Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Spam Your Rights Online

Paper: Technical and Legal Approaches to Spam 88

tgeller writes: "David Sorkin, a Chicago-based law professor who also runs spamlaws.com, just published "Technical and Legal Approaches to Unsolicited Commercial Electronic Mail" in the University of San Francisco Law Review. I think it's well-thought-out, intelligent and complete. Spam litigation (which The Suespammers Project tracks) has been slow, partly because few lawyers know much about the issue; this paper will have an impact on legal community cluefulness."
This discussion has been archived. No new comments can be posted.

Paper: Technical and Legal Approaches to Spam

Comments Filter:
  • It's very important to make this distinction!!! We should not be trying to file lawsuits against 0 and 1, even if they may annoy us. Those lawsuits dillute the issue of 2, 3 and 4, which must be stopped.

    --

  • Tactical Nuclear Strike
  • Worth reading now is the new RFC on SPAM:

    How to Advertise Responsibly Using E-Mail and Newsgroups

    or - how NOT to

    $$$$$ MAKE ENEMIES FAST! $$$$$

    http://rfc3098.x42.com/ [x42.com]

    /magnus

  • Its wrong to rely on lawsuits and legal remedies that possible infringes on free speech to fight spam. Technology is the spam enabler and should be the spam disabler as well. At least I think so.
  • Oooh! Let me, let me!

    My suggestion: a BountyQuest-like program targeting spammers. Heck, if we all kicked in a buck each, we could hire the world's finest assassins.

    [I'm not entirely sure I'm not serious...]

    --
  • I never said lawyers aren't clueful on the whole: On the contrary, I think they get too little respect from the public. However, lawyers aren't well educated about spam. Very few have been exposed to the legal issues involved, and as a result few are prepared to handle spam-related cases. I hope Mr. Sorkin's paper changes that.

    --Tom "MasterTroll" Geller, Suespammers.org Founder and Administrator

  • Some state laws (and, I believe, proposed Federal laws) have made exceptions for cases in which the sender has "a prior relationship" with the recipient. See this link [master.com] for references.

    I think that exception covers all cases you mention above, no?

    --Tom Geller, Suespammers.org Founder and Administrator.

  • Direct marketing is as American as apple pie. The Internet is no different.

    For email, the recipient pays, so email is "no different" from junk faxes (which are already illegal [junkbusters.com]).

    However, email is substantially different from telemarketing and direct (paper) mail. Email's cost-shifting nature makes all the difference.

    --Tom Geller, Suespammers.org Founder and Administrator

  • Hormel has already addressed this issue, and blessed the use of the word "spamto describe unsolicited email. However, "SPAM" in all caps refers only to the meat product. Read Hormel's statement [spam.com]

    --Tom Geller, Suespammers.org Founder and Administrator

  • Take 'em to court: Unsolicited commercial faxes have been illegal since 1991. See Junkbusters.com [junkbusters.com].

    --Tom Geller, Suespammers.org Founder and Administrator

  • Your point (about an email costing the recipient less than a fax) is valid -- when you look at one email message vs. one fax.

    But because the cost of sending is also lower for email, it doesn't make sense to compare them 1:1. Penny-ante spammers regularly send out millions of email messages per incident; few junk faxers send out 1/1,000th of that amount. So a 1:1,000 comparison is more appropriate.

    Do 1,000 email messages cost as much as one fax? Demonstrably so. (Remember, you also have to include costs from the NNN recipients who pay per-minute phone charges, the NN recipients who get the spam on their cell phone, and the N recipients calling in from a $1-a-minute hotel phone.) So the total damage per junk spam run is at least as great as per junk fax run.

    Incidentally, most spam laws have pegged statutory damages at $50/message or less; the 1991 Telephone Consumer Protection Act pegs the statutory damage for junk faxes at $500 per.

    --Tom Geller, suespammers.org Founder and Administrator

  • BTW, who are you going after once you've 'eliminated' 'spammers'? The Jews, perhaps?

    Godwin [science.uva.nl].

    --Tom

  • by tgeller ( 10260 ) on Friday April 20, 2001 @05:17PM (#275871) Homepage
    I believe spam is something that needs to be fought on several fronts. Technological solutions are certainly important: In fact, I led a panel discussion on that subject at the 1998 ISP Forum (see this link [tgeller.com] and search for "ISP").

    But it's clear that technical solutions alone have a limited effect. Filtering solutions may stop up to 95 percent [brightmail.com] of the spam, but that doesn't keep it from clobbering those who can't install a filtering system, whether due to lack of ability or lack or resources.

    The technical community has been guilty of terrible arrogance in this area. Spam is both a technical and a social problem. If you don't address both causes, you'll never get anywhere. Of course, lots of policy folks don't know squat about technology, and their short-sightedness is just as much of a problem. ("When all you have is a hammer, everything looks like a nail.")

    --Tom Geller, Suespammers.org Founder and Administrator

    P.S. Full disclosure: Brightmail is a P.R. client of mine, and I wrote the press release referenced above :). I see systems like Brightmail's as important and worthwhile tools, but not the complete answer.

  • Since someone, even a poorly paid peion has to at least look at the letter, then your not only spamming them, you DDoSing them..
  • I'm interested in setting up a filtering system that ACCEPTS mail only from senders I'm willing to hear from - a whitelist instead of a blacklist.

    Any other sender would get a bounce message (if their reply address worked) and an invitation to use a short-lived temporary address, or a unique keyword in the subject line.

    Mail to this temporary address would get through, and could be used to arrange for that sender to be on my 'whitelist' but would rapidly expire to ensure it would be useless if it got onto a spam list.

    This can obviously be set up with procmail and a bit of scripting, but does such a system already exist ? Any major flaws ?

  • I wanted to point out this link that I have seen posted around here. This is an interesting approach that everyone can do to help fight spam. Check it out: http://www.lenny.com/spam/index.html

  • laws are not going to solve this problem the net was always self governing what we need is a very active vigilanty presence we should attack all spammers and companys that sell spam sofware a simple way is to goto goto.com [goto.com] put " bulk email" in the search field and click on all the links that come up this will cost the spam companys big bucks if enough people do it also you can follow the link in my sig. for other ways to fight spam
    and please e-mail your suggestions on other ways to fight spam

  • I have had an idea for a legal way of dealing with spam.

