Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Spam United States Your Rights Online

CAN-SPAM Is A Bust 305

Doc Ruby writes "The Congressional chatter about 'canning spam', in the CAN-SPAM law since January, has turned out to really mean 'they can still spam'. TechWeb News reports that 'In July, compliance fell for the first time under one percent to a measly 0.54 percent', from its 3% max. The researchers claim the ball has been dropped by 'law enforcement'. Those police are probably too busy deleting the 80% spam from their email, like everyone else."
This discussion has been archived. No new comments can be posted.

CAN-SPAM Is A Bust

Comments Filter:
  • Told You So (Score:2, Insightful)

    by Anonymous Coward
    Do we say it now, or do we still have wait?
  • by danamania ( 540950 ) on Saturday August 07, 2004 @12:24PM (#9909096)
    This all sounds very similar to the problem with a security system in a corporation. You can have as brilliantly designed a security system as you like, but if you have a hole on the inside (a person who is lax with keys, or passwords etc) then the whole security system falls down from the inside.

    Similarly here, an act that's got good intentions ends up having a few well paid government people slip in an exception here for telemarketers or a leniency for charities etc, and when it comes to implementation, the whole thing falls down
    • by Anonymous Coward on Saturday August 07, 2004 @12:30PM (#9909131)
      Similarly here, an act that's got good intentions ends up having a few well paid government people slip in an exception here for telemarketers or a leniency for charities etc, and when it comes to implementation, the whole thing falls down

      You're misunderstanding the problem. It's not that there are exceptions in the act for charities and such. It's that spammers are breaking the law overwhelmingly and are not being stopped. The researchers are blaming law enforcement, not Congress.

    • by Ken McE ( 599217 ) <kenmce@@@spamcop...net> on Saturday August 07, 2004 @01:41PM (#9909459)
      If you take a look at the actual bill ~

      http://thomas.loc.gov/cgi-bin/query/z?c108:S.877:

      and spend some time to boil off all the legalese, you will see that the bill is not intended to prevent spamming. That was used as a sales point, but is not supported anywhere in the text. The bill is written obscurely enough that ordinary people cannot read or understand it. I assume that is by design.

      Some of the main things it does do:

      It destroys all existing state and local level anti-spam laws. Some of them were actually becoming effective, so they had to go.

      It removes any legal right of action from 99.99% of the population. The only entities who can bring action under it are ISPs and a few governmental agencies.

      If these ISPs/Agencies want to bring suit they must do so in a federal court, not state, local, or small claims. If you don't have $10,000 (US) that you can throw away to make a point, there is no reason to go there. You cannot represent yourself and even normal attournies are not all qualified to go there.

      The few federal agencies that can apply the law, such as state attourney generals, tend to already be fully occupied with things like rape, murder, grand theft, and chasing down workers in the drug and terrorism industries.

      If you come up to them looking for help, they have to decide whether to look into a few annoying emails, or go out and catch passing speeders and arsonists and burglars. Because they only see 1/10,000,000 of any given spam run, it will look like nothing more than a misdemeanor. It will usually look like it is not even in their jursdiction. Guess who wins?

      Small ISPs are unlikely to have the money to pursue cases under this law. Some of the major ISPs have gone after a dozen or so spammers. Even if they win every case, twelve or so prosecutions a year is not a noticable deterent for the remaining hundred thousand or so spammers.

      The net effect is that this bill ought to be called the I-CAN-SPAM act, as this would represent it accurately.

      • by gujo-odori ( 473191 ) on Saturday August 07, 2004 @02:13PM (#9909586)
        Yeah, what he said.

        I work for a large email security company, and before CAN-SPAM was even passed into law, it was obvious that it would be a total balls-up from the standpoint of preventing spam. Our network processes over 100 million messages per day, the great majority of it spam. Almost none of that spam contains a CAN-SPAM compliant notice, and one good reason it doesn't is the few spammers who tried that found our right away that having such a notice makes it very difficult to delivery your spam.

        In anti-spam circles, the act has long been known as the YOU-CAN-SPAM act for precisely the reasons that you state: it overturned all existing anti-spam laws (which were far more effective) and gave spammers a free pass to spam you.

        They have to stop if you use the unsub link, but let's face it, after years of unsub links that just confirm that you have a working address, no one would ever trust an unsub link in a spam, even one that purported to be CAN-SPAM compliant.

        Nor should they. I will tell you exactly what happens if you use the working unsub link. They drop you from the list for that exact pill which will get you 3+ inches in length and at least an inch in girth. Of course, they also have now confirmed that your address is working and being read, so you get on the list for the patch which gives you 1 - 3 inches in length and a substantial increase in girth. Or the simple, effective exercises, because as everyone knows, pumps, pills, patches, and surgery don't work. And of course, then you'll need an online bored housewife dating site with which to use your newly enhanced manh00d.

