Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
The Courts Government News Your Rights Online

CA Appeals Court Upholds Spam Law 339

Joe Wagner writes: "Criminal penalties for spam, yeah baby! It has just been announced that California State's spam law has been ruled constitutional and valid by California Court of Appeal for the First District: '...we hold that section 17538.4 does not violate the dormant Commerce Clause [of the United States Constitution].' The actual ruling is here. Congratulations to Mark Ferguson and his lawyers (1, 2) for fighting it out for the rest of us..."
This discussion has been archived. No new comments can be posted.

CA Appeals Court Upholds Spam Law

Comments Filter:
  • Brilliant, now... (Score:5, Interesting)

    by syrupMatt ( 248267 ) on Thursday January 03, 2002 @03:48PM (#2780548) Homepage Journal
    Lovely. Now that California has lead the way, when do you think other states will follow suit?

    Is there actually a "spam lobby" anywhere that could prevent (read give money to) politicans from supporting or passing such bills in other states?
    • Re:Brilliant, now... (Score:5, Informative)

      by 13013dobbs ( 113910 ) on Thursday January 03, 2002 @03:51PM (#2780583) Homepage
      Is there actually a "spam lobby" anywhere that could prevent (read give money to) politicans from supporting or passing such bills in other states?

      Yup. The DMA []. They want to spam you.

      • I don't think they are making much progress. Nobody likes spam, including politicians. Sure, they'll take their money, but they'll vote the other way. And if they don't, we can spam the politicians with hate e-mail.

        (Am I spelling "politicians" right? I don't think so...)
    • Is there actually a "spam lobby" anywhere that could prevent (read give money to) politicans from supporting or passing such bills in other states?

      Actually, there is. Perhaps the most well know is the Direct Marketing Association []. Yeah, they've got money, and yeah, they slather it around in D.C. They're not a spam lobby per se, but that is definitely a area in which they're active.

    • Re:Brilliant, now... (Score:5, Informative)

      by trenton ( 53581 ) <> on Thursday January 03, 2002 @04:00PM (#2780649) Homepage
      I'd also like to see a legal procecution kit for this. Not all of us have the money to pay an attorney to procecute someone under this statute. If someone, like the EFF, could put together a list of filings or whatnot, individuals could do all the court paperwork themselves. I'd imagine in many cases you'd get summary judgements (where the judge finds for you becuase the other side didn't show up to court).

      I think I'll mail EFF now.

      • > I'd also like to see a legal prosecution kit for this. Not all of us have the money to pay an attorney to prosecute someone under this statute.

        Which is to say, that it doesn't matter whether the CA anti-spam law is constitutional or not, it's unenforceable, and therefore, worthless.

        I'd rather have no anti-spam law, than a toothless one.

        Speaking of laws, when the fsck is the DA in Dallas, TX, gonna do something about a certain spammer who has an affinity for AT&T dialup ISPs and beast pr0n?

      • Re:Brilliant, now... (Score:4, Informative)

        by tgeller ( 10260 ) on Thursday January 03, 2002 @05:25PM (#2781224) Homepage
        The SpamCon Foundation Law Center [] has as close to a "prosecution kit" as you're ever going to find. No, it doesn't offer legal advice: Only a lawyer can do that. However, it *does* have court documents from past successful cases, a discussion board [] to check with other folks on the details, and other info.

        But you still have to file, and see the case through to the end. And then collect. Simply put, legal action is difficult. But each and every one of you can do it.

  • by Tri0de ( 182282 ) <> on Thursday January 03, 2002 @03:49PM (#2780555) Journal
    "The statute defines "unsolicited e-mail documents" as "any e-mailed document or documents consisting of advertising material for the lease, sale, rental, gift offer, or other disposition of any realty, goods, services, or extension of credit" when the documents (a) are addressed to recipients who do not have existing business or personal relationships with the initiator and (b) were not sent at the request of or with the consent of the recipient."

    Perhaps not plain english, but as close as legalese gets.
    • Ok, great I live in CA but what if the spammer doesn't? I mean its a great first step, but as with any of the future laws that will regulate internet usage (good or bad) jurisdiction will be THE problem. Unless its passed by the US Congess etc. would it begin to have power and thats not going to happen for awhile a really..really long while.
      Also, No comment by the EFF yet, I'm really interested in what they think of this definition of spam can be used inapporitly to negate free speech.
      • Ok, great I live in CA but what if the spammer doesn't?

        Then you'll be like a French person trying to buy Nazi gear via Yahoo auctions. The law is only valid in California, and AFAIK, other states/countries have no obligation to uphold it.
      • Hmmm...Slashcode seems to have confused "(Score: 4, Insightful)" for "(Score: -1, Did not read the linked documents.)"

        The law applies to anyone doing business in California, whether or not they are located in California. If you ship a product to a customer in California, for example, you are doing business in California and are subject to California law.
  • by Anonymous Coward on Thursday January 03, 2002 @03:50PM (#2780563)
    YOU TOO can prosecute all those pesky spammers. Just send $100 to this paypal account and we'll help you. If you don't want to press charges, just send an email to nothanks@prosecutespammersnow.BIZ and we won't press charges at this time.
  • Goody! (Score:4, Funny)

    by Matey-O ( 518004 ) <> on Thursday January 03, 2002 @03:50PM (#2780566) Homepage Journal

    (IANAL) When do I get my cut of the Civil Suit?

    Obviously SOMEBODY is making $4000 every week while they sleep with Barely Legal Lolitas and loose weight.

    • Actually, it's not somebody. It's a while lot of people. And, it's usually much more than $4000/week. Just FYI...

