FTC Defines Spam 193
Iphtashu Fitz writes "The FTC has just issued its final report on how it will define Spam with regards to the federal CAN-SPAM act. According to the FTC, bulk e-mail is commercial if it includes advertising and promotion or if the subject line or beginning of the message would be reasonably considered to be advertising or promotion. This is very similar to the proposed rules that were announced back in August. The modified rules also deal with the issues of transactional messages (an e-mail regarding an order that also includes advertising) and relationship-based e-mail (messages about product updates, etc)."
Pretty vague definition (Score:5, Insightful)
Agreed (Score:2)
It is clear that CAN-SPAM is nothing but a can of spam.
Re:Agreed (Score:3, Informative)
Since you can't just use the Outlook Express contacts list anymore, they scan the computer looking for email addresses. And they find them. And, anyone that ever been sent email or participated in an email discussion with that person gets a worm email.
And worse, everyone likes to get the latest information about "their account", so they open the
Re:Pretty vague definition (Score:5, Insightful)
"It isn't perfect, therefore it's no good." That's basically what you're saying. This is a first effort at banning spam, so it isn't going to catch everything. Let's see how it works, and expect it to be extended as time goes on.
Re:Pretty vague definition (Score:5, Insightful)
Re:Pretty vague definition (Score:2)
Actually, for once I think this is exactly the point. By giving a very specific set of guidlines which much spam already falls outside, the FTC is actually lending legitimacy to spam which doesn't fit their definition of spam. Alredy much spam has non-sensical subject lines and random setences at the beginning, followed by a huge advertising banner. According to the FTC, this isn't spam.
Re:Pretty vague definition (Score:2)
Re:Pretty vague definition (Score:2)
He also knows that it will become the single legal definition of spam in many places
"This is a first effort at banning spam"
No, it replaces better attempts at banning spam, and those state laws won't have been the first either (UDP anyone?)
"it isn't going to catch everything"
If I got a dollar for every time I heard this phrase from vendors of absolutely useless spam-filters...
"Let's see how it works, and expect it to be
Re:Pretty vague definition (Score:2)
Re:Pretty vague definition- Better than nothing ? (Score:2)
That depends, of course. A step in the right direction is better than no step at all and that's what I think we have here.
Re:Pretty vague definition (Score:2)
Re:Pretty vague definition (Score:2)
The definition of UCE is actually a bit broader than my own particular definition of spam, which is basically mass-mailed ads for something either unsavory in its nature or for something I could not reasonably be expected to want. Some guy wants to send me an ad for a book on Jewish genealogy in India, which I could conceivably be expected to be interested in, though I never asked for it, doesn't bother me, since this fits into the image
Re:Pretty vague definition (Score:2)
I can see them arguing that this directly addresses my interests, based on my long-term reading of r.h.f and Dave Barry, and the couple dozen online cartoons that I have bookmarked.
But I'd still consider them spam.
Re:Pretty vague definition (Score:2)
Definition not broad enough? (Score:4, Interesting)
Re:Definition not broad enough? (Score:2)
"As the Commission noted in the NPRM, one of its concerns in this proceeding has been that "spammers not be able to structure their messages to evade CAN-SPAM by placing them outside the technical definition of 'commercial electronic mail message.' A typical example is a hypothetical message, unrequested by the reci
Re:Definition Leads to Enforcement? Not Always. (Score:2)
The US can enforce our laws in other countries where there is a treaty that permits it. The FTC has gone after Global Web Promotions [barbieslapp.com] in Australia. The FTC was aided by the Australian authorities.
definition... (Score:4, Funny)
Pronunciation: 'spam
Function: noun
Etymology: from a skit on the British television series Monty Python's Flying Circus in which chanting of the word Spam (trademark for a canned meat product) overrides the other dialogue
: unsolicited usually commercial e-mail sent to a large number of addresses
BUY NOW!!! (Score:3, Funny)
I guess I'm through sending my boss transaction reports with the subject line "ENLARGE YOUR PENIS!"
Aw, just as well, I'm sure she would have slapped me with a sexual harassment suit if I kept it up.
Spam definition? (Score:5, Interesting)
2) It isn't in my (native) language.
3) I have no pre-existing relationship with the company being mentioned.
4) The subject line must parse as normal language - |\|0 l33t-5p34| 5) May not include any attachments.
6) May not consist of only a graphic or link to a website.
