Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Spam United States Your Rights Online

Spammers Not Complying With CAN-SPAM 296

Zelphyr writes "The Register is reporting on a study done by MX Logic found that of 1000 messages tested, only three complied with the recently enacted CAN-SPAM act. Little wonder why the spammers weren't shaking in their boots when this spam friendly anti-spam bill was passed."
This discussion has been archived. No new comments can be posted.

Spammers Not Complying With CAN-SPAM

Comments Filter:
  • by Anonymous Coward on Sunday January 11, 2004 @07:35AM (#7943955)
    It should have been called "CAN SPAMMERS", not "CAN SPAM" act.
  • by geminidomino ( 614729 ) on Sunday January 11, 2004 @07:36AM (#7943958) Journal
    A law that says it's OK to spam, has exactly 0 enforcement behind it, and overrides stronger state laws didn't have an effect on the spammers? Who'da thunk it. Welcome to the U.S. of A. We have the best Government money can buy (off).
    • by haxor.dk ( 463614 ) on Sunday January 11, 2004 @08:49AM (#7944161)
      Don't attribute to conspiracy what can adequately be explained by stupidity.

      The US gov't doesn't hold its hand over the spammers - not intentionally anyways. They're just utterly ignorant about the extent of the SPAM problem. Hence the weak legislation that has been passed.
      • by Tehrasha ( 624164 ) on Sunday January 11, 2004 @09:44AM (#7944314) Homepage
        What conspiracy? A conspiracy would imply that something was done behind closed doors, covertly away from the public eye. The DMA (Direct Marketing Association), remember those guys, the ones who opposed the junk-fax ban and Do-Not-Call list? They supported the senators who wrote the freaking bill!! There was no conspiracy. Fox/Henhouse.
    • CAN-SPAM is not weak (Score:3, Interesting)

      by crucini ( 98210 )
      Did you read the law? It does not say it's OK to spam. It bans the vast majority of spam and prescribes harsh penalties. It allows up to one year imprisonment for sending spam with false headers, which is pretty much all the spam I get. Without false headers, spam becomes impractical for lots of reasons.
      And what is your basis for claiming that there is no enforcement? The Justice Department doesn't usually publicize investigations until they're over. It will take months for investigators to start trac
      • I have read the law. It's full of loopholes. Yes, the vast majority of current spam is probably covered by it, but it's quite easy for spammers to adapt to the law to comply with it. That is, if it is actually enforced, which I tend to believe it won't be. There's just far too much spam and spammers cover their tracks far too well for the government to enforce any anti-spam law.
  • Anyone surprised? (Score:5, Insightful)

    by Kjella ( 173770 ) on Sunday January 11, 2004 @07:36AM (#7943961) Homepage
    I mean, really. They've shown so much respect for other laws (deceptive marketing, viruses, DDoS, fraud, hacking relays, illegal use of resources like open relays) so why should this be any different?

    Kjella
  • Sure you CAN! (Score:5, Interesting)

    by CrankyFool ( 680025 ) on Sunday January 11, 2004 @07:37AM (#7943964)
    And we're already starting to see spam proudly proclaiming that it's "CAN-SPAM-compliant!" I suspect that we'll soon be able to put in filters to block any message that claims it complies with CAN SPAM because that will be a guarantee that it is, in fact, spam.

    And, on the opposite side of the fence, I'm seeing some people claim that relay-testing is now prohibited under CAN SPAM (because CAN SPAM makes unauthorized relaying a crime).

    Bah.
    • For those 3 out of 1000 emails that complied to the can spam law, I bet you they were not of the viagra variety. So filtering the compliant emails will not fix anything. For the hell of it, why not block anything that is not can spam compliant and only allow the compliant email in. Is that possible?

      I have an idea. Why not use a slashdot like feature with emails? You can have your friends, foes and such. And you can rate -1 to +5 sources of email. And you can set a threshold for what emails you accept. Som

      • by fjin ( 36284 ) on Sunday January 11, 2004 @08:27AM (#7944102)
        You haven't heard before about:

        Spamassassin [spamassassin.org]
        SpamAssassin(tm) is a mail filter to identify spam.
        Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.

        and Razor [sourceforge.net]
        What is Vipul's Razor?
        Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

      • Why not use a slashdot like feature with emails?

        Such things already exist. Try a Google search on "realtime blackhole list".

        All we would need is one database to keep track of the ratings.

        Well, if it's like Slashdot's moderation system, it would be subject to all the same abuses that Slashdot itself (allegedly) is. But it seems the spammers already have pretty good [slashdot.org] tools [slashdot.org] for dealing with [slashdot.org] centralised blacklist databases.

    • Thank god for Slashdot! For some reason, I had thought that the law's name was "U-CAN-SPAM"
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Sunday January 11, 2004 @07:42AM (#7943976)
    Comment removed based on user account deletion
    • Re:Crime pays (Score:5, Interesting)

      by CaptBubba ( 696284 ) on Sunday January 11, 2004 @10:26AM (#7944462)
      I think this case the problem is nobody with a high profile has gotten busted. So it is the same idea, but instead of the punishment being too low to stop them, they think the odds are very much in their favor. It is like Jaywalking to the spammers right now. They know there is a law aganst it, but they don't know of anybody actually getting in trouble for doing it and they don't think it is hurting anybody.

      If in a month the FBI (under directions from the FTC) raided the homes of and arrested 100 out of the 200 people on the ROSKO [spamhaus.org] list, I would put good money down that the ratio of email complying with the CAN-SPAM act would go up dramaticly. I really think the key would be taking their computers in a raid, because they are likely loaded with IP addresses of hacked computers, open relays, and perhaps even tools/viruses to hack computers.

