H.R. 3113: Spam Bounty Hunters Wanted 180
belgin writes: "According to this ZDNet article, the U.S. House Commerce Committee is considering a law that places a bounty on illegal spammers. These bounties would be paid to ISPs and individuals who track down and turn in spammers. Specific types of spam mentioned by the article include fraudulent spam and spam that attempts to falsify its origin. Fun to think about if you've landed on one too many spam lists, but a little scary in 'leads to ...' department." The bill, called H.R. 3113, or the Unsolicited Electronic Mail Act of 2000, would impose Federal law in the form of what seem to be common-sense restrictions on electronic junk. But belgin is right -- what consequences might laws like this have that we don't want to trade for, even in spam? Would private solutions be better in the long term?[updated 18th May 2000 13:45GMT by timothy] Not to be confused with last year's H.R. 3113.
Yea, for about 2 seconds (Score:1)
Re:I can see it now... (Score:1)
We can't tell if the same telemarketer calls back with a different pitch. I worked for DialAmerica briefly, and people in the same room might be calling for 10-20 organizations.
Your first link (and the lawsuits you discuss) were for junk faxes . That law is 9 years old (per the site), and yes, people are having success suing -- but only because the problem is still there!
Your second link is a non-government filter list for spammer-friendly nodes, primarily useful to ISPs. Filtering is the type of self-help the poster above you says is one of the spammers big fears. The DMA supports HR 3113, after all -- isn't that a little fishy?
Re:How do you "win" the bounty? (Score:1)
Hijack someone's IP address.
Send out spam
Turn them in for the bounty
Going to court... (Score:1)
Government means well, but should leave 'net alone (Score:1)
It's going to suck. It's going to suck badly.
Hmm, anyone up for a "Keep your laws off my internet" geek campaign? Lemme know - my email address is real.
--
MAKE MONEY FA$$T! (Score:1)
Reply-To: <tr0ll@hotgr1t$.org>
YOU too can be RICH hunting spammers!!!
Find about the new HR 3113 bill from Congress!!
Now YOU can make the Internet a BETTER place!!
Every day millions of 'spam' and UCE messages are sent through the Information Superhighway by unscrupulous cybermarketers. You have received several tens of them a day.
But the new HR 3113 bill allows normal users like YOU and me to claim a bounty for every 'spammer' tracked and denounced.
Until now 'spam' tracking was a black art known only by computer 'hackers'.
But NOW YOU can HUNT and FIND them!!!!
MAKE MONEY FAST AND EASY with my SPAMHUNTER COURSE CD-ROM (TM)!!!
SPAMHUNTER COURSE CD-ROM(TM) allow easy tracking. You will know how to use our secret HACKER tools like WHOIS and TRACEROUTE to find the lair of this scum. Then you can claim your bounty at your local police station.
Click HERE [geocities.com] to profit the LAUNCH OFFER to get the SPAMHUNTER COURSE CD-ROM(TM) for only $39.95!!!
(You are receiving this message because you once asked to be removed from a spam address list, you idiot. If you want to be removed from our list, you can't. We are based off-shore for this law to stop us.)
__
Spam hunting privateers wanted (Score:1)
__
Privacy concerns? (Score:1)
There are several things that make real spam easily identifiable:
1. Fishing. They always want me to buy or send something. I've gotten spam that's non-commercial, but it's very very rare.
2. Forgery. Forged headers are practically a defining characteristic. Again, I've gotten spam with non-forged headers, but rarely.
3. Fraud. Just about every one I get is MAKE.MONEY.FAST in a new form, or else it's selling black-market herbs/medicines/whatever.
The biggest problem I have with HR 3113 is that by saying "this spam is bad" it's implicitly saying "this other spam is good."
The real problem, of course, is that SMTP is largely unauthenticated. What's needed is a "secure-net" of SMTP servers that do things like verify the forward and reverse lookups on the address of a sending host, strip out bogus Received headers, and so on. Basically eliminating the trust that allows spammers to get away with their nasty tricks. Sucks, I know, but these days paranoia is the rule rather than the exception (see the Slashdot DDoS discussion for plenty more on that subject).
Would it violate the relevant RFCs for an ISP to set up an SMTP server to strip Received headers on messages coming from its dialup pool? That'd take care of about 90% of the spam right there -- they can run, but they can't cover their tracks. If stripping wouldn't be allowed, maybe there could be an additional header somewhere, an X-header containing the first "known-good" Received line, and that would always be stripped if a message comes from the ISP's subnet(s) with it already present unless other arrangements have been made with the customer.
To those who say it would be too much effort to coordinate, I say open relay used to be the default and now it's fairly rare on servers that have been up for any length of time. This could be accomplished by peer pressure if the major sites jump on it.
Re:Why not Postal Spam? (Score:1)
It may be that I don't know what I'm talking about, but the government seems to be doing more about E-Mail spam than Snail Mail Spam. Not to mention deleting E-Mail spam is easier than deleting Snail Mail Spam. Doesn't make much sense to me.
Many people don't realize it, but the USPS has confirmed that the rates companies pay on snail spam actually subsidize part of the cost of first-class mail. Translation: if companies quit sending it, your mail rates would go up.
I pay half my bills online these days anyway, but there it is.
Besides that you can recycle snail spam as firelighters :)
Can you say TROLL??? (Score:1)
http://thomas.loc.gov/cgi-bin/bdquery/z?d106:h.r.0 3113:
That's the 106th Congress, not the 105th.
Please send me my bounty.... (Score:1)
Everyone should learn how to trace mail headers, and complain about *every* spam they receive.