For additional protection, hold the companies being advertised liable for the actions of the company doing the "promotion".
Re:Spam definition? (Score:2)
NATCH! It is great in theory...until Company A Joe-Jobs Company B. (google "joe job" or check it on wikipedia....)
Re:Spam definition? (Score:3, Interesting)
Well, a reasonable person would conclude (with supporting information) that Company A in your example is actually doing the promotion.
If you want to be more specific (assuming that the police and courts are not reasonable), hold the company that is PAYING for the promotion to be held liable for the actions of the company doing the promotion (in addition to the promoting company).
Sure, it would cost legitimate companies money. But spam already d
Re:Spam definition? (Score:2)
-b
Re:Spam definition? (Score:2)
Re:Spam definition? (Score:3, Funny)
Let's equate this to murder since people nowadays only understand harsh things.
1) I am killed for no apparent reason (duh)
2) I am killed by someone who does not me, nor I him
3) I am killed by someone who I might know, or might know me, however no relationship existed.
4) I am killed by someone from whom I am currently buying things.
5) I am killed by someone from whom I have told I might buy future products.
So as
Re:Spam definition? (Score:2)
Oh yeah, and even if #3 gets implemented, the burden shifts to you to keep the filters up-to-date. Normally, legit companies generally call you on the phone (or you opt-in to an email list). They have to figure out if they have a relationship with you before they contact you. Now, you ha
damn skippy. (Score:2)
Follow the money, honey and squeeze where it stops.
If there are no takers for Spam, there won't be any Spam. Market forces will work to make Spammers go and do something else.
If you know that buying an ad over the internet will suddenly go from costing you peanuts to costing you $50k per email sent, payable to the local police force, I don't think you're going to be interested. "Via
Re:Spam definition? (Score:2)
A message is Spam only if it is both Unsolicited and Bulk.
Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent.
Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
Unsolicited non-bulk email is normal email, e.g. first contact enquiries, job enquiries, sales enquiries
Bulk non-unsolicited email is normal email, e.g. subscriber newsletters, customer
Re:l33t-5p34|5? (Score:2)
P*H*A*R*M*A*C*Y
oxxxyyyconntin
scripttt
viii i codin
Ciali's
pppain killllers
weiight
doccctor
P.H.A.R.M.A.C.Y
Bu' y C'ialis soft''tabs
ppennnnny st000ckkk
Bleah.
I have more trouble with the russian mail-order-bride spams, since they've started using single large words as subjects. Mail wit
in china.. (Score:3, Funny)
Unfortunate Necessary Evil (Score:5, Interesting)
The sad truth is that you can't have both. You either have an international body that regulates the internet (which personaly I don't want, and I assume most
Spammers and anoyed people will continue to fight for a long long time.
Re:Unfortunate Necessary Evil (Score:2)
The sad truth is that you can't have both.
Spam is NOT freedom, it is ABUSE of email. I (and I presume the majority of slashdotters, certainly the majority of email users) don't send email to people who don't want it (whether COMMERCIAL or not - The "C" word is a red herring). Stopping those who do would NOT involve (depending on how it's done) increased regulation of the Internet.
You either have an interna
Re:Unfortunate Necessary Evil (Score:2)
Re:Unfortunate Necessary Evil (Score:2)
Real world comparison: it's easy enough to stop unsolicited commercial mail. Put a sign on your letterbox saying "no junk mail" and have laws to back your choice not to receive it. It would be difficult to then turn those laws, or the thinking responsible for those laws, into laws banning an adult porn shop.
Two different things accessed in very different ways.
Re:Unfortunate Necessary Evil (Score:2)
Re:Unfortunate Necessary Evil (Score:2)
Due to the jurisdictional issues, a technical solution is just about the only solution that has any hope of working, as that wouldn't be limited to a single country.
Re:Unfortunate Necessary Evil (Score:2)
I think the consequences of that are likely to be far more unpleasant than the current spam situation....
Re:Unfortunate Necessary Evil (Score:2)
Spammers spam because someone pays them to. Those who pay the spammers pay them because they think someone will buy the product being spammed.
