Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam

Spam Under Legislative Attack in Europe 200

Posted by chrisd from the futile-legislation dept.
Anonymous Coward writes: "CNN has an article in their Science and Technology section detailing how the European telecommunication ministers have agreed that unsolicited e-mail and wireless text messages should be prohibited under a new data protection law. They also are agreeing to allow leeway for law enforcement to access logs of e-mail and telephone traffic.
This discussion has been archived. No new comments can be posted.

Spam Under Legislative Attack in Europe More

Spam Under Legislative Attack in Europe

Comments Filter:

  • Somewhat normal (Score:2, Informative)

    by quartz ( 64169 )

    In a place where Internet traffic is priced by the megabyte or minute and SMS service by the message, I would imagine the motivation to eliminate spam is a little bit higher than in the country of flat rates.

    • Re:Somewhat normal (Score:1)

      by Anonymous Coward
      That does not seem to be the issue. I am an European, and we do have monthy access fees (plus phone cost for those who have dialup!), as well as ADSL or cable (which usually has no limitation except basic fair use rules, or a limit where extra capacity must be paid for extra).

      Bandwidth is not really the reason. Europeans simply do not like intrusive advertising techniques. "Cold-call" telemarketing by fax has been illegal sine 1997 (http://europa.eu.int/eur-lex/en/lif/dat/1997/en_3 97L0066.html)
    • spam = terrorist
    • Well, I can't speak for all European countries but Belgium here has a very high rate of people using cable or ADSL for internet, meaning no fee per megabyte or minute (cable users have a 10GB cap though). Heck, how long does it take to download your spam on a regular charged-by-the-minute telephone? I really expect this to have been a non-issue.

      Your comment about paying per SMS message makes no sense to me as it's the spammer that has to pay, not the recipient. Care to elaborate?

      • Heck, how long does it take to download your spam on a regular charged-by-the-minute telephone?

        At some points, I have received more than 4 spams - per minute. (My filters are better now.) On a 56K dialup (which normally gets you 33K-40K), that would net you in the region of 80% or more of your bandwidth, assuming you were connected 24/7. (Spams are often quite large, and include JPEGs and HTML.)

  • Asia (Score:3, Informative)

    by Detritus ( 11846 ) on Friday December 07, 2001 @11:33PM (#2674689) Homepage
    Most of the spam that I receive is coming from China and South Korea. I don't think legislation will help much. I would rather see them BGP'd to /dev/null.

  • Real problem targeting spam (Score:4, Insightful)

    by GSloop ( 165220 ) <networkguru@sloop. n e t> on Friday December 07, 2001 @11:34PM (#2674692) Homepage
    Most of the spam I get now, is from companies that are using "contractors" to spam, or spam from offshore (i.e. China) ISP's. The advertised product is from the US often, but the advertisee is not. Therefore, shutting down the "spammer" isn't going to do anything.

    Now I don't know how to practically impliment this, as there are some pitfalls, but with some decent legislation, we could make it possible to target the beneficiary of the spam. That makes it possible to attack the real reason for the spam - where we can use our laws etc to attack it.

    Sure, there will be spam that also has you send you money to China/Afganistan etc, but that will make the spam much less profitable, as most people won't do so. Lastly, most people will use credit cards, and I assume that most SPAM scams are frauds too, so the chargebacks will be hell for the spam beneficiary.

    Anyway, it just seems that we can't just attack the spammer, we really need to attack the beneficiary. Then the spammers will go away, as they can't find anyone to demand their services.

    Sure, I'm crazy, but what the heck!
    • Most reasonable countries and reasonable laws are aware of the contract killer/spammer/whatever. What makes you think these laws will be any exception? I would expect that a well worded anti-spam law would choose its phrasing such that it didn't matter how many levels of indirection there were; if you are anywhere in the chain of "spam him" instructions, you're guilty.

      Remember, The Man(tm) may be an asshole, he may be an ignoramus, but he is very rarely a moron. Morons aren't very threatening and if they are, they are easily controlled and manipulated into doing something less threatening.
    • >Therefore, shutting down the "spammer" isn't going to do anything.

      You're right - in those cases, to hell with the spammer, you have to go after the spamvertised product. Spammers spam because people are paying them to spam. People are paying spammers to spam because those people are making money off the spam. To borrow a Bush tactic, follow the money. If you're getting spam from Asia, Russia etc. advertising a website in the US (as I frequently do), forget tracking down the spammer unless you really want to spend the time doing so. Instead, forward the spam to the webhost of the target site, and the host of any email dropboxes contained within the spam.

      It costs money to open webhosting accounts, so hit the real spammers (those who benefit from the advertising, not necessarily those who send the mail) in the pocketbook.

      Shaun
      • That would make it possible for anyone to put the hurt on a legitimate business. Don't like Bob's Hardware Emporium? Talk to these guys in Taiwan, who will put together an authentic-looking spam campaign for you.
        • Sure, thats some of the problems I am referring to...

          I can't think of any great way to prevent that kind of abuse...but it's not terribly likely that someone will pay to "hurt" spam their competitor. That probably eliminates a bunch of the abuse potential.

          Open relays abuse are another matter, but in practical terms, these are more and more rare. (I think, I am not factually sure of this...)

          That leaves people spamming using their "own" account. That would make tracking the "real owner" of the spam a bit easier to find.

          Lastly, one might take advantage of the SPAM offer, and thus prove that the spammer benefitted from the SPAM, and was accepting the spoils thereof. With this in hand, the spam beneficiary gets whacked. Yeah, I know it's still got some loopholes...

          Lastly (really this time) lots of the spam I get is for spam lists, or other seedy small time scam type stuff. Making this market a bit less profitable will dry up the market a lot. That leaves the big guys, but they will probably clean up their act, because they have more important things to worry about.

          Basically, it seems that virtually all spam beneficiaries have some tie to the US, or other 1st world country. DNS, Website, PO Box etc.

