Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Spam

H.R. 3113: Spam Bounty Hunters Wanted 180

belgin writes: "According to this ZDNet article, the U.S. House Commerce Committee is considering a law that places a bounty on illegal spammers. These bounties would be paid to ISPs and individuals who track down and turn in spammers. Specific types of spam mentioned by the article include fraudulent spam and spam that attempts to falsify its origin. Fun to think about if you've landed on one too many spam lists, but a little scary in 'leads to ...' department." The bill, called H.R. 3113, or the Unsolicited Electronic Mail Act of 2000, would impose Federal law in the form of what seem to be common-sense restrictions on electronic junk. But belgin is right -- what consequences might laws like this have that we don't want to trade for, even in spam? Would private solutions be better in the long term?[updated 18th May 2000 13:45GMT by timothy] Not to be confused with last year's H.R. 3113.
This discussion has been archived. No new comments can be posted.

H.R. 3113: Spam Bounty Hunters Wanted

Comments Filter:
  • by Anonymous Coward
    Then you begin to wake up to reality.. the spammer will just go grab another AOL CD and be back on the net in under an hour. They're like cockroaches. You cannot kill a determined spammer. They will move to off shore providers if they have to but they WILL keep spamming. I'm suprised China or korea hasn't setup a spam haven where spammers can get remailers that are sympathetic to their anti-consumer ways.
  • by Anonymous Coward
    I'm glad you had luck. I haven't. I still get tons of dinner calls. Not many (obvious) repeats, but lots of calls

    We can't tell if the same telemarketer calls back with a different pitch. I worked for DialAmerica briefly, and people in the same room might be calling for 10-20 organizations.

    Your first link (and the lawsuits you discuss) were for junk faxes . That law is 9 years old (per the site), and yes, people are having success suing -- but only because the problem is still there!

    Your second link is a non-government filter list for spammer-friendly nodes, primarily useful to ISPs. Filtering is the type of self-help the poster above you says is one of the spammers big fears. The DMA supports HR 3113, after all -- isn't that a little fishy?
  • by Anonymous Coward

    Hijack someone's IP address.

    Send out spam

    Turn them in for the bounty

  • While I'd be a millionnaire if I actually actively pursued every bit of spam I've received in the last 4 years, it's generally not worth the trouble. I'm not going to waste my time and money just to take some spammer to court. I get satisfaction on a weekly basis from ISPs that email me back to say, "Dear Xxxxxxx, we have identified the spammer and terminated the account. Thank you for bringing this matter to our attention." And all it takes is 30 seconds to peruse the headers and forward them to the appropriate abuse accounts. While I'm not making a dime off it, the satisfaction of knowing that dickhead's two accounts (usually uu.net or yahoo.com and their actual ISP accounts) are gone for good and he/she'll forfeit the amount of $ left on that account, in addition to having to find a new ISP. That's justice enough - for me at least.
  • icky. Remember whose 'common sense' it'll be - a 70 year old _IMac_For_Dummies_ judge who differentiates computers by color, and between "computer professionals" and "damn hackers" by media stereotype.

    It's going to suck. It's going to suck badly.

    Hmm, anyone up for a "Keep your laws off my internet" geek campaign? Lemme know - my email address is real.

    --

  • From: <ac31337@$lash$dot.org>
    Reply-To: <tr0ll@hotgr1t$.org>

    YOU too can be RICH hunting spammers!!!

    Find about the new HR 3113 bill from Congress!!
    Now YOU can make the Internet a BETTER place!!

    Every day millions of 'spam' and UCE messages are sent through the Information Superhighway by unscrupulous cybermarketers. You have received several tens of them a day.

    But the new HR 3113 bill allows normal users like YOU and me to claim a bounty for every 'spammer' tracked and denounced.
    Until now 'spam' tracking was a black art known only by computer 'hackers'.
    But NOW YOU can HUNT and FIND them!!!!
    MAKE MONEY FAST AND EASY with my SPAMHUNTER COURSE CD-ROM (TM)!!!

    SPAMHUNTER COURSE CD-ROM(TM) allow easy tracking. You will know how to use our secret HACKER tools like WHOIS and TRACEROUTE to find the lair of this scum. Then you can claim your bounty at your local police station.

    Click HERE [geocities.com] to profit the LAUNCH OFFER to get the SPAMHUNTER COURSE CD-ROM(TM) for only $39.95!!!

    (You are receiving this message because you once asked to be removed from a spam address list, you idiot. If you want to be removed from our list, you can't. We are based off-shore for this law to stop us.)
    __
  • Better than spending tax money to pay hunters, make the spammers pay. It would be (100 + X) % of their spam booty, and it could be divided among the hunter, the state and maybe the spammed (difficult), in the style of privateers seizing pirates and fat galleons with the gold of the Indies.
    __
  • I honestly don't see the privacy concerns so many have mentioned, unless people are concerned about legitimate "spam" being mistaken for the real thing and small companies getting mistakenly raided with all those attendant privacy concerns.

    There are several things that make real spam easily identifiable:

    1. Fishing. They always want me to buy or send something. I've gotten spam that's non-commercial, but it's very very rare.

    2. Forgery. Forged headers are practically a defining characteristic. Again, I've gotten spam with non-forged headers, but rarely.

    3. Fraud. Just about every one I get is MAKE.MONEY.FAST in a new form, or else it's selling black-market herbs/medicines/whatever.

    The biggest problem I have with HR 3113 is that by saying "this spam is bad" it's implicitly saying "this other spam is good."

    The real problem, of course, is that SMTP is largely unauthenticated. What's needed is a "secure-net" of SMTP servers that do things like verify the forward and reverse lookups on the address of a sending host, strip out bogus Received headers, and so on. Basically eliminating the trust that allows spammers to get away with their nasty tricks. Sucks, I know, but these days paranoia is the rule rather than the exception (see the Slashdot DDoS discussion for plenty more on that subject).

    Would it violate the relevant RFCs for an ISP to set up an SMTP server to strip Received headers on messages coming from its dialup pool? That'd take care of about 90% of the spam right there -- they can run, but they can't cover their tracks. If stripping wouldn't be allowed, maybe there could be an additional header somewhere, an X-header containing the first "known-good" Received line, and that would always be stripped if a message comes from the ISP's subnet(s) with it already present unless other arrangements have been made with the customer.

    To those who say it would be too much effort to coordinate, I say open relay used to be the default and now it's fairly rare on servers that have been up for any length of time. This could be accomplished by peer pressure if the major sites jump on it.

  • AC wrote:

    It may be that I don't know what I'm talking about, but the government seems to be doing more about E-Mail spam than Snail Mail Spam. Not to mention deleting E-Mail spam is easier than deleting Snail Mail Spam. Doesn't make much sense to me.

    Many people don't realize it, but the USPS has confirmed that the rates companies pay on snail spam actually subsidize part of the cost of first-class mail. Translation: if companies quit sending it, your mail rates would go up.

    I pay half my bills online these days anyway, but there it is.

    Besides that you can recycle snail spam as firelighters :)

  • Try this one:

    http://thomas.loc.gov/cgi-bin/bdquery/z?d106:h.r.0 3113:

    That's the 106th Congress, not the 105th.

  • This is one of the routine mails I get every day. Another spammer bites the dust!