And so remains the question: who buys h3rb41 v14gR4? No, you aren't allowed to answer 'clueless (l)users' because, in my experience at least, even the most clueless will delete spam on sight. And anyway, will someone who just started to 'surf the web' even be able to read h3
Re:Unfortunate Necessary Evil (Score:2)
That is already happening. In a few more y
Re:Unfortunate Necessary Evil (Score:2)
Re:Unfortunate Necessary Evil (Score:2)
I may not be able to define it (Score:3, Insightful)
``Unsolicited bulk email'' [spamhaus.org] seems like a pretty good definition to me, but I guess that's not quite good enough [internet.com] for the brainiacs at FTC.
"UBE" is a GREAT definition (Score:2)
Years ago they promoted the address uce@ftc.g
Re:"UBE" is a GREAT definition (Score:3, Insightful)
The FTC has to stick "commercial" in there somewhere, because that's the only way it has jurisdiction. Remember, it's the Federal Trade Commission.
Re:"UBE" is a GREAT definition (Score:2)
In all honesty these are not the beasts we are worried about. They are only the small fraction of bulk emailers we could find.
Goodbye Yahoo Groups! (Score:4, Insightful)
These mails fit the new definition of spam: "bulk e-mail is commercial if it includes advertising and promotion ".
The same also applies to Topica, and no doubt many other ad-funded list servers.
Re:Goodbye Yahoo Groups! (Score:2)
Does putting the same ad on lots of different indiviual mails from customers count as 'bulk'? If so, Yahoo Mail and Hotmail have to die too!
Re:Goodbye Yahoo Groups! (Score:3, Informative)
This is very wrong, and it's unfortunate that someone moderated it up. The rules clearly address "primary purpose." The FTC has no authority to ban sponsorship messages in Yahoo Groups emails, whose primary purpose is other than to deliver that advertising, and whose
Re:Goodbye Yahoo Groups! (Score:2)
However, if you actually read the FTC's comment you'll find this bit on page 36 of the pdf: "As the Commission noted in the NPRM, however, CAN-SPAM refers to the primary purpose of the message, not of the sender. The primary purpose of an email message may be fairly determined by looking at the sender's intent or the recipient's interpretation. The latter is the better choice because it is cons
Re:Goodbye Yahoo Groups! (Score:3, Informative)
Again, the FTC did not define "spam." It defined mail that can be considered "commercial" and therefore subject to the rules laid down by the CAN-SPAM act.
If an email is considered "commercial," it is not necessarily prohibited. You should read the entire act carefully. It doesn't prohibit transmission of emails that have been requested by the recipient, and whe
Re:Goodbye Yahoo Groups! (Score:2)
If there are 30,000 characters of jpg advert and 7 characters of "me too!" in a mail (or as sometimes happens, no characters of actual content at all), surely the advert is it's 'primary purpose'?
That's OK then (Score:3, Insightful)
Re:That's OK then (Score:3, Insightful)
It is, however, [e-]mail fraud
Re:That's OK then (Score:2, Funny)
Mail Abuse (Score:4, Insightful)
Someone is abusing the email network if:
They are intentionally sending email messages to a bunch of people who didn't ask for them.
Counterexample?
Re:Mail Abuse (Score:2)
Re:Mail Abuse (Score:2)
The appropriate protocal would have been to individually mail the people on the list with "Would you like me to send out my listing sheets to you?"
Everyone who responded "yes" should have been added to the "mailing list", everyone else should have been left to ask to join themselves.
If at some point in the future there was a new person who would be appropriate to send the messages to who had not been asked bef
Re:Mail Abuse (Score:2)
Re:Mail Abuse (Score:2)
Her sending personal emails to the people inviting them to be on her mailing list wouldn't be a problem.
Bulk mailing the invitation is quesitonable. If she could send messages to the "board of realtors mailing list", that would be an appropriate place for the message. If not, it would require a judgement call to decide if the existing business relationship is close enough to send the invitation.
Re:Mail Abuse (Score:2)
Bulk mailing of an unsolicited message is unquestionably spam.
In this example, she can take an ad out in a newspaper/magazine/meduium other local realtors would read, offering to add them to her mailing list. Yes, this involves paying money for advertising, but advertising the list through unsolicited bulk email, while 'free' (no incremental cost above email access), is spam.
Re:Mail Abuse (Score:2)
Counterexample:
If you have a list of 7 friends/relitives and you CC them all a "Merry Christmas" message, that's not spam due to a pre-existing relationship.
The real question there may be what number makes up "bulk", but sending 7 viagra ads to spidered addresses is definately spam.
