Forgot your password?
typodupeerror
Spam United States Your Rights Online

No Federal Do-Not-Spam Registry For Now 324

Posted by michael
from the what-me-worry dept.
Decaffeinated Jedi writes "The AP reports today that the U.S. government has no plans to create a do-not-spam registry in the immediate future. Why not? They argue that the proper technology is not yet in place. 'A national do-not-e-mail registry, without a system in place to authenticate the origin of e-mail messages, would fail to reduce the burden of spam and may even increase the amount of spam received by consumers,' said the commission." The moral of the story is: never try. See the FTC's press release or their report (pdf).
This discussion has been archived. No new comments can be posted.

No Federal Do-Not-Spam Registry For Now

Comments Filter:
  • Not yet ready.. (Score:5, Insightful)

    by CommanderData (782739) * <kevinhi@yahooSTRAW.com minus berry> on Tuesday June 15, 2004 @02:36PM (#9432753)
    I'm glad that they haven't jumped in headfirst, I can't imagine how they could enforce such a list right now with so much spam coming from outside of the United States and from unknowing zombie PCs within the US. If they did create a list it would place an expectation in the public eye that the US government can enforce it, when it obviously (to us slashdot readers) cannot.

    Like it or not, we need to come up with more clever hardware or software solutions like Yahoo's "Domain Keys", Meng Weng Wong's SPF (Sender Policy Framework) [pobox.com], or god forbid, Microsoft's Caller ID for E-mail.
  • But wait (Score:5, Insightful)

    by s20451 (410424) on Tuesday June 15, 2004 @02:38PM (#9432781) Journal
    The moral of the story is: never try.

    Funny, when someone does propose an anti-spam solution, people here can't poke holes in it fast enough.

    So you want to hear these lame proposals so you can scoff at them and feel superior? Or what?
  • by suso (153703) on Tuesday June 15, 2004 @02:38PM (#9432782) Homepage Journal
    At least they are smart enough to realize that it is not technically feasible yet. Score 1 for the FTC.
  • Three words... (Score:3, Insightful)

    by sohojim (676510) on Tuesday June 15, 2004 @02:39PM (#9432798) Homepage
    International, volume, zombies.

    Billions of messages are sent every day, the majority of which are spam. That's different than telemarketing calls, which require a live person-to-person (or at least phone circuit-to-person) connection. Also, even if volume wasn't the problem, the fact that spammers are almost always either outside the US or using compromised zombie PCs is just going to complicate things immensely.

  • Knee Jerk? (Score:5, Insightful)

    by FortKnox (169099) on Tuesday June 15, 2004 @02:40PM (#9432800) Homepage Journal
    The moral of the story is: never try.

    Come now, michael. If it is most likely going to CAUSE more spam, its something that shouldn't be done.

    Its a "damned if you do, damned if you don't by people with kneejerk reactions that normally hate everything you do anyway" thing, isn't it?
  • FTC is right (Score:5, Insightful)

    by sulli (195030) * on Tuesday June 15, 2004 @02:40PM (#9432804) Journal
    A do-not-spam list right now would be a spam-me-now list. So many spammers are beyond the reach of the law at the moment that adding your address or domain to this list would be like adding it to WHOIS.
  • Good! (Score:5, Insightful)

    by tekunokurato (531385) <jackphelps@gmail.com> on Tuesday June 15, 2004 @02:40PM (#9432808) Homepage
    I completely agree. How do you intend to enforce such a registry? People are forever insulting the gov't for creating unenforceable laws, and the FCC is right to hold back. You must remember that CAN-SPAM makes it a civil crime, while a national registry would make it a federal crime, requiring the gov't to spend money trying cases that obviously won't be won (and could also implicate a lot of innocents).
  • The real moral is (Score:5, Insightful)

    by b00m3rang (682108) on Tuesday June 15, 2004 @02:40PM (#9432809)
    Don't hand the spammers what would probably be the worlds largest distribution list on a silver platter.
  • Re:Not yet ready.. (Score:3, Insightful)

    by Undertaker43017 (586306) on Tuesday June 15, 2004 @02:41PM (#9432828)
    I agree with this completely. I am glad my tax dollars won't be wasted on yet another currently "unsolveable problem".

    Maybe there is some intelligence in Washington yet!?... ...Doubtful.

  • What the... (Score:4, Insightful)

    by jwthompson2 (749521) * <(moc.smargorpnialp) (ta) (semaj)> on Tuesday June 15, 2004 @02:42PM (#9432838) Homepage
    heck is this:

    The moral of the story is: never try.

