Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Spam Your Rights Online Technology

E.U. Employers To Be Held Liable For Porn Spam? 314

Posted by timothy from the hostile-environment-defined dept.
Cowards Anonymous writes "Yahoo News has a story about a study of Europe's new anti-spam legislation. The overly broad wording of the legislation, according to the study, could allow employees to sue employers for not doing enough to stop porn spam. Businesses could be sued by their workers for allowing a hostile work environment. The author of the study advises companies running email servers to use filtering technology, and warn employees about the sometimes sleazy content of spam."
This discussion has been archived. No new comments can be posted.

E.U. Employers To Be Held Liable For Porn Spam? More

E.U. Employers To Be Held Liable For Porn Spam?

Comments Filter:

  • SMTP must die! (Score:5, Interesting)

    by LostCluster ( 625375 ) * on Wednesday April 28, 2004 @12:48PM (#8997570)
    E-mail, as we know it today, has got to go. Non-authenticatable sending is a bug, not a feature. For as long as businesses allow incoming SMTP e-mail, their employees will always be exposed to all forms of Spam, including pornographic.

    So, if the law basically makes it impossible to run an SMTP-based e-mail system in a business, that could be just the knockout blow it takes for businesses to finally see an incentive on picking a tigher protocol that allows better tracing of senders.

    • Re:SMTP must die! (Score:4, Insightful)

      by Xaymot ( 754751 ) on Wednesday April 28, 2004 @01:04PM (#8997784)
      I doubt this new law will cause any type of lawsuit. Holding a company responsible for having a crappy spam filter is ridiculous.

      It is one thing if they are contributing to the hostile work environment but failing to prevent a hostile work environment is not the same thing. This is like suing a company for a gay co-worker grabbing your ass as if the company somehow created a randy gay guy in accounting that loves Christopher Lowell and your ass.

      As for SMTP based e-mail; it's like VHS to Beta. They'll use it just because it's cheaper even with the porn. And who doesn't like a little bit of donkey love on a Monday morning?

      • Re:SMTP must die! (Score:2, Interesting)

        by SlayerofGods ( 682938 )
        So wrong....
        You think all those million dollar sexual harassment lawsuits are paid for by the harasser?
        A company is VERY liable if it doesn't try to prevent a hostile workplace. Especially if it knows its happening.

      • Re:SMTP must die! (Score:2, Interesting)

        by damium ( 615833 )
        This is like suing a company for a gay co-worker grabbing your ass

        But the company would be in a lot of trouble if they let it continue. Not that I agree that holding them accountable for spam is a good thing.
    • I agree with this. This might help reduce the number of viruses today as well.

      Is there any such project currently being pushed to resolved this?

    • Re:SMTP must die! (Score:4, Insightful)

      by Kenja ( 541830 ) on Wednesday April 28, 2004 @01:13PM (#8997898)
      You first. Stop using email amd we'll talk. Of course you'll have no way to talk to me, but that sounds like a good idea. I for one have a problem with punishing everyone because some people are being jerks.
    • E-mail, as we know it today, has got to go.

      Speak for yourself. Nobody forces you to use email, right? You want to use a "tigher protocol", be my guest.

      Oh, you want ME to stop using email..? Umm... how do you say "fuck off" in a polite way?

      • Re:SMTP must die! (Score:3, Insightful)

        by rokzy ( 687636 )
        >Nobody forces you to use email, right?

        er, yes they do actually. it's a requirement for study at my uni at least.

        (next lame argument: "no-one's forcing you to get an education...")

        it's also a requirement for many other things that aren't gun-to-head-forced but neither do they actually truely require email anyway e.g. buying things online.
    • For as long as businesses allow incoming SMTP e-mail, their employees will always be exposed to all forms of Spam, including pornographic.
      I don't know about that.... I haven't received a single piece of spam my entire time working here, and none of my coworkers have ever mentioned it either. So I guess the head office must be doing something right.
      Or maybe they're just afraid to spam @doj.gov ;)
      • Hmmm...that might a a good thing. Maybe someone needs to set up a domain and have mail.domain.com alias to mail.doj.gov. It would be a fun trap, let the sampers spam @domain.com. :)
        • Might want to think that through before setting up your "Sting" operation.

