Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Spam United States

U.S. Spam Law to Take Effect Jan. 1 573

Posted by michael
from the 2004-becomes-year-of-the-spam dept.
We lead with news that the U.S. 'anti'-spam law, written largely by the Direct Marketing Association, will enter into effect on January 1. The bill preempts existing state laws which are tougher (states' rights anyone?), so for many citizens, this is purely a pro-spam law. The FTC is thinking about bounty hunters to enforce the new law (which you can and probably should read for yourself).
This discussion has been archived. No new comments can be posted.

U.S. Spam Law to Take Effect Jan. 1

Comments Filter:
  • by shakamojo (518620) * on Tuesday December 16, 2003 @03:31PM (#7738425)
    The problem is that our current email system is flawed... one of the best solutions (or actually work-arounds) for the current protocol is obvious, and already being used by several major ISPs... opt-in for ALL email. I know a few people who do this (their server rejects email from all senders except those on an approved list) and it works very well for them, but the average Joe wants both convenience AND security for their email, so the hassle of having to "approve" folks is not worth it (apparently it's easier to weed the 30 or 40 legit emails out of the 100's of spam messages)

    Face it, email, in its current incarnation, is inherently flawed. Until we actually change the way we implement and use email (perhaps even changing protocols) we will continue to have spam problems. Even Britain's "opt-in" version of anti-spam legislation has done little to curb the problem. The US "opt-out" version is even worse! When a prominent spammer is quoted [spamhaus.org] as saying this 'anti'-spam legislation "makes my day", you KNOW it's a bad law!

    I think that the problem needs to be tackled from a technical standpoint, rather than a legal one. If we were able to improve the system, legislation like this wouldn't be necessary!
    • Honestly, you are thinking too abstractly.

      To just change the email system around isn't feasable. The sheer thinking of a WORLDWIDE change to the entire email system is actually quite propsterous.

      You have to make due with what you have, not try to change everything around. By changing everything around, you are avoiding the old problems in lieu of ones you haven't thought about yet.

      I was going to go on, but your comment seems a bit too much like a troll for me to continue on.
      • by shakamojo (518620) * on Tuesday December 16, 2003 @03:51PM (#7738684)
        "To just change the email system around isn't feasable."

        If this were true than everyone would still be using CTSS Mail circa 1965. I'm not saying that we take on the "preposterous" job of implementing a worldwide change overnight, I'm merely suggesting that some thought be put into how we move forward.

        If you think that SMTP will still be "de rigour" thirty years from now, you're in for a surprise, by then it will have gone the way of CTSS Mail, Autodin, Multics, the ARPANET, etc... things change!
      • by RedHat Rocky (94208) on Tuesday December 16, 2003 @04:10PM (#7738944)
        Oh, I suppose the United States should have shelved the whole of idea of a free nation and just stayed an English Colony?

        Please pull your head out of the sand. Thoughtful, coordinated change is good. There is certainly room in SMTP for improvement, all we need do is reach a consensus on what to do and then get it done. There are several proposals in the works, such as SPF, MS DNS records (or RMX), which all do the same thing: provide a way for a single domain to say "My mail is sent from such and such IP". An excellent idea, fairly easy to implement and solves the real problem: fraudulent mail headers.
      • by pbox (146337)
        To just change the email system around isn't feasable.

        1. New RFC
        2. Mozilla Mail
        3. Microsoft Outlook and OE
        4. Rest follows...

        If 3. can be achieved, the rest is trivial. 6-10 months all it would take. Email can be kept for the mean time...

        This is far cry from infeasible...
      • by phorm (591458)
        The sheer thinking of a WORLDWIDE change to the entire email system is actually quite propsterous.

        No, it's not. Thinking of an immediate change is unfeasible. Thinking of a change over a period of time (new clients send using a new SMTP revision) is not at all difficult to imagine, somebody just has to start that ball rolling.

        All it really requires to differentiate is a call and reply after the EHLO/HELO similar to:
        SUPPORT2
        Server supports SMTP 2.0

        Continue with the old way for outdated mail servers
    • by Shimmer (3036) <brianberns@gmail.com> on Tuesday December 16, 2003 @03:40PM (#7738556) Homepage Journal
      Opt-in is a lousy idea. Don't you want to be able to receive legitimate e-mail from people you haven't met yet?

      Perhaps someone wants to write you a note about your web site. Or maybe someone read an article that you wrote and would like to discuss it. Or maybe an old friend from high school wants to send you an e-mail out of the blue.

      If we shut off the possibility of such introductions, the Internet will become an even drier place than it is now.
      • Agreed.

        It makes that email address on your resume pretty worthless quick...
      • Quarantine Digests (Score:3, Insightful)

        by delcielo (217760)
        Like the anti-spam packages currently use.