    Everyone should learn how to trace mail headers, and complain about *every* spam they receive.

    From Brian Willcott Wed May 17 14:00:36 2000
    X-Apparently-To:
    pdrap@yahoo.com via mdd103.yahoomail.com
    Received:
    from jewnix.org (208.44.130.245) by mta118.mail.yahoo.com with SMTP; 18 May 2000 02:13:51 -0000
    Received:
    from localhost (ids@localhost) by jewnix.org (8.9.3/8.9.3) with ESMTP id QAA18927; Wed, 17 May 2000 16:00:36
    -0500
    Date:
    Wed, 17 May 2000 16:00:36 -0500 (CDT)
    From:
    Brian Willcott | Block address
    To:
    Patrick Draper
    CC:
    ops@knetconnect.net
    Subject:
    Re: Fwd: RE: Have you submitted this?
    In-Reply-To:

    Message-ID:

    MIME-Version:
    1.0
    Content-Type:
    TEXT/PLAIN; charset=US-ASCII
    Content-Length:
    2930

    All apologies for this action. The user's account was terminated.
    Sorry for any inconvience caused.
    Sincerly,
    Brian
    brw@knetconnect.net
    On Wed, 17 May 2000, Patrick Draper wrote:

    > Your customer is a dirty spammer. Terminate their accounts and send
    > them to prison.
    >
    > --- alfred_dominic@IPMailStop.com wrote:
    > > From nei_zuer_xusta@ip-email.com Wed May 17 19:36:04 2000
    > > X-Apparently-To: pdrap@yahoo.com via web127.yahoomail.com
    > > Return-Path:
    > > X-YahooFilteredBulk: 193.105.56.209
    > > Received: from econ.insead.fr (193.105.56.209)
    > > by mta105.mail.yahoo.com with SMTP; 17 May 2000 12:51:15 -0000
    > > Received: from gateway-ga-nm1.mailhost.mcr-atl-mcremwin.net
    > > (31-kc1-dialup.knetconnect.net [208.44.131.31]) by
    > > econ.insead.fr
    > > (Netscape Messaging Server 3.62) with SMTP id 342;
    > > Wed, 17 May 2000 14:45:43 +0200
    > > Message-Id:
    > >
    >
    > > Subject: RE: Have you submitted this?
    > > To: @yahoo.com
    > > X-Mailer: Pegasus Mail for Win32 (v3.01b)
    > > Date: Wed, 17 May 2000 08:50:24 -0500
    > > From: alfred_dominic@IPMailStop.com
    > > MIME-Version: 1.0
    > > X-Encoding: MIME
    > > Content-Type: multipart/alternative;
    > > boundary="----=_NextPart_4388685666521173163256153 783464"
    > > Content-Length: 3659
    > >
    > > Home Owners, Get the + Plus + you need.
    > >
    > > + You want to consolidate bills
    > > + You want to make home improvements
    > > + You want cash for extras

    etc.
  • Sometimes I say

    "Please terminate the spammer's account, then go over to his house and beat him up, kick his dogs, eat his food, watch his TV, and slap his wife."

    You'd be surprised how many responses I get back from sysadmins who say that they thought it was funny, and the wish they could do that for real!
  • <I>One of the first things that I thought of was the possibility that the people who are "bounty hunters" may do what people have done in years past when the government ever gave actual bounties of this kind. All you have to do is just either create some of your own spam and then turn in the "user" or just pay people to post spam under fradulent accounts. Bam instant money.</I>

    Easily fixed by having the spammer actually pay the bounty (by having government extracting a fine from him.)
  • "...the U.S. House Commerce Committee is considering a law that places a bounty on illegal spammers."

    Ooooo! Do we get to take heads?
  • A bunch of Shimomuras looking for spammers. Now that's what you call worthwhile.

    Actually, for the spammers, we have one "Afterburner", who heads up the abuse desk at RCN/EROLS.

    Afterburner has a team of "Evil Abuse Desk Minions", who mercilessly track down and terminate spammers accounts, with various BOFH LARTS. RCN/EROLS, before the arrival of Afterburner, used to be something of a haven for spammers. Not so anymore.

    Over on USENET, in news.admin.net-abuse.email, a war is currently being waged. Spammers use software which circumvents the mechanisms by which the origins of a mail message can be tracked. Someone, obviously, has to write that software, and provide it to the spammer.

    In at least one recent instance, that someone has turned out to be Andrew Brunner, who claims to be president of CyberCreek LLC. Brunner's product, Avalanche Pro, claims both to be a legitimate MTA, and to contain a number of tools for circumventing the security of OTHER MTAs. (hmmm, sounds suspicious).

    The full details, of course, including death threats by Mr. Brunner against Paul Vixie (author of BIND(8), and currently V.P. of Above.net), as well as his impersonation of a federal agent, and prior criminal record, are available on n.a.n-a.e.

    UUNet, who currently host Brunner, is suffering under a load of public humiliation, mostly by the abuse teams of other major ISPs.

    I invite slahsdotters to join in the fray.

    --Brian

  • Governments that have become police states criminalize simple, innocuous actions.

    Spamming is not innocuous, spam costs a lot of money to ISPs.

    This means that virtually everyone is a criminal, and if they don't like you, theyll be able to arrest you and convict you of scads of crimes that you unwittingly comitted.

    It is absurd to assume that virtually everyone is a spammer or that people would "unwittingly" spam.

  • Then you begin to wake up to reality.. the spammer will just go grab another AOL CD and be back on the net in under an hour.

    Just read AOL's page on Junk E-mail [aol.com] and remember that AOL does sue.

  • It's nice to see the government is trying to take action against SPAM by empowering the citizens!

    Please be carefull with your CapsLock key. SPAM is a trademark of Hormel Foods [hormel.com]. They kindly allow the use of "spam" for unsolicited bulk e-mail and excessive multiposting to Usenet.
    Note:The website of Hormel seems to be down at the moment.

  • as with any law, we have to evaluate this on the basis of how it benefits each citizen and how it hurts each citizen. any good law will do none of the latter. while this may be convenient, it does not protect the rights or insure the freedom of anyone, which is the sole function of the government.

    it's a question of whether we choose convenience over our rights to monitor or own email, whether we really want the government regulating yet another form of communications. given the extremely poor record of the FCC in making decisions which benefit citizens, i'd answer a big fat no.

    a medium has a tendancy to be interesting and useful in direct proportion to how little it is regulated by the federal government.
  • Unsolicited Electronic Mail Act of 2000 == UnEMA?

    I can see the ad's now:

    "Had some bad Spam? Try the new UnEMA! Instant relief!"
  • What if someone Bcc:'s you on something? You won't see the email, as you're not in the To: or Cc: lines, and your email client will reject it.

    Procmail is one way to go about doing what you asked for (a client side spam-block). A lot of the programs spammers use have signatures that procmail can catch. But spammers can start to use new programs. Or spammers can start to send email with your email address in the To: field (happens, although rarely, to me)

    An adequate solution (lacking any better solution) is to maintain seperate email addresses for friends, work, mailing lists, and "companies" - whether it be for account information (you bought something) or whatever. Then you can "white-list" the work, friends, and mailing list email addresses, meaning the person sending you email has to be on the approved email sender list - any mail that isn't from an address in your white-list gets bounced or dropped.

