Anti-Spam law Passed in Colorado 221
MadShark wrote to us about a new
anti-spam law passed in Colorado. It means that any commercial e-mail must have an "ADV:" label, as well as providing an easy way to opt out. But what's even more interesting is that politicians and non-profit groups must do the same as well. If a spammer violates the law, individuals can sue for $10 per e-mail, but ISPs can collect all the messages and sue the spammers for potentially millions. The question, of course, is the enforceability of the law.
The Internet Team on Spam (Score:1)
So when do they go public? NYSE:TITS -- Buy now!
Re:What I would like. (Score:1)
The problem would be how to detect spam. I don't want to lose important mail (or have their employees read it) because they thought it was spam.
Perhaps a NINJA would be the best person to ask.. (Score:1)
Re:Law Doesn't Do Much In VA (Score:1)
It parses the headers of your spam, looks up the IP addresses of the sites involved in sending the mail, then sends off an abuse report to the postmaster of each site. Spamcop also seems to do a decent job of detecting forged From: addresses, so you don't send spam reports to sites that had nothing to do with the e-mail.
The only danger with Spamcop is that they learn your e-mail address. However, I think they can be trusted not to abuse this information.
Slashdot Sesame Street (Score:1)
(Sorry. Couldn't resist.)
Worst song ever recorded. (Score:1)
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
I still prefer opt-in (Score:1)
Some good to this (Score:1)
Re:Nice way to handle it. -NOT! (Score:1)
I don't know the exact process, but isn't email almost always relayed through several servers between the sender and the recipient? If the first server in the chain refuses to relay the ADV tagged email, all the ones down the line aren't affected, right? If there's an informal agreement between admins to mysteriously lose certain emails, well, it's not their fault, right? (Wink, wink.)
I suppose I'm being overly simplistic, though. I'm certain that smarter people can tell me how I'm being stupid. After all, being able to have users easily delete spam isn't important.
Re:Law Doesn't Do Much In VA (Score:1)
Business idea for someone in Colorado or one of the other states that require spam to follow certain rules:
Set up a mail server say "spamcatcher" (spamcatcher.com is already taken), allow ISPs to set their the primary MX to "spamcatcher". Make all mailers in the MX chain ignore the MX records for spamcatcher.
Mail will then automatically be routed through the host in colorado, as long as it's up. If it goes down: no worries, the old MX chain will pick up.
Now at spamcatcher in colorado, have every mail tagged with a unique number. Allow people to authenticate as a reciever of a message through the spamcatcher, and mark it as spam.
Spamcatcher requires just a "one machine + internet link" investement and can make a profit off the $10 per spam message that goes through them!
Roger.
P.S. I would appreciate a share of your company if you decide to try it..
Re:A really bad law, on all counts... (Score:1)
No. To me it doesn't suck. I have several mailboxes. The one where mail with "ADV:" in the subject goes, I scan several times a week. The one where "the rest" goes, says "beep" and usually gets noticed/answered on 3 minutes notice.
It prevents me from getting distracted from my work by the beep and scanning my mail for every spam that I get.
I still think someone should setup an MX host in colorado, and make a profit from sueing the spammers. hehe.
Roger.
unenforcable (Score:1)
1st: A serious example of the trouble (Score:1)
Even though it's clearly labeled as a "1st post" doesn't mean that it's any less annoying, nor does it mean that it isn't a theft of the recipient's resources, (in this case, time, bandwidth and mod points) nor does it mean that it isn't an unwanted burden on the internet itself.
If the spammers comply, I'll set up all my resources to filter this out not just at the user level, but I'll also set up my systems not to pass *any* traffic of this type. The few spammers stupid enough to believe this system will work will get angry and try to rally the public in a crusade against those "internet censors" who won't forward their spam traffic to their victims, and they'll probably join the even more unlawful spammers who ignore the law in the first place.
Then we'll be back where we started, trying to shut *ALL* spam off at the source, just as CAUCE currently advocates. I'm not a director or executive, just a supporter/member, so I'm not speaking officially on behalf of CAUCE.
Don't see this "ADV:-tagging" as a loss or a victory, but instead another twist in the road to a spam-free internet. It's taking longer than I'd hoped, but we'll get there.
www.cauce.org
Join.
Re:I know where my millions are comming from! (Score:1)
You'd be sued, fined, and sent jail for that manuever.
This is good, but... (Score:1)
What kind of solution can we provide to check this problem at the source? Most people will say, "just delete it from your inbox," but this doesn't help the servers deal with the flood of mail.
Thoughts?
- Y
This legitimizes spam (Score:1)
As an anti-spammer [claws-and-paws.com], this bill is my worst nightmare come true. The opt-out clause is especially nasty, since now it means that we can get hit by each spammer once under the law, and we will have NO recourse whatsoever, thus, this bill isn't going to have any effect on the current spam situation. A much better law, IMHO, would be something like the current junk fax law, which states that if you get an unsolicited advertisement, you can sue the person for $500 per offence, or for $1,500 if the offence was "willful".
Okay, that's enough bitching from me, since there are already a few good laws on the books that are just waiting to be used against spammers in court. There's more information to be found on these laws at suespammers.org [suespammers.org].
"ADV:" string - legal comments (Score:1)
I am not a lawyer, have not read the law, nor reside in America, but I feel that Colorado residents may have legal grounds to sue if the subject of a spam starts with strings like " Adv: " or " -ADV: ". To win such a case, one needs to demonstrate that the string " ADV: " is intended as an aid in filtering the message, and by not quoting the string exactly - identical character for identical character - the spammer is breaking the law. When computers are concerned, a narrow interpretation of the law is necessary because computers are very literal devices. If you win, you can set a precedent (easy if the spammer never shows up in court when you sue) and future plaintiffs can cite the case as a precedent for their own cases if the same circumstances apply.
--
Re:Pontification of enforcability (Score:1)
hrm.. (Score:1)
Re:Good and Bad, mostly bad, but one neat idea. (Score:1)
Remember Murkowski's bill? Now that we've got the Colorado law, we'll see tons of spam with "ADV:" in the subject line, and the language "Since we used
ADV: this isn't spam, nyaah nyaah nyaah". This law legitimizes spam, rather than prohibiting it.
"
The whole point of this is that if all the spam starts containing ADV: that makes for a very easy text filter, which most email programs support. Have any of your real email contacts ever sent you a message containing the string ADV:? (Seriously
Re:Another reason for "network engineer license" (Score:1)
Licensing is just a means of a letting a company know you are competent. If a company hires a "not known to be competent" network engineer and the company then is later sued for having a relaying SMTP server, they would lose on the grounds of negligence.