        CAN-SPAM has done absolutely nothing to can spam; indeed, it allows spammers to operate with near-impunity and it's the reason Scott the Snot Richter walked out of court in New York recently with a slap on the wrist (yes, to an enterprise spammer like Richter, a $40,000 fine and no jail time is a slap on the wrist, and was a great disappointment to the DA).

        It's really unfair of the people who WTFA to blame law enforcement; CAN-SPAM was bought and paid for by the DMA, who obviously owns the finest politicians money can buy. CAN-SPAM is functioning *exactly* as intended. If you read the details of CAN-SPAM, it is impossible to believe that it's authors were not precisely aware that they were legalizing spamming. Prior to CAN-SPAM, there was no federal law stating whether spam itself was legal or illegal. There were plenty of state laws that said much of it wasn't, and no state law that said it was. Now we have a federal law which explicitly legalizes spamming and destroys all state anti-spam laws Accident? Cluesslessness? Not a chance.

        CAN-SPAM has been very good for companies like mine, which provide services to keep spam out of companies' mail systems. Business is better than ever for us, and I'm sure our competitors are seeing similar business conditions. It has been pretty good for spammers, too, since they can carry out business as usual and do so without fear of prosecution or even, in most cases, of civil suit - something they could never do before.
      • Someone please mod parent up. Ed Foster [gripe2ed.com], in one of his InfoWorld articles, called it the YES-I-CAN-SPAM Act when it was first introduced. The act was basically written by lobbyists for large companies that don't want their *right* to spam infringed upon. It's nothing but a legalized list of loopholes. As the parent pointed out, it was worse than doing nothing.

        The worst provision was making spam legal as long as you provide a *method* for opting out. These can include telephone, snail mail, or links t

      • This is largely true: yes, the original bill is flawed and compromised (not exactly unusual for a controversial new law). However, I think you are missing an important point: now that this bill has failed, and constituent's mailboxes are still filled with spam, there will be more demand for a tougher national law, similar to what California's was.

        And here's an idea: a rule that says legislators cannot use a .gov address (which are avoided by spammers), but must use one from a regular ISP on .com or .net. I
        • And here's an idea: a rule that says legislators cannot use a .gov address (which are avoided by spammers), but must use one from a regular ISP on .com or .net. I suspect they'll see the problem much more clearly.

          Or start sending legal (as defined by CAN-SPAM) spam to .gov addresses.. Making sure to give each address that unsubscribes from a list to 10 other legal entities (i.e. slashdot users) to spam them silly with legal spam.
  • by erroneus ( 253617 ) on Saturday August 07, 2004 @12:24PM (#9909097) Homepage
    I propose they add a vigilante provision that allows anonymous receivers of SPAM to seek out and beat the shit out of anyone found to be sending SPAM.
    • Not enough! (Score:5, Informative)

      by Trillan ( 597339 ) on Saturday August 07, 2004 @12:26PM (#9909116) Homepage Journal

      We also need a clause that allows us to beat anyone who buys stuff from spam.

      (Note: It's spam, not SPAM. SPAM is a registered trademark of a certain food company that is graciously not suing the ass off of everyone, and asks only that we not capitlize the word.)

    • Provided that anyone who wants to engage in said vigilante practices passes "Basic intepretation of email headers 101". Every few months I get bounces for emails sent using my email in the From: While I sure as Eris didn't send them, anyone who doesn't know how to interpret headers properly won't know that. Sure, anyone who knows how to counterattack is probably going to know how to interpret headers, but I know the basic laws of human stupidity too well to trust in that fact.

      I'm all behind wiping spammers
    • I'd like to see provisions that recognize the fact that spammers are non-persons and non-animals, and are therefore not subject to the protections of the law or the Constitution. :-)
  • no sooner said than done ! http://www.spam.com/ [spam.com]
  • If they only.. (Score:4, Insightful)

    by Orgazmus ( 761208 ) on Saturday August 07, 2004 @12:25PM (#9909109)
    If they only were using the time to catch real criminals like rapists and robbers, I could live with this. But since the money is used to catch potsmokers and the people driving 4mph too fast, I say fsck it.

    Spamfiltering in all clients is a better aproach.
    Making spam illegal wont help, making spam useless does!
    • Re:If they only.. (Score:5, Interesting)

      by SQLz ( 564901 ) on Saturday August 07, 2004 @12:45PM (#9909197) Homepage Journal
      If they only were using the time to catch real criminals like rapists and robbers, I could live with this. But since the money is used to catch potsmokers and the people driving 4mph too fast, I say fsck it.