    1 Set up a "I hate SPAM" website which details why spam is a bad thing. Create an email account and put a mailto link on the site. Put a statement that by emailing that address, you will auto send a copy of your SPAM archive and that this address is only used for this purpose.

    2 Put all the spam you recieve as separate files into a folder

    3 Write a script that auto sends the entire contents of the file as separate mails to anyone that emails the address on the webpage, but attaches a "thanks for requesting the file" and link to the page message" with each file individually, and also adds the "request" mail to the archive.

    Dont forget to make the script intelligent enough to recognise mail that has been bounced back so that you dont end up with a mail server loop.

    Just a suggestion.......

  • by coyote-san ( 38515 ) on Friday April 20, 2001 @06:50PM (#275877)
    This point needs to be reiterated.

    "Freedom of Assembly" has always been held to mean two things. You can have a meeting with like-minded people, and you can eject all others. This protected the NAACP membership list in the 50s and 60s, and the KKK membership list a few years ago.

    "Freedom of Religion" means that you can attend the church of your choice - or none at all. At the same time you can refuse to attend any or all churches.

    "Freedom of the Press" means that you can print truthful information that embarasses the government. You can also refuse to publish things that the government wants you to publish. <u>High Times</u> Magazine does not have to include a monthly message from the Drug Czar, etc.

    "Freedom to Petition for Redress" means that you can ask your Congressional delegates to pass a law, etc. But it doesn't require you to write them about every passing thought you have.

    So why do so many people think that "Freedom of Speech," the final element of the First Amendment, means that you have to listen to every idiot standing on a soapbox?! OF COURSE "Freedom of Speech" includes the right to ignore the other person. And not just passively - unwanted guests at assemblies can be forcefully removed by the police and prosecuted for 'trespassing,' so it's not unreasonable to invoke the power of the state to suppress people who just won't accept that their message is unwanted.

    A few years ago, spam was tolerated because the social cost of hitting "delete" a couple times each day was less than the cost of fighting it. It was often compared to the effort involved in tossing a couple of pieces of daily junk mail in the trash.

    But now many people are seeing three or four times more spam than real messages. It's not unreasonable to expect this ratio to be much worse in the next few years. Imagine finding your snail mail box full of mail, with hundreds of envelopes, each and every day. You have to spend at least an hour, each and every day, looking for your bills, correspondence, etc. Many of the envelopes are intentionally disguised to look like important messages. (E.g., it's a letter from the IRS - announcing an "Inventory Reduction Sale" at the local "Herb Tarlek" Car Lot!")

    If this isn't unreasonable, what is?
  • Not quite like Usenet providers who spam newsgroups and, in that spam, advertise their spam filtering servers.

    ----
  • the cost is hardly passed on to the user

    1. Where are moderator points when I need them?

    2. When is "Too Stupid To Live" going to be added to the moderation options?
    /.

  • Right in the abstract, the author lays down his bias: "Unsolicited Electronic Mail, also called 'spam'". Not all unsolicited electronic mail is spam!

    Ok, but all unsolicited *commercial* email (ie., one with the intent of making money off you) is spam. Every single god damn one.

    In the same vein, e-commerce companies emailing their loyal customers about limited time offers and promotions is far different from the crapflood-esque pyramid schemes from .nl addresses that put 10,000 emails in your box by raping a mail relay, or porn promotions that include web bugs to check when you've opened the email and start spamming you with a message a minute.

    No. If it's unsolicited, it's no different. It's only ok if you agreed to their mailings.

    Only commercial offers are spam? Come ON. Direct marketing is as American as apple pie. The Internet is no different.

    Bullshit. All unsolicited marketing should be illegal. If I want to hear about your product, I'll find about it myself. Otherwise, fuck off. I deserve the freedom to be left alone from you fucks.


    --

  • Not likely, since nobody really sees that. Microsoft can't put an HTML comment into their Windows Update page that says that I give them permission to wipe my <insert OS here> partition.
    ------
  • by Dwonis ( 52652 ) on Friday April 20, 2001 @05:49PM (#275882)
    What? You mean we can't shoot spammers? Damnit! Now I'll have to change my SMTP greeting.

    mail.dlitz.net - Spammers will be shot. Resistance is futile.
    ------

  • > Ohyeah, my point. Those envelopes are fucking EXPENSIVE to use in junkmail campaigns. So when you get'em, at least take pleasure in the fact that the bastard who sent it to you spent way too much money to have people just throw'em away.

    Oh yeah, I did. Bigtime! ;-)

    But thanks for confirming what I suspected about the cost of that campaign.

  • > [excellent division of the problem into five groups snipped]
    >
    1. People who found/bought/were given (by you) your email address. These people will really take you off the list if you ask. Call this "Legitimate opt-out" spam. These people respect you as a customer.

    The problem with this category is that there's no way to distinguish it from #2.

    That is, if I'm a marketer, can I spam you on behalf of my three clients: "Tackhead's Bait and Tackle Shop", "Tackhead's Bait & Tackle Shop", "Tackhead's Bait/Tackle Shoppe?"

    If you're gonna argue that by using that route in bad faith, I've become part of your #2 category ("2. People who won't let you opt out, just use opt out as a legal cover/way to verify your address. "Real" businesses."), I've got one word for you: EBay.

    Since I - as a recipient of email - have no way of telling whether a company is in #1 or #2, I must treat them both the same way. For me, that means LARTing their upstreams.

  • by Tackhead ( 54550 ) on Friday April 20, 2001 @07:54PM (#275885)
    > Imagine finding your snail mail box full of mail, with hundreds of envelopes, each and every day [ ... ] Many of the envelopes are intentionally disguised to look like important messages. (E.g., it's a letter from the IRS - announcing an "Inventory Reduction Sale" at the local "Herb Tarlek" Car Lot!")

    I don't have to imagine that.

    Sickest one I saw yet was some credit card company that sent me a full-size (10x12") envelope done up to look like a FedEx package, complete with fake "express delivery" labels and machine-generated "signature" on it. The logo wasn't FedEx's, but the colors were identical.