--
Another reason for "network engineer license" (Score:1)
However, the DDoS of a week ago and this current article indicate to me that maybe a good first step would be to license network engineers and other "users" of "public access" software. Items on the test would include
-how to config a router to drop spoofed packets
-how to turn off relaying on an SMTP server
etc
All of the test items are geared, not towards guaranteeing employabiligy (ala MCSE, etc), but towards ensuring public safety (defined broadly).
Once the various "users" of software (network engineers, etc) have licenses, it may be possible to create licenses for certain kinds of software engineers. For instance,
-knows how to write code to find spoofed packets
-knows how to write code to run a secure SMTP server
As for "hey, I taught myself C when I was 3 years old and I can code circles around old-timers like you": Irrelevant. The licensing doesn't guarantee that you are a good programmer, it guarantees that you are a good engineer.
--
No kidding.... (Score:1)
--
Re:Finally! (Score:1)
Re:it's not for stopping spam so much as sorting i (Score:1)
As another poster pointed out, what's to keep this from growing out of hand? (e.g. "SPAM: ADV: BLAH: DOG: pyramid schemes are cool")
Re:Finally! (Score:1)
They usually do so by means of listservers (opt-in, opt-out).
The Good, the Bad, and the Ugly (Score:1)
The rest of this is a batch followup to the points raised (and missed) in the discussion so far...
- Attorney's fees are to be paid by the loser. This is a boon - $10 + court costs (plus collection costs?) equals a lot more money than just the $10 (can we hire Johnny Cochran?).
- Jurisdiction is based on the recipient's (opt: ISP's) location - not the origin. This is legal, but enforcement of the penalty might be more difficult (but see above - this could be part of your Attorney costs getting the luser to pay).
Having said that, the law still sucks - I still have to opt-out, and I still have to receive the message before I can filter it. I'll be calling down to Denver later today, I think.Got the source on that? (Score:1)
Sounds plausible... a little too plausible for me to accept it without a credited source. Where did you hear this?
Paid for by the Committee to Recognize Net-Legends.
Re:Finally! (Score:1)
--
Re:Spam isn't that big of a problem (Score:1)
this is my fear. I see a nice "opt-out" link, but I know that the spammers (the truly despicable ones) often use that only as a way of confirming e-mail addresses,i.e. if I reply they *know* it's a good address and will sell it as such.
I've been careful with my real email addresses, but it only takes one company to need the extra cash to open the floodgates, or one mistake by me in checking a box (or not unchecking one) and the game is over. I guess this is something the FBI could work on, since they're getting all sorts of "fear" funding from Congress.
--
Re:Mailing lists (Score:1)
-Restil
I know where my millions are comming from! (Score:1)
1. Get some investment capital.
2. Move to Colorado.
3. Start an ISP.
4. Get a sizable naieve user base.
5. Sell your user list to spam agencies.
(Note: Spam begets spam, so this is an exponential increase.
And notice how you conveniently let them screw themselves over.)
6. Hire some lawyers.
7. Reap the millions!
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Learnin' from each other's knowin,
It's strange ... (Score:1)
These same people are often the ones crying to keep the net free from government censorship, taxes, etc.
it's not for stopping spam so much as sorting it (Score:1)
My spam success (Score:1)
Recently I had my first ever success - the removal of two separate companies accounts from their ISP's for violating their spam policies.
The stupid thing is that virtually everyone is responsible to some higher authority (yes, even on a leased line) and it really is not that difficult to trace a spam mailing to it's true origin.
My personal tip for those who own their own domain and fill in lots of web forms you don't trust : Set your domain to forward all mail @domain.com to your email address.
When you next have to give your email address, give it a name such as SlashdotSpam@domain.com
This way you can easily block out companies that abuse your trust with filters.
Re:I think ...(Re:WTF? Whose side are you on!?) (Score:1)
Dur-hey?
We seem to agree but like to use different words?
Are you saying that since there are these 'DMA' people out there that no scammers exist?
Whatever. Goodbye.
I think ...(Re:WTF? Whose side are you on!?) (Score:1)
operate on the shady side of the law?
Remember that 'Law' thing? It's what keeps even
the suits from doing whatever the h*** they want?
You play by some rules, its okay. You skip, not.
The sociological purpose of business concerns gathering themselves into 'companies' is to utilize the strength of numbers, and variable skills of those numbers, and provide shelter if things come along to harm the business. Ahem.
The sociopathical purpose of a chain letter is
DWW.
Spam isn't that big of a problem (Score:1)
By using these techniques, I have reduced my spam count to a minimum.
Re:I think ...(Re:WTF? Whose side are you on!?) (Score:1)
What the suits in the DMA have always wanted is rules that let them spam our email the way they spam our telephones. But what the DMA wants for my mail spool is of no concern to me.
The day that DMA members pays for my internet access (the way, for instance, they pay for our "free" television), they're welcome to send me anything they want.
You continue with: ... obvious.
>The sociological purpose of business concerns gathering themselves into 'companies' is to utilize the strength of numbers, and variable skills of those numbers, and provide shelter if things come along to harm the business. Ahem.
> The sociopathical purpose of a chain letter is
I love the way you mince words - "sociological" has no meaning in the context of your sentence, other than that it begins with "socio". But to address your point, rather than flame your spelling -- is there a "sociological purpose" (I think you really meant "social benefit derived from") for business? Absolutely! Are chain letters sent by moronic sociopaths? Just as absolutely!
But when a business uses its "strength in numbers" to abuse people, they are exhibiting behavior just as sociopathic as any two-bit relay-raping scumbag. Was the Exxon Valdez any more acceptable because the disaster was caused by a company with a drunken tanker captain, rather than a psychopath pouring oil in the bay? Is it any less theft because the thief wears a suit?
Business is good. Email marketing via confirmed opt-in is very good. Spam is theft. Learn the difference.
Re:Finally! (Score:1)
Not viable... (Score:1)
You get an e-mail from someone using a bulk mailer that goes and kills the headers in the e-mail, so you can't see the IP it came from. I also get ones that have a spoofed IP, so it looks like it came from Hotmail, but actually didn't.
I also get e-mails that are of the variety "80323", with no @ or server address. Then, I get plenty of e-mails that legitimately show the unsubscribe address, but when I send an e-mail to the address, or website, either the e-mail account is full, or it doesn't exist, or the website isn't there.
So, this ain't even gonna touch the majority of SPAM e-mail.
(Also, their jurisdiction is only e-mails from inside Colorado to e-mails inside Colorado. What do they do about international e-mails?)
Re:Anyone got floor space in colorado? (Score:1)
Enforceable via Class-Action (Score:1)
ISP monitoring for dollars. (Score:1)
Basically that will violate the premise that ISP's do not monitor the content on their systems and thusly are not liable for it. They had better not touch this one with a 100' section of CAT5.