          Also, the law wouldn't have to be criminal, that would just be a pain for everyone, just civil.

          Just some additional thoughts...
        • >That would make it possible for anyone to put the hurt on
          >a legitimate business. Don't like Bob's Hardware Emporium?
          >Talk to these guys in Taiwan, who will put together
          >an authentic-looking spam campaign for you....

          That's usually referred to as a "joe-job," and it already happens frequently. Most of the time it's easy to tell a joe-job from a real spam campaign:

          1. Spammers are too stupid to put a notice on their website saying "we didn't send you that." Joe-job victims will quickly put up such a notice once they get reports that they're being framed. (See paypalwarning.com, who were joe-jobbed over the weekend.)

          2. Joe-jobs often, if not always, target sites that have been around awhile (long enough to garner some competitors) but have no history of spamming.

          3. Real spammers start spamming for their site as soon as it becomes active, because they're used to the cycle of "find a new webhost, start spamming, get shutdown, find a new webhost." I resell webhosting accounts and I've seen this firsthand several times. They open an account and I wind up nuking it within a day or two due to complaints. Webmasters who have a track record of being legit rarely wake up one day and decide to start spamming.

          4. Joe-jobbers often make the mistake of leaving evidence which clearly links them to a competitor or enemy of the framed site. Some of them even post the forged spam from their own company's network. Nothing says "joe-job" like spam for Bob's Hardware Emporium which originated from gw.carlshardware.com.

          Shaun
    • Sure, there will be spam that also has you send you money to China/Afganistan etc, but that will make the spam much less profitable, as most people won't do so. Lastly, most people will use credit cards, and I assume that most SPAM scams are frauds too, so the chargebacks will be hell for the spam beneficiary.

      Chargebacks will be especially nice when spam fighters start submitting hundreds of bogus orders, with made up CC numbers. Perfectly safe if you use an open proxy [rosinstrument.com], and pretty effective too (as long as the check digit [beachnet.com] matches, but it is easy to produce matching numbers...): for verification beyond check digit, the spammer has to pass card number, expiration date and billing/shipping address to his card processing firm before he can know the thing is bogus, but for each card check that turns out negative, it gives the spammer a black mark. Eventually, he'll be kicked...

    • "Anyway, it just seems that we can't just attack the spammer, we really need to attack the beneficiary. Then the spammers will go away, as they can't find anyone to demand their services. "

      Of course then it promotes another tactic. People could pay spammers to send out spam with their competitors' contact information. When the spammer's operating from China, it becomes much more difficulty to prove that the person listed in the spam is the person who ultimately initiated it.

  • We hate spam, Saudis hate porn. Too bad. (Score:4, Flamebait)

    by Marsh Jedi ( 244205 ) on Friday December 07, 2001 @11:38PM (#2674705)
    We spend hundreds of kilobytes yammering about the great firewall of China, in particular laughing at the futility of it--legislation that stops the flow of information seems to be something we protest when implemented, and deride when proposed.

    This is of course, while we upgrade our procmail recipes and secretly wish for a legally-mandated X-this-is-spam header.

    In the end isn't stemming the flow of unwanted spam essentially the same thing? Going with the datahaven theory, eventually all your spam will come from the countries that _do_ allow spamming. And then all your bulk-marketing companies will set up branch offices there.

    It starts making draconian black hole lists start seeming like the only viable solution. Because legislation sure don't work.
    • But if you could get spam to originate from only a few spam havens by ongoing legislation, it would be much easier to bully the remaining countries who allow spamming to change their minds. Blocking off ip ranges from the internet is a relatively easy task, and if people hate spam that much, the majority of ISP's would be on-board. Is it right to do this, perhaps not. Is it possible, definately!

      Personally, when my network receives spam from a company, I send them a bill. Sure it costs me minimum 35 cents for postage, and the bills average only 12 cents, and I have yet to receive payment, but it's the principle of the issue. And more often than not, I receive a letter or a phone call back regarding the charges, so in some way I get my money.

    • In the end isn't stemming the flow of unwanted spam essentially the same thing [as the Great Firewall of China]?

      No. In the case of the Great Firewall of China (and Saudi Arabia), a third party is attempting to block information people want. As such, the sheer number of minds applied to circumventing those artificial barriers all but assures they will be overcome.

      Contrast with spam filtering, where a third party is attempting to block information people don't want, with the full support and agreement from said people. This makes the number of sociopaths trying to circumvent the barriers vanishingly small. Moreover, because people support the blocks, the number of people willing to report spammers who penetrate security is considerably higher (as opposed to the China/Saudi situation, where there's likely a silent agreement that the authorities are not informed when the barriers are breached).

      Schwab

      • In the end isn't stemming the flow of unwanted spam essentially the same thing [as the Great Firewall of China]?
        No. In the case of the Great Firewall of China (and Saudi Arabia), a third party is attempting to block information people want. As such, the sheer number of minds applied to circumventing those artificial barriers all but assures they will be overcome.

        Contrast with spam filtering, where a third party is attempting to block information people don't want, with the full support and agreement from said people. This makes the number of sociopaths trying to circumvent the barriers vanishingly small. Moreover, because people support the blocks, the number of people willing to report spammers who penetrate security is considerably higher (as opposed to the China/Saudi situation, where there's likely a silent agreement that the authorities are not informed when the barriers are breached).


        But obviously some people want spam. Thsi stuff is profitable. IF it wasn't it would have ended a long time ago. Spammers may be slimy, but they aren't stupid. If it costs them 5 cents per email (which I am completely making up, it's probably lower, but for this arguement, we'll say 5 cents) and they only get an increase in hits and sales which equals out to 2 cents per email, they would quit doing it. It's like the X10 ads, everyone complains about how they hate them, but they work. When they started doing them, the traffic on their site skyrocketed. So some people obviously do want them, they use them. Same thing with spam. If no one wanted it, then no one would click on the link and give them money.

