Forgot your password?
typodupeerror
Spam United States Your Rights Online

No Federal Do-Not-Spam Registry For Now 324

Posted by michael
from the what-me-worry dept.
Decaffeinated Jedi writes "The AP reports today that the U.S. government has no plans to create a do-not-spam registry in the immediate future. Why not? They argue that the proper technology is not yet in place. 'A national do-not-e-mail registry, without a system in place to authenticate the origin of e-mail messages, would fail to reduce the burden of spam and may even increase the amount of spam received by consumers,' said the commission." The moral of the story is: never try. See the FTC's press release or their report (pdf).
This discussion has been archived. No new comments can be posted.

No Federal Do-Not-Spam Registry For Now

Comments Filter:
  • by swordboy (472941) on Tuesday June 15, 2004 @02:36PM (#9432748) Journal
    Homer: Trying is the first step towards failure.
  • Not yet ready.. (Score:5, Insightful)

    by CommanderData (782739) * <kevinhi.yahoo@com> on Tuesday June 15, 2004 @02:36PM (#9432753)
    I'm glad that they haven't jumped in headfirst, I can't imagine how they could enforce such a list right now with so much spam coming from outside of the United States and from unknowing zombie PCs within the US. If they did create a list it would place an expectation in the public eye that the US government can enforce it, when it obviously (to us slashdot readers) cannot.

    Like it or not, we need to come up with more clever hardware or software solutions like Yahoo's "Domain Keys", Meng Weng Wong's SPF (Sender Policy Framework) [pobox.com], or god forbid, Microsoft's Caller ID for E-mail.
    • I agree with this completely. I am glad my tax dollars won't be wasted on yet another currently "unsolveable problem".

      Maybe there is some intelligence in Washington yet!?... ...Doubtful.

    • by AtariDatacenter (31657) on Tuesday June 15, 2004 @02:43PM (#9432853)
      Your message probably best sums up the response to this, and nothing else really needs to be said by anyone. If you create a list of email addresses and attach to it an American law governing their use, then someone from China isn't going to care one bit. The global nature of the Internet (which defies censorship) is also the same thing that allows for spam.

      Personally, I'd get a little scared if they can legalize away spam. Although a different medium, if they go all-out for spam, it probably makes for a good sign/precident for 'other things' to be eliminated from the Internet. (Be it pirated files, porn, 'ideas that my citizens shouldn't be having', etc.)

      But I still wish spam would go away, like everyone else.
      • by garcia (6573) *
        it probably makes for a good sign/precident for 'other things' to be eliminated from the Internet. (Be it pirated files, porn, 'ideas that my citizens shouldn't be having', etc.)

        I am certain that's exactly what they are looking to do. They do plenty of law making that is questionable but it falls under the guise of protection or something that is "good" for us.

        We all nod our heads in unison as they wipe away the rights of terrorists because afterall, we're not terrorists. We all nod in unison as they g
      • If you create a list of email addresses and attach to it an American law governing their use, then someone from China isn't going to care one bit. The global nature of the Internet (which defies censorship) is also the same thing that allows for spam.

        This isn't really true, however. Research has shown that almost all spam actually comes from America. Much, if not most, of it is routed through either Chinese servers or worm-hijacked PCs, but the origin is still American.

        The problem with this whole idea
        • Why does everyone seem to think that if a do-not-spam list was created. They'd just hand it over in plain text to the spammers. To do it right, they'd either distribute a list of MD5 hashes, or setup a system where the spammers sent their list and the feds told them which ones were ok to spam.

          • by jkabbe (631234)
            To do it right, they'd either distribute a list of MD5 hashes, or setup a system where the spammers sent their list and the feds told them which ones were ok to spam.

            True. But if the latter were implemented wouldn't a spammer just send a file containing millions of *possible* email addresses? Then the US government would send them a list of the addresses not in their records. Taking the difference between the two lists would provide you with a list of the valid addresses.
        • 1. Do you really think that if the US passed such a law that the spammers wouldn't run, not walk, to any country they could? Of course they would.

          2. Are you seriously suggesting that we have more serious crime now than we did back in the colonial days?
        • So easy. (Score:3, Interesting)

          by killjoe (766577)
          1) Buy whatever they are selling.
          2) Subpoena the bank that cached the check or processed the credit card.
          3) Arrest the spammer and jail them.
          4) ....
          5) End of spam

    • Re:Not yet ready.. (Score:2, Informative)

      by CommanderData (782739) *
      Sorry to reply to myself, but I figured I should point out for the people who might not already be aware that SPF and Caller ID for e-mail have become a merged plan in the last several weeks. Missed the announcement myself :)
    • I don't think there should be any government do-not-spam list.

