Forgot your password?
typodupeerror
Spam

Is the CAN-SPAM Act Working? 280

Posted by CmdrTaco
from the i-highly-doubt-it dept.
DynaSoar writes "Lance Ulanoff of PCMag.com offer his opinion on the success, or lack thereof, of the CAN-SPAM Act. It doesn't appear to be working, though spammers have noticed, in that they try to make their spam look "legit". What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement."
This discussion has been archived. No new comments can be posted.

Is the CAN-SPAM Act Working?

Comments Filter:
  • No. (Score:3, Funny)

    by crashnbur (127738) on Thursday February 19, 2004 @04:14PM (#8331935)
    I get as much SPAM as ever, and it's not even fried with cheese between two pieces of bread.
    • Faster than ever (Score:5, Interesting)

      by OECD (639690) on Thursday February 19, 2004 @04:21PM (#8332062) Journal

      I recently signed up for an AOL 'free trial.' It took about five minutes before spam started showing up in the mailbox. I was amazed.

      (BTW, if you're on a Mac, don't bother--the Mac software for AOL doesn't appear to have been upgraded for a couple years--commercials be damned.)

      • by lcde (575627) on Thursday February 19, 2004 @04:46PM (#8332416) Homepage
        what shocked me is when my mother logged on to AOL, she started getting popup windows (not IM's) that were for sexy webcams and such.
      • Re:Faster than ever (Score:5, Informative)

        by Quarters (18322) on Thursday February 19, 2004 @05:11PM (#8332762)
        Chances are that you are getting spam that has been directed at your AOL username for quite some time. An AOL username gets released back into the wild at some point after the user has cancelled their AOL subscription. It used to be six months. I don't know what the time frame is now. You probably just picked a screen name that had been used before and has had spam sent to it since it was first created.
  • by AtariAmarok (451306) on Thursday February 19, 2004 @04:15PM (#8331950)
    It seems to be working about as well as the War on Poverty and the War on Drugs.

    The only thing I have noticed is that spam to my junk Hotmail accounts has dropped to almost nothing. I think this is due to a change in MSN's filtering, and has nothing to do with the legislation.
    • by ooby (729259) on Thursday February 19, 2004 @04:25PM (#8332133)
      You forgot the War on Terrorism and the War on Steriods.

      I've noticed a decline in spam in my Hotmail account as well. Hotmail still gives me false positives. In contrast using Yahoo! mail, I've recieved legitimate emails from real people that I know but haven't added to any address list. These emails have always been marked as legit. I recently have gone so far as to not check my bulk mail for false positives. I've also received one false negative. Right now, I think Yahoo! has an edge over Hotmail.
      • I've been getting about five or six false negatives a day with my yahoo account, for the last few months.

        I'm not too happy with their filter. I'll mark something as spam and still continue to get things from the same sender (which I mark as spam too, but it just doesn't seem to help).

        Oh, well. At least the 200 other spam emails I get each day in that account get sent to the Junk folder.
    • Hotmail's new filters have also deleted several legitimate messages sent to my account. I sent them an email detailing the problem, but they probably deleted that one too.
    • by dogbowl (75870) on Thursday February 19, 2004 @04:27PM (#8332172) Homepage
      and I've recently noticed that all email from my domains is blocked by Hotmail. I guess thats one way to stop the spam -- just block everything.
    • As with the WOD (war on drugs) it's what's called pork barrel spending during prime time (around election time). Pork barrel being many will try to cash in either financially or politically one way or the other. The act although it sounds good on paper or coming from the mouth of some guy in a nice suit with the subliminally place red tie to convey trust. But taking a step back to look at it, and anyone can answer the question for themselves... Can the US dictate what should be law in another country such a
    • It seems to be working about as well as the War on Poverty and the War on Drugs.
      Except in this case you can't escape to Canada to return to sanity. I should know, spam's just as bad here :(

      - slashdot@users.pc9.org [mailto]
  • I, for one (Score:4, Insightful)

    by SparafucileMan (544171) on Thursday February 19, 2004 @04:15PM (#8331955)
    am getting more spam than ever before. Since the spammers are operating out of foreign bases, I fail to see how the Act will do anything.
  • well duh! (Score:4, Insightful)

    by seriv (698799) on Thursday February 19, 2004 @04:15PM (#8331956)
    It is hard to shut down a worldwide, decenteralized group of people in a single country! It is a good thought, but it is not practical.
    • Re:well duh! (Score:5, Interesting)

      by leerpm (570963) on Thursday February 19, 2004 @04:25PM (#8332140)
      In actuality, a lot of spammers are located within the US. They only use remote facilities to mask their identities and cover up what they are doing. No, 'international enforcement' would not likely even have much of an effect either.
    • Re:well duh! (Score:4, Insightful)

      by TekPolitik (147802) on Thursday February 19, 2004 @05:42PM (#8333100) Journal
      It is hard to shut down a worldwide, decenteralized group of people in a single country!

      Since most spammers are Americans in the United States anyway, your statement appears to be -5 irrelevant.