    This ignores the fact that a national 'do-not-spam registry' would provide a wealth of mostly valid email addresses allowing spammers to focus their efforts. Without an authentication mecahnism the registry is a useless list. This submitter is idiotically biased since he ignores a very valid issue that would give any straight thinking individual pause about such a registry.

  • registry (Score:3, Insightful)

    by austad (22163) on Tuesday June 15, 2004 @02:42PM (#9432839) Homepage
    If a registry is ever created, it cannot be a list that people can download. It needs to be a query system that gets fed an address or list of addresses, and returns whether or not each one is on the list.

    Otherwise we'll just have spammers downloading the list and using that.
  • by AtariDatacenter (31657) on Tuesday June 15, 2004 @02:43PM (#9432853)
    Your message probably best sums up the response to this, and nothing else really needs to be said by anyone. If you create a list of email addresses and attach to it an American law governing their use, then someone from China isn't going to care one bit. The global nature of the Internet (which defies censorship) is also the same thing that allows for spam.

    Personally, I'd get a little scared if they can legalize away spam. Although a different medium, if they go all-out for spam, it probably makes for a good sign/precident for 'other things' to be eliminated from the Internet. (Be it pirated files, porn, 'ideas that my citizens shouldn't be having', etc.)

    But I still wish spam would go away, like everyone else.
  • by Orgazmus (761208) on Tuesday June 15, 2004 @02:44PM (#9432858)
    Homer is a much wiser man than people think.
  • by SkiddyRowe (692144) <bigskidrowe@hotmail.com> on Tuesday June 15, 2004 @02:44PM (#9432866)
    For once stopped legislation regarding spam is a good thing.

    Think about how successful the Do-Not-Call list is right now.

    "Hi, I'm not calling to 'sell' you something. I'm doing a survey for INSERT COMPANY HERE. There is an option to buy, but that's not the reason for our call...."

    Right...I said 'Do not call' that means 'No calls'
  • Please... (Score:5, Insightful)

    by i_r_sensitive (697893) on Tuesday June 15, 2004 @02:45PM (#9432875)
    No, the moral of the story:

    Why pass unenforceable legislation which has a good chance of making matters worse?

    For once it looks like a responsible decision has been made, lets not mistakenly equate that with doing nothing.

    Imagine the screaming you would have done had they tried and failed miserably, or tried and made things worse.

  • by Jay Maynard (54798) on Tuesday June 15, 2004 @02:45PM (#9432877) Homepage
    Unlike the You CAN-SPAM Act, this decision by the FTC shows that they have two clues to rub together. There's no guarantee that spammers would adhere to the list..witness the fact that telephone spammers are moving their operations offshore to evade the do-not-call list.

    The only way to stop spam is to hammer the advertisers. Follow the money. Penalize the folks who benefit. No other law-based solution will work.
  • by Picass0 (147474) on Tuesday June 15, 2004 @02:47PM (#9432905) Homepage Journal
    If the US Govt. Imposed a draconian policy regarding spam and the technology was dicey or imposed on end user rights (such as no more anonimity) you would see the admin here go apeshit.

    Michael also seems to think that whatever is decided in the US will magically become policy for the whole net. After all, if the US govt says you must comply with a no spam list, we must expect the rest of the world is going to suddenly stop sending spam. Right?
  • by Scott Richter (776062) on Tuesday June 15, 2004 @02:48PM (#9432913)
    The moral of the story is: never try.

    No, Michael, it's not. What they said was

    'A national do-not-e-mail registry, without a system in place to authenticate the origin of e-mail messages, would fail to reduce the burden of spam and may even increase the amount of spam received by consumers,'

    And quite frankly they're right. Additionally, it's not in the FTC's jusrisdiction, I don't believe, to change the SMTP protocol. As such, they do not have the ability to actually solve the problem.

    Given the degree to which the FTC fought for the Do-not-call registry, I think they deserve more credit than Michael's snide editorial remarks. They also deserve credit for having the courage to admit that they can't solve the problem under the current situation and providing a damned good reason why, as well as leaving bad enough alone and not doing something simply for the sake of doing it. Sometimes, inaction is the best course, and it takes maturity to realize it.

    Right now, setting up a do-not-email registry would be as smart as responding to the "Please remove me" addresses. In short, it would be absolutely stupid.

    So let's leave the FTC alone, shall we?

