Forgot your password?
typodupeerror
Spam

Do-Not-Email Registries? 794

Posted by michael
from the you-have-already-opted-in dept.
prgrmr writes "Wired has an article about Colorodo and Missouri's latest legislative proposals to deal with spam and with spammers. There appears to be actual consumer-protective teeth in these bills which mirror the telephone 'do not call' lists. A nice example of a government perpetuating a working concept instead of trying inventing new ways to break things."
This discussion has been archived. No new comments can be posted.

Do-Not-Email Registries?

Comments Filter:
  • Hmm (Score:3, Informative)

    by Warmth Is Life (569686) on Friday February 07, 2003 @09:29PM (#5255108)
    To get an update on this registry, just send a blank email to opt-in@colorado.gov.
  • Next step: (Score:4, Funny)

    by Lord Bitman (95493) on Friday February 07, 2003 @09:30PM (#5255114) Homepage
    Next, try and get all spammers to admit that what they are sending is "unsolicited". That's not going to happen any time soon.
  • Accident (Score:3, Insightful)

    by Big Mark (575945) on Friday February 07, 2003 @09:31PM (#5255120)
    Whatever happens, you'll still get the email equivalent of the following:

    *phone rings*
    "Excuse me, sir, are you interested in..."
    "I thought I was on a fucking do-not-call list!"
    "Sorry sir, you are, it was an accident. Sorry sir."

    Direct marketing is here to piss the hell out of us for a long time yet.

    -Mark
    • Re:Accident (Score:3, Interesting)

      by Anonymous Coward
      Much more fun is to use the counterscript [xs4all.nl]. I've had a few telemarketing people sounding so worried when I did it that I almost felt sorry for them.
  • It seems like this would only protect us from spam by legitamate countries in America. I can just imagine trying to sue the fly-by-night spams I recieve, many of which I don't think are from this country.

    I don't know how much this list will help.
  • by Doctor Sbaitso (605467) on Friday February 07, 2003 @09:33PM (#5255132) Journal
    Will there be an opt-in list for those of us who still want to enlarge our penises and make money fast?
  • Might work if.... (Score:5, Insightful)

    by www.sorehands.com (142825) on Friday February 07, 2003 @09:33PM (#5255135) Homepage
    It might work if it had some of the following provisions:
    • Trap names on the list so that the states' sttorney general's office may go after them.
    • Statutory penalties for violations.
    • Liability for companies that hire spammers.
    • The ability to block domains, not just individual users.

  • by shovelface (466145) on Friday February 07, 2003 @09:33PM (#5255137) Homepage
    In Washington State, spam is illegal and the attorney general encourages people to file complaints. These are often done by filling out a simple form.
    To help argue against spammers saying "we didn't know this address originated from Washington State", there is online registration for users who reside in the state and do not want to receive spam. You can find it over here:

    http://registry.waisp.org/

    -trout

    • Pros:

      • It appears to be free to register
      • Does not appear to be distributing the list

      Cons:

      • Too hard to register lots of addresses
      • Cannot register just a general domain
      • Verification is only one at a time and way too hard to do

      My conclusion is this site is a joke. Do they expect to handle millions of lookups an hour?

      What they should do is distribute a list of the 160-bit SHA1 [openssl.org] checksums of the registered addresses. Then it's simply a matter of the spammer hashing each email in their mailing list and looking that up against the list. If there's a match, bingo.

  • by Anonymous Coward
    Accountability. The telephone companies have a limited number of telephone accounts, and they have a rough idea of who owns each one, where calls are coming from, etc, etc. And, most importantly, it's very easy for them to track down offenders and terminate connections. Spammers, though, don't face exactly that same problem. Jumping to a new vulnerable server is MUCH easier than getting a new telephone line. I wouldn't be surprised to see illegal spammers using these lists as a source for their spamming.
  • I understand the problem with SPAM, but why a legal solution to a technical problem? It reminds me of the litgation induced from "deep linking," when in reality the web master simply needs to better configure his/her server. Similarly there are technical solutions to this. If I'm on a "do-not-email" list, then why don't I configure my email client to only accept emails within my address book? Many email clients can do this filtering, even web based ones, so what's the problem? Effectively, this is what these people want and there's a solution so why the red tape?
    • by MillionthMonkey (240664) on Saturday February 08, 2003 @04:15AM (#5257264)
      I understand the problem with SPAM, but why a legal solution to a technical problem?

      Because it's not a technical problem- it's a social problem that happens to involve technology. I suppose the phone company should come up with technical method to stop telemarketers as well, but the failure of technical solutions in solving the telemarketer problem was what prompted the creation of the do-not-call list. Technical solutions to spam have so far been a failure as well. The most you can hope for is a perpetual arms race.

      It reminds me of the litgation induced from "deep linking," when in reality the web master simply needs to better configure his/her server.

      That's a case of corporate idiots bursting onto the scene and applying political and legal pressure to destroy the protocols that made the web successful, because they want to shape it into something that favors their own myopic interests, and they think they can spend the money to get the courts to back them with a poorly reasoned decision. The fact that there's a technical solution to what they're whining about is convenient but irrelevant. Even if there weren't a technical solution to prevent deep linking, their case would be bankrupt.

      Similarly there are technical solutions to this. If I'm on a "do-not-email" list, then why don't I configure my email client to only accept emails within my address book? Many email clients can do this filtering, even web based ones, so what's the problem? Effectively, this is what these people want and there's a solution so why the red tape?