        Use opt-in, and if you get a message from somebody that isn't on the list, it gets quarantined. Once a day (or however often) you get a digest that lists all the quarantined messages, their senders, the subjects. Next to each list item is a link that allows you to release/view the quarantined mail.

        • by mjh (57755) <mark@noSpAM.hornclan.com> on Tuesday December 16, 2003 @04:55PM (#7739502) Homepage Journal
          Use opt-in, and if you get a message from somebody that isn't on the list, it gets quarantined. Once a day (or however often) you get a digest that lists all the quarantined messages, their senders, the subjects. Next to each list item is a link that allows you to release/view the quarantined mail.
          As someone how uses a Challenge/Response (C/R) system, I'm not sure I understand what the point would be of getting a list of quarantined email. How is scanning that list and manually looking at the good things substantially different than scanning your list of emails and only reading the ones that don't look like spam?

          For a quarantine system to actually improve the spam problem, you need some way of allowing legitimate email to get through without you having to check the list. In the case of C/R only people with legitimate email addresses who respond to your challenge get out of quarantine. Since 99.9% of spam uses fake addresses, C/R is incredibly effective.

          Personally, I think that we need two additional things in order to start having effective spam prevention and enforcement:

          1. A socially accepted introduction mechanism which allows us to introduce ourselves to each other only if we have real, working email addresses. (C/R is one way to do this.)
          2. A legal framework for enforcing spam restrictions on anyone who continues to spam even though they have a real, working email address.
          I like C/R. I think it's a good idea. I wish that everyone would get accustomed to it. Then everyone (including businesses) would be able to use it. Right now businesses don't like telling their customers that their email hasn't gotten through yet. That's a good way to lose a customer. But if everyone knew that this was the way that we had to operate, then even businesses could implement it. If everyone did this, then the cost of spamming would dramatically increase because every spammer would have to have a working email address. And if they had a working email address, then they'd have to deal with the bandwidth to handle all of the challenges (and bounces).

          But even then I think that spammers will continue to spam even from working email addresses. Which is where I think a legal framework comes in. If everyone uses C/R, and everyone has to have a real working email address in order to get through, then everyone who spams is trackable and enforcement can have some meaning.

          $.02

      • Webs of trust... (Score:5, Interesting)

        by Saeger (456549) <farrellj@@@gmail...com> on Tuesday December 16, 2003 @04:32PM (#7739229) Homepage
        Don't you want to be able to receive legitimate e-mail from people you haven't met yet?

        I'd love to be contacted by strangers, depending on the distributed reputation of the person or machine contacting me.

        If "James T. Kirk" sends me a message, and the fringes of my weighted Six Degrees of Separation [kuro5hin.org] net have never seen him before (newly generated cert for spam), or have seen him but say that he's a spammer (or maybe just an asshole in general), then I'll just ignore him.

        If "Juicy Jane" sends me a message, and a few friends of friends trust her, even just a little bit, I'll give her the time of day.

        --

      • web-forms (Score:3, Interesting)

        by KalvinB (205500)
        I no longer have my e-mail address posted on my web-site because I was getting so much spam. I use a PHP SMTP form instead which sends me e-mails from one of my accounts to another of my accounts which bypasses all filters except content. If they want me to e-mail them back they can include their e-mail address.

        E-mail addresses change constantly anyway. Give people you don't know your domain and just have a web-form. If you want to e-mail them, add them to your white-list. It's easier to remember a do
    • by TyrranzzX (617713) on Tuesday December 16, 2003 @03:56PM (#7738757) Journal
      Our current e-mail system isn't flawed. It does it's job nicely; sending and receiving electronic e-mail. The problem is that it does this too well and without prejudice. So one or two assmunchers can fudge the entire thing up by abusing it.

      The protocol can be changed, but at the end of the day I think we'll find e-mail has the same flaws as snailmail. This is why we call it an arms race; 2 sides continueously getting a bigger gun until one eventually blows the other out of the water and wins.

      I may have to wade through 50 fucking advertisements from goddamn marketers, and lord knows those aren't minutes of time I'll get back and if I could get my hands on these scum I'd drop the hammer in a second. But at the end of the day, at least I get my e-mail unhindred, unfiltered, uncensored, and most importantly, unread. If I weren't so lazy, I'd setup mozilla's e-mail proggie with a bayesian filter or something else. There ARE ways to conquer advertisers, and the people already have weapons like the ones I mentioned to combat it that are far more powerful than the advertisers can think up.

      My only worry at this point is how the US goverment is going to fsck up our free speech rights on the net. We've already got things like carnavore and echelon that are probably being used, I'v got a poster on my wall showing most traffic going through alternet and I know there's proof of the goverment putting taps on major lines. *gets shady eyed*
    • by ajs (35943)
      I want to get email that someone sends me, even if I don't know them and even if my mail system might (for whatever reason) not be able to reach them to confirm the message. If that is not possible, I can think of a handful of cases where I would have been personally set back in terms of money or job opportunities.