      However, the conclusion that CAN SPAM won't stop spam is in the "well, duh" category. Gee, who'd have thought that a law that didn't ban spam wouldn't stop it?

  • by Igloodude (710950) on Thursday February 19, 2004 @04:16PM (#8331973)
    My Bayesian filters are starting to pick up on the snailmail addresses the compliant spams contain...
    So maybe there was one minor positive point to the law after all. Unless they're simply fraudulent, it's a lot tougher to change a snailmail address than an email or URL address.
  • hmmm (Score:4, Funny)

    by nizo (81281) on Thursday February 19, 2004 @04:16PM (#8331974) Homepage Journal
    What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement.

    Bring back public floggings or at least the stocks for offenders for god sakes.

    • Re:hmmm (Score:3, Funny)

      by irokitt (663593)
      It's been a while since we've had public hangings in the Western World, and I can't think of a better way to bring them back.

      Or maybe we could put them in an arena with some lions...
      • Re:hmmm (Score:3, Interesting)

        by DynaSoar (714234) *
        irokitt (663593)sez: "It's been a while since we've had public hangings in the Western World, and I can't think of a better way to bring them back."

        You're not the only one to hold that opinion.

        "What we need is a good old fashioned hanging." FTC Commissioner Orson Swindell, at the 2003 FTC Spam Conference, Washington, DC, on the subject of stopping spammers.

    • Re:hmmm (Score:3, Insightful)

      by Naikrovek (667)
      come on, spam isn't THAT bad. Yes, its annoying, yes it takes time away from real things, but is it really so bad that you'd actually want to flog someone publicly?

      I get thousands of spam messages per day and I don't consider it anything more than a very slight annoyance.

      there are a lot of things that should recieve legislative attention long before spam recieves it. think about that next time you complain that your favorite cause isn't getting enough attention.
      • come on, spam isn't THAT bad. Yes, its annoying, yes it takes time away from real things, but is it really so bad that you'd actually want to flog someone publicly?

        Spammers steal billions of dollars per year.

        Flogging is too good for them.
    • Re:hmmm (Score:3, Insightful)

      by IPFreely (47576)
      What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement

      What might make a real difference, according to any intelligent person not tied monitarily to the spammers, is a bill that isn't so forking full of holes, exceptions, and limitations that it does more dammage than good.

  • by StuWho (748218) on Thursday February 19, 2004 @04:16PM (#8331976) Journal
    You can buy your solution here for only $29.99.

    Free viagra with every order

  • by fembots (753724) on Thursday February 19, 2004 @04:16PM (#8331980) Homepage
    Now I start receiving spams that come with a nice big attached image which tells me that particular email is complied with the Can-Spam ACT.
  • What will work... (Score:5, Interesting)

    by Audent (35893) <[moc.stiucsibevoli] [ta] [tnedua]> on Thursday February 19, 2004 @04:17PM (#8331982) Homepage
    is producing legislation that takes the power away from the spammer and puts it in the hands of either the end user or their ISP so we can filter the crap out.
    If it's legit email then they can discuss it. If it's not we should be able to block it. I'm sick of paying for this rubbish.
    • by kfg (145172) on Thursday February 19, 2004 @05:07PM (#8332692)
      In what way is this different than the current situation?

      What sort of legislation would increase your ability or right to block or filter?

      What "power" are you thinking of? Do you have to be born on Krypton to get it?

      Do you suggest legislating the structure of the internet? How would you go about doing that and enforcing it? If it can be done by altering the structure of the internet what is the need of legislation?

      Yes, I too am sick of paying for it, seeing it, filtering it, having it clog up the whole bloody net, etc.

      The spammer's "power" is no different than my own though. The power to use email. The primary difference is that I'm not an asshole.

      If one could legislate away assholes, hey, I'd be the first to endorse it. The instant the bill passed there would be a loud sort of "Whoooooph!" inside the Capitol Building, followed closely by the implosion of the dome as a result of the sudden low pressure inside.

      Suppose you were an idiot. Suppose you were a member of Congress? But I repeat myself. --Mark Twain

      KFG

      KFG
  • Another... (Score:2, Insightful)

    by good(k)night (754537)
    Yet Another message about Spam... I don't like spam. I don't even like to read about it...
  • Well... (Score:5, Funny)

    by enderanjin (753760) <enderanjin.gmail@com> on Thursday February 19, 2004 @04:17PM (#8331998)
    It's working in the meaning of the word that means "not doing anything."
  • Who actually thought that the US goverment would sucsesfully regulate spam? Its ludicrious, how hard is it for a spammer to set up a server in a country that doesn't enforce such laws?
    • Regulating spam (Score:3, Interesting)

      by robogun (466062)
      It does regulate spam. It legalized it.

      Spam is now legal insofar as the spammer includes adv: and a working email address (doesn't even have to check it).

      Working state laws have been pre-empted. Many victims of spammers in Michigan and California received judgments, but no longer. Those judgments kept spammers on the run, making them hide their money in offshore accounts and keeping their apparent net worth=0 (excepting Ralsky).