      Because we shouldn't have to resort to whitelists. I cannot compile a list of everyone in the world who isn't an asshole and who I might want to get email from. Maybe you never get mail except from six people, but some of us have to distribute our contact information.

  • by Lord_Slepnir (585350) on Friday February 07, 2003 @09:33PM (#5255143) Journal
    Hi. I an email market-person from Laos. Where I get list so...ummm...I know who... er...not ... to send e-mail?
  • DUh, enforceability (Score:2, Informative)

    by jpnews (647965)
    I'm on a state no-call list, and it's practically worthless. No all my sales calls have callerID numbers like 999-999-9999. Obviously if my phone privacy can't be protected, this email no-call list will be equally useless. Not to mention that... I can already see that the no-call list would be the most extensive (and valuable) list ever compiled. Who would secure it and how?
  • Opt-out does not work! These solutions are going to be just as effective as states that outlawed spam entirely in stopping spam, and are going to be just another source of validated addresses, thus ensuring more spam for those on the lists.

    -Philip
  • by possible (123857) on Friday February 07, 2003 @09:35PM (#5255159)
    I don't think this will work. Do not call lists (for telephone spam) work fairly well because it's rather easy for the government and/or utilities to investigate who is violating a DNC list. This is made even easier by the fact that phone/fax spam from abroad is almost non-existent in the USA.

    With email, it is far more difficult to stop. First, the jurisdictional issues. Second, it is trivial for an email spammer to hide his identity -- there are plenty of open relays to bounce through.

    I already receive spam for "500,000 opt-in email addresses on CD!" -- when do-not-email lists are in place, I'm sure I will be getting adverts for "500,000 do-not-email addresses on CD!". And nobody will be able to stop them.
    • by grahammm (9083)
      It may be easy for the actual sender of the email to hide his identity, but if the spam is offerring goods or services it is not so easy to hide the identity of the privider.

      The type of spam which will probably be decreased by this type of law is that from businesses which put you on their mailing list because you purchase something from them (or download software)
  • Well, we know two state government's whose officials' email addresses will have 400 offers for great savings and/or sexy girls in the next hour.
  • Seems like a great idea to me! Hope it succeeds and becomes law. I have almost no telemarketing calls since I subscribed to the do-not-call list.
  • Any measure other than completely banning the practice will just invite loopholes.

    1 such loophole with this would be foriegn spam outfits, big deal if the US has a "don't spam me" list, doesn't stop them from setting up shop in china, new zealand, or .ru.
  • If I was someone who had a god-given mission to enlarge your penis, I sure wouldn't pay attention to any Do Not Spam list.
  • Half the slimeballs sending me spam are already claiming that I opted in--even those who send me spam at an address that I never, never use as a return address with any company. (That address is, unfortunately, on a couple of web pages where spambots found it.)

  • Thank you DMA (Score:2, Insightful)

    by bpfinn (557273)
    Nevertheless, Congress has failed to pass any of the 19 national antispam bills introduced since 1999, thanks in part to lobbying efforts of the business community.

    No antispam bill has passed because the DMA wanted to reserve the right for their members to spam you.
  • With email, the source can be proxied and faked up enough that broad enforcement is difficult. At least a phone company can find the source of a phone call pretty easily if you're on the "do not call" list and get annoyed with a telemarketer.
  • Anytime I track down spam that I get it almost always is coming from servers located outside the US. While this is great for dealing with US originating spam, will it be effective for foreign countries?
  • I applaud the notion, but it betrays a profound cluelessness about the interstate -not to mention international- nature of spam, and the lack of any clear connection between cyber- and geographical address. In the first paragraphs, it becomes clear neither will survive the first legal challenge:


    "The Colorado Junk E-Mail Law would require companies to pay an annual fee of up to $500 to access the registry. It would award consumers $10 for each unwanted message that they receive, assuming they are willing to take the spammer to court. If they win the case, their attorney's fees would be reimbursed.


    In Missouri, companies would have free access to the list, but residents would be able to sue marketers for up to $5,000 for violating it.


    Critics say the proposed opt-out lists are a futile version of equally futile statewide spam laws. (Both Colorado and Missouri already have statutes regulating unsolicited commercial e-mail.) "


    Look, I hate spam as much as the next guy (I postmaster over a dozen domains), but the leagal history of most topics on Slashdot clearly shows that an ill-considered "solution" often does more damage than no solution at all (if only because when companies start lobbying for these *known* ineffectual measures alongside the clueless public, they be come (politically, pragmatically))
    unstoppable in the eyes of politicians


    Stupidity ensues.


    The anti-"fax spam" laws only worked because faxes were still heavily concentrated in the offices of companies and professionals. They were affordable, but as someone who'd had faxes at work, school, as part of professional organizations, etc., since the 80's, I can assure you that when that law was passed, the fact that I had one at home 24/7 still surprised people. Though the standard modem was already a faxmodem, few had them configured and on (not to mention the whole consumer OS crash problem, which was a major problem, even if it was often better than it was in the mid-late 90's)

  • I signed up for the Donut Spam list, and now all I get are emails from Hormel and Krispie Kreme's new venture.

    *shudder*

  • by Ayanami Rei (621112) <rayanami@gmai l . c om> on Friday February 07, 2003 @09:45PM (#5255243) Journal
    I don't get it.

    They (CAUCE [cauce.org]) complain that it shifts the burden onto the consumer to be a member of the opt-out list (which is free, and easy to get into). The complain that we are treating the symptoms and not the cause.