      Mail as it exists today has all of the components for developing a reputation based infrastructure, but so far, the pain of spam has not been sufficient to make everyone get behind the move to su
  • Hm. Wonder if Boba Fett has an IMAP client in all that fancy armor... :)

    -JT
    • Disintigrations! They're useful to me dead!

      Oh please oh please oh please
    • net connection to that Sarlacc. The three sarlaccs in my backyard are splitting a T3, but remember, connectivity is rather spotty on Tatooine ever since Jabba signed that deal with Covad.
    • Strangely enough, this is starting to become strangely similar to my idea for a Spammer hunting license. you license the spammers so that you can track them down. bounty hunters to trackthe illegals volume fee for spam similar to us postage to pay the spammers and generate income from the internate. extra bonus: orange ear tags for spammers so they can be identified in public
  • For Free... (Score:4, Funny)

    by herrvinny (698679) on Tuesday December 16, 2003 @03:31PM (#7738428)
    Hell, I'll work as a bounty hunter for free, as long as I get to bash the spammer in the head... That's my "payment" for my "work".
  • The law was necessary and inevitable. Not doing anything is not an option when the US is the second major source of criminal spam scams. Do you want the US business reputation to sink to that of Nigeria?
    • Do you want the US business reputation to sink to that of Nigeria?

      Would people please stop emailing me reminders about Enron? How the heck did you get my new email address anyway? Don't you people have a life?

    • by Anonymous Coward
      Do you want the US business reputation to sink to that of Nigeria?

      Uh...apparently you don't read /. much. With SCO, Microsoft, Halliburton and others the question should be, "Don't you wish the US business reputation could rise to the level of Nigeria?"
  • by October_30th (531777) on Tuesday December 16, 2003 @03:32PM (#7738446) Homepage Journal
    Isn't even a weak federal law bettern than a strong local law?

    The federal law is general - you can't escape it across the state borders?

    • No, it isn't (Score:5, Insightful)

      by burgburgburg (574866) <splisken06@noSpAM.email.com> on Tuesday December 16, 2003 @03:49PM (#7738654)
      The weak Federal law was specifically advanced/signed to supercede and eliminate the tough state laws. The spam industry (and those who benefit from them) feared aggresive state level prosecutions (think what Eliot Spitzer could do to them). They got a "law" that says it is doing something, doesn't actually stop anything, and protects them from everyone who might try to stop them legally.
      • Re:No, it isn't (Score:3, Interesting)

        by cgranade (702534)
        Besides, even assuming that the law did work, who's to say that spammers can't skip the US and go live in, well, Nigeria? As long as spam makes money, there will be at least one country that invites spammers so as to boost their economy. Hence, this law, even if it had teeth, would be meaningless.
        • Re:No, it isn't (Score:5, Insightful)

          by schon (31600) on Tuesday December 16, 2003 @04:35PM (#7739264)
          assuming that the law did work, who's to say that spammers can't skip the US

          Nobody's saying they can't - people are saying they won't

          Spammers are sociopaths, like any other sociopath, they do what they do because it's the path of least resistance. They are not spamming because they believe in their rights, they are spamming because they want money, and this is the easiest way to get it.

          It's like saying, when the War On Drugs(tm) started, "what's to stop all the pot dealers from moving to Amsterdam"?

          Unlike pot dealers, spammers (by definition) can't conceal their identities/location (they have to broadcast some way to contact them, otherwise they have no way to get your money.)
          If spam truly became illegal, I think spammers would move to other, less publically visible ways to steal.
    • by Shalda (560388) on Tuesday December 16, 2003 @04:07PM (#7738903) Homepage Journal
      Isn't even a weak federal law bettern than a strong local law?

      No, definately not. Firstly, federal law should only ever trump state law when state boundries are crossed. A spammer that sends spam from Virginia to Virginia should still be held accountable to Virginia law on the subject. Secondly, the only provision in the new law that has any potential is the "do not spam registry". That won't stop the illegal spammers, but it will stop those that pretend to be legit (which for me is about 50% of my spam traffic.)

      All this law has done is kill the few useful state anti-spam laws that are on the books. Besides, it's hard to escape state laws by crossing state borders. Recently, North Carolina extradited 2 spammers to VA for fellony spamming charges.