      And also, this isn't gonns do anything.
      all you have to do is provide a valid email to opt-out. No big deal.
  • by Syre ( 234917 ) on Thursday January 03, 2002 @03:50PM (#2780572)
    This law specifically ALLOWS spam to be sent. It just requires that spammers include a valid return email address and that they remove people from their list who want to be removed.

    This is great?

    It also only covers spammers who have their equipment located in California. All this means is that spammers will use mailservers in some other state or country.

    The only good thing I see about this is that it requires the subject to have "ADV:" in it.

    I expect absolutely no change in the amount of spam I get as a result of this law.
    • Valid return address is huge. It allows spammees to compain to their ISP and to the sender's ISP and to anti-fraud enforcement in government.
    • It is an improvement. Those methods work for getting rid of most telemarketers.
    • by Genom ( 3868 ) on Thursday January 03, 2002 @04:21PM (#2780764)
      Actually, I think it may make a difference, but not as drastic a one as those who wrote the law hope for.

      Valid return address - allows you to track down someone to be held liable for the spam. This makes complaining to the upstream provider much easier - and while the spammer will probably just hop accounts for the next one, it'll at least be a thorn in their side.

      Address removal - This won't really change anything -- they'll remove you from the one-time list they used to generate that particular spam, but add you to 3 other lists that will be sold or used to spam again.

      ADV: in subject - This is the one that could change the user experience signifigantly, if mail server admins use it. If spam is required by law to contain ADV: in the subject, than email can be filtered server-side to cull it out. Obviously this requires a little bit of work on the server admin's part - but if done right, this could bring your spamcount to zero (assuming the spammers obey the law)

      Now...most likely the spammers won't obey the law. They'll keep going as they are now, until enough of them get fined/jailed over it - then they'll have to figure a way to get around it. Most likely this will involve large "donations" to various congress members, in return for their vote against making there be any real penalty for violating the law.

      So yes - you're right on the one hand that the ammount of spam that comes in may not change - but the few spammers who actually abide by this law will make themselves easy targets for good filters. (and most good filters already cull out ADV: subjects ;P )

      • ...than email can be filtered server-side to cull it out.

        I can do that already far more effectively using tools like procmail [] and SpamAssassin []. SpamAssassin in turn can use various RBLs and Vipul's Razor [] (recently mentioned here), if you choose to.

        That combination has saved me from recieving and processing about 20 messages in my personal mail today alone, not to mention the other benefits of auto-filing/trashing/redirecting that using procmail gives me.
      • I have some plans to eliminate spam which should make my email box much more managable. Unfortunately I don't have the skill to make the appropriate changes, but perhaps a Sendmail guru can help:

        How can I setup Sendmail to deny all emails where the Reply To: != From: address?

        Filtering for message subjects which begin with "ADV:"

        How can I verify that the sender's domain (or parent if they have a tertiary level domain such as has a valid MX record?

        On a side note, I don't understand the comments on who is donating to political parties in order to gain support for pro-spam policies.

        From my understanding, the majority of spam is completely useless... even if I wanted to buy that timeshare in Afghanistan and use it as a base of operations to make $63,924 (first month!) sending marketing material to Al Qaeda members. There was some enterprising reporter (in LA, IIRC) that actually followed up to 200 or so spam emails trying to buy the product or the like, and 95% it was fake.

        So what the hell is the point? If the spammer's time is worth nothing, they should try Linux instead. But their time is worth something and they're wasting it sending spam that they can't even make money from. Maybe they just use it to see who responds and then sell those addresses. But if that's true, and only 50% of the people respond, then eventually that list of emails gets really short... and since I can buy millions of email addresses for $39.95 I don't see how these spammers can afford to give anything to politicians.

        Maybe that spammers are trying to get you to send them your credit card and then they run off on a giant shopping spree at your expense... but if that is the case then there would be even more anti-spam legislation.

    • This law specifically ALLOWS spam to be sent. It just requires that spammers include a valid return email address and that they remove people from their list who want to be removed.

      The spammer is required to place "AVD:" in the first four characters of the subject line. It also requires notice of the return address or a toll free number in the first line of the message. Even if it "only" required valid return address and true blocking of future messages, it would be a great thing.

      It also only covers spammers who have their equipment located in California.

      I believe it covers all email that is communicated TO a mail server within California. It doesn't seem to matter where the spammer is sending from. Did I misread it?

      The only good thing I see about this is that it requires the subject to have "ADV:" in it.

      I expect absolutely no change in the amount of spam I get as a result of this law.

      Perhaps you are fortunate enough to be missed by all the fraudlent get-rich-quick schemes. Maybe you haven't needed to endure a beastiality porn ad every couple days? Sex enhancing pills, fradulent credit (dup'ing SS#'s), work-from-home scams, bogus vacation/free-computer offers, and so on. If you only get "legitimate spam", such as ads from companies with bonefide products, then this law won't change much for you (except that they might do a better job of really blocking future messages when you request it).

      These fraudlent practices and questionable products are the real social evil that needs to be wiped out.

      Sure, it might be nice to have a law the completely prohibits all spam... but it just ain't gonna happen. Being able to respond to the spammer and have them truely block all future messages is a pretty good second.

  • by taliver ( 174409 ) on Thursday January 03, 2002 @03:50PM (#2780573)
    Yes, I hate spam.

    However, do we really want a precedent of banning certain types of emails? As much as we don't like spammers, I would much rather have to delete "Increase your ejactulation by 581%" than to worry that an encrypted email transmission was deemed illegal.
    • But, many more people would rather not dael with spam. Plus, this law only works if YOU report it. It is not as if the police are going to monitor every mailserver in California and look for spam.
      • No, police are not monitoring, yet. However, if he legislators pass an anti-terrorism bill that outlaws encrypted email transmissions, then the next step will be police monitoring, and they have the anti-spam bills precedent of banning certain types of speech as precedent.
      • > Plus, this law only works if YOU report it. It is not as if the police are going to monitor every mailserver in California and look for spam.