    Bull. It costs the spammers money to even SEE the lists, and they face $500+ penalties if they don't check and mail first. Hence, this is a real financial deterrent (at least in those states). This artificially raises the transaction costs, which gets at the cause (that is, email is cheap and free).

    Instead, CAUCE wants it to be like junk fax laws wherein no one can send you email without having established "a business relationship" with the recipient. I see too many ways of twisting this around in court that would prevent legitimate email from being sent to people when your first contact with them would be through that medium. It would scare people away from just sending email notes because they won't know how it'll be interpreted at the other end. I can envision paranoid use policies sprouting up in IT departments all over our fair land. Nooo!!!!

    What is unclear is whether both the spammer and the spammee (sp ?) have to be in the same state (or in states with similar laws) for this to be effective. In that case, all the spammers will just base their operations in Florida where half the GDP comes from MLM and other scams.
  • Remember the WPA? That was one of Roosevelt's tools to fight the Depression by giving government jobs to unemployed people doing really useful work. I'm not just talking ditch-diggers here (no offense to ditch-diggers intended)--the WPA also hired tons of writers, photographers, etc.

    Right now the job situation for us tech-folks really stinks. So how about paying at least some of us highly-educated-but-unemployed to work fulltime, hunting down those deceptive spammers and shutting them down?

    Think of the many hours you've wasted fighting the spam in your inbox--wouldn't you be happy to see your tax dollars go to a project like this?

  • ... but seeing as how most of my SPAM is from out of the country... oh well. This is a good start to get American business SPAM out of my inbox, I'll have to rely on procmail [procmail.org] and SpamAssassin [spamassassin.org] for the rest of it, I guess.
  • ..this is it!

    Can you imagine what will happen when the spammers get the list?
  • In order to have a do-not-email list you have to have an accessible list of valid email addresses. Okay so company A looks at the list and agrees not to email any of the people on it, and then turns a big profit by covertly selling the list to other companies comfortably located outside of US jurisdiction.

    Email is global, it's hard to believe that any state is going to come up with a way of significantly controlling spam.
  • How are they going to prosecute it. It's a big dog, w/ mean teeth, chained to a post by a chain 3 feet too short to touch the spammers.
  • Is this sort of thing an incremental step towards federal legislation (the only decisive approach IMHO), or will it delay it? Is there a downside to almost-there legislation?

    Clearly legislative solutions are going to happen. People are angry, and even politicians must get junk mail that their staff complain about. What I'm perplexed about is why the federal junk fax law was passed so (relatively) quickly and (relatively) easily. Surely the interest groups are more or less the same.

    Oh, I almost forgot: Die spammers, die. My spam % has hit about 60, through no fault of my own (some idiot managed to "opt-in" my email address for his; now that the address is burned into some commercial CD-ROM I'm hosed). Because teh geomatrically expanding junk email reduces the email technology to uselessness, I will not accept any solution short of opt-in only.
  • We have "do not call" lists in the UK and it is illegal to call numbers on them for marketing firms etc., but, get this, the list is maintained by an independent for-profit company who charge to gain access to the list.

    So basically you have to pay up or you could be breaking the law! It's like a telephone spam tax!

    Actually- that's a good thing, isn't it?

    graspee

    P.S. First post
  • But few cases have been successfully prosecuted under state laws, partly because spammers hide their identities -- by forging e-mail headers and routing information or by relaying spam through an unsuspecting host. That makes it hard to pinpoint the humans responsible for sending out the illegal missives.

    For crying out loud. If you are going to spam 1,000,000 people with a penis replacement advertisement, then you'd at least better give an address so that people know where to send you money! Does a lot of spam, nowadays, not include any way at all to contact the spammer? How can that be profitable?

    --panties [slashdot.org]

  • by corebreech (469871) on Friday February 07, 2003 @09:51PM (#5255312) Journal
    No?

    So what good is it?
  • slash is broken
  • by pgrote (68235) on Friday February 07, 2003 @09:53PM (#5255333) Homepage
    Jay Nixon is the attorney general of Missouri where I reside.

    He has been very active [state.mo.us] in ensuring his office in on the net and useful.

    He has made great strides in the nocall [state.mo.us] area. His legislation is used as a template by most states.

    Here is an older story [state.mo.us] with much more info on the legislation and what it brings to the table.

    Good to see state government making a national impact.
  • Dear Citizen,

    Did you know that the State of Texas has some great special offers this month?

    To find out more why not visit our Website [redneck-rampage.com]

    -----
    You received this message because you registered for the junk-mail opt-out list.

    To opt out of opt out click here [slashdot.org]

  • Yeah, and then spammers from other states add your e-mail address to their list...
  • Yah, right! As if some "do-not-email" list will keep away the spammers who are based in the far-east. If anything, this DNE list will become a convenient source of valid email addresses for the spammers! If I were a resident of these states, I'd stay as far away from it as possible. :-)
  • Why, you ask? Becuase companies tend to be in a couple of categories, as it comes to email marketing:

    (1) Deep pockets to lobby the elimination of this bill; or
    (2) Fly-by-night or off-shore types that could care less.

    Pity, as I would love to see the end of spam in my lifetime.
  • I hereby claim Nth invisible post on this story!

    graspee

    p.s. don't mod me down, fucknutz, I am highlighting a problem with slashdot- it is accepting comments but not showing any new ones.
  • How many spammers right now obey the existing spam laws?

    Ohio has a law that says you have to provide full identification on unsolicited email advertisements, and that you must provide a way out for the consumer. But I still recieve plenty of spam with no identification other than a forged header, and certainly no way to tell the spammer that I don't want their stuff anymore.