          Guess who gets arrested first?

          On "Cops", a woman sick of crack dealers in her neighborhood walked into a crackhouse, bought some, then walked back out to the cops who had said they couldn't do anything without seeing a crime in progress. She presented the crack to them, and they arrested her for drug possession.

          You think that little domain trick would go over any better? :)
          • IANAL or a cop so I have no idea if just aliasing mail.domain.com to mail.doj.gov is legal, and if it is, i'm not sure if you could be charged with spamming for the mail that traverses that alias. I, however, am not going to try and find out. BTW I would bet in that case the DA would offer the lady immunity to testify against the drug dealer. The Cop's can't offer deals, only the DAs can do that. (Again IANAL so this is only as good as what I see on Law and Order!) :)

    • Re: (Score:3, Insightful)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion

      • Re:SMTP must die! (Score:4, Informative)

        by cperciva ( 102828 ) on Wednesday April 28, 2004 @01:36PM (#8998172) Homepage
        Anyone see a downside to this besides the annoying move to such a system?

        Yes. It wouldn't work.

        I send mail from several different places, with several different return addresses. The mail server for foo.com doesn't know anything about most of the email which I (legitimately) send with my @foo.com return address.

        Also, there's a huge amount of mangling which happens to email messages. Headers are added, removed, or modified; line breaks are changed; some characters or strings are escaped... you'll have trouble finding something you can rely upon for your hashing.
        • Comment removed based on user account deletion

          • It's called SPF (Score:4, Interesting)

            by mdfst13 ( 664665 ) on Wednesday April 28, 2004 @03:32PM (#8999772)
            SPF ( http://spf.pobox.com ) does this at the domain level. At the username level, authentication would be guaranteed by the domain server.

            The grandparent post's issues can be solved by always using the domain SMTP server (as opposed to using an ISP server or sending direct). Most people already do this. If the ability to send from a dynamic IP is really needed, I notice that DynDNS is listed as an SPF supporter at http://spf.pobox.com/faq.html .

            A second conversation (to verify) is not needed. Just push all mail through the SMTP servers. Then the receiving server can verify the sender on receipt (the sender's IP is known as part of the TCP conversation).

            There is also a proposal called IM2000 that would offer most of what you want as well. With IM2000 only a message notification is sent. Using that info, your email client then gets the actual message from the sending server. If you verify the sending server in DNS prior to retrieving the message, you can be guaranteed that it is sent by the correct server.
      • There may not be an IP address associated with "xxx.stuff.com". The system in question may not even use TCP/IP, although that is becoming more of a rarity. Mail can be transported over networks other than ones based on TCP/IP.
    • Spam is not a technical result of the email system, the way that (say) packet collisions are a technical result of shared-media Ethernets. Rather, spam -- just like theft -- is a result of individual human beings (the spammers) choosing to offend. They are aided in this choice by other individuals (employees and managers of spam-supporting ISPs) choosing to permit their resources to be used for this offense.

      It is a category error to treat spam as a software bug rather than as human misbehavior. It's true

    • Re:SMTP must die! (Score:4, Funny)

      by lightspawn ( 155347 ) on Wednesday April 28, 2004 @01:30PM (#8998096) Homepage
      Your post advocates a

      (x) technical ( ) legislative ( ) market-based ( ) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      (x) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      (x) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      ( ) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      (x) Requires immediate total cooperation from everybody at once
      (x) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      ( ) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      ( ) Laws expressly prohibiting it
      ( ) Lack of centrally controlling authority for email
      ( ) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      ( ) Asshats
      ( ) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      (x) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      (x) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      ( ) Extreme profitability of spam
      ( ) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      ( ) Dishonesty on the part of spammers themselves
      ( ) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook

      and the following philosophical objections may also apply:

      (x) Ideas similar to yours are easy to come up with, yet none have ever
      been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      ( ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      (x) Countermeasures must work if phased in gradually
      ( ) Sending email should be free
      ( ) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      ( ) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      ( ) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      (x) Sorry dude, but I don't think it would work.
      ( ) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your
      house down!
      • Usually, I find the checklist humorous, but there's one point that needs to change.