    I had half a mind to grab a couple of Pantone swatches, a FedEx envelope, see if they matched, and if so, mail it off to FedEx's corporate counsel, asking them if they had a trademark on their color scheme, and if this direct marketer wasn't somehow diluting their brand with its misleading packaging.

    Then I realized the cure would've been as bad as the disease ;)

    *sigh*

    Rule #1 ("Spammers lie") in action - applies to telemarketers and junk mail spammers as well as spam. At least the pigfucking credit card bottom-feeder had to pay to send it to me.

  • OK, so this is a bit offtopic.

    I see very little about fax spam, which bothers me much more. I don't even have a fax, but previous owner of the number probably did. The fax calls come at all hours, and often wake me up at night. After a year I rigged up my modem to get some of the faxes. They all have an opt out number you can call. But that seemed to increase the calling even more.

    Any ideas?
  • I tried that. Had to keep a log of all the calls.

    Their harassment policies are geared toward stalkers. These calls don't match that profile. There aren't that many calls from a harassment standpoint, and they come from many different numbers.
  • My favorite approach to the Israeli-Palestinian conflict:

    I ignore them.

    Some people prefer to do something about a problem. Certainly, there are so many problems in the world that you can't possibly take some sort of action on all of them. But most people don't go around bragging about the actions they don't take.
    --

  • Look at http://www.spam.com/hp/hp_lg.htm

    They are surprisingly reasonable about this use of their trademark.
    --

  • How about in Europe, where there is a per-minute charge for use of the line, and the time taken to download the spam is charged to the user?

    Not everyone uses HotMail, you know...
  • To those who argue that direct mailing should be easily opted out of, consider this: how easy is it to opt out of the existing direct mail offers you receieve via snail mail?

    It's wrong either way. I had to pay $5.00 in postage to be taken off of a bunch of mailing lists and I still receive junk mail. I have to pay $7.00 a month to get a no solicitation message put on my phone calls. I should not have to pay an arm and a leg just to be left alone.

    Only commercial offers are spam? Come ON. Direct marketing is as American as apple pie. The Internet is no different.

    So is killing Native Americans and taking their land. So was slavery until 1865.

    If you're going to wage war on direct marketing, wage it on all fronts: telemarketing, direct mail, direct email. There's no need to single out email.

    Oh, believe me, I'm not.


  • If you're going to wage war on direct marketing, wage it on all fronts: telemarketing, direct mail, direct email. There's no need to single out email.


    Yes, let's wage the war on all fronts. I'd support making telemarketing, direct mail, and spam all opt-in.

    For telemarketing, it's already quite feasible. Just add a record to my data in the telco switch setup, next to the "block 900 calls" and "block collect calls" fields, that says "block telemarketing calls". Add a record to the telemarketer's entry indicating they are a telemarketer (this actually already exists, it's called "subscriber service class" and is a part of Signaling System 7 (what the phone system uses)), and problem solved.

    Ditto for snail mail: allow me to have the USPS set a flag over my box that says "no junk", and have them mark all junk "return to sender, recepient refuses bulk mail" (and charge their account for postage).

    Back these up with some strong policies that prohibit abuse (telco's will shut off the idiots who telemarket from home, USPS will terminate the third-class accounts of companies that don't correctly mark their mail as bulk advertising, ISPs will terminate charge abusers...)

    NOTE: Not once in the above did I advocate making LAWS. I am for policies enforced by the private sector (and the USPS, dispite the name, is nominally private sector now.)

    sllort, I cannot help but notice that you do not list your company in your /. info, that your email is a throwaway account, and that you don't say who you represent in your posting. If direct marketing is so good, why don't you allow it to happen to you?
  • I don't think spam or telemarketers are covered by free speech. True they have every right to say what they want to say, but i also have the right not to listen to it, or be bothered with them in the first place. Their right to free speech does NOT give them the right to harrass me.
  • I hate spam. No. I DISPISE Spam. It makes me want to kill people. Chop them into little bits, even.

    But everytime I catch myself thinking that spam should be made illegal, I start to wonder where we would draw the line at?

    If we let them outlaw spam, pretty soon we won't be able to e-mail people we don't know on some formal basis, or at least, not without fear of being turned in and penalized.

    Rather than allowing them to use our hatred for spam against us, I think we should find some way to fight spammers. Perhaps if we were to create some organization that profiled and listed the personal information of people caught spamming, we could all collectively violate their privacy in the same way they have violated ours (by writing them millions of personal hate letters and flooding their paper mailbox to the point of uselessness... or other perfectly legal forms of retaliation.)

    I hate spam. I just wish we didn't have to resort to creating more laws just to get rid of it.

    Spam is Bad. Laws are worse.

    "Everything you know is wrong. (And stupid.)"
  • The key to FCC regulations on bandwitdh is 'restrictions'. Why are there restrictions? Because we need to regulate usage of a public limited resource. The internet is no different.
  • by selectspec ( 74651 ) on Saturday April 21, 2001 @01:50AM (#275896)
    This was an extremely well researched and comprehensive assessment of the SPAM problem, however it was limited to analysis of the current situation. The policy makers need to understand the grave threats to public interest that are at stake here.

    Imagine an internet of the future with billions of world wide users. If I send 10 billion solicitations a day (at a click of my mouse), and only 1/100th of a percent buy the hair tonic (at $20 a bottle) I'd rake in $20 million in revenues. At what cost? Practically no cost to me, but such schemes could render the internet useless overnight if enough people did it. Spamming software might be a feature of MS Office on day. Imagine, if everyone did this.

    Is SPAM free speech? Of course not. If SPAM is free speech, why can't I broadcast my thoughts on 101.1 FM without an FCC licence?

  • You are absolutely correct. I meant to say something about that, but my post started getting too long.

    In fact, I will go one step further and say that opt-out is worthless, because you can't distinguish between 1 and 2.

    Which is why opt-in is the only acceptable mass mail.

    -Peter

  • Hmmm. Well, you sort of address your own issue. If a mail admin has roming users then clearly he needs to do something like POP before SMTP or SMTP-AUTH.