Re:Anyone got floor space in colorado? (Score:2)
(I tried signing up for DSL, but US West says my lines are no good...I think I'm too far from the switch. And Optel, the cable company in our area, doesn't offer cable modems. So I'm pretty much screwed in that respect...)
Eric
--
"Free your code...and the rest will follow."
I have a better idea. (Score:2)
I use it, but not 'features' (Score:2)
The One Useful Important Part (Score:2)
I see no reason why all ISPs with acceptable use policies that forbid spamming can't just configure their software to silently discard any email with "ADV:" beginning the subject field. It's not a very common word, after all. This would work to stop spam at the point of injection, and it could also be used in mail relays to blithely throw away whole bunches of spam on sight. ISPs are not public property, after all.
Forget the _bad_ 'opt out' clause (which is just stupid as no matter what law is passed, most opt out addresses are address harvesters anyway), the requirement of a machine-parsable identifier on spams is truly a Good Thing. This is not so that you can recognise spam when you get it- it's so that any ISP between you and the spammer has the option of parsing the spam, finding that it is explicitly something the ISP has no intentions of relaying or sending, and throwing it away before it even gets to you.
I realize spammers may possibly be upset at the idea of ISPs everywhere silently throwing away their spams before they even reach their targets.
Boo fscking hoo. They're lucky it's not a capital offense.
Re:US Nuclear Use Policy (Score:2)
Many people might indeed take the issue to court. I prefer just to do a little research and find out who their friends, family, and employer are. Call them up. Do background checks. I like to get to know my spammer. Market research? You bet! What house do they live in? What cars do they drive? Do they lock them? Do they have a dog around the yard? Have a pretty yard? A wife that gets lonely while they work? Get my drift? After all, if an invasive marketer wants to get to know me, I feel like I should know them too.
Nice way to handle it. (Score:2)
Re:Got the source on that? (Score:2)
Right here on
...
Ah-ha! I found the thread [slashdot.org]. It's called the Spam Recycling Center [chooseyourmail.com].
Check out comment #141 by SkurfGod (sorry, I'd link directly to the comment, but it comes up blank [slashdot.org]. Also, #213 by an AC, and #562 by synaptic.
Now, |DaBuzz|, in comment #596, posted a response that he got after e-mailing 'em:
We do not sell email addresses nor are we a "front" for email gathering.
Yes we are majority owned by IBL Inc. IBL is a database marketing company that builds large scale databases for many Fortune 500 companies. IBL deals mostly with business data, not consumer, and has absolutely no data sharing with ChooseYourMail.com. We are two separate companies and we share office space and data center facilities in their Chicago headquarters.
I can see how this could raise an eyebrow. If we did what you acuse, ISP associations, anti-spam groups, even the FTC, wouldn't support us.
If you'd like to talk, please give me a call at your convenience.
That's about all of the useful info, though. Draw your own conclusions. I know that I have.
Re:A really bad law, on all counts... (Score:2)
1. You still get soaked for the additional cost of the infrastructure to pay for all that mail with ADV: in the subject.
2. There's insufficient teeth to even make that
predicted outcome happen, whether or not you would find it acceptable.
Why allow them to send you ads at your expense in the first place?
Not just an inconvenience... (Score:2)
Hint: To be doing a good job, you must be easy to contact, even for users who can't figure out how to unmung your address.
Sorry, but anything that requires me to take action to avoid getting spam is a broken solution. Yes, my address is easy to find. It's my goddamn *JOB* to have an email address that is easy to find!
The solution is for people to bugger off and stop spamming addresses without prior express permission.
A really bad law, on all counts... (Score:2)
In summary, it sucks; almost everything you can get wrong with a spam law is wrong in it.
Re:Nice way to handle it. -NOT! (Score:2)
Is it really a "nice" way to handle it? Remember, you still have to pay the costs of maintaining a mail server that can receive the mail. No one is required to *accept* your opt-out requests. Mailers can use a 1-900 number for opt-outs, or an address which is cancelled by the time you see your spam. If you don't *successfully* opt out, it's *your* problem. Every marketer can send spam to every address at least once, even if the opt-out works.
This is a *bad* law.
And you are a *bad* person, for continuing to perpetuate the myth that spam is any kind of speech.
Free speech means you can say anything, not that you can say things anywhere. Spam has *never* been a kind of protected speech.
This is an *awful* law, and you're clearly new to the spam issue if you think it'll help.
Yes, spam should be a criminal offense, just like any other destructive means of consuming other people's resources at their cost for your own ends without their permission.
Re:Nice way to handle it. -NOT! (Score:2)
If you wanna pay a 10% tax forever, go right ahead.
In practice, filtering is *WAY* too late, and too expensive, and it's not a *solution*.
(Also, do you honestly believe spammers will comply? I don't.)
Re:Nice way to handle it. -NOT! (Score:2)
You don't get to talk on someone else's dime. Period. End of story.
Spam is speech at someone else's expense. That's wrong, and it's *NOT* related to free speech.
Free speech means you can say whatever you want *ON YOUR OWN TIME AND MONEY*, and no one can tell you to stop just because they don't like what you have to say. It doesn't mean you can force them to subsidize you.
Junk email has the same problems that postage-due snail mail would have, or that junk faxes and pre-recorded phone calls have.
Great idea! Obvious problem: (Score:2)
Then, of course, you get into chicken-and-egg problems. Who's going to bother programming this feature in their new mail client if it has NO POSSIBLE VALUE to users for at least a couple years?
I merely raise these issues so that all the experienced social engineers out there can solve them. IMO, this is a great idea.
Problems solved (?). Now details: (Score:2)
-a teacher (who, for whatever reason, can't set up a bona fide distribution list) sending to all students in a class
-a school sending to all students or a business to all employees (again, no distribution list)
-an internet bookseller sending to all previous customers who haven't opted out
-your semi-friend who always sends you the latest hilarious joke or factoid ("dark side of the moon is the soundtrack for wizard of oz!" "there's this new virus you can get just from reading email!")
-the person who once recieved an email also addressed to you who forwards a petition to 10 people (under the limit by itself, yet unbeknowst to her, far more than those 10 people have received the petition)
possible solution: an x-prior-relationship tag that the teacher, the school, the employer (and yes, sadly, spAmazon.com) can all include in lieu of the x-distribution tag. Your ignorant friend probably includes the wrong tag, because they only forward it to 8 people; oh well, what kind of person would sue their friend? As for the ignorant possibly-annoying propagandist, they couldn't legally include either tag, but you probably won't sue them either.
...
1) you can always positive filter grandma and anyone else who routinely comes in on the spam list. My suggestion is to set up macros (or have a client with a button to make it easy) so that you can positively filter any spam-triggered legit mail. Over time this will work.