        (x) Armies of worm riddled broadband-connected Windows boxes

        Might as well take this off the list because it's never optional and is often orthogonal to the proposed solution. All those zombies are in place and speak the current flavor of SMTP. If a successful solution moves the greater net off of SMTP, the zombies are irrelevant. Solutions that stay with SMTP have to put up with the zombies just as email presently doe

    • I don't think we will see huge lawsuites on this issue in EU since their judical system is not based on the type of litigation that exists in the US. You will never see a typical US lawsuite (I.e no $250 million in settlement) in EU. This is something that is unique to USA.

  • It's not just a good idea, it's the law! (Score:5, Interesting)

    by LostCluster ( 625375 ) * on Wednesday April 28, 2004 @12:50PM (#8997607)
    I know of one business that is still running Windows 98 based computers in the office, with very little preventing the employees from wandering on the Internet to wherever they want. Not surprisingly, the employees end up contracting spyware and browser hijackers on a regular basis.

    The management has had enough of the IT department having to clean up the infected computers, and has basically ordered them to stop wasting their time on such machines. As a result, one machine's homepage is now perma-set to a porn site. There's a running process that resets it whenever the user attempts to change the home page by any way, but it's using rootkit tactics to shield itself from being uninstalled by anything. The OS is hosed, it needs to be reinstalled.

    I just can't wait until the first female employee notices what's happened to this male employee's computer and files the lawsuit. Sometimes, IT spending is just plain mandatory...
    • "Sometimes, IT spending is just plain mandatory..."

      So is firing employees who cause unnecessary IT expenses. But it seems that the current managment thinking is that its the IT departments fault when other people look at porn and download spyware.

    • Why can't ID10T lusers be simply backcharged for the costs of cleanup? Give them a stern lecture and one warning incident, then dock their pay. Put up an intranet page with all the approved anti-virus and spyware-sweeper packages and then hold the employees responsible for their own actions.

      Oops... I said "responsible", didn't I? Well, so much for that idea.

    • > [...Windows 98 based computers] There's a running process that resets it whenever the user attempts to change the home page by any way, but it's using rootkit tactics to shield itself from being uninstalled by anything. The OS is hosed, it needs to be reinstalled.

      Rant: WTF d00d?

      If we were talking NT, 2K, or XP, I'd agree.

      Win95/98? Set BootGui=0 in MSDOS.SYS. Reboot the pig. Look, Ma, no running processes on boot! Type DELETE WHATEV~1.EXE (whateverthefucktheproblemis.exe) and type WIN.

      • ...you can delete them once, they hide in some other start-up file reinfecting the machine. Trust me, some of these are near totally uninstallable by anything else but a clean reinstall.

        Kjella
        • "...you can delete them once, they hide in some other start-up file reinfecting the machine. Trust me, some of these are near totally uninstallable by anything else but a clean reinstall."

          That's why you check autoexec.bat, config.sys, system.ini, win.ini and the registry */Software/Microsoft/CurrentVersion/Run* keys.

          I love 98SE for this - it's extremely easy to un-fuck-up provided that no important system files were replaced with trojans, and even then a date check and extract /a from the CD usually fixes

  • I support this (Score:2, Informative)

    by rokzy ( 687636 )
    my uni is pathetic and refuses to implement any kind of anti-spam at all just so they can't be held accountable for anything.

    force them to sort it out. and if they can't fix it then get rid of it. something will fill the void and either way the problem is solved.
    • > my uni is pathetic and refuses to implement any kind of anti-spam at all just so they can't be held accountable for anything.

      Delete a few of the mortgage spams, leave in the "Tentacle Rape" and "Beat her to death with your horse cock" spams.

      Then run the mess through SpamAssassin, and say "Here's what we'd be free of if we could just get the administration to authorize installation of this Free software on our mail servers."