      Among other reasons, it intrudes on the right of people to advertise their political opinions, which is crucial to a democracy.

      It's pretty easy to filter out spam. Bayesian filters block nearly all spam, and have the benefit of being tailored to the user's interests, not the spam definitions of the government (which will inevitably hurt those who oppose government policies).

      Use Mozilla's mail application: It has excellent spam filtering buil
      • by geoffspear (692508) * on Tuesday June 15, 2004 @03:00PM (#9433079) Homepage
        No one has a right to advertise their political opinions, products, etc. by sending me email about them. The fact that filtering solutions exist doesn't confer that right upon anyone, either.

        This is like arguing that marketing companies or political candidates should be allowed to send people to break into your house to tell you to buy their product or vote for their candidate, and pointing out that you could secure your house by buying better locks and putting bars on your windows if you don't want them there.

        If you want to advertise, take out ads on billboards, TV, magazines, or even web sites. But stay the hell off my personal phone, fax machine, and email account.

        • What about mass marking mailings? I get about the same signal to noise ratio, on junk mail to legit mail as I do on spam to real email.
        • I have been saying the same thing for years, and it still seems not to get thru. It constantly amazes me that these spam guys try to sue claiming freedom of speech, and yet seem to forget they have no right to 'speak' over someone else's network if that network doesn't want them.

          its akin to 'well if the door is unlocked im gonna walk in and vandalize the place. oh you locked your door? well its my right to come in and vandalize the place.

          And before anyone says this analogy is invalid, i suggest you read s
        • No one has a right to advertise their political opinions, products, etc. by sending me email about them. The fact that filtering solutions exist doesn't confer that right upon anyone, either.

          Well, right now they do have that right. They have the right to do it by speaking (shouting), sending physical mail, or sending electronic mails.

          Did you notice that the federal do-not-call phone system excludes certain things that were on your list?
      • by Trillan (597339) on Tuesday June 15, 2004 @04:24PM (#9434221) Homepage Journal

        Political opinions? You want them?

        Here's a clue: If it's bulk and you didn't ask for it, it's spam. It doesn't matter if it is a product you want, or an opinion you want to read, or a service you want.

        People who care more about content than delivery -- "Oh, well, I didn't ask for that ad, but sure I need my penis enlarged!" "Hey, I could make a lot of money helping this exiled Nigerian prince!" "I'm awful glad senatorial candidate McDuff sent out 3.5 million emails (1 million of them outside his area) to let us all know he supports gun control." -- are what's known as a willing victim. And that one moron in a thousand is why there's a spam problem to begin with.

        If it's spam, either report it, teach your filter it, or delete it. But do not put any put any weight in the content, even if you find it interesting.

        Because little Joey Adams who went missing off the deck of his house in the summer of 1999 never actually went fucking missing, the FBI just took him back from the parent who didn't have custody of him.

    • Re:Not yet ready.. (Score:5, Insightful)

      by surreal-maitland (711954) on Tuesday June 15, 2004 @03:00PM (#9433072) Journal
      i absolutely agree with you. this reminds me of a situation which is currently in place here in boston. they have decided to start randomly IDing people when they take the T. clearly, knowing who is on the T at a given time doesn't prevent or deter that person from bringing a bomb on board. however, it gives some people a false sense of security. that's exactly what this would be: a false sense of security and, as an earlier poster mentioned, a bunch of valid email addresses in a nice little list for a spammer from china. oh, and of course, a waste of taxpayer money.
    • Re:Not yet ready.. (Score:4, Interesting)

      by pilgrim23 (716938) on Tuesday June 15, 2004 @03:14PM (#9433255)
      I keep Saying this and seriously I think this idea may work: Instead of a Spam tax to Microsoft, we pay a penny or so to a numbered Swiss account that is charged with paying for a dedicated band of mercenaries. After some well publicized cases of kneecapping of identified Spammers, I do believe the volume will finally subside...nad the cheers world wide will be deafening!
  • by JoeLinux (20366) <joelinux AT gmail DOT com> on Tuesday June 15, 2004 @02:37PM (#9432755) Homepage
    I thought they had this now: Isn't it the "Opt-Out" thingy?
  • Thank GOD! (Score:4, Funny)

    by Anonymous Coward on Tuesday June 15, 2004 @02:37PM (#9432761)
    My processed lunch meat business will continue for now.
  • But wait (Score:5, Insightful)

    by s20451 (410424) on Tuesday June 15, 2004 @02:38PM (#9432781) Journal
    The moral of the story is: never try.