  • by Rathian (187923) on Tuesday June 15, 2004 @02:48PM (#9432928)
    With spam laws is enforcement. CAN-SPAM is nothing more than a sad joke without the staff and money to enforce all of it.

    I have some asswipe forging my domain right now which is a form of identity theft. I could call the FBI, but who would bother answering my call. Forget the local police department.

    Fact is that eliminating spam is a 3 part solution:
    1. Technical, make it such that it cannot be transmitted or very easily filtered with minimal to no false positives.
    2. Laws, make it illegal to send spam
    3. Enforce laws - Ralsky and others like him should hang. They know what they are doing pisses off millions, they are nothing but sociopaths and should be treated as such. Spammers should pay 2-4x the money spent to investigate and prosecute them.
    It's sad, spammers IMHO are doing far more damage that Mitnick ever did or could. Yet they are not being taken down as publically or as hard as he was.

  • by Reality Master 101 (179095) <RealityMaster101&gmail,com> on Tuesday June 15, 2004 @02:50PM (#9432950) Homepage Journal
    The moral of the story is: never try.

    GAAAAAH. Sometimes, Michael, you are the biggest idiot.

    Did you ever stop to think that sometimes just doing "anything" is not the best way to go? Can we please give the government a little credit for not jumping in and just "doing something" to score political points?

    Creating a do-not-spam list just creates a beautifully maintained list of people to spam.

  • by garcia (6573) * on Tuesday June 15, 2004 @02:50PM (#9432952) Homepage
    it probably makes for a good sign/precident for 'other things' to be eliminated from the Internet. (Be it pirated files, porn, 'ideas that my citizens shouldn't be having', etc.)

    I am certain that's exactly what they are looking to do. They do plenty of law making that is questionable but it falls under the guise of protection or something that is "good" for us.

    We all nod our heads in unison as they wipe away the rights of terrorists because afterall, we're not terrorists. We all nod in unison as they give us national ID numbers because, afterall, it's so much easier to just use that rather than having this card and that card and that card, right? We all nod our heads in unison as they eliminate our rights to privacy because, afterall, when you're in a public place you shouldn't have the right to privacy -- you should have your every movement tracked by a central governing body, right?

    Slippery slope.
  • One-way hash? (Score:5, Insightful)

    by Phil Wherry (122138) on Tuesday June 15, 2004 @02:54PM (#9432996) Homepage
    This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?
  • Re:Not yet ready.. (Score:1, Insightful)

    by dustinbarbour (721795) on Tuesday June 15, 2004 @02:55PM (#9433001) Homepage

    I don't know about you guys, but I run a bayesian filter on my inbox and I simply do not get any more spam. I have never seen it misidentify email and I am more than happy with it.

    With that said, I think the federal government needs to stay out of it all together. I mean, for me, spam is such a minor issue that I'm more concerned about the funk coming from my neighbor's garbage cans! Seriously, if the federal government wants to do something useful, why not eliminate unsolicited mail in my mailbox? I can't tell you how many advertisements and mailers and coupon books I get in my standard mail. That shit pisses me off more so than spam 'cause I must actually bring it into the house and throw it away. At least I can remove spam with a simple click or a well coded filter!

  • MORONS! (Score:2, Insightful)

    by king_ramen (537239) on Tuesday June 15, 2004 @02:55PM (#9433005)
    All they need to do is set up a web service that responds YES or NO to whether an address is blocked. There is NO NEED to publish the list itself. In a single line:

    wget http://nospam.gov?address=some@address

    which would return:

    Content-Type: text\plain

    NO|YES

    Why is that so hard?
  • by ElForesto (763160) <elforestoNO@SPAMgmail.com> on Tuesday June 15, 2004 @02:57PM (#9433025) Homepage
    I'm amazed that the FTC actually looked at technical feasability of such a system when forming the opinion. I would have prefered their decision also cited that private enterprise and individuals are both working doubletime on solutions. I've never regretted slapping SpamAssassin on my mail server.
  • by geek (5680) on Tuesday June 15, 2004 @02:59PM (#9433050) Homepage
    "The moral of the story is: never try"

    Um no. The moral of the story is do not kick a dead horse. Email as it is needs a fundemental change. I mean, come on, clear text passwords over a network? You can sniff out 99.9% of all email traffic on the internet easily. Nevermind how easy it is to spam and exploit the vast majority of systems out there. Yes I know email can now be encrypted, blah blah blah, almost no one on the net knows what that means let alone knows how to use it.