      Hand both printouts to a female accomplice (preferably lesbian, or at le

  • i'd roll back to etch-a-sketches (Score:5, Interesting)

    by geekbruin ( 628580 ) on Wednesday April 28, 2004 @12:51PM (#8997621) Homepage Journal
    Sounds like that is going to put a huge amount of burden on the companies. If I were running my own private business, I'd be inclined to unplug everyone's network connections and hand out typewriters. I don't know how strict the legistlation is, but it sounds to me that this might promote anti-technology.

    • If I were running my own private business, I'd be inclined to unplug everyone's network connections and hand out typewriters.

      I think this is pure overkill. You would lose much, much more than you would gain by implementing a scheme such as this. Morale, for one, would suffer immensely. If they had connected computers before, and are suddenly forced into accepting a more inferior arrangement, they are bound to feel the loss. This, along with the loss of access to the information resource that the Internet

      • "probably mean a considerable loss in productivity. "

        You then fire the lazy workers. No? Oh yes I forgot, no one gets fired anymore unless you goto work with a gun and kill a few people.

        Then you get a few weeks of suspended pay.
      • i agree. my typewriter statement was factitious in order to show how the law could adversely affect small business. my point is that it should be important for these legislators to consider the financial impact that this would have. not only would it drive up cost for everyone but would favor large businesses with preexisting IT infrastructures over smaller companies whose IT person might some multipurpose employee that by chance knows how to reboot computers, share printers, and run windows update (which,
    • If we replace SMTP with something more secure, as one poster suggested, it would help. Of course it would also cost quite a bit, as we'd have to have both systems running during the changeover. Once that's done, the spam drops, causing everybody to use less bandwidth on a day-to-day basis. Not only does this cut costs directly, but the time saved on legitimate net business would add to the savings. I wouldn't be at all surprised to find that the savings would pay for the change in short order.

  • US is the same (Score:5, Insightful)

    by gorbachev ( 512743 ) on Wednesday April 28, 2004 @12:53PM (#8997642) Homepage
    You can do the same for any US employer using existing discrimination / harrassment laws.

    • Re:US is the same (Score:2, Insightful)

      by geekbruin ( 628580 )
      But would you be able the prove that the company providing the method in which the offensive material is delivered is responsible for that material? if porn telemarketing existed, for example, would it makes sense to blame the company for giving you a phone number that a 3rd party obtained and and diailed to solicit porn to you? same goes for snail mail. do you hold the USPS responsible for potentially offensive junk mail?

    • Uk likewise already (Score:3, Interesting)

      by Alan Cox ( 27532 )
      While there doesn't appear to be any caselaw handy there is a consensus view that it falls under the "duty of care" an employer has to their employees. That isn't a disaster since the law revolves around the ficticious "reasonable person" so it requires reasonable effort rather than perfection.

      Similarly although case-law has yet to appear there are good arguments that someone failing to take reasonable care of their systems and getting viruses/being used to spam others could be liable for negligence.

      "for

  • More work for us! (Score:5, Insightful)

    by LostCluster ( 625375 ) * on Wednesday April 28, 2004 @12:53PM (#8997650)
    We should be celebrating laws that require business to do something about user-annoying IT problems. Legislating a need for IT translates to tech jobs that can't be cut... and that's more work for us.

    There are solutions to Spam that companies can use, they just keep getting killed because PHB's say they fail the cost-benefit tests. However, when you throw the prospect of a big lawsuit in the face of a PHP, it changes the balance of the scale.
    • Fast food for thought:

      By the same token, a company could/should be able to sue a user dumb enough to download a screensaver virus, etc.
    • Its beyond me how some manager can claim that spam filtering isn't worth it. A company's biggest expense is salary, and how much time (and therefore money) do employees waste filtering out spam manually?
    • There are solutions to Spam that companies can use, they just keep getting killed because PHB's say they fail the cost-benefit tests. However, when you throw the prospect of a big lawsuit in the face of a PHP, it changes the balance of the scale.

      Actually, I think the PHP as well as the web server it runs on will silently ignore you. Certain other TLAs might react though.

      Kjella

  • Cool (Score:2, Interesting)

    by tbjw ( 760188 )
    If this makes employers consider better spam-filtering mechanisms, surely that's a good thing for everyone. We know that it is more-or-less impossible to stem spam at the source, so legislating to impede spam at some other point is not entirely a bad thing.