      However, one area that can still be prosecuted at the state and local level is obscenity charges. If you can track down a porn spammer, who incorporates explicit images in their message, your local District Attorney can file charges. If the message was sent to a minor, that's usually a fellony. Yet, I'm amazed that no one is really persuing this that I've seen. Probably because it's a real pain to track down the source of messages sent over hacked machines.
  • It may go into effect on January 1, but expect spammers to treat it like April 1.
  • by loggia (309962) on Tuesday December 16, 2003 @03:34PM (#7738467)
    Yes, this is a great law. Even if spammers follow the law, you'd have to opt-out for every
    "company" spams you.

    That is going to work great. Put this one right up there with the Medicare Bill on the list of "2003 Who Cares If It Doesn't Work, We Passed It" legislation.
    • by Scrameustache (459504) on Tuesday December 16, 2003 @03:47PM (#7738633) Homepage Journal
      Even if spammers follow the law, you'd have to opt-out for every "company" [that] spams you.

      Well, at least no spammer would ever ruin their great brand recognition and close down shop only to open up again under a new name every couple weeks...

      /sarcasm

    • While it sucks, it's not so bad. Opt-out can be automated, and reporting of continued spams from opted-out spammers to the FTC could be automated as well. I bet the guys behind the excellent spam filters in Apple's mail.app (for example) could come up with a way to do that.
    • Reading the linked text of the law (yeah, I know, I know...) it looks like a "Do-Not-Spam List" will be created before July 1, 2004, similar to the national Do-Not-Call List. So you should only have to opt-out once.

      I read over most of this law, and there doesn't seem to be anything unreasonable in it. Certainly nothing the DMA would want, does anyone have any proof of the claim that they drafted it?

    • I've always been leary about OPT-OUT options on shady spam emails. On more "legitimate" advertisement spams, like maybe concert updates from a venue I bought tickets from, there is always a tag-line at the bottom that gives instructions for how to be removed from the list. I trust this to a degree and believe that it will get my email taken off of the list.

      When I get spam for "make your penis bigger and keep it up all weekend", I wouldn't trust any link they put in their email anyways. For one it could
    • by lurker412 (706164) on Tuesday December 16, 2003 @04:52PM (#7739465)
      Yes, that's why it's called the Can Spam Act. Perhaps someday it will be replaced with a Cannot Spam Act.
  • Isn't that the same organization that was formed by many spam companies to fight anti-spam companies by threatening to sue them?
    Well that's just great! Have a spam organization set the rules for the country to follow by. It's official our government is forever currupted!
  • Hmm, an anti-spam law written by the Direct Marketing Association. No, that doesn't sound like an conflict of interest to me.
  • Posted! (Score:5, Funny)

    by Aardpig (622459) on Tuesday December 16, 2003 @03:36PM (#7738490)

    From the FTC article:

    The bounty-hunter idea was promoted this year primarily by Rep. Zoe Lofgren, D-Calif., and Sen. Jon Corzine, D-N.J., who called upon Congress to allow individuals who identify and help locate spammers to receive at least 20 percent of any fines collected.

    I hereby stake my claim to the 20 percent bounty on one Flo Fox [slashdot.org], of Slidell, LA. Hands off!
  • if this is it [slashdot.org] then look:

    The bill will provide criminal penalties for violations of its provisions (up to five years behind bars), but will not allow private parties to sue spammers.

    correct me if I'm wrong.
  • Preempt state law? (Score:3, Interesting)

    by e2d2 (115622) on Tuesday December 16, 2003 @03:36PM (#7738497)
    I'm confused about how this will preempt state law. The state and federal government regularly disagree on a particular issue and have different laws in place to handle such issues (see state marijuana laws vs federal) but that has never preempted a state law or deemed a state law unenforceable. Unless of course a court determines the law is unconstitutional.

    What gives?

    • Preemption occurs when Congress chooses to "occupy the field" under consideration in areas where, ideally, a uniform national standard is needed such as telecommunications (the FCC), commerce (the FTC), and nuclear energy (NRC), to name a few. When Congress chooses to act in this way pursuant to one of its enumerated powers (the power to regulate interstate commerce is a the last-ditch catchall when they can't think of anything else), the States are "preempted" from also regulating this field. This explai
  • hotmail (Score:5, Interesting)

    by Cat_Byte (621676) on Tuesday December 16, 2003 @03:37PM (#7738499) Journal
    I have to wonder if some spammers are already backing off in anticipation of this or if hotmail did something about spam. I went from about 200/day to about 4/day as of about 3 days ago. I thought my account was messed up and had to email myself to see if it was working.

