Kill the Spam
Why the proposed Murkowski bill will make things worse and HAS made matters worse!
Between doing my job, creating web sites, experimenting with HTML and fighting spam, I get to relax, perhaps fire up the Nintendo64 and play some video games. While I'm not video game master by any stretch of the imagination, I will say that I don't have to dedicate all of my brain to playing video games. The last few nights, my mind has been pondering the Senate bill proposed by Senator Murkowski, that is supposed to help curb spam. This is exactly the sort of thing we've come to expect from our government. We should not be surprised at this total failure to address the problem of spam. Let's take a look at how spammer's are "complying" will this bill. Remember, as of this writing: July 31, 1998, this is NOT a law, and there is nothing to comply to.
Within the last week I have received several "Murkowski'd" spams. With minor variations, they all include a statement such as this. Note: this came from a porn spam, not that it makes any difference.
As a rule, I do not participate in politics because politicians are well known to be liars. Unless something directly benefits the pocketbook of the politician involved, they won't lift a finger to assist. I'm making an exception this time, so let me share my views and opinions on the stupidity of the Murkowski bill.
This message is sent in compliance of
the new e-mail bill:SECTION 301*
* "Per Section 301, Paragraph (a)(2)(C) of S. 1618,
further transmissions to you by the sender of this
email may be stopped at no cost to you by sending a
reply to this email address with the word
"remove" in the subject line."
Let's examine this fine piece of legislation, without even having to look at the Senate bill.
Flaws in Murkowski
- This is a BILL.[currently](Actuality, this is a dead bill)
- This is not a law, therefore there is nothing to comply with, and nothing that can be enforced. Still, even assuming this becomes law, there are too many loopholes for this to be of any real use.
- Because this is not a law, it is most likely that the remove function is merely a harvesting tool.
- Spammers have a reputation of compiling remove requests into new lists. These new lists are created from such remove requests, which means these email addresses are live, and therefore this list has value to be resold as a spam list of live addresses.
- Why should I request removal on a list I should not be on?
- Again, we're back to the origins of spam becoming a problem. I did not sign up for this list, therefore I do not want this. Harvesting my address via a web site, usenet post, or sitting on a port and snarfing a copy of all mail traffic, using a data probe or however they gather addresses is not a valid excuse.
- Opt-Out doesn't work, plain and simple.
- The concept hasn't changed. Spammers compile lists and then spam from the lists, then sell the lists to others who spam. By providing an "opt-out" feature, they have a mechanism for harvesting addresses. While they always claim this is for removals and filtering out, it is much easier just to use this list as live addresses ripe for spamming. Sell the list off at a profit to some other spammer, and the whole process starts over again. So, while you may have opted out, you just opted-in to another few hundred spammers.
- This method will not stop spam. In fact, I doubt it will have a real effect other than increase spam.
- Well, it will have some effect, in that all spammers will now throw in that boilerplate remove garbage, hence adding more bulk to the spam. Some folks have stated that this gives spammers a free shot at you, then you opt out and in theory they can't email you again. Since spammers like to forge headers and hijack servers, it's not like we're dealing with an ethical group of people. Spammers are especially fond of mis-configured servers that do not show the true originating point. Even better are these poorly configured servers run my incompetent, stupid and/or unconcerned administrators. The end results will be that spammers now have a convenient method of harvesting addresses that is supported by the government, and the spamming increases as remove requests are harvested, compliled and re-used as spamming lists of live addresses.
- This bill will endorse government supported "opt-out" functions.
- The whole object of the bill is an opt-out mechanism. What the government is saying is that I should not complain, I should opt out. As I've stated already, opting out would lead to my address being harvested, resold and used for more spamming, all without my permission. In short, my 4th Ammendment rights to privacy are violated with the government's blessing each time I opt-out.
- The government has accepted standard address harvesting practices and is making no attempt to stop this behavior.