    Of course, the tinfoil-hat folks will be vomiting to themselves over the evil intrusive regulation, but come on, how hard is it to try to filter spam?
    • If this makes employers consider better spam-filtering mechanisms, surely that's a good thing for everyone.
      The more likely response is an increased prevalence of "obscene" content filtering, without regard to whether the offending mail is spam. That is not such a good thing.

      It's true that that kind of thing shouldn't be going on at work anyway, but such filters lack human judgement and therefore usually have to be a bit over agressive if they're to be effective at all.

  • Porn Spam? (Score:4, Funny)

    by Anonymous Coward on Wednesday April 28, 2004 @12:55PM (#8997674)
    I just get spam telling me how small my penis is. I never get pictures of naked people!

    How comes I have to miss out? :(

    • Re:Porn Spam? (Score:5, Funny)

      by Kenja ( 541830 ) on Wednesday April 28, 2004 @01:23PM (#8998019)
      "I just get spam telling me how small my penis is. I never get pictures of naked people!"

      That's because we keep getting pictures of you naked. Can't you take some constructive criticism?

    • Quick hint: stop using pine.

      Seriously, I had no clue what people were talking about until I started using webmail. Everyone was talking about obscene pictures in their e-mail, why didn't I get any of those? I finally realized I was getting them, I just had a really nice filter.

      If you want to avoid pr0n spam, use pine. If you want pr0n spam, stop using pine.

  • This law is irrelevent. (Score:5, Interesting)

    by Chiasmus_ ( 171285 ) on Wednesday April 28, 2004 @12:55PM (#8997679) Journal
    The law is irrelevent, because not too many countries are following it.

    From BBC news [bbc.co.uk]:

    They also found that eight EU member nations have yet to implement the directive despite the deadline for compliance falling more than six months ago.

    The rogue nations - Belgium, Germany, Greece, France, Luxembourg, the Netherlands, Portugal and Finland - have been threatened with legal action.

    The problem with international laws is that nationalistic countries are generally inclined to ignore them.

    Honestly, since I couldn't find a single link to the actual legislation, it's hard to tell whether employers could actually be held liable for spam, or whether this is just FUD.

    Obviously, if an employer intentionally turns off the spam safeguards on one woman's machine, because she's very religious and he knows it'll freak her out, then that's sexual harassment through spam.

    But spam that slips through the cracks despite reasonable efforts to stop it... I have to say, I don't think any court in the world would find a tort there.
  • Problem is with vague rules, they are easily taken advantage of..

    Sonuds like a lot of lawsuits in waiting.. Easy money... ( for the lawyers )

  • Very Sticky Subject (Score:5, Interesting)

    by Prince Vegeta SSJ4 ( 718736 ) on Wednesday April 28, 2004 @12:56PM (#8997696)

    "European employers must be aware of the risk of new computer-related liabilities," said the researcher for the University of Amsterdam's Institute for Information Law.

    "An important example of such a potential new liability is the risk of being held accountable for not protecting employees against unsolicited pornographic e-mail."

    This could encourage companies from denying Internet access to employees, after all why risk sexual harassment lawsuits for something that is so difficult to stop.

    On one hand you can have an opt-in list for employees, where someone must "allow" a person to send mail to an inbox. I use this for my Dads email account due to all of the spam (however, being his personal and business email address, I must constantly monitor the mail so that nothing important gets caught in the SPAM TRAP)

    Which leads to the other hand, opt-in limits your ability to do certain things, for instance if you pass out business cards with an email or want legitimate, but currently unkown people to contact you it is a pain in the ass.

  • In Europe? (Score:5, Insightful)

    by Shoten ( 260439 ) on Wednesday April 28, 2004 @12:56PM (#8997698)
    I thought the U.S. had the market cornered when it came to ridiculous PC requirements in the workplace. Honestly, you'd think that in all places, EUROPE...where there is topless advertising in magazines...would be sensible enough to tell its users, "Look, we're all grownups here, and we all know how hard spam is to deal with. There is no magic solution yet, you're going to have to deal with it." I mean honestly, how many people have spam tackled at home on their own, anyways? It seems nuts to ignore the difficulty of stopping spam in an enterprise environment when coming up with guidelines to punish companies for not doing so.