    Good intentions, but, just like every other law covering the digital realm, it's too hard to enforce.
  • This is a cheap way to up your post count and not get modded down! New- non-corporeal posts!

    graspee

  • Its surprising that spam is looked down upon in the adult webmaster world even though so much spam is pornographic in nature. Most sites that spam you, you can easily find the sponser that is paying them for every signup and report them there, that way they get screwed for their spam. Remember nice sites like Digital Teenz.com [digitalteenz.com] never will spam you. So report what porn spam you get to the sponsers the spam is promoting, if enough people do this you might be surprised at how much spam gets cut down.

    And my blantent spam: Check out Digital Teenz [digitalteenz.com]
  • The Colorado law is not modeled on our highly popular telephone registry. In the latter case, if somebody calls us we can report them to the state and the Attorney General will go after them. I don't know whether we get any renumeration, and frankly I don't care since the intent is to ensure compliance. A call from the AG's office carries a lot of weight with companies, even those suing to overturn the law.

    In contrast, the proposed spam law still puts the burden on us to track down the spammers, and for our trouble we'll get the princely sum of $10. Thanks, but no thanks since I already have that right for the 99% of the spam I receive that doesn't have "ADV:" in the headers. Meanwhile the $10 won't come close to compensating me for this asshole passing my address along to everyone he can in retaliation.

    What I want to see is the right of the AG's office to go after anyone who violates some common sense rules. $100 fine/message for forged headers. $1000 fine/message if the forged header pointed at a Colorado resident. $1,000 fine/message if the forged message was bounced through an open relay located in this jurisdiction. $1,000 fine/message if a commercial message did not contain a valid "remove me" link, and $2,000 fine/message if the message was not acknowledged and acted upon within a reasonable period. (Say 3 business days.) With stacking fines. One night with a spambot and even a low-level spammer could be facing tens of thousands of counts, and millions of dollars in fines.

    That won't stop the Nigerians or the jerks bouncing mail through Korean ISPs, but it should stop the spammeisters who brag to the WSJ then bitch when they get tons of unsolicited physical mail.
  • But few cases have been successfully prosecuted under state laws, partly because spammers hide their identities -- by forging e-mail headers and routing information or by relaying spam through an unsuspecting host. That makes it hard to pinpoint the humans responsible for sending out the illegal missives.

    If spammers can avoid prosecution under these laws, they can use the do-not-email list as a source of emails to spam. We know they would do this because of how they use the "reply-to-remove" links to see if an email address is live and unfiltered.

    There's a way to avoid this problem: don't publish the emails; publish a one-way hash of the emails. Cracking the hash would take enough resources that it wouldn't be cost effective for the spammers, but "ethical" spammers who are trying to obey the law would be able to use the hashes to check if emails already on their list were opted-out.
  • Legislators for the state of Oregon are considering such a law. The state Attorney General is pushing it, according to this story [katu.com]. It doesn't seem like it would be a huge win, but it's something, and the recognition that spam is out of control.
  • Have anyone considered having an entire domain name as an atom in the do not email list as opposed to only individual email address? For instance, the administrator of goatfactory.com could simply request that *@goatfactory.com be added to the list. It would of having to submit joe@goatfactory.com, buyagoat@goatfactory.com, etc... as well as subsequently having to add each new email address that he assigns.
  • This is the ultra-difficult to secure first post on The Thread No-one Could Reply To.

    graspee

    Come on, congratulate me or something!

  • until someone cracks into the database and sells the x million verified email addresses to overseas spammers
  • Going to Small Claims court is not worth the ten dollars. It's not worth the $20 if they email you twice. It's not worth the $30 if they email you three times. It's simply not worth the trouble, and the small chance that you would lose, and the high probability that the spammer wouldn't even show up.

    They should at least make the penalty as costly as the court fees needed to collect it.
  • by billstewart (78916) on Friday February 07, 2003 @10:10PM (#5255456) Journal
    There are so many things that can go wrong with a list like that if you don't implement it carefully. First of all, it'll be downloaded by Korean-proxy-abusing spammers and spammed anyway, from outside the states' jurisdictions. ("Buy Our Spam Prevention Software Now!") And SPAMMERS ALWAYS LIE. You'll start seeing spam about "This Email Isn't Spam, and by not using the State Spam-Blocking-List, you've given us permission to contact you about our AmAAAAZING Spam-Free Offers!"

    Second, if you don't verify the information carefully, at minimum with double-opt-in and some kind of Turing test (e.g."type the number from the gif into this box"), there'll be all sorts of abuse, signing up people who don't want to be there, automated h4X0r b0ts trying to kill everybody in the state, random crap like that. Do you trust your average state government to implement something like that right? (If you answered "yes", and live in California or New Jersey, you obviously don't bother reading headlines about state government computer project debacles, and if you live somewhere else, your local government is just as stupid by I haven't been paying attention to them :-)

    Third, there are ways to provide some privacy protection while still maintaining a blocking list. For instance, instead of keeping a database of addresses that pass the double-opt-in test, publish a list of harder-to-abuse hashes of the addresses:

    Salt, Hash(emailaddress, salt)

    Fourth, this doesn't always mix well with newer tagged-format addresses ("username+tag1@example.com") or domain or subdomain addresses ("anything@mydomain-example.com" or "anything@username.fastmail.fm") unless the rules are tediously explicit and accurate for how to use them. These kinds of addresses let you give every recipient a unique address, which your email programs can filter on to discard stuff that's obviously abuse and sort stuff that's from real people.

