Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

CAN-SPAM Act Turns 5 Today — What Went Wrong?

kdawson posted more than 5 years ago | from the calling-mister-hormel dept.

Spam 301

alphadogg writes "Five years ago, the US tech industry, politicians, and Internet users were wringing their hands over the escalating problem of spam. This prompted Congress to pass a landmark anti-spam bill known as the CAN-SPAM Act in December 2003. Fast forward five years. The number of spam messages sent over the Internet every day has grown more than 10-fold, topping 164 billion worldwide in August 2008. Almost 97% of all e-mails are spam, costing US ISPs and corporations an estimated $42 billion a year. What went wrong here?"

Sorry! There are no comments related to the filter you selected.

hint:criminals don't follow laws (5, Insightful)

hguorbray (967940) | more than 5 years ago | (#26139639)

especially when they are anonymous(or at least obfuscated) and in many cases, overseas and therefore beyond prosecution under this law

'I'm just saying

Re:hint:criminals don't follow laws (1)

russlar (1122455) | more than 5 years ago | (#26139745)

Also making headlines: Sky is blue. Film at 11.

Re:hint:criminals don't follow laws (5, Insightful)

the_womble (580291) | more than 5 years ago | (#26140335)

It may be obvious, but it was not obvious to legislators....

Unless, of course, its more important to them to be seen to do something, rather than actually do something effective (like providing a budget for enforcement).

Re:hint:criminals don't follow laws (0)

Anonymous Coward | more than 5 years ago | (#26140471)

It's night time here you insensitive clod!

Re:hint:criminals don't follow laws (1)

Sybert42 (1309493) | more than 5 years ago | (#26139779)

Doesn't seem to stop the various IP police from doing their thing, does it? That doesn't even involve money, most of the time.

Obligatory (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26139809)

Your Congress advocates a

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
(X) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(X) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
(X) Any scheme based on opt-out is unacceptable
(X) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(X) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(X) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(X) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:Obligatory (-1, Redundant)

jcr (53032) | more than 5 years ago | (#26139875)

Yep, that pretty much covers it. I'd mod you up if I had the points.

-jcr

Re:hint:criminals don't follow laws (5, Funny)

Chris Burke (6130) | more than 5 years ago | (#26139933)

Thanks for the hint! Now I know why my life of crime has been so slow to take off.

Laws just hamper the law abiding (4, Insightful)

Alain Williams (2972) | more than 5 years ago | (#26140179)

Just like all this wire tapping, surveillance, air port searches, ... they don't really stop the criminals - they just get up everyone's nose and provide an excuse for those who ''investigate'' us with excuses to abuse our privacy.

Look at the people who blew up the hotels in Bombay (Mumbai these days) - just a few men in boats with guns -- sophisticated protection can't stop them every time. We might as well give up and spend the money on something useful.

Re:Laws just hamper the law abiding (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26140435)

We might as well give up and spend the money on something useful.

You mean like Viagra? I just got an email saying I should buy some.

Re:Laws just hamper the law abiding (2, Interesting)

digitalunity (19107) | more than 5 years ago | (#26140533)

You could require all men to carry guns. How far do you think the gunmen in Bombay would have made it if they knew every man they came upon would shoot back?

Certainly this plan has a lot of side effects, but it is not completely without merit.

Re:Laws just hamper the law abiding (5, Funny)

gandhi_2 (1108023) | more than 5 years ago | (#26140627)

In the town of Virgin, Utah it is legally mandated that every household that can legally have a firearm must have one.

You don't see too many terrorists there. QED.

Re:hint:criminals don't follow laws (5, Interesting)

SgtAaron (181674) | more than 5 years ago | (#26140295)

especially when they are anonymous(or at least obfuscated) and in many cases, overseas and therefore beyond prosecution under this law

After tiring of the increasing load on our incoming mail servers running spamassassin, I undertook to spend a couple of days finding as many netblocks that ONLY have spam coming from them.

It's shocking really, that I ended up spending more than two days since there were so many spread out all over the place at various colo companies. And I'm sorry to say that what I found is that nearly all of the snowshoe spammers I found were riddled around in colos here in the US. There are a bunch of ISPs out there that seem to be making a bunch of money from snowshoe spammers, so much so that they don't mind allocating half of a damned /19 for the spammers to use and populate with randomly generated domain names. And, of course, just to make it easier for us poor and broke sysadmins, these colos don't just put them all into nice contiguous blocks of IP addresses. I've about given up complaining to the likes of GalaxyVisions, Pacific Internet Exchange, AboveNet (yes, Abovenet is these days hosting lots of snowshoe spammers--sad). The list goes on and on.

I'm up to ~375 netblocks we no longer accept SMTP connections from. The load average on our three MXs is usually about half what it used to be now.

Re:hint:criminals don't follow laws (1)

macraig (621737) | more than 5 years ago | (#26140419)

Ah, the wonders of anonymity strike again, eh?