    I am suprised that your ISP didn't offer webmail. With great Free packages out there like <shameless_plug>
    SquirrelMail [squirrelmail.org]
    </shameless_plug>
    I don't see why they wouldn't.

    -Peter

  • I think that one of the biggest problems with fighting spam is that the problem is ill defined.

    I think it will take a totally different set of approaches to stop, for instance, a fortune 500 company from sending spam (some do) vs. stopping some d00d with a stolen AOL account fishing for credit card numbers through some jokers cable modem connected to a box with some default Linux install with Sendmail running wide open.

    I think the first step has been taken. The clue bell rang, and most MTAs (and packagers) are shipping deny-relay by default.

    Anyway, "spam" is clearly applied to some very different activities, how should they be defined so we can work on them? Maybe:

    0. Opt in. I have no pity for you.

    1. People who found/bought/were given (by you) your email address. These people will really take you off the list if you ask. Call this "Legitimate opt-out" spam. These people respect you as a customer.

    2. People who won't let you opt out, just use opt out as a legal cover/way to verify your address. "Real" businesses.

    3. People selling snakeoil, but trying to stay within the law.

    4. People who steal other peoples resources to send spam (you can argue every spammer is stealing your resources when you recieve spam.)

    I think that (1) can be addressed with a standardized header. (2) is tough. The only approaches I can think of are a. filters and b. trying to make it so that "spam doesn't pay" (which in the end is what filters are all about.) c. (ugh) legislation. (3) is tougher still. You can use a and b, but legislation doesn't work on criminals. (by definition.) Finally (4) CLOSE THOSE RELAYS! And use of black holes. (which is ultimately to make people close relaying.)

    What do you think?

    -Peter

  • You are right. I had that in quotes for a reason, but I should have been clearer.

    My usage of "legitimate" was to describe a company that is doing what it says it is doing. Selling a real product (not Herbal Viagra - It WORKS!) and will really not mail you anymore or share/trade/sell your address if you ask them not to.

    Of course you can't know this, see the first reply to my original post, and my reply to it.

    My point was about how you stop them from sending spam (which this mail, as you say, clearly is) and I think that the APPROACH is different because the INTENT is different (even if you can't tell this from the receiving end.)

    OTOH, I am interested in what you mean by "strong anti-spam measures." I do run my own domains, on a colo box. The only "anti-spam measure" I have taken is to deny relaying by default. I haven't even turned VRFY and EXPN off (because I think they are handy, and they don't seem to be causing a problem.) I don't have a spam problem.

    I really am interested, and hope you will reply and elaborate about those measures.

    -Peter


  • Spam ruined a once-vibrant free speech space and badly twisted the subsequent development of the Web. Telemarketers and junk mail, however irritating, haven't done this.

    Usenet was (is) the largest and most diverse set of discussion groups- thousands of topics, a world-wide user base, sent by an decently-efficient non-centralized protocol. While ads weren't tolerated (for good reasons, history shows), business people functioning as experts and advisers had been welcomed.


    And then the first spammer advertisers started on Usenet. It was like a community center housed in a high-school; spammers discovered the school-wide PA system. The first few interruptions could be ignored, but the constant broadcast of irrelevant ads drove people out, and the extra traffic made Usenet a burden to ISPs. Reading Usenet meant wading through muck. And when address harvesting started, posting meant a spam filled mailbox. Long-time Usenet users couldn't recommend it to new Internet users ( "Really its a great place, just ignore the trash and the noise and don't give your name because you'll get a zillion ugly mails afterward" doesn't work as tourist advice). New users went elsewhere, and while the rest of the web exploded, Usenet started its long fade.

    What's the damage? Huge:

    Less free speech- If your public speech today meant you'd get 50 telemarketing calls tomorrow, you'd think twice before talking. Spam punished free speech on Usenet, and its a much quieter place than it could've been.

    More walled gardens, less open spaces- Had Usenet been much larger, more companies would've taken the Usenet model into account and would've expected cross-website communications.

    Loss / reduction of the open-relay, "route-around censorship," decentralized model of the Internet (only partially restored in new P2P tech). Alternate history here, but higher Usenet demand might've led to earlier and better anti-spam technologies. People would've been less likely to accept 'the only protection you'll get is to stop posting and come to our walled-garden discussion group' as a solution. Ditto with the loss of shell accounts and open relays.

    Slowing development of a better technology- less demand= less development. See the Feb 2000 Slashdot discussion for more. Why is Usenet better? Compared to most websites Usenet is blazingly fast: text-only has that advantage (excluding binary groups / files, and even there you choose to download them). Works well for a 14.4 and a T1- good for more towns, not just the DSL'ed ones. It isn't dependent on one company's bandwidth or financial health. People who ask and answer questions don't have to be online at the same time (unlike chat), and threads can contain many layers of discussions without getting confusing (unlike mailing lists). The discussions can be complex, with room for step-by-step instructions or line-by-line critiques. There is time to stop and think about answers, and the discussion threads persist.

    Increased use of less-effective technologies- chat, mailing lists and website based discussions used when Usenet would be a better forum (see above for why).

    Focus on ads as revenue model rather than sponsorships or other. Again alternate history, but the Usenet model did include commercial speech as expert advice. . A history of solid, on-topic contributions gave a good reputation to the business person and to the business name listed in their signature. This could've developed into a model where people would reward highly-ranked advice by giving it wider coverage (an Ender's Game model of sorts). This coverage would be a form of advertising, but more targeted (gardening advice in rec.gardens...), less intrusive, and far more private.

  • If you're running Windoze, Spamkiller [spamkiller.com] does a great job. It comes with a ton of standard filters, can update new additions from spamkiller.com and allows you to build all the custom filters you want. It will also do a DNS lookup on ip addresses in mail headers and allow you to send a pre-defined complaint message to abuse@, postmaster@, or any user defined e-mail address. Spamkiller runs in the background and logs into your POP mailboxes, dl's the messages and compares them to the filters... if it finds spam, it marks it as read/don't dl on the server and you never see it in your inbox. You can filter by the address, header lines, country, and text within the body of the message. You can review all the messages in SpamKiller to be sure it's only nuking the spam. I've been using it for a while and only have about 1 spam per 100 get not get caught by the filters, but as soon as it does, I make a filter for that one. :)
  • Stuff like this might actually have an impact. If we just write a billion emails to our gov't reps we're just spamming them too -- sort of :) We'd be doing it as a collective, that's all.