  • Thats what I'm waiting for... what they'll be fined or how much time they'll get.

    Being beaten with sticks doesn't seem to unfair to me, considering how much I loathe spam.
  • Some spammer will set up shop overseas in a country that will provide them a safe haven to use these "Do-Not-Email" lists as "Super-verified-to-exist" lists. That's just as good as replying to a spammer requesting to be removed from their list. Of course they remove you! What they don't tell you is that now you're on a totally new list of e-mail addresses known to be valid and of people who actually read their spam (How else did you know the remove proceedure?). Spam sucks.
  • OK, that's an exaggeration. I've had a little -- about two or three pieces per year -- in my main e-mail box. The reason is obvious. Spam is why God created Hotmail.

    I only bring it up because it's the sensible temporary personal solution while public policy continues to fail us. We can't count on Washington, and few can count on state legislatures. An e-mail address, like a pair of aces, is something to hold close to your chest. Use Microsoft's spam trough for public communication.

    The optimal solution to spam is simple: thunderously vicious overkill, an art in which the US (thanks to the Drug War) is now well-practiced. But we can't get legislation from our servile lawmakers, who well understand that to even think of hushing the roar of unbridled greed is to sacrifice their usefulness to the Machine, and hence their careers.

    The registries are promising, but feature one tremendous drawback and other subtle ones. The main problem is that you don't want to leave these matters open to the vagaries of shifting political control. Here in Minnesota, our state opt-out telemarketing registry will take effect in a matter of weeks -- if the new radical right wing government here deigns to operate it correctly. In an age of fiscal and moral deficits, I'm not holding my breath.

    More subtle are the problems of collection and control of information. First, registries place the onus of education and participation upon citizens when properly the onus of desisting should fall upon spammers. Second, registries collect the very data after which spammers lust, and hand it to them. Toothless penalties will only encourage massive abuse, making spamming easier.

  • Even as much as we hate spam, the idea that states should be allowed to regulate E-mail is really frightening. On most of my E-mails, I have no idea what state (or nation) the recipient is in.

    If state regulation of E-mail is upheld, it means every time you send an E-mail you must figure out what state it is going to, learn the laws of that state, and then obey them. Sounds fine if it's an anti-spam law, but the principle would apply to any regulation the state might dream up. You would get 50 different sents of rules about what emails were legal and which were not. For example, New Mexico tried to pass a law regulating decency in internet traffic to New Mexico. No thanks to granting states that sort of authority.

    If you want an opt-out list, it's got to be global or at least federal. Global's hard to do. Unfortunately, unlike phone numbers, I have an infinite number of E-mail addresses so an opt-out list is not so practical. If you allowed patterns you could cover it but you would need a way to authenticate the ownership of the pattern.

    You also don't want the list published in cleartext, though it's hard to avoid this. While you could publish a list of hashes of excluded e-mail addresses, it's not hard to extract a lot of the addresses since the real ones come from a finite space. After all spammers have managed to harvest well enough.

  • "This exact comment has already been posted. Try to be more original..."

    So maybe slash is down for upgrades, as I haven't heard of this before- though I think that they would have had a piece informing people of it if that were the case.

    If it knows this comment existed maybe it was stored after all.

    JESUS CHRIST this topic is going to have about 1000 first post claims on it! It could go down in history!

    Can we beat the highest post count on a story ever? Will they let the record stand?

    Am I really sad for playing slash like a game?

    Am I going to lose lots of karma along with lots of other people as the mods who get up don't realize the problems slash was having with showing posts?

    AHHAHAHAH Historic day!

    graspee

  • but how are they going to procecute out-of-country spammers?

    basically they're getting a huge verified list of email addresses.
    what I'd do is put some test addresses in there before my personal one and see if it gets spammed first.

    should be interesting either way.
  • Here's my written testimony...
    Testimony [pingalingadingdong.com]

    The house bill 228 wasn't perfect, it still needs a lot of work. It was suppossed to be voted on last Monday but I didn't hear the results.
  • The one thing wrong with this idea is that once government starts providing services, it also looks for compensation. And we know that once it finds a source of money or power, it never, ever gives it up.

    Let's save the 'net for the people. Keep government out of it!
  • Um, yeah, just put your e-mail address here on this "special" list, and I swear I'll send them to the state for the do not mail list.

    Oh, and you may receive a few notices as to other great products we offer, such as appendage enlargement, ways to meet women, and wonderful investment opportunities.

    Best Scam Ever. :)

  • $10? Come on.... (Score:2, Insightful)

    by WotPeed (613645)
    One of the proposed laws gives the consumer $10 for successfully sueing a spammer. Gimme a break, who's got the time to go to court for $10? Another of the proposed laws awarded the spamee $5000 (or was it $2000?) if they had registered on the no-spam list but gets spammed anyway. That would certainly be more of a deterrant, but it doesn't address the problem of finding the spammer to begin with. While it's good to see someone trying to do something about the problem, this ain't it.
  • But few cases have been successfully prosecuted under state laws, partly because spammers hide their identities -- by forging e-mail headers and routing information or by relaying spam through an unsuspecting host. That makes it hard to pinpoint the humans responsible for sending out the illegal missives.

    Can we really stop spam through policial solutions? Seems like things must be done on a technical level first before laws can become effective.

  • The spammers will just hide thier tracks using servers outside the US in safe havens for shady activities.