Even better idea: your spambot bounces spam with a message "if you want to get through to me, better include this tag" with grampa-ese directions for typing it in to the message body. When you get email with the tag in the message body rather than the header, your email client gives you a dialog with a nice button to positive-filter that person so the problem doesn't happen again.
As a Coloradan... (Score:2)
I dunno how easy it is to sue off-shore spammers, but I'm sure somebody will try...
--
Re:Law Doesn't Do Much In VA (Score:2)
US Nuclear Use Policy (Score:2)
Most spammers will ignore these suits because it's only a few bucks. They figure nobody will spend thousands of dollars to collect $10.
They're wrong. Some people are so fed up with spammers - more precisely, their attitude that they're above the rules that apply to the rest of us - that they'll use the legal rights that most people don't use because it's not cost effective.
A court judgement is a powerful tool. With it, a credit report is fair game, as are calls to friends, relatives and neighbors to verify that you are not hiding resources for a lawful court judgement. With it, the angry victim can garnishee a wages, or bank accounts. They can have the local sheriff seize property and auction it off until the judgement, court costs and collection costs are satisfied.
Or they could simply call up the BBB to find the collection agency with the worst reputation, the tell them that you'll pay them $500 to take as long as possible while collecting. Nothing illegal, mind you, but you want to hit them hard and long so they won't mess you again... and you already have the court papers that open a lot of doors.
From a purely financial perspective this is madness - you're going to spend countless hours to get a net profit of a few bucks. From a revenge perpective, it's a very effective way to make someone's life a living hell.
This enforcement effect will be modest while only a handful of states have these laws on their books, but that will change as more states pass these laws. Even the one-in-a-million number in the hundreds once you cover most states. Courts will quickly learn to see contempt (in the legal sense) in messages with foreign origination sites but domestic PO Boxes for checks.
Re:Problems solved (?). Now details: (Score:2)
Thus, one person might decide to pretend they aren't multicasting by not counting non-opt-outers. That would be fine, just so long as their e-mail said so.
To my taste, the only acceptable spam is that which I have affirmatively asked for. All other e-mail that is multicast cannot pretend to be non-multicast, IMHO. The neat thing about the proposal, is that various versions can be adapted with a single RFC, and each user can decide for herself how liberal to be in receiving spam.
I do like the bounce-idea a lot.
Re:First Amendment Concerns? There is a clean way! (Score:2)
I noted that it wouldn't stop the spam -- it would just deprive those who spam of any incentive to do so. I belive that should be enough. Indeed, none of the other legislation does any better -- it just unconstitutionally requires marking, instead of constitutionally punishing false marking.
On the client issue, its a non-problem, imho. Your decision to continue using an ancient mail client is wholly within your purview, as is mine to receive your mail in my main box (as opposed to setting it aside for spam review). If I care to receive your mail, I'll just positively adjust my spam filter to take you in, but guys like you will likely be in the minority.
Great ideas percolate speedily (Score:2)
If the idea *is* any good, it will percolate. It should, because it can work. If it passes, even formally, I anticipate the pols will jump on it, because it makes great press to be nasty to spammers when first amendment people aren't whining. (First Amendment considerations have basically been what's holding up most of the spam bills raised before the Congress -- the reality is that the spam lobby has a good constitutional argument for which there is no good response).
As to updating clients, that will happen automatically. First, people will want the anti-spam stuff. Second, those who are oblivious will buy new machines over time, which will have modern clients installed. I think it will work.
Once an RFC is adopted, and then a bill passed, I think adoption would be speedy. I have already received VERY positive responses from some. Once one emailer carries the feature, natural selection will make adoption very speedy. Effective anti-spam is a highly attractive feature.
I agree that it won't work at all unless we can get folks behind it, however. I think good ideas have a way of percolating to the top, however.
As to your observation about rejecting mail from gramma's stuff -- here's my spin:
(1) you can always positive filter grandma and anyone else who routinely comes in on the spam list. My suggestion is to set up macros (or have a client with a button to make it easy) so that you can positively filter any spam-triggered legit mail. Over time this will work.
(2) I don't really dump any e-mails (my current spam filtering is over-inclusive), I presently just filter them to a separate folder, and then liberally flip throught it to separate the wheat from the spam.
In short, I believe that if properly advertised, this idea can and will be a win. It is better than unconstitutional laws, which are losing. It is better because it keeps government off our backs except when we lie (as opposed to merely being annoying), which is winning.
I hope this gives you greater confidence!
Re:Pontification of enforcability (Score:2)
Suddenly it becomes pretty easy to collect up the spam into a nice big batch. With a big enough batch, lawyers might take the case on a contingency basis. Soon, ISP's would be getting unsolicited (postal, first class!) mail from spam-specializing attorneys.
Re:Pontification of enforcability (Score:2)
- How the hell is an advertiser supposed to determine whether an individual lives in Colorado, or whether an e-mail address is owned by a resident of Colorado? Is any viable method provided for legitimate advertisers (or anyone, for that matter) to determine this?
- As an ISP in Colorado, the first thing I would do is setup filters on anything with a subject line starting with 'ADV:' - I've instantly solved all of my spam problems? Umm.. probably not.
Maybe it's not enforcable, but maybe we could pull a social engineering trick here:Re:I have a better idea. (Score:2)
:) *shrug* So I was trying to not be knee-jerk about it, so sue me.
There seem to be gray areas with spam... not all unsolicited email is necessarily unwanted? not all unsolicited email from organizations are even unwanted? Certainly not all spam is good and if we could find a technical way to eliminate it, it'd be cool, but I don't know that the issue is that clear cut. Maybe I haven't thought about it long enough.
Dummied reply-tos. (Score:2)
That'd make it worth it to pursue these guys. With that kind of money on the line, you can bet that illegal spammers would get caught quick.
Re:Law Doesn't Do Much In VA (Score:2)
ADV: (Score:2)
--
Re:Think about this carefully... (Score:2)
Well, it's an interesting idea if the only thing you use email for is to talk to real people. Probably 99% of my email is listserves. I have a right to require them to put MY filtering words in their subject? They're not going to unless they're morons. You order something from amazon.com and theres a problem with your order? You'll never know about it because you bounced their mail back with your silly rules to either an empty address or to
I had my filter set up with a list of addresses to never filter so this wasn't a problem. It's set up like this: a list of addresses/sites to never filter, always filter, or send an autoresponse to. Also a list of keywords to never filter, always filter, or send a response to. Default behaviour was to autorespond.
Keep in mind, addresses that passed the filter were automatically added to the 'never' filter list as default behaviour. I had over 250 spams in the course of a month, only one made it through. I never had a complaint about it from anyone who e-mailed me either--in fact many people asked me how they could do it.