  • To those who argue that direct mailing should be easily opted out of, consider this: how easy is it to opt out of the existing direct mail offers you receieve via snail mail? It usually takes some real effort.

    Yes, it does. I've tried to get off paper junk mailing lists for ten years and it doesn't make a scrap of difference. I've written to the Direct Mail Association, followed every instruction the Post Office has for stopping junk mail, and all it does is leave me out of breath. You can't possibly stop the flow of crap once it starts. Use a credit card for something and you go right back on all the lists the marketers share with each other. It's hopeless.

    Trees keep dying to print junk mail for me that goes straight to the recycle bin. Every bit of effort that goes into producing, delivering, carting away and recycling that junk mail is wasted. Every bit.

    It's fucking idiotic.

    Please, if you want me to take you seriously, explain how you're not using the stupid actions of others to justify your own stupid actions. I don't want your direct mail. You should believe me when I say that. And I shouldn't have to keep telling you, and all the other "direct mailers" and spammers, "no, no, no, no, no, no, no" all my fucking life just to keep my mailbox clear.

    Why can't this apply to the web?

    Why on earth should it? And we're not talking about the web here, we're talking about email.


    TomatoMan
  • I got spam today from a DSL company... advertising their service!!

    Like I'm gonna order DSL from some bastards who spammed me?! Get real!
    --
  • I've said it before and I'll say it again: the solution to SPAM is micropayments. If micropayments were universally accepted and standardized then it would be a trivial matter to confiure email clients to only accept email which came with an attached payment. The client could also trivially be configured to return that payment, but with a "Keep Payment" button which the recipient could push if the email were SPAM. Here is a technical artical [att.com] on how to stop SPAM.
  • Here is a technical artical on how to stop SPAM.

    I'm sorry, that should have been technicle article.

  • It is a well written document, but it misses one very important approach to fighting SPAM. It mentions
    • A. Filtering and Blocking
    • B. Hiding
    • C. Opting Out
    • D. Reporting and Retailiation

    but it does not mention micropayments. See my other comment [slashdot.org].

  • The problem with unsolicited email is not its commercial nature. It is the fact that it is both (a) unsolicited and (b) sent in bulk.

    Other than peer pressure, there is no system of checks and balances to force a spammer to behave rationally. If someone decides to spam one hundred people, it is just as easy to spam a million. In the absence of natural enemies, spammers are worse than the semi-mythical rabbits in Australia: Only shoot-on-sight antispam efforts have kept the bulk mailers from consuming the commons down to bare earth.


    --

  • You think the lawyers are not clueful ? Folks, if a Troll is one who makes inflammatory remarks to provoke comment, then the author of this submission was a MasterTroll.
  • Hey, I worked for a guy who sold addresses for junk mail, and those exact same envelopes you're talking about. Yeah, the guy was a smarmy piece of shit bastard playing on the edge of the law, but at least I myself didn't have any part in the junk mail shit. I worked for him in a computer shop doing repairs (and, no, I didn't cheat customers. I actually got yelled at for giving away too much time for free...).
    Ohyeah, my point. Those envelopes are fucking EXPENSIVE to use in junkmail campaigns. So when you get'em, at least take pleasure in the fact that the bastard who sent it to you spent way too much money to have people just throw'em away.
  • This just made me think of something...

    What if you set your SMTP banner to something like:

    mail.dlitz.net - We reserve the right to charge US$500 per message transmitted to us. If you do not agree, disconnect now or do not send any messages to us.

    One could probably boil it down to something a little more concise, but would it not give you a concrete standing in a small-claims case?

    --
  • Have all dialup ISP's block the outgoing smtp port. That will reduce spam by 99%. The rest will be the clueless cable/dsl loser who will get his account yanked quickly.

  • A "quality food product"? Did you type that with a straight face? Quite possibly the only thing funnier than that, associated with SPAM, is this oldy but goody. [fright.com]


    Need XML expertise? crism consulting [maden.org]
  • Which would strike a normal person as more reasonable? In one corner, we see a business using a novel marketing scheme

    Theft is hardly novel. It's old enough to have been banned in the Old Testament.

    to get the word out about its useful product, whilst growing the economy, providing jobs, and stress testing the infrastructure of the internet (and don't tell me that last one won't be useful when the next infowar rolls around;

    I don't see what my dialup connection has to do with someone else's infowar. I bought it for the sake of my own convenience. If someone wants to practice information warfare, let him do it on his own goddamn dime.

    Who's going to get hurt when you drive a small-businessesman out of business just because he had the nerve to assume you might be interested in his product?

    Hopefully, the THIEF who had the nerve to assume I'd be willing to pay for his advertising will be hurt. If he gets hurt to the point of jumping off the San Francisco Bay Bridge, it's a net gain for society at large.

    The internet was supposed to change things, wasn't it? It was supposed to be revolutionary; level the playing field.

    No, it was supposed to be a way to communicate if the USSR nuked the USA.

    And free speech really is the issue. You can't argue with that.

    The speech isn't free. The recipient is the one who gets stuck with the bill, and the FUCKING THIEVING SHITBAG who sent the thing gets to stand around and spout inane platitudes about free speech.

    Suffice it to say, the US Supreme Court does not recognize free speech as including a 'right' to pester people against their will.

    BTW, who are you going after once you've 'eliminated' 'spammers'? The Jews, perhaps? Hasn't history taught us anything?

    And now Mr. Godwin has been invoked. Thank you.

  • Here's what I do [bucknell.edu]

    Why not sue spammers?

  • It's not the lawyer being clueless.

    The problem is $$$ and damages. It is very hard to quantify the damages. Most of the spammers claim you make millions of $$ from following their scheme, but they don't have money to make a lawsuit worthwhile.

    The district attorneys won't do anything unless lots of damages can be shown, or the complainant and the spammer are in the same jurisdiction.

  • Closing the relays affects legitimate customers. My original ISP (Demon Internet) has closed its relays but can't be bothered to implement the latest protocols which would allow me to send mail other than by dialling up from my home number.

