't have a problem. Let it be abused, and you will.
Chances are, long before you get fined, the spam will be reported. If you stop the spam at that point, then they aren't likely to bother to fine you. They have bigger problems, and you're a sort-of-victim. However, if you ignore the complaints figuring 'what do I care?' then you deserve to be punished.
We all know that the government isn't going to do much in the way of enforcing this. The only way that it will be enforced is if the people who are tired of receiving the spam have some method of doing something themselves.
I'm currently dealing with bounces from spammers who are forging my domain into the From field of their spam. That will be illegal under this law (and is already illegal under Texas state law) but the government isn't going to enforce it.
I still think this is a good thing. It won't solve the problem. It probably won't even help. But the next law we see after that is more likely to be written from the spam recipients point of view. This one was written to make sure that the "large legitimate corporate" spammers got what they wanted.
If you don't agree to the terms of service, then you shouldn't be using the service.
However, if you agree to the terms of service, which say that you can choose not to have all of your personal info marketed, and then they change the TOS and change your settings to say "Market to me by phone, email, and snail mail" then it doesn't matter what you agreed to, because they ignored that agreement and made up their own.
They aren't going to change the preferences to "Yes" on January 1st.
How do you know that? This is at least the second time they've been reported as doing this kind of thing. What makes you believe that they won't change the preferences again in the future?
They may well have tested on SpamAssassin prior to sending the mail. They very likely *want* their mail to get caught by spam filters. That way, people don't see the mail, and therefore don't go and change all of the "Yes you can sell my personal info" flags off again.
It's still bullshit. I don't buy from spammers. I sometimes report them, and never buy from them. They aren't making any money on me. They will see no difference spamming me now and spamming me while I use a bayesian filter. Your claim that they'll stop spamming when I'm behind the filter is pure bullshit.
Don't get me wrong - I'm in favor of anyone using any kind of filtering that works for them. But claiming that when you start filtering the spam will start to subside is so silly that it isn't worth discussing.
If, somehow (once again, you seem to have magic in mind) all spam was filtered, from all users, all the time, then spammers would probably quit spamming. They aren't too bright, so it may take awhile, but eventually, they would stop. But me changing from the filtering system I'm using to the one you recommend isn't going to have any effect on that. And the idiots who read and buy from spam aren't likely to start running bayesian filters anyway.
I doubt that would help. First, I have to trust a company I've never heard of. I have to trust them enough that I give them my passwords and such, so they can log in to my server. Eventually, I'd have to trust them with a credit card number, too.
Second, after my "one free month", I'd have to pay $48 a year or more. Yes, I realize their prices start at $12 a year, but at 400 spams a day (and rising) plus the legitimate email that I want to get, it adds up. At my current levels, lets say it averages to 500 emails a day. Multiply * 365 = 182,500. Based on the PrismEmail pricing page, that means I'll need to be in the "Power User" range, even though the vast majority is spam.
Third, I'm not sure it would be faster. I haven't used it yet, but to use it, I would have to poll their system. Their system then gets the mail from my POP3 server, then filters it, then sends me the good parts and does whatever it does with the rest. Is that really faster than letting MailWasher help as it does now? I'm not sure it does.
Nonsense. The spam is still accepted at the server. Depending on how your bayesian filtering is done, (server or local) it may get filtered before you have to download it, but it is still accepted. This is a very basic fact - a bayesian filter can not filter email that it hasn't looked at, therefore the server has to accept the mail.
Since the spam is delivered, there is no way for the spammer to know that it never got read. (As if they would care.) Even if it could be bounced instead of delivered, most spam is sent using fake From info, so the bounces either go nowhere or go to an innocent victim.
My system hasn't allowed HTML spam to use images and such to track "open rates" for years. So using the filter would have no effect that the spammer could see.
But you believe that the spam would magically start to "slowly die". I call bullshit.
If you could track spammers down and collect a tax, then you could just as easily track them down and prosecute them for fraud, which the majority of spammers commit in one way or another. All this would do is tax law-abiding citizens, and encourage more credit card fraud, viruses, trojans and ID theft on the part of Spammers so they could stay anonymous (or pay the tax with someone else's credit card).