    Wouldn't it be great if that was a preview of things to come if this bill works? Yeah it's not exactly what we wanted but it does restrict them quite a bit and opens them up for legal repercussions for spam-blasting pron to teenagers. Things won't be as easy as harvesting addresses & blasting users with crap. I personally like it. If they don't have working unsubscribe mechanisms, forge headers, relay off of unsuspecting users, etc they can be prosecuted.
    • and started firewalling the worst spammers that are hitting them. Most of the big mail providers, be it for political reasons or plain incompentence, do a piss poor job of controlling spam thats incoming.
    • No kidding, I use hotwayd to get my Hotmail and when I checked it after 18 hours and there was not a single peice of mail I had to go through the web logon just to make sure hotwayd wasn't broken!
  • useless law (Score:4, Insightful)

    by thoolihan (611712) on Tuesday December 16, 2003 @03:37PM (#7738504) Homepage
    This seems like another useless law around here. As others have pointed out, off-shore spam won't change a bit from this. Also, this won't affect the most annoying spam I get, the junk email from companies that I have an account with. No matter how many times I check my privacy preferences they send me email about how I can pay my bill online.

    Technology could have solved this problem a better way. But leave it to the federal gov't to reign over another portion of our lives.
    -t
    • by fmaxwell (249001) on Tuesday December 16, 2003 @03:55PM (#7738740) Homepage Journal
      Technology could have solved this problem a better way. But leave it to the federal gov't to reign over another portion of our lives.

      BULLSHIT, BULLSHIT, BULLSHIT! I've been listening to this anti-government crap for the past 5+ years in the discussions of spam. If technology has had the ability to solve this problem, then just when the hell was it going to happen? Are you waiting for Moses to come down from the mountain with a stone tablet proclaiming that it's time for you to deploy your technological solution? Spam has been increasing at an alarming rate and, with the exception of a tiny percentage of technically savvy users, most people have no technical solution to the problem. This law doesn't prevent you from rolling out the technical solution that you've been witholding for the past few years. Go ahead. Let me know when you've gotten every ISP, business, and individual running a mail server to adopt your heretofore secret spam solution.

      It's like suggesting that we abolish laws against rape by reasoning that technology can solve that problem using chastity belts, mace, pepper spray, stun guns, and whistles.

      If something is unethical and harms innocent people, then it should be illegal. The problem with the federal law is that it doesn't do nearly enough. But I'd rather that they outlaw some spam than make it all legal. Having a legitimate return address to clog with complaints is worth something to me.
  • More on bounties (Score:5, Informative)

    by wmspringer (569211) on Tuesday December 16, 2003 @03:39PM (#7738526) Homepage Journal
    For those looking, the section on bounties is on page 19 of the pdf file: Improving Enforcement by Providing Rewards etc

    It basically says that within 9 months of the enactment of the act, the commission is to set forth a system for rewarding those who supply information about violators; the first person who supplies the required information is to recieve a reward of not less than 20% of the total civil penalty collected.

    I only scanned the file and I'm not sure how large the fines are expect to be; it does say that all property traceable to illegal spamming proceeds and all equipment used for such is forfiet.
  • "anti-spam law" (Score:5, Insightful)

    by burgburgburg (574866) <splisken06@noSpAM.email.com> on Tuesday December 16, 2003 @03:39PM (#7738534)
    Clear Skies
    No Child Left Behind
    Healthy Forests
    Patriot Act

    Doublethink doubleplusgood!

  • by frovingslosh (582462) on Tuesday December 16, 2003 @03:40PM (#7738538)
    The FTC is thinking about bounty hunters to enforce the new law (which you can and probably should read for yourself).

    As long as the term dead or alive is included, I want in!

  • not that bad. (Score:5, Insightful)

    by Lumpy (12016) on Tuesday December 16, 2003 @03:40PM (#7738542) Homepage
    (2) uses a protected computer to relay or retransmit multiple commercial electronic mail messages, with the intent to deceive or mislead recipients, or any Internet access service, as to the origin of such messages,

    (3) materially falsifies header information in multiple commercial electronic mail messages and intentionally initiates the transmission of such messages,


    It prohibits Fake headers and abusing relays and proxies. Granted, this will only start the use of throw away email addresses that are used once for sending the 20 billion pieces of spam.

    People are complaining that it's pro-spam... I see that it is a start in the right direction. 99% of the spam I get is from outside the US anyways so I expect that it will not do much to change the amount of spam out there and in that note, if mister spammer moves his spamming operation outside the country then this law has no teeth.
  • by heironymouscoward (683461) <.heironymouscoward. .at. .yahoo.com.> on Tuesday December 16, 2003 @03:40PM (#7738544) Journal
    After the war on drugs, the wars on poverty, the war on terror... no the war on spam?

    You cannot legislate away structural problems. Spam is the direct consequence of having an unprotected communications ecosystem. Communications represent a resource and spammers exploit weaknesses in protocols, interfaces, and operating systems to steal this resource from others.

    This law will simply harden the existing bonds between spammers, criminals, and virus writers. Expect the fight to escalate, and your inbox to get fuller of junk.