        No, this just doesn't work.

        It's like calling the cops after you've been the victim of a B&E. A nice guy or gal in a spiffy uniform will come and take a report, and you'll never get your stuff back, nor will the perp be pursued.

        Because the CA law lacks a right of private action, your reporting it isn't enough - the cops have to decide that it's a case worth prosecuting. Given that cops perceive (IMHO rightfully) that they have better things to do with their time than chase down every two-bit spambag, nothing will happen to spammers who break the law.

        (And in the defence of the cops, how do you prove that the perp is in CA? Sure, the reverse DNS on the throwaway dialup account may match to a CA ISP, but the perp could be in Florida or Dallas or Michigan, dialing long-distance. Officer Friendly's got better things to do with his time than chase down wild geese with recalcitrant ISPs.)

    • Personally, I don't think this is much bigger than mail fraud. IMHO, Rather than criminalize sending unsolicited email, I would criminalize sending spam without an ADV: prefix or ADV ADULT: prefix.

      This would effectively give them the freedom to send as much unsolicited junk to people who want it, and let us who don't want it to filter it out.

      As far as regulating technology goes, I think there's bigger fish to fry. Here's some examples of how the FCC helps the communication monopolies keep thier monopolies...

      UWB technology gets stuck in red tape []

      Roll your own DSL []

      My point: Communications and tech have been regulated for YEARS. So while you're pondering if criminalizing spam MAY set a bad precident, existing technology and communication monopolies are doing everything to criminalize and patent truely liberating technology (Ultra-Wide-Band) (DSL without the telcos): (That is before they figure out how to use it for thier own advantage)

      ...and that's just one very small facit of the problem...
    • The type of email that's banned is one that:

      • has a fraudulent return address
      • is unsolicited commercial mail
      You can still forge return addresses, you just can't do it with unsolicited commercial mail. You can still send whatever you want, just that in some cases you have to use a real return address. Does this still seem problamatic?
  • New Spam... (Score:5, Funny)

    by Peridriga ( 308995 ) on Thursday January 03, 2002 @03:51PM (#2780578)
    Are you sick of all of the SPAM that your receive in your email everyday. Well now there is something that you can do about it.

    Our law firm will go after all of these hideous capitalist marketers...

    To help our cause please forward this email to all of your friends and spread the word

    Also be sure to tell them to vote no on the Congressional Act adding a tax to emails...

  • Ham and ..... (Score:2, Insightful)

    by crumbz ( 41803 )
    Considering that the vast majority of users do not know how to setup filters and the like, spam really is a detriment to electronic messaging. My folks are not the most computer literate people on the planet and the thought of them receiving "No subject" messages with embedded porn makes me cringe. If I didn't have a full time job, I'd work on a system of intelligent agents that actually worked.
  • by wo1verin3 ( 473094 ) on Thursday January 03, 2002 @03:51PM (#2780582) Homepage
    At the point of origin, or the destination.

    And on behalf of some Canadians, I would love something like this to happen up hear.
    • I believe that if the recipient or the sender is in California, they are bound by the law.
      • That should be interesting. What are the odds that 100,000 pieces of Japanese land at a Californian? Is the Japanese firm (or whatever) accountable?

        Actually, like most Internet laws (read: casinos), I believe it's just for the sender.
  • If not, I don't care. Spam is annoying, sure, but junk mail is heaping piles of dead trees. The recycle bins by my apartment are constantly filled with weekend shoppers and credit card offers. One place I lived put the paper bin right next to the mail boxes, so you wouldn't have to carry your armload of junk mail. Aside from that, there's also the fact that spam is easier to deal with. I can set up procmail (or even more primitive filters) to do a decent job of keeping my inbox free of crap. But no matter how often I show the contents of my .mailmanrc to my postal carrier, I still end up getting a new shopper every day from a different place, always printed on high-gloss 100% freshly killed tree.
    • Go here for more information [] But also note they charge your $5 to do it online. DONT. You can simply mail in a letter (printable from this form), throw on a stamp, and away you go.

      And it does work. My junk mail has decreased dramatically.
    • But the cost of junk mail is fully born by the senders not the receivers. The paper that you don't like costs money to buy and money to print on. The sender pays for postage as well since the post office doesn't deliver for free. This is why there are no laws to stop junk mail. It isn't costing anyone but those who want to send it, spam on the otherhand costs everyone from bandwidth providers, mail server operators, and general users receiving the mail, but getting nothing else since they're box is overload with spam.

      In other news most of the glossy inserts that you get aren't really tree paper. They are mainly made out of clay, that's right they're made out of dirt. Going into a landfill won't do a damn thing because that's where they come from. So stop worrying about it.
      • There's a cost borne on the recipient you're not considering - waste storage and removal. Not to mention the time spent sorting through it to get the real mail, and the time spent sorting it for recycling. And then, if you don't recycle, there's the environmental cost as well. (Not all junk mail is glossy.)

        By the way, junk mail can also cause "bounces". I live in an apartment complex and those mailboxes are not very big. If I did not check it 2 days in a row, it would be completely full of junk, causing the mailman to hold my mail at their facility until it is emptied.
    • > Spam is annoying, sure, but junk mail is heaping piles of dead trees.

      Oh no! He's figured it out!

      Anti-spammers aren't really upset about the theft of their time and computing resources, we're all just agents of The Lumber Cartel [] trying to increase the rate at which wood products are consumed!