    This made me move onto Yahoo and other web based services since I travel a lot.

  • Right in the abstract, the author lays down his bias: "Unsolicited Electronic Mail, also called 'spam'". Not all unsolicited electronic mail is spam! To make a simplistic example, If someone from way back in your past (like high school) sends you an email from out of the blue, it's unsolicited (you didn't ask for it) but it's hardly spam.

    Not true - in fact in the article itself he goes into some discussion of what exactly constitute spam, and basically says it's "Unsolicited Bulk Email." The analysis on this is quite thorough.

    For those that haven't read the article, it is basically a run-down of the state of play to date from a formalised legal perspective, coupled with a conjecture that neither technical nor legal mechanisms (including future legislation) are capable of dealing with the problem.

    The issue is likely to be considered and expanded upon considerably in legal publications worldwide in the coming year - this article will serve as a very strong point of reference for the legal profession, both helping them to understand the issues and helping them to identify other resources (the article is extensively footnoted - in fact some pages are 80% footnotes).

    This article is actually more important for the future developments it enables, rather than for saying something new in itself.

  • The problem with your arguments:

    Your assumption that email has only an 'overhead cost' is wrong. Although this is true for normal use, what happens when a domain is spammed for each possible letter and number combination of email addresses? From 50 spammers? Or 500? If you don't have a huge amount of bandwidth (which tends to cost lots) and an incredibly powerful, redundant and fault-tolerant email server, you will go down. There is a lot of money that spammers cost buisinesses and individuals.
  • This is great! I'm going to email everybody I know and tell them to buy this book!
  • Perhaps Slashdot users and the internet community as a whole should put in for some serious self-examination. Maybe you'll find that the real problem isn't so-called 'spammers', but, rather, yourselves.

    Which would strike a normal person as more reasonable? In one corner, we see a business using a novel marketing scheme to get the word out about its useful product, whilst growing the economy, providing jobs, and stress testing the infrastructure of the internet (and don't tell me that last one won't be useful when the next infowar rolls around; quality assurance is too often overlooked, and 'spammers' help out in that department). In the other corner, we have a whining little snot who spends eight hours a day on the 'net but who can't be bothered to take half a second to hit the delete key? I know which one wins the 'freak' test in my mind.

    But apparently, the \. community can't see the forest for the trees. Have you any idea how ridiculous this makes you look? Trying to legislate and litigate away a 'problem' that costs you, say, 5 seconds a day, and which is not in fact a problem for normal people.

    Who's going to get hurt when you drive a small-businessesman out of business just because he had the nerve to assume you might be interested in his product? The big corporations won't, that much is for sure. You're playing right into the hands of the corporate hegemony: tying the arms of the little guy, hobbling him, denying him any opportunity to compete with the billion dollar marketing department of the average super-mega-conglomerate.

    The internet was supposed to change things, wasn't it? It was supposed to be revolutionary; level the playing field. You got an idea? Great, tell people about it. Bypass traditional channels. Wait, what's this. Slashdot user doesn't like unsolicited email. BAM! You're history. There goes your new idea. Down the drain, along with free speech.

    And free speech really is the issue. You can't argue with that. Denying people the opportunity to share their views, spread their message, advertise their product. We're talking nothing short of gross 1st amendment and civil rights violations, on a vast scale. This whole situation is just a little too Orwellian for me.

    A final thought:
    We are all outraged over ridiculous sham verdicts like the one in the McDonalds coffee spill incident. Yet, in the case at hand, you seem to consider a totally analogous set of frivolous lawsuits okay, as long as they're directed at so-called 'spammers'. Who is in need of self-examination? You are. Go ahead an mod this post 'Troll' or 'Flamebait'; when you do, you'll only be proving my point. BTW, who are you going after once you've 'eliminated' 'spammers'? The Jews, perhaps? Hasn't history taught us anything?

  • Interesting. I have the exact opposite distribution. Most of my spam:
    splitrock.net
    uu.net
    eli.net
    sympatico.ca (OK, it's not US, but it is North American)
  • by VSarkiss ( 173815 ) on Friday April 20, 2001 @05:10PM (#275924)
    I'm so used to discussions about spam on Slashdot, I don't know what to do when confronted with a thoughtful, thorough, analysis like this one.

    I'm almost all the way through the document, and it still hasn't degenerated into name-calling....

  • I wonder what the Hormel (?) company thinks of their main product now being ascociated with unwanted email. Have their teams of lawyers had anything to say about it yet? Personally I think canned meat that can congeal back together after it has been sliced can't be good. Anyone here actually eat real Spam? Guess Hormel can't do anything about the Monty python sketch since it is satire.
  • Well put together basic review of the issues, but it leaves out the level at which action, if it could be well-defined, might do the most good right now. I'm one of those folks who take care of their morning need to indulge in a bit of aggression by complaining to the providers of each bit of spam received. More often than not, they assure me accounts are closed. But for a few months most spam was coming from Phoenix or Tucson on the same provider. Now there's a lot coming from the Miami area. If they're shutting accounts, they're happily selling new ones the next day to replace 'em.

    If there were a law requiring providers to maintain a central database of credit cards used to purchase spam accounts, and then use that as a basis to run cross checks with the credit agencies so that no one person who ever bought an account to spam could ever buy access to the Net again ... well, you can see the problem, this will encourage the spammers to more often use stolen credit cards. Still, it should be illegal at least for the same firm to keep selling new accounts to the same spammer whose old account it just shut down. Or are we talking kids in the barrio who get their whole gang to sign up one at a time to keep their little business going?

    Hmm, how about a clause in the sign-up process for any Net access account wereby the buyer agrees to have their card charged $100 for each instance of spam (per recipient) - a simple service contract: you can send spam from your account, this is what we'll charge you for it. Let the ISP keep the money to offset their anti-spam efforts. Of course, you'll get some cheating ISP faking the evidence to collect the charges, but public review of their practices through boards like dslreports.com can steer us away from that kind of theft.