More enforcement would help (4, Insightful)

alain94040 (785132) | more than 5 years ago | (#26139641)

Enforcement would be nice. How hard would it be for some FBI office to sign up to get all the possible spam out there, and start replying to all the great offers from African banks?

Of course, a lot of the perpetuators do not reside in the US, but quite a few do. The more legitimate a business looks like, the more likely it has a US presence that can be used to stop it.

So vote with your US tax dollars and force your government to allocate serious funds to the problem. Please!

--
http://fairsoftware.net/ [fairsoftware.net] -- where software developers share revenue from the apps they create

Re:More enforcement would help (5, Insightful)

SomeJoel (1061138) | more than 5 years ago | (#26139679)

Yes, well, while the RIAA can evidently track down and prosecute a 6 year old downloading "Wheels on the Bus", the U.S. government can't seem to figure out which companies are responsible for the SPAM, even with all the contact information that must be available for the SPAM to have any value whatsoever.

Re:More enforcement would help (5, Funny)

thetoadwarrior (1268702) | more than 5 years ago | (#26139839)

But the spammer is just a business man trying to make money. However the 6 year old is an evil communist terrorist trying to spread socialist values by stealing music. He deserves nothing less than a good water boarding at Guantanamo Bay.

Re:More enforcement would help (2, Funny)

Wandering Wombat (531833) | more than 5 years ago | (#26140081)

Wooo! Cuba has the best wakeboarding!

Re:More enforcement would help (1)

Dark_Gravity (872049) | more than 5 years ago | (#26140521)

the U.S. government can't seem to figure out which companies are responsible for the SPAM

Everybody knows that Hormel [hormelfoods.com] is responsible for the delicious SPAM lunchmeat. [spam.com]

Oh, you meant the spam. [spam.com] Nevermind.

Re:More enforcement would help (1)

Ethanol-fueled (1125189) | more than 5 years ago | (#26139685)

Of course, a lot of the perpetuators do not reside in the US, but quite a few do ...and they're mostly teenagers, senior citizens, and porn addicts who unwittingly installed RBN Genuine Advantage(tm) on their 'puters.

Re:More enforcement would help (3, Informative)

DrLang21 (900992) | more than 5 years ago | (#26139987)

The problem is that the FBI's resources have largely been funneled to the War on Terror. As a result, a lot of crime is being left investigated. White collar crime among others is on the rise.

Re:More enforcement would help (1)

Joce640k (829181) | more than 5 years ago | (#26140457)

There's no enforcement 'cos the senators want their Viagara anonymously.

What went wrong? (2, Insightful)

girlintraining (1395911) | more than 5 years ago | (#26139649)

What went wrong? Nobody stopped to define "Spam" before trying to make it illegal. So they made something up, called it spam, and made that illegal. And when people called them up to ask why they were still getting spam, they replied: I don't see any spam here!

Re:What went wrong? (3, Insightful)

HTH NE1 (675604) | more than 5 years ago | (#26139919)

Musante: How are things here on the station?
Sheridan: Fine, fine. Status quo. We have had problems with the lurkers, but nothing--
Musante: Lurkers?
Sheridan: It's our version of the homeless. In many ways, we have the same problem Earth does.
Musante: Earth doesn't have homeless.
Sheridan: Excuse me?
Musante: We don't have the problem. Yes, there are some displaced people here and there, but they've chosen to be in that position. They're either lazy or they're criminal or they're mentally unstable.
Sheridan: They can't get a job.
Musante: Earthgov has promised a job to anyone that wants one. So if someone doesn't have a job, they must not want one.
Sheridan: Poverty?
Musante: It's the same.
Sheridan: Crime?
Musante: Yes, there is some, but it's caused by the mentally unstable. We've instituted correctional centers to filter them out at an early age.
Sheridan: Prejudice?
Musante: No, we're just one happy planet. Well, all right, there's the Marsies, but that won't change until they stop fighting the Earth rule.
Sheridan: And when exactly did all this happen?
Musante: When we rewrote the dictionary.

Musante: Captain, you're a good man. You're a fine soldier. A leader. You understand that sometimes before you can deal with a problem you have to redefine it.
Sheridan: But you can't deal with the problems by pretending they don't exist.
Musante: There's no need to embarrass our leaders by pointing out the flaws that they're aware of and dealing with in their own way. Some people just enjoy finding fault with our leaders. They're anarchists, troublemakers, or they're simply just unpatriotic. None of which describes you. Now, do you want people thinking otherwise?

Re:What went wrong? (0)

Anonymous Coward | more than 5 years ago | (#26140111)

Wow, so lame.

It's just a piece of paper! (1)

sunami (751539) | more than 5 years ago | (#26139651)

Yea, something was legislated against, therefore it will stop. What logic?

Possibly... (2, Insightful)

Anonymous Coward | more than 5 years ago | (#26139657)

something to do with the fact that the US Congress doesn't have jurisdiction over international crime rings.

That, and the allure of free advertising in a world full of idiots.