  • It's about time. (Score:4, Informative)

    by Philbert Desenex ( 219355 ) on Thursday January 03, 2002 @03:52PM (#2780598) Homepage

    Spammers would have you believe that other than your time for "just clicking delete", there's no cost to spam. However, since you and I and all spam victims pay a lot of the cost of spam before purchasing the spamvertised product, market forces on spam are seriously weakened, with respect to market forces on other forms of advertising (radio and Tee Vee broadcast, newspaper and magazine advertising, billboards, stock cars, product placement in movies). For all other forms of advertising, the advertiser pays for the ads up front, before the consumer buys the product. If the ad campaign sucks ("Ring Around the Collar!") or offends (Frito Bandito, anyone?) ad victims can choose to exert market forces on the advertiser. With respect to spam, victims have already paid more than their share of the ad costs before making a decision whether or not to buy the spamvertised product. Market forces apply only weakly to spam, thus requiring government intervention. Criminalizing spam is a step in the right direction.

    Spammers are all thieves. Don't forget, don't let your legislator(s) forget it. Down with the DMA!

    • Spammers would have you believe that other than your time for "just clicking delete", there's no cost to spam.


      With respect to spam, victims have already paid more than their share of the ad costs before making a decision whether or not to buy the spamvertised product.

      I too will make the claim that the real cost of spam is the time it takes to delete it, not the cost of delivery.

      Consider - In the US, most people pay a flat rate for internet connectivity. For them, the cost of delivery is 0. Now consider their ISP (who will after all, ultimately pass any costs of delivery on to the custom one way or another). ISPs typically get good rates on bandwidth, $1.00 per gigabyte is a good rule of thumb, but let's be generous and assume they are paying $10.00 per gig. The typical spam is under 10K, which works out to $0.0001 per spam. I receive around 30 spams a day, which is high, but still works out to less than a dime a month. I lose more money dropping coins under the soda machine.

      Since someone will no doubt feel compelled to point out that not everyone gets bandwidth as cheap as they do in the US, but stop there and not actually do the math of the higher priced service, I'll point out that even if you pay 100 times as much for bandwidth, spam /still/ costs you less than a dollar a month.

      Now consider what your time is worth. It takes about 5 seconds to identify and delete a piece of spam. If your time is worth $3.60 an hour, that's $0.001 per piece of spam, or over $4.00 a month. That's a lot more than the bandwidth cost, and most people with internet service consider their time a lot more valuable.

      If the above math is too hard for you, just think of this: Which takes longer; your computer downloading spam, or you deleting it? And who gets paid more, you or your computer?

      You might be able to convince me that you pay more for the delivery of spam than the spammer pays to deliver it to you, but I'd still delete unread any spam sent me, even if the advertiser paid me a dime to read it. I am not alone in that position, so complaining about the ratio of payment made to have spam delivered seems moot to me.

      Spammers may thieves, but it isn't sending spam that made them so.
      What we need is better technical solutions to spam, not more bad laws.
  • In A Related Story (Score:2, Interesting)

    by DeadBugs ( 546475 )
    Texas has passed a law to make it illegal for telemarketers to call people on a special do not call list. If the telemarketer violates this law they will be charged $1000 for each offense

    Here is the story from Yahoo []
    • Of course, there's several lists (each of which costs you $2-3 to get onto), and the exclusions are enough to make it basically worthless.

      From the site where you can sign up ( :


      Yes. Telemarketers may contact customers:
      * with whom they have an established business relationship;
      * if the customer requests contact;
      * to collect a debt;
      * on behalf of a non-profit organization or charity, or
      * if the telemarketer is a state licensee (for example - insurance or real estate agent, etc.) and:
      * the call is not made by an automated device;
      * the solicited transaction is not completed without a face-to-face presentation to complete a sales transaction and make payment;
      * the consumer has not previously told the licensee that the consumer does not wished to be called.

      Oh well. It was a nice thought.

      - Dave
      • > on behalf of a non-profit organization or charity

        There's an interesting twist to this exemption, and it's borderline fraud. Although some credit counselling organizations are legitimate, others are merely non-profit "fronts", or "shells" designed to herd low-income people into consolidating their debts at higher rates with unscrupulous creditors.

        Thus, some scumbag credit card company can "legitimately" telemarket by having its "charitable" arm phone people up and say "We're here to help you lower your debt servicing costs. We're a non-profit credit counselling service." Of course, all their counsellors recommend the same credit card, but the mark^H^H^H^Hcustomer doesn't know that.

        Still, even a limited do-not-call law is better than none at all.

        (Unlike spam, where lawbreaking is encouraged by the negligible cost to the sender, telemarketers at least have some incentive not to call those of us who wish to eat our supper in peace.)

      • I live in Texas and I'm pissed that they would run a protection racket. "Pay us $5 and we'll stop harassing you with our phone calls."

        Screw that. I've been telling every single telemarketer who calls to put me on their do not call list. That has worked much better than anything else I could have done. I rarely get calls anymore.
  • by Marx_Mrvelous ( 532372 ) on Thursday January 03, 2002 @03:54PM (#2780613) Homepage
    Indiana has a new "list" you can add your telephone number to to avoid any telemarketers (Well, 95% of telemarketers. Some groups aren't bound by it).

    Maybe it's the first step to adding your e-mail to a "no spam" list. If they're doing it with etlemarketers, why NOT with mass e-mailers?
    • Missouri has a similar law.

      I havn't had a junk phone call since the law went into effect. It's been great. I don't have to screen phone calls anymore.
    • A while back Sears (IIRC) obtained a list of names and addresses of people who don't want to get junk mail from the that preferences site... and promptly mailed them junk mail about a special offer of interest to people who value their privacy.