Going back to the realtor example, I'm sure the following wouldn't be spam, as long as the recipients are aquainted with the sender by name.
This is stupid, and doomed to make things worse. (Score:4, Insightful)
The only possibly effective remedy I have come accross is the widespread addoption of SPF (as long as domains are publishing sufficiently restrictive policies), beysian filters, and blacklisting (either by users, by admins, or some combination of both).
Before anyone gets thier panties in a knot over blacklisting, SPF changes the nature of blacklisting by making it possible to identify which persons, hosts, or domains are responsible for the offending emails. The problem of false positives goes away if sending and recieving domains are using SPF (and the persons maintaining the blacklist are behaving in a reasonable manner).
The FTC cannot define spam, as what is spam to one might be truffles and cheese to another. Only I can decide what is spam (in my account). Quit bugging the legislators and start bugging the admins (or, better yet, the executives) to implement some simple, common sense measures (such as, if it originates at a "martian IP addy", it's probably not wanted), checking the legitimacy of the sender (SPF), allowing your users to help identify spam by submitting examples for your beyesian filters, and taking part in creating/maintaining a blacklist of the very worst offenders.
Advice for how to (Score:2)
I have ethical concerns over having any part in the development of this software.
Any advice on how to talk the business people out of doing this? I've sent them all the CAN-SPAM stuff I can think of, but I'm not sure they are scared yet.
Re:Advice for how to (Score:2)
SPF and other technological measures will deal with spam just the same, regardless of whether you are a good samaritan. No need to risk your livelihood.
Re:Advice for how to (Score:2)
Re:Advice for how to (Score:2)
Re:Advice for how to (Score:3, Insightful)
Re:Advice for how to (Score:3, Interesting)
Re:Advice for how to (Score:2)
Btw: tell your bosses that hopping mail servers is a good way to get your entire isp firewalled by a zillion mail admins, or sbl'ed, or listed in spews.
Re:Advice for how to (Score:2)
Frank Castle style! (Score:3, Funny)
I reccommend a killing spree.
Please? We'll hide you once it's done, promise!
FTC Issues Hot Air (Score:5, Insightful)
( ) technical (x) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which vary from state to state.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
( ) Requires cooperation from too many of your friends and is counterintuitive
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
( ) Ideas similar to yours are easy to come up with, yet none have ever worked
( ) Other:
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
( ) Other:
and the following philosophical objections may also apply:
(x) Any scheme based on opt-out is unacceptable
(x) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
(x) We should be able to talk about Viagra without being censored
( ) Countermeasures cannot involve wire fraud or credit card fraud
( ) Countermeasures cannot involve sabotage of public networks
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
( ) Other:
Furthermore, this is what I think about you:
(x) Nice try, dude, but I don't think it will work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
what about those poor people (Score:2)
well, it's not like there's anywhere we can easily report the stuff anyway
Not just bulk mail! (Score:3, Interesting)
"The text of the Act has no business-to-business exemption and
[i]does not establish a minimum number of email messages that must be sent before the Act applies.[/i]" (my emphasis added)
There is no requirement for the mail to be bulk, which the article implies there is. This is (imho) a very wise move, just because someone sends 1 spam instead of a million doesn't mean it's legal or morally acceptable!
Re:Not just bulk mail! (Score:2)
Read the "Allowed HTML" under the Submit button.
Re:Not just bulk mail! (Score:2)
Mine would be lower, but I didn't sign up until they stopped allowing non-anonymous posts w/o accounts.
Define? Bah! (Score:2)
Bah, humbug!
Stopping Spam won't work until... (Score:3, Insightful)
We make it unprofitable for the those that distribute spam. Now most of you are probably thinking that I'm talking about the spammers, but this is a problem that existed long before the internet.
Look at the Postal Service. How many unwanted items, advertisements, credit card offers, coupons, etc... get delivered that are immediately thrown in the trash? And if you write return to sender on the next Capitol One credit card offer, or on the next AOL CD you receive, the USPS knows to just throw it in the trash instead of returning it. Why?, because they have already made a profit.
Look at your telephone service. How many people actually have to screen their calls with answering machines and caller-id to avoid those annoying interruptions and solicitations during dinner or at odd hours? Why is block caller-id even available if it wasn't profitable.
Now look at SPAM. Once again, we all know about the annoyances of this junk.