    Legislating against spammers will simply mean that spamming will become a criminal activity. Since some of the largest and most profitable and fastest growing businesses in the world are criminal (drugs, weapons, slavery, stolen antiques & art), what government can be so naive as to hope that this can succeed?

    There is only one answer and I've bored Slashdotters with this often enough. Understand that the Internet acts like an organic ecosystem, where parasites evolve according to basic and unalterable rules that govern all ecosystems, natural or artificial. Understand that there are also ways to combat such parasites, based on variation, mutation, and recombination. Explore and develop these techniques.
  • by PreviouslySeen (714752) on Tuesday December 16, 2003 @03:40PM (#7738545)
    "It is hard to locate spammers, and it'd be very hard without subpoena power,".

    And once you do find one (with or without the help of bounty hunters), what then? Im sure law enforcement will really care. Maybe the politicians will push for an example or two, but this will have no real impact.
  • Yeah, whatever (Score:5, Interesting)

    by Otter (3800) on Tuesday December 16, 2003 @03:41PM (#7738562) Journal
    I understand there are people for whom spam is an essentially religious issue. (Despite the fact that most of them never actually used the Internet back when ancient notions of "netiquette" were still in play, they believe the unofficial rules of 1993 are somehow divinely ordained.) And I understand that any measure that doesn't address the purity of their positions is worse than nothing.

    But most of us are just sick of getting 500 "PAR1S H1LTON S*X TAPE!!!!!" emails every day. And I'm particularly sick of the assholes forging my domain in headers, further flooding my inbox and prompting mailbombs and death threats from the aforementioned righteous and holy. If a measure bans domain forging and creates a national Do Not Spam list, I can more than live with the occasional opt-out mail from E-Bay. Sorry.

  • Opt out? (Score:5, Insightful)

    by RT Alec (608475) * <alec@s l a s h dot.chuckle.com> on Tuesday December 16, 2003 @03:41PM (#7738563) Homepage Journal

    The problem with "opt-out" is two-fold:

    • First, we have all been trained (correctly) to NEVER opt-out, since it confirms our e-mail address is valid. How do we know if a particular spam is from someone who will obey the law?
    • Second, it can often be difficult to opt-out anyway, purely from a technical standpoint. I receive e-mail addressed "To:" several addresses, including "info@", "webmaster@", etc. While I am savvy enough to reconfigure my e-mail client to send an e-mail that appears to be "From:" any of my addresses, it is a pain. Most people will not know how to do this, and many people (AOL, etc.) do not use an e-mail client that is capable of altering the sending address.

    If the law mandated that opt-out must be implemented by use of a web link (e.g. "This message was addressed to john.doe@mail.us, click the link below and you will be removed immediately"), that would be a little better. None of this detracts from the overriding issue, and that is by requiring opt-out instead of opt-in (either double opt-in or a verification link) this law essentialy legalizes, indeed encourages, spam.

  • by leoaugust (665240) <<moc.liamg> <ta> <tsuguaoel>> on Tuesday December 16, 2003 @03:45PM (#7738595) Journal

    Bush's campaign has an e-mail list totaling 6 million people, 10 times the number that Democratic presidential candidate Howard Dean has, and the Bush operation is in the middle of an unprecedented drive to register 3 million new Republican voters. Source - Washington Post [washingtonpost.com]

    Looks to me as the laws were conveniently rewritten (as the have been for the past many months) to make legit what would not have been easily defensible without the rewritten laws ....

    Maybe the CAN-SPAM law is more commercial than political. But, I am starting to believe that most politics is now commercial ... Am I one of just a few sceptics ?

  • by zwanglos (733021) on Tuesday December 16, 2003 @03:45PM (#7738601) Homepage
    Three things strike me about this law:
    1. After reading the text, it does not include the word "bulk" in any context for spam, which basically means that any single person email to another person (even if sent in good faith) could be applicable to the law if the receiver deems it "spam." I think that is a mistake.

    2. It limits statutory damages for civil violations. This is ridiculous, is it really necessary to protect the spammers, basically the most hated group of people within the net?.

    3. It still allows "spam" email from charities, religious organisations and government bodies. Now all I need is my penis enlargement emails coming to me from the church of large testicles. Seriously though, why is junk mail from churches or the even the government for that matter better than my daily breast enlargement emails?
    • I haven't read it today but I did read the whole thing a few days ago.
      1) It doesn't use the word "bulk" but it does specify numbers. I believe it was around 250.
      2) All laws making something a crime have limitations. Even littering. The limit was pretty high and enough to make Joe Blow in his basement think twice.
      3) Those types of emails aren't the problem. I've never received any of them. They're also legitimate companies. They won't send 50 million emails/day with false headers trying to sell pron
  • Cutting their necks (Score:3, Interesting)

    by mrpuffypants (444598) * <mrpuffypantsNO@SPAMgmail.com> on Tuesday December 16, 2003 @03:46PM (#7738610)
    I see this as a dangerour move for the legislators who passed the bill. If they go about trumpeting it in their re-election campaign then it could backfire HARD.