      They do use money and time to catch real criminals....unfortunately society has deemed pot smokers and speeders 'real criminals'.

      • Re:If they only.. (Score:2, Insightful)

        by rokzy ( 687636 )
        speeders are real criminals. they endanger other people's lives. they do actually maim or kill thousands of people every year.
        • by Tassach ( 137772 ) on Saturday August 07, 2004 @01:22PM (#9909373)
          speeders are real criminals. they endanger other people's lives
          So do the nitwits who drive 15MPH slower than the flow of traffic. I don't give a fuck if the sign on the side of the road says 55, if the average flow of traffic is going 70, then if you are driving 55 you are JUST AS DANGEROUS as someone driving 85, if not more so.

          If you want to talk about the real dangerous drivers, let's talk about the assholes who yap on their cell phones the whole trip, or the dumbasses who spend all their time fucking with the radio or talking to their passenger instead of watching the road, or the shitheads who can't figure out how to use a fucking turn signal, or (my pet peeve) the fuckwads who can't maintain a safe following distance.

          • no, driving slow is almost never dangerous. if you can't see slower drivers and slow down or change lanes safely and with plenty of time, always maintaining a safe distance between all cars, then YOU are the dangerous one.

            I remind you that (in the UK at least), the driver in front should be able to slam his brakes on without it having any serious effect on your driving. if it does have a serious effect then you are not paying enough attention or giving enough room. if you drive into the back of another car
            • Re:If they only.. (Score:4, Insightful)

              by Buran ( 150348 ) on Saturday August 07, 2004 @03:37PM (#9909938)
              If you are driving slower than the rest of the traffic on a road, then you are basically an obstruction in the road which other drivers have to get around. Since they do this by moving in front of other drivers in the next lane over as they see you, they are creating a necessity for the other driver to brake. Not all drivers are equally skilled and one or more may panic brake, causing rear-end collisions. You are assuming that all drivers are equally skilled, which they are not.

              You wouldn't consider it safe to just park in the travel lane of a major road, would you? If there's enough of a relative difference between your speed and that of other cars, you are basically doing exactly that.

              I know how to drive pretty well and I've gotten really tired of idiots who insist on doing 60 whenever everyone else is doing 80, including me (because blending in with the flow of traffic is the safest thing to do unless the speed of that traffic is inherently unsafe) and creating a choke point, because I have to either dodge their stupid ass by risking cutting off some other driver, or running the risk of getting myself rear-ended if somebody coming up behind me doesn't see the jam you created by not considering the safety of everyone else on the road.

              And obstructing traffic IS a ticketable offense.
          • That contains some good points, but the language didn't help to make it clearer.

            So do the [people] who drive 15MPH slower than the flow of traffic. I don't [care] if the sign on the side of the road says 55, if the average flow of traffic is going 70, then if you are driving 55 you are JUST AS DANGEROUS as someone driving 85, if not more so.

            There may be a reason for not doing 70, such as running on a "donut" spare tire or being a vehicle with computerized ignition that has gone into *limp home mode* - i

            • I came across one of these mobs earlier this week and it never occurred to any of the drivers in it that slower traffic needs to move right, not take up the middle and left lanes as well.

              A pack of slow cars indeed dangerous -- other drivers coming up over a hill at the prevailing speed aren't going to be able to see it and may plow into the rear of one of the pack cars, causing a chain reaction accident (I've seen several accidents of that sort).
              • other drivers coming up over a hill at the prevailing speed aren't going to be able to see it
                If this happens, the drivers coming over the hill were going far too fast. There's no excuse for driving blindly at highway speeds.
                • Studies have repeatedly shown that drivers will drive at a speed that they deem to be safe in the vehicle they are driving under the conditions that they are driving in on the road that they are driving on. "Too fast" is a condition in which a driver feels that conditions are no longer safe.

                  Drivers will individually select speeds that vary relatively little because a perception of too much difference in speed between your car and other cars contributes to a feeling of unsafe conditions.

                  A pack of cars that
                  • Re:If they only.. (Score:3, Insightful)

                    by aardvarkjoe ( 156801 )
                    There is no way that a car, travelling so fast that an obstruction in a part of the road that is not yet visible cannot be avoided, can be considered to be travelling at a safe speed. If an accident is caused in such a situation, the blame lies solely on the person who was unable to control his vehicle because of his excessive speed. Virtually everyone has an inflated opinion of their driving skill, and trusting them to pick a speed that really is safe is lunacy.

                    The whole "everyone should drive the same

              • A pack of slow cars indeed dangerous -- other drivers coming up over a hill at the prevailing speed aren't going to be able to see it and may plow into the rear of one of the pack cars, causing a chain reaction accident (I've seen several accidents of that sort).