  • True Story... (Score:5, Interesting)

    by Noryungi ( 70322 ) on Wednesday April 28, 2004 @12:57PM (#8997713) Homepage Journal
    Slightly OT, but still...

    One day, one of my colleagues came to me and asked (absolutely furious) " Why do you send me gay porn on my email address? ".

    Turned out that some sleazeball spamfscker had harvested my work email address and was using it to send gay porn HTML email, using 'clever' JavaScript to open dozens of windows containing images of a nature I will not describe here (Think group goatse.cx here -- yes, it was that bad). The 'From:' header contained, of course, my spoofed address.

    Fortunately, this was a rather tech-friendly company and the colleague was also a good friend. I was able to explain to her that this was, in fact, not coming from me. And I showed her how to disable JavaScript in Netscape Mail. She, in turn, relayed the information to the rest of her open-space co-workers.

    I still shiver when I think of the potential consequences if she had shown the email to our bosses, instead of closing down all the windows and going into my office... A short time after this incident, our sysadmins (bless their souls) installed SpamAssassin on the Postfix server, with a very threshold. And that was the end of spam.

    • Re:True Story... (Score:5, Funny)

      by GoofyBoy ( 44399 ) on Wednesday April 28, 2004 @01:04PM (#8997792) Journal
      Like a dream I had last night...

      One day, one of my colleagues came to me and asked (absolutely furious) " Why do DON'T you send me gay porn on my email address? ".

      Then the 70's pr0n music started ...

    • I'm just kinda curious as to why she thought THAT you would be sending her gay-pron and why she automatically assume that it was spam. You had better hope (if you're straight) that certain rumors haven't started - maybe you had better date a few of the ladies in the typing-pool and leave a few copies of Stuff/Maxim on your desk.
      • You had better hope (if you're straight) that certain rumors haven't started

        Then there are those of us that work in environments where no one cares what another person's sexual orientation is and don't really need to prove anything by dating "a few of the ladies in the typing-pool".

  • Thanks to the new E.U. standards, there will be no more email. Frankly, we at $company can't be bothered to keep up with their standards much less justify the expense. Please go back to inter-office memos, fax, & snailmail.

    :)

    But seriously, does the E.U. really have to impose itself on businesses this badly?

  • Well Meaning People Can Be Idiots (Score:4, Insightful)

    by List of FAILURES ( 769395 ) on Wednesday April 28, 2004 @01:01PM (#8997758) Journal
    Or is it vice-versa? Idiots can be well-meaning people?

    Where I work, we installed a Barracuda Spam Firewall. It works fairly well, but crap still gets through. And as we add our own REGEX filters, we find the false-positive rate increasing. The only real solution is to expand existing mail protocols to account for spam. Specifically, some changes to the SMTP protocol that require the sender definitively ID themselves before sending. This would provide accountability of some sort. I know, I know. Some people are going to attack me for proposing the modification of SMTP. What, then, do YOU suggest Oh mighty one?

  • Snail mail screening? (Score:5, Interesting)

    by michaelmalak ( 91262 ) <michael@michaelmalak.com> on Wednesday April 28, 2004 @01:02PM (#8997766) Homepage
    As often stated, follow pre-Internet laws unless absolutely necessary.

    Is an employer required to open all snail mail to screen it for porn? Would that, actually, be illegal?

  • Sleazy? (Score:2, Funny)

    by tds67 ( 670584 )
    The author of the study advises companies running email servers to use filtering technology, and warn employees about the sometimes sleazy content of spam.

    Sometimes sleazy content of spam? Since when has spam not been "sleazy?"

  • Perhaps employeers could require employees not to give their email address to anyone. That would, of course, preclude them from sending any emails. This would definitely prevent their addresses from getting into the hands of spammers. Problem solved! No spam!

    Or if that seems a little extremely, there could be an Email Czar that reads every email coming in and only passes the ones that aren't porn off to the recipient.

    Hey, stupid laws require stupid solutions!

