Forgot your password?
typodupeerror
Spam United States Your Rights Online

US House, Senate Agree on Anti-Spam Bill 448

Posted by michael
from the writing-on-the-wall dept.
Folic_Acid writes "Rep. Billy Tauzin, chairman of the House Energy and Commerce committee, has announced that the House and the Senate have reached a deal to both pass an anti-spam bill, the first ever federal anti-spam law in the United States. Specifically, the law contains: opt-out, authority for the FTC to set up a "Do-Not-SPAM" registry, criminal charges for fraudulent spam, including five years in prison, statutory damages of $2 million for violations, tripled to $6 million for intentional violations, unlimited damages for fraud and abuse." News.com has a copy of the bill and a story.
This discussion has been archived. No new comments can be posted.

US House, Senate Agree on Anti-Spam Bill

Comments Filter:
  • by corebreech (469871) on Friday November 21, 2003 @04:25PM (#7532029) Journal
    Go to http://thomas.loc.gov [loc.gov] and do a bill search on "anti-spam" and read the Senate version, from which I quote:

    ...the term `unsolicited commercial electronic mail message' does not include an electronic mail message sent by or on behalf of one or more lawful owners of copyright, patent, publicity, or trademark rights to an unauthorized user of protected material notifying such user that the use is unauthorized and requesting that the use be terminated or that permission for such use be obtained from the rights holder or holders.


    Unbelievable.
  • Finally! (Score:3, Interesting)

    by jon3k (691256) on Friday November 21, 2003 @04:26PM (#7532036)
    This has been a long time coming, I hope we're actually able to enforce it. Although, its going to be tough with all the world wide spam.

    Is this really just fluff to impress voters? Or do you think it will actually carry any weight?
  • deeply dissapointed (Score:3, Interesting)

    by cluge (114877) on Friday November 21, 2003 @04:29PM (#7532081) Homepage
    A few things that the bill missed

    1. No requirement for opt-in
    2. No jail time only monetary damages
    3. No public stonings

  • Finally.. (Score:3, Interesting)

    by herrvinny (698679) on Friday November 21, 2003 @04:32PM (#7532119)
    Finally, we get an antispam bill. Only this time, it won't be delayed like the nocall list was. What spammer would object to it publicly? If he/she did, they'd be lynched (I'll be the one holding the 10 yr old motherboard; can't use the comp for anything else, so might as well go to a good cause).

    First thing, I'm going and registering all the domains I own, and my comcast account. Then, for good measure, I'm going to see if I can pipe all emails through servers in California.

    One question: does this federal law overrule the Calif law, and if so, is it for better or worse? What's CAUCE's opinion on this?
  • Re:Finally! (Score:1, Interesting)

    by aborchers (471342) on Friday November 21, 2003 @04:34PM (#7532146) Homepage Journal
    its going to be tough with all the world wide spam.


    Not a problem. Mail server operators simply block the network ranges of countries that refuse to enact similar policies and if they want to have traffic with the US they will comply.

    I already block .ru, .hk, .ch, and .tw, and others because a large fraction of my spam came from there and I received essentially 0 legitimate mail from those blocks. My rejection notice includes a link to a Web form that will allow innocents to bypass the filters.

  • Missing some points (Score:1, Interesting)

    by spidergoat2 (715962) on Friday November 21, 2003 @04:41PM (#7532235) Journal
    It seems very weak. Under the heading, "Illicit harvesting of electronic mail addresses", it says that "uses an automated means to obtain electronic mail addresses from an Internet website or proprietary online service operated by another person, without the authorization of that person and uses those addresses in another violation of this chapter, shall be fined under this title or imprisoned not more than one year, or both." Nowhere does it state anything about using someone elses list that MAY have been illegally generated. And what about overseas spammers? What prevents me from going to Tobago and setting up shop? And what prevents Tobago, or some other 3rd world country, from becomming the haven for spammers? After all, if it generates tax revent for them, it's doing some good for them.
  • Re:SPAM fines (Score:3, Interesting)

    by sfjoe (470510) on Friday November 21, 2003 @04:53PM (#7532337)
    But as for unlimited damages for fraud and abuse, I think it's a good idea that the US Gov't has the power to bankrupt SPAM companies that lie, cheat and steal. How can I convince my own govrenment (Canada) to do something like this?

    get your own government to actually do something useful instead of this piece-of-shit legislation. Here's a quote about it from Spamhaus.org:
    All todays spammers applaud Tauzin's "Reduction in Distribution of Spam Act", as does the Direct Marketing Association. It's what spammers have always dreamed of. They would no longer need to hide their identities to thwart disconnection, on the contrary, once spamming is legal they would be able to sue any Internet Service Providers who disconnect them for 'spamming legally'.