      Since spam benefits American companies owned by American citizens, real anti-
  • No... (Score:2, Informative)

    by Trillan (597339)

    The only chnage I've noticed is that my filters are no longer as effective, now that some of the spams are trying to look legitimate.

  • by indros13 (531405) * on Thursday February 19, 2004 @04:19PM (#8332032) Homepage Journal
    I know it gets mentioned in every spam discussion, but getting an email forwarding account from Spamgourmet [spamgourmet.com] is a great way to avoid spam. You can create "fake" email addresses that will forward a predetermined number of emails to your main account. After the number expires, the remaining emails sent to that address are canned. Oh, and did I mention it's free?

  • by aconn (709312) * on Thursday February 19, 2004 @04:19PM (#8332034)
    ...that this bill would do anything? Email as we know it is going to get spammed, end of story. What we have now cannot be fixed through legislation or taxation. Spending a moment even considering that these might work is an utter waste of time.

    Eventually people will start using an alternative that is a little more spam-resistant.

    • weakened bill (Score:5, Interesting)

      by MrChuck (14227) on Thursday February 19, 2004 @04:36PM (#8332283)
      California had a decent (first pass) bill with some guts to it. It was to go into effect Jan 1.

      This bill, as federal, superceded it. Lamely.

      Which is pathetic and sad. /me wants to see a spammer get REAL jail time for
      stealing computer resources on high-jacked machine
      pushing scams that are ALREADY illegal

      Real jail time in a real jail with real property seizure. Loudly.

  • by roman_mir (125474) on Thursday February 19, 2004 @04:20PM (#8332040) Homepage Journal
    There was an article about a new spam filter just a couple of hours ago, they were supposed to remove 50% of spam emails. 50% of spam stopped sounds good, but what if 50% is 350 Billion email messages? Spammers only have to double their messages to go around this 'filter' to produce the same volume tomorrow as they produce today.

    What I would like to see is a spam signature sharing, Spam Detection Servers SDS would collect hash per spam email sent within a time period. An email will have to be stopped on any email server and verified against an SDS to see if it is not spam before sending it further. How would these SDSs collect the signatures? Feedback from email users, black lists, good filters etc. All email servers will have to register with SDSs, or they become black listed.
    But you probably can tell me why this is not going to work, can you?
    • There are existing solutions that work like this. Brightmail comes to mind. These types of solution still do not stop all spam, because spammers insert random characters into their emails so that each email will 'hash' to a different value.
    • What I would like to see is a spam signature sharing, Spam Detection Servers SDS would collect hash per spam email sent within a time period.

      What I would like to see is some kind of convenient exothermic chemical reaction, which would convert abundant materials -- such as, say, wood, or possibly carbonaceous minerals -- into glowing gases we could use to heat things up with. This would be of great use in preparing food and keeping warm in the winter.

      Little hint: Before you say "I wish a thing like thi

  • by tuanjim_2001 (534921) <lordjim&gmail,com> on Thursday February 19, 2004 @04:21PM (#8332059)
    What would really help would be placing a $10K bounty on spammers head. As in you bring in the proof of spamming on an individual and you get 10K and their head on a pike on your front lawn.
  • The suggestion that a law designed to contain a problem could actually be helping it grow stunned me.

    Did this guy pay the slightest bit of attention when the law was drafted?

    Then again, this is the same "tech" columnist who bitches about taxi lines [pcmag.com] at CES, clearly a major issue in the world of computing.

  • Huh? (Score:5, Interesting)

    by singularity (2031) * <nowalmart@gm[ ].com ['ail' in gap]> on Thursday February 19, 2004 @04:22PM (#8332080) Homepage Journal
    What might make a real difference, according to US Senator Conrad Burns, co-author of the bill, is international standards and enforcement.

    I thought one of the big problems with CAN-SPAM act was that it said that no one could set "standards" for what UCE was required to contain.

    No [ADV] or anything at the beginning of the subject line. Spammers know that requiring them to do that would make it significantly easier to trash Spam at the ISP level. They must have lobbied hard to make sure that the bill says that the FCC is *not* able to set "standards" for that identifying marks Spam must have.

    If you are going to write a law that tries to fight Spam (questionable intentions in the first place), at least give it some power to set "Standards".
    • Re:Huh? (Score:2, Informative)

      by Kelson (129150) *
      IIRC, the law does empower the FCC or FTC to set these standards. It requires spam to have a subject tag, and indicates that the F[TC]C should choose one within a certain number of months.

      So it didn't say "all spam must start with [ADV]," but "all spam must start with a tag to be chosen by the FCC within x months of this law going into effect."
      • Re:Huh? (Score:3, Informative)

        by djmurdoch (306849)
        IIRC, the law does empower the FCC or FTC to set these standards. It requires spam to have a subject tag, and indicates that the F[TC]C should choose one within a certain number of months.

        So it didn't say "all spam must start with [ADV]," but "all spam must start with a tag to be chosen by the FCC within x months of this law going into effect."