      They quickly stopped that practice. They had to - they were an easy target for people upset at this perceived misused of the list.

      But do you really think that anyone making criminal solications will give a damn about what people will say after they misuse a central list of valid email addresses? Even if the list is covered by a law that provides an automatic $500 judgement, good luck collecting it. You don't think they're going to start sending spam from *their* accounts, do you?
      • They might not ne able to stop every single spammer, but if laws DON'T exist against anonymous spam, there is no way to ever stop them. It has to come from some physical location, and therefore is able to be tracked.

        Just because it's hard to enforce doesn't mean that we shouldn't make the law.

  • Note that it also says, right up front

    No person or entity conducting business in this state shall facsimile (fax) or cause to be faxed, or electronically mail (e-mail) or cause to be e-mailed,

    (emphasis mine). Not just companies registered in California, nor does the email have to originate or be transferred through, or delivered in Calfiornia -- if the company does any business at all in California, it applies.

    I like it!

  • Great. But now what? (Score:2, Informative)

    by Kenja ( 541830 )
    While this is great and all it wont really reduce the amount of spam I get. Laws like this are not really enforceable given that most spam is anonymous and un-traceable unless you want to spend a lot of time sorting through mail logs.

    What's being done to STOP spam? I for one am tired of sorting through my mail looking for valid messages (spam to real mail ration of about 100 to 1). What's more as the years go on (same mail box for five years) my spam gets stranger and stranger [] I get more messages in Japanese, Korean, German, Russian and Taiwanese then I do in English.

  • by jeffy124 ( 453342 ) on Thursday January 03, 2002 @03:59PM (#2780641) Homepage Journal
    email from with the following subject

  • This case is very similar to what happened with the WA law, with the WA court ruling that a law that deals with the fraudulent aspects of spam (that includings not including valid return email addresses, or a way to opt-out of future mailings without significant hassle). Because the WA law allows WA residents to take on out-of-state spammers, the spammers were trying to argue that the law violated 1st Amendment rights and the Federal Commerce Clause. However, the WA state attorneys followed previous rulings that allowed states to regulate intrastate business when fraud was involved, and the law was kept constitutional. It sounds like the CA case was decided along similar lines since the law specific states that proper identifying and opt-out mechanisms must exist.
  • by trenton ( 53581 ) <> on Thursday January 03, 2002 @04:10PM (#2780707) Homepage
    Check out 17538.4 (h) from the code []:
    (h) An employer who is the registered owner of more than one e-mail address may notify the [spammer] ... of the desire to cease e-mailing on behalf of all of the employees who may use employer-provided and employer-controlled e-mail addresses.
    This is amazing! No more spam to my personal domain. No more spam at work. In fact, just start a free email system, run it as a non-profit, have everyone that signs up be a volunteer (volunteers are afforded the same considerations as employees), and you could have a spam-free deal for all!

    What are the odds of getting someone big to do this, like Hotmail or AOL? Then we'll really see how against spam the big companies are.

  • A replacement of or enhancement to SMTP to require secure, unforgeable authentication of an email's sender in order to make this enforceable. Otherwise it is for naught.
  • by t0qer ( 230538 ) on Thursday January 03, 2002 @04:12PM (#2780722) Homepage Journal
    My friend has one of those fathers that left when he was a small kid and pops in once in while to give him a car, business, just sort of out of the blue.

    Anyways we're going down to his house in bakersfield next week. Apparently his father has a T1 line going into a csu/dsu into a router on a pretty unsecured network into his house. All windows machines running IIS, can't remember the spam package he's using but here is the dilema I face, maybe my fellow /.ers can help me make the call on this.

    Up until last year I was a happily working dot com guy. Every company needed sysadmins so for a guy like me that understood tcp/ip networking and o/s installation it was great. Jobs were everywhere. Then I got laid off a week after buying my house. Been surviving, still got the house, but you just don't derive as much pleasure from life living day to day on ramen and cigarettes your bought scraping the change that fell out of people pockets from your couch.

    His father wants our help. He know's I can help him convert everything over to BSD, which in itself would secure him a bit, get a firewall in place and a billing system. Currently he is making $2,500 a week net and has customers lined up out the door to use his spamming services.

    My moral dilema is, do I help the guy to make a quick buck (which also makes the wife happy) or do I stick to my guns and say spam is wrong?

    It's a really hard choice to make when you're faced with the reality of well.. reality. Bills don't pay themselves. I sometimes wonder if the goverment is lying about how bad it really is out here because I got 5 sysadmin friends in the bay area out of work now. 5 sysadmins that I personally know and hang out with. Their job hunts have been the same as mine for the last year, HR ppl just bringing you in for an interview so its "make busy" work.

    I dunno, today might just be a weird day, its an odd coincidence that slash would be posting a story on this a week before i'm supposed to go help it.
    • So basically, you're asking Slashdot how ethically principled you are?

      Sorry, man, but you're the only person who can make that call.
    • Sign him up for as many spams as possible.
    • > My moral dilema is, do I help the guy to make a quick buck (which also makes the wife happy) or do I stick to my guns and say spam is wrong?

      There are too many spammers in Bakersfield for that reference to uniquely identify him.

      But if you'd post a sample of his spam, the Lumber Cartel (TINLC) will recognize him, get his T1 yanked by his provider, and then his network of IIS boxen will be secured for free ;-)

    • Dude,

      Everybody has to make a living. Everybody has to live with there own conscience. What are you asking for?

      If you want someone to tell you its okay to send out spam, well try again. SPAM is wrong because you are basically syphoning off the system. This guy's dad makes a few bucks in a morally negligent way. It does create hard currency, but it won't do anything for your conscience or your resume, and chances are you will always regret working there.

