I was a little surprised at the exemptions. Some of the worst offenders are long-distance carriers and credit card companies, and they're exempted. Hmm. How do you suppose that happened?

This law, while somewhat helpful, is meant to appease people without doing much to actually solve the problem. Typical sleazeball politics.

Most of the spam I get is outright fraud anyway. I don't think they'd pay much attention to a no-email list except for harvesting.

Also, a vast amount of spam is sent from outside American borders. U.S. law wouldn't do jack to stop that.

However, a rule in your e-mail client that deletes all incoming mail with Asian character encodings does work wonders...

A federal anti-spam law MUST include two features:

1.) All UCE must be marked "Adv" or similar, to facilitate easy filtering. Penalties for those that do not comply

2.) All UCE purveyors MUST immediately remove you from their list upon first request. Penalties for those that do not comply.

Furthermore, let me re-iterate: The law MUST NOT ban any kind of unsolicited email, bulk or otherwise.

Now if we could just come up with a way to chase down off-shore offenders we'd be on to something....

Jerry, I think you miss a point: if a U.S. company asks a foreign company to spam on their behalf, that domestic company would still be liable. Furthermore, the U.S. can persue violators through international law.

The fact is that the spam problem is so bad it's starting to bog down corporate mail servers, and it occasionally renders someone's mailbox unusable.

Worst of all, many corporate (and personal) mail filters are accidentally catch legitimate mail and nuke it as spam.

All of that added together erodes the utility and reliability of email. Everyone's hurt by this glut of spam, even legitimate mail marketers who might be offering valuable products.

I think the notion that the law can fix everything is wrong, but the notion that it can do nothing at all strikes me as also wrong.

Dean,

The notion that the law can fix much of anything is is wrong as the notion that the law can fix everything.

I get my share of spam, for which my solution is my right index finger on the Del key. Matter of fact, I just about get rid of everything that comes through the email system, unless it's from somebody or some organization whom I am predisposed to want to hear from. Even so, I get a lot of predictable crap from many people I know, and that get the unread deep six also. Especially folks who send me sardonic political humor.

If you never respond they all go away after a while.

But the best gambit yet. Just change your email address about once every few months. That means, literally, abandon the old one. I did that once with mailcity.com when it got absorbed by lycos and more difficult to use. Like moving with no change of address order to USPS.

You guys want privacy? Create your own and stop whimpering about spam. Unless you really think it's a bright idea to let Big Brother boogie in and take over the internet. Remember, the only thing government does competently is interfere with the lives of law-abiding private citizens.

Arnold Harris
Mount Horeb WI

Arnold Harris wrote:

"But the best gambit yet. Just change your email address about once every few months. That means, literally, abandon the old one. ... You guys want privacy? Create your own and stop whimpering about spam. Unless you really think it's a bright idea to let Big Brother boogie in and take over the internet. Remember, the only thing government does competently is interfere with the lives of law-abiding private citizens."

Couple of points:

Changing one's email addy regularly would not lessen the impact of spam volume on mailservers. In fact, it would increase email volume by adding bounce responses for changed addies. The problem is not just an individual's problem of getting unwanted email. The problem is abuse of internet physical infrastructure.

As far as gummint not being able to do anything, or not able to do anything right, there are several proposals which would do things real right. How about letting gummint interfere with the lives of our favorite law-nonabiding citizens, the spammers? The gist of hardball legal approaches is:

1. Create major criminal penalties for sending bulk unsolicited email with (a) no subject header indicating "ADV" or some other code to show it is unsolicited bulk email, or (b) giving false return email information in headers or body, or (c) perpetrating any fraud in such email. "Bulk" can be reasonably defined as some large number of addressees. Create major criminal penalties for any unauthorized use of an SMTP server, in excess of some number of emails, defined as bulk.

2. Creat a civil cause of action for recipients of such email, (1) with very stiff liquidated damages, say $1000 per spam email received, and (2) jurisdiction to sue in the courts of the state in which the email is received, and (3) permit proper service of process to be accomplished by return email to the "from" addy in the offending email, and (4) statutorily extend jurisdiction to cover the business advertised in the spam as joint tortfeasors with the actual spam sender, and (5) encourage states to cooperate in enforcement of judgments. This would permit huge default judgments against spammers. Worst case: if the spammer or the business advertising in spam ever set foot in the state where the judgments occured, they'd be hauled into court to enforce the judgments.

That would slow down domestic spam considerably, and also domestic companies advertising via foreign spam.

I am not the originator of these legislative ideas. Many others much more informed and educated on the issue, such as Prof. Larry Lessig of Stanford, have suggested similar. If the points above are misinterpretations of their ideas, the error is mine.