        You don't quite have it right. All porn spam needs a standard identifier (to be set by "the Commission", not sure which one), not all spam. See the text of the C [spamlaws.com]
      • Re:Huh? (Score:4, Informative)

        by singularity (2031) * <nowalmart@gm[ ].com ['ail' in gap]> on Thursday February 19, 2004 @05:19PM (#8332852) Homepage Journal
        Wrong, although you fell for that the Bush administration wanted you to fall for, so it is easy to see how that happened.

        The actual law says: [spamlaws.com]

        (b) LIMITATION- Subsection (a) may not be construed to authorize the Commission to establish a requirement pursuant to section 5(a)(5)(A) to include any specific words, characters, marks, or labels in a commercial electronic mail message, or to include the identification required by section 5(a)(5)(A) in any particular part of such a mail message (such as the subject line or body).

        Now, the FTC is required to report back in less than 18 months about the feasibility of requiring ADV: or other indicators, but does not authorize them to require it in the meantime.

        Want to try again?

        They are basically passing the buck off to whomever has to vote on it in 18 months. [You were right about one thing - it is the FTC, not my idiotic FCC]
  • No. (Score:5, Funny)

    by Vainglorious Coward (267452) on Thursday February 19, 2004 @04:23PM (#8332106) Journal

    Big unsurprise, no CAN-SPAM isn't working (assuming by "working" you mean reducing spam).

    A sample from my spam-bucket this morning (one of those logo design offers) :

    [snip]This mailing has been performed by Internet Marketing Solutions, 1719 University Avenue, Bronx NY 10453 USA,
    in compliance with the CAN-SPAM Act of 2003,
    approved and signed by the president of
    The United States of America on Dec. 16, 2003.
    For this reason, this email cannot be considered SPAM.

    • As the CAN-SPAM act doesn't even define "spamming" or set guidelines on what can or cannot be considered spam, the email is clerely Rule #1 complaint.

      You should send a note to their upstream informing them of this act of advertising fraud.
    • Re:No. (Score:3, Interesting)

      by yack0 (2832)
      But that's ok, cause Hormel has a hell of a case against Internet Marketing Solutions. :)
  • Dear:US Senator Conrad Burns,

    Mr. Habeeeb Von Dusseldorf who has been in exile in South Africa for the last twenty-three years has recently passed away, his estate is interested in transferring US$450,000 into an american account for use in the fight against the resistance in the colonies. Please reply w/ your Banking information including ABA routing number and account number. following will be vital information for which to you to transfer the money. Your reward for said actions will be 20%.

    Thank-you, Have a great day.

    Col. Maj. Fariziq Mouselli Achmed.

  • by swb (14022) on Thursday February 19, 2004 @04:26PM (#8332148)
    Follow the money trail. Get the people committing outright theft (ie, no product), selling fraudulent products ("your dick a yard long in 24 hours"), or otherwise illegal products ("valium overnight"). Make a few RICO cases where you can ensare anyone even remotely involved in the business. Send them all to jail for 20 years with millions in fines.

    Why is this so hard? This will put an immediate dent in spam. I'm not naive enough to think it will end it forever, but if enough people get nailed hard enough (including ISPs, banks, and others through a RICO prosecution) it will be damn difficult and daunting to even BE a spammer, let alone make any money at it.

    Instead we'll waste countless hours talking about making spam illegal, when it's the smallest of all the crimes involved in a typical spam message.
    • Enforcement of any SPAM (or other e-crime) laws is hampered by one big problem. The Internet doesn't fall into the jurisdiction of any single legislative or law enforcement agency.

      Passing US anti-SPAM legislation is rather like passing laws that prohibit the importation of Cuban cigars into Canada. We'd love to have that sort of control, and we're capable of throwing a lot of political/economic weight around to try and force compliance.

      But if a foreign power doesn't feel cooperative(or lacks enforcement r
      • Even though "the internet" doesn't fall into any single local jurisdiction, it's trivial to argue that spam is largely a federal enforcement issue from even a small sampling of it.

        As I said in my previous post, I know this won't get operations that are exclusively overseas -- but even following the money trail on this *can* hinder the ability of overseas spam/fraud gangs from getting money out of the US.
  • How laws can work (Score:5, Interesting)

    by RT Alec (608475) * <alec@FORTRANslas ... m minus language> on Thursday February 19, 2004 @04:27PM (#8332167) Homepage Journal

    Follow the cash. How does spam work? It works by getting someone to give the spammer money. Go after the money. Unfortunately, the CAN-SPAM act makes this more difficult, since individuals cannot go after the spammers, only ISPs.

    Here's what we need to have in law:

    • Hold those relaying spam responsible. You have an open relay? You are liable for any spam coming from your server. No more "pink" contracts.
    • ISPs should be held accountable for zombies on their network. Block egress port 25, or else he held responsible for spam spewing from your system. Wake up and administer your system, or pay someone that knows how.
    • If you sell a product or service via spam, even if you hire a third party do do the dirty work you will be held responsible.
    • Allow individuals to file civil suits. Unload the army of american lawyers on spammers, and create a bounty system as suggested by Larry Lessig.
    • ISPs should be held accountable for zombies on their network. Block egress port 25, or else he held responsible for spam spewing from your system. Wake up and administer your system, or pay someone that knows how.