    Unfortunately, you can never tell what email account amazon or petstore.com or whomever you do business on the web with is going to send from, so you are still stuck with one email address that can potentially get spam.

    Another solution is to get a domain and set up an individual email address for every company you do business with. So if you never want to get email from microsoft@yourdomain.tld again, just forward it to /dev/null :)
  • Wow... how strange. It matches my domain.
  • The House has provided a handy way to e-mail your representative! While I'm sure it's not secure, it's a good way to give comments back to the people voting on this bill, not just other slashdotters.

    E-MAIL YOUR REP!
    http://www.house.gov/writerep/

  • Spam is more than just a slight annoyance - it makes more damage than you think.
    The way spam affects us is not only by filling our mailbox. The problem is there are so many things we could do on the net we cannot do now because of spam.
    Take usenet for one example. Every kids knows posting in a newsgroup, and putting your true email address, is going to put you in every possible spam-list. Does putting user@yahoo.nospam.com really works? Maybe, yet maybe not ...
    Spam is probably one of the things that makes usenet much less than it could be.

    Then, take email search engines. Suppose there is an old friend of yours from highschool days you wish to write. Wouldn't it be great to go to one of the email search engines and find his email so that you could write him. Well, you probably couldn't find him there. Why? He's not listed, because of spam, ofcorse. If spam was not such a big story, most email addresses would be registered on whowhere and the like.

    I had a hotmail account I opened a long time ago, when it wasn't part of m$ft yet. Spam was not as big problem as it is today, and I carelessly put my email address where I shouldn't.
    Recently, this email address got so many spams (20 a day or more) I had to abandon it, which is probably a good thing (hotmail sucks, you know), but I also had to inform everyone I knew about my new email address ...

    This is not to say the suggested low is a good solution. I don't think making citizens into police is the way to go, but I think making a clear stand against unsolicited email in the law is quite important.
  • I can't help but, although reluctantly, support federal legislation to limit UCE.

    You just need to support a law making it legal to hurt spammers...

    James - me? violent? never...

  • I maintain an anti-spam HOWTO [summersault.com] that discusses some of the general issues of spam policies and prevention; it might be useful for this discussion. (Note that it was originally written for folks who use qmail, but much of it is relevant on a mailer-independent basis.)
  • ...What about spammers outside US jurisdiction? ...

    Oh, you mean reality? Well, a REALLY KLUDGY but working solution is proposed at the Flying Rat Project. As usual, free e-gold for the asking to Slashdotters who want to try it. Just send me an account number. http://www.FlyingRat.org [flyingrat.org] Thanks.
    JMR
  • hear, hear, hear!

    In fact, see Ain't Nobody's Business If You Do [mcwilliams.com] (in fact, all of McWilliams' books are available online for the reading) for a complete summary of the case against precisely this.

    On the other hand, specific privisions against fraud are different from general "thou shalt not email" laws. Fraud is (at least)as bad to free marketeers as to anyone else, if nothing else because it's one thing [they / we]'re often accused of ignoring if not committing.

    timothy
  • Plus the greif of admins. When a student where I work sent out 5,000 spam messages, advertising a company he was running on the side, the university abuse adress (which I am one of the recipients of mail to) was recieveing several spam complaints per day for 4 days...which of course we had to answer and tell these people that the issue was resolved.

    Relax . . . drink perl

  • Brilliant idea!!! Thanks, I'll probably use that. :)
  • Then there's the most annoying problem i faced, which is admins that either don't know how to prevent relaying, or don't care that they are being used as a relay.
    Luckily, I think this is only a temporary problem. Why? The combination of a few factors:
    • Most shipping mail packages include relay protection, many by default, so newly installed servers generally aren't vulnerable.
    • Old machines are constantly being taken out of service, reducing relay supply.
    • Organizations like MAPS [vix.com] and ORBS [orbs.org] put pressure on open relays to close.
    • as the number of open relays decrease, spammers will hit the remaining ones harder and harder.

    Put together, these factors should make it harder and harder to run an open relay and not give a damn. A lame admin may be able to ignore a little stolen bandwidth, but the ever-decreasing number of relays will mean ever-increasing loads on the few that remain.

    In the meantime, it would be nice if more dialup ISPs blocked outgoing access to port 25. I know that Mindspring does it, and I never see spam from them. Unlike, say, PSI or UUNET.
  • Mine does. So you can shut your mouth, now.

    BTW, go ask an ISP if spam is a problem. Nice when you get 80,000 different mails from a spammer with a dictionary.
    --------
    "I already have all the latest software."
  • Just like, use the beer, eh?
  • Check out a sample report [spamcop.net] that SpamCop [spamcop.net] generates!


    .- CitizenC (User Info [slashdot.org])
  • This is true- since the web is so huge an entity, there are always corners that will remain hidden. But if we can get other countries to cooperate (read: extradite), this sounds like it could be remarkable effective. Any US company could probably be held liable regardless of where the spam originates, and this sort of 'distributed enforcement' is about as powerful a tool as we're going to get.
  • Uh- is 'send them to prison' really a useful thing to ask an ISP? O_O Here's my version- as a MacOS clipping so it's just drag and drop, over and over and over and over and over and.... eight times today alone... Please kill this spammer's account. -postmaster@airwindows.com Note that I send the complaint as postmaster >:) I think possibly this might help in borderline cases. I'm not above saying 'we're getting slammed here'. airwindows.com is of course, just me...
  • What? lusers. It's not about _content_! Spam is not about content, it's about mechanism! I totally impartially go after the accounts of MLM and Ponzi scams, porn, and missing children reports. Do you realize how useless your emailbox would become if it was legally filled with the reports and descriptions of all the missing children in the world? O_O
  • SUMMARY AS OF:
    10/20/1999--Introduced.
    Unsolicited Electronic Mail Act of 1999 - Authorizes any person, on his or
    her own behalf or on behalf of his or her children, to file with the Federal
    Communications Commission (FCC) a statement that he or she desires to
    receive no unsolicited commercial electronic mail (e-mail), unsolicited
    pandering (erotically arousing or sexually provocative) e-mail, or both.
    Directs the FCC to: (1) maintain and keep a current list of such filers; and
    (2) make such list available to any person, upon reasonable terms and
    conditions, including a service charge for such list. Prohibits any person
    from initiating the transmission of any unsolicited commercial or pandering
    e-mail to an individual whose name and e-mail address has been on such list
    for more than 30 days. Prohibits any other use of such list.

    Prohibits any person from sending an unsolicited commercial or pandering
    e-mail message unless the message contains a conspicuous reply e-mail
    address to which a recipient may send notice of a desire not to receive
    further messages. Subjects to an FCC order to discontinue any person who
    transmits such a message after such an objection. Directs the FCC, upon
    request, to include in such an order the names and e-mail addresses of any
    children of an objecting recipient.

    Provides a private right of action, or an action by the FCC, against an
    e-mail initiator who violates the above requirements.

    Authorizes an interactive computer service provider to establish and enforce
    policies that are nondiscriminatory on the basis of content regarding
    unsolicited commercial e-mail. Authorizes such provider to decline to
    transmit such messages to subscribers without compensation from the sender.
    Requires a provider to notify the violator of such policy in writing and
    request compliance. Makes subject to the same FCC order as above a violator
    who sends such messages after provider notification. Provides a private
    right of action by a provider, or an action by the FCC, upon an e-mail
    initiator who violates such requirements.

