Excerpt: >Creating this universal opt- out list, which spammers will use to "wash" >their recipient lists, will avoid the distrust of opt-out links, along >with the need for individuals to opt out 50 times per day, every day. I don't mean to pick on the NDOL/PPI folks, since I agree with some of what they wrote below. But a "do-not-spam-me" list only works when you have trusted parties participating. Otherwise it becomes a valuable source of confirmed working email addresses (of spam-haters, true but still confirmed). It only takes one spammer -- an overseas one, perhaps? -- to gain access to it before the list is being swapped on CDROMs on the open market. Even if it's more intelligently designed, say with an interface that asks for a hash of the email address, malicious spammers could still use it to verify which of their addresses are live. In other words, for the spam-recipients who need it the most, the list will have the least utility. For the most part, spam doesn't come from legitimate Fortune 100 businesses -- it comes from people who won't follow the rules. Any "do-not-spam-me" list that's useful enough to allow legit firms to purge their lists will be useful enough to help spammers even more. -Declan --- Date: Thu, 17 Apr 2003 12:11:04 -0500 Subject: NEW DEM DAILY: Time to Get Tough on Spam From: New Democrats Online <adminat_private> [ New Democrats Online: http://www.ndol.org ] Time to Get Tough on Spam Spam -- unsolicited commercial e-mail -- is becoming bigger news as it becomes a bigger problem. This week AOL announced several lawsuits against big-time spammers, after recently announcing that its servers are now blocking more spam e-mails than they deliver. In a very scary case, a Maryland spammer announced that he is quitting the business after his name and address were published on an anti-spam web site, leading to harassment and death threats. We shouldn't have to rely on vigilante action to get control of spam. Federal legislation is a better idea. Unfortunately, Congress has never gotten around to action on spam, despite years of warnings that the problem could eventually turn e-mail, the Internet's most popular and useful application, into a glorified junk mail delivery service. Part of the blame can be pinned on spam industry lobbyists, who have taken a hard line against even the weakest anti-spam proposals. But now that the problem has become a large daily annoyance to much of the American population, leading to a rapidly growing patchwork of state laws, even long-time opponents of federal spam legislation are changing their minds. But past anti-spam proposals may no longer be enough, because of the evolving nature of spam. Recently, Senators Conrad Burns (R- MT) and Ron Wyden (D-OR) have reintroduced their "CAN SPAM" Act imposing penalties for fraudulent spam, requiring spammers to let recipients opt-out, and preempting state spam laws. The bill, which is widely expected to be the main anti-spam vehicle this year, needs some improvements to make it as effective as it might have been had it become law four years ago. Take, for example, the bill's opt-out requirement (echoing the Progressive Policy Institute's 1999 report on controlling spam), which makes spammers include an opt-out mechanism -- "Click here if you don't want to receive future mailings" -- in the body of the e-mail. Over the past few years, spammers learned to use the "click here" device as a ploy to unwittingly get recipients to confirm that the address was live and being checked by a human. The spammers would then sell that live address to other spammers. E-mail users wised up to the ploy, and now fewer and fewer people click on opt-out links for fear of being flooded with more spam. An updated PPI paper on fighting spam recommends these three steps to make federal anti-span action effective under today's conditions. * Mandatory standardized labels -- such as ADV: -- in the subject line of every unsolicited commercial e-mail message. This idea, proposed last year by Rep. Adam Schiff (D-CA) as an amendment to anti-spam legislation in the House, will allow both Internet Service Providers and individual users to set up software that automatically sends spam into a special box, leaving the main inbox free of clutter. Many ISPs have developed software to do this, but spammers are winning the arms race with their own software that confuses the spam filters. A mandatory label will end the confusion and make spam filtering a simple and inexpensive process. * A spam "wash list" where individuals can opt-out of all spam from all senders. This can be modeled on the "Do Not Call" list currently under development by the Federal Trade Commission to deal with the telemarketing problem. Creating this universal opt- out list, which spammers will use to "wash" their recipient lists, will avoid the distrust of opt-out links, along with the need for individuals to opt out 50 times per day, every day. Senator Mark Dayton (D-MN) has proposed this in his Computer Owners' Bill of Rights, and it should be added to any anti-spam bill passed by Congress, along with the modest amount of money needed to build it. * An international anti-spam effort. In response to any anti-spam laws passed in the United States; some spammers are likely to move their operations offshore. Solving the problem of foreign spammers, therefore, will require either blocking all e-mail from foreign senders or cooperating with foreign governments to spread these anti-spam measures around the world. Obviously the cooperative approach is preferable, and Congress should take the initiative to get it started by instructing the Bush Administration to work with other countries to draft reciprocal treaties. This tougher approach to the spam problem may earn some opposition from foot-dragging industry groups that only belatedly got on board the anti-spam train. And some may use the tired argument that any law will be evaded by some determined and lawless spammers (an argument that does not convince anyone to repeal, say, all traffic laws). But Congress should not surrender to opposition or avoid its responsibility to regulate this menace to daily life and to the development of an information-age economy. We wish lawmakers had acted years ago and nipped spam in the bud. Now it will take a bit more force to put spam back in the can. Related Links: Text of the "CAN SPAM" Act, Senate Bill 877, Introduced by Sens. Conrad Burns (R-MT) and Ron Wyden (D-OR): <http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_cong_bills&docid=f:s877is.txt.pdf> "The Battle Over Spam," By Shane Ham, PPI Policy Briefing, March 27, 2003: <http://www.ppionline.org/ppi_ci.cfm?knlgAreaID=140&subsecID=288&contentID=251429> ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Apr 17 2003 - 11:52:01 PDT