    Funny, when someone does propose an anti-spam solution, people here can't poke holes in it fast enough.

    So you want to hear these lame proposals so you can scoff at them and feel superior? Or what?
    • The real moral is (Score:5, Insightful)

      by b00m3rang (682108) on Tuesday June 15, 2004 @02:40PM (#9432809)
      Don't hand the spammers what would probably be the worlds largest distribution list on a silver platter.
    • I for one am glad that this never happened. Look at it this way - spammers are (almost by definition) unscrupulous, and will almost certainly not hesitate to abuse the system. "Hey Mr Govt man, give me the list, I promise not to email each and every one of these people several times a day!!" It simply would not have worked.
    • Re:But wait (Score:5, Insightful)

      by squiggleslash (241428) on Tuesday June 15, 2004 @03:06PM (#9433157) Homepage Journal
      Funny, when someone does propose an anti-spam solution, people here can't poke holes in it fast enough.
      That's because 90% of the so-called "solutions" for spam have serious flaws. They usually end up blocking legitimate email and usually can be worked around by some means. Really, for ordinary users forced to endure some largely unaccountable sysadmins idea of what email should be, the only workable environment involves a combination of Bayesian-style filters coupled with white lists for known good addresses (to ensure they're not accidentally dropped.) For those of us able to administer SMTP servers, seperate email addresses for each entity that needs to contact us with no published permanent "public" addresses generally works.

      The "solutions" we see posted from time to time rarely are as straightforward or effective. SPEWS type filtering blocks customers of ISPs regardless of whether they themselves are abusive or not. The DUL blocks by a criteria which has nothing, on the face of it, to do with spam, and simply makes things like configuration-free email an impossibility and roaming more difficult. ISP-lead outgoing port 25 blocking makes configuration-free email impossible and undermines user privacy. ISP-lead incoming port 25 blocking makes it impossible for knowledgable end users to deploy certain effective methods of spam block. The SPF, in an environment in which port 25 blocks and the DUL are active and in which ISPs rarely offer "authenticated SMTP" connections for external users will make roaming even more difficult.

      And those are just the current methods taken seriously and proposed at every turn. Meanwhile, people propose all sorts of "solutions" like using encrypted authentication and even getting rid of SMTP which are about as easy as creating world peace ("All we have to do is stop fighting each other!"), and which open all sorts of new cans of worms.

      In the case of this article, someone was seriously contemplating having the FTC create a Do-Not-Spam list, a list that wouldn't have applied to foreign owned businesses and one that would have, if anything, legitimized spam ("Hey, we're only posting to people off the list, leave us alone!")

      When people stop proposing daft and damaging ideas, people on Slashdot will stop poking holes in them. Spam is a solvable problem, but an unholy alliance of BOFHs and zealots is causing immeasurable damage without actually making much of a dent, if any, in the volumes we're talking about. Interestingly, by-and-large, the solutions that work involve enfranchising the receiver, a principle the current anti-spam culture is reluctant to accept.

    • Re:But wait (Score:2, Interesting)

      by kfg (145172)
      So you want to hear these lame proposals so you can scoff at them and feel superior?

      If it can play any role in keeping them from being implimented -- yes.

      KFG
  • by suso (153703) on Tuesday June 15, 2004 @02:38PM (#9432782) Homepage Journal
    At least they are smart enough to realize that it is not technically feasible yet. Score 1 for the FTC.
    • I'm amazed that the FTC actually looked at technical feasability of such a system when forming the opinion. I would have prefered their decision also cited that private enterprise and individuals are both working doubletime on solutions. I've never regretted slapping SpamAssassin on my mail server.
  • Three words... (Score:3, Insightful)

    by sohojim (676510) on Tuesday June 15, 2004 @02:39PM (#9432798) Homepage
    International, volume, zombies.

    Billions of messages are sent every day, the majority of which are spam. That's different than telemarketing calls, which require a live person-to-person (or at least phone circuit-to-person) connection. Also, even if volume wasn't the problem, the fact that spammers are almost always either outside the US or using compromised zombie PCs is just going to complicate things immensely.