      If you have a conscience. Many people don't. Perhaps you are one of them. In which case, go help the spam guy. Its easy to rationalize. Hey! If not you someone else, right?

      But this is a decision you need to make and no one else. Asking slashdot for advice is about as predictable as asking. "I was installing an OS on my PC, and was wondering whether I should use Windows or FreeBSD. What do you think?"

      Anyway, good luck, and please take me off any lists you might come in contact with.
    • Although I fully sympathize with your plight, being in the middle of the same thing myself, the long-term consequences are far more dire.

      Taking the job is a black mark that will follow you for the rest of your professional life. No one that you'd actually want to work for will knowingly hire a spammer. Your employment options will be forever limited to spammers and spam-friendly organizations. You will also not be able to reveal the nature of your employment to your friends, for fear of their reaction.

      If you simply fail to mention that piece of your employment history on future resumes, you'll still have a curious gap that future employers will ask about.

      A quick trip through mythological or Biblical references will show you this is how Evil traditionally works: Wait for a moment of supreme weakness, then make the victim an Offer He Can't Refuse.

      Ultimately, as an earlier poster pointed out, you are the final arbiter of your own ethics and what you think you can live with. But if you want my opinion, I recommend avoiding the Faustian Bargain. The long-term costs to your professional career are simply too high.


    • Dude, it's very simple. First, take the job. You and yours need to eat and pay bills, and it's not like it's completely illegal.

      Just try to perform it as "morally correct" as your conscience demands. That means if you discover an anti-spamming law that you can comply with by changing some code, change that code. If you know that the DMA maintains a list of addresses that have requested "No spam, please," then try to keep that list current on your systems. Just because your boss is "ethically challenged" doesn't mean you have to always do it his way. (Just when he's looking over your shoulder ;-)

      Hell, who knows, you might eventually drive his company in a more legitimate direction, which might even prove to be more profitable in the long run. Y'know, you could even then legitimately advertise your services as "ANTI-SPAM S.xxxx compliant"

      Just do the rest of the hacker world a favor and make his spam-slinging engine leave some spammy header traces that our spam filters can spot, please! Spam plays the numbers game, and if 5% of us are savvy enough to filter it out, SO WHAT? It doesn't cost you any business you would have otherwise tricked us into giving you.

      Hell, it'll even save you time NOT sending it to the spam-hating addresses. It might even keep the rabid anti-spam crowd from chasing your IP address back a day early, letting you operate a bit longer each time.


  • by isdnip ( 49656 ) on Thursday January 03, 2002 @04:19PM (#2780747)
    Read it. The law says that spammers have to provide an "opt-out" address, and users have to send their real email addresses to them, the spammers.


    So now the spammers will have a list of valid, guaranteed active email accounts. To sell, which is what opt-out addresses in spam are for. Not to opt out, but to verify that they're real.

    And since this is a state law, the spammer can get away with this by being out of state. Not that spammers ever care about the law. The law merely encourages users to ACT LIKE IDIOTS and send real email addresses to spammers who will then use them as verified, premium spambait!
    • What you can do is, go to those spammer sites for opting out, then fill in the email address of you congress person, your senator, your mayor, your president, John Ashcroft, and every other politician that you have the email address.

      That's what I do.

      I believe that, sooner or later, we will get a really tough law against spammers, especially if you do this at the pr0n sites.
  • Double edged sword (Score:2, Informative)

    by Ioldanach ( 88584 )

    Clearly, requiring spammers to behave with some sort of ethics is a noble goal. However, it appears that the judge has decided that this law does not violate the constitution for the wrong reasons. So, as much as it pains me, I must disagree with the judge. The law needs to be rewritten to be more restrictive. My logic follows below.

    I read through the judges decision, and here are some interesting snippets which show the judge does not understand the nature of the internet, and the defendant clearly did not present sufficient argument in several areas.

    First, respondents argue that the geographic limitations on the scope of section 17538.4 are ineffectual because of the very nature of the Internet. UCE is transmitted via the Internet which functions in cyberspace, a place respondents characterize as being "wholly insensitive to geographic distinctions." (Quoting American Libraries Association v. Pataki (S.D.N.Y. 1997) 969 F.Supp. 160, 170 (Pataki).) Thus, respondents maintain, an e-mail address simply does not logically correspond to a geographic residence.

    The problem with this argument is that section 17538.4 does not regulate the Internet or Internet use per se. It regulates individuals and entities who (1) do business in California, (2) utilize equipment located in California and (3) send UCE to California residents. The equipment used by electronic-mail service providers does have a geographic location. And e-mail recipients are people or businesses who function in the real world and have a geographic residence.

    That implies that (1) the geographic location of the electronic mail server can be determined by the sender of the mail, (2) that the servers which will be passed through (or at least are at the origin or destination) are known to the sender, and (3) that the residency of the recipient is known to the sender.

    Respondents argue that, even if e-mail recipients do have geographic residences, it is simply not possible for senders of UCE to determine the residency of any particular e-mail recipient. Thus, respondents argue that the only way to avoid violating section 17538.4 is to comply with it in every instance. This argument has two fatal flaws. First, respondents ignore the second geographic limitation imposed by section 17538.4: it applies only when equipment located in the State is used. By limiting the scope of section 17538.4 to UCEs that are transmitted via equipment located in the State, our Legislature ensured that the statute would not reach conduct occurring "wholly" outside the State.

    Second, the record does not support respondents' claim that it is impossible to determine the geographic residence of a UCE recipient. Both the Attorney General and Ferguson dispute this contention. They suggest that lists of e-mail addresses sorted by geographic residence exist already or can be created and utilized by senders of UCE.

