US House, Senate Agree on Anti-Spam Bill 448
Folic_Acid writes "Rep. Billy Tauzin, chairman of the House Energy and Commerce committee, has announced that the House and the Senate have reached a deal to both pass an anti-spam bill, the first ever federal anti-spam law in the United States. Specifically, the law contains: opt-out, authority for the FTC to set up a "Do-Not-SPAM" registry, criminal charges for fraudulent spam, including five years in prison, statutory damages of $2 million for violations, tripled to $6 million for intentional violations, unlimited damages for fraud and abuse." News.com has a copy of the bill and a story.
The RIAA/MPAA has their mitts in this one too! (Score:5, Interesting)
Unbelievable.
Finally! (Score:3, Interesting)
Is this really just fluff to impress voters? Or do you think it will actually carry any weight?
deeply dissapointed (Score:3, Interesting)
1. No requirement for opt-in
2. No jail time only monetary damages
3. No public stonings
Finally.. (Score:3, Interesting)
First thing, I'm going and registering all the domains I own, and my comcast account. Then, for good measure, I'm going to see if I can pipe all emails through servers in California.
One question: does this federal law overrule the Calif law, and if so, is it for better or worse? What's CAUCE's opinion on this?
Re:Finally! (Score:1, Interesting)
Not a problem. Mail server operators simply block the network ranges of countries that refuse to enact similar policies and if they want to have traffic with the US they will comply.
I already block
Missing some points (Score:1, Interesting)
Re:SPAM fines (Score:3, Interesting)
get your own government to actually do something useful instead of this piece-of-shit legislation. Here's a quote about it from Spamhaus.org:
All todays spammers applaud Tauzin's "Reduction in Distribution of Spam Act", as does the Direct Marketing Association. It's what spammers have always dreamed of. They would no longer need to hide their identities to thwart disconnection, on the contrary, once spamming is legal they would be able to sue any Internet Service Providers who disconnect them for 'spamming legally'.
See http://www.spamhaus.org/news.lasso?article=10 for the whole article then let your congrescritter know whether or not you support them.
Re:Finally! (Score:3, Interesting)
The same goes for ISP's. We have all seen Earthlink, Yahoo, even Hotmail include anti-spam methods, could they have their entire domain listed? Should they?
This raises several other questions, but at least in response to your (2), this would cover all recipients of a domain without giving a single address away.
Re:Finally! (Score:2, Interesting)
Re:Do-not-spam list (Score:3, Interesting)
It doesn't have to. Consider the Unix/Linux password system. When your account is created, your password is encrypted and stored in /etc/shadow. When you login, the password you enter is encrypted and compared with the password stored on disk. If they match, then the system knows you typed in the right password and lets you in. At no point does your stored password have to be decrypted.
Applying that concept to the FTC's Do-Not-Spam list is left as (an easy) exercise for the reader. (hint: it should be obvious that the spammer need never decrypt the Do-Not-Spam list in order to be able to use it.)
Re:deeply dissapointed (Score:2, Interesting)
We all know that the government isn't going to do much in the way of enforcing this. The only way that it will be enforced is if the people who are tired of receiving the spam have some method of doing something themselves.
I'm currently dealing with bounces from spammers who are forging my domain into the From field of their spam. That will be illegal under this law (and is already illegal under Texas state law) but the government isn't going to enforce it.
I still think this is a good thing. It won't solve the problem. It probably won't even help. But the next law we see after that is more likely to be written from the spam recipients point of view. This one was written to make sure that the "large legitimate corporate" spammers got what they wanted.
Re:Here's what I'm going to do: (Score:2, Interesting)
Hypothesis: The first account will start receiving spam almost immediately. Due to the nature of the spam, the second should never receive spam unless someone is sending email to random 8-character accounts at my domain (brute force attack).
Instead of publishing a list of opt-out addresses, the FTC or whomever could simply publish a list of SHA1 hashes of the addresses. The spammer could check for an address on the list by hashing it and looking for the hash, but would be unable to use the list to spam to.
Sure, a dictionary attack is possible, but hashing like this makes it much more expensive to use the list for the wrong reason. (And by adding different random salt to the list for each spammer you send it to, anong with some trap email addresses, it would be possible in many cases to identify the spammer(s) who perform this attack)
#1 (Score:3, Interesting)
Just as I refuse/block UNAVAILABLE calls and judiciously decide what profanity of choice to use on PRIVATE callers.
With _any_ OPT-OUT type of choice shortly I'll simply white-list a very few and block everybody else. Email is pretty much dead already anyway. How many hundreds of thousands, if not millions of business' are there in the US alone? For next to nothing they'll all be spamming me -- no thanks.
I guess this means I won't be getting funds transfered to my bank account from Africa. Darn.