- I find this statement to be true because this bill is more of a formal opt-out system. I think anyone who visits this web site will know that I do not sign up for mailing lists, and am very protective of my email addresses. Spammers have and will continue to search web pages, usenet postings, whois records, and electronic publications for addresses to harvest, just to name a few ways of doing it. There are many other methods for harvesting addresses, ranging from setting cookies in web browsers, hacking into a mail server and stealing the entire user list, installing RF sniffers to pull RF out of the wiring, to getting a data probe installed and then sifting through the data for email addresses. There are still MORE ways to harvest addresses. Since the spammers are obviously harvesting these addresses without the permission of the users/owners of those addresses, and then spamming these harvested addresses, it appears that the government has accepted this practice as a "fact of life" for lack of a better term. Rather than protect the rights of the consumer, or even protect my constitutional right to privady, the government has decided to trust the honesty and integrity of a spammer and make it so those violated by spam have a mandated method of removal. See above on my comments on opt-out, as that is where this is going next.
- As an additional note on this topic, this clearly proves that government has condoned address harvesting. I truly hate to say this, but there is really nothing you can do if some jerk is going to run a robot and harvest addresses from usenet postings and/or web pages. The fact of the matter is that this information is available to the general public in the form of publically accessible information. At least with web sites, you can use various tactics to slow down or totally block information from being accessed, but there are flaws in that as well. To combat this problem, those who wish to enjoy usenet and write web pages are forced to alter our email addresses. This altering of email addresses is known as "munging", which is NOT to be confused with spammer's forgeries. Difference: Those munging addresses typically providing instructions on how to actually reach their VALID account and admit to munging. Forgeries are the deliberate injection of false, bogus or innaccurate information, usually in an attempt to avoid being discovered.
- Government can't solve the problem because they don't understand the problem.
- Technology is wonderful but the government is by far the most ignorant group of imbeciles on the planet. By and large, the government has been shielded from spam, the most notable method being that spammers do actively ensure that any address ending in a ".gov" or ".mil" doesn't get spammed. I'm not so sure about ".edu", but I'm sure a lot of school and college students get spammed at their educational addresses. Because the government is protected from all of this free market activity, the government is unaware of the sheer amount of spam being transmitted every hour on the hour around the globe. Because the don't understand the volume of spam, they don't see it as a problem. Because they don't get spammed, they are unaware that a problem really exists. Because they don't actually see the problem first hand, as far as they are concerned, they aren't even aware that there is a problem. Just to complicate matters, many of these elected officials are afraid of computers, and have a staffer gather, read and respond to emails. Some of these elected officials take a more active role and have their staffer print out the email so that they may read the email themselves and perhaps formulate a response, which is then given to the staffer so that the email may be responded to. Since elected officials are too busy to acting in their best interest, it will take a whole new generation of elected deadweight before this problem is even addressed.
- Who is "the sender of this email" and how can we be sure they won't send us spam after following removal instructions?
- The sender of the spam has most likely taken measures to hide their identity, and depending on where this spammer hails from, they will most likely get away with their spamming. Even assuming the spammer is identified, there is no real way of enforcing the remove request. There are too many loopholes. One loophole could be "You didn't define what the term 'sender' means". Sender could be interpreted as that license for the software, the account of the spammer, the service hijacked, the mail client used, the multiple personality responsible for the spam, and whatever other excuse you can dream up. Due to legal reasons, an ISP is not going to reveal the name of the spammer, and especially not their address, so even if the spammer does get whacked, it is really impossible to positively track multiple violations to the same spammer, at least from a victim standing. It is usually easier to track everything via the site and/or company that the spam is sent out for. In short: there is nothing to prevent the spammer from sending again, short of the spammer getting killed, jailed, or their computer destroyed, confiscated, stolen or misplaced.
- What about theft of services, especially hijacking overseas mail servers?
- Let's first expand "overseas" to mean: any server OUTSIDE the spammer's country of origin. For the sake of simplicity, we'll assume that you are all citizens(legalized, naturalized, or regular) of the United States of America. For the most part, overseas indicates Asia, Europe, Africa, India, Australia and perhaps South and Central America. Your definition may vary. I have seen a good deal of spams steal service from Canada and Mexica, the immediate North and South neighbors of the United States. Server hijacking, commonly known as relay raping, is a clear theft of services IF it is done without the express permission of the server used to relay out the message. The Murkowski bill has no wording in regards to this topic. The prosecution of SMTP hijackers remains the responsibility of the server administration. Murkowski does protect this practice IF there are no forgeries used.
- So, let's cut the crap. What is the point of this bill?
- Fair question. The purpose of the Murkowski bill is to legalize address harvesting under the term "remove lists". These live lists will be constantly resold and re-spammed. The net result: more spam done via government sanctioned remove lists.