From Brian Willcott Wed May 17 14:00:36 2000
X-Apparently-To:
pdrap@yahoo.com via mdd103.yahoomail.com
Received:
from jewnix.org (208.44.130.245) by mta118.mail.yahoo.com with SMTP; 18 May 2000 02:13:51 -0000
Received:
from localhost (ids@localhost) by jewnix.org (8.9.3/8.9.3) with ESMTP id QAA18927; Wed, 17 May 2000 16:00:36
-0500
Date:
Wed, 17 May 2000 16:00:36 -0500 (CDT)
From:
Brian Willcott | Block address
To:
Patrick Draper
CC:
ops@knetconnect.net
Subject:
Re: Fwd: RE: Have you submitted this?
In-Reply-To:
Message-ID:
MIME-Version:
1.0
Content-Type:
TEXT/PLAIN; charset=US-ASCII
Content-Length:
2930
All apologies for this action. The user's account was terminated.
Sorry for any inconvience caused.
Sincerly,
Brian
brw@knetconnect.net
On Wed, 17 May 2000, Patrick Draper wrote:
> Your customer is a dirty spammer. Terminate their accounts and send
> them to prison.
>
> --- alfred_dominic@IPMailStop.com wrote:
> > From nei_zuer_xusta@ip-email.com Wed May 17 19:36:04 2000
> > X-Apparently-To: pdrap@yahoo.com via web127.yahoomail.com
> > Return-Path:
> > X-YahooFilteredBulk: 193.105.56.209
> > Received: from econ.insead.fr (193.105.56.209)
> > by mta105.mail.yahoo.com with SMTP; 17 May 2000 12:51:15 -0000
> > Received: from gateway-ga-nm1.mailhost.mcr-atl-mcremwin.net
> > (31-kc1-dialup.knetconnect.net [208.44.131.31]) by
> > econ.insead.fr
> > (Netscape Messaging Server 3.62) with SMTP id 342;
> > Wed, 17 May 2000 14:45:43 +0200
> > Message-Id:
> >
>
> > Subject: RE: Have you submitted this?
> > To: @yahoo.com
> > X-Mailer: Pegasus Mail for Win32 (v3.01b)
> > Date: Wed, 17 May 2000 08:50:24 -0500
> > From: alfred_dominic@IPMailStop.com
> > MIME-Version: 1.0
> > X-Encoding: MIME
> > Content-Type: multipart/alternative;
> > boundary="----=_NextPart_438868566652117316325615
> > Content-Length: 3659
> >
> > Home Owners, Get the + Plus + you need.
> >
> > + You want to consolidate bills
> > + You want to make home improvements
> > + You want cash for extras
etc.
Re:Please send me my bounty.... (Score:1)
"Please terminate the spammer's account, then go over to his house and beat him up, kick his dogs, eat his food, watch his TV, and slap his wife."
You'd be surprised how many responses I get back from sysadmins who say that they thought it was funny, and the wish they could do that for real!
Re:Creating your own targets (Score:1)
Easily fixed by having the spammer actually pay the bounty (by having government extracting a fine from him.)
Bounty on Spammer Scum (Score:1)
Ooooo! Do we get to take heads?
Re:Your tax dollars are going towards... (Score:1)
Actually, for the spammers, we have one "Afterburner", who heads up the abuse desk at RCN/EROLS.
Afterburner has a team of "Evil Abuse Desk Minions", who mercilessly track down and terminate spammers accounts, with various BOFH LARTS. RCN/EROLS, before the arrival of Afterburner, used to be something of a haven for spammers. Not so anymore.
Over on USENET, in news.admin.net-abuse.email, a war is currently being waged. Spammers use software which circumvents the mechanisms by which the origins of a mail message can be tracked. Someone, obviously, has to write that software, and provide it to the spammer.
In at least one recent instance, that someone has turned out to be Andrew Brunner, who claims to be president of CyberCreek LLC. Brunner's product, Avalanche Pro, claims both to be a legitimate MTA, and to contain a number of tools for circumventing the security of OTHER MTAs. (hmmm, sounds suspicious).
The full details, of course, including death threats by Mr. Brunner against Paul Vixie (author of BIND(8), and currently V.P. of Above.net), as well as his impersonation of a federal agent, and prior criminal record, are available on n.a.n-a.e.
UUNet, who currently host Brunner, is suffering under a load of public humiliation, mostly by the abuse teams of other major ISPs.
I invite slahsdotters to join in the fray.
--Brian
Re:Another opportunity to fink (Score:1)
Spamming is not innocuous, spam costs a lot of money to ISPs.
This means that virtually everyone is a criminal, and if they don't like you, theyll be able to arrest you and convict you of scads of crimes that you unwittingly comitted.
It is absurd to assume that virtually everyone is a spammer or that people would "unwittingly" spam.
Re:Yea, for about 2 seconds (Score:1)
Just read AOL's page on Junk E-mail [aol.com] and remember that AOL does sue.
Re:ROCK ON!! (Score:1)
Please be carefull with your CapsLock key. SPAM is a trademark of Hormel Foods [hormel.com]. They kindly allow the use of "spam" for unsolicited bulk e-mail and excessive multiposting to Usenet.
Note:The website of Hormel seems to be down at the moment.
pros and cons (Score:1)
it's a question of whether we choose convenience over our rights to monitor or own email, whether we really want the government regulating yet another form of communications. given the extremely poor record of the FCC in making decisions which benefit citizens, i'd answer a big fat no.
a medium has a tendancy to be interesting and useful in direct proportion to how little it is regulated by the federal government.