    • I recall some recent reports stating that the majority of commercial spam in the US is domestic in origin, not international. I don't have time to look them up now, but you might check your facts. But I agree--it doesn't make it easier.

      • The spam is domestic in that the *order to send it* comes from the US and that the fradulent services and defective goods they're selling are being sold by Americans to Americans. The actual spam, however, is coming from zombied pc's or dirty isp's that reside outside the US. Domestic orders / foreign delivery, you see?

        Either way, Scott Richter is a douchebag.

  • Knee Jerk? (Score:5, Insightful)

    by FortKnox (169099) on Tuesday June 15, 2004 @02:40PM (#9432800) Homepage Journal
    The moral of the story is: never try.

    Come now, michael. If it is most likely going to CAUSE more spam, its something that shouldn't be done.

    Its a "damned if you do, damned if you don't by people with kneejerk reactions that normally hate everything you do anyway" thing, isn't it?
  • And que the SPF-Zelots saying SPF [pobox.com] is the answer!
  • FTC is right (Score:5, Insightful)

    by sulli (195030) * on Tuesday June 15, 2004 @02:40PM (#9432804) Journal
    A do-not-spam list right now would be a spam-me-now list. So many spammers are beyond the reach of the law at the moment that adding your address or domain to this list would be like adding it to WHOIS.
  • Good! (Score:5, Insightful)

    by tekunokurato (531385) <jackphelps@gmail.com> on Tuesday June 15, 2004 @02:40PM (#9432808) Homepage
    I completely agree. How do you intend to enforce such a registry? People are forever insulting the gov't for creating unenforceable laws, and the FCC is right to hold back. You must remember that CAN-SPAM makes it a civil crime, while a national registry would make it a federal crime, requiring the gov't to spend money trying cases that obviously won't be won (and could also implicate a lot of innocents).
  • There is a lack of proper legislation. The fundamental property of the Do-Not-Call list is that violators will be prosecuted by the FCC and can be held accountable with serious punishments. Quite frankly the current state of things leaves much to be desired in terms of punishment for spammers.

    Fist I want to see some good national anti-spam legislation; then I'll ask for a national Do-Not-Spam list.

  • Too Bad (Score:5, Funny)

    by jumpingfred (244629) on Tuesday June 15, 2004 @02:41PM (#9432817)
    They should have a do not spam list. It will kill off at least one segment of spam. Spam mails trying to sell you a list of valid email adresses.
  • A good point (Score:3, Interesting)

    by Foofoobar (318279) on Tuesday June 15, 2004 @02:42PM (#9432830)
    They actually have reason for the rejection of a do not psam list; How would they enforce it?

    How can you say who spammed you? Is it the email referrer who spammed you, the zombie machine that used the referrer or the person from Russia?

    And how would they enact vengeance upon said spammer? We have to have a system in place first so that even the slickest lawyer couldn't wiggle through a loophole.
  • by Networkink*Man (468175) on Tuesday June 15, 2004 @02:42PM (#9432837) Homepage
    Spammed if you do, spammed if you don't.

  • What the... (Score:4, Insightful)

    by jwthompson2 (749521) * <<james> <at> <plainprograms.com>> on Tuesday June 15, 2004 @02:42PM (#9432838) Homepage
    heck is this:

    The moral of the story is: never try.

    This ignores the fact that a national 'do-not-spam registry' would provide a wealth of mostly valid email addresses allowing spammers to focus their efforts. Without an authentication mecahnism the registry is a useless list. This submitter is idiotically biased since he ignores a very valid issue that would give any straight thinking individual pause about such a registry.

    • I think authentication is key. If we can get a few large companies and colleges to start only allowing emails from partners that have some authenticating feature, then others will catch on and follow the path. When it boils down to a few ISP's that are not responsible, and they are filtered out by most companies, they will have to change. But for this to work, it would require cooperation amoung many large buisnesses and schools to set a standard.
  • registry (Score:3, Insightful)

    by austad (22163) on Tuesday June 15, 2004 @02:42PM (#9432839) Homepage
    If a registry is ever created, it cannot be a list that people can download. It needs to be a query system that gets fed an address or list of addresses, and returns whether or not each one is on the list.

    Otherwise we'll just have spammers downloading the list and using that.
  • A national list of valid email addresses sure sounds like a good way to reduce spam to me...
  • by SkiddyRowe (692144)
    For once stopped legislation regarding spam is a good thing.