    So define spam as acceptable use that will be charged to your card, and at rates where we can hire serious collection agents to go after you if you try to stiff us. And we won't even notify you when the complaints start to come in, we'll just run up your charges. Any sane ISP would start paying small fees for spam reports from recipients. Setting a minimal threshold, say 50 reports before the clause kicks in, would protect folks from spurious reports. And we have a thoroughly capitalist solution without need for new laws.
  • by Autonomous Crowhard ( 205058 ) on Friday April 20, 2001 @05:57PM (#275927)
    The trick with any legislation is to follow the money. In most (not all) cases spam is specifically designed to make money for the sender. It seems to me that the proper response is to craft laws that allow you to easily go after the person who would get the money.

    This concept solves one of the major problems in trying to nab spammers... Locating them. Spammers can hide. They can move. They can generally stay safe forever. But there is that one common thread... Someone wants to get their hands on your money. To do that they need to provide contact info of some sort. BINGO!!! You have someone you can nail.

    Disclosure: I believe it should be loegal to kill telemarketers and spammers. Don't give me that "It's only their job" shit. It didn't work in Nuremberg, it won't work here.

    And the "freedom speech" angle doesn't work here either. I demand to be allow to exercise by freedom of speech by not being afflicted with these people. The freedom of speech does not give you the constitutional right to an audience.

    Damn. I started this thinking that I wasn't going to foam at the mouth. Sigh.

  • Sometimes the only alternative is to get a different number. Yours probably shows up in some directories that are widely distributed. I've had this problem several times in the past, with fax numbers and cell phones that wouldn't stop ringing. There's a cost in changing the number but the odds are your problem will go away. JMHO
  • Now there's a class act!

    Hip hip horay for Hormel!
  • Caller ID? *67 or *69, whichever it is, I don't know. Low level harassment can be met by low level harassment. There is a phone number, a contact. Bounce the faxes- call them back, fax them back. Unless you have an attack lawyer (who'll say go for it- he bills hourly) I can't think of anything else.

  • As the "freedom of religion" part of Amendment I is paired with the "freedom from religion," shouldn't the "freedom of speech" be paired with "freedom from speech?"

    Where is that copy of the constitution when I need it?

    As your right to speak ends at my ears, spammers' rights end at my inbox. Your right to speak does not include the right to crash my mail (except when dma.org gets flooded with forwarded spam, heh) or waste a chunk of my day.

    There are ways to e-mail anonymously, so there is no legitimate reason to spoof it. Any spoofed e-mail can not be protected as a commercial activity or free speech, but should be attacked. I don't want to see them in jail; we have too many laws and too many people in jail for dumb reasons. The ISPs can stop it and ought to be already. Aren't they the biggest victims of spam? I've dumped unreliable ISPs before. The one I have now is good. Hell, sometimes I have trouble sending mail because my ISP shuts down SMTP when it sees too much outgoing mail. So I wait a bit and send again later, thanking them inside for the fact that I don't get spam- and that they do their part to avoid sending it.

  • by deran9ed ( 300694 ) on Friday April 20, 2001 @06:33PM (#275933) Homepage

    anti spam law [antioffline.com] (I can't stand PDF files)

  • > My company participates in direct mailing

    Yes, that was already clear from your attempt to call what your company does something different than spam. However, if your company adds addresses to lists without the informed consent of the address owner, no matter how your company got ahold of the address, your company is spamming.

    I will put it quite simply: I decide what kind of mail companies can send me. It's my mailbox. It's my property. It's my personal space. So my rules apply.

    Offer me a chance to opt-in to a useful information source (deals on a particular type of book, etc.), but refrain from slamming my address into the list without my permission, and you'll be my friend.

    Slam me into a list against my will, where you think you can decide what I'm interested in, then force it down my throat until I plead with you to stop (this is called opt-out), and you'll be my enemy.

    When I opt out after being slammed by an enemy, I myself ensure that the opt-out works, permanently. That's because I have yet to see a company that's willing to slam me into a list without my permission in the first place ever manage to take me off that list successfully, even if they say they want to.

    So I handle the opt-out myself, by banning all email from the list bombing slammer on domains and networks under my control. I've found through harsh personal experience that that's the only successful way to opt out once an unethical mainsleazer has slammed your address.

    I strongly urge you to ensure that your company runs its lists without slamming addresses. Do confirmed opt-in, and you'll be my friend.

    http://www.river.com/users/share/cluetrain/ [river.com]

  • is there any software out there that simply replies to a spam message? nothing malicious, a simple reply and echo of what was sent to me? i was thinking that if the legal battle (arguably) takes too long and doesnt work in many occasions, we can simply reflect it back at them. if everyone had a program that replied to spam, we would overtax the mail servers that send the spam out. then no ISP would host such people after their servers go down time after time ... not a very nice method, but i think it would be an effective and immediate retaliation. (causing even mroe network usage bla bla yes i know, but it would make ya feel good no?)
  • Disclaimer:This not meant to be flamebait or troll. Why is everyone so upset about spam? We've been getting junk in our real mailboxes for decades. Honestly, I take much more offense at real junk mail, because not only do I have to waste my time to manually recycle it, but its a waste of trees. SPAM on the other hand is very easy to control. *click click* its gone. Those of you out there that are more clever have scripts to filter your email. I work for a very large gov't agency and I recieve about 40-50 random spam a day in my work acount from other employees, but I'm not getting litigious on their ass. Also, just like in real life, know who you are doing business with. I've had an excite.com email addy as my primary address for over a year now and I think that I have only recieved 12 pieces of spam to date. Everyone needs to just get on with their lives. there will always be people out there that use seedy business practices and if you can't learn to avoid them, then you are already screwed. Stop looking to the Government to solve all of your problems. /sigh alright *rant off* just my 3.14259 cents As0k
  • ...mail this to everybody we know and have them e-mail it to all there friends.. =)
  • As one of the folks who *enjoys* complaining about spam, why exactly do you want it stopped? Also, your proposed aggreement, in addition to being unenforcable, also fails to define the nebulous term "spam."

    Does mail from an old high-school friend begging me for a job count as spam? How about if the guy sent it to all of his friends? How about if he sent it to all of his friends and mistyped on of the addresses and sent it to you instead of me (because our email addresses are so close?) How about if a game company sent a message to people who regularly posted on a newsgroup asking them to beta test a new game for free? How about if it later asked those beta testers if they wanted to buy the game at a low price?