UnEMA? (Score:1)
I can see the ad's now:
"Had some bad Spam? Try the new UnEMA! Instant relief!"
Re:A client side idea (Score:1)
Procmail is one way to go about doing what you asked for (a client side spam-block). A lot of the programs spammers use have signatures that procmail can catch. But spammers can start to use new programs. Or spammers can start to send email with your email address in the To: field (happens, although rarely, to me)
An adequate solution (lacking any better solution) is to maintain seperate email addresses for friends, work, mailing lists, and "companies" - whether it be for account information (you bought something) or whatever. Then you can "white-list" the work, friends, and mailing list email addresses, meaning the person sending you email has to be on the approved email sender list - any mail that isn't from an address in your white-list gets bounced or dropped.
Unfortunately, you can never tell what email account amazon or petstore.com or whomever you do business on the web with is going to send from, so you are still stuck with one email address that can potentially get spam.
Another solution is to get a domain and set up an individual email address for every company you do business with. So if you never want to get email from microsoft@yourdomain.tld again, just forward it to
Matches my domain (Score:1)
House E-Mail (Score:1)
E-MAIL YOUR REP!
http://www.house.gov/writerep/
Spam - more damaging than you think (Score:1)
Spam is more than just a slight annoyance - it makes more damage than you think.
The way spam affects us is not only by filling our mailbox. The problem is there are so many things we could do on the net we cannot do now because of spam.
Take usenet for one example. Every kids knows posting in a newsgroup, and putting your true email address, is going to put you in every possible spam-list. Does putting user@yahoo.nospam.com really works? Maybe, yet maybe not
Spam is probably one of the things that makes usenet much less than it could be.
Then, take email search engines. Suppose there is an old friend of yours from highschool days you wish to write. Wouldn't it be great to go to one of the email search engines and find his email so that you could write him. Well, you probably couldn't find him there. Why? He's not listed, because of spam, ofcorse. If spam was not such a big story, most email addresses would be registered on whowhere and the like.
I had a hotmail account I opened a long time ago, when it wasn't part of m$ft yet. Spam was not as big problem as it is today, and I carelessly put my email address where I shouldn't.
Recently, this email address got so many spams (20 a day or more) I had to abandon it, which is probably a good thing (hotmail sucks, you know), but I also had to inform everyone I knew about my new email address
This is not to say the suggested low is a good solution. I don't think making citizens into police is the way to go, but I think making a clear stand against unsolicited email in the law is quite important.
Re:Private Is Always Better...but... (Score:1)
You just need to support a law making it legal to hurt spammers...
James - me? violent? never...
anti-spam HOWTO (Score:1)
Re:Jurisdiction (Score:1)
Oh, you mean reality? Well, a REALLY KLUDGY but working solution is proposed at the Flying Rat Project. As usual, free e-gold for the asking to Slashdotters who want to try it. Just send me an account number. http://www.FlyingRat.org [flyingrat.org] Thanks.
JMR
Criminalizing simple. innocuous actions (Score:1)
In fact, see Ain't Nobody's Business If You Do [mcwilliams.com] (in fact, all of McWilliams' books are available online for the reading) for a complete summary of the case against precisely this.
On the other hand, specific privisions against fraud are different from general "thou shalt not email" laws. Fraud is (at least)as bad to free marketeers as to anyone else, if nothing else because it's one thing [they / we]'re often accused of ignoring if not committing.
timothy
Re:nice. (Score:1)
Relax . . . drink perl
Re:Dammit (Score:1)
Re:This will never work (Score:1)
Put together, these factors should make it harder and harder to run an open relay and not give a damn. A lame admin may be able to ignore a little stolen bandwidth, but the ever-decreasing number of relays will mean ever-increasing loads on the few that remain.
In the meantime, it would be nice if more dialup ISPs blocked outgoing access to port 25. I know that Mindspring does it, and I never see spam from them. Unlike, say, PSI or UUNET.
Re:your isp bill usually dosn't go up despite spam (Score:1)
BTW, go ask an ISP if spam is a problem. Nice when you get 80,000 different mails from a spammer with a dictionary.
--------
"I already have all the latest software."
Re:Boba Fett! (Score:1)
.. Forgot the tracking URL sample =) (Score:1)
.- CitizenC (User Info [slashdot.org])
Re:Nice try... (Score:1)
Re:Please send me my bounty.... (Score:2)
Re:Pandering? Pandering? (Score:2)
Summary of the bill (Score:2)
10/20/1999--Introduced.
Unsolicited Electronic Mail Act of 1999 - Authorizes any person, on his or
her own behalf or on behalf of his or her children, to file with the Federal
Communications Commission (FCC) a statement that he or she desires to
receive no unsolicited commercial electronic mail (e-mail), unsolicited
pandering (erotically arousing or sexually provocative) e-mail, or both.
Directs the FCC to: (1) maintain and keep a current list of such filers; and
(2) make such list available to any person, upon reasonable terms and
conditions, including a service charge for such list. Prohibits any person
from initiating the transmission of any unsolicited commercial or pandering
e-mail to an individual whose name and e-mail address has been on such list
for more than 30 days. Prohibits any other use of such list.
Prohibits any person from sending an unsolicited commercial or pandering
e-mail message unless the message contains a conspicuous reply e-mail
address to which a recipient may send notice of a desire not to receive
further messages. Subjects to an FCC order to discontinue any person who
transmits such a message after such an objection. Directs the FCC, upon
request, to include in such an order the names and e-mail addresses of any
children of an objecting recipient.