A well thought out filtering system would only be the first step in killing spam. To really implement it properly clients and servers need to have additional abilities. Understand that I'm not advocating using the exact method I used--it was, perhaps, a clever hack, but not a final solution.
You may argue that this doesn't stop spammers from congesting the Internet with their trash--it is after all filtered near the end of it's path. This is true. For it to truly kill spam this technology would have to be very pervasive. This will take years to happen, but I could crack 1024 bit encryption with paper and pencil before any legislation will do an equivalent job of stopping it. Until then looping autoresponders can provide entertainment.
And yes, there are a plentitude of reasons why it can't be done. Fortunately there are a few reasons why it can be done--and thats the important thing IMHO. In the long run this could be implemented in an unobtrusive manner if done properly. I wish someone would hold a contest to see who could design the best system to do this--or at least hold a lengthy discussion about it. I really am convinced that this will work and that legislation will not.
numb
SMTP Tarpitting (Score:2)
The way it works, is that the SMTP server keeps track of the number of RCPT TO addresses entered by the spammer. After a predefined number (e.g. 10 or 15), the SMTP server delays its responses by sleeping for a few seconds first). This shouldn't affect most normal use, depending on what number you choose.
This slows the spammer down significantly, and has the appearance of a stalled connection--hopefully, causes the spammer to give up and move on.
I have no idea how it works in practice, but it sounds good on paper. It's far from bulletproof, but it sounds like it would help, without impacting legitimate mail traffic. Can anybody comment?
Much better way to control spam (Score:2)
If the people mailing you don't want to get on board, chances are they don't really have anything all that important to say, and if everyone did this, spammers would have to encrypt their messages to huge keys for each person they wanted to mail. The processing time to do this would be HUGE (A few seconds to encrypt to a 4096 bit key times a couple of hundred thousand people. Think about it.) And since you want all incoming mail to be encrypted anyway, everything works out perfectly.
Mailing list software could either be modified to encrypt to a list of keys or you could set up your scripts to allow mail from those lists. As long as the list alows only subscribers to post to it, you don't need to worry about the list being spammed. At least not more than once.
Re:Spam isn't that big of a problem (Score:2)
So I killed that account, stopped posting to usenet (you see what they have done to me and what hoops I must now jump through?), and created a deja-news account so I can freely post without having to worry about spam on my "real" account.
That worked fine at home, but I can't change my email address at work. The spam tapers off...then wham, I get another 10 a day.
People that claim it isn't a problem haven't been using the internet that long. I don't give real email addresses when I sign up for services (excepting those like slashdot), I always turn off the "Yes, send me notification of updates!" and "Yes, I'd like to hear from other vendors about similar products!", which are almost always ON by default.
People don't understand that I can reduce the amount of spam I get, however:
- It is inconvenient creating "dummy" accounts.
- It is inconvenient using services like deja-news to participate in usenet.
- It is inconvenient to "spam block" my email.
- It is inconvenient to constantly update filters.
So to anyone who offers these as solutions, my response is: in any way inconveniencing yourself is NOT a solution to a problem of being harrassed, we should not be being harrassed to begin with, end of story. I feel as strongly about this as I do about telephone solicitations and junk faxes, both of which we have real recourse. I have asked to be put on numerous "don't call" lists, and have not had many problems. Opt-outs in email spam result in litterally a flood of new spam most of the time.----------
Yeah this is great! (Score:2)
One thing I am curious about though. Any internet advertiser who wants to send an email now has to respect this law, correct? They would have no way of knowing who on their list lives in Colorado. What if another state passed a similar law requiring not ADV: but SPAM: for example? What would they have to do then? ADV/SPAM: ?
This is bad (Score:2)
Poor anti-spam legislation is actually WORSE than no anti-spam legislation. In the case of this law it's not anti-spam legislation at all because it actually PROMOTES spam.
Opt-out does NOT work and is NOT a solution to the ever-increasing volume of spam. Think about the real cost of spam: bandwidth usage, drive space usage, etc. NONE of these are decreased by an opt-out solution because even if you were to spend all day every day opting out of all the spam you received you would STILL be receiving it and you would STILL be sending out e-mail in response -- only instead of complaints (which get the spammer shut down, thus creating less spam) you are sending back confirmation that your e-mail address does indeed work!
So even if the company really doesn't spam you again (yeah, RIGHT!) they can still sell the address that they have now confirmed to be working to ANOTHER company which will then send you ANOTHER spam.
This law will only increase spam in Colorado -- not decrease it.
Re:Pontification of enforcability (Score:2)
Since the internet is a world-wide thing, it is difficult for any country to enforce laws concerning it, and even more so for a single state. However, does that mean that laws should not even be passed? No. There are plenty of laws that are difficult to enforce, but they are things we don't want people doing. We are setting needed standards for society.
Re:Pontification of enforcability (Score:2)
ADV ADS COM SPAM XYZ FD ASJK LKW FESJ KLFAS WPE VC GDE KDSF JF MKR DKJ EIO PFDS JYT Buy our Product!
What I would like. (Score:2)
In return for this free service I hereby grant spam-free-email-for-life.com whatever legal thing they need in order to sue spammers in my name and they can keep the $10. In return they agree to keep all my spam to mynamespam@spam-free-email-for-life.com and the rest of my mail to myname@spam-free-email-for-life.com.
They can have the money. I don't get the spam. Good enough for me.
By the way, tracing SPAM is often easy. If they want your money then they have to give you a way to contact them, don't they?
-----
Mailing lists (Score:2)
Spam effectively banned by conflicting state law (Score:2)
* Spammers fight like hell with the Direct Marketing Association to stop Federal regulation of spam, back in 95-96 or thereabouts. Spammers win, Feds decide to do nothing.
* Anti-spam advocates go into state legislatures, and start to win - state-wide anti-spam statutes pop up in 5 states.
* By my count, including Colorado, 14 states now have anti-spam statutes. (I have the list at work, but I'm on vacation... I only recall WA, CA, VA and NV off the top of my head.)
The beauty of this process is that the state legislatures are not all passing the same law. The Nevada filtration model (ADV in the headers, opt out method must be provided) rules in several states, while other states followed the Washington opt-out model [waisp.org] (states set up 'Do not solicit lists' - spammers cannot solicit on that list').
The effective result of this patchwork of state regulation is that by following one state's laws, a spammer can't help but violate another state's laws if the spam is sent nationwide. I don't see how any legal advisor to a spammer can green-light a nationwide spam using the same methods employed in the mid-90s. Trolling the net to scrounge up email addresses doesn't tell you which jurisdiction they're in...
Basically, a list of email addresses is useless unless it has a state field in the dattabase, too. Thank you DoubleClick!