    Practically speaking I'd like to see international law recognize that those profiting from spam (the people who are actually taking the money for the products) are responsable for the spam even if the spam cannot be traced directly back to them. Fines with teeth would be needed for enforcement.
  • and I invite everybody to visit the page and enter their email adr. if they don't want go get spam in their email.
    btw please fill in those field about stuff you like while you are at it.
  • by tgeller (10260) on Friday February 07, 2003 @10:21PM (#5255532) Homepage
    First off, let's assume that DNC lists work for phone and paper direct marketing. (We all know that they don't, but let's pretend.)

    DNE lists *can't* work, for several reasons:

    * There's not a one-to-one correlation between people and email addresses. Many (most?) people have several addresses: Even AOL members get up to eight. So do those people have to "unsubscribe" eight times? What about those of us who invent new email addresses for different uses? It's not unusual for someone to have dozens or even hundreds of addresses.

    * Let's not forget role addresses: root, webmaster, postmaster, etc. Someone would have to put those on the DNE list.

    * What about the poor schmuck who gets "fallback", i.e. [anything]@domain.com? That's the default in many systems.

    * Some email addresses have several people connected to them -- for example, mailing lists. Who unsubscribes those?

    * Some email addresses have *no* people connected to them -- for example, those controlling processes. Would anyone even know to add them to the DNE?

    Some proposals have included a provision that allows one to add entire domains to a DNE list. These are somewhat better, but they have several problems with them. For one, it would trump the individual preferences of those using the domain.

    But ultimately, the main problem is that *the burden shouldn't be on the recipient*. Unlike phone (a common carrier) or postal mailboxes (government property), email boxes are private property, requiring private funds. Access without permission is trespass.

    BTW, see law.spamcon.org [spamcon.org] for a list of states with current antispam laws. I live in one with an opt-in law: California Business and Professions Code 17538.45.

    --Tom Geller
    Founder, SpamCon Foundation [spamcon.org]
  • I'm not from the US. I live in NZ and maybe the spam situation is different there, but at least 1/2 of my spam comes from outside the US. Most of it from african and asian spammers trying to sell me porn sites or give me $42 000 000.

    While a law like this may stop a few honest (if they exist) american spammers, the scumbag majority will probably just plunder these lists for addresses.
  • What guarantee do I have that some hacker isn't going to break into that database of "don't email me please" addresses, and not spam the living snot out of them, all while re-writing the original database and claiming that my address was never on the list???
  • Works! Now, if I could just get the people who want me to give them money as opposed to those who were trying to sell me something to stop calling me, all would be peaceful.
  • do not send me crappy old jokes list?
  • until they can ISPs on the liability hook for relaying spam from outside sources, I don't see the teeth. After all, ISPs have the geographic presence that connect with the end user or, in this case, receiver. Suing a spammer in Bulgaria or Korea is a waste of legal resources, as the net reult will be an unenforceable injunction.
  • Considering the very illegal nature of a lot of spam already (beastiality, pyramid schemes, stock scams, etc.), what exactly makes people think that some new legislation is going to make it stop this time around? Spam's already hard to trace, what with the ephemeral nature of dial-up accounts and the sometimes difficult-to-trace mail sent through open relays in God-knows-where, Asia.
  • Given the obvious willingness of the e-mail spammer to lie, mis-represent who they are, and falsify their e-mail, I don't consider op-out a viable way to deal with spam. An opt-out list will only serve to provide a list of valid e-mail addresses to those intent on getting their crap through no matter what.

    There seems no need for an op-out list. There is already a federal law that prohibits spamming fax machines, and it has been enforced. My state even has an anti-spam e-mail law, but you can't get the lazy government employees in the consumer protection department to enforce it. What we really need is to recognize that spam wastes/(steals) a lot of money in time and resources in many ways and to pass laws against unsloicited spam without making people publish their e-mail addresses that they don't want spammed.

    An ISP who passes tens of millions pieces of unwanted messages each day for penis pills and pr0n and "make money fast" and "I need your help to sneak 14 gazillion US dollars out of my country" shouldn't be spared delivery of only the 1% who are willing to sign up on an opt-out list, they should be spared all of this bullshit by the strength of an anti-spam law that is enforced.

    Enforcement should be a snap too. Put a nice dead-or-alive bounty on the spammers heads and watch how fast they are tracked down and put out of action. The lazy bastards at the consumer protection department wouldn't have to lift a finger.

    A national do-not-e-mail list might be nice icing on the cake; it would be great to have that too, once there was already an enforced law on spamming me, so the someone couldn't claim they had a business ralationship that didn't really exist (like when Microsoft sells them all of the Passport information). But it's not the right answer as a first step against spam. I'm even disgusted that /. would discuss and promote it; this in some ways gives ligitimacy to the lying "click here to opt out" crap common in lots of spam. We need to "opt out" the spammers, not our own private e-mail addresses.

  • Maybe it's just me, but I think neither state law (Colorado or Missouri) quite fits the bill. I like the fact Colorado charges for access to registry. Without that, what's to stop overseas spammers from using the registry to generate an active email address list. After all, so what if the spammers get sued (and lose). They're overseas so you'll never collect. Having to pony up $500 just to see the list is at least a little deterrent to that. Also, this could help pay for maintaining the list, keeping registration free (hopefully).



    However, getting only $10 in damages (plus lawyer's fees) isn't going to encourage much punishment of those who do break the law (and can be found). Here, Missouri's damages of $5000 are a bit more reasonable. This much will encourage more people to go after those violators. Laws without enforcement are worthless.



    Of course, both are still opt-out, and opt-in is much preferred. However, if this opt-out compromise reduces the number of spam messages I have to filter out, then I say it is doing some good. There is no one easy solution to the spam problem. If there were, someone would have found it by now (although just extenting the junk fax ban would go a long way toward that solution).