    • Apples, oranges. (Score:3, Informative)

      by McDutchie ( 151611 )
      The Great Firewall of China is intended to prohibit people from actively seeking out information they want.

      Anti-spam legislation is intended to allow people to stop receiving information (?) they don't want.

      This is not about control of the Internet. This is about control of my e-mail inbox, the one I pay for.

    • Everybody knows that spammers often like to use open mail relays [mail-abuse.org] which are located in China. And they do this, because they know very well that the Chinese are very unreactive in closing those down.

      However, how about the following idea: if a spam relay is not closed within, say, 2 business days, we start using it ourselves... to spam thousands of Chinese email addresses with anti-communist articles from various news sources. I betcha, that relay will get closed down real quick.

    • You don't get it; it's not (only) about going after the carrier of the message, it's about challenging the idiot that thought to benefit of the spam.
      And their addresses are known and virtually all of them are in our own countries, how else could they do business with us...
    • Well, european legislators have perhaps a better track record of not totally-clueless legislation. For one thing, Norway's legislation in the area is good. I guess europeans still have a bit more confidence in their legislators, and I understand why USians have none.

      I think legislation is the Right Thing[tm] to do right now. I'm not going into details, but the privacy concerns with ISPs stopping their customers from spamming is so great, I wouldn't want my ISP to be able to tell if I spammed.

      The most significant problem is that the US is right now a spam haven, as about 90 % of my spam (get about 10 a day) comes from the US. If the US gets some good legislation too, the spam-havens will die, as the rest of the world will block them back to the stone age untill they get some good laws.

    • Who cares where they send spam from! If they are a business that operates in a country where spam is illegal, sending spam to that country's citizens they are breaking the law and they can be tracked down! They have to provide SOME sort of contact information in the spam - otherwise you have no way of ordering their product.
  • I have a fax number attached to my mobile phone as part of my plan. I don't use it much, so I didn't bother finding out the number for the first few weeks I had it. In that time period I got no less than 84 pages of, you guessed it, spam. Although this pales next to the amount of email spam I receive, it is shocking to know that I can get spammed when even I don't know my address.

    Anything that reduces the volume of electronic junk I receive is good. I applaud the Europein Union for this, and I hope that it comes to the USA very soon.

    • Re:fax spammers suck (Score:3, Informative)

      by jsmthng ( 227222 )
      I'm 76% sure there's a U.S. law against fax spam, because it gets the bonus of specifically causing real-life monetary damage (in this case, waste of paper and ink, especially when fax paper was a big deal Back in the Day; email really is just electronic bits with the occasional per-minute cost).

      Ha, google gets me a random attorney's page on the subject: http://www.markwelch.com/faxlaw.htm

      You get $500 per violation. Woo.

      • Re:fax spammers suck (Score:2, Informative)

        by Lowca ( 464465 )
        A little karma whoring going on:

        Here [gpo.gov] is the junk fax law (47 USC 227). As jsmtng said, you could get at least $500 for each junk fax sent to you.


  • Uh, so I can finally jail my aunt -- the one that only knows how to hit the "forward" button in AOL -- for her unsolicited relentless onslaught of "forward this to 20 people to support (insert random hippie political point here)..." crap?
    • Or my aunt... the one that only knows how to hit the "forward" button in AOL -- for her unsolicited relentless onslaught of "forward this to 20 people to support (insert random right wing religious/political point here)..." crap?
  • It seems to me that the telecommunications ministers have much larger things to deal with than cookies. Do they really have the power or reason to deal with the Application layer of the system? Now my site [studyshare.net] needs a policy to tell people that my app server likes to set cookies? Anyone wish for the time when the web was less commercial?
  • I don't like spam, but I don't want any laws against it. If you want freedom, you have to support everyone's freedom... even if you hate them. The only law I would support is one that mandated a way to get off a spammers list... AND the remove must work.
    • It is not the plain advertisement that gets most people, it is is the theft of service. It is the tactics of stealing the addresses of those that post on message boards and newsgroups. Slashdot is not immune as I have received 3 spams emails in as many days to the address I use for posting here. Do you supprt tha ability of someone to force you to spend time and money to receive the piece when they, in *no* way, support the medium? If they want to advertise, then let them do so in TV, radio, or print since that would support those services. Junk mail from the postal service remains inexpensive because of the bulk mailers that pay for the services. Until the medium is supported, I will combat spam with everything I have an take it to any means necessary.
    • If you want freedom, you have to support everyone's freedom... -- dawgfacedboy

      Your right to free speech doesn't extend to my living room. I assert that it shouldn't extend to my inbox or my telephone either, unless I've explicitly published my desire to receive such contact.

      A working opt-out would be great, of course, as you say. But such a thing is not possible, or at least there's been no proposal yet that doesn't just make the spam problem worse by disseminating my email address to the very folks I want to shut up.

      That's why the only route is draconian: ban ALL UCE entirely, until and unless somebody comes up with a safe, non-spamming mechanism for blocking UCE.
      • What makes you think a working opt-out is not possible ?

        We do infact have such a system in Norway. There's a single webiste, operated by the government whee you can register yourself, and mark check-boxes for which kind of targeted marketing you accept. (postal or by phone ? Not from anyone, or do you still accept postal marketing or phone-calls from charities?)

        Anyone who does direct marketing is legally obligated to wash their adress-lists against this one atleast once every 3 months. Sending postal mail, or doing phone-marketing to a person on the list is a crime. Punishable by fines or prison up to 2 years. (In theory, in practice you get a fine offcourse)

        When it comes to email we've got opt-in though. Sending marketing to individuals without *prior* *informed* *active* consent is a crime. Same punishment as above. And it *does* Work. I get about 200 spams a month. And this far in 2001 I've gotten *2* Count them - *TWO* spams from Norwegian spammers. Naturally I've reported them and had them fined.