That's a Bingo! One of the reasons spam is so hard to stop is because you can't easily verify who sent it. In order to tax email, you would have to be able to verify it, else you do not know who to charge. Once you have a way to know exactly who sent the email, then you can prosecute them, you can block their mail, etc. The problem would be much easier to solve than it is today.
The tax has no advantage. The only advantage is in changing the SMTP protocol so that we can verify who actually sent the email.
As to creating a new branch of government, I see that as pointless. If clueless politicians get put into those positions (like the clueless politicians that get elected to the branches of governement that we already have) then nothing changes. We need to start electing people who aren't clueless, and who are honest, instead of the clueless dishonest ones we've been electing.
Bayesian filters are a good idea, but they aren't the solution.
I can only get a dial-up account. I can't get a cable modem or DSL in this area. That's been true in the four places I've lived, all in Dallas, over the past 7-8 years.
I currently receive around 400 spams a day. In order to run a bayesian filter, I would have to download all of those messages first, then let the filter sort through them, before I could look at my legitimate mail. That's not a good solution.
In theory, a bayesian filter can run on the server. I'm told that there are some that do that. But then you lose the ability to interact with the program, telling it "This was spam you let through" and "this was legitimate mail which you didn't deliver". The ones currently available let you do those things via a website. Sure, that's what I want to do, go to a website to figure out where my legitimate mail is at. Sorry, I'm just not willing to waste that much time.
I was talking with a salesperson of an anti-spam package last week... and she said, "Sometimes you can find some good deals in spam."
You should post the name of the "anti-spam package" that hires people who are stupid enough to buy from spammers. That way, the rest of us will know to avoid that company.
For that matter, I believe this would leave them in a better position than now, since they'd not only have a list of people who won't buy from them (allowing them to cull their list of live email addresses a bit), but also a list of people likely to actually take steps to stop spammers.
See news.admin.net-abuse.sightings. And NANAE. There are already people who are known to report spam, complain to the ISP's, etc. A few spammers do list-wash them, trying to keep down the number of complaints. But most spammers just continue to spam them. The spammers simply have no incentive to cull their lists. They don't care if we're pissed, and they don't want to spend time trying to pull addresses from people who complain. It's easier for them to just keep spewing their crap to every address they can find.
Slashdot Mirror
I'd just as soon they agree, pass it, and see just how useless it is. After that, maybe they'll consider a true anti-spam law, instead of one designed to make spamming OK.
Why? Because the politicians are not going to outlaw spam until they've tried some nonsense approach like this one. A year or two from now, it will be clear that this law was completely useless and did not help. At that time, it's possible that they'll do what they should have done in the first place, and require confirmed opt in for any email advertising.
Without this step, the next step will never happen. So while I consider it useless, I still think it is necessary.
The DMA requests that their members honor those lists. The DMA does not, however, require their members to honor those lists.
I'm sure that some of the marketers actually do remove you. I've also heard of people signing up using a fake name, or adding a apartment number (even though they have a house), and having mail come to the fake name or with the Apt # in the address, so at least some of the marketers use that list as a way to *find* people to market to.
Personally, I get very little junk mail, and I haven't signed up, because in my case I think it would be more likely to increase the amount I get than to reduce it. If I were already getting a lot of junk mail, I'd sign up.
See http://www.spamhaus.org/rokso/index.lasso for their list of the top 200 spammers. I counted (once, quickly) by hand, and actually found 160 listings. Then I counted just the ones that were not based in the US. 30 entries from other places, and 130 from the US.
And I suspect that every spammer on the list, US based or not, is in favor of the "You Can Spam" law that they are trying to pass.
The vast majority of people on the net do not run the servers. I'd love to run my own, but I can't even get DSL/Cable in this area. I've got to deal with a dial-up. That means I have to let someone else run the server. At that point, anything I want to have any control over is client side. No, I don't use Outlook - but I still end up with a very similar situation, because no matter what email client I use, I'm logging into a POP3 server to download my mail.