    • Here's your fire... (Score:2, Informative)

      by $ASANY ( 705279 )
      For those sites that make money from collecting information from spam victims, there is a way to fight back: check out Web Form Flooder at http://formflood.sourceforge.net

      It's still beta, but I'm unaware of any other tools that allow you to strike back at a spammer. With it you can crapflood a spammer's database, and possibly render it economically useless. So if you're pissed at the hundredth mortgage quote solicitation, fire it up and get just a little bit of revenge.

  • Duh! (Score:4, Insightful)

    by NemoX ( 630771 ) on Sunday January 11, 2004 @07:42AM (#7943980)
    Most spammers are from overseas in non-cooperative countries (with the US). This is a US law. What do they care? This law has no effect on illegal spamming. Besides, a vast majority of it comes from compromised home Windows boxes...they should just sue microsoft for making shatty insecure O/S' which help increase your daily spam. All it's going to to is get a lot of innocent and naive computer users in trouble for not securing their boxes and allowing overseas spam to bounce through their home PC's.
  • Why even bother? (Score:5, Insightful)

    by tuxette ( 731067 ) * <tuxette@NoSPAM.gmail.com> on Sunday January 11, 2004 @07:45AM (#7943987) Homepage Journal
    What's the point of having this anti-spam law in the US anyways? The real point I mean. Is it an attempt to make American citizens or the people of the world think that the US is tough on spam or something? I mean all that stuff about real address and markers for porn are nice and all, but without the rule of opt-in, you may as well not bother having an anti-spam law at all.

    An anti-spam law ought to ensure that people do not receive spam. Period. It doesn't matter if the addresses are real or not. It does not matter if they are marked for pornographic content or not. They should not be receiving that kind of e-mail in the first place, and it should not be a burden upon the people to ensure non-receipt of spam. And if for some reason someone or other wants this kind of e-mail, they should explicitly consent to itsreceipt.

    • Somebody actually *paid* to find out what I could've told them for free... go figure.
    • by pjrc ( 134994 ) <paul@pjrc.com> on Sunday January 11, 2004 @09:23AM (#7944239) Homepage Journal
      An anti-spam law ought to ensure that people do not receive spam. Period.

      No. Not period. Saddly, life just isn't that simple. In fact, there isn't even a precise, widely accepted definition of exactly what is and is not "spam".

      The precise definition problem is not with obvious ads for viagra, get rich quick scams, debt consolidation and mortgages, porn, and so on. It's with the fringe cases. Defining "spam" precisely enough that a ban could be meaningful is a giant problem. It's a problem most of the anti-spam community has recognized for quite some time.

      It's easy to be an armchair politician and declare "all spam should be illegal, period".... but what exactly is you definition of spam that will be banned? Something more precise that "I know it when I see it"?

      Anyone who administers mail lists, for example, will be able to tell you that even benign non-commercial lists regularily get complaints about being "spam". Many would call those end users "clueless", in that they signed up for announcement or to participate in the list (often with a double-confirm process), but later forget they had ever expressed an interest and accuse the mail list operator of spamming them.

      It does not matter if they are marked for pornographic content or not.

      Yes, it does. At least that's what the research has said. Perhaps you missed the article months ago, where researches surveyed how spam impacts real people, and found that the overwhelmingly strongest frustration with spam is the inability to filter porn spam.

      It doesn't matter if the addresses are real or not.

      Yes, it does matter.

      It's also a lot easier to define and verify whether message header and envelope information (used by SMTP) are a legitimate, good-faith representation of who transmitted the message, than it is to define whether the content of the message is "spam".

      .

      However, your message does make the very good point than an opt-in standard is the only real, long term solution. Saddly, it looks like there is not enough political support for a true opt-in standard in US law (like we currently have for faxes).

      Maybe the failure of this CAN-SPAM law will prompt opt-in? But I would expect first a modification that adds some real enforcement and penalties for forged headers/envelope and mis-labeled porn.... which are both easy to prove and will provide at least some relief.

      • I agree with much of your post, but do you think maybe you're being a bit too negative?

        The precise definition problem is not with obvious ads for viagra, get rich quick scams, debt consolidation and mortgages, porn, and so on. It's with the fringe cases.

        That's true, of course, but simply ruling out the sexual and financial stuff would be a good start.

        Anyone who administers mail lists, for example, will be able to tell you that even benign non-commercial lists regularily get complaints about being "

      • In fact, there isn't even a precise, widely accepted definition of exactly what is and is not "spam".

        Bullshit.

        The definition of spam is "unsolicited bulk email." This is both precise, and widely-accepted.
    • by reallocate ( 142797 ) on Sunday January 11, 2004 @10:48AM (#7944614)
      >> An anti-spam law ought to ensure that people do not receive spam.

      How would you propose doing that? Making something illegal doesn't make it go away. One might as well argue that "an anti-murder law ought to ensure that people do not commit murder."

      Fine or arrest everyone who creates spam? OK. What's your definition of spam?

      Mandate changes to SMTP? OK, but the cost of implementing the changes will be paid by you and me.

      Mandate some kind of magic spam blocking code in all operating systems and mail programs? OK, but if legislation can compel you to use one kind of software, it can compel you not to use another.

      No one likes spam. But, stompinmg your feet and decaliming that someone ought to make it go away isn't especially useful.
    • What's the point of having this anti-spam law in the US anyways? The real point I mean. Is it an attempt to make American citizens or the people of the world think that the US is tough on spam or something?