    Requires the FCC to report to Congress on the effectiveness and enforcement
    of this Act.
  • It boils down to using a traditional and effective compensation method (bounty) on an act that infringes on others' rights. What great freedom of yours is being lost?

    Anyone that knows RFC822 knows that any compliant MTA shows where it gets mail from. You have an audit trail of where that mail came from in each and every message. If that is not enough information, you can call the admin of each MTA the offending message went through. There is no need for any kind of government regulation.

    If you don't want spam, get an ISP that uses the RBL.

    If the government starts dictating what can be in email headers, the technical reasons information is placed in those headers can be restricted.

    I would rather deal with some spam and follow RFCs than have a little spam and have goverment regulated RFCs

  • seriously, though, this is definately needed. i think we are all victims of spam, and it's time somehthing is done about it. filter all you want, you can't catch everything. or can you? it would be interesting to know what filters people use and how succesfull they are.

    I have not read the bill or anything, but I think that it sounds like a Bad Idea. We can take care of these problems ourselves. There is no need to have the US government police our networks in this manner.

    I will accept a little spam if I can keep all of my liberty.

    Well, what little liberty I have left ;)
  • I'm pretty gung-ho about private solutions to technical problems. I'm far more confident in my abilities, and those of my technical compatriots, than I am in the ability of our government to enforce a law appropriately.

    So I'm generally a firm believer in my ability to take care of things on my own. ORBS [orbs.org] and The RBL [vix.com] have certainly been shown to be an extremely successful method of filtering out spam. Since I got my mail server set up with MAPS and ORBS, I get about 2 pieces of spam a week. That's pretty managable. (And good, because I'm the kind of guy that gets spam and calls the company to bitch. Total waste of time.)

    However, I don't run an ISP. I worked at one, as all good geeks must, back in '95. Spam wasn't a problem then -- I shutter to think what it must be like these days. Spam is obviously a huge loss to these people, MAPS or no MAPS. Because of the direct financial losses that result from the actions of spammers, I can't help but, although reluctantly, support federal legislation to limit UCE. It seems like the only method of stopping it.

    God help us all...I'm in favor of a law. :)

    -Waldo
  • Now that would be a cool movie I'd pay to see!

    "In the future, when all the worlds electronics are networkd, a 'leet group of govt agents, outfitter with the latest in tracking gear, neat-o flying cars and spiffy firearms quietly hunt down unsolicited bulk email perps and 'terminate' them, usually with lots of fighting and evasive action scenes ending up with an aweful bloody death for the spammer."
  • There're not enough bounty hunter jobs in the world - I'm definately following through on this one. I wonder if one could make a decent living on legitimate bounty hunting and rewards these days?

    Sorry to all pro-freedom/privacy zealots, but I'm willing to try this one before I condem it - I don't see anything being given up with this. You only point the law at the aledged spammers, you aren't judge, jury an executioner.

  • Before you go all postal with visions of 1984 in your head, read the actual text. It's still being modified, but the current version will always be found at http://www.suespammers.org/us [suespammers.org]. There's *nothing* in there about bounties.

    For the record, I don't see how a government-sponsored bounty program could work for spam. The problems aren't in finding good examples of spam -- we all get those every day! The barriers are:

    1. Having good laws (that define spam accurately and give right of action to both the individual and the ISP)
    2. Getting a name and address to which you can serve papers
    3. Collecting after judgement.
    All three of these problems are made much easier to overcome with a strong government mandate. But bounties? I don't see it.

    --Tom Geller, Founder and Administrator, The Suespammers Project (http://www.suespammers.org [suespammers.org])

  • So, to get the bounty--do we need to turn in just the ears, or does the government want to see the whole carcass? It'd be mighty nice if I could keep the pelts to sell on the market.
  • Comment removed based on user account deletion
  • Interesting that the US Congress would be discussing the issue. Here's a copy of some spam that was received by myself and a whole whack of my colleagues just today:

    ------- begin extract -------
    Wed, 17 May 2000 09:34:49 -0400
    Received: from sdeveaux (race203.ienet.com [206.253.15.203])
    by qcars001.nortelnetworks.com with SMTP (MailShield v1.5);
    Wed, 17 May 2000 09:34:39 -0400
    Return-Path:
    From: California Republican Party
    To: "Hanlan, Keith "
    Subject: Greetings from the California Republican Party
    Mime-Version: 1.0
    Content-Type: text/plain; charset="iso-8859-1"
    Date: Wed, 17 May 2000 07:34:36
    X-SMTP-HELO: sdeveaux
    X-SMTP-MAIL-FROM: rapid@cagop.org
    X-SMTP-RCPT-TO: keithh@bnr.ca
    X-SMTP-PEER-INFO: race203.ienet.com [206.253.15.203]
    Greetings from the California Republican Party:

    The California Republican Party would like to invite you to become online activists with our State Party. This is a free activity, as we would like your support to help our federal, state, and local candidates and other Republican activities.

    Please join today by clicking www.cagop.org/rapid now.

    ++++++++++++++++++++++++++++++++++++++++

    We apologize if you have received this email in error. If you do not wish to receive this email in the future, just delete this email. Thank you.
    -------- end extract --------

    Apart from not having a clue, they seem to have confused .ca and .ca.us domains - talk about compounding stupidity!
  • That "handful" of people is ever-growing, and I will say, *damn* few telemarketers call me back after I say "TCPA" and tell them to put me on a do-not-call list.

    Do I sue? No, I'm too busy. But I'm on a mailing list *full* of people who sue, and win. One of them has a respectable income going here; I know people who work full time and don't get as much money as he does, just suing junk faxers.

    http://www.junkfaxes.org/

    Read it, learn the magic words, sue the bastards.
  • I rember reading a few weeks back that either Norway or Sweden has just passed a law that makes spamming legal.

    Not norway! It was sweden! :) Don't blame US for those stupid swedes. ;)

    Oh, and the swedish parliament is really having a tough time nowadays. People are subscribing them to all sorts of mailinglist, sending 'unsubscribe' messages to different spam-lists for them, and doing them all sorts of favors. :) Not to mention all the mailbombs sent their way.

    In short, I think the swedish parliament will remove that "its ok to spam" paragraph pretty damn soon. :)

    (oh, and if you want to help bomb them from here, to h*** and back, look up the swedish parliament, find some email addresses and .. well, you know what to do :)


    --
    "Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
  • Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?

    Perhaps you're unaware of this, but the IRS has a number you can call to turn in people who cheat on their taxes. I know they used to, (but am not sure if they continue to) pay a portion of monies recovered to the person who turned the cheat it.

    Mind you, YOUR records better be pristine if you turn someone in, 'cause they're gonna audit you as well operating on the theory that if you hang out with Tax Cheats you might well be one as well.

    But a Bounty is hardly a new concept for the US government.
  • There's very little spam out there that doesn't involve someone trying to make money. If they're going to make money, they need some route for receiving money. That route is traceable.