    I personally do not want my tax money being spent kicking a dead horse. They would spend millions on a system that's unmanagable at best when they could instead spend that money on developing a better email system.

    The moral of the story perhaps, is fiscal responsibility. While not kicking a dead horse and picking their battles wisely they will save us tax payers a fair amount of money. This is probably the best news I've heard all week.
  • Re:Not yet ready.. (Score:5, Insightful)

    by surreal-maitland (711954) on Tuesday June 15, 2004 @03:00PM (#9433072) Journal
    i absolutely agree with you. this reminds me of a situation which is currently in place here in boston. they have decided to start randomly IDing people when they take the T. clearly, knowing who is on the T at a given time doesn't prevent or deter that person from bringing a bomb on board. however, it gives some people a false sense of security. that's exactly what this would be: a false sense of security and, as an earlier poster mentioned, a bunch of valid email addresses in a nice little list for a spammer from china. oh, and of course, a waste of taxpayer money.
  • by geoffspear (692508) * on Tuesday June 15, 2004 @03:00PM (#9433079) Homepage
    No one has a right to advertise their political opinions, products, etc. by sending me email about them. The fact that filtering solutions exist doesn't confer that right upon anyone, either.

    This is like arguing that marketing companies or political candidates should be allowed to send people to break into your house to tell you to buy their product or vote for their candidate, and pointing out that you could secure your house by buying better locks and putting bars on your windows if you don't want them there.

    If you want to advertise, take out ads on billboards, TV, magazines, or even web sites. But stay the hell off my personal phone, fax machine, and email account.

  • Re:But wait (Score:5, Insightful)

    by squiggleslash (241428) on Tuesday June 15, 2004 @03:06PM (#9433157) Homepage Journal
    Funny, when someone does propose an anti-spam solution, people here can't poke holes in it fast enough.
    That's because 90% of the so-called "solutions" for spam have serious flaws. They usually end up blocking legitimate email and usually can be worked around by some means. Really, for ordinary users forced to endure some largely unaccountable sysadmins idea of what email should be, the only workable environment involves a combination of Bayesian-style filters coupled with white lists for known good addresses (to ensure they're not accidentally dropped.) For those of us able to administer SMTP servers, seperate email addresses for each entity that needs to contact us with no published permanent "public" addresses generally works.

    The "solutions" we see posted from time to time rarely are as straightforward or effective. SPEWS type filtering blocks customers of ISPs regardless of whether they themselves are abusive or not. The DUL blocks by a criteria which has nothing, on the face of it, to do with spam, and simply makes things like configuration-free email an impossibility and roaming more difficult. ISP-lead outgoing port 25 blocking makes configuration-free email impossible and undermines user privacy. ISP-lead incoming port 25 blocking makes it impossible for knowledgable end users to deploy certain effective methods of spam block. The SPF, in an environment in which port 25 blocks and the DUL are active and in which ISPs rarely offer "authenticated SMTP" connections for external users will make roaming even more difficult.

    And those are just the current methods taken seriously and proposed at every turn. Meanwhile, people propose all sorts of "solutions" like using encrypted authentication and even getting rid of SMTP which are about as easy as creating world peace ("All we have to do is stop fighting each other!"), and which open all sorts of new cans of worms.

    In the case of this article, someone was seriously contemplating having the FTC create a Do-Not-Spam list, a list that wouldn't have applied to foreign owned businesses and one that would have, if anything, legitimized spam ("Hey, we're only posting to people off the list, leave us alone!")

    When people stop proposing daft and damaging ideas, people on Slashdot will stop poking holes in them. Spam is a solvable problem, but an unholy alliance of BOFHs and zealots is causing immeasurable damage without actually making much of a dent, if any, in the volumes we're talking about. Interestingly, by-and-large, the solutions that work involve enfranchising the receiver, a principle the current anti-spam culture is reluctant to accept.

  • by sdjunky (586961) on Tuesday June 15, 2004 @03:10PM (#9433203)
    The perfect solution would be to encode each email address using a one way hash. No email address could then be retrieved using it.

    BUT, for somebody who already has an email address they could encode it and check to see if it is in the list.
  • by Steve B (42864) on Tuesday June 15, 2004 @03:28PM (#9433468)
    The legitimate role of government is the suppression of theft, fraud, and assault.