      I like your other points. But I have a real problem with this.

      I run my own mail server without problems. But in your world, I could not run my own smtp server. Maybe only those who abuse the system should get outbound port 25 cut off. But then what constitutes abuse? Suppose my employer
  • by deathcow (455995) on Thursday February 19, 2004 @04:30PM (#8332211)

    My spam is canned and put on pallettes now and delivered by semi truck.

    Before CAN SPAM.. my SpamKiller trap had about 3100 spam per month.

    After CAN SPAM... my SpamKiller trap has about 4200 spam per month. Steadily growing, as always.
    • Yeah, I'm hitting 400 pieces of spam per day now. It's actually causing problems for my provider - SA is taking up a LOT of CPU time now, especially when it comes time to expire all of those poison tokens that spammers have been stuffing their spam with. As was previously mentioned, all thes spammers have to do is redouble their effort, and we'll get hammered :(

      What amazes me is these vermin are going to all this effort to push crap that people are ACTIVELY trying to ignore. Any salesman in real life g
  • by calmdude (605711) on Thursday February 19, 2004 @04:31PM (#8332219)
    I don't know anyone from Argentina, Brazil, China, Hong Kong, Malaysia, etc., so I blackhole [blackholes.us] their addresses (along with ISP's dynamic IPs). This can sometimes cause problems, but as far as a home solution, it's great.

    I block the addresses at my firewall so I automatically eliminate most of my spam as well as most port scans and scripted exploits (since a lot of them are foreign/rooted systems).

    I wouldn't do this at a large company, but you can probably get away with it at a small domestic U.S. business that doesn't need international communication through the Internet.
  • No. (Score:4, Interesting)

    by pla (258480) on Thursday February 19, 2004 @04:32PM (#8332242) Journal
    Need I say more?



    Grr... Okay, the lameness filter has forced me to say more. Fine.

    I receive roughly one thousand spam messages per day.

    Since the passage of the CAN SPAM act, that has not decreased in the slightest. I have noticed only a single difference, which actually has benefitted me, but won't work for everyone - The proportion of messages coming from "suspicious" foreign domains, like .il, .cz. .ru, .tw, etc, has increased quite a bit. So, since I block all of them, the amount of spam I actually see has dropped. Otherwise, no change in the total volume.
  • by Kozar_The_Malignant (738483) on Thursday February 19, 2004 @04:32PM (#8332245)
    There is law, and then there is enforcement. I'm sure there is still a no-jaywalking law in New York City. Does anyone care? No, because there is no penalty. When some spammer does Kevin Mitnick-style time for his crime, the law will mean something.

    Why would I buy Viagra from someone who can't spell it?
  • Yahoo's Spamguard (Score:5, Insightful)

    by Beg4Mercy (32808) on Thursday February 19, 2004 @04:34PM (#8332259)
    Yahoo has been doing a fantastic job of filtering spam. Of the hundreds (a thousand?) spam messages I get each week, only a handful make it to my inbox. The rest get put in the bulk mail folder. However, without their excellent filtering, email would be unusable.
  • I don't get spam.. (Score:5, Interesting)

    by Visaris (553352) on Thursday February 19, 2004 @04:35PM (#8332268) Journal
    Most people I know say they get tons of spam... I really just don't see how. Are you posting it to the web somewhere? Are you giving it away to pr0n sites? Do you still insist on useing that aol, earthlink, hotmail, etc address for no good reason? I never get any spam. I don't work too hard for it either. I create a new email account when I want to order something online, and then delete it when my order ships. I have an account for ebay, and paypal and the like. To be honest, that one gets 1-4 spams a week. And then I have a personal account that NEVER gets any spam. I don't have a filter, I don't do anything special really. Can someone tell me how they manage to get so much?
    • by Anonymous Coward
      i have one account. i created it about five years ago and have never used it. it was originally going to be a work related account.

      one (1) local spammer ran a bot script against the domain name of my isp account and i reported this spam to his isp and to his boss (it was a real estate spam).

      his isp (roadrunner) refused to punish him. he kept his account and had a valid list of addresses to sell the big spammers of the world.

      within four months of that first spam, the junk in that account grew.

      it's now at
    • by FattMattP (86246) on Thursday February 19, 2004 @04:56PM (#8332555) Homepage
      Can someone tell me how they manage to get so much?
      1. Friends or family members forwarding articles to me via the "email this story" link instead of just sending me the URL.
      2. Same as #1 except with online card sites or some other stupid dot com site that wants your email address.
      3. Posting to newsgroups before spam existed
      4. Posting to forums that don't mask email addresses
      5. Used to have unobfuscated email address on web site
      6. Email address sold by / misused by marketing folk
      7. Email address in domain whois records for over a decade
      8. Email address harvested from mailing lists I post to
      That's just what I can think of off the top of my head.

      All of that combined with the fact that I've had my email address since before the first Canter & Siegal spam on usenet even happened. After having my email address for over a decade I don't feel like changing it now.