What went wrong here? (5, Insightful)

flaming error (1041742) | more than 5 years ago | (#26139665)

1) Legislation was flawed
2) Problem transcends US Jurisdiction
3) Enforcement is spotty at best
4) Idiots buy their stuff

Re:What went wrong here? (1)

phantomcircuit (938963) | more than 5 years ago | (#26139965)

2) Problem transcends US Jurisdiction

The vast majority of spam originates in the continental united states.

Re:What went wrong here? (3, Interesting)

Zathain Sicarius (1398033) | more than 5 years ago | (#26140029)

Considering we were responsible for 56.7% of the spam in 2005, I don't think that 14.9% is a very 'vast' majority. Granted, we're still twice the countries below us, but we've either become much better or the other countries have all become far worse.

Re:What went wrong here? (4, Interesting)

bussdriver (620565) | more than 5 years ago | (#26140087)

#1 source of spam is the USA
They didn't do enough plus they must have had loopholes.

I managed a few email servers with a few hundred users back when the law was passed. When it went into effect (not when it passed) I saw within a few days a jump in spam of about 50-75% (trying to recall) it jumped up to about 2-3 times during the rest the year; it didn't rise that quickly in previous years. I don't think it has risen as quickly since then but I don't know.

Connection? I don't know. That is what I observed.

Since the USA is the source for most spam, other measure should be taken besides kicking down the door of some old lady who's windows PC was hijacked by a dozen spammers.

At least that spam king was taken care of since the passing of the law. The law didn't do it; it just sent him over the edge and he took care of himself with a bullet and removed his genes from the genepool... (BTW, he lived in the USA)

Singularity? (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#26139667)

As usual, this is the answer.

Nothing went wrong (4, Funny)

John Hasler (414242) | more than 5 years ago | (#26139671)

Look at the name of the law. Working as designed.

Re:Nothing went wrong (0, Redundant)

Amazing Quantum Man (458715) | more than 5 years ago | (#26139767)

Exactly. It's the "You CAN-SPAM with no consequences" Act.

Re:Nothing went wrong (0)

Yvan256 (722131) | more than 5 years ago | (#26139775)

No it's not. I get spam from a lot of places besides Canada.

Re:Nothing went wrong (4, Funny)

Chris Burke (6130) | more than 5 years ago | (#26139801)

Yeah, Spam already came in cans! Duh!

Re:Nothing went wrong (5, Funny)

dgcaste (1230640) | more than 5 years ago | (#26139885)

Or better yet, read the page title. Pretty sure it reads "I can spam". Yes I can.

Re:Nothing went wrong (1)

IronChef (164482) | more than 5 years ago | (#26140205)

Poor grammar, though. It should have been the "MAY SPAM" act.

Legislation fixes nothing (4, Insightful)

EmbeddedJanitor (597831) | more than 5 years ago | (#26139673)

Legislation only allows some other mechanism to be used. Legislation on its own can do nothing.

All the legislation in the world won't fix teenage pregnancies, the War On Drugs, etc etc.

Since there is really no technical mechanism to kill spam, the legislation itself is ineffective.

Re:Legislation fixes nothing (2, Insightful)

Whiney Mac Fanboy (963289) | more than 5 years ago | (#26139749)

Since there is really no technical mechanism to kill spam, the legislation itself is ineffective.

IOW, your post doesn't advocates a:

( ) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting spam, in favour of advocating a:

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam?

Re:Legislation fixes nothing (4, Insightful)

Sancho (17056) | more than 5 years ago | (#26139887)

If there were a technological means to fight spam, we wouldn't need the legislation.

What's needed is actual enforcement. Spammers make money because people buy their wares. Where there's money changing hands, there's a trail you can follow. The problem is seemingly that no one wants to follow that trail.

No enforcement? Practically no law.

Joe job (1)

tepples (727027) | more than 5 years ago | (#26140033)

What's needed is actual enforcement. Spammers make money because people buy their wares. Where there's money changing hands, there's a trail you can follow. The problem is seemingly that no one wants to follow that trail.

I'm guessing that some high-profile business got joe-jobbed [wikipedia.org] , discouraging law enforcement from following the money. A spammer could distract those who follow the money by advertising the shady businesses they normally deal with and then advertising smaller legitimate businesses as a decoy.

Re:Legislation fixes nothing (1)

dgatwood (11270) | more than 5 years ago | (#26140535)

There's a trivial technological means to fight spam. It just requires abandoning SMTP and moving to a new protocol with the following requirements.

  • All compliant mail transport daemons must require all connections from client computers to be authenticated.
  • All compliant mail transport daemons must sign all messages as they pass them along.
  • All compliant mail transport daemons must have a service record in DNS for their host name that provides a public key for verification of the signature.
  • All compliant mail transport daemons must refuse to accept any email if the signature cannot be verified immediately (even if this is due to load), forcing the sending end to retry.
  • All compliant mail transport daemons must refuse to accept any email if the host name does not resolve to the IP number from which the inbound message was received.