Provides a private right of action, or an action by the FCC, against an
e-mail initiator who violates the above requirements.
Authorizes an interactive computer service provider to establish and enforce
policies that are nondiscriminatory on the basis of content regarding
unsolicited commercial e-mail. Authorizes such provider to decline to
transmit such messages to subscribers without compensation from the sender.
Requires a provider to notify the violator of such policy in writing and
request compliance. Makes subject to the same FCC order as above a violator
who sends such messages after provider notification. Provides a private
right of action by a provider, or an action by the FCC, upon an e-mail
initiator who violates such requirements.
Requires the FCC to report to Congress on the effectiveness and enforcement
of this Act.
Re:nice. (Score:2)
Anyone that knows RFC822 knows that any compliant MTA shows where it gets mail from. You have an audit trail of where that mail came from in each and every message. If that is not enough information, you can call the admin of each MTA the offending message went through. There is no need for any kind of government regulation.
If you don't want spam, get an ISP that uses the RBL.
If the government starts dictating what can be in email headers, the technical reasons information is placed in those headers can be restricted.
I would rather deal with some spam and follow RFCs than have a little spam and have goverment regulated RFCs
Re:nice. (Score:2)
I have not read the bill or anything, but I think that it sounds like a Bad Idea. We can take care of these problems ourselves. There is no need to have the US government police our networks in this manner.
I will accept a little spam if I can keep all of my liberty.
Well, what little liberty I have left
Private Is Always Better...but... (Score:2)
So I'm generally a firm believer in my ability to take care of things on my own. ORBS [orbs.org] and The RBL [vix.com] have certainly been shown to be an extremely successful method of filtering out spam. Since I got my mail server set up with MAPS and ORBS, I get about 2 pieces of spam a week. That's pretty managable. (And good, because I'm the kind of guy that gets spam and calls the company to bitch. Total waste of time.)
However, I don't run an ISP. I worked at one, as all good geeks must, back in '95. Spam wasn't a problem then -- I shutter to think what it must be like these days. Spam is obviously a huge loss to these people, MAPS or no MAPS. Because of the direct financial losses that result from the actions of spammers, I can't help but, although reluctantly, support federal legislation to limit UCE. It seems like the only method of stopping it.
God help us all...I'm in favor of a law.
-Waldo
Spam Runner (Score:2)
"In the future, when all the worlds electronics are networkd, a 'leet group of govt agents, outfitter with the latest in tracking gear, neat-o flying cars and spiffy firearms quietly hunt down unsolicited bulk email perps and 'terminate' them, usually with lots of fighting and evasive action scenes ending up with an aweful bloody death for the spammer."
Isn't it just? (Score:2)
Sorry to all pro-freedom/privacy zealots, but I'm willing to try this one before I condem it - I don't see anything being given up with this. You only point the law at the aledged spammers, you aren't judge, jury an executioner.
The actual current text of HR3113 (Score:2)
For the record, I don't see how a government-sponsored bounty program could work for spam. The problems aren't in finding good examples of spam -- we all get those every day! The barriers are:
- Having good laws (that define spam accurately and give right of action to both the individual and the ISP)
- Getting a name and address to which you can serve papers
- Collecting after judgement.
All three of these problems are made much easier to overcome with a strong government mandate. But bounties? I don't see it.--Tom Geller, Founder and Administrator, The Suespammers Project (http://www.suespammers.org [suespammers.org])
Government Bounty for Spammers -- A Question... (Score:2)
Re: (Score:2)
California Republican Party spams Canadians (Score:2)
------- begin extract -------
Wed, 17 May 2000 09:34:49 -0400
Received: from sdeveaux (race203.ienet.com [206.253.15.203])
by qcars001.nortelnetworks.com with SMTP (MailShield v1.5);
Wed, 17 May 2000 09:34:39 -0400
Return-Path:
From: California Republican Party
To: "Hanlan, Keith "
Subject: Greetings from the California Republican Party
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Wed, 17 May 2000 07:34:36
X-SMTP-HELO: sdeveaux
X-SMTP-MAIL-FROM: rapid@cagop.org
X-SMTP-RCPT-TO: keithh@bnr.ca
X-SMTP-PEER-INFO: race203.ienet.com [206.253.15.203]
Greetings from the California Republican Party:
The California Republican Party would like to invite you to become online activists with our State Party. This is a free activity, as we would like your support to help our federal, state, and local candidates and other Republican activities.
Please join today by clicking www.cagop.org/rapid now.
++++++++++++++++++++++++++++++++++++++++
We apologize if you have received this email in error. If you do not wish to receive this email in the future, just delete this email. Thank you.
-------- end extract --------
Apart from not having a clue, they seem to have confused
Re:I can see it now... (Score:2)
Do I sue? No, I'm too busy. But I'm on a mailing list *full* of people who sue, and win. One of them has a respectable income going here; I know people who work full time and don't get as much money as he does, just suing junk faxers.
http://www.junkfaxes.org/
Read it, learn the magic words, sue the bastards.
Re:Jurisdiction (Score:2)
Not norway! It was sweden!
Oh, and the swedish parliament is really having a tough time nowadays. People are subscribing them to all sorts of mailinglist, sending 'unsubscribe' messages to different spam-lists for them, and doing them all sorts of favors.
In short, I think the swedish parliament will remove that "its ok to spam" paragraph pretty damn soon.