      Of course it is- the same way the U.S. government this it's going to fight terrorism by repealing the 4th Amendment to the U.S. Constitution. Same mindset, and most likely, the same results.
  • by Samuel Duncan ( 737527 ) on Sunday January 11, 2004 @07:47AM (#7943993) Journal
    The main idea of the law is to stop non-compliant messages by imposing financial punishment on the spammers. And this won't work. It very easy to avoid such fines, e.g. declare that you don't have any money and then use the absense of local citizen registers to "vanish" from the radar of law enforcement.
    I think the real solution would be physical punishment. Just when the feds get their hands on the spammers then they can't avoid punishment. No more bad excuses. Of course, you won't do something imhumane like they do in Saudi-Arabia - cutting of fingers etc. You would just give them a decent spanking. And they would remember that. Furthermore this would be much cheaper than traditional punishment.
    • by Pembers ( 250842 ) on Sunday January 11, 2004 @08:50AM (#7944163) Homepage

      Of course, you won't do something imhumane like they do in Saudi-Arabia - cutting of fingers etc.

      Why not? If you want to punish someone who makes a living from computers, I think that would be very fitting. Of course, there's always voice recognition... maybe we'd better cut their larynxes out as well... But then they could strap a stick to their forehead and tap the keys with that... Oh, fuck it, let's just chop the bastards' heads off and be done with it.

    • You would just give them a decent spanking. And they would remember that. Furthermore this would be much cheaper than traditional punishment.

      Really? As I understand it, a decent spanking costs upwards of $200 per hour. How is that more cost-effective than a fine, and furthermore, that punishment would surely only *increase* the amount of a certain type of porn spam. :)
  • "compliant" spam... (Score:5, Interesting)

    by Doppleganger ( 66109 ) on Sunday January 11, 2004 @07:48AM (#7943999) Journal
    I actually received a spam the other day that claimed it was CAN SPAM compliant.

    It seems someone got the bright idea to take the portion of the law that specifies the primary purpose of an email literally. So the top part of the mail (proudly pointed out as the "primary purpose") was a short joke. Then the email went on to its "secondary purpose"...

    And at the bottom, of course, was a disclaimer that stated again which part was the "primary" purpose and which was the "secondary", just in case you hadn't noticed the big notices above.

    I'd love to see someone try to argue this point of view to a judge with a straight face...
    • by orthogonal ( 588627 ) on Sunday January 11, 2004 @08:19AM (#7944077) Journal
      I'd love to see someone try to argue this point of view to a judge with a straight face...

      <voice ='Darl McBride'>Let me be the first to recommend David Boies; it's amazing the things he can argue with a straight face. For instance, did you know the GPL is unconstitutional?

      Oh, and that'll be $699.00 for the advice....</voice>
    • I berated a 'sales consultant' that definitely sounded more like a telemarketer, although he claimed it was a 'courtesy call.' When I mentioned that I was on a do-not-call list (I don't know if there is a federal one that has any teeth yet, but we do have a state list) he claimed that they were exempt because "we" had a 'prior business arrangement.' His reponse sounded very scripted, meaning they had anticipated curmudgeons such as myself protesting. This prior business arrangement was dubiously linked t
    • The spam filter I run for large mail server recently contained a rule update that adds points to any message mentioning the CAN-SPAM law (or the H.R. Bill number of CAN-SPAM).

      If someone puts that in their message they are either a semi-legitimate spammer trying to comply with the law (but still a spammer), or a completely illegitimate spammer trying to give themselves some semblance of legality.
    • Just for yucks, I went hunting through my spambox to find one of these so-called CAN-SPAM compliant spams.

      It was sent to a variation of my address harvested off a comp.dcom.telecom post I made in August 1996, contains a phony return email address, and was sent via a box in Korea.

      Dear Mr. Spammer: just because you say it's CAN-SPAM compliant, doesn't make it so.

      Lucky for you, the CAN-SPAM bill prevents me from attempting legal action against you, even if I could identify you.

      Gotta love Congress. Run by
  • And now what? (Score:5, Insightful)

    by tacocat ( 527354 ) <`tallison1' `at' `twmi.rr.com'> on Sunday January 11, 2004 @07:51AM (#7944008)

    Now that we've pretty much proven the the current Congress is entirely incapable of doing squat for it's voting constituents (and worlds for their Special Interest, PACs, and Business/Corporate campaign contributors) I am wondering what will really happen next.

    This is pretty clear evidence that Congress doesn't really do a great job in protecting the interests of the voting public.

    It seems to me that these people have forgotten that while we live in an Economic system called a Capitalist system, we live in a Political system called a Democracy. They are not the same system and not the same functionally.

    Business has done an excellent job at protecting themselves at every turn under the banners of "Don't hurt the already ill economy" or "Free Trade, Capitalism forever" without any voices standing up for the basic rights of the voting public.

    I would have expected that the issues surrounding the Internet would have become more political by now, but I believe I assumed that more people would care about these things. Recently I have been approached by a number of people who honestly thought that the CAN-SPAM law was going to solve all their problems. They thought I was full of BS when I told them CAN-SPAM actually legalized spam. But then they never read it and I did.

    The reality is this: Congress will never really do anything to protect the private citizen unless there is some Corporation behind the initiative to either make money, or block their competition. I haven't really seen anything of late that would contradict this. Have you?