With that, spam is basically dead. As soon as you require those restrictions, suddenly spammers have to actually own a domain name and provide a working DNS server in order to deliver spam, and that DNS server must contain up-to-date mappings for those hosts to IP numbers. That pretty much obliterates the use of zombies for delivering mail. It also means that there is now a domain name, which by ICANN policy, is required to have a valid postal address, phone number, and other contact information associated with it. In effect, it means that you know who sent the spam definitively unless a company's DNS server and mail server both get compromised. It makes it a lot easier to pin the blame on spammers, which makes it a lot harder for them to repeatedly get off scot free.

In case you're wondering why it needs to be signed, i.e. why Sender ID, etc. are not sufficient, Sender ID and the like can be compromised by merely adding an additional authorized IP number to a list. That means that spammers can masquerade as a company by merely compromising their DNS server briefly, all without disrupting the company's business in any way. With a signed variant of this design, because the private key is be stored on the DNS server, the spammer would be unable to masquerade as the company without changing the public key in the service record. Doing so would cause the company's real outgoing mail to fail to be delivered---an action that would almost certainly be noticed immediately. Thus, adding digital signatures provides a significant bit of immunity from such spoofing attacks (spoofing of a company to customers of a compromised ISP notwithstanding).

Re:Legislation fixes nothing (5, Interesting)

dgatwood (11270) | more than 5 years ago | (#26140557)

Just to clarify, it is technologically trivial, but nearly impossible to actually implement in a way that completely blocks spam for everyone because it requires complete adoption before you can start rejecting all non-compliant email. Basically, we'd be better off just starting a new email system in parallel and letting the old one die off as people stop using it.

Re:Legislation fixes nothing (0)

Anonymous Coward | more than 5 years ago | (#26139941)

All the legislation in the world won't fix teenage pregnancies
 
So how would you fix a pregnant teen?

Re:Legislation fixes nothing (0)

Anonymous Coward | more than 5 years ago | (#26140085)

duct tape, scissors and a paper clip?

Re:Legislation fixes nothing (4, Insightful)

Luthair (847766) | more than 5 years ago | (#26140101)

I disagree, I believe that there are definitely changes which could lower the amount of spam, the problem is that getting all parties (ISPs everywhere) on board a single standard is nigh impossible. Perhaps one possibility is to require that the sender's domain resolve to the system sending the mail. This doesn't correct hijacked servers, or spam servers, but it might eliminate spam sent from botnet zombies.

What really needs to happen is that big players (MS, Yahoo, Google, Comcast, British Telecom, etc.) get together and agree on a standard. Make the standard open, unencumbered, and state that as of date X they won't support anything else.

What went wrong. (1)

Afforess (1310263) | more than 5 years ago | (#26139687)

This prompted Congress to pass a landmark anti-spam bill

Duh.

Wait... (4, Funny)

wwwgregcom (313240) | more than 5 years ago | (#26139691)

You mean you guys have still been getting spam?

what went wrong? (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26139705)

Anything that fails to remove the financial motivation behind sending SPAM will fail to prevent SPAM.

No one in their right mind ever thought CAN-SPAM would have any tangible benefit.

What went wrong with CAN-SPAM (1)

booyabazooka (833351) | more than 5 years ago | (#26139709)

I don't see how anything went wrong. Politicians get props for being tough on spammers (it isn't poor Congress's fault that the law is barely enforceable), and the feds profit from imposing some hefty fines on the few criminals they do catch.

It's futile (1)

thetoadwarrior (1268702) | more than 5 years ago | (#26139711)

The spammers are too smart to get caught and a lot of them probably reside outside of the US where the law does not apply.

The law is about as useful as a law against breathing.

War on BS (2, Funny)

Anonymous Coward | more than 5 years ago | (#26139719)

Why am I not surprised. Ironic, kind of like the war on drugs. The stoners are winning.

Making things illegal WORKS (5, Insightful)

Anonymous Coward | more than 5 years ago | (#26139725)

Remember when we made weed illegal and now you can't buy... ooh, wait a second.

Obligatory (4, Funny)

Yvan256 (722131) | more than 5 years ago | (#26139763)

To summarize the summary of the summary: people are a problem. - Douglas Adams

On the bright side... (1)

CannonballHead (842625) | more than 5 years ago | (#26139777)

It gives Barracuda a market.

What went wrong? (1)

Punto (100573) | more than 5 years ago | (#26139785)

They should have called it CAN'T SPAM.

What went wrong? What could have gone right? (5, Insightful)

Antique Geekmeister (740220) | more than 5 years ago | (#26139803)

Quite seriously, this law was specifically not aimed at spam. It was aimed at certain types of online fraud, and it deliberately took power away from local law enforcement to put it in the hands of a federal power that does _nothing_ about mere spam. It was carefully designed to allow 'opt-out' advertisements, and that first advertisement from any spammer, and it was carefully legislated that way by the Direct Marketing Association to avoid interfering with the advertisements of their funding agancies. It was also carefully designed to overrule more effective, state efforts.

