Is the CAN-SPAM Act Working? 280
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
War on Poverty, War on Drugs (Score:5, Interesting)
The only thing I have noticed is that spam to my junk Hotmail accounts has dropped to almost nothing. I think this is due to a change in MSN's filtering, and has nothing to do with the legislation.
Usable snailmail addresses? (Score:5, Interesting)
So maybe there was one minor positive point to the law after all. Unless they're simply fraudulent, it's a lot tougher to change a snailmail address than an email or URL address.
More wasted bandwidth (Score:5, Interesting)
What will work... (Score:5, Interesting)
If it's legit email then they can discuss it. If it's not we should be able to block it. I'm sick of paying for this rubbish.
Filtering out spam and black listing email servers (Score:4, Interesting)
What I would like to see is a spam signature sharing, Spam Detection Servers SDS would collect hash per spam email sent within a time period. An email will have to be stopped on any email server and verified against an SDS to see if it is not spam before sending it further. How would these SDSs collect the signatures? Feedback from email users, black lists, good filters etc. All email servers will have to register with SDSs, or they become black listed.
But you probably can tell me why this is not going to work, can you?
Faster than ever (Score:5, Interesting)
I recently signed up for an AOL 'free trial.' It took about five minutes before spam started showing up in the mailbox. I was amazed.
(BTW, if you're on a Mac, don't bother--the Mac software for AOL doesn't appear to have been upgraded for a couple years--commercials be damned.)
Huh? (Score:5, Interesting)
I thought one of the big problems with CAN-SPAM act was that it said that no one could set "standards" for what UCE was required to contain.
No [ADV] or anything at the beginning of the subject line. Spammers know that requiring them to do that would make it significantly easier to trash Spam at the ISP level. They must have lobbied hard to make sure that the bill says that the FCC is *not* able to set "standards" for that identifying marks Spam must have.
If you are going to write a law that tries to fight Spam (questionable intentions in the first place), at least give it some power to set "Standards".
Re:War on Poverty, War on Drugs (Score:4, Interesting)
I've noticed a decline in spam in my Hotmail account as well. Hotmail still gives me false positives. In contrast using Yahoo! mail, I've recieved legitimate emails from real people that I know but haven't added to any address list. These emails have always been marked as legit. I recently have gone so far as to not check my bulk mail for false positives. I've also received one false negative. Right now, I think Yahoo! has an edge over Hotmail.
Re:well duh! (Score:5, Interesting)
How about enforcing the fraud laws? (Score:5, Interesting)
Why is this so hard? This will put an immediate dent in spam. I'm not naive enough to think it will end it forever, but if enough people get nailed hard enough (including ISPs, banks, and others through a RICO prosecution) it will be damn difficult and daunting to even BE a spammer, let alone make any money at it.
Instead we'll waste countless hours talking about making spam illegal, when it's the smallest of all the crimes involved in a typical spam message.
How laws can work (Score:5, Interesting)
Follow the cash. How does spam work? It works by getting someone to give the spammer money. Go after the money. Unfortunately, the CAN-SPAM act makes this more difficult, since individuals cannot go after the spammers, only ISPs.
Here's what we need to have in law:
My spam is canned !! Statistics Follow (Score:4, Interesting)
My spam is canned and put on pallettes now and delivered by semi truck.
Before CAN SPAM.. my SpamKiller trap had about 3100 spam per month.
After CAN SPAM... my SpamKiller trap has about 4200 spam per month. Steadily growing, as always.
Most spam is international ... (Score:5, Interesting)
I block the addresses at my firewall so I automatically eliminate most of my spam as well as most port scans and scripted exploits (since a lot of them are foreign/rooted systems).
I wouldn't do this at a large company, but you can probably get away with it at a small domestic U.S. business that doesn't need international communication through the Internet.
No. (Score:4, Interesting)
Grr... Okay, the lameness filter has forced me to say more. Fine.
I receive roughly one thousand spam messages per day.
Since the passage of the CAN SPAM act, that has not decreased in the slightest. I have noticed only a single difference, which actually has benefitted me, but won't work for everyone - The proportion of messages coming from "suspicious" foreign domains, like
I don't get spam.. (Score:5, Interesting)
Can we use the DMCA to our advantage here? (Score:3, Interesting)
Maybe we can use the DMCA here -- they're trying to circumvent SPAM detection technology...sure it's a pretty serious stretch, it'd be applying a bad law to a bunch of bastards. Bad law (applied to) bad people is just like multiplying two negatives to equal a positive, right?
Re:How about enforcing the fraud laws? (Score:2, Interesting)
Passing US anti-SPAM legislation is rather like passing laws that prohibit the importation of Cuban cigars into Canada. We'd love to have that sort of control, and we're capable of throwing a lot of political/economic weight around to try and force compliance.