    Think about how successful the Do-Not-Call list is right now.

    "Hi, I'm not calling to 'sell' you something. I'm doing a survey for INSERT COMPANY HERE. There is an option to buy, but that's not the reason for our call...."

    Right...I said 'Do not call' that means 'No calls'
  • Rule 1: (Score:3, Funny)

    by wfberg (24378) on Tuesday June 15, 2004 @02:45PM (#9432870)
    spammers lie.

    Great the FTC caught on to that..

    Now if only all those idiots actually ordering Viagra, Vicodin, larger penisses and mortgage quotes would get the message..

    Perhaps a more viable option for enforcement would be sting-operations, where if you buy a spamvertized good, you the exact opposite of the advertized benefit. Higher mortgage! Smaller penis!
  • by NanoGator (522640) on Tuesday June 15, 2004 @02:45PM (#9432874) Homepage Journal
    ... I'm gonna report myself as '*@*.*'.
  • Please... (Score:5, Insightful)

    by i_r_sensitive (697893) on Tuesday June 15, 2004 @02:45PM (#9432875)
    No, the moral of the story:

    Why pass unenforceable legislation which has a good chance of making matters worse?

    For once it looks like a responsible decision has been made, lets not mistakenly equate that with doing nothing.

    Imagine the screaming you would have done had they tried and failed miserably, or tried and made things worse.

  • by Jay Maynard (54798) on Tuesday June 15, 2004 @02:45PM (#9432877) Homepage
    Unlike the You CAN-SPAM Act, this decision by the FTC shows that they have two clues to rub together. There's no guarantee that spammers would adhere to the list..witness the fact that telephone spammers are moving their operations offshore to evade the do-not-call list.

    The only way to stop spam is to hammer the advertisers. Follow the money. Penalize the folks who benefit. No other law-based solution will work.
  • by N8F8 (4562)
    Apparently someone with limited resouces can build a map of the greatest spam producers but the federel government can't figure it out.
  • ...but that it is better to understand a problem before foolishly misapplying a non-working supposed solution. It's great to do the right thing. In the case, it's simply not doing the wrong thing.
  • total waste of time (Score:5, Interesting)

    by mabu (178417) on Tuesday June 15, 2004 @02:46PM (#9432890)
    For the zillionth time, can we put an end to boneheaded ideas like this?

    Almost all spammers are violating Federal law right now. A do-not-email list would be the most ridiculous thing ever heard of, and would more likely serve as a great source of addresses for spammers.

    The problem is there is no enforcement of existing laws in this area. We don't need more laws; we don't need more goofy schemes. We need resources dedicated towards educating and funding law enforcement authorities on how to catch and prosecute spammers.
    • Almost all spammers are violating Federal law right now.

      Truth. Plain and simple. Giving them another law to violate would do squat.

      In fact, I've always wondered why the feds haven't used this fact to go after them. I know, I know - you can't track down the spammer, since they're mostly launching spam from bots in China.

      But the point of all spam is to sell something, and that requires a somebody. And that somebody has to be able to take a payment, or the spam has no point, correct? Money is chan

  • by Picass0 (147474) on Tuesday June 15, 2004 @02:47PM (#9432905) Homepage Journal
    If the US Govt. Imposed a draconian policy regarding spam and the technology was dicey or imposed on end user rights (such as no more anonimity) you would see the admin here go apeshit.

    Michael also seems to think that whatever is decided in the US will magically become policy for the whole net. After all, if the US govt says you must comply with a no spam list, we must expect the rest of the world is going to suddenly stop sending spam. Right?
  • by Scott Richter (776062) on Tuesday June 15, 2004 @02:48PM (#9432913)
    The moral of the story is: never try.

    No, Michael, it's not. What they said was

    'A national do-not-e-mail registry, without a system in place to authenticate the origin of e-mail messages, would fail to reduce the burden of spam and may even increase the amount of spam received by consumers,'

    And quite frankly they're right. Additionally, it's not in the FTC's jusrisdiction, I don't believe, to change the SMTP protocol. As such, they do not have the ability to actually solve the problem.

    Given the degree to which the FTC fought for the Do-not-call registry, I think they deserve more credit than Michael's snide editorial remarks. They also deserve credit for having the courage to admit that they can't solve the problem under the current situation and providing a damned good reason why, as well as leaving bad enough alone and not doing something simply for the sake of doing it. Sometimes, inaction is the best course, and it takes maturity to realize it.