Such laws should instead be modeled on the junk fax law, which has withstood the test of free speech challenges and ease of prosecution.

Re:What went wrong? What could have gone right? (4, Interesting)

AK Marc (707885) | more than 5 years ago | (#26140617)

Once, for fun, I signed up on a "get a free x-box" site with a throw-away address. For one, being in Alaska, it was impossible for me to complete the necessary steps to get it. For another, it is the perfect spam generator. You can never take your name off the list. They don't send you any spam, so you can't get your name off. They just re-sell your address. Even if the people that bought it take it off their list, the list you are on will be sold and re-sold thousands of times. As long as the list holders never personally send the spam, they are never required to stop selling you name to others to spam. Any law that doesn't address this is a law that will have no effect. Either all spam must be opt-in (like faxes) or there would be some requirement with all UCE to include contact information of the company where they got their list and how to get of the list of not just the one sending it, but the place they got it as well (and requirements about not sending from a list more than 30 days old and not selling a list within 30 days of getting it or something like that so it won't be sold billions of times before you can get off it).

But yes, your general point is quite correct. It was desired by the spammers because without it any one state could have crafted a more restrictive law. With it, they can claim to be operating under the federal rules and that those trump the state requirements.

I'd make it a requirement that the company address (physical, not PO boxes) be included in every spam, as well as a phone number. The headers must be real. If any part of the spam is faked (IP addresses, from field, or such, as well as the contact information must be accurate for at least 30 days after the spam is sent), then prosecure them for fraud and illegal access of a computer. If some woman getting on myspace uses a fake name and gets convicted, so should spammers using false headers.

There is a successful market for spam (0)

Anonymous Coward | more than 5 years ago | (#26139815)

Even I managed to get some real Vs over the internet.

It doesn't matter if it is illegal drugs, or penis enhancement or whatever.

As long as the response level to any spam is more than 0%, or laws otherwise prevent rational adults from wanting a few chill pills, this fight will continue. And it will be as fruitless as the war on drugs.

And more and more laws will only ruin the rest of the internet, but the spam will continue.

Enforcement (1)

bunyip (17018) | more than 5 years ago | (#26139817)

Spammers know they won't likely be caught. And, if they're caught then the punishment won't be harsh.

Put a few in a federal PYITA prison. Put some heads on pikes outside the city walls. Send in some Navy Seals and install Vista on their machines. Do whatever it takes! :-)

3 things (1)

dark grep (766587) | more than 5 years ago | (#26139819)

Three things went 'wrong': 1. Moron sysadmins who allow their servers to act as relays or become exploited 2. Idiot end users with compromised systems 3. Unbelievably stupid people who respond, and buy, what the spam is advertising No legislation has ever overcome human stupidity.

can-spam??? (1)

prndll (1425091) | more than 5 years ago | (#26139821)

As if anyone in government is ever going to be able to stop spam. Did anyone notice the irony of the link in the article (it took me to a symantec advertisement)? Spam will never be stopped until idiots are gone (which will be never). If you think the government is capable of stopping spam, then you don't understand government. They are more likely to make the problem worse.

What went wrong? (2, Informative)

Toonol (1057698) | more than 5 years ago | (#26139851)

In fairness, nobody with any amount of knowledge expected it to have any impact. It's not really accurate to say it 'went wrong' when most of us never expected it to work in the first place.

problems? (1)

memnock (466995) | more than 5 years ago | (#26139853)

i use Yahoo! mail (4 accounts) for most of my email activity. i have a rarely used GMail account or two. i have an account through uni, that is now serviced by GMail. i get almost no spam. i had 2 accounts with Earthlink. now those two were somewhat spam-laden, but in recent months, the amount of spam dropped quite a bit.
if i didn't know any better, it would seem to me that the legislation worked. but i'm more inclined to believe it was a result of software changes that were implemented by the services to respond to complaints from users.

Laws dont solve technical problems. (1)

kwabbles (259554) | more than 5 years ago | (#26139865)

Another example of why legislators shouldn't attempt solve problems that should be left to engineers.

Re:Laws dont solve technical problems. (1)

gad_zuki! (70830) | more than 5 years ago | (#26140175)

To be fair, it was naive engineers who gave us SMTP to begin with. Accept any message without authentication? Craziness.

Of course this is all in hindsight.

I dont really see much spam, at this point domainkeys, reverse dns, filtering, etc have done a good job of keeping it out of the inbox, but its the bandwidth and server resources thats a problem. How can you stop people from using bandwidth without getting into some kind of national firewall (see china) or issues of censorship or even blocking entire countries.

Every ISP is free to explore these solution without the goverment. All the government did is draft a law to answer the legitimate question of "What is spam? How do we email our customers without lots of complaints?" So they defined spam and for legitimate organizations the law had a real effect, but no, it doesnt stop spam outright. It defines online marketing more or less.