                Um, I not sure what you're referring to. If you have slow traffic in all lanes coming over a rise, that sounds like a traffic jam, not a problem with people driving under the speed limit. Slow traffic should indeed be on the right. In my exper

                • It's not a jam, not that kind of pack. It's a group of people who know that they are moving more slowly than prevailing conditions, yet who have not respected the rules of the road by moving into the slow lane and permitting others to move on by. There is clear road ahead of the pack where cars are moving at the optimum speed drivers have chosen for that road and the conditions -- something they do by instinct (studies of driver behavior support that.)

                  Some states are actually making it a ticketable offense
                  • It's not a jam, not that kind of pack. It's a group of people who know that they are moving more slowly than prevailing conditions, yet who have not respected the rules of the road by moving into the slow lane and permitting others to move on by.

                    You are seriously suggesting that there are speed-limit-vigilantes in packs out there? It's certainly not in any state I've recently been in, especially California, since anyone doing such a thing would be expected and legal road kill (disclaimer: I no longer li

      • Re:If they only.. (Score:2, Insightful)

        by Tassach ( 137772 )
        society has deemed pot smokers and speeders 'real criminals'.
        Society hasn't, politicians catering to a small vocal minority have. The real criminals are the ones in elected office.
    • Re:If they only.. (Score:4, Insightful)

      by PhoenixOne ( 674466 ) on Saturday August 07, 2004 @12:46PM (#9909205)
      > If they only were using the time to catch real criminals like rapists and robbers,
      >
      Yes, that's right. The three cops who enforce all law in the US are all busy fighting spam.

      Remember, just because you got a ticket for doing 90 in a school zone doesn't mean doesn't mean a rapist goes free... Bad logic kills.

    • Re:If they only.. (Score:3, Insightful)

      by hattig ( 47930 )
      Spamfiltering in all clients is a better aproach.

      No it isn't. It is still using my bandwidth. And with 3000 spam e-mails a day currently, AFTER spamassassin has a go at what comes in I want a real solution to the problem.

    • Hypocrite (Score:3, Insightful)

      There are certain laws in this world. Some we like, others we don't BUT those who say that it is okay to break some while wanting others enforced are hypocrits.

      Spam laws you want enforced because they hurt you, I personally couldn't care less since I don't get more then 1 or 2 a year. I do however have to deal with the aftermath of speeding in the form of taking a good friend who is a ambulance medic drinking after he scraped yet another child out of a car hit by some speeder.

      So you think your concerns ar

  • Did anyone honesty think this law would stop spammers? I for one did not, these people do this for a living. They are going to find a way around the law, or in most cases just flat out ignore it.
  • by BeneathTheVeil ( 305107 ) on Saturday August 07, 2004 @12:29PM (#9909129) Journal
    Well, I for one, am shocked. Shocked, I tell you.
  • by ghettoboy22 ( 723339 ) * <scott.a.johnson@gmail.com> on Saturday August 07, 2004 @12:31PM (#9909132) Homepage
    I run a small home server off my cable modem for myself only - no big commercial operation. Been doing this for about 5 years or so... finally gave up last week after my spam flow increased from ~100/day up to ~100,000 (yes, one hundred thousand) per week in the past month or so.... Tried RBL's, Razor, SpamAssassin, DSPAM, Apple's Mail.app client.... stuff only helped so much. Constanting having to fine-tweak filters, re-train Bayes. It's too much of a hassle. Now I've given up. Set Postfix to forward all my mail to my Gmail account. Has helped quite a bit, plus when I do get a message that makes it into my Inbox, Gmail's UI makes it pretty easy to mark it as spam. I'll try this for a while.
    • by Kjella ( 173770 ) on Saturday August 07, 2004 @12:44PM (#9909192) Homepage
      ...they complain about the 0.2% that make it past the filters and blocklists to them. With the current growth, sooner or later it is going to collapse as even the 0.2% overflow their inboxes.

      Kjella
      • No, because I don't think the current growth can continue. The spam epidemic seems to be pretty close to its peak, people's internet connections maxed out can only send so much, and it looks like Windows is actually going to get more secure soon so I'm seeing thorny future for spam.
    • All I can say is that you obviously didn't do a good job of setting up your anti-spam system.

      I use sendmail to check for lack of HELO etc, then to validate that the sender domain really exists, followed by two RBL lists - although Spamhaus alone is probably good enough - the second one catches maybe another 5 to 10%.