    • Re:And now what? (Score:4, Insightful)

      by DukeLinux ( 644551 ) on Sunday January 11, 2004 @09:07AM (#7944193)
      I agree. Politicians can virtually take their votes for granted. The districts are so gerrymandered that it guarantees a select party will always take the seat. Also most people vote along party lines thinking that there is actually a difference. The rhetoric is different but the end result is the same: bigger government, higher taxes and less freedom. I vote against all incumbants. I do not favor any particular party and I try to understand the issues. Unfortunately, we are given little choice at the polls since things are so highly controlled. I would like to see some other countries come in and monitor our "free elections" for a change. They are a joke and so are we. As long as the peasants put up with the status quo then I guess we will get what we deserve. Perhaps when the American economy consists only of CEOs, Laywers and burger flippers people will get a clue...but I am not hopeful.
    • Re:And now what? (Score:4, Insightful)

      by pjrc ( 134994 ) <paul@pjrc.com> on Sunday January 11, 2004 @09:43AM (#7944307) Homepage Journal
      Don't forget that voters also elected in a republican majority to both the house and senate, and floria fiasco aside (still nearly 50%) voted for a republican president.

      Now, you were saying something about congress passing an act that favors big business and "doesn't really do a great job in protecting the interests if the voting public"....

      It's pretty obvious that the voting public, faced with only two (viable) rather similar political parties, had chosen the one that clearly favors economic interests and opposes government regulation of business.

      CAN-SPAM certainly appears to be a failure at regulating spam, but to call it a failure of democracy would be to ignore the will of the majority of voters, who clearly elected a majority of republicans to both the house and senate, and who showed strong support for Bush 3.5 years ago (even if the result was a "toss up").

    • This is pretty clear evidence that Congress doesn't really do a great job in protecting the interests of the voting public.

      Letting Bush & Co. run roughshod over the Constitution wasn't sufficiently convincing, but failing to contain spam was? Oh brother...
  • Big EMAIL List (Score:4, Insightful)

    by Nadsat ( 652200 ) on Sunday January 11, 2004 @07:52AM (#7944009) Homepage
    Well, in the meantime, the US Government is getting a large email list. Can anyone guess how it will first be used? Elections? Non-Profit group?
    • Nadsat said:
      Well, in the meantime, the US Government is getting a large email list. Can anyone guess how it will first be used?

      Aw crap! Thanks a lot slashdot! X-|


      I just realized I'm already in it 'cause I have been sending forwarding my SPAM to that antispam address, uce@ftc.gov. So they have my mailto: headers for about 3 active accounts. At least this one I can opt out of legally and be sure that govt email can't be "illegally" refusing opt outs. But still.

  • by arvindn ( 542080 ) on Sunday January 11, 2004 @07:52AM (#7944010) Homepage Journal
    SCO is not complying with the GPL ;^)
  • by leoaugust ( 665240 ) <[leoaugust] [at] [gmail.com]> on Sunday January 11, 2004 @07:52AM (#7944011) Journal

    The Onion Version of the CAN-SPAM

    Adapted from An Article on War Advisors on Yahoo [yahoo.com]

    Bush CAN-SPAM advisors: unfound Reductions in Spam (RIS)matter little - Perle & Frum Jan 09, 2004

    Two of President George W. Bush's CAN-SPAM advisors said that the US inability to find legal spam in cyberspace means little.

    "I don't think that you can draw any conclusion from the fact that the stockpiles of complaint spam were not found," Pentagon advisor Richard Perle said at the American Enterprise Institute.

    Perle said he did not fear that the United States would lose credibility after Bush used spammers supposed weapons of mass mailings of SEX-SPAM as his principal justification for going to war with spammers.

    "If others are going to take the view that, because these Reductions in Spam - aka RIS - weren't found, nothing that the United States says can be trusted -- there's not much we can do about that," he said. "It would be a foolish conclusion to draw."

    On Thursday, another Washington think-tank, the Carnegie Endowment for International Peace, said in a report that the US "administration officials systematically misrepresented the threat from Spam and SEX-SPAM."

    However, Perle said the war on cyberspace was justified: "I think that what was done was right and prudent."

    Perle appeared with Robert Frum, the former Bush speech writer who coined "Axis of Liberals." They were two of the hardline members of the administration who argued the need to Can Spam by CAN-SPAM.

    Perle and Frum's book, "An End to Evil," promotes the so-called neo-conservative use of military force to pacify the world including the cyberspace.

    They take aim at Saudi Arabia, US politicians, journalists and France -- all of whom they said stand in the way of Bush's "War on Terror."

    "What troubles us is a pretty persistent Open Relay Mail Servers policy of trying to weaken and marginalize the United States within cyberspace," Perle said.

    "All we ask from Spammers is that, in the construction of Spam as a political and commercial tool, spammers think of themselves as a partner with the United States in the protection of Western civilization. That's not a lot to ask."

    "Let me add, I think FSF runs the very great risk of becoming isolated."

    Frum, who left the White House in 2003, was as unswerving as Bush himself.

    "Sometimes the right answer, when a person has a grievance against you, is to say: 'You're completely mistaken; that grievance comes out of a completely wrong way of looking at the world and you're just going to have to get over it'," Frum said.

    We're not going to change."

  • by deadmongrel ( 621467 ) <karthik@poobal.net> on Sunday January 11, 2004 @07:53AM (#7944014) Homepage
    hey the act said they "CAN-SPAM" so they spammed. guess they are complient!. Seriously Law should be the first line of defence and shouldn't be the last one. enforcing a law internationally is very very difficult.I am not sure why this is even a news. I am sure this law is just a joke for most of the companies 'cause there would be loop holes which they can exploit.

    Even if they are complient there are spam anyway. I don't think it makes much of a difference.
  • by thrills33ker ( 740062 ) on Sunday January 11, 2004 @07:54AM (#7944016) Homepage
    - Pope found to be Catholic. - Scientists conclude sky is "blue". - Evidence found of bear defacating in woods.
  • by Graabein ( 96715 ) on Sunday January 11, 2004 @08:00AM (#7944035) Journal
    Anyone remember the USENET Death Penalty?

