France Launches Anti-Spam Platform

njondet writes "French-law.net reports that the French government has just launched 'Signal Spam', an anti-spam platform created in association with public entities and private companies, such as Microsoft. Internet users will be able to report spam messages by mailing them to this platform which will act as a centralised monitor of spamming activities. The platform will generate a blacklist and help initiate prosecutions against spammers."

Trust French cullinary experts to destroy all SPAM

and smoke a noxious cigarette to celebrate.

Better as a Private Service?

This is where the libertarian in me comes out and wonders if these things aren't better left to the private sector. On the other hand, perhaps having this information sent directly to authorities will result in more prosecutions (or more successful prosecutions) under laws similar to CAN-SPAM, (or maybe that's just wishful thinking.)

more like ENABLE-SPAM Act ..

'having this information sent directly to authorities will result in more prosecutions .. under laws similar to CAN-SPAM'

CAN-SPAM doesn't ban SPAM, what it does do is legitimise the sending of unsolicited commercial e-mail and specifically forbids e-mail recipients from suing the spammers. It's one of those Acts that do the exact opposite of what the name means. As such it should really be called the ENABLE-SPAM Act of 2003.

was Re:Better as a Private Service?

Re:more like ENABLE-SPAM Act ..

CAN-SPAM doesn't ban SPAM, what it does do is legitimise the sending of unsolicited commercial e-mail and specifically forbids e-mail recipients from suing the spammers. It's one of those Acts that do the exact opposite of what the name means. As such it should really be called the ENABLE-SPAM Act of 2003.

Not quite. CAN-SPAM does legitimize the sending of unsolicited commercial e-mail with certain restrictions, but it also clearly defines e-mail that doesn't meet those requirements as being illegal. Virtually every single piece of spam I get violates the requirements of CAN-SPAM and is therefore illegal under US law. If CAN-SPAM were aggressively enforced, it would have a huge impact in reducing the amount of spam that gets sent. Any spam that is legal under CAN-SPAM is trivially easy to filter out through technical means, and if we did start to see legal spam, Congress could simply amend the law to address the problem.

To reiterate: while CAN-SPAM does define certain types of spam as legitimate, that's OK because none of the spam being sent is that kind of spam. If this changes, the law can be fixed later.

However, you are correct that CAN-SPAM also prohibits individuals from suing spammers. If the government were doing its job and aggressively prosecuting them, then private lawsuits would be redundant and unnecessary, and I'm sure that was the original thinking. However, that's not happening. That's a problem.

I wonder how long before...

I wonder how long before we see a massive DDOS attack against the infrastructure used to run this.

Reinventing the wheel?

This seems like an unnecessary duplication of effort. There are already established providers of blacklists, such as spamcop. Why not work with them and help develop easier ways for users to report spam via their email client?

Yes this'll work

Because.

1: We all know how quickly the law works... Talk about a bottleneck.
2: Most spammers operate outwith the control of any single government.
3: Many spammers operate through compromised proxy systems.

Still, at least they're being seen to be doing something and this is the important bit for the politicians.
 

It may help.

Depending upon how it is implemented and how they evolve it.

1: We all know how quickly the law works... Talk about a bottleneck.

But it seems to be the only way to actually get the spammers. Filtering doesn't affect them. Their bandwidth is essentially free.

2: Most spammers operate outwith the control of any single government.

Not really. Each individual spammer lives in a country and is governed by the laws of that country. No single set of laws govern ALL spammers, but you can target some of them.

3: Many spammers operate through compromised proxy systems.

The technology should just be one aspect of this.

The spammers usually don't send out crap on their own (unless it is to advertise their services). This is one of the classic "follow the money" issues.

The Register ran an article that I cannot find right now. It was about how Company A hired Company B to send out ads to certain addresses. Company B hired Company C to send the ads. Company C needed more names so it bought a list of email addresses off of eBay from Person D.

It's easy for a government to handle research like that. Companies respond a LOT quicker when the request for information comes from their government.

And companies don't like having the government digging through their paperwork.

Sure, you risk "Joe Jobs", but overall, it should get the legitimate companies to be a LOT more careful before they outsource their next "email advertising campaign".

And that means that some of the money in spamming will dry up.

initiate prosecutions

initiate prosecutions

How about "fire cruise missiles!" (since France does not have Chuck Norris)

Internaut?

Any organization that uses the word "internaut" to refer to people who use the Internet is doomed to failure, regardless of its intentions. Combined with the fact that it's a French, governmental organization working with MicroSoft, how could it possibly succeed?

Seriously, how long until the zombie networks retaliate? I'd like to have some marshmallows ready for the server fire that follows.

How much input to the citizens have?