Well, "fub", it seems you really want major criminal penalties, large fines, driving companies out of business, possible jail time, etc, for people who send commercial email notices.

As if the federal government and those of the several states had nothing else to do with their increasingly shrinking resources but help you fulfill your obvious spite-filled mood.

If you have any kind of historical perspective, you may find that calling in big government to take over these tasks from private individuals and companies is a double-edged sword; like unwisely inviting some distant super-power to come into your country and take over your affairs. Once so invited, they rarely leave you alone again.

Has it occurred to you that the fastest growing sector of the private economy is internet-based business? Or do you want all the people employed in the industries affected by internet commerce to flip greasyburgers or scrounge for public-assistance jobs?

And what about the rights of the many who do not want yet additional legislation that tells us what messages can be sent on the internet, or who can telemarket to whom and during what hours, or whether or not commercial offers can be sent through the US Postal Service, or who knows what else is coming, in the great frenzy to interfere with everybody over everything?

Finally, I would remind that you -- not I -- referred to the key subtopic of this line of comments as "gummint". What was this supposed to mean? Precociousness, ignorance, or some combination of both?

Arnold Harris
Mount Horeb WI

Jerry, I think you miss a point: if a U.S. company asks a foreign company to spam on their behalf, that domestic company would still be liable.

Assuming you can find them. Legitimate companies do not spam, so by definition, detective work will be needed to find spammers. And then you'll find out it's a holding company incorporated in the Netherland Antillies or the Bahamas or some other place where crooks set up shop for the traditional reasons.

Here's an idea: have companies secure their mail servers in such a way that any incoming mail can be postitively identified.

For example, here at Miami University, I can't send outgoing email unless I am on the university intranet, OR I am on a dial-up connection. I can't just tell my mail proggie that I'm using the MU mail server; I'll get a refused connection.

Of course, I can use webmail to send out that way, but it's not as convenient. Good enough, though.

By the way, apparently 10 million people have signed up for the Do Not Call llist already.

Hmm, some thoughts of my own

1. The vast majority of spam is sent using open relays; this is by it's very nature illegal. This is in a way somewhat akin to wandering into someone's unlocked house and using the stamps you found on the desk to post your letters.
2. A US government backed bill making senders of bulk mail required to check some sort of “opt-in” list, like the do not call list simply will not work, since those sending most spam currently are already breaking the law and would almost certainly continue regardless; however legitimate businesses would now have a legitimate excuse to send bulk unsolicited email. Rather than containing the problem within the underground, it would proliferate since more people could feel legitimately entitled to do so.
3. Comparisons with a do not call list are tenuous at best, since whereas a company advertising or selling with cold-calling has to pay for the costs of a.) staff, and b.) telephones, spammers have exponentially less overhead. Also, whereas a telephone call occupies so many minutes of each caller, a spammer can be sending thousands of emails simultaneously, so the damage on a chronological basis is far greater too.

Worst of all, many corporate (and personal) mail filters are accidentally catch legitimate mail and nuke it as spam.

There are some very good message screening systems in existence which work well, so if a corporate mail filter accidentally catches legitimate mail then the company probably isn't using a very good one. Systems such as SpamAssassin are very successful at stopping spam, since their rules are Bayesian in nature rather, whereas the filters in every personal email product I've seen (Outlook, Mozilla Mail etc.) are generally simple logical if spam keyword then ... frippery. Companies such as MessageLabs offer a similar service for corporate customers to handle email, which also filters potential viruses.

A few tips in closing, then:

• Never post your (real) email address to a site (e.g. comments on a weblog) where the address is visibly displayed on the page afterwards; use either something like your.real.address@nospam.domain.com instead.
• Never post your (real) email address on your personal website. Use the above method instead.
• If your email service supports it, use a unique alias @your-domain for every unique site you need to register with, so you are able to track down anyone selling on your address (e.g. nytimes@foobar.com)
• Never respond to junk mail with an different return address (e.g. someone@yahoo.com) where it asks you to unsubscribe to stop receiving mails; this merely flags the account as valid and active on their lists.

If anyone is interested to know, it's worth noting that spammers have for years used webcrawlers to harvest email addresses from websites, news groups, whois databases and just about anywhere else they can get their hands on. This task has been made easier by the number of people who forward chain emails to all their friends using the Carbon Copy function of their mail program, rather than Blind Carbon Copy, which is intended for such a task (the resulting email chain can then end up containing thousands of legitimate email addresses in the body which when it eventually returns to a spammer, is paydirt).

Not putting your (valid) email address on your webpage is one partial solution, but obfuscating it so that harvesters can't find it also works well; I created a simple script that does this quite well, if anyone is interested.