      Oh, add lazyness to the list. I could make up a new email address for each company or person I deal with but it's too much work. I'd rather let spamassassin sort it all out. That's what computers are for, AFAIC.

    • by ChaosDiscord (4913) on Thursday February 19, 2004 @05:21PM (#8332881) Homepage Journal
      Can someone tell me how they manage to get so much?
      Sure, here's just a few possibilities.
      • Be listed as the domain contact for a domain where a working address is mandatory. Failure to have a working address is grounds to have your domain cancelled. (Fortunately many registrars offer filtered address these days, but that doesn't help for the addresses that were visible before and are already on lists.

      • Post to usenet. I stopped doing that years and years ago, but I got on spammers lists back then and those addresses still circulate.

      • Have your job require that your email address be on the web. Similarlly, be responsible for a business address (like "support") that has to be on the web.

      • Post to a publically archived mailing list that doesn't remove email addresses. Posting to said list may be part of your job and can't be avoided.

      • Have someone else post your mailing address to a publically archived mailing list

      • Have someone else send you a e-card from a sleazy site that resells addresses

      • Have a moderately common name and use a moderately popular email host, you might get dictionary attacked

      Ultimately, if you use the same address for long enough it will leak somewhere, possibly without your knowledge. Are you sure no one you know isn't posting a "Hey, my friend bob@example.com knows about this, as him" to a publically archived mailing list? Switching addresses isn't a very good option; it cuts off communication with other people. Throwaway addresses help (I use them myself), but to suggest that it's a reasonable option for Joe Random User is silly.

      Count yourself lucky that you haven't had a problem. I got a new email address with a new job about two years ago. That address has never been used for personal use, just work. I've always obfuscated it on my web page (I need to have it available as part of my job). But I'm already getting 10 or so spam a day. (Although that's an improvement over the 80 or so a day I get at my various personal accounts.)

  • exposing spammers (Score:4, Insightful)

    by Anonymous Coward on Thursday February 19, 2004 @04:35PM (#8332273)
    exposing spammers' real-life addresses on slashdot has worked wonders in the past against some notorious spamkings...

    i think we should double our efforts.
  • by j-turkey (187775) on Thursday February 19, 2004 @04:36PM (#8332278) Homepage
    Spammers are also blending approaches; for example, they might take the required snail-mail address and place hidden characters between letters. "Houston, TX" might appear on screen as "H o u s t o n, T X" where each space is filled with, say, a white, invisible x. In this case, the text filter, which some anti-spam engines employ, sees ""Hxoxuxsxtxoxn, TxX." The filter sees only nonsensical words, but the address still looks real on your PC. The result: There's no way for the filters to capture a traceable address, but end-users still think they're seeing a real mailing address.

    Maybe we can use the DMCA here -- they're trying to circumvent SPAM detection technology...sure it's a pretty serious stretch, it'd be applying a bad law to a bunch of bastards. Bad law (applied to) bad people is just like multiplying two negatives to equal a positive, right?

  • by Stumbles (602007) on Thursday February 19, 2004 @04:41PM (#8332348)
    Why anyone thinks a law against spam will some how slow it down, or for that matter have any effect is using their backside (the one you wipe) to think with.

    Until the spammers money flow is cut off no amount of laws making it illegal will have any effect. What should be happening and I find this RARELY addressed is holding the businesses that spam links to responsible.

    Passing laws like that is nothing but a show folks. Put on by our inept governmental leaders (that's a stretch of terms) to say they are working on the issue. Until those businesses that use spam to sell their products are held accountable my tax dollars (once again) are being pissed down the toilet.

  • by Dimensio (311070) <<darkstar> <at> <iglou.com>> on Thursday February 19, 2004 @04:41PM (#8332351)
    I've had more than one piece of unsolicited junk hit my inbox with the justification that it is "CAN-SPAM" complaint. Given that the law was essentially written by the DMA so that they could get the whores in congress to legalize theft by conversion as an advertising model, it looks like it's working. Working to encourage spammers and spam-friendly ISPs, that is.
  • by rixstep (611236) on Thursday February 19, 2004 @04:44PM (#8332392) Homepage
    Of course the law is working! Look at the evidence:

    1. Everyone is getting just as much as ever - if not more.

    2. The spammers are basically protected now. They can do what they want, and corporations have to accept it. And they can't sue either - the US fed govt reserves that right (and will not exercise it, except for show, when the peanut gallery gets a bit too suspicious).

    So it's pretty obvious then, that it's working? So what is everybody worried about?
  • by fudgefactor7 (581449) on Thursday February 19, 2004 @04:45PM (#8332402)
    What we need are a bunch of lawyers who are techy/geeks (like us). They form an LLC partnership. All of us submit to them our spam, they prosecute under the law for us. We give them a cut of the money once it rolls in. A legal lawfirm with lots of good lawyers, adept at what they do, can make the spammers pay. If they don't pay get an injunction on the spammer's assets--which we sell at auction--splitting the proceeds with the lawyers. Since spam isn't going to get better, this would be a perpetual motion machine...and just might make a couple of bucks at the same time.

