Do-Not-Email Registries? 794
prgrmr writes "Wired has an article about Colorodo and Missouri's latest legislative proposals to deal with spam and with spammers. There appears to be actual consumer-protective teeth in these bills which mirror the telephone 'do not call' lists. A nice example of a government perpetuating a working concept instead of trying inventing new ways to break things."
Accident (Score:3, Insightful)
*phone rings*
"Excuse me, sir, are you interested in..."
"I thought I was on a fucking do-not-call list!"
"Sorry sir, you are, it was an accident. Sorry sir."
Direct marketing is here to piss the hell out of us for a long time yet.
-Mark
Out of Country Spam (Score:2, Insightful)
I don't know how much this list will help.
Might work if.... (Score:5, Insightful)
The difference is... (Score:2, Insightful)
Why this won't work (Score:4, Insightful)
With email, it is far more difficult to stop. First, the jurisdictional issues. Second, it is trivial for an email spammer to hide his identity -- there are plenty of open relays to bounce through.
I already receive spam for "500,000 opt-in email addresses on CD!" -- when do-not-email lists are in place, I'm sure I will be getting adverts for "500,000 do-not-email addresses on CD!". And nobody will be able to stop them.
Thank you DMA (Score:2, Insightful)
No antispam bill has passed because the DMA wanted to reserve the right for their members to spam you.
There are people AGAINST this, and not spammers! (Score:4, Insightful)
They (CAUCE [cauce.org]) complain that it shifts the burden onto the consumer to be a member of the opt-out list (which is free, and easy to get into). The complain that we are treating the symptoms and not the cause.
Bull. It costs the spammers money to even SEE the lists, and they face $500+ penalties if they don't check and mail first. Hence, this is a real financial deterrent (at least in those states). This artificially raises the transaction costs, which gets at the cause (that is, email is cheap and free).
Instead, CAUCE wants it to be like junk fax laws wherein no one can send you email without having established "a business relationship" with the recipient. I see too many ways of twisting this around in court that would prevent legitimate email from being sent to people when your first contact with them would be through that medium. It would scare people away from just sending email notes because they won't know how it'll be interpreted at the other end. I can envision paranoid use policies sprouting up in IT departments all over our fair land. Nooo!!!!
What is unclear is whether both the spammer and the spammee (sp ?) have to be in the same state (or in states with similar laws) for this to be effective. In that case, all the spammers will just base their operations in Florida where half the GDP comes from MLM and other scams.
Will it work for email coming from overseas? (Score:4, Insightful)
So what good is it?
Appalling risks of unintended consequences (Score:3, Insightful)
Second, if you don't verify the information carefully, at minimum with double-opt-in and some kind of Turing test (e.g."type the number from the gif into this box"), there'll be all sorts of abuse, signing up people who don't want to be there, automated h4X0r b0ts trying to kill everybody in the state, random crap like that. Do you trust your average state government to implement something like that right? (If you answered "yes", and live in California or New Jersey, you obviously don't bother reading headlines about state government computer project debacles, and if you live somewhere else, your local government is just as stupid by I haven't been paying attention to them :-)
Third, there are ways to provide some privacy protection while still maintaining a blocking list. For instance, instead of keeping a database of addresses that pass the double-opt-in test, publish a list of harder-to-abuse hashes of the addresses:
Fourth, this doesn't always mix well with newer tagged-format addresses ("username+tag1@example.com") or domain or subdomain addresses ("anything@mydomain-example.com" or "anything@username.fastmail.fm") unless the rules are tediously explicit and accurate for how to use them. These kinds of addresses let you give every recipient a unique address, which your email programs can filter on to discard stuff that's obviously abuse and sort stuff that's from real people.
$10? Come on.... (Score:2, Insightful)
It's not a working concept though. (Score:2, Insightful)
Practically speaking I'd like to see international law recognize that those profiting from spam (the people who are actually taking the money for the products) are responsable for the spam even if the spam cannot be traced directly back to them. Fines with teeth would be needed for enforcement.
stop the spammers with a central email list (Score:4, Insightful)
Great, we'll stop the spammers by building a huge central repository of working email addresses, and then give access to the lists to spammers worldwide. How could THAT backfire?
scott
This sounds good, but... (Score:2, Insightful)
I think they need a new plan... Untill someone gets an international plan set, it will be difficult to crack down on any spam. I'll stick to my filters, thanks.
Great idea.. (Score:2, Insightful)
When it comes down to it, there's only one way to defeat spammers: Not buying into their advertising. Unfortunately, far too many people don't understand what a bad idea it is to actually pay attention to Spam.
What does this mean? We, my friends, need to find an alternative method to fight Spam. My guess? We do it by being just as annoying to the spammers as they are to us. There are any number of ways to do this, but what it comes down to is, use good spam intercepting software, and junk mail accounts. MS can afford the space, why not make them use it?
Re:Accident (Score:1, Insightful)
"Excuse me, sir, are you interested in..."
"I thought I was on a fucking do-not-call list!"
"Sorry sir, you are, it was an accident. Sorry sir."