    Most people don't want to take the time, though.
  • How do you want them? Dead or Alive?
  • And what would happen to those innocent souls that do not even know that spam is being sent from their addresses? I mean, how can you distinguish right from wrong and innocent people from guilty, if there is virtually no way to prove that the spam is coming from a particular source, unless you actually seize a computer and manage to dig something useful out of it?
    (I certainly hope placing bounties will not give more rights to certain agencies to dig through peoples mailboxes in search of evidence).
    -----------------------------------------
    ------- ------------------------------------------
  • Did you read it? That paragraph was talking about other legislation. Later:

    CAUCE vigorously supports HR 3113...

    I only said that CAUCE likes it. I said nothing of the decenting opinions of other parties.

    --

  • This is totally different than the WAVE situation you mention. In that case kids were being encouraged to turn in others who exibited weird behavior, not who committed actual crimes. In this case, if we do get a law against spamming, then these people would be encouraged others who are breaking the law. Totally different.
    • We can take care of these problems ourselves. There is no need to have the US government police our networks in this manner.
    It's easy to get carried away in this kind of regulation indeed, but consider things for a moment. What about only banning forged email? Don't I atleast have the right to contact who is spamming me? Outlawing the worst-case SPAM cases isn't going to cost you very much liberty.

    The idea behind freedom and liberty is doing what you want, so long as it doesn't hurt others. Email SPAM, like the now illegal FAX SPAM, does cost the collectors money. It's only fair that those damages be collected on, and it might be a good idea to encourage the process by offering a reward.

    It boils down to using a traditional and effective compensation method (bounty) on an act that infringes on others' rights. What great freedom of yours is being lost?

  • Rats, there goes my Star Wars idea and my karma bonus.. :)

    I was thinking rather of posters with Boba Fett on them, pointing his arm rocket pack toward the viewer...

    "Now you too can be a bounty hunter"...

    Oh well, At least I have something:
    Darth Vader is now Canadian... :)
  • SpamCop [spamcop.net] does a wonderful job of helping eliminate spam -- you just paste the headers and full body of any spam you recieve, and it chews through it, and reports the spam to the account's admin! It's VERY VERY cool! And free too.. check it out guys =)


    .- CitizenC (User Info [slashdot.org])
  • i could get bizness cards that say spam bounty hunter.... this would be a nice way to make extra $, but i think some people would abuse it.
  • why couldn't it have been HR 31337?

    seriously. How many other people saw 3113 and tried to read it. It took me a few seconds to realize that it was just a number and not some cryptic reference to a fashion magazine.
  • Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?

    I'd rather not have our government(s) regulating our e-mail. It'll just feed into their whole "we need more resources to fight cyber-crime" thing. I personally would really like to avoid handing any more of the Internet over to them if possible.

    I have serious doubts about the benefits too. No legal solution will ever stop spam as well as a technological solution. At best it will reduce spam but it will never stop it. A technological solution on the other hand could stop automated spamming very easily. Unfortunately users and ISP's would have to make changes on the client and server side to allow for protection from automated spamming--and as far as I can tell no one is really interested in doing the work.

    Users should be able to maintain a whitelist/blacklist for e-mail at their ISP. Blacklisted stuff should go to /dev/null, whitelisted stuff should pass through unhindered. Everything else should be returned with instructions on how to get to through the filter--nothing complex, maybe including a keyword or something like that. Just something the an automated mailer can't get around. It would be important that the white/blacklists could be easily maintained from the client.

    numb

    PS: Never invite a vampire into your home.
  • This guy has a good point.

    Governments that have become police states criminalize simple, innocuous actions. This means that virtually everyone is a criminal, and if they don't like you, theyll be able to arrest you and convict you of scads of crimes that you unwittingly comitted.
  • Methinks you need a bit of spam-education.

    In tracing spam, the "from" and "reply-to" addresses are essentially ignored. Thus, that risk is bypassed.

    When people have their accounts cracked, their ISP admins will go poking through their logs anyway, so that bit of privacy invasion was already present.

    As someone who's helped newbies survive an ISPjacking, I can tell you that many help desks will let them off with a warning once. Once. If anything, the experience teaches them proper security practices. Nobody I know has ever been penalized too heavily for stupidity.

    --
  • A bunch of Shimomuras looking for spammers. Now that's what you call worthwhile.
  • You obviously don't run systems with more than
    a couple of thousand users.

    Sure its only a 2k email....however when you
    multiply it by 10,000 users, that "one little
    mail" will take up 10 MB of space...not much by
    todays standards....but given that it is not
    unheard of for an individual on spam lists to
    get several spams per day....it adds up quick.

    Plus the greif of admins. When a student where
    I work sent out 5,000 spam messages, advertising
    a company he was running on the side, the
    university abuse adress (which I am one of the
    recipients of mail to) was recieveing several
    spam complaints per day for 4 days...which of
    course we had to answer and tell these people that
    the issue was resolved.

    Forget about user quotas (which are finite, as is
    the very nature of quota) and what happens when a
    user runs out of quota...I am sure they would
    rather the last 2k of their quota going to a
    message from their friends than some spam
    advertising some "get rich quick" shceme.

    (yes, our users have quota. I know that some
    people are amazed by this - like say the people
    who wrote pine - but its true)
  • I have to agree here. We have too many good
    examples of this sort of thing NOT working.

    Take paid informants. There was an incident in
    Florida where a paid informant informed police
    that a certain house was a drug house. The truth
    turned out to be that it was nothing more than the
    residence of an old couple. That fact wasn't found
    out until police showed up in full storm trooper
    gear and killed an innocent old man. Need I
    mention that no "drugs" were found in the house?

    I think this is an issue that is best dealt with
    on the ISP level. Give ISPs the ability to sue
    spammers who use their machines to relay spam.
    That should help..

    Beyond that....Laws can't really stop the problem.
    Spammers will just spam from acounts in other
    countries where the laws are les strict.

    -Steve
  • You assert that direct(junk) mail and telemarketing are not viable, and yet they exist. Paradox? Non!

    The key is response rates- telemarketing is expensive indeed, but successful sells are comparatively common. Direct mail less so, but it is much less expensive (they use bulk rate and metered pre-sorted rate postage so it's actually less than 32 cents/item).

    Spam OTOH might have insanely low response rates but it quite cheap, so it still works. This is why marketers get so juiced up over the idea of targeted opt-in mailing lists. These have lower costs than direct mail, but potentially with the response rates of phone jockeys.

    And yes, it's terribly trivial. Wait until they start broadcasting custom digital TV and the ads you see on Friends are targeted just for your household. We've only seen the first 1% of the bleeding edge of truly personalized marketing. In 20 years' time we'll look back and long for the days of simple spam.

    -cwk.

  • 4 minutes to post it. Clearly the Force is strong today

  • Vote Boba Fett for Spam Bounty Hunter General!
  • Comment removed based on user account deletion
  • I wonder if we could gain some dollars by turning in some /. spammers. Lord knows we have our share.

    ASCI art $ 100
    Trollmastah $1,000
    Hot Grits $10,000
    First Post $100,000

    We could all be rich.

  • The law does lump people who break the law into the overarching category of "lawbreakers"; however, it certainly divides that up into felonies and misdemeanors, and further divides up the felonies into different classes. There is also tort law and the whole idea of liabilities. I think that civil justice can be much more painful to spammers than whatever criminal penalties would be assessed (they would be very light since the crime not inherently harmful). If automatic class action suits could be filed so that every person who receives a piece of spam from a spammer is owed $.05, I think the world would be a much better place. Not to mention that anyone with accounts on AOL, Hotmail, or Yahoo mail would have an wonderful new revenue stream.