(oh, and if you want to help bomb them from here, to h*** and back, look up the swedish parliament, find some email addresses and
--
"Rune Kristian Viken" - arcade@kvine-nospam.sdal.com - arcade@efnet
Re:what consequences? (Score:2)
Perhaps you're unaware of this, but the IRS has a number you can call to turn in people who cheat on their taxes. I know they used to, (but am not sure if they continue to) pay a portion of monies recovered to the person who turned the cheat it.
Mind you, YOUR records better be pristine if you turn someone in, 'cause they're gonna audit you as well operating on the theory that if you hang out with Tax Cheats you might well be one as well.
But a Bounty is hardly a new concept for the US government.
Nothing illegal here (Score:2)
Most people don't want to take the time, though.
Bounty on Spammers? (Score:2)
What about innocent "spammers"? (Score:2)
(I certainly hope placing bounties will not give more rights to certain agencies to dig through peoples mailboxes in search of evidence).
-----------------------------------------
------
Re:Consider the CAUCE response. (Score:2)
CAUCE vigorously supports HR 3113...
I only said that CAUCE likes it. I said nothing of the decenting opinions of other parties.
--
Re:Dammit (Score:2)
Re:nice. (Score:2)
- We can take care of these problems ourselves. There is no need to have the US government police our networks in this manner.
It's easy to get carried away in this kind of regulation indeed, but consider things for a moment. What about only banning forged email? Don't I atleast have the right to contact who is spamming me? Outlawing the worst-case SPAM cases isn't going to cost you very much liberty.The idea behind freedom and liberty is doing what you want, so long as it doesn't hurt others. Email SPAM, like the now illegal FAX SPAM, does cost the collectors money. It's only fair that those damages be collected on, and it might be a good idea to encourage the process by offering a reward.
It boils down to using a traditional and effective compensation method (bounty) on an act that infringes on others' rights. What great freedom of yours is being lost?
Boba Fett! (Score:2)
I was thinking rather of posters with Boba Fett on them, pointing his arm rocket pack toward the viewer...
"Now you too can be a bounty hunter"...
Oh well, At least I have something:
Darth Vader is now Canadian...
SpamCop - Easily report your spam! (Score:2)
.- CitizenC (User Info [slashdot.org])
a great new job... (Score:2)
Re:Nice HR! (Score:2)
seriously. How many other people saw 3113 and tried to read it. It took me a few seconds to realize that it was just a number and not some cryptic reference to a fashion magazine.
Re:what consequences? (Score:2)
I'd rather not have our government(s) regulating our e-mail. It'll just feed into their whole "we need more resources to fight cyber-crime" thing. I personally would really like to avoid handing any more of the Internet over to them if possible.
I have serious doubts about the benefits too. No legal solution will ever stop spam as well as a technological solution. At best it will reduce spam but it will never stop it. A technological solution on the other hand could stop automated spamming very easily. Unfortunately users and ISP's would have to make changes on the client and server side to allow for protection from automated spamming--and as far as I can tell no one is really interested in doing the work.
Users should be able to maintain a whitelist/blacklist for e-mail at their ISP. Blacklisted stuff should go to
numb
PS: Never invite a vampire into your home.
Re:Another opportunity to fink (Score:2)
Governments that have become police states criminalize simple, innocuous actions. This means that virtually everyone is a criminal, and if they don't like you, theyll be able to arrest you and convict you of scads of crimes that you unwittingly comitted.
Re:What about innocent "spammers"? (Score:2)
In tracing spam, the "from" and "reply-to" addresses are essentially ignored. Thus, that risk is bypassed.
When people have their accounts cracked, their ISP admins will go poking through their logs anyway, so that bit of privacy invasion was already present.
As someone who's helped newbies survive an ISPjacking, I can tell you that many help desks will let them off with a warning once. Once. If anything, the experience teaches them proper security practices. Nobody I know has ever been penalized too heavily for stupidity.
--
Your tax dollars are going towards... (Score:2)
Re:nice. (Score:2)
a couple of thousand users.
Sure its only a 2k email....however when you
multiply it by 10,000 users, that "one little
mail" will take up 10 MB of space...not much by
todays standards....but given that it is not
unheard of for an individual on spam lists to
get several spams per day....it adds up quick.
Plus the greif of admins. When a student where
I work sent out 5,000 spam messages, advertising
a company he was running on the side, the
university abuse adress (which I am one of the
recipients of mail to) was recieveing several
spam complaints per day for 4 days...which of
course we had to answer and tell these people that
the issue was resolved.
Forget about user quotas (which are finite, as is
the very nature of quota) and what happens when a
user runs out of quota...I am sure they would
rather the last 2k of their quota going to a
message from their friends than some spam
advertising some "get rich quick" shceme.
(yes, our users have quota. I know that some
people are amazed by this - like say the people
who wrote pine - but its true)
Re:Really simple (Score:2)
examples of this sort of thing NOT working.
Take paid informants. There was an incident in
Florida where a paid informant informed police
that a certain house was a drug house. The truth
turned out to be that it was nothing more than the
residence of an old couple. That fact wasn't found
out until police showed up in full storm trooper
gear and killed an innocent old man. Need I
mention that no "drugs" were found in the house?
I think this is an issue that is best dealt with
on the ISP level. Give ISPs the ability to sue
spammers who use their machines to relay spam.
That should help..
Beyond that....Laws can't really stop the problem.
Spammers will just spam from acounts in other
countries where the laws are les strict.
-Steve
Consider the response rates... (Score:2)
The key is response rates- telemarketing is expensive indeed, but successful sells are comparatively common. Direct mail less so, but it is much less expensive (they use bulk rate and metered pre-sorted rate postage so it's actually less than 32 cents/item).