      After that its Spamassassin, set up with individual beysian databases per user. Spam goes into the users SPAM folder for them to check, and I ask them to copy good mail into a NON-SPAM folde

  • There's just no way that you can solve this problem with politics. It's one the /. crowd will have to solve. Even if I wanted some physical vigialntie justice, I can't afford to track down some spamer in Russia. I'm really thinking it's a 2 pronged problem and, like the rest of you I have (at least) 2 addresses, deviding the issue in half. Only a few select people get one and the minor amount of spam I get there is easily filterable. The other one is a web based account. I don't pay for it; they can f
    • There's just no way that you can solve this problem with politics. [...] Even if I wanted some physical vigialntie justice, I can't afford to track down some spamer in Russia

      9 out of 10 times, the goods or services offered are from companies in the US. So track down the purveyor of the articles offered in the spam, and put some manners on him.

      In fact, this is what the legislators should be doing as well: make a law against hiring spammers. It's not a complete solution since the plaintiff will still h

  • by cluge ( 114877 ) on Saturday August 07, 2004 @12:35PM (#9909150) Homepage
    Slow news day?

    Lets look at some quick facts.

    1. The can spam law gave you and I (collectively the little people) exactly zero ability to extract anything from a spammer (like money) for damages.

    2. The can spam law requires law enforcement to track down spammers. Honestly - does anyone think Johnny Law is going to be going through those mail headers looking for the true source of spam? Lets be honest, the first chinese IP and they quit.

    3. This law does not place real world consequences for those breaking "cyber law". (It's supposed to, but the proof is in the pudding!)

    4. It does not allow you to complain about spam as a denial of service attack (which it most certainly is!)

    Until we start putting spammers in jail, or start forcing them to pay, and pay and pay and pay, you will continue to get spammed. Until then, lets be honest, the community is doing a better job of removing spam than the government is. Thanks NJABL, SORBS, Spam Haus et al.

    cluge
    • by nomadic ( 141991 ) <nomadicworld@ g m a i l . com> on Saturday August 07, 2004 @12:37PM (#9909161) Homepage
      1. The can spam law gave you and I (collectively the little people)

      That's what the spammers are after; our pots of gold.
    • i hear moans and groans going on and on about letting the market fix itself and not over regulating it by overzealous laws etc.

      but i guess we pick and choose what should and shouldn't be codified eh?

      why don't i hear everyone cheering that the law men found something that they couldn't fix with a wave of their wand? especially now that it's squarely (and rightly) back on the shoulder of techies to implement a spam free email systems.

      if regulating VoIP is bad, regulating broadcasting is bad, how come we're

      • Spam is theft of other peoples resources - plain and simple. Theft is a crime, and I find it amazing that I should have to pay for and maintain a system for other peoples unwated advertisements.

        There is no "hypocracy" here. I simply want to be allowed to defend the resources that I bought and paid for. The "hypocracy" that I see is the fact that theft of services and resources is crime if your a bricks and mortor company, but not for mail servers.

        cluge
        AngryPeopleRule
      • As my dad always said "Who's this we, you got a mouse in your pocket?"

        In other words there are over 100,000 people who read slashdot, but a very conservative count. (could easily be millions, I don't know) It is downright stupid to think that we share anyview views in common between all of us. Even the common held views have many exceptions. If you find any two people who agree 100% on everything you can be sure that at least one of them is not thinking! There are too many viewpoints for thinking people

      • i hear moans and groans going on and on about letting the market fix itself and not over regulating it by overzealous laws etc.
        but i guess we pick and choose what should and shouldn't be codified eh?

        The no-call list happened after enough complaints, and the telemarketing industry claimed they *liked* it.

        i love the smell of hypocracy in the morning.

        Personally, I love the smell of napalm in the morning because . . . it smells like victory. And if the "gummint" had even the weak resolve now that it h

    • by AllUsernamesAreGone ( 688381 ) on Saturday August 07, 2004 @01:50PM (#9909495)
      2. The can spam law requires law enforcement to track down spammers. Honestly - does anyone think Johnny Law is going to be going through those mail headers looking for the true source of spam? Lets be honest, the first chinese IP and they quit.

      The problem is that the most famous spammers, the ones responsible for the majority of the spam, make absolutely no attempt to hide what they are doing. Hell, if they prosecuted Alan Ralsky (who even slashdot readers managed to pin down a while ago, without access to many resources the police would have) then there would be a dramatic message sent to the spammers. Ralsky has given numerous interviews and has admitted what he does repeatedly yet he still walks free. Why?

      (oh, and a google search will show you that, at least last year, only 6% of spam is Chinese , 58% was American...)
  • Congressional legislation fails to stem a technology-related problem? What a surprise! I never saw that coming!