Much of the discussion in this thread is interesting to me - but it's also mostly completely useless considering that I'm not able to set up my own server. Give me a static IP and a 24 hour connection (even if it's a slow connection) and I'd do things quite different from the way I do now.
I have no idea how well SpamAssasin handles them, but I know exactly what he's talking about. I've seen a lot of HTML spam where if you read it in a HTML viewer, it looks OK, but if you look at the HTML code itself (I don't allow unknown HTML to process until I see what the hell it is) it looks like crap. The spsm is designed that way. They don't write "Viagra" or "V1agre" or whatever. They put V and some garbage HTML (most HTML viewers throw away nonsense HTML code) and then an "a" and more garbage and so forth. To scan for keywords, you can't just scan for the keyword, you have to parse all the other crap to find out what the text really is. You can use tricks such as #47 and URL obfuscating, in combination.
A good filtering program should also be able to recognize this, not by thinning out the crap, but simply by recognizing that the vast majority of it is crap that is there specifically to thwart the filter. The fact that they are trying to hide what they are saying is pretty good evidence that it's spam. When I email my friends, I want them to see the message, not have to figure it out.
Regardless of what the spammers try, if you don't know what he's talking about, then it's your fault, not his, because it does happen.
If SpamAssasin is filtering your outgoing mail, then you aren't very convinced that you don't have spammers. If you know that you don't have any spammers, you don't need to scan your outgoing mail for spam.
POP3 and SMTP are different. I'm not an admin, but I know enough to distrust anyone who tells me that in order to scan incoming mail that you have to scan outgoing mail.
I don't mind large emails. Step 1, either they get through the filtering, or they don't. If they don't, they get dumped and I never notice them. Step 2, even the stuff that comes from a friends address doesn't download large messages, it just downloads the headers. Eudora handles that well. I set the size (no, I don't remember what I've got it set to) and on anything larger, I just see a header, the first few lines (if any) of the message, and a size. I can click on "delete from server" or "download next time".
If you were an ISP, you couldn't just throw away everything over 256K without a lot of upset users. I couldn't use your service, as you would be intentionally throwing away a fair amount of my mail. Most of the time, it's jokes and such. Sometimes it's a lot more important than that. Either way, I wouldn't want my provider saying "256K limit" and dumping it. Most real ISP's (not counting freebies like Hotmail or NetZero or AOL) have a much larger limit. If/When that happens, I'll arrange a FTP transfer. With a 256K limit, I would have to do that a lot.
I don't have a problem due to too many large messages. I have a problem with the 400+ small junk messages that I have to sort through before I can get to the good messages.
Most of what they spend my tax money on right now is junk I don't want. I would love for them to spend my tax money making sure that spammers get raped.
Spammers forge email addresses without having to hack into anybodys computer. They haven't hacked mine, but they are certainly sending out spam using my domain name. I know because I see the bounces.
Spammers do, as you say, hack other peoples machines and use them to send spam. If that happens to you, then your computer is sending spam. Unless you let it send a *ton* of spam that way, I don't think you'll have to worry about a $2 million fine. But if your computer is sending spam, you *should* be fined. Secure your system and you won't have a problem. Let it be abused, and you will.
Chances are, long before you get fined, the spam will be reported. If you stop the spam at that point, then they aren't likely to bother to fine you. They have bigger problems, and you're a sort-of-victim. However, if you ignore the complaints figuring 'what do I care?' then you deserve to be punished.
We all know that the government isn't going to do much in the way of enforcing this. The only way that it will be enforced is if the people who are tired of receiving the spam have some method of doing something themselves.
I'm currently dealing with bounces from spammers who are forging my domain into the From field of their spam. That will be illegal under this law (and is already illegal under Texas state law) but the government isn't going to enforce it.
I still think this is a good thing. It won't solve the problem. It probably won't even help. But the next law we see after that is more likely to be written from the spam recipients point of view. This one was written to make sure that the "large legitimate corporate" spammers got what they wanted.