    Methinks we have to get a little more drastic in order to have any effect on spam. I mean, everything else seems to fail.

    Let's get extreme and start dropping packets from entire /24s from which spam is originating. In extreme cases, let's drop entire spam friendly ISPs. This is the only way to get rid of pink contracts, if all the customers of an ISP suddenly find that large parts of the Internet become unreachable to them.

    If an ISP finds itself dropped from routing tables and unable to reach most/all of the rest of the 'net, I have a feeling they will get tough on spam and on clueless customers with open relays/proxies real fast. They'll have to, or they'll be out of business.

    Yeah, I know this is extreme and drastic, but what else is there? SPF records won't be effective, laws don't do squat (a: because this is a global problem and b: because law enforcement haven't got the resources/motivation/whatever to enforce the laws anyway).

    I'm just getting so sick and tired of these antisocial scumbags ruining email for the rest of us.

    • by xlsior ( 524145 ) on Sunday January 11, 2004 @08:47AM (#7944153)
      Let's get extreme and start dropping packets from entire /24s from which spam is originating

      Nice... Except you need to be *very* cautious about which /24's you're willing to drop, because part of the problem of spam these days is that is originates everywhere.Zombies, free trial accounts, hit-and-run dialup spammers, open relays, etc. Spam is something that affects every ISP these days, to greater or lesser extend.

      As soon as you start blocking AOL and Earthlink's IP blocks because of the high volume of spam you get from them, you will also lose customers by the droves because all of a sudden they can't receive mail from their grandma anymore.

      Don't get me wrong, I'm all for spam filtering, as well as hitting the spammers themselves where it hurts, but 'extreme blocking' will hurt you and your own customers more than it will hurt the spammer.

      Most spammers won't even see the rejections caused by your networks, since some other poor guy will be on the receiving end of all their bounces, and they truly won't care.

      I personally use SpamBayes (Free, open source) for my spam filtering, which does an unbelievably good job of detecting spam, with no false positives so far. Written in Python, runs on Windows as well as Linux. http://spambayes.sourceforge.net
      • As soon as you start blocking AOL and Earthlink's IP blocks because of the high volume of spam you get from them...
        If AOL and Earthlink implement SPF correctly, and also throttle outgoing mail to prevent use by spammers (say, 1 message per minute), wouldn't that effectively make them useless to spammers without affecting grandma in the least?
      • Yup, my ISP has actually gone to court to stop spammers (they won, hear hear). They scan for open relays on their clients hosts and they block the smtp port by default (you can switch that off though). Still they appear on blocklists now and then.

        If extreme blocking would just be hitting the innocent I am all for it. But we must make pretty sure that the scheme is actually doing this. A lot of guys are hosting pretty usefull mailinglists on this ISP's accounts. We don't want to loose those against the figh
    • That _is_ worse than spam itself. You may be annoyed by spam, but I find it worse if my mail gets dropped because of some overzealous anti-spam-measures. First time it happened to me was when the SMTP-server of my provider was blocked by some list. So what should I do? Abandon my e-mail address and hope that it won't happen again? Yeah, thanks.
      And now, it is not even possible to send mail from dialup addresses anymore - it is blocked. What happened to the beauty of the anarchistic system??? Mails not having
    • Ok now the real problem is who is going to enforce it.
      You don't want one large company to make the decision for you because then they can just block all their competitors because they were "Spamming people" with their technical newsletters that they signed up for.
      Having the government control it could be seen as a form of censoring information, and besides the government will be really expensive and take for ever to get things done, "You call them up to tell them that you closed your open relays, they check
      • Open relays are defintiely yesterday's technology, they are rarely used by spammers anymore (mainly because there aren't nearly as many of them anymore and there are so many easier methods for spammers to use).

        These days it's all done through open proxies or special spamming applications. These are setup using worms and proxies (SoBig, MiMail, etc.) and run on the systems of your average everyday joe-user with broadband connections. Sure, you could fine all these users (though you could only do so in a c
        • Do you really want to fine people who don't maintain their cars, keep their signal lights and brakes working? That would certainly not be a popular law with anyone except the most overzealous drivers.
    • SPF records CAN work - consider if the majority of ISPs in your own country start using them. 99% of your email comes from your own friends and family within the country, and would be catered for. The rouge ISPs that DONT publish the records can all go to hell as long as my friends can contact me.

      I realise that for certain public addresses SPF wont work, since the idea is to hear from unknown customers no matter where they are, but for the normal user it should cut down on a greater majority of it.
    • by keeboo ( 724305 )
      Let's get extreme and start dropping packets from entire /24s from which spam is originating. In extreme cases, let's drop entire spam friendly ISPs.
      This is the only way to get rid of pink contracts, if all the customers of an ISP suddenly find that large parts of the Internet become unreachable to them.


      Righ... Let's say you get some SPAM from an ISP in Argentina (200.x.x.x) - "oh, let's block the entire /24".
      Great idea, now not only you blocked the whole country, but almost the entire South America.

      U
      • by abreauj ( 49848 )

        Righ... Let's say you get some SPAM from an ISP in Argentina (200.x.x.x) - "oh, let's block the entire /24". Great idea, now not only you blocked the whole country, but almost the entire South America.

        I don't believe the entire South American continent shares a single IP range containing only 254 useable addresses.

        What you describe here, 200.x.x.x, is a /8, not a /24. A /24 might be something like 200.47.218.x

    • Let's get extreme and start dropping packets from entire /24s from which spam is originating.