    See http://www.spamhaus.org/news.lasso?article=10 for the whole article then let your congrescritter know whether or not you support them.

  • Re:Finally! (Score:3, Interesting)

    by masoncooper (443243) on Friday November 21, 2003 @04:58PM (#7532402)
    My question is how would one go about No-Spam listing their entire domain. I'm sure plenty of people here have Catch-All's and it would be impossible to include every iteration.
    The same goes for ISP's. We have all seen Earthlink, Yahoo, even Hotmail include anti-spam methods, could they have their entire domain listed? Should they?
    This raises several other questions, but at least in response to your (2), this would cover all recipients of a domain without giving a single address away.
  • Re:Finally! (Score:2, Interesting)

    by Anonymous Coward on Friday November 21, 2003 @05:07PM (#7532490)
    The easiest solution to #2 is to have the database consist of MD5 hashes of email addresses. A potential advertiser could easily chech an address against the list but could not easily turn the list into addresses.
  • Re:Do-not-spam list (Score:3, Interesting)

    by g_adams27 (581237) on Friday November 21, 2003 @05:11PM (#7532535)
    > Putting your address will give foreign spammers a list of lots of active US email addresses.

    It doesn't have to. Consider the Unix/Linux password system. When your account is created, your password is encrypted and stored in /etc/shadow. When you login, the password you enter is encrypted and compared with the password stored on disk. If they match, then the system knows you typed in the right password and lets you in. At no point does your stored password have to be decrypted.

    Applying that concept to the FTC's Do-Not-Spam list is left as (an easy) exercise for the reader. (hint: it should be obvious that the spammer need never decrypt the Do-Not-Spam list in order to be able to use it.)

  • by JuggleGeek (665620) on Friday November 21, 2003 @05:29PM (#7532718)
    4. No right of private action.

    We all know that the government isn't going to do much in the way of enforcing this. The only way that it will be enforced is if the people who are tired of receiving the spam have some method of doing something themselves.

    I'm currently dealing with bounces from spammers who are forging my domain into the From field of their spam. That will be illegal under this law (and is already illegal under Texas state law) but the government isn't going to enforce it.

    I still think this is a good thing. It won't solve the problem. It probably won't even help. But the next law we see after that is more likely to be written from the spam recipients point of view. This one was written to make sure that the "large legitimate corporate" spammers got what they wanted.

  • by ph0enix (87965) on Friday November 21, 2003 @05:50PM (#7532884)

    Hypothesis: The first account will start receiving spam almost immediately. Due to the nature of the spam, the second should never receive spam unless someone is sending email to random 8-character accounts at my domain (brute force attack).

    Instead of publishing a list of opt-out addresses, the FTC or whomever could simply publish a list of SHA1 hashes of the addresses. The spammer could check for an address on the list by hashing it and looking for the hash, but would be unable to use the list to spam to.

    Sure, a dictionary attack is possible, but hashing like this makes it much more expensive to use the list for the wrong reason. (And by adding different random salt to the list for each spammer you send it to, anong with some trap email addresses, it would be possible in many cases to identify the spammer(s) who perform this attack)

  • #1 (Score:3, Interesting)

    by krray (605395) * on Friday November 21, 2003 @10:37PM (#7534336)
    #1 -- I will not "OPT-OUT". Ever. I have, on occasion, will decide to OPT-IN. Those thinking OPT-OUT are blocked on the first (#1) violation. No questions asked and only a personal phone call, if you know me, will I allow further such traffic.

    Just as I refuse/block UNAVAILABLE calls and judiciously decide what profanity of choice to use on PRIVATE callers.

    With _any_ OPT-OUT type of choice shortly I'll simply white-list a very few and block everybody else. Email is pretty much dead already anyway. How many hundreds of thousands, if not millions of business' are there in the US alone? For next to nothing they'll all be spamming me -- no thanks. :)

    I guess this means I won't be getting funds transfered to my bank account from Africa. Darn.

Things equal to nothing else are equal to each other.

Working...