If you don't know which jurisdiction's rules to follow, you shouldn't send the spam. Penalities like this Colorado statute eliminate the old profit model (40 sales of $20 each on 1 million spams was cost effective then; now those 1 million spams will generate you fines... you have to make more sales).
So thank you DMA, for effectively banning spam!
T
==
"This is the nineties. You don't just go around punching people. You have to say something cool first."
Re:Law Doesn't Do Much In VA (Score:2)
And it would be great if every administrator along the way did the same...15 grand for you, but
millions for the spammer.
RL
Lawyer: "joinder" is the important part (Score:3)
s
People are missing the most important part here. It's not the ADV, or
the $10, but "joinder."
Joinder is the legal concept governing what actions and parites may be joined in a single piece of litigation. Today, a spam going to ten sepaarte individuals is actionable as trespass, but would require ten separate actions. This law allows the ISP to join them all as a single action, making it economically feasible to litigate them privately.
I'd actually prefer a narrow law just providing that actions regarding email to members of the smae ISP may be joined, and that an ISP may file a single action against multiple spammers. Leave the decisions on exactly what constitutes the tort, or which (if any) tort it is to the courts and common law, which can handle it far better than a legislature could (the only case where I've found an improvement by moving from common law to statutes is the Uniform Commercial Code [which is arguable], and URESA [interstate inforcement for child support]).
This is a task at which the courts have done well for centuries; they decide
on the basis of actual cases, and look for simularities, eventually coming up with a general rule.
As far a jurisdiction, anyone committing a wrongful act that lands in another jurisdiction is subject to that jurisdiction. "I shot him on the cliff and didn't know the body would land in your state where murder is illegal" just doesn't cut it.
Bottom line: the law is already equipped to deal with spam; it's just to expensive at the moment. Letting ISP's file large actions will make it practical, and give us better rules than would come from a legislature.
hawk, esq.
My money making scheme. (Score:3)
Re:Law Doesn't Do Much In VA (Score:3)
>difficult to trace
All you have to do is visit www.spamcop.net
I know that this sounds silly, but I don't know them, and I don't trust them. Remember the service -- can anybody back this up with facts? -- that popped up about a year ago? Report spam, get a $10 gift certificate at CDNow [cdnow.com]? As it turned out, the company running this program was a huge marketer and spammer.
So now I'm wary of sites like SpamCop [spamcop.net]. Anybody know anthing about the history of it, or the person that runs it, Julian Haight?
To be honest, from what I've seen, it looks trustworthy. But you know: once bitten, twice shy.
I'm just a bill (Score:3)
(Even you young 'uns should remember the simpsons episode: "I'm an amendment-to-be, yes an amendment to be..." child:"But couldn't we just pass a law against those dirty hippies burning the flag?" amendment:"Actually, the constitution forbids that. But if we change the constitution..." child:"We can pass any crazy law we want! Hooray!")
First Amendment Concerns? There is a clean way! (Score:3)
The difficulty is that this bill require the INCLUSION of content. There is another way, which I have been advocating, that I believe would pass constitutional muster, but it requires we tech-heads to build some infrastructure:
(1) PUNISH any e-mail message that falsely makes representations concerning the manner in which the message (and substantially similar messages) had been distributed. Thus, if an e-mail contained the following:
"This e-mail, or e-mails substantially similar to this e-mail, was sent to fewer than 20 addresses within the past few months by me or persons affiliated with me; excluding those persons who have given to me, and have not withdrawn, their express consent to send unsolicited mail."
And the statement was false, book 'em Dan-O. Punish the crap out of them -- criminal sanctions, civil actions with attorney fees and fixed statutory damages, whatever. The Constitution does not protect false speech.
(2) Of course, that doesn't help anything. Now, establish a convention, say an "X-DISTRIBUTION30" tag that means the same thing. the convention should be designed so it is unambiguous (at least as unambiguous as the preceding message). X-DISTRIBUTION should expressly exclude automatic consenters, including subscribers to listservs that have not unsubscribed.
(3) Now, get e-mail clients to routinely generate e-mail with the X-DISTRIBUTION30 tag, except when they are actually distributing to more than 30 people. Because it is an anti-spam measure, the market desire to have this feature should be strong.
Now, voila! We can filter spam simply by punting all mail without the X-DISTRIBUTION tag, or putting them aside so we can still receive e-mail from folks with older clients.
The TRICK here is that we are punishing only those who have affirmatively ADDED false information, while still retaining the ability to filter. By having everyone ubiquitously saying their e-mail is non-spam, we aren't requiring anyone to say that they are.
And there you have it: a constitutional law that actually admits affirmative spam-filtering. The neat thing is that we don't need to wait for the legislature. Current unfair competition law may already provide remedies for false spammers if we can get the tech going promptly, and Congress will quickly follow our lead to "beef up" the downside for yicky spammers.
Of course it doesn't work unless we create a decent net standard, and make it fairly ubiquitous. Anyone want to teach me how to do an RFC?
And it won't really stop spam from happening -- it will, however remove the incentive, since most e-mail clients will probably be coded to filter out or down-grade priority for the mass-distribution stuff.
I am very interested in any comments the community might have on this.
Filtering is not an option. (Score:3)
> of Subject: labelling, the CO law will have the same problem]
>
> The whole point of this is that if all the spam starts containing ADV: that
> makes for a very easy text filter, which most email programs support.
So what?
By the time the Subject: line is read, the damage is already done - the SMTP transaction is complete, the bandwidth has been consumed to send it, and the diskspace wasted to store it.
I have no desire to live in a world in which 30% of /var/spool/mail is composed of spam which only gets filtered after it's transmitted. I want a world in which the spam doesn't get sent in the first place.
A law that says "Go ahead, spam all you want as long as you put ADV: in the Subject: header" doesn't solve the fundamental problem, namely that spam is theft of privately-owned resources.
Would you say that all junk faxes are OK if labelled "Junk Fax! Throw me out!"? That telemarketing calls, regardless of "get me off your list" preferences, can be made at all hours of the day or night, so long as the droid who calls you at 3 in the morning says "I'm a telemarketer! I guess you just want another hour to think about our exciting offer!" before calling you again at 4am?
The junk fax law isn't too bad. In the US, junk faxes are worth $500 for the first offence. The TCPA isn't great (as it allows telemarketers the first call free) and it's hard to collect evidence and sue, but it's still possible. Both of these laws got watered down from what the general public wanted (extermination) due to the influence of pro-harassment organizations such as the DMA.
Consequently, despite the aforementioned laws, I still see junk faxes and get telemarketers calling me. I'm drawing my line in the sand here. I don't want to see more spam and filter it out - I want it, and those who send it, exterminated. I want the cost of spamming driven so high that today's spammers will be forced to find honest ways of making a living, like pimping their grandmothers for crack.