Why the Smith bill is a better alternative
- Does the Smith bill outlaw spam?
- The Smith bill does specifically outlaw spam and it does this by appending the Junk fax/phone solicitation law to include email soliciting. This bill will provide a clear path of financial retaliation for the recipient to invoke against the spammer. When spammers keep losing $500/victim, they'll quickly stop. Just think: Spammers claim an average response of 1 tenth of 1 percent. OK, let's send 1 million spams. 1% of 1 million is: 10 thousand. 1 tenth of that is one thousand. Now, assuming the spammer gets a mere 5 complaints, that's $2500 in fines. Yes, that is a fairly good ratio, but an EXPENSIVE ratio. If this happens a few times, or a lot of complaints roll in, a spammer can quickly be wiped out financially in accordance with the law.
- Again, as I've stated, this bill would append the junk fax/phone solicitation law to include email. Why write totally new laws when you can append an existing law? This would be applicable nationwide. To be more concise: if you spam and you get caught, then you have to pay as per stated law. This law makes spammers directly accountable and responsible for their actions. For the consumer and/or recipient, this means if you don't want it, then you should get paid for it, to the tune of $500/violation.
- But what if the spam properly identifies the sender? Is it still spam?
- This brings to mind one my favorite phrases: You can't polish a turd. OK, so they properly identified themselves in the spam, but you didn't ask for this solitication, therefore this is spam. Even assuming that instead of this being bulk emailed out and they send it one annoying email at a time so it goes directly to each recipient, if you did not specifically ask for the solicitation, then it is spam. So, if you did not SPECIFICALLY ask for the material, it is spam. Period. End of discussion. Go take the spammer to court and collect the $500 fine.
- If the Murkowski bill is so bad, why is it getting such support?
- Simply put, government doesn't understand the problem. This legislation proves them. While the wording of the bill mentions lots of legal action, it also mentions lots of provisions that the spammer must follow. If the spammer doesn't comply with the stated identity provisions, then the government doesn't have an easy way to spot the spammer. Because the government doesn't have an easy way to spot the spammer, they are not going to take the time to find the spammer and prosecute. This is the one of two loopholes that the spammers fully intend to exploit. Most of the anti-spammers have a much better success rate of finding spammers, even without having such information as name, phone, fax, mailing address and so on.
- What are the Murkowski loopholes?
- By failing to properly identify themselves, the spammer will most likely avoid prosecution.
- By including removal instructions in accordance to the Murkowski bill, spammers are still granted a legalized method of harvesting addresses for compliling new spamming lists.
- The biggest loophole is that right now spammers are exploiting the remove function to get a head start on harvesting. This is a BILL, not a law.
- Why introduce wordy legislation that is powerless when we can append existing laws that would work?
- One word: politics. This senator is looking to make a name for himself, and he wants to appear high tech and in support of the internet as a whole. Unfortunately, this legislation proves he merely wants to make a name for himself at the expense of the interne. Again, the Smith bill is intended to ammend existing law to include junk email, as all the existing legal wording is already in place. This is much cheaper, faster and more effective.
Pre-Murkowski spams claiming Murkowski compliance:
These are spams claiming to be in compliance with the Murkowski senate bill. These are also sent while this bill is just that: a bill.
A Porno Spam that violates the Murkowski bill by not positively identifying the sender, the company, the address of the company and the phone number of the company/group or individual running the web site being spammed for. They did however exploit the removal clause for address harvesting purposes.
Another porno spam nearly identical to the above with the same flaws. The same IP address web site is used, just a different directory URL.
Spams that quote Murkowski's Legislation
The stench of this bill still lives and thrives on the internet. Proof?
1999 Murkowski Edition: Spammers quoting the dead SB 1618
Murkowski 2000: More idiots quoting dead legislature
2001 Murkowski: Spams quoting bogus legislature to assist in harvesting.
2002 Murkowski: Spams quoting bogus legislature to assist in harvesting.
If you are one of the dilweeds who sent me unsolicited email or are someone thinking about it, drop dead.
Also, if you've got a complaint about my anti-spam feelings or want to scold me for being justifiably sick of spam, I have the following words of wisdom for you:
BLOW IT OUT YOUR ASS!
Anyone else, I'd like to hear from you. Click below and drop me a line.
Anti-Spam Site administrator