UK Anti-Spam Laws Criticised

stripyd writes "The Guardian has an article about the ineffectiveness of British anti-spam regulations. Asside from the limited penalties, the Office of the Information Commissioner have yet to actually hand out a fine. From personal experience, the OIC aren't good at answering email on queries regarding the law, their web site, or suggestions that the current procedure of tracking down, printing out and mailing off (with a stamp!) a five-page pdf form to report miscreants be streamlined. The form itself is good for a few yuks, until you remember your taxes are paying for it to be outsourced to private sector hosting."

Better in Belgium

[Halo1]

Here we can mail spam sent by Belgians (or spamvertising Beglian website) to the economical inspection, and they do investigate (they even called me once for more information). Foreigners getting Belgian spam (not many of those, I guess) can report them as well, fwiw. Their address is inspec dot eco at mineco dot fgov dot be

Reason...

[vchoy]

"Asside from the limited penalties, the Office of the Information Commissioner have yet to actually hand out a fine."

Most of the spam offences are committed outside of the UK. I consider this a localised solution to a global problem.

British spam

[CdBee]

"Get your online next-day tea supplies here"
"How to understand Americans - get the guidebook!"
"Sizzling Shots of the Queen - Join today!"

It all gets rather too much at times.

More seriously, I'd say in the UK we have more trouble with semi-legitimate opt-out marketing than pure spam, almost all of which seems to come from the USA (yes, re earlier story, particularly Comcast and the baby-Bells)

There are so many sites in UK cyberspace geared towards getting email addresses for "free newsletters", and any club or association seems to want to send emails with a bare minimum of content and masses of advertising added. This I see as an attempt to legitimise spam, rather than mass-mailing, people are paying asociations and clubs to sell their products for them. Affiliate programs suck, and so many firms have been founded to do just this in the UK.

How many times must I tell them? I already have enough Tea.

Re:Death threats???

[Sv-Manowar]

People getting into the internet thinking there is easy money even after the boom, and spamming can be lucrative if done well. Its a risky game, but if some play it right the rewards are huge

Email queries to the OIC

[gilgongo]

> From personal experience, the OIC aren't good at
> answering email on queries regarding the law

My personal experience was going to their site to look for guidelines on the use of cookies and the collection of anonymous data. Finding lots of "guidelines" about stuff (which are basically extracts of legal documents it seems), but nothing that seemed relevant, I mailed them my question. Three weeks later I got a reply, which was at least relevant, if amazingly long and almost as confusing as the other stuff on their site that I couldn't undertand either.

They've got a hell of a long way to go in my opinion. During the trial of Ian Huntely, the police even admitted they were confused about the DPA! What hope is there for the rest of us?

Re:Death threats???

[Anonymous Coward]

I've been investigating them for almosst 2 years now.
I cannot say how I know this, without blowing my ONLY contacts I have with this "Underworld".

I CAN say this... the "Russian Mafia" is throwing in a huge pile of cashola to fund smart Russian and E European programmers who write the likes of SOBIG and other nasties lurking out there.

Tracing this activity is almost inpossible. With the mechanisms in place today, it's impossible to probe a box to see what it's 'listening' to.

There are ways to detect 'in real time" when one of these trojans are hijacked and record the IP address, but this is just some other infected host, there are approx a million out there.

Some anti spammers I know are responsible for shutting down about 100,000 in the past month, but that won't even make a dent.

Another project I know of is an Instant spam bounce system. When Spam enters a mail relay, it's instantly classified, if spam, it goes back to the original ISP it came from as a 'spam report", and do it within a second. Reports are consistant, so a script strips out the IP address (always in the header of the spam report), and sends the IP to the mechanism that disables known ports used by the virus or trojan.

All this takes place within about a minute, and can really ruin the day for one of those sleaseballs that started it.

Of course for this to be effective, every ISP can use something like AbuseButler, which can take immediate instant action.

I'm sure the people in this project are going to make an official announcement, but I'm told they are getting a lot of political resistance from the ISP... But this mechanism totally protects the privacy of the innocent victim. It blocks ONLY the capability of the worm or trojan to communicate, and it sends a log to the ISP.

Other methods are being experimented with, like crafting snoret rules to detect the trojan's protocol, extract information from the 'event' and pass it onto other systems who can deal with it.

Spam gangs, having a lot of money to spend, have the upperhand at present. All we can do, is report spam, get the ISP's to close down their gateways, or put huge IP blocks in the RBL's.

Because of some activities from some friends I know, who have been actively shutting down the infected hosts on a massive scale, the Spam gangs are very pissed off right now.

I wonder if anyone noticed any less spam...

At any rate - spammers WOULD stoop to killing anything that threats their MONEY MACHINE.. laws or not... A law is not going to prevent some Russian programmer from releasing a virus.

Anything that threatens their PORN hosting service, which is really a huge collection of infected hosts, including some that might be used in church groups. Imagine them hosting porn.

Elaborate dynamic DNS servers are constantly re-pointing to new infected hosts many times a day.