    Which implies, again, that the residency of the recipient is known or can be inferred. Both the Attorney General and Ferguson apparently don't know how the assembly of e-mail address lists occurs. When compiling a list of addresses who might be interested in a particular subject, address assesment almost never occurs.

    If I were to decide to assemble a list of addresses that might be interested in my product, I could go to a newsgroup, download all the headers available, and compile the attached e-mail addresses into a list. However, that list of e-mail addresses has no other information embedded within it. Any of the e-mail addresses listed may be hosted with a server having a privacy policy which prevents disclosure of the end user's address. Therefore, I have no way of determining what the residency of those recipients is.

    Respondents argue that another practical effect of section 17538.4 is that it conflicts with statutes regulating UCE that have been enacted by other states. Notwithstanding the fact that, to date, at least 18 states have enacted laws regulating UCE (Heckel, supra, 24 P.3d at pp. 411-412), respondents have identified only one actual conflict pertaining to one requirement imposed by section 17538.4. Section 17538.4, subdivision (g), requires that the subject line of the UCE include "ADV:ADLT" as its first eight characters if the message contains adult information. Respondents contend this requirement directly conflicts with a Pennsylvania statute which requires that the first nine characters of a subject line of a UCE containing explicit sexual materials be "ADV-ADULT" if the UCE is transmitted to a person "within the Commonwealth." (See 18 Pa. Cons. Stat. section 5903(A.1).)

    Respondents' argument that section 17538.4 conflicts with Pennsylvania law fails at its base because they have not established that the geographic limitations imposed by section 17538.4 are ineffectual.

    Here lies the most important part of the argument, conflicting state laws. The entire basis of the court's rejection of the unconstitutionality hinges on the assumption that the residency of a UCE recipient can be determined. If it is impossible to determine the residency of a UCE, the law becomes unconstitutional.

    How many free e-mail services do not require an indication of a user's residency? How many of those servers that do require it verify identity? For an entire segment of the population, it is completely impossible to determine the residency of the users, thus, this law should be found unconstitutional.

    • Argument well stated, but this just means the spammers can only use email addresses that can be traced to a physical residence and verify the state is not CA. Sure this limits the use of hotmail, yahoo and other free email services, but I don't see that as a bad thing.

      If telemarketing follows similar laws about opt-out (ie, if you ask them to take your number of the list, they have to), why shouldn't email spam? The judge and DA may be flawed in their logic, but that doesn't automatically make the decision useless or unconstitutional.

    • A good analysis, but in fact it is not simply a question of whether it is possible to figure out where a mailbox is. California doesn't even have the power to make you try to find this out, nor should it.

      With this precedent, you now have to figure out where you are mailing. Not just if you are mailing to a mailbox in California, but every time. If a person in Nevada mails a person whose mailbox location they don't know, and the person has to be in Oregon, this ruling says you need to find out where it is to make sure it's not in California.

      In effect, they are banning sending mail when you don't know what state the target mailbox is in. You may be able to find out the state with a bit of whois work or searching lists, but California is not supposed to have the power to make you take these extra steps if it turns out the mail is not going to come to California.

      In other words, California is making people from Nevada take extra steps on mail that turns out to be going to Oregon. That is unconstitutional.

  • That still isnt going to eliminate the stupid Taiwanese spam I get all the time.

    I mean, US spam, I at least can read.
  • by caferace ( 442 ) on Thursday January 03, 2002 @04:28PM (#2780821) Homepage
    I noted the following at the bottom of the ruling:

    Hormel Food Corporation, which debuted its Spam(R) luncheon meat in 1937, has dropped any defensiveness about this use of the term and now celebrates its product with a website . . . . [Citations.]" (Heckel, supra, 24 P.3d at p. 406, fn. 1.)

    Does that mean /. can use the old Spam logo again? (only partially kidding...)

  • DMCA is bad. Yes. I agree. Threatening lawsuits against ORBS is bad. Right with you there, the internet functions well as a self-governing system. Also, don't tax transactions on the internet, okay, no problem. But if it involves an annoyance such as spam, please, bring in your law enforcement.

    As a sysadmin, I hate spam plenty. As a sysadmin, I employ various mechanisms to employ spam. I don't consider this legislation to be any great cause of celebration.

    • They're hypocrites, they don't want the government to get involved in the internet, copyright protection, taxing internet transactions, invading their privacy, etc. But as soon as MS or SPAM or any mega-corporation is concerned, Slashdotters are the first to encourage government intervention. Go figure.
  • by btempleton ( 149110 ) on Thursday January 03, 2002 @04:32PM (#2780848) Homepage
    While if you hate spam as much as I do, you might be tempted to be pleased at this law, it's actually a terrible decision.

    The court has said that when you mail, you have a duty to figure out in advance what state the mailbox you're mailing to is in, and then find out the e-mail laws of that state and obey them.

    Yikes! That's not at all the way E-mail works. You often have no idea what state the other guy's mailbox is in, and it's a pain, or impossible, to find out in many cases.

    You may cheer that this law puts this burden on senders of UCE, but the reality is that if this decision stands, you are letting all states put whatever rules they care to pass on E-mail, and putting a duty on everybody to know all the laws and know the state they are mailing.

    To add insult to injury, this law defines new syntax for the Subject header! The government should not be defining the forms of e-mail headers. The IETF does that. This is also compelled speech and apparently the defendant didn't even bring that issue up.

    Less you think I'm defending spam, you can read my essay on the insidious evil of spam [] to find out the contrary.

    But we must fight spam the right way, and setting precedents like this is a dark day for e-mail and the internet in general.