        Opt-out is actually acceptable if there's *one* single point where you opt out, and if there's punishments attached to ignoring your opt-out. I still prefer opt-in, but the opt-out on phone-marketing does work. I've got ZERO phone-marketing-calls after I registered myself on the opt-out site.
    • I don't like spam, but I don't want any laws against it. If you want freedom, you have to support everyone's freedom... even if you hate them.

      Cool! Tomorrow I'll make use of my freedom to come to your house and dump a truckload of cow shit in your back yard. As a sign of my dedication to Freedom and the American Way, I'll even put a brand new US flag on top for you. How's that?

      Don't like it? Sorry. If you want freedom, you have to support everyone's freedom, even if you hate them.

      The only law I would support is one that mandated a way to get off a spammers list... AND the remove must work.

      Yeah, that's reasonable I guess. I should stop dumping cow shit in your back yard if you tell me to stop, I can accept that. However, since you have now yelled at me, I now know for sure that you exist, and I'll be sure to sell your address to at least ten fellow cow shit dumpers as confirmed live!

    • Re:Just make a real remove! (Score:4, Insightful)

      by Micah ( 278 ) on Saturday December 08, 2001 @12:29AM (#2674826) Homepage Journal
      There are how many millions of businesses in this country? And you're saying they should all have the right to send you their sales pitches by e-mail, but as long as you reply with "remove", they have to honor it?

      You want to reply to 5 million e-mails with "remove" in the subject?

      Sorry, try again.

      • Re:Just make a real remove! (Score:1, Insightful)

        by Anonymous Coward
        Right now it's perfectly legal for those millions of businesses to spam you. The vast majority won't because the 10-100 customers they'd get aren't worth the hundreds of current customers they'd lose. The ones that do spam usually have a working "remove" link so you can opt-out of future ads. If there wasn't a remove option they'd annoy and lose customers.

        Spammers have no current customers to offend, so they spam people as often as they can. They also have remove links, but instead use them to confirm valid emails. Spammers like to fake IP addresses and use free anonymous email accounts, so even if you could legally opt-out of a particular spammer's spams, he could just spam you with a new pseudonym and you couldn't (without some serious digging) tell the difference.

        In short, spam is beneficial for the few that do it, but not for the vast majority of companies. If it was truely beneficial to everyone, then you would be getting 5 million spams a day.
    • Hey, if somebody likes a freedom of peeing on the lawn of the house you rent are you going to put up "please don't pee on my lawn" sign or do something more meaningful? :)

      Remove will work. Except the list is always different :)

    • I don't like spam, but I don't want any laws against it. If you want freedom, you have to support everyone's freedom... even if you hate them. The only law I would support is one that mandated a way to get off a spammers list... AND the remove must work.

      Spam is not a freedom that people should be able to exercise, no more than direct marketers should be able to send out a pound of junk mail per household per day.

      A real remove does not come close to being a solution. People shouldn't have to 'opt out' of spam; spammers should only be able to spam those who have opted in. Yeah, I know they wouldn't be able to spam anybody in that case, but that's the point. Spam is forcing something on an individual and making him or her pay for it. Consider that ISPs (i'm in the US) are looking into ways of charging high-bandwidth users more--AT&T has plans for this in the future (their 1.5 mbps bandwidth cap was their first step towards that; if you want more, you pay for it). Should I have to pay for Spam? Should the ISP have to pay for it?

      Saying that people should be able to opt out of spam is a bit like saying Microsoft should be able to install spyware on your hard drive that monitors all the software you have installed, whether all your MP3s are legally ripped or downloaded, and tracks your every click online--unless you find the small print that says you can request to be put on the please don't f*ck me, bill, list.

      Wait, that's WinXP, but there's no such opt-out option.

      My point is that a remove list does not cut it. A small database containing the email addresses of all those who are willing to pay for and receive spam should be consulted by spammers first. If they insist on sending unsolicited email, they should be fined enough that it no longer is a profitable pursuit, however much the fine has to be.

  • Within the midst of the world out there, there's a subworld. Communications developing to a point that I can hit on a girl in Indiana from Vancouver Canada through that simple "uh-oh" sound that we've all grown to despise and eventually thalamus out of our minds. My friend was convinced she was going to go on a trip to Holland to meet this guy she met over AIM.

    And it goes on.

    In the meantime, governments are trying to make the world more comfortable for... well... themselves... without even understanding what's going on.

    The ramshackleness (is that a word?) of the world almost resembling the Austro-Hungarian empire prior to World War I is being manipulated by the people with access to this technology to transcend borders. Pornography of 14-year olds is illegal... except in the old Soviet republic of Fookerplakistani (apologies to Austin Powers)...

    So it's possible, no matter where you are, to have access to pictures of naked 14-year-old Fookerplakistinians.

    This is another attempt of them trying to regulate this borderless world. It's not bloody possible. 50% of the spam mail I get is in some foreign language that is neither french nor english, which suggests to me that it's from outside of Canada, and thusly any regulation the Canadian government will try to do will be in vain because it'll probably cut down on about 2% of my spam mail.

    They're slowly trying to work their way into the internet, between Gore "fathering" the internet and the crackdowns on filesharing (I still say that Napster getting shut down was the greatest thing to happen to MP3s since WinAmp...) are becoming more and more regimented (Even audiogalaxy has filters now. Damnit).

    So, I guess the point I'm getting at is that this is going to be a slow process because they're just not going to understand that it's a futile move on their part and that the more they try to regulate, the more loopholes the l33t h4x0rz and bored computer geeks will find. But they'll bury their heads in the sand and say that they've won the war on "indecent internet usage" or something like that simply because they've instated a sieve.