Spam OTOH might have insanely low response rates but it quite cheap, so it still works. This is why marketers get so juiced up over the idea of targeted opt-in mailing lists. These have lower costs than direct mail, but potentially with the response rates of phone jockeys.
And yes, it's terribly trivial. Wait until they start broadcasting custom digital TV and the ads you see on Friends are targeted just for your household. We've only seen the first 1% of the bleeding edge of truly personalized marketing. In 20 years' time we'll look back and long for the days of simple spam.
-cwk.
Re:Nice HR! (Score:2)
4 minutes to post it. Clearly the Force is strong today
Two Words: BOBA FETT (Score:2)
Re: (Score:2)
/. spammers (Score:2)
ASCI art $ 100
Trollmastah $1,000
Hot Grits $10,000
First Post $100,000
We could all be rich.
Re:what consequences? (Score:2)
The law does lump people who break the law into the overarching category of "lawbreakers"; however, it certainly divides that up into felonies and misdemeanors, and further divides up the felonies into different classes. There is also tort law and the whole idea of liabilities. I think that civil justice can be much more painful to spammers than whatever criminal penalties would be assessed (they would be very light since the crime not inherently harmful). If automatic class action suits could be filed so that every person who receives a piece of spam from a spammer is owed $.05, I think the world would be a much better place. Not to mention that anyone with accounts on AOL, Hotmail, or Yahoo mail would have an wonderful new revenue stream.
I don't think there is anything wrong with having bounties for people who catch criminals, at any level of crime. It has been shown time and time again that what prevents crime is strict enforcement rather than harsh penalties. No criminal does his crime if he thinks he is going to be caught. If we have a problem with it being a crime we should decrimininalize it rather than being hypocritical and not seriously enforcing it.
Encouraging every citizen to be on the look out for crimes in progress merely amplifies everyone's civil duty and reduces the price of hiring more law officers. The only problems to be avoided are people potentially being "framed" and so forth, but that is already a problem today. That is what insurance fraud investigation is about.
renegade spam hunters (Score:2)
Re:Congress ahead of its time? (Score:2)
ponder ponder ponder (Score:2)
I have some serious reservation about this. Paying citizens to tattle on each other is serious business. In fact, it's been an early step in many totalitation regimes such as Hitler's (for turning in "disloyal" citizens, not sleazy marketing types though).
How would we react if citizens were rewarded for reporting other crimes? There's a $100 fine for littering, would it bother anybody if I got half if I turned litterers in?
(For once) I think that the lawmakers are genuinely trying to do a Good Thing, but the indirect consequences could be bad.
---
Dammit, my mom is not a Karma whore!
illegal spammers (Score:2)
Illegal spammers? Would that include the NASDAQ-trading, inernet economy-sustaining, politically donating companies that opt you in no matter what you say and opt you out only when somebody sells them a list of recently deceased people whose families might be interested in discounts on funeral arrangements? Nah, that's as legal as it gets, isn't it. After all, millions mean respectability and with spam as with everything else in this world, whoever's got the money got the (il)legal ride.
At least with small-time spammers, you can have their ISP shut the account down. Now try doing the same when the spammer is an A-list client on Exodus.
Re:Congress ahead of its time? (Score:2)
This isn't bounty hunting (Score:2)
Receiving a reward for turning in a criminal is not bounty hunting. Unlike these guys [bounty-hunter.org], you are not taking the law into your own hands if you use the legal system to pursue a spammer. All they are proposing is that you receive a reward for doing so.
This is completely different from the WAVE program where kids report their peers just for being weird, and not for commiting any crime.
Re:Jurisdiction (Score:2)
I rember reading a few weeks back that either Norway or Sweden has just passed a law that makes spamming legal.
Does anyone have any more details?
better ways (Score:3)
Anyway, I much perfer Julian's [julianhaight.com] philosophy over at spamcop.net [spamcop.net]: "Protecting the internet community through technology, not legislation." If you're sick of spam and want a way to slap those responsible, then join up (or don't, there is a free service as well) and parse all your spamage. But please read the intro and the FAQ, we need to preserve the image that spamcop has in the minds of the abuse desks; it's only a tool being put in your hands, YOU are responsible for what you use it for.
and besides, an address like cabbey@spamcop.net, is bound to make a would be spammer queasy.... (note: happy spamcop user, not an admin.)
Re:Actually not many people are so vitrolic (Score:3)
I find that most non-techies are quite annoyed with spam, but they sweep it under the rug since they don't know what else to do. I took about 10 minutes to show my friend how to look at the headers, find what is most likely the mail's original domain, and email abuse@, he now has something he can do about it.
Trust me, it feels good to get that message back from their ISP, informing you that they canceled the spammer's account.
If you think u$oft is bad... (Score:3)
Let's pretend I'm p0rn site www.slashporn.net and www.slashporn.com is getting more business than me... I'll just put them out of business - send a few hundred thousand emails stating "Visit slashporn.com! p0rn for nerds!"
Soon enough, slashporn.com gets sued for hundreds of thousands of dollars and is out of business. My business goes up and life is peachy.
Wonderful.
Of course, this ties in to DDoS - how do you track down the spammers if they're spoofing their return address? The current state of the internet makes this difficult if not impossible (if done well). Yes, I know there are differences between spoofed IP packets and spoofed SMTP headers, but there are similarities as well.
Dammit (Score:3)
I know that this is a completely different situation, but the same basic idea applies.