I'm thinking this is a good idea, get a serious organization behind fighting spam, not just one with serious goals and effort but one with serious authority. I wonder if the citizens (who are ultimately paying for it of course) have much control over how it is set up? I can envision a conflict between our marketing department and the government going something like this:
Marketing: "No, it's not spam, we put in opt out links and only send it to people we have a relationship with."
Gov: "But 200 people called it spam, you're now listed as a spammer. Sorry."
Marketing: "That's no fair! How do we change our status?"
Gov: "The will of the people has spoken, but I don't have lunch plans, maybe the people could buy....?"
Marketing: "Do you like steak?"
....Fast forward two years...
Gov: "I realize our office receives a lot of criticism for not allowing the public to mark mail as spam, but in reality many of the emails we receive are legitimate businesses using legal means to advertise. We will not allow the public to slur the good name of reputable companies."

Your post advocates a...

Your post advocates a

(x) technical (x) legislative ( ) market-based (x) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(x) Technically illiterate politicians
(x) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
(x) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(x) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

The volume of SPAM precludes this approach.

Can't keep up with billions of messages per day.
Time to pay 1 cent per message.

Spam is international

Spam has no borders. We need a *worldwide* effort.

Better idea

Duplicate the platform onto a series of servers and put them into reinforced bunkers strung along the border [wikipedia.org]. That ought to stop spam from entering the country.

Oh, and be sure not to leave a gap in the Ardennes...

Some decent advice on the site

Unfortunately quite a bit of the site is waiting to be translated but it's a decent initiative. I like the following advice.

"Every time you send a message, check that the email addresses contained in the recipient's field and cc can be clearly transmitted. If you want to send a copy to certain recipients, choose the field bcc or cci . Ensure you do not use the tool "forward to a friend" presented in some sites allowing giving an email to a third party without his consent."

http://www.signal-spam.fr/en/index.php/frontend/re commandations/usagers_de_la_messagerie_electroniqu e_et_mobile/10 [signal-spam.fr]

I've been able to stop most people from doing it but it's still a pain when I receive another 'funny' email and notice that my work address is just one of dozens of addresses CC'ed. Now we just need email clients to use BCC as the default rather than CC.

Like drugs, spam is too profitable

When there's easy millions to be made, it's just too irresistible, and will always be considered worth the risk. And all the spam laws are full of holes to allow the big boys through, and that hypocrisy does not go unnoticed, just like in the drug wars. Don't expect any respect for the law while that continues. This being France, the spammers will probably riot :-) In the meantime, I'm sure the prison industry will appreciate the influx of fresh meat. Unless you can assure they never get a dime, you will get nowhere, but now you will have a new government bureaucracy that functions every bit as well as any other, rife with all the same incompetency and corruption and nepotism as the rest. Like with the American's FCC and FDA and USGA, etc., heads of corporations that spam will head up these departments while their friends are in office and making news rules that provide them all the privileges, and then they will return to the private sector to make more money than ever. As long as there's a little something in it for everybody, the spam will flow undiminished. Round and round we go.

Why not rather attack the source...

Personally I think that rather the source of these spam should be dealt with. Since about 1,5 week, I'm receiving a lot of German spam for companies on the Frankfurt stock exchange. Authorities should rather investigate these companies. This is not some innocent spam anymore, but financial fraud on a very large scale. Companies have gone broke already for other kinds of fraud...

And of course, (l)users and mail server sysadmins should start to secure there machines, so there would not be those huge botnets :-(

anyone else...

read the english version of the site with a french accent in their head? ...

menu change

The lobster thermidor aux crevettes with a Mornay sauce garnished with truffle paté, brandy and with a fried egg on top... is no longer available with spam.

Space-based anti-spam?

Maybe it's just me, or maybe it's because there was another space-related story nearby, but when I saw "France Launches Anti-Spam Platform", the first image that came to mind was an orbital bombardment platform for eliminating spammers from orbit. Now that's the kind of technology taxpayer money should be spent on!

I wrote Signal Spam

I wrote the code that is behind this web site. I'll try to answer questions without giving up confidential information if people are interested.

John.

Feh.

Just publicly publish the names & addresses of the originators, and let the villagers with torches and pitchforks take care of it.
(Not entirely meant as a tongue-in-cheek solution)

Dupe?

I faintly remember that the French government tried something like that some years ago, only to have the server receiving the forwarded Spam crash under the load..

We'll see if it work better this time.

Clean up wanadoo.fr please

Those crazy French. wanadoo.fr is just a seething hot-bed of miscreants. Think they would do something about that first.

Not so original

Maybe better, but this looks like a copycat of Knujon [knujon.net]. Not that another anti-spam establishment is a bad idea :)

Has everyone forgotten why blacklists suck?

Blacklists don't work. It's too easy to poison them, both by those who are simply ignorant or misguided and by those who are specifically intent on the blacklist's corruption.