Re:Laws dont solve technical problems. (0)

Anonymous Coward | more than 5 years ago | (#26140499)

Accept messages without authentication? On DARPANet why not?
You may as well ask why the ISS doesn't have a lock on the airlock door.

Who is receiving spam? (4, Interesting)

fermion (181285) | more than 5 years ago | (#26139899)

I receive very little spam. Maybe 20%. That is hardly 97%. So where is it.

I know where it is, and why it is still a problem. It is not in my email box, or the email box of most people. It is in the spam filters of our email providers. And that is the problem. I don't see it so I don't care. Sure, it may increase my cost to get online, but by how much. DSL is dirt cheap to what I was paying 10 years ago, and at better bandwidth. So what do I care? I don't see it, the problem is solved. And I can delete the 5 messages of spam that get through.

So out of sight, out mind, right? Wrong. I also know for the average person, and for the average spammer, those five messages per person that gets through can mean huge amounts of money. Even if nothing is bought, the way that mail clients are set up and vulnerabilities in the mail and web clients can make the spammer money. For instance, most clients now render HTML and load images automatically. Apple still refuses to set an option in mail.app to turn off HTML permanently, though it does allow one to not load images. Still, most people load images, which registers as a hit on some scam web site and registers the email as valid. Rendering the HTML can allow viruses on the receivers machine. And even the semi legitimate spammer still has hope that someone will buy a product.

We won't be able to get rid of all spam, even though we can't get rid of mail scams though it is a felony. The best we can manage it. If we are to fix it more, then we have to bring the problem to the forefront by letting spam through, or some other methods.

Re:Who is receiving spam? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#26140065)

Just list your e-mail address with a domain name or post to Usenet. You'll get closer to 99.9% spam.

I've had the same e-mail address for 15 years so about only one out of every 10,000 messages I receive is legitimate. Spam is making my e-mail more of a hassle to use than it is worth. Bill Gates can lie all he wants and say that spam is not a problem and has never been a problem, but we all know that is a lie.

Re:Who is receiving spam? (2, Interesting)

Anonymous Coward | more than 5 years ago | (#26140333)

FWIW, I get over 4K spams a day to my 8-year-old email address, and they don't actually bother me much - combo of bogofilter and spamassassin that KMail automagically configured me. I get the occasional false negative (just a matter of clicking "this is junk" and it learns), but after the first couple of days training (you teach it known-good emails too), false positives stopped

Admittedly, I guess such spam filtering is cpu and bandwidth intensive, but the email address in question is yet to become unusable in practice.

Re:Who is receiving spam? (2, Informative)

maxume (22995) | more than 5 years ago | (#26140267)

Outlook doesn't load images by default. I don't think Outlook Express did, but I don't remember anymore. Neither Yahoo! Mail or Google mail load images by default.

If you measure by what people are using, you are wrong about most clients (at least, the current defaults).

Legislation as Public Relations (1)

DynaSoar (714234) | more than 5 years ago | (#26139913)

CAN-SPAM like many other laws (can anyone say PATRIOT?) was written and passed for the benefit of voters and those they vote for. Very few cases of enforcement were actual attempts to enforce the law, most were attempts to fill press releases.

As I've quoted before, FTC Commissioner Orson Swindell said at the first FTC spam conference "What we need are a few good old fashioned hangings." Certainly in spirit, yes. If the Secret Service can round of a few dozen kids and a game designer and cause them all manner of grief, now that they know what they're doing, why can't they round up a few dozen spammers? Why do the "spam kings" get removed only to be replaced with no net (pun unintentional, but I like it) effect?

Isn't there an "or cause to" statement in the law? Those that hire spammers were supposed to be held accountable too. "I didn't know they would spam it" should only be taken to mean the owner was negligent in research and contract. Negligence isn't commission, but it's still a basis for guilt.

Spamming has become such a big multinational business, and increasingly associated with organized crime, it's only a matter of time before we start hearing about them offing each other and/or their providers. That's hearing about it, not to say it hasn't happened already and not recognized.

Nothing went wrong! (2, Interesting)

www.sorehands.com (142825) | more than 5 years ago | (#26139927)

The bill got the people who paid for it, what they wanted. Permission to send spam.

To fix the bill, it needs the following:

1. Outlaw spam. (yeah, won't probably happen, but I can dream.)
2. Require labeling. Make it easy for spam filters.
3. Permit private right of action for individuals.
4. Require attorney fees to be paid to successful plaintiffs.
5. Strict liability for the advertised party. No more, "Oh yeah, that affiliate didn't get permission to send that e-mail to you -- don't blame us."

The bill is incorrect, you can go after foreign spammers, it is just harder.

We took a knife to a gun fight. (3, Insightful)

mellon (7048) | more than 5 years ago | (#26139929)

Seriously, the problem with every anti-spam countermeasure I've seen so far is that they are all based on using SMTP as a mail transport. And SMTP is a protocol designed for a civilized Internet - one where every email sent is assumed to be one that the designated recipient wants.