Any law that allows someone to abuse my resources, but denies me the right to sue his ass into the stone age, isn't worth passing. It's my FAX machine, my phone line, and my mail spool.
I support laws which say "Fsck with the private property of our citizens at your peril". I oppose laws which say "You can abuse other people's property as long as you follow a few rules". I vote and contribute to campaigns accordingly.
WTF? Whose side are you on!? (Score:3)
> maybe we could pull a social engineering trick here:
>
> * Concede that certain kinds of spam (eg. JCPenny sales) are less agressive and annoying than other forms of spam (eg. porn/get-rich-quick)
> [
> * Public opinion will become more negative towards the get-rich-quickers (because they're not playing by the rules), and perhaps that'd be enough to keep the "bad spam" to a dull roar.
My apologies if I've misunderstood your post, but what the ring-tailed rambling fsck!?!
If you think there's a distinction to be made between "good spam" (from "good companies") and "bad spam" (from "scamming scuzzballs", you're playing straight into the hands of the DMA. The only "social engineering trick" here is that the DMA is trying to pull the wool over our eyes by making us believe that theft of service is OK as long as the thief wears a suit.
Spam is not about content. It never has been. Spam is about theft. JC Penney has no more right to consume my diskspace and network bandwidth (and if I'm on a wireless link, reading mail through a cellphone, my money) than Joe Chickenboner in his beer-can-littered trailer.
There's no "good spam" vs. "bad spam". It's unsolicited. It's commercial. It's email. It's theft. If you steal my resources, you get your connectivity yanked. If you're Joe Chickenboner, you lose your dialup. If you're a big mainstream company considering spamming, search for the term "mainsleaze". Look up what "RBL" stands for too. Big companies who spam get the same treatment, it just costs them more and takes a little bit longer.
Legitimate businesses do not steal potential customers' resources in order to market their products. Legitimate businesses which attempt to do so cease to be legitimate. Spamming will cost you your reputation and ultimately sales.
In defence of JC Penney, (to the best of my knowledge), they're only being mentioned here as a hypothetical example. The only spam I ever received from JC Penney's was when their insecure relay was raped a few years ago and used to send me a Make Money Fast. I looked them up on whois, and reported it (and the originating IP address of the spammer) to JC Penney's registered technical contact. The administrator wrote back within a few hours, and was quite embarassed and eager to secure his company's server to prevent such abuse in the future.
Re:Law Doesn't Do Much In VA (Score:3)
I agree that the spam laws are generally pretty worthless to anyone except the large ISPs (big surprise there - a law that only benefits large corporations).
That being the case, why is it so "neat" that these laws are being passed? To my eyes, it is an example of politicians currying favor with voters by appearing to be taking a strong stance on something that they :
Okay, I'm a cynic, I know. But would someone please explain why these laws are truly "neat" and not just a waste of taxpayer time and money?
Block methods, not content (Score:3)
Bulk is the issue, not content. Focusing on "commercial" email ignores religious, political, or nonprofit (RPN) bulk email. What about spam for web pages with political content that include a link to a bumper-sticker store. Illegal? Without the link, somehow less annoying?
Discriminating against "commercial" speech will be unconstitutional. Spam about Zeus: OK. Spam for a book about Zeus: illegal? Spam is nasty horrible stuff, but can you persuade the Supreme Court that spam is yelling "fire" in a theater? Inciting imminent riots? Obscene with no artistic, scientific, or political value? That's the hurdle. Better to focus on feasible solutions. However...
Better tech is the only realistic solution to spam, but this type of bill could hypothetically make some anti-spam technology less effective or even illegal. Already there are some emerging solutions [brightmail.com] to catch bulk email as bulk mail (compared to "mail from a bad address" blocking or "mail with the wrong words" filtering) and catch it at the ISP level. What happens if a RPN organization complains that 1. their spam is legal and 2. their spam has more protection than commercial speech? If content is what matters, does RPN spam, which is somehow less evil than comm. spam, get more protection against ISP level filtering?
This law only gets the really stupid and naive spammers, who generally don't spam very much and more than once. They pay someone to run their ad (with a real phone # and address); they get a thousand nasty calls; they give up and go back to their classified ads or whatever they were doing before. The person they hired to do the computer work is long gone. Sure, ignorance & no excuse and all that, but you've only stopped 0.01 percent of the spam. The satisfaction of watching them pay will last about as long as it takes you to get back to your inbox.
Real spammers hide their tracks, hijack resources, change mail-drops frequently, use offshore credit card processing, and if they're really into it move everything out of the country. And if they're in the U.S., they're probably already violating the law. Why would they care about new laws? Laws already violated include:
And as others have written, this topic isn't a state issue, as state lines are essentially invisible to the internet. State standards for internet tech would be as useful as state standards for TV and radio signals, cell phones or electrical equipment.
We really, really don't want legislators fiddling with internet standards right now, no more than I'd want my (wonderful person but can't program a VCR) grandmother to insist on "helping" me in fixing the innards of my computer. Good intentions don't cause competence, and with legislators good intentions can be bought with a few donations and a sob story. Let them think that they helped with spam, and next thing you know they'll want to help with other things. library filters. ipv6. dsl vs cable modems. things they don't understand but by gosh a new law should fix everything. Call them in if the technology fails. It hasn't.
A similar law works adequately in WA (Score:3)
There is an in-state registry, where you can identify your e-mail address as being in WA state (not really effective, but it at least handles an initial hurdle on filing claims later).
A local ISP has provided a sort of "how-to" [telebyte.com] on chasing down the spammers and making money. One of the more interresting link is a step-by-step [wa-state-resident.com] guide to getting the spammers to pay.
These laws can be effective; the catch is that it's time consuming to follow thru on them. In Colorado, at only $10 per message, it won't be worthwhile for most individuals to invest their time. Although the ISP's stand to make quite a bit if they can satisfy the courts that the spammer has reasonable knowledge or means to learn that the destination addresses were in that state.
Still, these laws don't do too much against non-US spammers. Many of them couldn't care less about a state's law since they're relatively safe from any prosecution.
Wrong, wrong, wrong! (Score:3)
Uh, no. Maybe you should REAL the bill before commenting on it.