    Right now, setting up a do-not-email registry would be as smart as responding to the "Please remove me" addresses. In short, it would be absolutely stupid.

    So let's leave the FTC alone, shall we?

    • I find it interesting to note the apparent opinions of the slashdot editors when it comes to government. Usually the slashdot crowd is quite gung-ho in the direction of "Government bad! Free-markets! Regulation is evil, leave us alone! Ahhhh, censorhip!" etc. But as soon as they get irritated by a few spam messages in their mailbox, they start whining "Uncle Sam, save us from the spam! We need big and intrusive government protection! Someone please think of the children!"

      A most interesting duality,
      • by Steve B (42864)
        The legitimate role of government is the suppression of theft, fraud, and assault.

        There is no contradiction whatsoever in opposing government interference with private property and free (as in speech) speech while supporting government crackdowns on spamming -- the former do not fall into any of the legitimate concerns of government; the latter alwasy fall into one (theft) and almost always into a second (fraud).

        It would be much more productive to work on real technical solutions to the problem of spam,

  • "A national do-not-e-mail registry, without a system in place to authenticate the origin of e-mail messages, would fail to reduce the burden of spam

    What is so difficult about authenticating emails? Is there any way to encrypt something which says where an email originated from? How about routers that do not forward anything without the correct authentication? It would take big companies and schools signing on first, and then that would force free services like yahoo to have to be more responsible. I think

    • Actually, you've got it backwards:

      Yahoo! and Hotmail should be the FIRST services to go to "verified" email. They have so many users, everyone else would be forced to upgrade their mail servers so they could send mail to them.

      Personally, I think the solution isn't JUST encryption. What you need on top of that is some sort of registry for mail servers. You would need to prove that you have your stuff configured correctly, and that you are legit, before you could send mail to anyone. Once you proved that,
  • by aardvarkjoe (156801) on Tuesday June 15, 2004 @02:48PM (#9432925)
    Quoth michael:
    The moral of the story is: never try.

    Right, michael. Like you wouldn't have been the first to complain about how the government's antispam list does nothing if they had decided to create a do-not-spam list. At least it sounds like they gave the idea some consideration, and had a real reason not to do it.
    • "Michael" works the FBI or another government agency and they are bummed out that this bogus do-not-spam list would have given them a nifty database to cross-reference with all the other databases the government has been collecting on people.

      The only productive purpose for such a stupid database would be to encroach upon the privacy and security of the populace. Spammers would never follow the guidelines. Unlike telemarketing, which uses a communications medium that is more easily trackable and regulated
  • by Rathian (187923) on Tuesday June 15, 2004 @02:48PM (#9432928)
    With spam laws is enforcement. CAN-SPAM is nothing more than a sad joke without the staff and money to enforce all of it.

    I have some asswipe forging my domain right now which is a form of identity theft. I could call the FBI, but who would bother answering my call. Forget the local police department.

    Fact is that eliminating spam is a 3 part solution:
    1. Technical, make it such that it cannot be transmitted or very easily filtered with minimal to no false positives.
    2. Laws, make it illegal to send spam
    3. Enforce laws - Ralsky and others like him should hang. They know what they are doing pisses off millions, they are nothing but sociopaths and should be treated as such. Spammers should pay 2-4x the money spent to investigate and prosecute them.
    It's sad, spammers IMHO are doing far more damage that Mitnick ever did or could. Yet they are not being taken down as publically or as hard as he was.

  • by Reality Master 101 (179095) <RealityMaster101.gmail@com> on Tuesday June 15, 2004 @02:50PM (#9432950) Homepage Journal
    The moral of the story is: never try.

    GAAAAAH. Sometimes, Michael, you are the biggest idiot.

    Did you ever stop to think that sometimes just doing "anything" is not the best way to go? Can we please give the government a little credit for not jumping in and just "doing something" to score political points?

    Creating a do-not-spam list just creates a beautifully maintained list of people to spam.

  • I think a more problematic aspect of an email "do not call" list is the fact that it is so easy to get and change email addresses these days. There are millions of active email addresses that will be discarded shortly after they are created. I myself create a new email address every time I register for some on-line service or fill out some promo form. What might be nice is whole do not call domains
  • One-way hash? (Score:5, Insightful)

    by Phil Wherry (122138) on Tuesday June 15, 2004 @02:54PM (#9432996) Homepage
    This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?
    • by Jadrano (641713)
      This seems like a near-perfect application for a one-way hash of the email address. Rather than publishing a list of do-not-spam email addresses, publish the SHA-1 and/or MD5 hashes of the email addresses. It's then possible to confirm that a given email address is on the list, but it's not possible to convert the list into a set of usable email addresses. Am I missing something obvious here?