In order to stop spam, we need to stop using SMTP and switch to a protocol that rejects mail by default. Unfortunately, this requires a flag day, and nobody's put forward a protocol like this yet, so we're still stuck with insane amounts of spam.

Re:We took a knife to a gun fight. (1)

Sybert42 (1309493) | more than 5 years ago | (#26139999)

Um, flag day?

Re:We took a knife to a gun fight. (1)

magarity (164372) | more than 5 years ago | (#26140525)

Um, flag day?
 
At 0800GMT on the Nth of Y, all admins everywhere in the world will press the magic button and convert to the new email sending protocol.

Friend codes (1)

tepples (727027) | more than 5 years ago | (#26140405)

In order to stop spam, we need to stop using SMTP and switch to a protocol that rejects mail by default. Unfortunately, this requires a flag day

Not necessarily. The Wii game console implements a transitional protocol that enforces whitelisting, much like the friend code system of Nintendo WFC games. To send mail to someone's Wii Message Board, you have to be in his address book and he in yours. It interoperates with classic SMTP: when you add an SMTP address to your message board, the address gets an e-mail from wii.com asking the user to accept or reject this contact. People who need to accept random business contacts from suppliers or customers can set up a web form; this could be as simple as a form mailer or as sophisticated as an issue-tracking system [wikipedia.org] such as Bugzilla or OTRS.

Nothing went wrong (1)

JoeF (6782) | more than 5 years ago | (#26139949)

Nothing went wrong. It's name stated what it was for: Companies CAN SPAM. And that's what they did.

Make a Law (1)

maop (309499) | more than 5 years ago | (#26139957)

There should be mandatory authentication of all emails coming from within the US or from a US email provider.

Re:Make a Law (1)

thejynxed (831517) | more than 5 years ago | (#26140583)

Too bad that will never work. Think before you type. All the spammers would have to do is swap to services (coloes, etc) outside of the USA. Sure, we have spam "kings" living here, but so does Canada, China, The Phillipines, Israel, Russia and many other nations. Many of whom contract with U.S. service providers currently for bandwidth and hosting services, often using false credentials and from behind shadow companies.

So, all in all, your proposal fails. Miserably.

What Went Wrong? (1)

pete-classic (75983) | more than 5 years ago | (#26139991)

In two words: your expectations.

When Congress swoops in to solve a problem I always expect them to fail. They almost never let me down.

-Peter

Wait for it... (0)

Anonymous Coward | more than 5 years ago | (#26140031)

[x] This article is useless and the comments will spawn over 9000 forms giving detailed explanations of why spam can't be stopped by technical, social, or legislative solutions.
[x] Pie
[ ] None of the above

CAN-SPAM Worked Exactly as Expected (3, Informative)

ericgoldman (1250206) | more than 5 years ago | (#26140041)

Congress had no idea why spam was a problem and therefore did not draft legislation designed to address the problem. http://ssrn.com/abstract=487162 [ssrn.com] Instead, they took a shotgun approach of trying to legislate against a panoply of problems, which meant that the law was not designed to fix any single problem and therefore was not going to succeed even from day 1. Eric.

Well duh! Everything Congress touches goes to pot (0)

Anonymous Coward | more than 5 years ago | (#26140043)

Congress was compelled to pass cable legislation - prices have gone up rapidly ever since

Congress passes the Patriot Act - one of the most *un-patriotic* pieces of legislation ever written

So everybody who really thought CAN-SPAM would reduce spam, raise your hands...

I thought so.

There is no problem with CAN-SPAM (2, Insightful)

SIR_Taco (467460) | more than 5 years ago | (#26140097)

The problem is not that the CAN-SPAM act of 2003 is flawed.
The problem is that the US seems to assume that laws made in their country are globally accepted.
Prohibiting pretty much anything will just make those people that want it get it from another source. For example, look at the prohibition of alcohol in the US... suddenly many people had the urge to visit Canada and/or Mexico more often (even bring back 'souvenirs').

Just my 2-cents in the matter.

Who says what SPAM is (2, Interesting)

Saysys (976276) | more than 5 years ago | (#26140123)

Freedom of speech is more important than $42 billion a year.

Political speech, asking for a petition to be signed, telling someone about your faith, selling door knobs... there is a plethora of good bad and highly subjective things people can say, repressing speech, even 'commercial' speech both a constitutional violation and a vary dangerous precedent to set.

I don't like receiving 'get a bigger penis' adds any more than the next guy, but the legal action should be against the individual for lying, not for communicating speaking.

Re:Who says what SPAM is (1)

maxume (22995) | more than 5 years ago | (#26140297)

Legislation needs sane limits, but frankly, you don't have any right to my inbox.

Re:Who says what SPAM is (1)

Saysys (976276) | more than 5 years ago | (#26140601)

I assure you giving the government enough power to enforce spam-control is giving it enough power to censor free speech in general.