    I don't think there is anything wrong with having bounties for people who catch criminals, at any level of crime. It has been shown time and time again that what prevents crime is strict enforcement rather than harsh penalties. No criminal does his crime if he thinks he is going to be caught. If we have a problem with it being a crime we should decrimininalize it rather than being hypocritical and not seriously enforcing it.

    Encouraging every citizen to be on the look out for crimes in progress merely amplifies everyone's civil duty and reduces the price of hiring more law officers. The only problems to be avoided are people potentially being "framed" and so forth, but that is already a problem today. That is what insurance fraud investigation is about.

  • Lorenzo Lamas and Brandscombe Richmond star in their most demanding Renegade rolls ever as Reno '31337' Black and Bobby 'w00t' Sixkiller in a smart new action thriller on UPN!!
  • Sarcastic rant time: Of course Congress believes in free speech. Here in the good old USA you can say ANYTHING you want. Unless of course it is offensive, costs somebody money, embarrasses someone or is politically incorrect. But everything else is completely legal.
  • I have some serious reservation about this. Paying citizens to tattle on each other is serious business. In fact, it's been an early step in many totalitation regimes such as Hitler's (for turning in "disloyal" citizens, not sleazy marketing types though).

    How would we react if citizens were rewarded for reporting other crimes? There's a $100 fine for littering, would it bother anybody if I got half if I turned litterers in?

    (For once) I think that the lawmakers are genuinely trying to do a Good Thing, but the indirect consequences could be bad.


    ---
    Dammit, my mom is not a Karma whore!

  • Illegal spammers? Would that include the NASDAQ-trading, inernet economy-sustaining, politically donating companies that opt you in no matter what you say and opt you out only when somebody sells them a list of recently deceased people whose families might be interested in discounts on funeral arrangements? Nah, that's as legal as it gets, isn't it. After all, millions mean respectability and with spam as with everything else in this world, whoever's got the money got the (il)legal ride.

    At least with small-time spammers, you can have their ISP shut the account down. Now try doing the same when the spammer is an A-list client on Exodus.

  • Quoth the poster:
    (1) There is a right of free speech on the Internet.

    I'm so happy Congress found it, I thought it was lost before.

    Hmmm. DMCA. UCITA. PTO... I think there's evidence that the First Amendment had gone missing for awhile. I know it's irksome that Congress feels the need to assert the existence of a right guaranteed in the Constitution, but... but, it's nice to have this formal and in print.

  • Receiving a reward for turning in a criminal is not bounty hunting. Unlike these guys [bounty-hunter.org], you are not taking the law into your own hands if you use the legal system to pursue a spammer. All they are proposing is that you receive a reward for doing so.

    This is completely different from the WAVE program where kids report their peers just for being weird, and not for commiting any crime.

  • "What about spammers outside US jurisdiction?"

    I rember reading a few weeks back that either Norway or Sweden has just passed a law that makes spamming legal.

    Does anyone have any more details?
  • by cabbey ( 8697 ) on Wednesday May 17, 2000 @02:24PM (#1065533) Homepage
    belgin and timothy are not alone in the fear of where this might lead, that's for sure... I hate spammers with a passion, but I'm not sure if I really want to start down the road this could take.

    Anyway, I much perfer Julian's [julianhaight.com] philosophy over at spamcop.net [spamcop.net]: "Protecting the internet community through technology, not legislation." If you're sick of spam and want a way to slap those responsible, then join up (or don't, there is a free service as well) and parse all your spamage. But please read the intro and the FAQ, we need to preserve the image that spamcop has in the minds of the abuse desks; it's only a tool being put in your hands, YOU are responsible for what you use it for.

    and besides, an address like cabbey@spamcop.net, is bound to make a would be spammer queasy.... (note: happy spamcop user, not an admin.)
  • by Stiletto ( 12066 ) on Wednesday May 17, 2000 @04:27PM (#1065534)
    Not really.

    I find that most non-techies are quite annoyed with spam, but they sweep it under the rug since they don't know what else to do. I took about 10 minutes to show my friend how to look at the headers, find what is most likely the mail's original domain, and email abuse@, he now has something he can do about it.

    Trust me, it feels good to get that message back from their ISP, informing you that they canceled the spammer's account.
  • by Longing ( 23218 ) on Wednesday May 17, 2000 @03:08PM (#1065535) Homepage
    All spam has some sort of contact information in it, right? Either a phone number to call, or an address to send money to, or a (p0rn) url to go to. Easy way to track down the perp and sue them for lots of money!

    Let's pretend I'm p0rn site www.slashporn.net and www.slashporn.com is getting more business than me... I'll just put them out of business - send a few hundred thousand emails stating "Visit slashporn.com! p0rn for nerds!"

    Soon enough, slashporn.com gets sued for hundreds of thousands of dollars and is out of business. My business goes up and life is peachy.

    Wonderful.

    Of course, this ties in to DDoS - how do you track down the spammers if they're spoofing their return address? The current state of the internet makes this difficult if not impossible (if done well). Yes, I know there are differences between spoofed IP packets and spoofed SMTP headers, but there are similarities as well.
  • by Dr. Sp0ng ( 24354 ) <{moc.liamg} {ta} {gnopsm}> on Wednesday May 17, 2000 @02:06PM (#1065536) Homepage
    This is a tough call - on one hand, I'd love to see spammers get bitchslapped, but on the other hand I hate to see the government (or anybody else) do stuff like this. Remember the big uproar that was caused by that group in North Carolina (I think, I could be completely wrong) that was paying kids to turn in potentially dangerous kids? Same basic idea goes here - it's just not the right way to handle things.

    I know that this is a completely different situation, but the same basic idea applies.

    Ahh... fuck it, dude. Let's go bowling.
    --
  • I worked at a medium sized isp for a little over a year. While I was there, i was one of the main spam contacts (ie, i got the mail that went to "abuse@" ). In general, it was easy to nail spammers. Trace the headers, send a complaint to the isp/admin on the other side. If a spammer came from uunet or psi, then it was usually a guaranteed kill. However, spammers are getting smarter, and recently i've been noticing more and more spam being relayed through boxes not in the US. This poses several problems, the main being that the rest of the world is under no obligation to follow the laws of the US. Also, there is the language barrier. Alot of uce seems to originate from asia, and i'm not sure that firing off an email in ascii characters would make much of a difference to someone who reads kanji .

    Then there's the most annoying problem i faced, which is admins that either don't know how to prevent relaying, or don't care that they are being used as a relay. I recently was notified by a friend of mine that he got spammed through a mail server owned by a major canadian isp. Not only was the server an open relay, but it's sendmail configuration was so fucked that it didn't even log the originating ip address in the mail headers (IOW, it trusted whatever HELO said). TO make matters worse, the admin of the box was contacted about this, and has done nothing. I think the only way to prevent spam is to educate admins about relay-proofing their mail servers.No open relays, no spammers. Then the US could put a decent amount of money into public education instead of making bounties to catch these bastards.