      Publishing such hashes would, of course, not be as irresponsible as publishing the addresses in clear text (provid
  • MORONS! (Score:2, Insightful)

    by king_ramen (537239)
    All they need to do is set up a web service that responds YES or NO to whether an address is blocked. There is NO NEED to publish the list itself. In a single line:

    wget http://nospam.gov?address=some@address

    which would return:

    Content-Type: text\plain

    NO|YES

    Why is that so hard?
    • Re:MORONS! (Score:3, Funny)

      by mr.scoot (745046)
      Washington, DC [DeRoot News Service] - In other news today, the FTC's newly commissioned antispam service, after only 13 minutes in service, is out of commission.

      The FTC NASR regulations currently provide no direction in regards to the service being unavailable. They simply prohibit sending an unsolicited email without having first received an "ALLOWED" response within the last 5 days for any address, before sending the message.

      As the regulation also provides a $5000 fine per mailing per address for nonco
  • by jfengel (409917) on Tuesday June 15, 2004 @02:57PM (#9433030) Homepage Journal
    There is a key difference between telemarketing and spamming. Even if you had a prerecorded voice message (which is illegal) these phone calls cost money, tune the tune of a several cents a call and up. Adding an operator costs more, even with the scams they play on their own operators. So it's actually in the best interests of the telemarketers to have some sort of don't-waste-your-time list.

    Spammers, on the other hand, can pay as little as $0 (0 for you foreigners) by using open relays, zombies, etc. So it's in their best interests to hit everybody, even if they're not interested. Rather than miss somebody, they'll hit everybody. A do-not-spam list would only provide a list of verified addresses.

    So "never try" is definitely the right response here, at least at the moment, since it will be ignored by the spammers in a way that the do-not-call list avoids. The only question at this point is, who hasn't signed up for the do-not-call list:

    * Very lonely people
    * Very ignorant people
    * People with a higher tolerance for telemarketing than me

    Unfortunately, this probably just thrills the telemarketers. They can't call your grandma (since you signed her up) but it means that people who haven't signed up for the list are more likely to be scammable. (No offense to your grandma or anything. I'm sure she's a sweet lady but statistically speaking the elderly are more suceptible to scams, and less likely to take advantage of technological solutions.)
  • Is pick the fights you can win. Right now, this isn't one of them.

    Get the technology in place to make anonymously spamming people harder, and you can start thinking about this again.
  • That's odd, toothless [ftc.gov] legislative [spamlaws.com] spam fixes [ft.com] never got vetoed in the past just because they'd do nothing to stop the problem [theregister.co.uk] - or make it worse. Wonder what makes this one so special?
  • by geek (5680) on Tuesday June 15, 2004 @02:59PM (#9433050) Homepage
    "The moral of the story is: never try"

    Um no. The moral of the story is do not kick a dead horse. Email as it is needs a fundemental change. I mean, come on, clear text passwords over a network? You can sniff out 99.9% of all email traffic on the internet easily. Nevermind how easy it is to spam and exploit the vast majority of systems out there. Yes I know email can now be encrypted, blah blah blah, almost no one on the net knows what that means let alone knows how to use it.

    I personally do not want my tax money being spent kicking a dead horse. They would spend millions on a system that's unmanagable at best when they could instead spend that money on developing a better email system.

    The moral of the story perhaps, is fiscal responsibility. While not kicking a dead horse and picking their battles wisely they will save us tax payers a fair amount of money. This is probably the best news I've heard all week.
  • Can someone post the list of spammer's addresses?
  • Why not vice versa (Score:3, Interesting)

    by Dexter77 (442723) on Tuesday June 15, 2004 @03:07PM (#9433172)
    Why does it have to be do-not-spam registry. Why not please-spam-me-registry. Just make spamming illegal to all addresses, but those that are in the registry.

    Wouldn't it be a lot easier to make a law that would condemn spamming, period. I bet about 90% of voters don't like to receive spam. Why we have to make the effort to block spammers, when lawmakers should be on our side?
    • by Cheerio Boy (82178)
      Why does it have to be do-not-spam registry. Why not please-spam-me-registry. Just make spamming illegal to all addresses, but those that are in the registry.