(4) IT SHALL BE A VIOLATION OF THIS ARTICLE FOR ANY PERSON THAT SENDS A COMMERCIAL ELECTRONIC MAIL MESSAGE TO FAIL TO USE THE EXACT CHARACTERS "ADV:" (THE CAPITAL LETTERS "A", "D", AND "V", IN THAT ORDER, FOLLOWED IMMEDIATELY BY A COLON) AS THE FIRST FOUR CHARACTERS IN THE SUBJECT LINE OF AN UNSOLICITED COMMERCIAL ELECTRONIC MAIL MESSAGE UNLESS THE SENDER:
(a) IS A TAX EXEMPT NONPROFIT ORGANIZATION; OR
(b) IS A POLITICAL OR POLLING ORGANIZATION; OR
(c) IS AN ORGANIZATION USING ELECTRONIC MAIL TO COMMUNICATE EXCLUSIVELY WITH ITS MEMBERS; OR
(d) IS AN ORGANIZATION USING ELECTRONIC MAIL TO COMMUNICATE EXCLUSIVELY WITH ITS EMPLOYEES OR CONTRACTORS, OR BOTH; OR
(e) HAS A CURRENT OR PRIOR BUSINESS RELATIONSHIP WITH THE RECIPIENT, AS DEFINED IN SECTION 6-2.5-102 (1).
-pf
How can we let laws like this pass? (Score:3)
I don't need or want the government telling me what e-mail I can and can't receive or send legally.
Think about it, folks. Spam is one of the negatives you MUST live with if the Internet is truly to be free of censorship. What is this, other than censorship? If you want ideas to flow freely, you must take the bad with the good.
Where do you draw the line? If we agree that spam is bad and should be limited, how can we say that others are wrong to make transmission of other things -- such as DVD playback software, or commercial software in general, or "indecent" e-mails and web pages -- illegal as well? We hate one thing, so we make it illegal. They hate another thing, so they make that illegal. Then this group feels that they need to protect their children. That group wants the law to protect themselves. Soon, only the lawyers are making money, and no one can say ANYTHING over the internet. It will become as restricted as radio, and all of the freedom of communication that we lost to that device will be lost to the internet.
Slashdotters, we should be OPPOSING this law, not supporting it.
"I disapprove of what you say, but I will defend to the death your right to say it."
-Voltaire
"If we don't believe in freedom of expression for people we despise, we don't believe in it at all."
-Noam Chomsky
"Free speech is the whole thing, the whole ball game. Free speech is life itself."
-Salman Rushdie
"Only the suppressed word is dangerous."
-Ludwig Börne
"Censorship reflects a society's lack of confidence in itself."
-Potter Stewart
"If there had been a censorship of the press in Rome we should have had today neither Horace nor Juvenal, nor the philosophical writings of Cicero."
-Voltaire
"Without free speech no search for truth is possible... no discovery of truth is useful... Better a thousandfold abuse of free speech than denial of free speech. The abuse dies in a day, but the denial slays the life of the people, and entombs the hope of the race."
-Charles Bradlaugh
http://quotations.about.com/arts/quotations/lib
Law Doesn't Do Much In VA (Score:4)
Since it's a crime in VA, do I just call the police? ("Hello, police? I'd like to report a drive-by spamming!") I don't think that I'd get far with that.
And, of course, spammers have no idea of where I'm physically located -- not that I have any sympathy for 'em -- so can't limit their spam based on geographic limitations.
It's neat that we're passing these laws. But, as best I can tell, they're pretty much worthless.
Re:Pontification of enforcability (Score:4)
$ gpslookup makemoneyfast.com | launch-tlam
missile launched...
$ ping makemoneyfast.com
host is unreachable
$ exit
Pontification of enforcability (Score:4)
There are just a few of the matters which should have been addressed; all of them are equally difficult to overcome and are large enough stumbling blocks that, in my opinion, the bill is worthless.
It's my humble prediction that you're going to see people hacking boxes (if you can't trace the source, who can you sue?) to spam from as well as people outsourcing their direct e-mail marketing to ISPs in foreign countries.
Think about this carefully... (Score:4)
The part that really bothers me is giving government a precedent where they are allowed to regulate communications over the Internet. Anti-spam legislation just seems like a good way to get their foot in the door.
I honestly believe that spam CAN be stopped by technology. We need to protect ourselves. I wrote a great procmail filter a couple years ago that filtered all my spam based on required keywords. If the e-mail was filtered out, procmail sent an e-mail back explaining that all mail without the required keyword was filtered--please include [keyword] in your e-mail to get through the filter.
Once someone sent the e-mail with a valid keyword they would be added to the "never" filter list. Everyone I showed it to thought it was way cool, however I got my ass flamed to cinders when I proposed the idea on Usenet.
Using a procmail filter like mine was NOT an ideal solution. For instance, bounce messages from mail daemons were lost so I wouldn't know if I sent e-mail to an invalid address. However, I can see fairly clearly in my mind how a new e-mail system could be implemented that would be easier and more reliable.
I'd really like to get some people to put some brain-power behind an e-mail system that could display a "terms of use" or any message before letting an unknown user into your system. No, your average spammer won't give a sh*t about your terms of use message. However, the average spammer is not going to read through 15,000 "terms of use" messages and type in 15,000 keywords just to get you to send him $5.
Anyone have any insight on how this might be implemented? I'd rather put a 'password' on my account for security than risk trading my liberty for it.
numb
Good and Bad, mostly bad, but one neat idea. (Score:5)
- At $10/pop, no individual recipient of non-ADV-tagged spam is going to pursue legal action. The Washington state law that allows recipients of spam to sue for $500 is infinitely superior to the CO law.
- Remember Murkowski's bill? Now that we've got the Colorado law, we'll see tons of spam with "ADV:" in the subject line, and the language "Since we used ADV: this isn't spam, nyaah nyaah nyaah". This law legitimizes spam, rather than prohibiting it.
- ISPs can sue for $10/message. Sure, that's millions of dollars. But how many ISPs are gonna spend the bucks on lawyers just to sieze some spammer's 1965 trailer, collection of beer cans, and a few rotting buckets of chicken bones?
Good:Hear me out on this; I'm not advocating open relays. Just a relay that's "open enough to give the spammer enough rope to hang himself". Sendmail on such a box could be configured to allow the first 100 spams to go through, (resulting in minimal harm to end users), and to then silently drop the next few thousands of spams on the floor. While spammers don't have the millions of dollars required to make it worth an ISP's while to sue, many probably do have $1000 or so in seizable assets, which makes it worth the while of individual Coloradans operating specially-configured relay "honey traps" to hunt the spammers down for fun and profit.
What to do next is obvious -- use the logs to grab the spammer's IP address, contact the NOC at the spammer's ISP and mention that your relay has been attacked, and that you'd like to sue the spammer under the Colorado law. Even if you require a lawyer to obtain the spammer's identity, the cost should be minimal, particularly with the overwhelming weight of evidence of the spammer's guilt on your side.
Once you have the spammer's identity, send a demand letter to the spammer for $500 to settle out of court - if he ignores the demand letter, drag him into court for the full $1000.
Repeat, once for every spammer who attacks the relay. Finally, you too can make money fast with responsible bulk email!