    Just my $2^-2 worth.
  • by weave ( 48069 ) on Thursday May 18, 2000 @02:32AM (#1065538) Journal
    If you read the bill, there are troubling points in it including:

    • RETURN ADDRESSES REQUIRED (No forging)
    • TRANSMISSIONS AFTER OBJECTION (Must remove from list if asked)

    There's a business opportunity here. Open a spamhausen ISP, make it OK in your TOS to spam, just require your clients to use a valid return address and honor a remove list.

    Most spam I get always says "No need to be removed, this is a one-time mailing, your name is already deleted." So joy, each time I want to send out a new SPAM I just create a new account with that ISP, spam away.

    An Opt-Out law is worse than no law at all

    Opt-in (or "permission-based marketing") is the way to do it. Opt-out will always just be spam and this bill makes that legal.

    I can see my spam now. "This message can not be considered SPAM under HR 3113 as long as we provide a valid return address and a way for you to be removed from our lists.

  • by AME ( 49105 ) on Wednesday May 17, 2000 @02:44PM (#1065539) Homepage
    A quick look at the cauce [cauce.org] response [cauce.org] indicates that they are all for it and why.

    In general, I support cauce and their put-the-power-in-the-hands-of-the-people-not-the-g overnment philosophy. So if cauce likes it then it's probably a pretty good idea. If you hate UCE then consider joining cauce. They do lobby legislature and the quantity of their members adds to their political ability.

    --

  • by Bouncings ( 55215 ) <.moc.redniknek. .ta. .nek.> on Wednesday May 17, 2000 @02:07PM (#1065540) Homepage
    There are some conflicts of interest and problems with this otherwise good idea:
    • What about spammers outside US jurisdiction? They often can't be collected from, so who pays the spam-hunter bounty? The US tax payer? I'm paying for SPAM enough as it is in my ISP bill.
    • If spammers can't be collected from, a bounty hunter could hire them to spam and give them evidence of it, and split the bounty, again picked up on by the tax payers.
    Personally, seeing spammers being hosed is reason enough for me to fight them. :-)
  • by Jim Tyre ( 100017 ) on Wednesday May 17, 2000 @02:40PM (#1065541) Homepage
    With the Microsoft "precedent" in hand, you should be more careful in choosing your titles.

    Hormel, which holds the trademark [uspto.gov] on spam, might sue you for infringement. ;-)

  • by Jim Tyre ( 100017 ) on Wednesday May 17, 2000 @03:36PM (#1065542) Homepage
    The Bill provides:
    (8) UNSOLICITED PANDERING ELECTRONIC MAIL MESSAGE- The term `unsolicited pandering electronic mail message' means any electronic mail message which the recipient, in his or her sole discretion, believes to be erotically arousing or sexually provocative that is sent to a recipient with whom the initiator does not have an existing consensual relationship or has been sent by the initiator without the express consent of the recipient.

    So what if, unsolicited, I send a scholarly dissertation on the evolution of the sea slug to Roblimo, but unbeknownst to me, it gets him all hot? (You just never know with Roblimo.)

    Am I screwed?

  • by zaius ( 147422 ) <jeff@@@zaius...dyndns...org> on Wednesday May 17, 2000 @02:12PM (#1065543)
    What exactly do you have to do to get the bounty money? Do you have to find the person's real IP address, or their name, or phone number, or physical address or what? It seems to me that in order to find any physical contact info, you would either have to be extremely lucky, or you would have to do something illegal to get it...

    Also, I also think that it might be remarkably easy to frame somebody, and then collect the bounty for finding them. Unless some law enforcement agency checks your findings, thuroughly.

    -- zaius --

  • by Accipiter ( 8228 ) on Wednesday May 17, 2000 @02:08PM (#1065544)
    See, the typical spammer response to general complaints is "But 94% of internet users WANT to receive junk E-Mail!" Now, this excuse won't work anymore.

    User@domain.com receives spam.

    User complains to ISP about spam.

    User takes approproiate action against spammer.

    Spammer cries "But people WANT spam!"

    BZZZZT! That's where the excuse dies. If users want spam, there wouldn't be such an outrage against it. Now when this little law goes into effect, and people see the percentages of internet users complaining about spam, Spammers will have to come up with another excuse.

    Then in turn, tougher rules will be enacted. This seems like a Good Thing to me. Here's hoping Internet Spam goes the way of Fax Spam.

    -- Give him Head? Be a Beacon?

  • by orpheus ( 14534 ) on Wednesday May 17, 2000 @03:25PM (#1065545)
    >>> rush to see how many SPAM lists you can get Therein lies one danger of this plan.

    Other have addressed some of the reasons why this is hardly the panacea it seems at first glance. I just want to note that whenever a law is passed to control an 'out of control' practice, the public's resistance to that practice diminishes.

    Even the most inept telephone telemarketer has a few stories of conversions: people who start off following the "Put me on your No-Call list" script of DMA-supported so-called 'consumer' groups, but end up as buyers. The secret is that the longer you talk, the more likely you are to buy. Most people who follow a No-Call script would have hung up point-blank before. The 'don't call' script offers a tiny foot in the door of otherwise definite no-gos. The Telemarketers have scripts of their own to capitalize on this.

    Why do you think Publisher's Clearinghouse makes you fiddle with so many stickers to complete one of their sweepstakes stickers? So the visions of payoff, and other irrational notions can dance in your head. Even after you hang up after your Don't-Call spiel, don't you secretly wish they call back, so you can nail them in small claims. Only a tiny handful of people have ever successfully sued (not enough to pay for a single DMA trade seminar luncheon) while telemarketers do many successful conversions every hour, in every state.

    And now we dangle the 'bounty' of a potential windfall, albeit a modest one, in front of every newbie, casual user, and kid?

    Less spam will get filtered and discarded unread and more spam will be scrutinized for 'illegal' elements that qualify it for the bounty. People will be less cautious about prtecting their e-mail, because it's a potential pay-off as well as an annoyance, and because watching your privacy is hard work, and humans will seek any rationalization to avoid such a tedious and thankless task. "Spam is illegal" is just such an excuse

    Publishers Clearing House would love this! PCH spends several times as much on its interactive sticker-laden mailings than it does on the grand prize - and made decades of tidy profit on this marketing model. They are proof of concept.

    Salesmen - especially shady ones - are cynical masters of psychology, unlike engineers.

    I'll close with a general warning tht you should keep in mind for the next year of so:We are at a critical time when private data is still largely unregulated in the US, and is not as tightly regulated as it will be, even in Europe. They can gather and share information now that they may never be allowed to gather again.
    _____________

  • by Chairboy ( 88841 ) on Wednesday May 17, 2000 @02:22PM (#1065546) Homepage
    I could see it now, cruising around newsgroups and SMTP servers looking for spam with my Boba Fett outfit on. People could contact bounty hunters and offer added incentives for giving the personal data of the spammer to them first before passing it along to the government.

    Spammed person: (getting ready to freeze the offending account and dispose of the spammer)

    Me: He's no good to me dead.

    Spammed person: (pausing) Don't worry, you will be properly compensated.

    Spammer: (screaming as the torture began) Aaaaaaaarrrggh! They didn't opt out, they didn't opt-AAAAAAAAAAAAHH! NO! Not my e-mail finger-GNNNAARGH!