      This is exactly what many of the blacklists have been attempting for quite some time. Create collateral damage to put pressure on ISPs. It hasn't stopped spam, but it has put a lot of pressure on ISPs and caused spammers a lot of pain.

      Fortunately, most people don't believe in harming innocent bystanders, and nowadays, most anti-spam filters are evaluted both on how few false positives as well as how much spam

    • If you block a range of IPs that happens to have a legitimate user that relies on e-mails to conduct business I hope you get your house repossesed.

      People subscribe to my web-site and I send them e-mails back to give them their account information with password. If you blacklist my IP you've just stolen money from me. I'll still get their notices since I can check my account for funds transfers. But there's no way to send them their passwords. So you just cost me money and I will sue you. I'm on a one
      • The problem is plain simple.

        1. ISP has spammers. They spam. They annoy people and start costing people and companies money (yes, it costs money to filter that junk and to install the filters). ISP doesn't do squat about solving the problem, and when finally, the spammer just moves on. The ISP has no incentive to clean up the mess.

        2. Users get annoyed. Badly annoyed. They want to stop spammers right now.

        3. Users create a blacklist of IP spaces that should be avoided like hell.

        4. Users start using blackli
  • by csk_1975 ( 721546 ) on Sunday January 11, 2004 @08:11AM (#7944065)
    Of the 1452 spam I received in my 3 accounts this weekend there are 157 references mentioning compliance with the Can-Spam act. Twenty of these said that they complied by including a valid reply address, a valid postal address and a working removal mechanism. The only one which actually met all of these criteria was from hurricane-map.com sent to an administrative address - 69.6.58.0/23 is blocked to everything else but to this address :-(.

    So Scott Richter, one of the most infamous spammers on the planet, doesn't seem to be complying with Rule #1, what is the world coming to?
  • by Maestro4k ( 707634 ) on Sunday January 11, 2004 @08:11AM (#7944066) Journal
    Starting shortly after 12/16 when the bill was signed the amount of spam I received on an older account roughly doubled. I wasn't too surprised, figured a few spammers were desperately trying to send out as much spam as possible before 1/1.

    Well, after 1/1 the amount of spam I receive on that account went up again. Right now it's about triple the amount before 12/16, and quickly pushing on four times it. I'm also seeing more efforts at E-mail guessing (sending E-mails to every possible combination of account names at a given host). These are pretty obvious when they show up on an account that's never been used, and has never (and still isn't) listed anywhere on the Internet (or otherwise).

    From where I'm sitting, looks like the spammers are having a field day, and the only thing that's changed is the problem got worse. Thanks congress, remind me to vote against all incumbents next election.

    • Should it not be relatively easy to detect a brute force E-mail guessing attempt? I'd say that if you get a series of emails to several different bad email addresses in a very short period of time, you should automatically block the IP address from which they are coming.

      Of course, I also regularly see dictionary attacks against mailservers where someone's script is trying to get in as 'root' 'admin' or 'administrator'. One of these days I need to get around to logging and blocking that.

  • by Anonymous Coward on Sunday January 11, 2004 @08:21AM (#7944084)
    As I understand it, CAN-SPAM makes it illegal to use open proxies to relay messages. We run a proxy scanner on every email that comes into our server, through an exim pipe. Any sending host which is an open proxy on a common port is reported to us via IRC. The following IRC log can be explained one of three ways:
    [01:02] <SpamBot> SpamTrap found a proxy! 82.138.193.50 (host1.greenwichtraining.adsl.telecomplete.net)
    [ 01:05] <SpamBot> SpamTrap found a proxy! 200.95.36.167 (dsl-200-95-36-167.prod-infinitum.com.mx)
    [01:08] <SpamBot> SpamTrap found a proxy! 200.45.247.170 (host247170.arnet.net.ar)
    [01:41] <SpamBot> SpamTrap found a proxy! 200.90.212.26 (26-212-90.adsl.terra.cl)
    [01:41] <SpamBot> SpamTrap found a proxy! 200.95.74.41 (dsl-200-95-74-41.prod-infinitum.com.mx)
    [01:59] <SpamBot> SpamTrap found a proxy! 218.75.131.4 (218.75.131.4)
    [02:10] <SpamBot> SpamTrap found a proxy! 194.2.149.201 (194.2.149.201)
    [02:18] <SpamBot> SpamTrap found a proxy! 61.233.205.110 (61.233.205.110)
    [02:29] <SpamBot> SpamTrap found a proxy! 200.84.79.92 (dC8544F5C.dslam-03-24-3-02-01-01.rmg.dsl.cantv.ne t)
    [02:37] <SpamBot> SpamTrap found a proxy! 81.134.29.16 (host81-134-29-16.in-addr.btopenworld.com)
    [02:55 ] <SpamBot> SpamTrap found a proxy! 200.43.19.71 (dsl-200-43-19-71.users.telpin.com.ar)
    [02:57] <SpamBot> SpamTrap found a proxy! 200.225.210.173 (iplus-ura-225-210-173.xdsl-fixo.ctbcnetsuper.com. br)
    [03:07] <SpamBot> SpamTrap found a proxy! 200.42.43.63 (200-42-43-63.dsl.prima.net.ar)
    [03:27] <SpamBot> SpamTrap found a proxy! 62.236.142.192 (62-236-142-192.hpna.wlannet.com)
    [04:50] <SpamBot> SpamTrap found a proxy! 81.225.52.204 (h204n5c1o1044.bredband.skanova.com)
    [Note: rogue spaces in the timestamps were inserted by Slashdot.]