  • Pay per Email (Score:4, Interesting)

    by janolder ( 536297 ) on Saturday December 08, 2001 @12:12AM (#2674794) Homepage
    In the end, the only thing that will work is a pay per email system. As previous posters have pointed out, with 150+ countries having email - one single country that doesn't sign off on an international SPAM law will be sufficient to make all SPAM laws moot.

    If I could set up my email system in such a way that it will only receive email after receiving notification from paypal that an amount X has been transferred to me, I would cease to receive spam overnight. My personal threshold would be 25 cents - less than a stamp but enough to be noticed. This would deter spammers, but not keep entities with a reasonable expectiation that I want the mail from emailing me. It might even deter those pesky friends that keep sending me copies of jokes that were already old when I was still young.

    Between friends engaging in conversation, the amounts paid would balance out. But in the case of one way communication, I'd get paid a bit for the time I spend looking at my emails.

    Obviously, this can be implemented with reasonable effort pretty quickly. There are some minor details to deal with, nothing traumatic though: The sender would have to be able to determine what the going receiving rate of the recipient is. There needs to be a functional and pervasive micropayment system (paypal). Mail programs would need to be updated to deal with the added protocols.

    I find it amusing how politicians still think they can regulate the Internet by way of stroke of pen. They'll have to learn the hard way. Sadly, we'll have to suffer in the meantime.

    • And what would happen to listservs???

      > Obviously, this can be implemented with reasonable effort pretty quickly.

      Do you have a clue how SMTP works? Doing something like this would drastically change the way everything is done! You have to modify mail clients and mail servers! ALL of them!

      *Maybe* some kind of variation would be do-able -- like, you could set different payment threshholds for different (known) senders. Like, listservs and friends would be nothing. But it still seems like a bad idea.

      I think the only thing that has any hope of working are laws, unfortunately. Just banning the obfuscation of sender info would go a LONG way. Also ban the selling of "harvested" e-mail addresses that would solely be used for spam, and possibly ban the act of harvesting itself.
      • Do you have a clue how SMTP works?

        Oddly enough, I do - quite intimately. :-)

        Doing something like this would drastically change the way everything is done! You have to modify mail clients and mail servers! ALL of them!

        Not all of them. The only software that would need to be modified is my mail server and the mail clients of people that want to send me email.

        The cool thing is that this could be a gradual process. First a few people that are fed up with SPAM (like myself) but only have a handful of friends that send them email would convert to this new system. Perhaps this select group of people would even have two email addresses for a while. Over time, more and more users would force their ISPs to support this new standard to be free of spam. Mail clients would gradually be upgraded as users want to communicate with a growing community of spam free friends.

        Eventually, as software becomes available, everybody converts as it is so much nicer to be spam free. I'm envisioning this as a rather landslide-like process in the end.

        Look at what hard to enforce laws do - usually nothing at all. Examples: prostitution, drugs, alcohol (prohibition). If you want to change something, you have to either be able to enforce the law effectively or come up with an incentive system that is self-enforcing by using man's basic nature against him (or to his benefit [cf capitalism]).

        I think the only thing that has any hope of working are laws, unfortunately. Just banning the obfuscation of sender info would go a LONG way.

        As I'm sure time will prove, this won't do anything at all. The fraudulent-to-begin-with spammers (most of them, I'd wager) will ignore such a law. The others will move their operations to another country or will be replaced by entities in other countries. Keep in mind that spammers, by definition, are rude, selfish people oblivious to the needs of others.

        • ok, I was thinking at first you were going to impose this on everyone at once!

          True, laws would have limited effect if there were countries that didn't have such laws, but still, even if the mail was SENT from overseas, most of the crooks that actually COLLECT the money will have to be in the USA. International orders can get hairy. Not that it can't be done of course.... And even if you just shut down the ones actually IN the USA and other complying countries it would be worth something.

          But why would you charge your friends to send you mail? I know, you said it would even out, but I don't think people would like that too much. And your 25 cents seems pretty steep. Even 5 cents would deter spammers, as that would add up quickly.

          Then, again, there's listservs. We certainly don't want to ban those!
    • As previous posters have pointed out, with 150+ countries having email - one single country that doesn't sign off on an international SPAM law will be sufficient to make all SPAM laws moot.

      Actually, it's NOT moot. SPAM exists because there's money behind it. Even if the spam is coming from Israel, if the product is US based, that company should be held liable. If this was the case, the amount of SPAM would drop significantly. If the EU bans SPAM, it will make an even bigger impact. I'd be happy to go back to the days of 1 - 2 SPAM's a week instead of 30-40.

    • Bill Gates's Prediction (Score:4, Interesting)

      by wirefarm ( 18470 ) <jim@NOsPAm.mmdc.net> on Saturday December 08, 2001 @02:08AM (#2674993) Homepage
      Bill Gates laid out that very same thought in "The Road Ahead" a few years back.
      Interesting idea, but doubtful to work with the current system in any way. (You really want to have to declare all of those micropayments on your 1040?)

      Personally, I think some kind of pre-authorization scheme is better than a pay system - remember, this has to work in third world countries, too.

      Brad Templeton has a neat system in place that is not too difficult to use at all. If you send him an email, you get the following:

      I apologize, but this address gets a lot of junk E-mail (spam). Since my
      "secretary" (Viking) has not seen your address before, you need to send
      a simple confirmation to get on my good-list.

      Your message on:
      [subject removed for slashdot]
      is being held. If it is not a "spam" (see below), just send a reply,
      any reply, to this message. Your held mail will be delivered to me
      immediately and all future mail from you will go through directly.

      OK - there goes 99% of your spam.
      If spammers figure a way to reply, add a question and answer feature:

      Your message on:
      [subject removed for slashdot]
      is being held. If it is not a "spam" (see below),
      You must answer the following question:
      What is the Airspeed Velocity of an Unladen Swallow?