    Seriously. Congress should leave the damn thing alone and let us take care of it. I wish we had more bounty hunters in the United States.
    • Please excuse the faux pas.
    • Congress should leave the damn thing alone and let us take care of it

      Half right. Congress should empower us to take care of it ourselves. Namely, allow spamees to sue spammers in small claims court -- specifily in the SPAMEES' local small claims court, with a provision to keep them from escalating it to federal court unless there are special circumstances. $200 damages isn't much, but when you're being sued in 3500 jurisdictions simultaneously, it adds up fast. Remember that typically, in small claims

    • Comment removed based on user account deletion
  • Those police are probably too busy deleting the 80% spam from their email, like everyone else. This qualifies as a DDoS if I am not mistaken ;)
  • by nurb432 ( 527695 ) on Saturday August 07, 2004 @12:38PM (#9909165) Homepage Journal
    The entire 'act' was a joke in the first place. Purely a political maneuver to gain votes ( remember an election race was over the horizon )

    Most Spam either comes from bouncing overseas ( out of the US's jurisdiction ) or from zombie PCs ( already illegal due to the virus ) so I really don't think it had any chance to succeed anyway..

    More importantly ( and worrisome ) is that it setup a precedent, with public support, for criminalizing behaviors on the 'internet'. Opening a Pandora's box for the future..

    Perhaps a better idea would have been to hold the end companies liable, civilly not criminally, with hefty fines. Perhaps high enough they risk going out of business for allowing their product/business to be pushed via Spam...
    • by Kjella ( 173770 ) on Saturday August 07, 2004 @01:11PM (#9909327) Homepage
      More importantly ( and worrisome ) is that it setup a precedent, with public support, for criminalizing behaviors on the 'internet'. Opening a Pandora's box for the future..

      Perhaps a better idea would have been to hold the end companies liable, civilly not criminally, with hefty fines.


      Many forms of "behavior" are ciminalized on the Internet already, just as they are elsewhere. Threats, libel, slander, copyright infringement and many other on- and offline activities are illegal in all forms.

      CAN-SPAM may apply only to the Internet, but it is hardly unique. There are many systems around the world protecting against unsolicitated offerings by (regular) mail, phone or fax. There's no precendent being made by making a law specificly for the medium.

      The problem with holding the end companies responsible is that you must show they authorized it. Otherwise someone, without knowledge or approval could send spam FOR [company], and that company would get in trouble through to fault or action of their own. A Joe job, if you know the expression.

      Kjella
    • Perhaps a better idea would have been to hold the end companies liable, civilly not criminally, with hefty fines. Perhaps high enough they risk going out of business for allowing their product/business to be pushed via Spam...

      How do you prove that the end company sent the spam? Holding a company liable for being advertised via spam makes it very easy to harm an innocent company.
    • Most spam comes from American companies that want to make money out of the process. Don't let the pink contracts with Chinese ISPs and the networks of zombie mailers obscure this basic fact.
  • Go after those that are selling the products using SPAM.

    Yeah, yeah I know someone will go around framing people. Oh well
    • Go after those that are selling the products using SPAM. Yeah, yeah I know someone will go around framing people

      I already feel sorry for the legitimate, honest penis pill sellers and horse porn webmasters...

    • Yeah, then the slashdot horde will throw a fit because they're criminalizing useful tools.

      Witness the reactions to the proposed Induce act and the enacted DMCA, where Congress made new laws because the old ones were unenforcable.
  • Great (Score:5, Insightful)

    by mcc ( 14761 ) <amcclure@purdue.edu> on Saturday August 07, 2004 @12:45PM (#9909198) Homepage
    So we were initially worried CAN-SPAM would fail because we feared it was so weak it might actually protect certain "marketers" who bothered to follow its provisions to the letter. Now it turns out that it's going to fail because even it its weakened form, it isn't being enforced...

    I think CAN-SPAM could be a good thing if they did enforce it. Even if some spammers were able to still "legally" operate under it, it would at least rise the cost of spamming, shoving many spammers out of business. It would also shut down the worst spammers-- the ones who are [i]already[/i] using illegal methods to push their spam, such as mail server hijacking. We'd have a culling of the herds, as it were.

    Of course, this gets to something I never figured out. If Company A in the united states hires Spammer B in Burma to spam U.S. citizens, and Spammer B violates the CAN-SPAM act in doing so, can Company A be prosecuted under CAN-SPAM?
    • Re:Great (Score:4, Insightful)

      by wfberg ( 24378 ) on Saturday August 07, 2004 @01:04PM (#9909297)
      So we were initially worried CAN-SPAM would fail because we feared it was so weak it might actually protect certain "marketers" who bothered to follow its provisions to the letter. Now it turns out that it's going to fail because even it its weakened form, it isn't being enforced...