    Hell, it's never been tried, so it has a chance, although I still predict failure.
  • by juggler314 (556575) on Thursday February 19, 2004 @04:47PM (#8332429)
    I was getting about 230 spam messages/day. A few weeks after the new year I decided to take the plunge and see if I could decrease it a bit.

    I basically tried to sort out which spams were legitimately adhering to the law (which wasn't too hard), and if anything was iffy I would fill out the unsubscribe link with a throwaway e-mail to see if I got spam from it.

    long story short 4 weeks later I'm getting about 170 spams/days. A decrease of 60 messages/day or about 25% less. Not a huge decrease, but noticeable.

    The big benefit though is that the spam that is left is more "spammy" than before - hence my bayesian filter has achieved a slighly higher success rate which is good.

  • by El (94934) on Thursday February 19, 2004 @04:50PM (#8332485)
    If the congresscritters that sponsored it get re-elected, than it worked! What... you mean is it working to eliminate spam? Do you really think that was it's purpose?
  • Getting rid of spam (Score:5, Interesting)

    by panda (10044) on Thursday February 19, 2004 @04:55PM (#8332543) Homepage Journal
    It's very simple, really. Make the sender pay for every message they send. How?

    Simply reverse the email architecture on the 'net. Turn the current method of sending and receiving mail around. Instead of messages being immediately sent to the recipient's server, send the recipient a very tiny message saying that a message with this subject is waiting on the sender's computer for the recipient to pick up.

    It would require a change in all the email software currently in use, and the only real hurdle that it provides is that people who are no longer on the Internet all the time can't send mail, but I'm sure someone would be willing to provide that service for a fee.

    This would also make it much more difficult to forge headers on a mail, since you would need a valid IP address and/or domain name in order for anyone to get the actual mail that you wanted to send them.

    Now, if you spam millions of people peddling whatever it is you're peddling, you'll be using very little bandwidth, a hundred or so bytes compared with several K, until those people come to pick up your message.

    Furthermore, you won't be able to hide the originator of the mail nor would you have the problem of open relays spewing a constant stream of junk.

    Couple this with PKI and you have a very flexible and very fair system.

    The problem that I have with spam is that the current email architecture places 99% of the costs of email on the recipient. If you swing that around and make the spammers have their own, high end servers for handling the millions of mails that they want to send, then spamming will vanish in a hurry.
  • by Degrees (220395) <degrees@sbcMONETglobal.net minus painter> on Thursday February 19, 2004 @04:56PM (#8332559) Homepage Journal
    Domain co.tulare.ca.us

    December 2003

    Total messages: 162,564
    Total messages blocked by SpamAssassin: 36,927

    January 2004

    Total messages: 180,375
    Total messages blocked by SpamAssassin: 48,661

    So what we have is 10% growth in total messages, but a 31% growth in spam.

    Making spam illegal isn't working. Not surprising to me.....

    FWIW, I attribute the 10% growth to MyDoom and its ilk - my user base did not grow 10%, nor do I think my users suddenly started sending more email - they just received more stuff that got deleted (but counted) by the virus scanner.

  • Huge Spike (Score:3, Interesting)

    by Aidtopia (667351) on Thursday February 19, 2004 @05:01PM (#8332623) Homepage Journal

    Before January 1, I was receiving a fairly steady 90-110 spam messages per day (of which Spam Assassin would catch about 50). Come the new year, it ramped up sharply, leveling off at 250 messages per day since February 1. Spam Assassin only recognizes 30-40 of them per day now.

    Let's hear it for more effective federal legislation.

    • Re:Huge Spike (Score:3, Informative)

      by Hayzeus (596826)
      Just a suggestion, but make sure that spamassassin is doing the black list checks properly. Mine wasn't, and I got abyssmal results. After an upgrade and a reinstall (and an upping of the score for the spamcop and spamhaus checks), I'm back to a better than 99% sucess rate (no false positives yet).

      Not all of the dns blacklists are created equal, but I have enough confidence in both the spamhaus and spamcop lists to automatically mark a message as spam if either of those tests fail.

  • Was it supposed to work? It was obvious to anyone with a semblance of a clue that it wasn't going to have an immediate impact. Its just supposed to try and firm up the ground for something more effective I think.
  • If you add in all the virus mail floating around, the load has only increased on my systems.

    At last check, I blocked about 700 netsky messages today.
  • Get a GRIP! (Score:4, Insightful)

    by NixLuver (693391) <stwhite@NOSPAM.kcheretic.com> on Thursday February 19, 2004 @05:25PM (#8332908) Homepage Journal
    Good grief, people. I'm reading through the comments on this article and hear lots of people (jokingly, I hope) advocating anything from lynching to immolation for spammers. Then I hear many advocating (apparently quite seriously) 20 year jail terms with big fines behind them - "There, that will stop those damn spammers."

    Stop and think a minute, people. Where are our priorities? On the evening news last night, I heard a man convicted of killing a two year old by punching her with his fist (seven times!) sentenced to five years. Five years. The two men who beat my brother in law to death got fifteen years apiece. You can sometimes get a total sentence of seven years (with time off for good behavior) when you roll up and shoot someone you don't know in the head.