      You could make the questions progressively tougher ,to filter out morons, too. ;-)

      Procmail could handle the rest of the mail, too, (if it weren't so damn hard to write recipes for. Yes, I know about the perl mail filters - I'm looking into them now.)

      Imagine a procmail-type system that could strip attatchments and process them:
      • PDFs go through pdf2txt and summarized.
      • Word docs could get piped through msdoc2txt (If it only existed!).
      • Html mail goes through lynx -dump. (No need to complain to the less-clueful that you don't want their 'pretty' mails.)
      • Web bugs are dropped. Same for Javascript and iframes.
      • Images are relocated to your own server.
      • Viral attachments get logged and further mail refused, user slapped, whatever...
      • Bounce messages that you don't want.
      • Filter text to make it work-friendly: s/sh$t/poo-poo/g
      • Filter text from certain people to make it more interesting: s/Stop stalking me/I love you/g

      Since I get a lot of mail in Japanese, I could choose to detect DBCS text and run it through babelfish before I read it.
      Most of these things could be and are being done. I bet there would be a market for a prewritten package customizable through a web interface. I would buy it.

      What you do with incoming mail is a very personal decision - some people *like* mails that you and I would consider spam. There are always exceptions to the rules:
      What happens when your mail filter blindly drops a mail from your wife telling that the baby just ate the Copier Toner or your housemate writes to tell you that a group of Real Naked Coeds are waiting in your room - get home quick! OK, neither of those situations are likely to occur, but you get the idea...

      Cheers,
      Jim in Tokyo
      • Dan J. Bernstein has a neat system similar to Brad Templeton's, although with a twist. It reads:

        If you reply to this notice, you are
        1. acknowledging that Professor Bernstein does not want to receive bulk mail;
        2. confirming that your message is not part of a bulk mailing; and
        3. agreeing to pay Professor Bernstein $250 if your message is part of a bulk mailing.

        :-)

      • If you have your own mail server running postfix, qmail or exim, then TMDA [libertine.org] will perform this service for you (the reply-to-mail-through policy).

        For everyone else, SpamCop [spamcop.net] does a similar job.

    • Re:Pay per Email (Score:1, Interesting)

      by Kvasio ( 127200 )
      That's not the case. If you were right, I wouldn't get any SMS spam. I get them more or less regulary despite that sending them costs bulk sender about $0.02 from most european operators.

      Besides - your pricing is too low for some spammers, and too much for the majority of people in poorly developed countries. I don't see you spending 1/10th of your wage (unless you're a weirdo) for internet access anyway, and most people using net in transition economies have to.
      In poorly-developed countries in Africa this would have even greater impact.


      EU has possibility to do something effective. It can force all european companies ( _AND_ their
      dependant susidiaries abroad      ) to behave in particular way; what's more - it can influence
      at least other OECD countries to do the same ... and getting rid of those american-believing-that-spam-works-although-they-s ay-it-does-not businesses would reduce spam in 70-90%. Without them chineese guys won't have demand and after while would stop this.


      Personally I have set on my SMTP server declining all mails from *.cn, *.msn, *aol.com domains, as I have complety no frients there and donnot expect anything besides spam from them.

    • one single country that doesn't sign off on an international SPAM law will be sufficient to make all SPAM laws moot.

      No, it won't. Joe Schmoe, who payed for a little spam server and a connection in his little home in Indiana isn't gonna relocate to China, or buy/rent a spam-server there. At least, not as many Joe Schmoes will. I think a U.S. spam law isn't enough, but it sure would be a help.

    • Haven't we learned from Napster and Divx? Once people have a taste for *FREE* they will never ever want to pay for it again. And one thing we all should know too, is that when it comes to computers, NOTHING can prevent us from bypassing security measures.

      If worse comes to worst, people will just develop their own version of a network and grow that into another internet. The paid-for-email one will die off rather quickly.
    • A better system would just be to block all mails not signed with GPG/PGP with a key which you have previously accepted, and for all the rest of the mails just send a reply stating the myst first send a signed message (but signed with an unaproved key) with the subject "I want to send you e-mail" (or something like that), except those with such a subject-line, which would be put in a special mail folder, for you to check as you like... Of course, mailprograms would then have to facilitate encryption... You could even do this without signing, and just match on aproved adresses instaed...

    • As previous posters have pointed out, with 150+ countries having email - one single country that doesn't sign off on an international SPAM law will be sufficient to make all SPAM laws moot.

      No it will not! The rest of the world will just block that country completely, so they have to make their choice: Either adopt good laws or rot in their own spam hole without being able to communicate with the rest of the world. I think they would get it pretty fast if that happened.

      If the US adopted some good laws, I think a lot of people would start blocking a few countries which would then get their eyes opened (Argentina is second on my list of spam countries, after the US).

      No legislation would remove spam entirely (as most total solutions requires totalitarian regimes), but if I got one spam a month as opposed to 10 a day, I would say the problem was solved.

  • would have to have an aircraft carrier to enforce it. There are, however, tech solutions *other* than black lists that work with little or no undesirable side effects: spamgourmet.com [spamgourmet.com], for instance.
  • I dunno, I feel as though, while spam is an annoyance, placing a block on how information can be disseminated (sic?) is wrong. And where do you draw the line? By that measure, we should have placed limits on telemarketers long ago. On the other hand, if someone were to go spray paint an advertisement on the side of a bus, it would be illegal, as you would be damaging the bus system (much like how if you send out spam, you are placing a load, and therefore costing SOMEONE money, on a mail server somewhere). So there are precedents both ways.

  • Enforced how? (Score:2, Insightful)

    by Ian the Terrible ( 11944 )
    The article doesn't have much meat to it. Boiled down, it says "The Council of Ministers think unsolicited email and SMS messages should be legislated against. Two weeks ago, European Parliament voted against a ban on spam".

    Or, more briefly:
    Council: Spam bad. Anti-spam laws good.
    Parliament: We disagree.