Ahh... fuck it, dude. Let's go bowling.
--
This will never work (Score:3)
Then there's the most annoying problem i faced, which is admins that either don't know how to prevent relaying, or don't care that they are being used as a relay. I recently was notified by a friend of mine that he got spammed through a mail server owned by a major canadian isp. Not only was the server an open relay, but it's sendmail configuration was so fucked that it didn't even log the originating ip address in the mail headers (IOW, it trusted whatever HELO said). TO make matters worse, the admin of the box was contacted about this, and has done nothing. I think the only way to prevent spam is to educate admins about relay-proofing their mail servers.No open relays, no spammers. Then the US could put a decent amount of money into public education instead of making bounties to catch these bastards.
Just my $2^-2 worth.
Joy, this legalizes spam (Score:3)
There's a business opportunity here. Open a spamhausen ISP, make it OK in your TOS to spam, just require your clients to use a valid return address and honor a remove list.
Most spam I get always says "No need to be removed, this is a one-time mailing, your name is already deleted." So joy, each time I want to send out a new SPAM I just create a new account with that ISP, spam away.
An Opt-Out law is worse than no law at all
Opt-in (or "permission-based marketing") is the way to do it. Opt-out will always just be spam and this bill makes that legal.
I can see my spam now. "This message can not be considered SPAM under HR 3113 as long as we provide a valid return address and a way for you to be removed from our lists.
Consider the CAUCE response. (Score:3)
In general, I support cauce and their put-the-power-in-the-hands-of-the-people-not-the-g overnment philosophy. So if cauce likes it then it's probably a pretty good idea. If you hate UCE then consider joining cauce. They do lobby legislature and the quantity of their members adds to their political ability.
--
Jurisdiction (Score:3)
- What about spammers outside US jurisdiction? They often can't be collected from, so who pays the spam-hunter bounty? The US tax payer? I'm paying for SPAM enough as it is in my ISP bill.
- If spammers can't be collected from, a bounty hunter could hire them to spam and give them evidence of it, and split the bounty, again picked up on by the tax payers.
Personally, seeing spammers being hosed is reason enough for me to fight them.Be careful, Timothy (Score:3)
Hormel, which holds the trademark [uspto.gov] on spam, might sue you for infringement. ;-)
Pandering? Pandering? (Score:3)
So what if, unsolicited, I send a scholarly dissertation on the evolution of the sea slug to Roblimo, but unbeknownst to me, it gets him all hot? (You just never know with Roblimo.)
Am I screwed?
How do you "win" the bounty? (Score:3)
Also, I also think that it might be remarkably easy to frame somebody, and then collect the bounty for finding them. Unless some law enforcement agency checks your findings, thuroughly.
-- zaius --
No More Spammer Excuses (Score:4)
User@domain.com receives spam.
User complains to ISP about spam.
User takes approproiate action against spammer.
Spammer cries "But people WANT spam!"
BZZZZT! That's where the excuse dies. If users want spam, there wouldn't be such an outrage against it. Now when this little law goes into effect, and people see the percentages of internet users complaining about spam, Spammers will have to come up with another excuse.
Then in turn, tougher rules will be enacted. This seems like a Good Thing to me. Here's hoping Internet Spam goes the way of Fax Spam.
-- Give him Head? Be a Beacon?
Re:I can see it now... (Score:4)
Other have addressed some of the reasons why this is hardly the panacea it seems at first glance. I just want to note that whenever a law is passed to control an 'out of control' practice, the public's resistance to that practice diminishes.
Even the most inept telephone telemarketer has a few stories of conversions: people who start off following the "Put me on your No-Call list" script of DMA-supported so-called 'consumer' groups, but end up as buyers. The secret is that the longer you talk, the more likely you are to buy. Most people who follow a No-Call script would have hung up point-blank before. The 'don't call' script offers a tiny foot in the door of otherwise definite no-gos. The Telemarketers have scripts of their own to capitalize on this.
Why do you think Publisher's Clearinghouse makes you fiddle with so many stickers to complete one of their sweepstakes stickers? So the visions of payoff, and other irrational notions can dance in your head. Even after you hang up after your Don't-Call spiel, don't you secretly wish they call back, so you can nail them in small claims. Only a tiny handful of people have ever successfully sued (not enough to pay for a single DMA trade seminar luncheon) while telemarketers do many successful conversions every hour, in every state.
And now we dangle the 'bounty' of a potential windfall, albeit a modest one, in front of every newbie, casual user, and kid?
Less spam will get filtered and discarded unread and more spam will be scrutinized for 'illegal' elements that qualify it for the bounty. People will be less cautious about prtecting their e-mail, because it's a potential pay-off as well as an annoyance, and because watching your privacy is hard work, and humans will seek any rationalization to avoid such a tedious and thankless task. "Spam is illegal" is just such an excuse
Publishers Clearing House would love this! PCH spends several times as much on its interactive sticker-laden mailings than it does on the grand prize - and made decades of tidy profit on this marketing model. They are proof of concept.
Salesmen - especially shady ones - are cynical masters of psychology, unlike engineers.
I'll close with a general warning tht you should keep in mind for the next year of so:We are at a critical time when private data is still largely unregulated in the US, and is not as tightly regulated as it will be, even in Europe. They can gather and share information now that they may never be allowed to gather again.
_____________
Spam bounty hunting - Sweet! (Score:4)
Spammed person: (getting ready to freeze the offending account and dispose of the spammer)
Me: He's no good to me dead.
Spammed person: (pausing) Don't worry, you will be properly compensated.