    Look, we all know that a bill on the books in even a country as influential as the US won't do any good for technical reasons.

    If the senators talk about how they're doing it for the little guy and then said little guy looks in his inbox to find just as many, if not more, penis ads then confidence in the reps could waver.

    Not only that, but I'll be that overseas spammers are smiling at this bill. Just because you clicked on an opt-out link in an email from a company based on China doesn't mean that they have to remove you from their list any more than they did before. In fact, now I'd bet that you're going to see even more spam because people in the US will be doing just that; clicking on all the opt-out links thinking that now they're protected by the new bill.

    this should be fun to watch =]
  • Recently I have started reporting my spam to the Internet Fraud Complaint Center [ifccfbi.gov] (in addition to the FTC and SpamCop). Has anyone else tried filing complaints with this agency? What have your results been?
  • This will be used to do more monitoring on citizens. The feds will be saying that they need relaxed conditions to see who is spamming.
    Sadly, even if written to stop true spam, there is no way to stop spam via government control anymore than china can stop access to all politcal web sites; ppl and companies just shift domains and IPs.
    Until the underlieing smtp protocol is changed (Yahoo's is looking interesting), there will be spam.
  • by Animats (122034) on Tuesday December 16, 2003 @03:47PM (#7738634) Homepage
    California's tough spam law is mostly preempted by the new Federal law. But not entirely. The preemption clause reads
    • This Act supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.

    So for any spam that has a forged header or a misleading subject, California's new law, with the $1000 per spam penalty, will still apply. California allows private suits in small claims court by any party. So you can haul the bozos into court. Maybe even across state lines.

    A year or two from now, we'll be rid of the chickenboners, but we'll be getting even more spam from "legitimate businesses".

  • How laws get made (Score:3, Insightful)

    by Beautyon (214567) on Tuesday December 16, 2003 @03:47PM (#7738635) Homepage
    The RIAA writes the copyright laws.

    The Direct Marketing Association writes the SPAM laws.

    The Rapists write the sex laws.

    The Breweries write the alocohol laws.

    Way to go legislators, leading the people into a safer future!
  • by handy_vandal (606174) on Tuesday December 16, 2003 @03:48PM (#7738641) Homepage Journal
    Are there enough spammers in the United States to make it worth the bounty?

    Not for long -- anti-spam bounties will drive the remaining US spammers offshore.

    Maybe we should just keep the vile stuff here at home. I think Lyndon Baines Johnson put it well when he said "Better to have the skunk inside the tent pissing out, than outside pissing in." :)

    But seriously -- no US bounty is going to affect non-US spammers. And if the bounty does actually hit US spammers where they live, expect international spammers to pick up the slack.

    "Abandon hope, all ye who enter here."

    -kgj
  • by the_skywise (189793) on Tuesday December 16, 2003 @03:53PM (#7738712)
    Email is a problem that transcends State's borders (It's an interstate problem, not an intrastate one)... hence, it's a federal issue and transcends State LAw.
  • by t0qer (230538) on Tuesday December 16, 2003 @03:55PM (#7738738) Homepage Journal
    No actually, they're not just a good idea, they're a GREAT idea.

    Unlike criminal bounty hunters, there's no violence involved. It's all intellect to intellect. Who can study and understand the most about everything involved. (Which can be everything from OS's, to protocol stacks, to network topology, to application exploits, worms viruses, daemons, services, ect.)

    But how are they going to determine bounties??? This is a tough question.

    Will it be by volume (amount of spam sent)
    Will it be by complexity? (How hard will it be to decipher what the spammer did?)
    Will it be by difficulty? (How well did the suspect cover up their tracks?)
    Or will it be by the amount of time unsolved?

    I think all of the above would make a great basis to calculate a bounty. I also think an audit trail of some type has to be established with evidence gathering, because it's not too hard to point the finger at an innocent person.

    So if you say it's ok to bounty hunt as long as you're white hacking in the "name of the law" how far will you be allowed to go with your evidence collecting before you've crossed the line into privacy invasion?

    See, that's the real conundrum with bounty hunters on the net. It's not like the days of the old west when you could hang up a picture of a guy, point and say "That's the one!" With the net there are so many complex ways to frame a person that it's unpractical to give goverment, let alone private netizens the type of evidence collecting power they would need in order to procescute people.

    So maybe it isn't such a great idea after all. Sounds more like someone trying to equate the net with some spaghetti western. What we need to do is replace the current mail system with something better (something discussed many times here)

    I'm one of those people that wouldn't screw someone over for a buck. I'm in the minority.
  • by crovira (10242) on Tuesday December 16, 2003 @04:06PM (#7738890) Homepage
    Then the issue will quickly go away.