But if a foreign power doesn't feel cooperative(or lacks enforcement resources), Capitol Hill is just plain out of luck.
weakened bill (Score:5, Interesting)
This bill, as federal, superceded it. Lamely.
Which is pathetic and sad. /me wants to see a spammer get REAL jail time for
stealing computer resources on high-jacked machine
pushing scams that are ALREADY illegal
Real jail time in a real jail with real property seizure. Loudly.
Use the law as our weapon of choice (Score:5, Interesting)
Hell, it's never been tried, so it has a chance, although I still predict failure.
Re:How about enforcing the fraud laws? (Score:3, Interesting)
As I said in my previous post, I know this won't get operations that are exclusively overseas -- but even following the money trail on this *can* hinder the ability of overseas spam/fraud gangs from getting money out of the US.
Re:I don't get spam.. (Score:3, Interesting)
one (1) local spammer ran a bot script against the domain name of my isp account and i reported this spam to his isp and to his boss (it was a real estate spam).
his isp (roadrunner) refused to punish him. he kept his account and had a valid list of addresses to sell the big spammers of the world.
within four months of that first spam, the junk in that account grew.
it's now at 20+ spams per day. almost all are hosted on chinese or korean servers and almost all use such bad grammar and spelling that only a moron would do business with them.
Getting rid of spam (Score:5, Interesting)
Simply reverse the email architecture on the 'net. Turn the current method of sending and receiving mail around. Instead of messages being immediately sent to the recipient's server, send the recipient a very tiny message saying that a message with this subject is waiting on the sender's computer for the recipient to pick up.
It would require a change in all the email software currently in use, and the only real hurdle that it provides is that people who are no longer on the Internet all the time can't send mail, but I'm sure someone would be willing to provide that service for a fee.
This would also make it much more difficult to forge headers on a mail, since you would need a valid IP address and/or domain name in order for anyone to get the actual mail that you wanted to send them.
Now, if you spam millions of people peddling whatever it is you're peddling, you'll be using very little bandwidth, a hundred or so bytes compared with several K, until those people come to pick up your message.
Furthermore, you won't be able to hide the originator of the mail nor would you have the problem of open relays spewing a constant stream of junk.
Couple this with PKI and you have a very flexible and very fair system.
The problem that I have with spam is that the current email architecture places 99% of the costs of email on the recipient. If you swing that around and make the spammers have their own, high end servers for handling the millions of mails that they want to send, then spamming will vanish in a hurry.
Huge Spike (Score:3, Interesting)
Before January 1, I was receiving a fairly steady 90-110 spam messages per day (of which Spam Assassin would catch about 50). Come the new year, it ramped up sharply, leveling off at 250 messages per day since February 1. Spam Assassin only recognizes 30-40 of them per day now.
Let's hear it for more effective federal legislation.
Politicians paid off (Score:2, Interesting)
This has only served to increase spam by preventing individuals from filing lawsuits on their own. Without this law in place California law [spamlaws.com] would have allows residents to sue for $1000 per spam. That would have gotten rid of many spammers.
Re:Better than real junk mail (Score:2, Interesting)
here in germany, if you have a "no junk" sticker on your mailbox, you can actually sue the pizza delivery service that ignored it (if you so choose to).
Also, junkmail by snail mail is illegal if sent to private persons. Counts for fax, too.
bye,
[L]
Re:hmmm (Score:3, Interesting)
You're not the only one to hold that opinion.
"What we need is a good old fashioned hanging." FTC Commissioner Orson Swindell, at the 2003 FTC Spam Conference, Washington, DC, on the subject of stopping spammers.
Re:Better than real junk mail (Score:4, Interesting)
Regular junk mail is a problem to. I discovered this when I moved to a new house. The previous owners were catalog shoppers. I was receiving 110 catalogs a week to the former occupants. I sometimes had to put some of them in my neighbors' recycling bins since mine were always full. Often important mail (e.g., bills) would be jammed in between the pages of the catalogs.
In the past four years, I've sent 450 letters and made more than 100 phone calls to catalog companies to make them stop. I've made a big dent, but I still get a dozen or so catalogs addressed to the previous owners each week.
Opt-out is not an option.
It's only forcing changes on the surface... (Score:5, Interesting)
Somebody spidered an autogenerated e-mail address *once* from my webpage (the address encodes the time and IP address of the requester) in violation of the robots.txt file.
This has proven most instructive. I've written up some of my experiences on my weblog [wirewd.com]. That single address has since been sold, resold, and resold again to a variety of folks. At one point, it was sent an e-mail trojan. It's received all kinds of different spam. Interestingly enough, it has not received any Nigerian advance-fee fraud scams.