    1) USA-based spammers don't give a shit about the new law

    2) Overseas-based spammers have increased exponentially

    3) USA-based spammers are offshoring just like every other IT industry

    Will we soon be inundated with reports of Bangalore being the spam capitol of the world? After all, they aren't subject to the jurisdiction of USA-based spam laws. Forget offshoring your tech support, now you can offshore your spamming operations and be in total compliance with the law...
  • by haxor.dk ( 463614 ) on Sunday January 11, 2004 @08:47AM (#7944154)
    A new study suggests that dictators are shown to be significantly more brutal than democratically elected officials, and big businesses usually fuck the consumer more over than small businesses.

    What a fucking surprise!

    (please excuse the irony).
  • prediction (Score:3, Funny)

    by VanillaCoke420 ( 662576 ) <vanillacoke420@h ... com minus author> on Sunday January 11, 2004 @08:47AM (#7944155)
    Now when we've had spammers that doesn't care about anti-spam laws, I guess that we'll have greedy lawyers and lying politicians any day now...
    • Politicians Lie, Cheat, Break Campaign Promises
    • Violence in Middle East
    • Slashdotter Criticizes Microsoft
    • Dog Bites Man
    • CAN-SPAM Does Nothing To Reduce Spam, Study Finds
  • Silly Fools.... (Score:5, Insightful)

    by Gorillaka ( 713654 ) on Sunday January 11, 2004 @09:07AM (#7944194)
    Analogy: Certain groups are upset with the amount of rugby being played over in Austailia. So they lobby congress and have a bill passed against it. But wait! They're still playing rugby in Austrailia.. what happened, we passed laws against it!?

    Most of the spam does NOT come from the US. It's retarded to assume that these spammers all over the world are expected to change their core business model because the US passes some law.

    "But wait, I know that a lot of the ringleaders behind all this MUST be in the US". Sure.. but the reason they can hide themselves so well is because they're breaking a dozen other more serious laws in the process of sending out their crap. CANSPAM is seriously the least of their worries.

    The spam situation in the world right now is one of those things we'll tell our grandchildren about some day.. as someone growing up under globalization will laugh at the 'crazy' notion that two individuals on the same internet weren't governed by the exact same set of laws.

    So anyway, until full globalization is upon us (hey.. I guess the one perk is that it'll cut down on spam), your best bet is to upgrade your filters and use Shadango.com. In case any of you haven't heard yet, Shadango allows you to check all of your accounts from one interface (imap, pop, aol, y!, hotmail, etc), PLUS if filters ALL of them for you in real time. I seriously did not believe it worked until I tried it.. I've actually had the first spam-free week since the mid 90s. Check it out.. it works.

    That's my two cents

    Kevin
    • source and blocks (Score:2, Insightful)

      by midgley ( 629008 )
      Much of the spam I get appears to come from the US, but clearly the spammers can buy hosting in other areas as life is made harder for them in the US.

      What is as relevant is that no legitimate email comes to me from (for instance) the Chinas, and little from the rest of Asia, whereas there are people I want to hear from in the US.

      So I can easily block large IP ranges but I cannot easily do that against the US spammers.

    • Re:Silly Fools.... (Score:2, Informative)

      by Brainiac252 ( 709625 )
      Yo, I was involved in the alpha testing of shadango awhile ago. When I signed up I used the word "alpha10" in the promotional code box. It got me a paid tester account...i think it might still work. Plus, they recently started filtering POP accounts so now the amt of spam I get on my hotmail has dropped considerably. From my experience Shadango is definitely worth the try. Ian Welsh
    • Re:Silly Fools.... (Score:5, Insightful)

      by arkhan_jg ( 618674 ) on Sunday January 11, 2004 @09:44AM (#7944315)
      Moust of the spam does NOT come from the US. It's retarded to assume that these spammers all over the world are expected to change their core business model because the US passes some law.

      I think you are incorrect in this assumption. spamhaus [spamhaus.org] shows that, of the 200 or so top spammers (that create 90% of the spam) almost all are american or canadian based. They are also invariably advertising US goods and websites, priced in US dollars, from US-based companies, with the one exception of nigerian scammers. If America can get it's house in order, then the world spam problem will be massively reduced.

      Admittedly, much of the spam is bounced off asian proxies, or trojaned windows boxes; but that just shows that american and european ISP's crackdown on open relays and spammers is having at least some effect.

      What NEEDS to happen is
      a) much greater action by american law enforcement for fraud by the sellers and spammers, along with prosecution of the other major offenses.
      b) laws specifically drafted to make spam illegal, unless opt-in, with heavy penalties and again, strong enforcement.

      Client side spam filters are a sticking-plaster on an amputated limb. They help filter your own mail, at the risk of false positives (which are increasing, given the increasing attempts by spammers to make their mail pass baynesian filters). They do nothing to reduce the massive load on the infrastructure caused by spammers.

      Currently, this is a US problem that is affecting the world.

    • Very good point.. but you did leave out one of the 'up and coming' spam launching points -- zombie computers.

      I recently upgraded a few networks at a local school, and noticed two very sluggish machines. They were the same build as the rest of them, but seemed to be working pretty hard even when they were just sitting there unused. I suspected a problem, so I isolated them and scanned their hard drives. I found a virus -- nothing unusual there (it is a public school) -- but I also found that they were fi
    • by Anonymous Coward

      get your head out the sand, blind patriot
      http://www.spamhaus.org/rokso/index.lasso [spamhaus.org]

    • Re:Silly Fools.... (Score:5, Interesting)

      by Hanno ( 11981 ) on Sunday January 11, 2004 @10:40AM (#7944552) Homepage
      Most of the spam does NOT come from the US.

      It DOES. [spamhaus.org] It's only RELAYED through foreign computers.