    Spam is annoying, and undoubtedly a drain on resources, and a problem to be addressed - but I promise you that I would accept a thousand spam emails per day if it would save the life of one little child.

    Where are our priorities?

    • Re:Get a GRIP! (Score:3, Interesting)

      by Zocalo (252965)
      Where are our priorities?

      Clearly they do not lie in making the punishment fit the crime. Five years for killing a baby like that is ridiculous, especially since the bastard will probably be out in two if he behaves himself and doesn't get butchered by his fellow inmates. However I assume that you don't read Terry Pratchett, because he makes a very good point which applies to spammers in the book "Good Omens", co-authored with Neil Gaiman.

      In the story the protagonist, the Demon Crowley, is assigned re

  • by cmowire (254489) on Thursday February 19, 2004 @05:34PM (#8333019) Homepage
    They continue to spam you after you "remove" yourself from the list. I've been doing controlled experiments on these sort of things.

    Somebody spidered an autogenerated e-mail address *once* from my webpage (the address encodes the time and IP address of the requester) in violation of the robots.txt file.

    This has proven most instructive. I've written up some of my experiences on my weblog [wirewd.com]. That single address has since been sold, resold, and resold again to a variety of folks. At one point, it was sent an e-mail trojan. It's received all kinds of different spam. Interestingly enough, it has not received any Nigerian advance-fee fraud scams.

    Lately, there was a removal form with a JavaScript script included that would prevent you from typing in an address to be removed.

    One really funny spam is a dating site that said that one of my friends has set me up on a blind date. To an address only known by spammers.
  • by Larry_Dillon (20347) <dillon DOT larry AT gmail DOT com> on Thursday February 19, 2004 @06:41PM (#8333835) Homepage
    If >50% of all Internet traffic is spam, who's really making the most money off spam?

    Backbone providers get paid by the amount of traffic, not the type or quality of traffic. It is in their financial interests to pass any kind of traffic and sign up anyone who will generate alot of traffic. There was a recent Slashdot article about how spammers are just acting logically, in their best financial interests. Isn't this equally true of backbone providers?

    While I'd prefer to see a solution in code, like some kind of server authentication/certificate. If we want an effective law, I think it needs to be directed at backbone providers. Spammers are many in number, always moving and hard to regulate. Backbone providers are few in number and more likely to feel the reach of Law. We've all heard of "pink" or spam-friendly contracts that go against the TOS. That's one target. If we wanted someting really effective, how about a law that says ISP's only have to pay for legitimate traffic, or perhaps pay a reduced rate for spam traffic? That would light a fire under backbone providers to do something about spam!

  • Nothing has changed (Score:3, Interesting)

    by LuxFX (220822) on Thursday February 19, 2004 @07:17PM (#8334210) Homepage Journal
    I keep (quasi-) daily count on the amount of spam I receive. Today is actually my 4-month anniversary of my data set, so I've taken extra time to compile my data and post a chart of my spam over this period [luxfx.com]. The CAN-SPAM act (introduction and effective dates) have been marked, and the data shows that it's not doing a thing (for me at least).

    There are a few dips for holidays, and since CAN-SPAM became effective on New Year's, there was a corresponding dip. But the amount my spam went down was roughly between the Thanksgiving dip and the Christmas dip, so nothing that would indicate there was anything else going on other than the holiday. Afterwards it shot right back up again.

    I've also included a line on the chart to show my average spam, only after the CAN-SPAM act, just to make sure the data was not effected by my numbers from last year. And sure enough -- a steady rise.

    total spam since 10/19/03: 84,415
    most spam in one day: 1,054 (12/3/03, during some kind of wild post-Thanksgiving holiday surge)
    percent filtered: 78.05%
    total ham since 10/19/03: 1,702
    spam to total email ratio: 97.98%
  • by Grimster (127581) on Thursday February 19, 2004 @08:10PM (#8334718) Homepage
    First a short bit of introduction, I own a web hosting company, we host over 13,000 web sites across over 50 web servers, so SPAM is part of my life.

    CAN-SPAM is a dismal failure, I would call it a joke, but it is far, far from funny.

    Now not only do I have to deal with the usual spammers, and open formmail scripts getting us aggravated by the anti spam groups (will people EVER learn to install formmail.php|pl|cgi securely?) But now I have a new aggravation, people who want to spam citing CAN-SPAM because they are using it to legitimize their spam "But we're following ALL of the rules in CAN-SPAM we are NOT breaking any laws!!!" I'm hearing this quite a bit, and it's pissing me off.

    I just point to the part of our AUP that says "no bulk email, period" and send them on their way. But now not only do I have to worry about shutting down spammers and open scripts and dealing with spews and spamcop (et al) about the spam, I have to worry that some damned spammer is gonna sic his lawyers on us because we won't let him spam yet he's staying within the CAN-SPAM guidelines.

    Somedays I am tempted to enroll in some junior college and learn how to be a mechanic, or welding, welding is cool, take two pieces of metal, and make them into one! haha

Per buck you get more computing action with the small computer. -- R.W. Hamming

Working...