    I wish something had been said about how the Council plans to enforce anti-spam laws. I live in Washington (US), where the state government passed anti-spam laws several years ago.

    I still get spam. Anti-spam legislation is well and good, but it doesn't seem to work.

    If you outlaw mass-mailers, only outlaws will mass-mail. Or something like that.
  • Don't try to regulate spam as long as the agree to the following conditions:

    1) the Must use @home service or
    2) can only use 300 baud modems connected to pay phones outside a busy intersection.
    3) must use win 3.X and trumpet winsock.
    4) they must have a reply phone, fax and email address and 666 or spam tattooed on their forheads (they get to choose which...same same)

    Then and only then can they avoid legislation.

    Ought to help take a byte out of crime.

  • Spam == Terrorism? (Score:2, Funny)

    by Anonymous Coward
    "They also are agreeing to allow leeway for law enforcement to access logs of e-mail and telephone traffic."


    And in other news, the USA has approved a measure under which spammers will be execu^H^H^H^H^Htried in secret military tribunals ;)

  • Just ban harvesting!!! (Score:3, Interesting)

    by Micah ( 278 ) on Saturday December 08, 2001 @12:52AM (#2674871) Homepage Journal
    This may be one of the best legal solutions. Simply ban the "harvesting" of e-mail addresses from web pages and newsgroups and/or the selling of those addresses. Obviously, those things have no legitimate use, and are used only to send me crap that I don't want.

    It would also be easy to catch people to prosecute them. Set up a web page that, when it's hit, generates an e-mail address, and logs that address along with the IP address and timestamp of when and from where that page was requested. When an e-mail comes to one of those addresses, get a little help from the ISP and you're well on your way to finding out who did it! Not just who sent it, but the scum that harvested the address!

    Those people are the worst of all Internet citizens. If I was alone in a room with an e-mail harvester, and I had a baseball bat in my hand, it wouldn't be pretty.

    That and banning ANY sender info or header forgery, require a valid mail or phone AND e-mail contact in all commercial e-mail, and I think the spam problem will be pretty much done. You might still get a few UCEs, but not the sheer quantity of stupid and annoying ones we get now.
    • Just ban harvesting

      That's a pretty hard thing to define though.
      You can't leave it broad (email addresses can't be read automatically from the web and stored in a database) because that will catch out google.
      And you can't bring intent into it (email addresses can't be read automatically from the web and stored in a database with the intent to use them to mail crap to people) because the harvester itself doesn't have any intent and the person running the harvester may not have the intent to use the addresses for spamming; he may sell them to a spammer.
      And it's hard to bring the human factor into it (you may not store an address from the web in a database) because that makes it illegal to someone to store my address in their mail client's address book
      The more you narrow it down, the more ways around it you leave - it seems easier to legislate against the act that is causing the damage - the actual sending of the mail.

      Your webpage->email address idea is a good one though for helping identifying the spammers
      • hmm, you might be right, but I *think* with a bit of creativity, a reasonable definition of harvesting can be determined.

        What first comes to mind would be to have licenses or permits for people that are permitted to spider the web storing addresses, which would permit Google etc to get one, but admittedly that doesn't sound very palettable. Just a brainstorm.

        Perhaps it's best simply to ban SELLING of such lists. I think a reasonable definition of that could be come up with easily. "The selling of any list of e-mail addresses obtained from 'spidering' web sites or newsgroups where neither party has any preexisting business relationship with the majority of the people listed" or something like that.
    • That and banning ANY sender info or header forgery, require a valid mail or phone AND e-mail contact in all commercial e-mail, and I think the spam problem will be pretty much done.


      Banning header "forgery" is a very bad idea, if you mean that (as people usually do) to indicate making the email appear as if it came from someone other than the actual sender. [You may not have meant it so broadly, but a lot of people do, so I feel justified in pointing a few things out for at least their benefit, so forgive me for taking this opportunity to make a general rant about the issue.]

      Note that RFC 822 [ietf.org] explicitly allows the From: header to be something other than the actual sender of the message (though it does require a Sender: header, but MUAs tend not to display that). It's easy to "forge" From: addresses because email was designed with this "forgery" in mind. Note also that because of Received: headers, it's actually difficult to mask the message's true origins. It's just that most people don't know about headers, so they focus on the From: line.

      RFC 822 gives several examples of how this feature of email can be used, but here are a couple from my daily life:

      1) I am a sysadmin at a rather large organization. I often find the need, when acting in an official capacity, to send email to users as "manager" or "postmaster" or "security" or as some other hat that I wear. This makes people notice the email, marks it as a formal note, allows the other admins to deal with responses to the mail, and has a number of other benefits. For a variety of reasons, it would be rather unprofessional for me to send out such email as myself. (Should the tens of thousands of users we support have to keep track of the staff changes in the our department?)

      2) On the side, I do hosting for a number of smaller organizations. Sometimes the people who run these organizations feel the need to send out an email in an official capacity. In this case, they often send the mail with a From: address of something like info@foo.org, and the message originates on a totally different network than the one on which the foo.org machines live. Should the senders be forced to log into the foo.org machines as the "info" user and run mutt or maix? It's much better for them to be able to use their preferred MUA and their ISP's MTA. [This is why I get worried when I hear about ISPs requiring certain From: addresses.] Also, the people who send the message are not always the ones who answer mail to info@foo.org. Should organizations be forced to structure themselves around the requirements of email?

      That's just my personal experience -- there are lots of other cases, I am sure.

      Keep in mind that email was in large part modelled after the US postal system. It's interesting to note that return addresses are not always required [usps.gov] by the USPS (think about post cards).

      That said, I do think that some sort of valid return contact information is important (and I do hate unsolicited {mail,email,faxes,phone calls}). We should, however, be careful when recommending that certain things be outlawed -- just because we can not see a legitimate use of something does not mean that such a use does not exist and that the people engaging in that use should be punished for the bad behavior of others.