Asking the government to enforce any kind of policy to prevent it is rediculous. First of all, Spam through the postal mail is probably what is keeping residential postal rates so cheap. Now herein lies the rub. If it can be done legally through the govt. postal service, all other avenues are fair game. And so the legal finger pointing begins, if he can do it, so can I.
When the govt. has it's own hands in the same honeypot that telemarketers, spammers, and bulk-mailers do, it's a no win situation.
Until that changes, avoiding spam without having to download some anti-spam tool, or anti-pop-up browser, or placing a no soliciting sign on your front door, it won't stop. Call me cynical, or even a conspiracy theorist, but public nuisances normally follow trends. One of the true pleasures of living in a capalist society.
Re:Great (Score:4, Informative)
Re:Great (Score:2)
So it DOES make it less of an ad?
Re:Great (Score:2)
Re:Great (Score:2)
Read what you typed again.
Re:Great (Score:2)
Re:Great (Score:3, Insightful)
So if I make a post to a mailing list advocating the use of such-and-so software for solving some problem, like filtering spam, does that make me a spammer?
Honestly, they can call it whatever the heck they want. It's like trying to define porn. "I don't know how to define it, but I'll sure know it when I see it." We have a lot of filtering systems that seem to be much more effective at identifying spam than the congress-critters can. So if you don't mind, I'll just keep by bogofilter and ignore the res
Re:Great (Score:2)
Good, if there were any way of proving that you didn't request the email. It boils down to waiting until there's a complaint, followed by your trying to get a conviction when it's your word against theirs. Much better is a way of idendifying forbidden emails by their content only, as that's fixed at the time of sending. Granted, this definition has loopholes, but spammers are stupid. There will be ID01Ts sending out spam that can be caught this way, and the
Re:Great (Score:3, Informative)
So this get-out doesn't apply, for which we can be thankful.
Re:Great (Score:3, Funny)
"I shall not today attempt further to define the kinds of material I understand to be embraced, but I know it when I see it... "
Re:Great (Score:2)
"Fool me once, shame on you. Fool me twice, shame on me!"
Your bayesian filter should be able to handle the changes without much more than a hiccup.
Re:Great (Score:2)
Re:Great (Score:2)
I'm an advocate for blocking all Chinese IP addresses from the Western Hemisphere. We've managed doing business for the last 2000 years without them, we won't die if we blow them off. It's going to screw them up not doing business with us a lot more than it will screw us up. In a few years we won't be able to say that.
Look at the American IP subnets. If you try to run a business from a DHCP IP address you'll get so badly blocked you'll be hardly able to talk to yourself. So what do you do? You take t
Re:What about a header? (Score:2)
Not necessarily! The POP3 mail server can read the headers and use filtering, then reject the file if it looks like SPAM. Additionally, if the laws require that advertisement MUST HAVE these headers, under penalty of prison, the server could be programmed to store the message and record the mail transaction to be given to the corresponding authorities.
This is specially true if the spammer
Re:This helps? (Score:2)
Main Entry: diction
Pronunciation: 'dik-sh&n
Function: noun
Etymology: Latin diction-, dictio speaking, style,
from dicere to say; akin to Old English tEon to
accuse, Latin dicare to proclaim, dedicate,
Greek deiknynai to show, dikE judgment, right
1 obsolete : verbal description
2 : choice of words especially with regard to
correctness, clearness, or effectiveness
Main Entry: grammar
Pronunciation: 'gra-m&r
Function: noun
Etymology: Middle English gramere, from Midd
Re:This helps? (Score:2)
Re:This helps? (Score:2)
However, bonus points for the honesty to admit you made a mistake. Perhap
Re:This helps? (Score:2)
Re:This helps? (Score:2)
Re:Hey, this is funny stuff (Score:2)
Re:Finally (Score:2)
Re:Definition Leads to Regulation? (Score:3, Interesting)
Of course, this doesn't work for servers in Taiwan, and I've noticed that that's where most of my Chinese spam comes from, for some reason.
Re:spam needn't be a problem anyhow... (Score:2)
but C/R has worked with astonishing ease in my case.
/me too/
I'd highly recommend (well implemented) C/R systems to anyone out there. Even in the case of unwanted challenges, there's often a work-around: most challanges do carry very specific X-*** headers that let the receiving system know to filter accordingly (if they so wished).
Because (headers of) challenges are easily recognizable (an RFC regarding this would be a nice thing to have!), one can configure their e-mail servers or inboxes in such a