      Wouldn't it be a lot easier to make a law that would condemn spamming, period. I bet about 90% of voters don't like to receive spam. Why we have to make the effort to block spammers, when lawmakers should be on our side?


      Two words: Big Business.
  • What do they mean by "the origin"?

    The originating IP of the spam is already easily tracable, so they can't mean that. They must be concerned about identifying the spammer. But... tracing the source of the message is unnecessary if that's what you need to do.

    See, spam with no mechanism to reach the spammer is profitless. You don't need to authenticate the sender, you need to follow the money and deal with whoever is profiting from the spam. THEY are the ones who need to be held responsible.

    Yes, I know abo
  • by spoonyfork (23307) <.spoonyfork. .at. .gmail.com.> on Tuesday June 15, 2004 @03:26PM (#9433449) Journal
    Your post advocates a

    (*) technical (*) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    (*) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (*) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    (*) Requires too much cooperation from spammers
    (*) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    (*) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    (*) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    (*) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    (*) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    (*) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    ( ) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    (*) Any scheme based on opt-out is unacceptable
    (*) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    (*) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    ( ) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    (*) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    (*) I don't want the government reading my email
    ( ) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    ( ) This is a stupid idea, and you're a stupid person for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
  • Ah Slashdot (Score:5, Insightful)

    by twfry (266215) on Tuesday June 15, 2004 @03:33PM (#9433553)
    Option 1) The US government creates a do not spam list.

    Result - Slashdot complains about how ignorant and evil the US government is.


    Option 2) The US government concludes a do not spam list will cause more problems and the correct solution is to fix email itself.

    Result - Slashdot complains about how lazy and evil the US government is.

  • by Rai (524476) on Tuesday June 15, 2004 @03:36PM (#9433596) Homepage
    They argue that the proper technology is not yet in place

    Unless I'm mistaken, we've had laser-guided missiles since the first gulf war which is all the technology we need to deal with spammers. It didn't take some Navy supercomputer to find Eric Head or Scott Richter and any half-assed napalm-delivery system would easily show them the error of their ways.
  • by Mustang Matt (133426) on Tuesday June 15, 2004 @03:42PM (#9433670)
    Why create a list. WHO WANTS TO BE SPAMMED?!?

    It's incredibly silly to make a list and try to maintain it, enforce it, keep it out of the wrong hands, etc.

    Just make it completely illegal to send unsolicited garbage messages and start making money trails to follow and nail some people.
  • They're right... (Score:3, Insightful)

    by coene (554338) on Tuesday June 15, 2004 @03:50PM (#9433786)
    Spammers would just get a copy of the do-not-spam list and start spamming it! There's absolutely nothing to stop them.

    We need SMTP v2.0, and we need it soon.
  • Slow but Steady (Score:3, Interesting)

    by DynaSoar (714234) * on Tuesday June 15, 2004 @05:28PM (#9434981) Journal
    All my respect to the FTC and their spam efforts, and especially Commissioner Orson "What we need is a few good old fashioned hangings" Swindell. Hopefully it's merely having to work within the beltway mentality that caused this conclusion to be reached and announced at this late time, because this is precisely what everyone (except the few spammers present) told them at the spam conference 15 months ago.

    Ensconsed in Commissioner Swindell's colorful words is a hint of the real problem: The problem is a social one, not a technological one.

    The means of execution (no pun intended, but I'll take it) may be technological, but not the cause. Trying to solve it technologically will be equivalent to allopathic medicine where the symptoms are treated instead of the cause. Sure, you can kill the tumor, but if you don't remove the cause of the cancer, the problem remains.

    Stop treating spam as though it came forth by breaking the vaccuum symmetry and existed suddenly where nothing had before. It's a new face on an old problem and could easily be treated as such, if it weren't for the mentality that still thinks that anything printed in dot matrix on green and white line tractor feed paper is more real and authoritive than handwriting.

    The TCPA works for junk faxes. Rewrite it so as not to be strictly telecom.

    When people hijack machines as spam drones, catch their ass and prosecute them under computer crimes laws.

    There are STILL cops who refuse to handle stalking cases where email is involved because they're allowed to claim their ignorance prevents them from acting, when the fact is the stalking laws say nothing like "unless it's in email".

    Stop treating it as if it's all new and different. It's all just new ways of doing the same old things, and the old ways of stopping it would still work.

The number of computer scientists in a room is inversely proportional to the number of bugs in their code.

Working...