  • Dammit people, is it that difficult? Spelt like it sounds...
  • This is a little off topic, but on my mind so fuck it. I'm posting it anyway. On a telephone system, those three successive tones (the ones you get when you dial a wrong number) signal non-completion of a call. The Tele-zapper, sold in Radio Shack and other electronics stores, I believe emit these tones, effectively removing the receiver of the call from the call lists of the automated dialers of call centers. Assuming (weakly) that spammers emailed using a valid return address, wouldn't it be nice to have a similar device bouncing spam mails automatically? Years ago, Albert Yale wrote a program called BSM -- Bounce Spam Mail, for Windows. Seems like it worked like twice out of twenty for me. You can still find it on the net with a Google search and a little digging. Would it be possible to have an automated plugin similar to this? I'm not saying such a program would stop spam, but it would certainly be a nice counterpart to Baysean filtering, SpamNet-like utilities, and progressive and intelligent legislation.
  • This would probably be easier to put through than the telephone opt-in system. Most spammers are (slimy) individuals, without the lobbying clout of the Direct Marketing Association behind them - and as everyone knows, laws are made (or not made) because of lobbyists, not out of any sense of whats right. =)
  • I mean - it's not like the people sending me "increase your dick size 8" now" / nigerian king emails are actually selling legit products, and I really doubt they care about any laws or regulations.

  • That the customers have opted in, or that they have an existing business relationship with them. It's what they already do...
  • Have you ever received a telemarketer call or postal junk mail from a foreign country? Probably not. Why? Because it's expensive.

    Have you ever received spam from a foreign country? Probably. Why? Because it's no more expensive than domestic spam.

    This idea will not get rid of spam coming from foreign countries. And note, I'm not talking about foreign language spam. I mean spam originating from a source outside your country. The people who are coming up with these dumb ideas about how to combat spam obviously have no practical knowledge actually trying to deal with spam. But, wait! It get's better. Even if this manages to deal with domestic spam, what's to stop someone from (illegally) selling the list to a foreign spammer outside the jurisdiction of the US?

    If you're a foreign spammer, I bet this sounds like a great idea... Now, the well-meaning, but let's face it ... stupid ... US government will be collecting valid and up-to-date email addresses for you. Even if they don't publish the entire list, there will have to be some way to check if an address is in the list and spammers could use that to verify that addresses are valid without needing to connect to millions of SMTP servers. Any way you slice it, this idea does not seem workable to me. (e-mail does not equal telephone.)

  • Spammers are slimier and harder to track down than telemarketers. Somehow I think they'll just treat the "do-not-spam" registry as just another spam list.
  • Universal 'Remove' lists have been tried. They've all failed because there's always going to be some spammer who thinks they can get away with not using it.

    Don't even get me started on the fact that spammers, for the most part, go to great lengths to hide their real identities and addresses. Can't serve court papers if you can't find the person (and I use the term loosely in reference to spammers) to be served.

    Part of the solution has always been there, staring legislators in the face. It's just that nobody seems to have the cojones to do it; Specifically, expand the existing Junk FAX law (47 USC 227(b)) to cover spam. It might not have an immediate effect, but at least it would be a good start.

  • Uh... Ok. Spam's bad. Sorry for being off-topic, but what's up with slashdot? I seriously doubt that I'm the first post on this message, as I've alreadly re-loaded it twice on a friday night... \. isn't acting like it usually does...

    Anyhow... anti-spam = good. spam = bad.
  • Sign me up please!

  • The list will have to be readable to spammers, and whats to stop one spammer in the us selling the list to another in korea?
  • The article says that the law will allow "consumers to sue marketers who ignore their wishes [not to be spammed]" I'm curious over how the law would treat individual spammers. Would it allow people to sue Hot_Cindy9876@yahoo.com? or would it be the supplier of the product that Cindy was advertising that is held responsible. This might be especially difficult if the product (or website) is foreign, eg CrazyAsianPron.tw

    It also seems a bit negative for anti-spam groups to criticise the laws before they are enacted.

    I would have thought they would be all for this kind of thing, even if it doesn't work, at least it is a start and shows that some States are trying to do the right thing.

    Just because they haven't done it perfectly first time is no reason to complain. Wait and see what happens, it might work out ok, and if it doesn't then start pushing for it to be reworked.
  • This is strange. Does no one care about this subject?
  • It's great to see legislation of this type appear on the scene, however I'm not sure which state's stategy is going to be most effective. Charging spammers for access to a do-not-email list which could potentially protect them from lawsuits is a good thing, but there has to be an incentive for the consumer, other than to screw over the spammers, for them to sue the offenders. Personally, $10/UBE message for at least two days effort on my part (with a lawyer, and in court), which translates into at least $1200 of my time (at a reasonable rate of $75/hour) doesn't make it worth my while to spend my time sueing a spammer in Colorado.

    Payment of $5,000 per violation in Missouri on the other hand, makes it worth while for consumers to sue spammers. FOr this reason, it seems to me that the Colorado law is designed as a state regenue generation mechanism, rather than legislation designed to compensate the victims of spammers.

    --CTH
  • by ses4j (307318) on Friday February 07, 2003 @11:30PM (#5255965) Homepage
    Legislation introduced in Colorado and Missouri would create a central database of residents who don't want to receive unsolicited e-mail...