Spammer: (screaming as the torture began) Aaaaaaaarrrggh! They didn't opt out, they didn't opt-AAAAAAAAAAAAHH! NO! Not my e-mail finger-GNNNAARGH!
I like it.
Congress ahead of its time? (Score:4)
(a) FINDINGS- The Congress finds that:
(1) There is a right of free speech on the Internet.
I'm so happy Congress found it, I thought it was lost before.
Nice HR! (Score:4)
- Rei
Spam vs. Junk Mail (Score:4)
Spam and junk mail, at the first look, seem very similar. In fact, they are quite different. Those of you geeks who bother to leave the house (myself included) know that you need a stamp to send snail-mail. Stamps, as you know, are not cheap. What is it now, 34 cents? I can't keep track. (I just don't leave the house enough, that's my problem.) To send an e-mail? With an unlimited internet access plan, nothing, really. On bandwidth rated connections it could end up costing you a pretty penny if you were really high volume. Notwithstanding, spam is, on the whole, free to send; junk mail isn't.
This presents quite a conundrum. In the "real" world, junk mail isn't free to send, so there's less of it. Telemarketing isn't viable, either, because you need to pay people. Spam, on the other hand, can be efficiently run on an old computer with a 56K, or 33.6K (if you're patient) modem. What is there to do?
Well, nothing good. Government regulation (as in USA government) of anything on the internet is just wrong -- the internet belongs to no one, at this point. If the government wanted to regulate it, it shouldn't have ever left our borders; not so quickly, at least. It's too late for wide-scale regulation -- it'd be trivial and stupid. Trivial because anyone can route through some foreign server and stupid because it's no one's place to go around making regulations.
As mentioned previously, I think the best solutions are private. Set up some filtering software. Or, god forbid, delete the crap. If you're on a per-bandwidth payment schedule...sorry. It's what you have to deal with. The whole point of freedom is that anyone, not just geeks, can do what they want. If what they want to do is sell printer toner then by all means, sell away.
As a side note, doesn't this all seem a bit trivial to anyone?
Mikey G.
Re:Dammit (Score:4)
The issue is, spam costs time and money. Unlike even junk mail, the sender suffers effectively no cost, but the recipient does. It's annoying enough when this is "legitimate" but it's maddening when the message is fraudulent.
Despite the wonderful Wild West connotations of "bounty", this isn't a bounty ... it's not a reward, it's a right to recover damages.
I can see it now... (Score:4)
Is it just me or does this sound damned hard to work out details for?
-Earthman
Private solutions? Sure, they're waiting for you! (Score:5)
(One of the great things about MAPS is that the more participants, the better it gets. If you use MAPS to filter your mail, then report spam you receive back to MAPS appropriately, you will be helping to improve the service -- thus reducing your future spam intake and everyone else's.)
It's funny you should mention those -- because those are, in fact, two problems with law-based solutions which do not affect private solutions."Freedom of speech", as protected by the U.N. Declaration of Human Rights and the U.S. Constitution (among others), is more accurately described as the freedom to use your own resources, including your voice and your property, to speak your mind. It does not justify your use of other people's property to speak your mind. That, however, is what spammers do -- they use my mail server, without my permission, to spam me, my users, and others. In the civilized world we call that "theft of services" -- just as if I owned a printing press and you crept in by night and used my press to print up your leaflets.
The legal trouble, then, lies in defining "permission". Some would argue (and have argued) that by connecting a mail server to the Internet you are implicitly granting everyone permission to use it as much as they want, for whatever purpose they want -- including spamming. The opposite extreme is to hold that only explicitly solicited mail is granted permission -- which would rule out a lot of perfectly legitimate mail. Both of these are IMHO ridiculous extremes. A legal attempt to stop spam, however, must deal with these issues in defining spam. Veer to far towards the first position, and you violate property rights; veer too far towards the second, and you violate freedom of speech. A private attempt to stop spam can define permission extensionally -- i.e. by example. This is exactly what cooperative, voluntary systems like MAPS's lists do. The lists are made up of addresses associated with actual pieces of spam received and reported by participants.
You also mention the "multi-jurisdictional nature of the problem". This, too, is a problem solely for legal attempts to stop spam, and not private ones. Private cooperation among ISPs and among users may easily ignore governmental borders -- indeed, it already does. MAPS participants come from all corners of the globe.
What's so "anti-government" about bounty-hunters and more laws? That's about as "anti-government" as any other case of stool-pigeonry.As a Libertarian [lp.org], I object to government meddling in private affairs. I also object to crime (i.e. the violation of people's rights), and I consider spamming to be criminal, regardless of whether or not government thinks it is. Spamming is a violation of the property rights of those spammed, and of the owners of mail servers that relay and store the spam. I support people taking private action to protect themselves from crime, insofar as they feel the need to do so, and can do so without violating others' rights in the process -- and that is exactly what MAPS and similar systems do.
If you are emotionally dependent on government to protect your rights -- in other words, if you are unwilling to protect them yourself -- what rights do you really have?
what consequences? (Score:5)
Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt. But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?
Well, we should be suspicious if it is only A Bad Thing and not An Evil Thing. SPAM is a pain, but it's just not on the same level as rape or murder. There is a real difference between giving someone an incentive to turn in their rapist neighbor vs their spamming neighbor. The law ought to see a difference between the magnitude of those two acts, rather than lumping them together as "lawbreakers."
Then again, if they'll let me hunt them spammers with my shotgun in hand, to hell with the precedents! :-)
-- Diana Hsieh