  • Depends on actions of the mail client (Score:5, Insightful)

    by Black Art ( 3335 ) on Wednesday April 28, 2004 @01:09PM (#8997849)
    No e-mail client should ever request content from a remote server and/or load images without a direct action by the user.

    Most porn spam loads images via html image tags or some other remote mechanism. (Usually with a web bug to figure out which address downloaded it so they can send you more spam.)

    If the user has an e-mail client configured by default to download contact automatically then it needs to be corrected. That is the fault of their IS/IT department or whoever ordered the IS/IT department to use that client. I don't even think Outlook is that stupid anymore.

    The other problem is that there are a whole lot of people who are unable or unwilling to just grow the hell up. So you get e-mail that describes sex. So what? Big deal! Sex is a part of life. Just delete it and move on.

    But instead, these growth stunted pod people want to obscess over that part of life that they have not learned to accept. Instead of blaming themselves and their upbringing (or lack thereof) they are going to take it out on ANYONE else.

    The best thing to do to avoid such legal problems is find out who these people are in your company and deny them ANY outside e-mail whatsoever until they can behave like a grownup.
    • No e-mail client should ever request content from a remote server and/or load images without a direct action by the user.
      You are correct, sir!

      A question for the audience: where did HTML email originate? A Google search on 'origin html email' and 'first appearance html email' came up empty.

  • I posted an Ask Slaskdot on this... (Score:4, Interesting)

    by Gudlyf ( 544445 ) <<moc.ketsilaer> <ta> <fyldug>> on Wednesday April 28, 2004 @01:11PM (#8997880) Homepage Journal
    ...and of course, it wasn't accepted, but that's beside the point.

    We had an issue here in the workplace where porn spam was getting through to a list. Basically this was the equivalent to an "info@..." list, where potential customers would email for product information. One woman who was required to read those emails started to complain about the porn spam. Even though I had spamassassin doing a heck of a lot of blocking, plenty still got through.

    Let's put aside the web form option for the moment. Could she really sue the company for making her read the email to that address? From what I was told, I don't think so, since we had proof that we were at least trying to remedy the situation any way we could. Has anyone else run into a similar situation and had someone really sue the company?

  • Saw this one coming... (Score:5, Interesting)

    by pointbeing ( 701902 ) on Wednesday April 28, 2004 @01:13PM (#8997902)
    In the federal agency where I work I've been hollering about hostile work environments for more than a year.

    My primary job function is R&D and I've told bosses for quite awhile that I thought it exposed the government to liability if we weren't using industry best practices to combat spam.

    I even offered to ask the agency's legal section what our exposure was and was 'discouraged' from bringing this to Legal - I think because if the lawyers *do* find a risk the problem would be immediately escalated to HQ for resolution ;-)

    Anyway, I researched several client, server and mail gateway products - everybody thinks combating spam is a good thing, but the higher-ups can't decide whether to automagically delete spam at the gateway (lousy idea) or just tag it and use client-based rules to quarantine it (much better idea).

    Anytime you do rule-based mail deletion you open up the opportunity for me to explain to my boss that the reason he didn't receive my project was because the mail gateway ate it.

    IM frequently less than HO corporations need to protect both themselves and their employees.

  • The overly broad wording of the legislation, according to the study, could allow employees to sue employers for not doing enough to stop porn spam.

    I know pretty much nothing about European law, but here in the US we can sue anybody for anything. There are horror stories of criminals suing their victems for being injured in the course of their crime and winning. I've read the article twice and saw nothing that said this legislation would "allow employees to sue".

    Spam has really gotten out of hand. I ru
  • You know what I wonder about? Why is it while I have a military email address that is out there ALL OVER the internet, and I get HUNDREADS of emails every day, I get no spam at all except from the occasional boiler-room that thinks I need an MCSE? No porn, no penis pills... What is it that DoD/USAF is doing to stop spam that others are not?

  • This is what happens (Score:4, Interesting)

    by KalvinB ( 205500 ) on Wednesday April 28, 2004 @01:21PM (#8997993) Homepage
    when politicians get involved with problems that aren't political.

    What's stopping these users from installing their own filters?