    There is no contradiction whatsoever in opposing government interference with private property and free (as in speech) speech while supporting government crackdowns on spamming -- the former do not fall into any of the legitimate concerns of government; the latter alwasy fall into one (theft) and almost always into a second (fraud).

    It would be much more productive to work on real technical solutions to the problem of spam, rather than whining that the government should bail us out.

    There is no contradiction here, either. Yes, a prudent homeowner should install locks and other technological means to foil burglars. However, this is not a substitute for having police to arrest burglars or prisons to lock them up.

  • Ah Slashdot (Score:5, Insightful)

    by twfry (266215) on Tuesday June 15, 2004 @03:33PM (#9433553)
    Option 1) The US government creates a do not spam list.

    Result - Slashdot complains about how ignorant and evil the US government is.


    Option 2) The US government concludes a do not spam list will cause more problems and the correct solution is to fix email itself.

    Result - Slashdot complains about how lazy and evil the US government is.

  • by Mustang Matt (133426) on Tuesday June 15, 2004 @03:42PM (#9433670)
    Why create a list. WHO WANTS TO BE SPAMMED?!?

    It's incredibly silly to make a list and try to maintain it, enforce it, keep it out of the wrong hands, etc.

    Just make it completely illegal to send unsolicited garbage messages and start making money trails to follow and nail some people.
  • They're right... (Score:3, Insightful)

    by coene (554338) on Tuesday June 15, 2004 @03:50PM (#9433786)
    Spammers would just get a copy of the do-not-spam list and start spamming it! There's absolutely nothing to stop them.

    We need SMTP v2.0, and we need it soon.
  • by Voivod (27332) <cryptic@@@gmail...com> on Tuesday June 15, 2004 @03:53PM (#9433823)
    Yes, but that's what's nice about an offline dictionary attack. They just kick back and let the server farm run through the list. As addresses are revealed, they sell them.

    The idea of a do not e-mail list is idiotic. I'm very happy common sense has won out.
  • by Anonymous Coward on Tuesday June 15, 2004 @03:57PM (#9433892)
    I think the FTC was motivated by pressure from Congress and perhaps the administration.

    Basically, knuckleheads in Congress saw how popular and easy the Do Not Call list was, heard people complaining about spam, and put 2 and 2 together to get 3.

    Thus the impetus for the Do Not Spam list.

    Had the FTC *not* done the technical legwork, they'd probably end up being forced to institute a Do-Not-Spam list by ignorant congressmembers.
  • by Elminst (53259) on Tuesday June 15, 2004 @04:38PM (#9434384) Homepage
    Wrong.

    Your "right" to do something STOPS the second it causes anyone else tangible harm. To use your examples;
    Your "right" to shout ends when you meet the definition of harassment (2 AM shouting) or causing panic (FIRE! in crowded theater).
    Your "right" to mail me something costs YOU, the SENDER, money. It doesn't cost me to receive it. and it doesn't cost me to tell the Post office not to deliver it.
    Your "right" to send me email costs ME, the RECIPIENT, time and money. It also costs my provider, the intermediate ISPs, and numerous others, money and resources. The second other people have to pay to send YOUR message, you just blew your "right".

    In EVERY other medium (radio, billboards, magazines, tv/cable, even the guy on the corner needs a permit) the ADVERTISER PAYS to display/distribute the message.

    With SPAM, particularly thru hijacked relays/PCs, the advertiser (and i use that term loosely) pays ZILCH. The cost burden is thrown on the transport providers and recipients, who furthermore have NO SAY in what they receive.

  • by Jadrano (641713) on Tuesday June 15, 2004 @07:45PM (#9436615)
    This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?

    Publishing such hashes would, of course, not be as irresponsible as publishing the addresses in clear text (provided the encryption is strong enough), but it would still benefit spammers: dictionary attacks would be quite easy to do: just try out common names at common domains. Spammers can, of course, do that now, but it would be more convenient with the hashes than actually sending mail and checking from a valid account whether an error messages comes back. Furthermore, spammers who use dictionary attacks would have better chances to send their spam to e-mail accounts that are actually used. When no error message comes back, it can still be an abandoned or throwaway account, but if it is actually on a do-not-spam list, it is most likely in use and therefore of more value for spammers.
    And even if the e-mail addresses are encrypted, I wouldn't trust that the key isn't leaked somehow. Then, suddenly, spammers had their wonderful list of e-mail addresses. I would find adding my e-mail addresses to a list that would be so much scrutinized by spammers too risky in any case.

news: gotcha

Working...