However, if you agree to the terms of service, which say that you can choose not to have all of your personal info marketed, and then they change the TOS and change your settings to say "Market to me by phone, email, and snail mail" then it doesn't matter what you agreed to, because they ignored that agreement and made up their own.
How do you know that? This is at least the second time they've been reported as doing this kind of thing. What makes you believe that they won't change the preferences again in the future?
They may well have tested on SpamAssassin prior to sending the mail. They very likely *want* their mail to get caught by spam filters. That way, people don't see the mail, and therefore don't go and change all of the "Yes you can sell my personal info" flags off again.
Don't get me wrong - I'm in favor of anyone using any kind of filtering that works for them. But claiming that when you start filtering the spam will start to subside is so silly that it isn't worth discussing.
If, somehow (once again, you seem to have magic in mind) all spam was filtered, from all users, all the time, then spammers would probably quit spamming. They aren't too bright, so it may take awhile, but eventually, they would stop. But me changing from the filtering system I'm using to the one you recommend isn't going to have any effect on that. And the idiots who read and buy from spam aren't likely to start running bayesian filters anyway.
Second, after my "one free month", I'd have to pay $48 a year or more. Yes, I realize their prices start at $12 a year, but at 400 spams a day (and rising) plus the legitimate email that I want to get, it adds up. At my current levels, lets say it averages to 500 emails a day. Multiply * 365 = 182,500. Based on the PrismEmail pricing page, that means I'll need to be in the "Power User" range, even though the vast majority is spam.
Third, I'm not sure it would be faster. I haven't used it yet, but to use it, I would have to poll their system. Their system then gets the mail from my POP3 server, then filters it, then sends me the good parts and does whatever it does with the rest. Is that really faster than letting MailWasher help as it does now? I'm not sure it does.
Since the spam is delivered, there is no way for the spammer to know that it never got read. (As if they would care.) Even if it could be bounced instead of delivered, most spam is sent using fake From info, so the bounces either go nowhere or go to an innocent victim.
My system hasn't allowed HTML spam to use images and such to track "open rates" for years. So using the filter would have no effect that the spammer could see.
But you believe that the spam would magically start to "slowly die". I call bullshit.
That's a Bingo! One of the reasons spam is so hard to stop is because you can't easily verify who sent it. In order to tax email, you would have to be able to verify it, else you do not know who to charge. Once you have a way to know exactly who sent the email, then you can prosecute them, you can block their mail, etc. The problem would be much easier to solve than it is today.
The tax has no advantage. The only advantage is in changing the SMTP protocol so that we can verify who actually sent the email.
As to creating a new branch of government, I see that as pointless. If clueless politicians get put into those positions (like the clueless politicians that get elected to the branches of governement that we already have) then nothing changes. We need to start electing people who aren't clueless, and who are honest, instead of the clueless dishonest ones we've been electing.
I can only get a dial-up account. I can't get a cable modem or DSL in this area. That's been true in the four places I've lived, all in Dallas, over the past 7-8 years.
I currently receive around 400 spams a day. In order to run a bayesian filter, I would have to download all of those messages first, then let the filter sort through them, before I could look at my legitimate mail. That's not a good solution.
In theory, a bayesian filter can run on the server. I'm told that there are some that do that. But then you lose the ability to interact with the program, telling it "This was spam you let through" and "this was legitimate mail which you didn't deliver". The ones currently available let you do those things via a website. Sure, that's what I want to do, go to a website to figure out where my legitimate mail is at. Sorry, I'm just not willing to waste that much time.
You should post the name of the "anti-spam package" that hires people who are stupid enough to buy from spammers. That way, the rest of us will know to avoid that company.
See news.admin.net-abuse.sightings. And NANAE. There are already people who are known to report spam, complain to the ISP's, etc. A few spammers do list-wash them, trying to keep down the number of complaints. But most spammers just continue to spam them. The spammers simply have no incentive to cull their lists. They don't care if we're pissed, and they don't want to spend time trying to pull addresses from people who complain. It's easier for them to just keep spewing their crap to every address they can find.
I don't think they are going to make beating spammers with baseball bats. So much for my preferred method.