      Professional American spammers set up boxes and rape relays outside of the US to avoid being linked with the originating IP of their spam.

      Some of the best known spammers are known to have hired servers at Asian and Third World providers. And then there are the current waves of mail viruses that turn the victims' computers into spam relays [lurhq.com], also with the primary intention of setting up a network of spam relays to hide the spam's origin.

      But most of the professional spammers DO operate from Northern America. Look up the listings on Spamhaus.

      (And yes, we in Europe have the same problem. There is a Swiss professional spammer who has set up his computers in South America and a German spam gang using computers in Holland and Eastern Europe. It's easy to hide your tracks that way. But the spam DOES originate in Switzerland and Germany, it's only RELAYED through other countries.)
  • by rotciv86 ( 737769 )
    How can we enforce spam laws on companies based offshore?
  • The CAN-SPAM act has only been in effect a couple weeks. Did you expect miracles? I don't know what the ultimate effectiveness of this law will be. It may never work. But if the FTC starts really cracking down, the lives of hard core spammers could get very interesting. But I suspect the FTC will wait some time before they do anything. That way, anyone still not in compliance will have no excuse.

    Although the spam problem looks pretty ugly today, I think with a few simple changes it can be brought und

  • by swb ( 14022 ) on Sunday January 11, 2004 @10:42AM (#7944567)
    So why should they bust them for violating the spam law? The government has totally ignored the absolutely fraudulent nature of spamvertised products, despite the fact that the money trail is easier to follow than the email trail.

    I suspect there will be political pressure to "bust" a couple of spammers, and they probably will nail a couple of small-timers and will trumpet it as a success, saying something like "Mr. Spam King sent over one million spam messages" -- the same bogus logic used in drug busts, when they value the drugs based on their smallest-possible-street-transaction value instead of the likely wholesale value.

    Part of the reason I think there will be little enforcement, at least from the Bush administration, is that I've read that mainstream businesses are actually profiting from spam indirectly by selling customer lists that include email addresses. They don't sell directly to spammers, but they filter through direct marketers who ultimately DO sell to spammers.
  • The spammers must be making money from sending all this spam, how many people actually click through and order the junk being peddled? I imagine if nobody ordered anything from spammers there'd end up being no profit and no reason to spam.
    • The chief problem with that is that you can't possibly know for certain that the person whose product is being advertised by the spam ever endorsed the spamming in the first place.

      If you penalize the person who actually sells the product advertised in spam, then what stops a person from spamming with ads for their competitor or some other company the spammer may not like simply in order to cause that company some financial discomfort?

  • apices concretion insight megawatt millet gaberones fluency insect browbeaten atropos necklace superposable churchgoing abrasion ignore american rhetorician imperative beverly fro against downhill presentation prognosis chickadee will goniometer snobbish alizarin leprosy incorrect gyrfalcon diagnostic incontrovertible holly clapboard slate warranty sloganeer protagonist methodology cage homesick insult helen botulism sclerotic transmute

    Those f****ers are wreaking havoc with my filters!

  • Mad libs! (Score:3, Informative)

    by GQuon ( 643387 ) on Sunday January 11, 2004 @12:01PM (#7945077) Journal
    Recently. spammers have been trying to train spam traps with random words. It's alsmost like seing the words put into a mad libs exercise.
    Will this confuse filters like spamassassin?

    P.S. One of the more interresting ones I got follows. What is an appellant hazelnut? And can diseases be exorcised?

    insinuate guilty overture aegean mcelroy
    emery niggardly bobbin briggs pushout creed quizzes return accomplish
    explanatory cofactor frances melissa
    biharmonic his milieu alphabet groom septate appellant hazelnut diphtheria exorcise
    • I assume that this is an attempt to defeat Bayesian filters by filling them with words that would reduce the efficiency of statistical analysis. But it doesn't seem to: the various Bayesian filters that are in spam-matching software I use identify them without fail.
    • Will this confuse filters like spamassassin?

      No, it doesn't. The SpamAssassin rules are independent of the Bayesian analysis. Those rules match on the other text, the stuff that actually tries to sell you something, or get you to click on something.

      The effect it would have on the Bayesian filters is to give those words closer to a neutral score, to the extent that they also appear in ordinary emails that the Bayesian system has learned. But the remaining words that only spammers use would end up being
  • ISPs can file lawsuits under this act. Have any been filed? Why not?

    I want to subscribe to a service which sues spammers. The CAN-SPAM act's definition of an ISP seems to include a service like SpamCop. But SpamCop doesn't have a litigation staff, and their parent, IronPort sells spammer-friendly million-email-per-hour "mail delivery engines". We need a replacement for SpamCop which sues at least one spammer per month.

  • 1|08|04

    MX Logic Finds Nearly 100 Percent of Spam Not Compliant with New CAN-SPAM Law

    12|16|03

    MX Logic Applauds National Anti-Spam Law

    -----
    Ok, they applaud the CAN-SPAM act but then turn around and realize that it was a bad idea less than a month later. Heh.
  • What's the problem is the fact that it is assumed that I wanted to be opt-in'ed. Who decided for me that I WANTED all the spam. If the government would simply make it into law for spammers and telemarketers that they assume I'm not already opt'ed in, the things would be better. Make the people that contact us PROVE that we signed up for their crap.
  • by kindbud ( 90044 ) on Sunday January 11, 2004 @02:17PM (#7945962) Homepage
    The mail servers I run for my employer reject 400 spams every minute. Those are the ones with SpamAssassin scores greater than 10. 1000 spams in a week is a very small amount. They should be grateful. ;)

There's no such thing as a free lunch. -- Milton Friendman

Working...