      The CAN-SPAM act has been, and is, wildly succesful.. in protecting those "marketers" from any legal backlash.
    • Of course, this gets to something I never figured out. If Company A in the united states hires Spammer B in Burma to spam U.S. citizens, and Spammer B violates the CAN-SPAM act in doing so, can Company A be prosecuted under CAN-SPAM?

      Yep. They're "procuring" the spam run. See the CAN-SPAM act's definitions. If the US company know that the Burmese outfit are spammers, or they don't take reasonable measures to find out, they can be prosecuted under CAN-SPAM. (If you live in a Bizarro World where spammers act
    • From the article:

      The blame, he said, could be laid on law enforcement, which hasn't exactly been successful in tracking down on spammers. Some individuals have been stymied -- most recently a Boca Raton resident whose assets were frozen by the courts -- but enforcement is the exception rather than the rule.

      Now my question. Were law enforcement agencies given any additional resources or funding to enforce the law? I don't know, but I highly doubt it. Without additional resources to fight such crime, how

  • it wouldn't help. A .54% compliance rate shows just how much the law scares the spammers: it doesn't. It's impossible to enforce compliance, and they know it.

    Yet even if 100% of spam complied with the requirements of CAN-SPAM, it wouldn't mean the amount of spam would necessarily be reduced in any way. Spamming is completely legal under this law. An illegal scams make up a large portion of the spam we see here. The scam being scammed is illegal already, so the spammers feel no need to worry about break
  • by Animats ( 122034 ) on Saturday August 07, 2004 @01:03PM (#9909289) Homepage
    We need to fix this on the pay side, where the spammers make their money.

    In many US states, it's a criminal offense to operate an anonymous business. California has a specific requirement that a business selling on the Internet must disclose their actual name and address before accepting a credit card number. Few spammers do that. We need to put teeth into that law by making the bank that processes the credit card transaction an accessory to that offense. It's aiding and abbetting money-laundering.

    On a state level, make it illegal for a bank to charge a consumer's account for an Internet transaction unless the web site complies with that requirement. That would work as a state law, because it applies to the in-state bank that has the consumer's credit card account.

    The card-issuing banks would push the requirement back through the system to avoid liability. They would force banks to insist that MasterCard and Visa International issue rules which require merchant banks to change their merchant agreement to prevent anonymous merchants.

    With penalties applied through the banking system, spammers would find their ability to collect money much reduced. They'd be kicked out of banks the way they used to be kicked off ISPs.

    • But ultimately... (Score:3, Insightful)

      by Kjella ( 173770 )
      ...spammers lie. What's to stop them for lying about their real name and address? The banks, VISA, merchant banks etc. would all pass blame along. They are usually breaking fraud laws, deceptive marketing laws and now can-spam. Why shouldn't they ignore those laws as well? It's the same kind of bullshit ISPs pull with their pink contracts. Claim ignorance, and at worst, pull the plug to run the same scam all over again.

      Kjella
    • I don't think most these spammers are actually processing the cards. They are simply harvesting the credit card numbers and selling them to someone else, who then goes and makes fraudalent purchases with the number.
      • Some of them are just collecting credit card numbers for resale, but those are a minority. Banks go after those people. The ones operating semi-legitimate businesses anonymously (usually porno sites) can be targeted through the payment system.
    • Leerpm said "I don't think most these spammers are actually processing the cards". Most likely thats whats happening. It doesnt make much sense for someone to spam a product in an email, have the sucker buy it using a CC, then the spammer cashing out the CC payment. Too much of a trail back to them.

      It makes more sense for a spammer to spam a product, take the suckers CC information and never send whatever product is being spamvertised, then resell the information to a third party, who then uses the CC fo
    • I work for a major credit card processor (First National Merchant Solutions), and I'm at work right now. This is a highly opinionated reply I'm posting here, so let me say right out in front: this opinion is mine, and may or may not be shared by my employer, First National Merchant Solutions. (I heard from a coworker that we process about 5% by volume of all Visa/Mastercard sales nationwide. We're a big company, so the disclaimer is necessary.)

      I agree with the general idea of interfering with spammers'
  • by bgeer ( 543504 ) on Saturday August 07, 2004 @01:23PM (#9909379)
    So basically we've learned that when people advance their careers by committing health fraud, insurance fraud, selling animal-abuse porn, and running pyramid schemes, they don't obey the law. Maybe next we'll learn that when politicians advance their careers by soliciting donations from corporations, they don't act against the interest of those corporations.
    • You can add to that that the largest percentage of Govt. employees are not from the top half of their fields. Otherwise they would be making twice the money, or more, with real jobs.

      Bureaucrats job: generate enough paper to justify your existance, it doesn't half to mean anything, just clog the flow.