I have every right to attempt to communicate with you. Freedom of speech doesn't mean that you have to listen to every communication addressed to you, simply that you have no right to tell me not to send the information in the first place. If you want to block what I've got to say that's one thing, but trying to use the government to keep me from talking to you is something entirely different.

It doesn't matter if my communication with you is political protest, telling you to buy penis pills or waring a t-shirt that says "bush planed 9/11". Freedom of speech does not mean freedom from
You can delete my email or even spam-block it, but I fear the day when the government decides what communications are or are not "costing billions of dollars"

Re:Who says what SPAM is (1)

Dark_Gravity (872049) | more than 5 years ago | (#26140589)

Political speech, asking for a petition to be signed, telling someone about your faith, selling door knobs.

You can't break into my house and spray paint it on my walls, which is what you advocate when you endorse spamming.

It's been a success! (2, Insightful)

mcbutterbuns (1005301) | more than 5 years ago | (#26140201)

The number of spam messages sent over the Internet every day has grown more than 10-fold, topping 164 billion worldwide in August 2008.

Those are great numbers. Imagine how much SPAM would have been sent had the law NOT been passed!

Private right of action (4, Insightful)

gorbachev (512743) | more than 5 years ago | (#26140215)

Private right of action got stripped out of it due to complaints from the direct marketers. That was strike one. With so much spam it's completely unreasonable to expect anyone to enforce the law. Crowdsourcing the enforcement through private right of action would've worked. And the direct marketers knew it...

The second strike was that the bill didn't anticipate the success of botnets and Russian organized crime. The law doesn't do jack s*** about that problem.

What went wrong? (1)

darjen (879890) | more than 5 years ago | (#26140257)

Easy - Congress got involved. And, as usual, they are a complete waste of time, money, and effort.

ha (0)

Anonymous Coward | more than 5 years ago | (#26140291)

just goes to show that making laws about stuff wont change anything.

Like say, prohibition lol

1c / email (1)

zaax (637433) | more than 5 years ago | (#26140369)

If very one was charged 1c per mail & laid down in legislation that is all that can be charged, it would close the free lunch table spammers are eating off.

In other news (1)

jmv (93421) | more than 5 years ago | (#26140381)

Five years after being passed, the law banning flies still hasn't reduced the amount of flies. What went wrong?

One word (1)

Phroggy (441) | more than 5 years ago | (#26140463)

Enforcement.

The law itself is just fine. It cautiously defines spam, in a way that makes virtually all current spam clearly illegal, without causing significant free-speech problems. But spammers won't voluntarily obey the law, and the government isn't prosecuting them for violations.

The Washington Post managed to get a huge amount of spam stopped just by making a phone call. The government should have been there first, and they weren't.

I work for a company that does opt-in mail lists (4, Interesting)

Anonymous Coward | more than 5 years ago | (#26140479)

Our clients include many bands and music venues. We make every effort to be legit (unsubscribe links, legit reply email addresses, and all legit headers and DNS entries), but the rules of the game are not even available.

See, many ISP's (AOL, and my new target of wrath, earthlink) have rules about the maximum number of messages allowed to come from a single source to their domains in a given time period. Exceed those, and you are an abuser. Except they won't tell you how many messages or how long the period. On the one hand I understand as spammers could use this to get through. But you can't even call them and get info. I've emailed their abuse lines with no reply. It's as if NO ONE knows this info. How does one follow the rules when they are undocumented and beyond the legislative code?

Or when earthlink this past weekend decided we were a spammer, and spammed us back with abuse notices. But then they delivered our email to their customers many, many times in repetition. Like a dozen or more. It was not a server flaw on our side as confirmed by the database and log files. It was 'something' on their side that acted as a repeater for our legit email even as it was notifying us that we were spamming. We then get lots of nasty emails, which we reply to by hand. I spent half of the morning yesterday trying to get anything out of earthlink regarding the issue, but if you don't want to subscribe for service, they don't know what to do or where to have you call. I don't even know what the hoops are, much less can I jump through them.

I get lots of unwarranted spam, but I also get many distribution lists that I want and look forward to reading. Some places make that a nightmare if you want to provide that service.

It's all about the cost (0)

Anonymous Coward | more than 5 years ago | (#26140591)

Cost for a substantial compliant mailing setup - Around 30k
Cost for a substantial non-compliant mailing setup - Around $1-2k.

There's a significant part of your problem, and no amount of legislation is going to lower the cost of legit IPs/data anytime soon. When spammers can't spam compliant, they spam non-compliant.

What went wrong? (1)

damn_registrars (1103043) | more than 5 years ago | (#26140619)

Doesn't the question "What went wrong?" imply that there was something right to begin with? There was almost nothing right in this bill. Though the most obvious problems include:
  • A massive loophole for most spam
  • No good enforcement mechanism for any but the most egregious offenses

And probably the most important:

  • It is a US law for an international problem.

Sure, the US is the originating point for a lot of spam,but there is plenty of spam that starts elsewhere. And if the offense is somehow tied to people in another country then good luck getting any enforcement.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?