    If the spammer's customer's have to pay the USPS or some guv'mint agency a dollar per email they send out, and maybe a day in jail per million spam emails, its cheaper and smarter to use smail mail. And most of them won't anyway.

    The best way to get rid of spamers is to squeeze their customers.
  • CAUCE's response (Score:5, Informative)

    by dmuth (14143) <doug DOT muth+slashdot AT gmail DOT com> on Tuesday December 16, 2003 @04:13PM (#7738973) Homepage Journal
    CAUCE's [cauce.org] response to the law can be read here [cauce.org].

    A copy of the final version of the law can be found here [cauce.org].

    According to CAUCE, the law was passed without any public hearings. What a shame.

  • by TheBigx00FF00 (732027) on Tuesday December 16, 2003 @04:21PM (#7739075)
    It's funny, many of those authoring "cyber" legeslation, never seem to understand the scope or technology behind the problems they attempt to solve. For example, what stops me from setting up a machine in Ethiopia and sending my important msg about erectile dysfunction, and my new miracle cream to millions of US addresses? What stops me from plucking any number of wide open .hk hosts of the network and using them to send out my spam? This "Anti-Spam" law is merely an attempt to appease he voting public, and show that our government is "doing something about the problem". The best way to get rid of spam is to target the companies using it as a means of advertising. Online money transactions have the longest paper trail and validation setup of any other consumer service online. If they're capable of receiving payments online, they're capable of being tracked down.
  • by Zed2K (313037) on Tuesday December 16, 2003 @04:26PM (#7739142)
    Why are they trying to go after the spammers and not the companies that have the products advertised by the spammers. Basically spam is just email advertisements. If a company uses that as a method then that company should be put out of business or fined heavily. As soon as the customers disappear then the spam will disappear.
  • Rover is Fido (Score:3, Interesting)

    by Doc Ruby (173196) on Tuesday December 16, 2003 @04:36PM (#7739275) Homepage Journal
    Of course the law was written by, for and of the Direct Marketing Association. Karl Rove, President Bush Junior's boss at the White House, built his career on direct marketing (junk mail). That's where he developed his high respect for the American people.
  • nil effect (Score:3, Interesting)

    by sir_cello (634395) on Tuesday December 16, 2003 @04:56PM (#7739514)

    As the director of spamhaus said on british television when asked about how the new british anti spam laws would help, he said, "well, actually, it'll stop, let me see ... 0 per cent".

    His argument was correct: basically spam will stop being sent from within jurisdictions that have anti spam laws, so the spammers will move offshore. Then you then need an international agreement - how the hell are you going to enforce anti-spam against an smtp originator from china that uses a local relay, even the US defence department can't get it right (http://www.interesting-people.org/archives/intere sting-people/200312/msg00070.html).

    Have international IPR laws have completely eliminated fake goods ? No. Will international spam laws completely eliminate spam ? No.

    There's no silver bullet. Stop your moaning to suggest that anything that's happening isn't a silver bullet.

    As the economist pointed out, the real issue is economics. Fundamentally, it costs virtually nothing for a spammer to send so much spam. The only effective way to resolve the problem is to change the economics so that a spammer incurs some cost. When I say cost, I don't actually mean monetary cost. For example, the anti-spam systems that rely upon individual tokens replies institute a resource/time cost on the sender: this kind of works on a small scale.

    I don't know what the proper solution is either; but it'll be a mix of (a) law, or psuedo-law (just like the laws we have with anti-invasitory direct marketing phone calls and junk mail), (b) technical measures.

    It looks like the ball on (a) is rolling. Sounds like the technical community needs to put some work into (b) - spam catchers / filters / etc don't seem to be the real solution, something has to alter about the way we send and receive email itself.
  • zerg (Score:5, Insightful)

    by Lord Omlette (124579) on Tuesday December 16, 2003 @05:39PM (#7739917) Homepage
    No no no! You're only supposed to talk about states' rights when a Democrat is in office! Only traitors and terrorist-sympathizers would disagree.
  • What's Your Beef? (Score:3, Insightful)

    by Rick Richardson (87058) on Tuesday December 16, 2003 @06:15PM (#7740292) Homepage
    I really don't understand why so many individuals think this is a bad law.

    I've looked the law over, and there are multiple requirements on each spam email message that will make it much easier and more reliable to filter it out as it arrives on your computer. Such as the requirement for a legitimate reply address in all spam and a physical address in a commercial spam.

    If anybody should have a beef with this law, its the ISPs. They still have to carry the spam.

    -Rick

2 pints = 1 Cavort

Working...