What's to stop the spammers from poisoning this blacklist with so many good addresses or URLs that it becomes useless and has to be shut down, after wasting millions of francs and getting people's hopes up for nothing?

I greatly admire Graham-Cumming and have used PopFile for years, but this just doesn't sound like one of his more productive ideas.

Einstein predicted it-

"If spam fighting disappeared off the surface of the globe, then man would only have four years of life left."

                    Albert Einstein, 'In Defense of Bees' (1987)

If Yan CAN SPAM, So can you.

The name says it. Some entities CAN SPAM and you CANNOT complain.

Re:Centralized Service?

If they have half a brain, they'd put a physical shunt between the server containing the blacklist and the server which hosts the inbox. Since they'd obviously have to have a person sitting somewhere and clicking "is spam"/"not spam", they could just have their interface copy all the "is spam" to say, a flash key, and at the end of the day they unplug it and input it into the blacklist server. It would only be marginally more inefficient, and it would mean the worst case scenario is no new spam can be reported until they stop/fix the DDOS attack, but the old ones would still be on report.

Re:Centralized Service?

Haven't we learned by now that centralized services don't exactly function as advertised?

Yes, it's terrible how the DNS root server farm is constantly hacked. Or how the google server farm gets hacked every day to redirect to the goatse guy. What? That doesn't happen? What's happnened in the past with a few is that they've managed to DDoS them out of business, or sue them out of business. The government can throw hardware and bandwidth at it. If people come to rely on it, call it "critical infrastructure". Prosecute anyone trying to hack it as cyberterrorists (sic). Let the spammers threaten to sue it, and laugh at them. And if they do it, pass special laws to protect it from liability. Link it up so whenever there's a penny stock scam, start a SEC (or whatever the French version is) investigation. If there's a drug scam, start a FDA (or similar) investigation.

I'm sure this scares the hell out of spammers - someone with more power than to simply blacklist the servers after the fact, which honestly is running around putting out fires instead of catching those starting them. And even if they turn out to be completely incompetent, nothing stops the current blacklists from running...

Re:Its SO French....

They are at it again. Snob, uppish, wants whole world do things in their own way, learn french and whatnot. They isolate themselves, dont join in the international community, and they want whole 250+ countries in the world to listen to what they say.

I'm sorry, were we talking about France or the US?

Now they found a "anti spam" organization as if anti spam organizations do not exist. In at most 2 years i assure you they will be proposing laws to eu that every eu member should mandatorily use their anti spam shit. This is the french way.

Come back in two years to discover...that you're dreaming.

You know what fucking morons, we dont care about your delusions de grandeur. Shove your "own way" up your own arses. Theres spamcop, we will use it, and we will ignore whatever shit you "invent" as if new.

Who is this "we", paleface?

Re:Its SO French....

They are at it again. Snob, uppish, wants whole world do things in their own way, learn french and whatnot. They isolate themselves, dont join in the international community, and they want whole 250+ countries in the world to listen to what they say.

That sounds an awful lot like the US to me. The US/France relationship reminds me of two brothers who "hate" each other for no other reason that they are so similar. The French are a proud, strong and patriotic nation and so are the citizens of the United States.

On top of this, the French are also more internationally minded than the US. They did start the European Union after all and relinquished control of interest rates to Brussels to adopt the single currency.

Simon.

Re:Its SO French....

I agree with you that this French idea is stupid, but I don't see why the rest of your post is about the USA.

Re:Its SO French....

They isolate themselves, dont join in the international community, and they want whole 250+ countries in the world to listen to what they say.

So?

In at most 2 years i assure you they will be proposing laws to eu that every eu member should mandatorily use their anti spam shit.

So?

Theres spamcop, we will use it, and we will ignore whatever shit you "invent" as if new.

Oh I see. You're a spammer, and now you are whining because a democratic government is putting the good of its people over your own selfish, antisocial habits. I'm guessing from your post, you don't even live in France, but in some other EU country that isn't even currently considering this proposal, paranoid that you may have to think of others before unthinkingly spraying your crap over our email addresses. How pathetic.

Re:Spam-eating surrender monkeys?

"Pourriel" is very clever, but I've never ever heard it in real French speech. (Note: I've only ever heard "courriel", the official French word for e-mail, very rarely. Usually they just say "e-mail" like we do.) "Spam" in French is called "spam".

Re:Spam-eating surrender monkeys?

Just one quick note on the French word for "spam"-
"spam" is a correct term in idiomatic langage. The parent cites a word very few French speaking people. It Switzerland, Quebec, and other French-speaking places, the email is known as "spam" or "undesirable mail" to common people.

Please see this thread (if you can read French) for more info [wordreference.com]