      <offtopic rant>
      It seems like this issue arises a lot on slashdot, and among the newbies I talk to. People tend to bash large, highly featureful packages or protocols (e.g. sendmail and X11) because they think that the particular ways they use them apply to all other cases. It's a natural tendency, I suppose, but sometimes I feel like I should wear a button reading "that doesn't scale" or "what about the corner cases" or something similar when talking to junior sysadmins.
      </offtopic rant>
      • ok, you're right. Then there are cases where people would legitimately want to be annonymous when asking for help or something. But is there any legitimate use for forged headers when trying to SELL something? You could ban the combo of forged headers and solicitations.

  • hypocrites (Score:1, Interesting)

    by Anonymous Coward
    If the government had those sort of powers to fight terrorism you'd all be up in arms, but if it's to fight spam you're all for it.
  • bitch, bitch, bitch.

    Everyday I get snailmail spam. It's become so ubiquitous that I don't even complain anymore. But really it's worse than SPAM. It least you can just delete unsolicited email.. with unsolicited postal mail they waste paper. Why don't governments take an active role in emliminating waste POSTAL mail? SPAM is annoying, but at the end of the day, it's just wasted bits, not wasted natural resources..

    god, I feel like such a hippy for complaining about this... I need to get back into floursecent lighting to regain my apathy and cynicism.

  • Self help is more effective (slightly off topic) (Score:2, Informative)

    by Anonymous Coward
    Some replies have already indicated how legislation in one jurisdiction may not be very effective in the jurisdiction-less world of the 'net.

    I very rarely receive spam these days. This is my self-help tactic:

    1. buy a domain name from a registrar that offers email aliases (this is inexpensive, 12euros from gandi.net, or US$15 from a few others). (i use gandi.net for registration and zoneedit.com for dns.)

    2. set up an email address to forward to your normal ISP, or hotmail or whatever account. only give this address to trusted people.

    3. set up a temporary spam email address (eg. temp1@yourdomain.com) and also forward it to your normal ISP/hotmail account. this is your 'public' address for web sites that require one. when you start getting spam, simply change it to temp2@yourdomain.com. no more spam.

    at one stage i had about 10 different addresses all forwarding to my ISP account - it's interesting to see how and where they get around. i used one in usenet and one for web sites - the usenet one seemed to generate more spam.

    another advantage is that you can keep the same 'main' address when you switch ISP or employer.

    make sure you never give out your real ISP address.

    for US$10-15 per year i have found this to be a very cheap and very effective spam-busting solution. it's worth registering a domain just for the control over email addresses. the ability to simply 'kill' the email address that's getting the spam is great.
  • If only the governments of the world didn't have such a stringent, screwy obsession with "cyber crime legislation." Rather than whining and lobbying to our jurisdictional nannies to do something about spam, the more clueful private citizens could harass, berate and take action against spammers better, using less white-hat tactics than are required right now.

    When we were growing up, absolutely no good ever came from telling your mom to beat up the bully's mom, so why are we telling our governments to beat up spammers and soft-line governments all the time?

  • Spam-Vote Button (Score:4, Interesting)

    by QuickFox ( 311231 ) on Saturday December 08, 2001 @02:53AM (#2675094)
    Mail clients should have a spam-vote button, a button that lets you vote for blacklisting the sender of the message you are just viewing.

    If you press the button you get a warning, explaining what you're about to do. If you accept, a message including all the headers of the spam mail is created automatically and sent to a spam-vote server at your e-mail service provider. This vote server verifies that the vote comes from you, and then, possibly after some processing, sends your vote to one or more blacklisting services chosen by your e-mail service provider.

    If there are just a few votes to blacklist a particular sender it's considered a mistake and no blacklisting occurs. The sender is blacklisted only if the number of votes is large. If a provider has a very large number of blacklisted senders, that provider may be blacklisted.

    This would give technically clueless users a say in the matter. It would let clueless users send proper spam complaints, complete with all the headers. And it would allow people to stem the flood without revealing their e-mail address to fake opt-out lists that just increase the spamming.

    When you press the spam-vote button, the mail client not only sends the spam vote. It also puts the sender in the client's own list of blocked senders, and removes all the messages that came from that sender. You can change your mind and remove the blocking, so you can receive messages from that sender again. Then the mail client creates another automatic message revoking the blacklist vote.

    This way even the clueless will see what happens. A clueless user can't just keep sending a lot of blacklisting votes by mistake. Mistakes have consequences that have to be rectified.

    At the server side, the system can be refined and improved over time. For instance, the voting services should count percentages rather than absolute numbers. They might also keep karma points and reputation scores. They might use collaborative filtering [vub.ac.be]. Lots of different refinements are possible. Hopefully there would be several different services trying different strategies so the system evolves.

    Users can then try different e-mail service providers with different spam-vote and spam-block policies. Probably many providers would let users choose among several alternatives. Tastes differ very much in this matter. You try different alternatives and see what works best for you.

    Give a man a fish and you have fed him for one day. Teach him how to fish and he'll eat for a lifetime. Unfortunately, he'll call you a miser for not giving him your fish.
    • Mail clients should have a spam-vote button, a button that lets you vote for blacklisting the sender of the message you are just viewing.

      Mine does. It's called "Spam Deputy". Works a treat. Add-in for Outlook 2000, standalone program for Outlook Express, Netscape Messenger, Eudora and other mail clients. Check out the details at the Spam Deputy site [home.net].
  • I work for a company that has offices in both the US and England. I get about 50 spams/day on my work mail account. I wonder if I could get our IT department to move our mail server to the other side of the pond, and would that provide legal leverage to nuke these offspring-of-unmarried-syphillic-camels?

Slashdot Top Deals

Professional wrestling: ballet for the common man.

Close