    California had another spam law which wasn't so bad because the recipient had to notify, thus making it clear what state they were in.

    • This is one of the few clear-headed posts in here. I hate spam just like everybody else, but hitting delete a few times a day (or setting up filters) is far far less annoying than the kind of clueless laws that the government likes to regulate the internet with.

      Listen slashdot! You don't want the government's hand in this!

      Remeber how they "solved" the pornography problem? (CDA I, II, etc., forced use of censorware in libraries)

      Remember how they "solved" the movie piracy problem? (DMCA?)

      I want as little regulation of what I do on the internet as possible. I think the spam problem is best solved by (1) hitting delete, (2) technological/social solutions, or finally (3) civil torts.
    • Um... the only way to regulate email is to place burdens on the sender. And this is exactly what we all want! This doesn't get in the way of people with whom we have established relationships, because their emails aren't covered by the law. But it puts an enormous obstacle in front of spammers, which was exactly the goal. I think the government found an excellent way of NOT screwing with email too much. They didn't implement a bunch of technical mumbo-jumbo that the legislators couldn't understand (see: DMCA). And you REALLY need to remember to say "IANAL". The bit about compelled speech is absurd. Don't you think there's a reason that perfectly competent lawyers didn't bring it up?
    • This is also compelled speech and apparently the defendant didn't even bring that issue up.
      Probably because it isn't a viable issue. The courts have ruled that commercial speech isn't as protected as someother kinds of speech, so compelled speech is permissible. It's not an unlimited permission, but the compelled speech has to be pretty harsh before it gets struck down.
      • The courts have also ruled that you can't regulate advertising "just because it's advertising." There has to be another reason. Commercial speech has been ruled to be highly protected, while non commercial speech is extremely highly protected, which is different from the way some people think about it.

        And a capable lawyer brings up everything that might have a bearing, even if they don't think it has a chance. It's the judge's job to dismiss it.

        The question of whether the government can force us to classify our speech is an interesting but unsettled one.

        However, it still remains the case that we don't want the government defining the syntax of email headers. If you want a law for that, the law should say, "Appropriate standards bodies for the E-mail being sent may define headers which allow the expression of whether the mail is commercial or not, and if they do, commercial mailers must use them."

        However, the surpreme court has thrown out regulation of commercial speech "just because it is commercial." As we all know, there is religious spam, charitable spam, politicial spam and various other types. If there is to be a law about spam, court ruling suggest it needs to be about spam, not about commerce, which is simply the most popular type of spam.
    • and putting a duty on everybody to know all the laws

      In case you haven't noticed, these spammers are:

      • Engaging in interstate commerce (even if it's black-market stuff)
      • Often selling physical goods (or claiming to, anyway) which have to be delivered
      which means they have to be aware of and follow laws on interstate commerce anyway. I don't see a big difference here.

      This is also compelled speech and apparently the defendant didn't even bring that issue up.

      I'm not surprised at all - how could they have argued it? We will be irreparably harmed by people choosing not to read our adverts by using filters? WTF?? Which would be a big fat admission that almost everyone hates spam. That's not something they're going to argue unless they're really stupid or desperate.

  • I'm not sure I like this development. I mean, yes, I am as annoyed by spam as everyone else is, and I'm quite sure there is a special place in hell awaiting the spamlords. But should we really cheer the restraint of speech on the net? Given that, practically speaking, the processing costs are minimal to the point of invisibility, and that perfectly adequate receiving-end filters are available, why do we need or want The Man stepping in to solve this? Especially given that (as others have stated) this won't actually work at all?

    What we end up with as a net result (pardon the pun) is that there is a law on the books restricting speech on the net; if this law survives further appeals, it becomes precedent for further laws restricting net speech. Personally, I would rather deal with spam and keep the regulators as far from the net as possible.

  • Who pays for spam? The people who's computers it goes through.

    Think if the paper-spammers started putting "postage will be paid by adressee" on their ads.
  • tread carefully (Score:3, Insightful)

    by geekoid ( 135745 ) <dadinportland&yahoo,com> on Thursday January 03, 2002 @05:26PM (#2781233) Homepage Journal
    the california law is a well written law that explicitly defines what the law means when IT refers to spam.
    And surprisingly, the way the law defines spam is how most of us would want it defined.
    Please be very carefull when contacting politicians about spam laws that you states/country defines it they way California does, otherwise it could be twisted pretty badly.
    Its a tough thing, for me spam is an ad for business. But I would hate a law to stiffle free speech.
    • Agreed. This is a good law. Commercial e-mail is still allowed, provided that 1) the source address is valid, 2) removal instructions that work are provided, and 3) the subject begins with "ADV:". That's reasonable; those who want spam can get it, and those who don't, don't.

      This law has teeth, too. There are criminal provisions. Probably about the time the third spammer goes to jail, the total volume of spam will drop considerably.

      It may have been noticed already. I haven't received a spam in the last two hours, which is unusual.

  • Physical Damage (Score:2, Insightful)

    The decision also available here from the court itself [] said the lower court erred in not letting Ferguson pursue tresspassing charges against the spammer, despite his evidence that physical damage was done to his computer. I admire his creativity: the physical damage he cites is the fragmentation of his hard drive due to the spam in his inbox.

    Has he also considered the physical damage that can occur by increasing your ejaculate by 581% and shooting it 13 feet?
  • ... send a singing telegram to various courtrooms, legislators offices, and legislative chambers. Make sure the telegram pitches some fraudulent get-rich-quick scheme or illegal pornography. Send the telegrams repeatedly and at the most inopportune times.

    Eventually, the judges and legislators MIGHT get the point.

Matter cannot be created or destroyed, nor can it be returned without a receipt.