*click*
*beep-beep-boop-beep*
Hello, Attorney General? I've got some more revenue for you here."
It works.
Finally, but... (Score:5, Insightful)
with a forged packet headers, open relays, and a global internet not subject to any one state or country's laws..is this in any way enforceable?
What about overseas spam? (Score:2, Insightful)
Do Not Mail versus Do Not Call (extensions) (Score:4, Insightful)
With a Do Not Call list, one single entry covers all my phone extensions. Since the teleslimers will be comparing only the basic phone number, and not the number with its extension, against the list, by simply having my number without any extension in the list, a proper lookup will match and they can skip that number. None of my extensions will be called.
The issue is how to do this for email addresses. Many mail servers allow for "extensions" by having a certain special character such as "-" or "+" or "." followed by an "extension". By simply having the email account of the part before the separator, you automatically have every possible extension. Some people call this tagged email. And example would be jsmith-foobar@example.net [mailto] where only jsmith@example.net [mailto] would be in the list.
Many people even have their own vanity domain names, and regardless of what username is used before the @-sign character, they get the mail like the whole username were the extension.
For a registry to work, for at least those who are required to use it, it must meet at least these two requirements:
I looked at the registry [waisp.org] run by the Washington Association of Internet Service Providers [waisp.org] and found that the verification process [waisp.org] only works one at a time. This makes their registry virtually useless. Of course, distributing the addresses in the raw will be worse, as it will get in the hands of spammers out of the country, and everyone will just get more spam because now spammers will have a list of address that are even more likely to have someone reading. And some will be mass mailing to such a list just to destroy the effectiveness of registering.
One option is to distribute an SHA1 [openssl.org] checksum of each address. Then all that needs to be done on the mailer's end is to test each address by generating the checksum and looking that up in the database.
But even that has a risk, and I'm wondering if even that should be allowed. That risk is that spammers will run all their millions of email addresses through the process, and produce a subset of those who are registered, and then from out of the country ... they will spam the hell out of just those.
In the end I think the only real solution is for a law that establishes two distinct networks (same address assignment base, but disjoint routing), one where spamming is allowed, and one where it is entirely prohibited under threat of jail time (for the executives in the case of corporations, LLCs, etc). Each ISP can then choose to service one or the other or set up dual but separate facilities to serve both. Wanna bet which network most will choose?
Re:Why Legal and Not Technical Solutions (Score:5, Insightful)
Because it's not a technical problem- it's a social problem that happens to involve technology. I suppose the phone company should come up with technical method to stop telemarketers as well, but the failure of technical solutions in solving the telemarketer problem was what prompted the creation of the do-not-call list. Technical solutions to spam have so far been a failure as well. The most you can hope for is a perpetual arms race.
It reminds me of the litgation induced from "deep linking," when in reality the web master simply needs to better configure his/her server.
That's a case of corporate idiots bursting onto the scene and applying political and legal pressure to destroy the protocols that made the web successful, because they want to shape it into something that favors their own myopic interests, and they think they can spend the money to get the courts to back them with a poorly reasoned decision. The fact that there's a technical solution to what they're whining about is convenient but irrelevant. Even if there weren't a technical solution to prevent deep linking, their case would be bankrupt.
Similarly there are technical solutions to this. If I'm on a "do-not-email" list, then why don't I configure my email client to only accept emails within my address book? Many email clients can do this filtering, even web based ones, so what's the problem? Effectively, this is what these people want and there's a solution so why the red tape?
Because we shouldn't have to resort to whitelists. I cannot compile a list of everyone in the world who isn't an asshole and who I might want to get email from. Maybe you never get mail except from six people, but some of us have to distribute our contact information.
Press 5 if you think technology serves you... (Score:2, Insightful)
Press 5 if you think that technology is improving the quality of your life.
I will do what I always do, change my email address when I start getting too much spam (through the filters.)
Re:Next step: (Score:1, Insightful)
I know what you mean,every time I get spam it says "we are sending this because you requested it from us or one of our affiliates..."blah,blah,blah.
?I DID??
Oh yeah,then theres the"To unsubscribe click here..."which translates to "To verify your e-mail address click here"
Am I the only person who thinks it makes more sense to have a "Call"or "E-mail"list instead of a "do not call"(or e-mail)Surely the number of people who want to be bothered would be much smaller than those who don't,so the cost of maintaning the list(s) would be considerably lower.Also,the companies making the calls or sending the E-Mails would be guaranteed that every call made would be to someone who will listen to or read the message.
Of course,the big business dollars will not allow that.
Laws need several things to work (Score:3, Insightful)
2. It has to allow for individual enforcement (i.e., small claims court). Law enforcement, frankly, should be frying bigger fish.
3. It should be a felony to promote anything with SPAM without permission of the entity being promoted.
4. In addition to the spammer, the fine should apply any entity being promoted by SPAM unless they are willing to file a criminal complaint against the spammer (for violating rule number 3). Note that filing a false criminal complaint is also very illegal; so, this would not be likely t be misused.