Lately, there was a removal form with a JavaScript script included that would prevent you from typing in an address to be removed.
One really funny spam is a dating site that said that one of my friends has set me up on a blind date. To an address only known by spammers.
Regulating spam (Score:3, Interesting)
Spam is now legal insofar as the spammer includes adv: and a working email address (doesn't even have to check it).
Working state laws have been pre-empted. Many victims of spammers in Michigan and California received judgments, but no longer. Those judgments kept spammers on the run, making them hide their money in offshore accounts and keeping their apparent net worth=0 (excepting Ralsky).
Since spam benefits American companies owned by American citizens, real anti-spam legislation would have included sanctions against the beneficiaries of spam, including double penalties for income tax evasion and money laundering.
CAN-SPAM Permission Gave Permission for More Spam (Score:2, Interesting)
I think one of the biggest issues with an opt-out bill like this is that, basically, they have given every business and person in the world permission to send you as many emails as they want until you spefically tell them to stop. This is particular silly since in many cases you can not tell the legitimate commercial spam from the email harvesting spam, so you can not safely respond to any of them which means you will continue to receive spam after spam.
On top of this, who in the fuck has time to respond to every single piece of junk email they get every day to tell these people to fuck off? There aren't enough hours in the day which means that (even though the spammers were already doing it) Congress has given every business on the planet permission to deluge your email with commercial spam and there's nothing you can do about it other than try to filter.
The problem with filtering is that since these spammers are using your bandwidth and your mail server's processing cycles when they send you their message, they are effectively stealing time and effort from you or your business to deal with determining whether the message should be forwared on to your email client.
So, it seems there are a few things that need to be done:
* all non-"traditional" marketing must be opt-in. I don't want spim, spam, junk snail mail, phone spam, etc. TV and Radio? Fine, the advertisers pay for it, I can change the channel, they aren't depriving me of anything but some thumb power to operate the knobs and buttons.
* any commercial email must apply to the domain admin of the target for permission to send email to the domain (this can be automated to some extent), otherwise, no email is accepted from the commercial entity. It wouldn't take much to set up a system which can tell that multiple emails are coming in to a domain from the same sender....if this sender hasn't applied for permission, the mail server does not even allow the messages to be uploaded to the server.
* HUGE penalties for spammers along with HUGE pentalties for the hosting companies and governments if they do not take action to prevent known spammers from continuing to operate.
* a Known Spammers public registry (similar to the Sex Offenders registry), so that hosting companies can have ready access to prevent selling these people account and the public is aware of who these people are and where they are operating
* all sorts of other stuff that I don't have time to go into
Of course, one of the biggest impediments to a lot of this stuff is that congress and the president will never fully fund any of these efforts, so there will be no enforcement
Re:Get a GRIP! (Score:3, Interesting)
Clearly they do not lie in making the punishment fit the crime. Five years for killing a baby like that is ridiculous, especially since the bastard will probably be out in two if he behaves himself and doesn't get butchered by his fellow inmates. However I assume that you don't read Terry Pratchett, because he makes a very good point which applies to spammers in the book "Good Omens", co-authored with Neil Gaiman.
In the story the protagonist, the Demon Crowley, is assigned responsibility for the design of the M25 (a 6-8 lane parking lot that surrounds London). Through great effort involving numerous bribes, computer hacks and when all else failed moving some marker posts a few incredibly significant feet he causes the M25 to resemble the ancient symbol "Odegra". As a result of this millions of people are forced to suffer daily torment and frustration, which then then take out on their colleagues/pet/whatever incurring a small amount of corruption of their soul. This is then contrasted with a "traditional" demon who will spend years working on the corruption of a single priest.
So, yes, twenty years and a big fine does seem excessive when you set it against the penalty for shooting someone in the head. But when you divide 20 years by the millions, or more likely billions, of moments of angst the spammer created, they are really getting off quite lightly.
Nothing has changed (Score:3, Interesting)
There are a few dips for holidays, and since CAN-SPAM became effective on New Year's, there was a corresponding dip. But the amount my spam went down was roughly between the Thanksgiving dip and the Christmas dip, so nothing that would indicate there was anything else going on other than the holiday. Afterwards it shot right back up again.
I've also included a line on the chart to show my average spam, only after the CAN-SPAM act, just to make sure the data was not effected by my numbers from last year. And sure enough -- a steady rise.
total spam since 10/19/03: 84,415
most spam in one day: 1,054 (12/3/03, during some kind of wild post-Thanksgiving holiday surge)
percent filtered: 78.05%
total ham since 10/19/03: 1,702
spam to total email ratio: 97.98%
Re:No. (Score:3, Interesting)