    I like it.
  • by Jim Tyre ( 100017 ) on Wednesday May 17, 2000 @02:50PM (#1065547) Homepage
    The actual Bill provides, among other things:

    (a) FINDINGS- The Congress finds that:

    (1) There is a right of free speech on the Internet.

    I'm so happy Congress found it, I thought it was lost before.

  • by Rei ( 128717 ) on Wednesday May 17, 2000 @02:03PM (#1065548) Homepage
    Aww, why couldn't it have been HR 31337? That would have been so much more fitting ;)

    - Rei
  • Spam and junk mail, at the first look, seem very similar. In fact, they are quite different. Those of you geeks who bother to leave the house (myself included) know that you need a stamp to send snail-mail. Stamps, as you know, are not cheap. What is it now, 34 cents? I can't keep track. (I just don't leave the house enough, that's my problem.) To send an e-mail? With an unlimited internet access plan, nothing, really. On bandwidth rated connections it could end up costing you a pretty penny if you were really high volume. Notwithstanding, spam is, on the whole, free to send; junk mail isn't.

    This presents quite a conundrum. In the "real" world, junk mail isn't free to send, so there's less of it. Telemarketing isn't viable, either, because you need to pay people. Spam, on the other hand, can be efficiently run on an old computer with a 56K, or 33.6K (if you're patient) modem. What is there to do?

    Well, nothing good. Government regulation (as in USA government) of anything on the internet is just wrong -- the internet belongs to no one, at this point. If the government wanted to regulate it, it shouldn't have ever left our borders; not so quickly, at least. It's too late for wide-scale regulation -- it'd be trivial and stupid. Trivial because anyone can route through some foreign server and stupid because it's no one's place to go around making regulations.

    As mentioned previously, I think the best solutions are private. Set up some filtering software. Or, god forbid, delete the crap. If you're on a per-bandwidth payment schedule...sorry. It's what you have to deal with. The whole point of freedom is that anyone, not just geeks, can do what they want. If what they want to do is sell printer toner then by all means, sell away.

    As a side note, doesn't this all seem a bit trivial to anyone?



    Mikey G.
  • by gilroy ( 155262 ) on Wednesday May 17, 2000 @04:17PM (#1065550) Homepage Journal
    Quoth the poster:
    Same basic idea goes here - it's just not the right way to handle things.
    I disagree ... this is not the same basic idea. In the WAVE thing, kids were paid to inform. Here, Congress is defining the right of a private citizen to recover damages incurred by a violator of civil law. Read carefully ... it is not all spam, only those that falsify origins or defraud the recipient.

    The issue is, spam costs time and money. Unlike even junk mail, the sender suffers effectively no cost, but the recipient does. It's annoying enough when this is "legitimate" but it's maddening when the message is fraudulent.

    Despite the wonderful Wild West connotations of "bounty", this isn't a bounty ... it's not a reward, it's a right to recover damages.

  • by DgtlGhost ( 155814 ) on Wednesday May 17, 2000 @02:05PM (#1065551)
    The rush to see how many SPAM lists you can get on so as to track the origin of the msg, just to turn them in. Undercover SPAM cops! Oooo, I think I see a new Fox Show for next fall, following the special, When SPAMmers attack!
    Is it just me or does this sound damned hard to work out details for?

    -Earthman

  • Ummm.....If there are viable private solutions to this scourge, then why haven't we seen them already?
    There are viable private solutions to spam. See the Mail Abuse Prevention System [vix.com]. Using MAPS's lists to filter your incoming mail will significantly reduce the amount of spam you receive. No, it will not eliminate all spam -- but neither does any "solution" to a social problem entirely eliminate that problem. (Certainly law is not a perfect solution to problems -- otherwise, why do we still have murder, theft, and copyright violation?)

    (One of the great things about MAPS is that the more participants, the better it gets. If you use MAPS to filter your mail, then report spam you receive back to MAPS appropriately, you will be helping to improve the service -- thus reducing your future spam intake and everyone else's.)

    I am not sure if a private solution would work in this situation because of the "free speech" arguements and also of the multi-juristdictional nature of the problem.
    It's funny you should mention those -- because those are, in fact, two problems with law-based solutions which do not affect private solutions.

    "Freedom of speech", as protected by the U.N. Declaration of Human Rights and the U.S. Constitution (among others), is more accurately described as the freedom to use your own resources, including your voice and your property, to speak your mind. It does not justify your use of other people's property to speak your mind. That, however, is what spammers do -- they use my mail server, without my permission, to spam me, my users, and others. In the civilized world we call that "theft of services" -- just as if I owned a printing press and you crept in by night and used my press to print up your leaflets.

    The legal trouble, then, lies in defining "permission". Some would argue (and have argued) that by connecting a mail server to the Internet you are implicitly granting everyone permission to use it as much as they want, for whatever purpose they want -- including spamming. The opposite extreme is to hold that only explicitly solicited mail is granted permission -- which would rule out a lot of perfectly legitimate mail. Both of these are IMHO ridiculous extremes. A legal attempt to stop spam, however, must deal with these issues in defining spam. Veer to far towards the first position, and you violate property rights; veer too far towards the second, and you violate freedom of speech. A private attempt to stop spam can define permission extensionally -- i.e. by example. This is exactly what cooperative, voluntary systems like MAPS's lists do. The lists are made up of addresses associated with actual pieces of spam received and reported by participants.

    You also mention the "multi-jurisdictional nature of the problem". This, too, is a problem solely for legal attempts to stop spam, and not private ones. Private cooperation among ISPs and among users may easily ignore governmental borders -- indeed, it already does. MAPS participants come from all corners of the globe.

    For all those anti-government folks, I am surprised to see that a creation of a civilian anti-spam force is so distrubing to you.
    What's so "anti-government" about bounty-hunters and more laws? That's about as "anti-government" as any other case of stool-pigeonry.

    As a Libertarian [lp.org], I object to government meddling in private affairs. I also object to crime (i.e. the violation of people's rights), and I consider spamming to be criminal, regardless of whether or not government thinks it is. Spamming is a violation of the property rights of those spammed, and of the owners of mail servers that relay and store the spam. I support people taking private action to protect themselves from crime, insofar as they feel the need to do so, and can do so without violating others' rights in the process -- and that is exactly what MAPS and similar systems do.

    If you are emotionally dependent on government to protect your rights -- in other words, if you are unwilling to protect them yourself -- what rights do you really have?

  • by geekpress ( 171549 ) on Wednesday May 17, 2000 @02:23PM (#1065553) Homepage
    The ./ summary hints at some potentially scary future as a result of the precedent set by this bill. Well, we already have worse incentive programs. Thanks to DARE, kids turn in their parents for smoking pot. Compared to that, the precedent set by hunting down spammers seems pretty benign.

    Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?

    Well, we should be suspicious if it is only A Bad Thing and not An Evil Thing. SPAM is a pain, but it's just not on the same level as rape or murder. There is a real difference between giving someone an incentive to turn in their rapist neighbor vs their spamming neighbor. The law ought to see a difference between the magnitude of those two acts, rather than lumping them together as "lawbreakers."

    Then again, if they'll let me hunt them spammers with my shotgun in hand, to hell with the precedents! :-)

    -- Diana Hsieh

This restaurant was advertising breakfast any time. So I ordered french toast in the renaissance. - Steven Wright, comedian

Working...