    How about if the second message was misadressed and went to me instead of you.

    This spam stuff is so confusing. It's really too bad that people can't filter.
  • Because there's a limited amount of bandwidth on the radio, but the internet is not constrained currently. Also, when 10 billion people have email and 20 dollars in disposable income, the world will be drastically different than it is today. Applying your figures to rational numbers of users (like, say 100 million) you make $200,000. Hardly covers your fixed costs on the hardware you had to buy to send all that email, let alone the Really Fast Connection it's going to take.
  • "I think that exception covers all cases you mention above, no?"

    After an admittedly quick reading, yes, I believe it does. My comment was aimed more at /. and the opinion expressed in the paper (quoted), and the tendency by many to fail to draw the distinction between spam and direct Internet marketing.

    That said, your link/statement is right on, gracias.
  • "For email, the recipient pays, so email is "no different" from junk faxes (which are already illegal)."

    The "recipient pays" argument, and the comparison to fax spamming, are arguments we tend to see a lot here. I'm no expert, but allow me to try to poke some (admittedly tiny) holes in them:

    Recipient Pays
    - I haven't paid one red cent to Hotmail for all the spam I've gotten there. Hotmail, in some vast, socialistic sense may have paid for it (mainly through the support costs of user complaints and possible though unproven additional equipment expenditures - but Hotmail is not the recipient. Hotmail is an ASP, and the cost is hardly passed on to the user. The case given by the "recipient pays" folks - the case of the dialup user who pays by message or connection time - is all but deceased. The number of Internet users who have to pay for mailbox space or by-minute connection time is small and getting smaller. ISPs push unlimited airtime plans, and that's what almost everyone is buying.

    Direct Internet Marketing is just like Fax Spamming!

    - Faxes are a synchronous resource. Email is asynchronous. You cannot interrupt one email with another. This is big.
    - Faxes have a paper cost and an ink cost as well as a maintainence cost that puts the per page cost around .50c. This is what the MBAs like to call a linear cost. You pay every time someone sends a fax. Email only has an overhead cost. You pay for your email infrastructure. If you have to increase it to handle more spam, then in some vague sense you've paid for spam, but it's nowhere near the direct cost-link to you that fax spamming provides. And it's a lot harder to show in a courtroom.

    That's the best I can do. Anyone else care to take a crack at it?
  • by sllort ( 442574 ) on Friday April 20, 2001 @05:28PM (#275942) Homepage Journal
    The thing I see missing from all the discussion of spam on /., as well as this paper, is the quantified difference between true spam and helpful courtesy emails & alerts.

    Right in the abstract, the author lays down his bias: "Unsolicited Electronic Mail, also called 'spam'". Not all unsolicited electronic mail is spam! To make a simplistic example, If someone from way back in your past (like high school) sends you an email from out of the blue, it's unsolicited (you didn't ask for it) but it's hardly spam.

    In the same vein, e-commerce companies emailing their loyal customers about limited time offers and promotions is far different from the crapflood-esque pyramid schemes from .nl addresses that put 10,000 emails in your box by raping a mail relay, or porn promotions that include web bugs to check when you've opened the email and start spamming you with a message a minute.

    Spam is malicious, and has a penetration rate under 1 in a million. Direct mailing from web vendors to their customers has a much higher penetration rate because they are sending their customers information about stuff they are used to buying!!.

    To those who argue that direct mailing should be easily opted out of, consider this: how easy is it to opt out of the existing direct mail offers you receieve via snail mail? It usually takes some real effort. Why can't this apply to the web? Is it truly so awful that Amazon tries to find other things you're interested in based on your interests, and lets you know?

    My company participates in direct mailing, and a lot of customers respond. Far, far, far, far less write us up angrily for sending them direct offers (I can count the number of times it's happened on one hand).

    From the paper:

    "Some definitions of spam include only messages that are commercial in nature. "Commercial" is generally defined in terms of message content rather than the sender's actual or presumed motivation for sending the message; a typical definition includes any message that promotes the sale of goods or services."

    Only commercial offers are spam? Come ON. Direct marketing is as American as apple pie. The Internet is no different.

    If you're going to wage war on direct marketing, wage it on all fronts: telemarketing, direct mail, direct email. There's no need to single out email.
  • Yet another issue: At least in the United States, snail mail is (as one would expect given it's ruthless inefficiency and hefty price tag) a government operated system. This means that direct mailers are afforded some degree of protection under the First Amendment, as are door-to-door salespeople-- solicitation using public property or resources is generally considered free or protected speech, as it should be. The use of someone else's private property in an effort to solicit is another matter entirely-- Freedom of speech is not a right that can be extended to another individual's property (hence the right of Slashdot not to post my idiotic message if they so decide). Hence, while legislation isn't an effective method of dealing with spam (or much else, for that matter), I think a legitimate case could be made against spammers in civil court, especially where the wasted time of employees is concerned. While damages might not be significant, and malicious spammers can remain anonymous easily enough, the risk of a lawsuit might deter enough people to make civil action worthwhile.
  • ?

    Hence the use of "generally" as a qualifier.

    It is, however, OK to rape a public servant on public property.

    --Shecky
  • That's Read The Fucking Paper, obviously...

    The definitions of spam which you complain about are given as possible definitions. The relative advantages of each definition are given in the paper, as you would know, had you read it instead of leaping to the defence of your company.

    To those who argue that direct mailing should be easily opted out of, consider this: how easy is it to opt out of the existing direct mail offers you receieve via snail mail? It usually takes some real effort. Why can't this apply to the web?

    The paper (did you read that, by the way?) spells out the problems associated with spam. Most of those do not exist in other forms of direct marketing.

    Is it truly so awful that Amazon tries to find other things you're interested in based on your interests, and lets you know?

    No, that's fine, as long as I have already given my consent and am able to stop those messages with a single request.

    Direct marketing is as American as apple pie. The Internet is no different.

    Yes, cos everyone on the Internet is an American, right?

  • Here's the link:

    http://www.spam.com/ci/ci_in.htm

We are each entitled to our own opinion, but no one is entitled to his own facts. -- Patrick Moynihan

Working...