    Next thing you know, empolyees will be suing employers for lost e-mails killed by the main filter.

    As for SMTP being broken...you can already trace spam back to it's origin. All the way back to that open relay. It doesn't take brain surgery to fire up a DNS server or use an already existing one like DNSMadeEasy.com and assign your spam domain to the IP of the proxy you'll be using. The owner of the IP can in no way shape or form prevent "unuauthorized" domains from pointing to their IP. I pointed linux.icarusindie.com at Microsoft's web-site and windows.icarusindie.com at linux.org for awhile. MS's site automatically fixes the url while Linux.org showed up as my domain no matter where I went on the site.

    Spammers already use tons of domains to host the product page linked to by the "click me." All they're going to do is put a mail server on that domain. So now all you're going to have are spams where the "click me" domain and from domain match. Whoopee.

    You can already filter out "click me" domains which results in 100% accuracy (as long as you're not silly enough to think a computer can do all the work) and 0% collateral damage.

    If your plan of attack involves some kind of "accountability," forget it. The internet is an anonymous place. You have to find a way to deal with the problem without this silly idea that spammers are somehow going to surrender and identify themselves just because you changed the protocol.

    Ben

  • Take some responsibility (Score:3, Interesting)

    by Ungulate ( 146381 ) on Wednesday April 28, 2004 @01:27PM (#8998064)
    I think it's absurd for users to demand protection from the spam that THEY CAUSED by being promiscuous with their email address. I've had my work email address for almost five years now, and I've never gotten a single piece of spam because I'm not dumb. My coworkers complain about spam endlessly, and I have not an ounce of sympathy for them. Hotmail has great spam filtering these days, maybe they should be using it instead of their employers' email.

    I dont know why this was posted as AC because I was logged in.
    • I've had an email account for 3 years that was totally spam-free. I was careful with it, wasn't "promiscuous" with it. I carefully shielded it by using a "spamtrap" address to vet companies - any company I start doing bidniz with is "on probation" for a coupla months, then if they behave and don't send me ads, I'll update my addy with them to my protected account. I do several other things also to protect myself.
      Then a person to whom I'd given my email to stupidly answered the ebay-phishing email, got tro
  • blocking keywords like p0rn, porn, virgins etc if one gets through by using words like p.o.r.n for example - does that count as enough?
  • If it works for email, then you should be able to sue an employer if somebody from outside the company mails you porn in an envelope. There's no precedent for employers being responsible for censoring incoming mail, and I certainly wouldn't want a few litigious opportunists to force it on society. Ridiculous.
  • Spammers are parasites. Like parasites, they live off the host, eventually killing the host and themselves. So, here is what happens if someone successfully sues a company for allowing spam. All companies do a ROI on email and decide:
    1. email costs the company X dollars per year in servers, spam filters, network, etc.
    2. email now presents a risk of Y dollars in terms of possible lawsuits
    3. the cost of doing business without internet email is Z dollars

    Do the math: Is X + Y > Z? Then get rid of intern

  • Not realistic (Score:4, Insightful)

    by flibuste ( 523578 ) on Wednesday April 28, 2004 @03:23PM (#8999653)
    As an european living in North-America, this article , although true in its content, plays a lot of noisy drums for nothing.
    Contrary to USA, europe does not have a culture of suing people or companies, and in particular against "hostile work environment".
    I don't think the situation were an employee sues his company for receiving p0rn spam will arise often, since the employee will have nothing to win apart from losing his job and never find another one (suing your company is generally not a good thing on a resume). (I dont say you lose your job if you sue your company - legally you cannot, but we all know how easy it is to for companies to find other supposedly legal reasons to fire you).
    Moreover, if your receive spam, it generally means that you have used your work e-mail address for non-business related issues, and you'll end up walking on dangerous grounds if you try suing your company for that.
    So, to me, this article has been written by someone who knows laws, can forsee their effect, but do not know the european culture enough and makes the common mistake of comparing it to north-america. Or maybe he never worked in a company where e-mail is used for work.

Slashdot Top Deals

Understanding is always the understanding of a smaller problem in relation to a bigger problem. -- P.D. Ouspensky

Close