      Corporations donate to both sides so that the winner will owe them, no matter what!
  • Many ISPs are guilty, too. MCI/UUNET is the worst in the US. They know damned well that over a hundred of their customers are major spammers, yet they keep them online regardless of any AUP policies. Obviously, they want a piece of the spam cash cow. So the rest of us suffer even more because so many spammers find it easier to flood our networks.

    Right now, boycott is the only way to deal with it. That means that no only will I refuse to do business with MCI/UUNET, I will also refuse to accept any SMTP

  • "We're giving it a pretty good chance of passing," said Ruskin, who has a company representative at the IETF meetings. "The word on the street is that everyone wants to support [Sender ID], but that some are concerned about the proprietary licensing that Microsoft wants to put in it. If someone has to fax Microsoft each time a change is proposed to the standard, that doesn't go down well with a certain group of people."

    Sounds like someone has his panties in a wad.

    Drop the proprietary crap. There's no need
    • If the standard itself requires licenses from Microsoft (or, for that matter, anyone else), even if there's no money changing hands, we're better off without it.

      There's things worse than spam. Some company owning email is one of them.
  • Yesterday my server blocked 24,857 spams, up from 16,446 the same day a week ago.

    Current figures indicate that approximately 81% of the e-mail traffic my server gets is spam. It's probably a little higher than that since there's always some spam that gets through.

    To most people, it might not be a big deal, but since I pay for my own bandwidth to the backbone, this represents a tremendous waste of resources that I'm paying for.

    The waste of resources is not a technological problem. It's called theft.

    The
    • Yesterday my server blocked 24,857 spams, up from 16,446 the same day a week ago.

      Current figures indicate that approximately 81% of the e-mail traffic my server gets is spam.


      Wow, I'm way ahead of the curve. I *wish* I only got 4 times as much spam as real mail. Or even only 40 times as much spam as real mail. I had to block whole countries to get the volume down to the point I wasn't being charged excess bandwidth fees.
  • by nusratt ( 751548 ) on Saturday August 07, 2004 @02:03PM (#9909556) Journal
    "Those police are probably too busy deleting the 80% spam from their email"

    No, they're too busy checking our library records and p2p usage.
  • I believe it it was he who proposed legislation to make it legal
    to hack people's machines remotely, surreptitiously and destructively,
    if the machines contain (or are used for) unauthorized file-copying.

    I think it's notable that no one of his ilk has stepped up
    to suggest something similar which would legalize hacking of spammers to benefit the PUBLIC
    (versus legislation benefiting large political financial contributors
    like the RIAA or the Direct Marketing Association).
  • There's two things missing.

    First, the law must allow anyone to sue the spammer in civil court. Law enforcement has more than enough work to do, and limited resources to do it with.

    Second, the law must target the actual problem. It will always come back, so long as there's no law that bans unsolicited broadcast advertising over networks paid for by the recipient. You get stealth spam, astroturf spam, spam pushing political parties and politicians, preeachers and churches, products and categories, lifestyles and cults, spam over SMS and instant messenger networks and on web boards and everything else.

    If they initially limit it to unsolicited bulk commercial email, that will at least dry up the core of it for a while, until people start spamming public service notices and political messages to drive traffic to their sites, but this late in the game I'd be happy with a reprieve.

    But opt-out lists and tagging and being an "honest spammer" doesn't cut it. Get a sunday newspaper. Make an estimate of all the ads in there, including the classifieds. That's the number of people just in your city who are willing to pay on average the equivalent of a month's service on a throwaway cable account to get their message in front of a few percent of a few million people, most of whom will ignore them. JUST from your city alone. On the Internet, every city in the world is the same distance from you... make allowance for the "honest spammer" and that's how many people will be lining up to hit your mailbox.

    Every week of the year.

    There's no room for the "honest spammer", unsolicited broadcast email (and unsolicited broadcast advertising on any media that's effectively free for the sender) has to go. No exceptions.

    An effective law has to allow for civil suits by the injured party, it has to require explicit audited requests for the mail unless there's an equally explicit equally auditable relationship (like, it's a club you're a member of), and it has to target bulk mail.

    Anything else just has too many loopholes to make a difference.
  • Post a 10-50 thousand dollar bounty on repeat spammers and unleash marshals and bounty hunters on them.

    Make it financially desirable for freelance and already licensed enforcement services to bring the spammers in.

  • If I understand it correctly, and my boss (I work for a medium sized ISP in Washington) is right, the CAN-SPAM act makes all state-level anti-spam laws unenforcable. So our nice, useful, extremely effective Washington State law, is now off the books, and we get to use the completely worthless CAN-SPAM law instead.

"jackpot: you may have an unneccessary change record" -- message from "diff"

Working...