    Great, we'll stop the spammers by building a huge central repository of working email addresses, and then give access to the lists to spammers worldwide. How could THAT backfire?

    scott

  • by Omkar (618823) on Saturday February 08, 2003 @01:44AM (#5256899) Homepage Journal
    'nuff said.
  • Finally, but... (Score:5, Insightful)

    by sethadam1 (530629) <adam@nOsPam.firsttube.com> on Saturday February 08, 2003 @01:52AM (#5256926) Homepage
    Sounds like a great idea...but....

    with a forged packet headers, open relays, and a global internet not subject to any one state or country's laws..is this in any way enforceable?
    • Re:Finally, but... (Score:4, Interesting)

      by Sycraft-fu (314770) on Saturday February 08, 2003 @04:30AM (#5257296)
      It may simply end up that countries that are unwilling or unable to stop SPAM find themselves banned form the internet at large. I work for a university and we find that a particular country (that I will not name) and a particuar ISP in another country are a large problem for little script kiddies. They refuse to respond to our requests for action so we are slowly banning all the IP blocks that belong to them. At some point, they will no long have any access to our network.

      This is not something that will happen overnight but I do believe that some day there will be a sort of Internet law that you will have to obey and if you don't, you'll find yourself banned from most of it.

      Also most of the SPAM I recieve on my various addresses is form US companies. After all, it's not real useful to SPAM someone for a product or service that they can't buy since you are from a different country. The spammers may use foriegn relays, but they are working for US companies, and those companies can be held accountable.
  • by Skapare (16644) on Saturday February 08, 2003 @03:31AM (#5257183) Homepage

    With a Do Not Call list, one single entry covers all my phone extensions. Since the teleslimers will be comparing only the basic phone number, and not the number with its extension, against the list, by simply having my number without any extension in the list, a proper lookup will match and they can skip that number. None of my extensions will be called.

    The issue is how to do this for email addresses. Many mail servers allow for "extensions" by having a certain special character such as "-" or "+" or "." followed by an "extension". By simply having the email account of the part before the separator, you automatically have every possible extension. Some people call this tagged email. And example would be jsmith-foobar@example.net [mailto] where only jsmith@example.net [mailto] would be in the list.

    Many people even have their own vanity domain names, and regardless of what username is used before the @-sign character, they get the mail like the whole username were the extension.

    For a registry to work, for at least those who are required to use it, it must meet at least these two requirements:

    • Supports all user email addresses, including extensions
    • Easy for the bulk mailers to compare their lists against
    • The raw list itself must not be distributed

    I looked at the registry [waisp.org] run by the Washington Association of Internet Service Providers [waisp.org] and found that the verification process [waisp.org] only works one at a time. This makes their registry virtually useless. Of course, distributing the addresses in the raw will be worse, as it will get in the hands of spammers out of the country, and everyone will just get more spam because now spammers will have a list of address that are even more likely to have someone reading. And some will be mass mailing to such a list just to destroy the effectiveness of registering.

    One option is to distribute an SHA1 [openssl.org] checksum of each address. Then all that needs to be done on the mailer's end is to test each address by generating the checksum and looking that up in the database.

    But even that has a risk, and I'm wondering if even that should be allowed. That risk is that spammers will run all their millions of email addresses through the process, and produce a subset of those who are registered, and then from out of the country ... they will spam the hell out of just those.

    In the end I think the only real solution is for a law that establishes two distinct networks (same address assignment base, but disjoint routing), one where spamming is allowed, and one where it is entirely prohibited under threat of jail time (for the executives in the case of corporations, LLCs, etc). Each ISP can then choose to service one or the other or set up dual but separate facilities to serve both. Wanna bet which network most will choose?

  • by TheRaven64 (641858) on Saturday February 08, 2003 @12:06PM (#5258779) Journal
    This all leads back to a particular favourite of mine: Targetted advertising.
    Advertisers in general do not care how many people see their advert, but rather how many potential clients see their advert. Sending 50000 spams is no good if no-one buys anything from them, while sending 100 which generate 20 sales is a huge return (at the moment only about 1 spam / month gets past spamassassin, so I don't see the majority of them). While it doesn't cost much to send an email, it does cost something. I would like there to be a central registry of items individuals are interested in, so I can register and gt targetted adverts. I have no interest in penis enlargement, breast enhancement, sanitary towels, buying a new car (at the moment) so anyone who advertises these things at me irritates me, and receives no return. Any company that wastes my time prejudices me against them if I ever do want to buy a product they offer. Right now, I'm thinking of buyng a new dual-head graphics card, so anyone advertising a low cost Radeon 8500 would be providing me with information I want, outcome: I don't have to hunt for prices as much, companies can spend less on advertising but generate more sales, I can watch an hour of TV without having 15 minutes of adverts. I'm happy, commercial enterprise is happy. People who send untargeted advertising are laughed at for being so crude. The solution to spam is not to block it, not to legislate against it, simply to show that it doesn't work. Let commercial Darwinism will take care of the problem
  • by herbierobinson (183222) on Sunday February 09, 2003 @12:19AM (#5262259) Homepage
    1. The per message fine has to be enough to make it worth pursuing. MO has the right idea: $5000 per message.

    2. It has to allow for individual enforcement (i.e., small claims court). Law enforcement, frankly, should be frying bigger fish.

    3. It should be a felony to promote anything with SPAM without permission of the entity being promoted.

    4. In addition to the spammer, the fine should apply any entity being promoted by SPAM unless they are willing to file a criminal complaint against the spammer (for violating rule number 3). Note that filing a false criminal complaint is also very illegal; so, this would not be likely t be misused.

We can predict everything, except the future.

Working...