FC: New Democrats want Congress to create "do-not-spam-me" list

[Declan McCullagh <declan () well com>]

Excerpt:
> Creating this universal opt- out list, which spammers will use to "wash" 
> their recipient lists, will avoid the distrust of opt-out links, along 
> with the need for individuals to opt out 50 times per day, every day.

I don't mean to pick on the NDOL/PPI folks, since I agree with some of what 
they wrote below. But a "do-not-spam-me" list only works when you have 
trusted parties participating. Otherwise it becomes a valuable source of 
confirmed working email addresses (of spam-haters, true but still 
confirmed). It only takes one spammer -- an overseas one, perhaps? -- to 
gain access to it before the list is being swapped on CDROMs on the open 
market.

Even if it's more intelligently designed, say with an interface that asks 
for a hash of the email address, malicious spammers could still use it to 
verify which of their addresses are live. In other words, for the 
spam-recipients who need it the most, the list will have the least utility.

For the most part, spam doesn't come from legitimate Fortune 100 businesses 
-- it comes from people who won't follow the rules. Any "do-not-spam-me" 
list that's useful enough to allow legit firms to purge their lists will be 
useful enough to help spammers even more.

-Declan

---

Date: Thu, 17 Apr 2003 12:11:04 -0500
Subject: NEW DEM DAILY: Time to Get Tough on Spam
From: New Democrats Online <admin () mail ndol org>

[ New Democrats Online: http://www.ndol.org ]

Time to Get Tough on Spam

Spam -- unsolicited commercial e-mail -- is becoming bigger news
as it becomes a bigger problem. This week AOL announced several
lawsuits against big-time spammers, after recently announcing
that its servers are now blocking more spam e-mails than they
deliver. In a very scary case, a Maryland spammer announced that
he is quitting the business after his name and address were
published on an anti-spam web site, leading to harassment and
death threats.

We shouldn't have to rely on vigilante action to get control of
spam. Federal legislation is a better idea. Unfortunately,
Congress has never gotten around to action on spam, despite years
of warnings that the problem could eventually turn e-mail, the
Internet's most popular and useful application, into a glorified
junk mail delivery service. Part of the blame can be pinned on
spam industry lobbyists, who have taken a hard line against even
the weakest anti-spam proposals. But now that the problem has
become a large daily annoyance to much of the American
population, leading to a rapidly growing patchwork of state laws,
even long-time opponents of federal spam legislation are changing
their minds.

But past anti-spam proposals may no longer be enough, because of
the evolving nature of spam.  Recently, Senators Conrad Burns (R-
MT) and Ron Wyden (D-OR) have reintroduced their "CAN SPAM" Act
imposing penalties for fraudulent spam, requiring spammers to let
recipients opt-out, and preempting state spam laws.  The bill,
which is widely expected to be the main anti-spam vehicle this
year, needs some improvements to make it as effective as it might
have been had it become law four years ago.

Take, for example, the bill's opt-out requirement (echoing the
Progressive Policy Institute's 1999 report on controlling spam),
which makes spammers include an opt-out mechanism -- "Click here
if you don't want to receive future mailings" -- in the body of
the e-mail. Over the past few years, spammers learned to use
the "click here" device as a ploy to unwittingly get recipients
to confirm that the address was live and being checked by a
human. The spammers would then sell that live address to other
spammers. E-mail users wised up to the ploy, and now fewer and
fewer people click on opt-out links for fear of being flooded
with more spam.

An updated PPI paper on fighting spam recommends these three
steps to make federal anti-span action effective under today's
conditions.

* Mandatory standardized labels -- such as ADV: --  in the
subject line of every unsolicited commercial e-mail message. This
idea, proposed last year by Rep. Adam Schiff (D-CA) as an
amendment to anti-spam legislation in the House, will allow both
Internet Service Providers and individual users to set up
software that automatically sends spam into a special box,
leaving the main inbox free of clutter. Many ISPs have developed
software to do this, but spammers are winning the arms race with
their own software that confuses the spam filters. A mandatory
label will end the confusion and make spam filtering a simple and
inexpensive process.

* A spam "wash list" where individuals can opt-out of all spam
from all senders. This can be modeled on the "Do Not Call" list
currently under development by the Federal Trade Commission to
deal with the telemarketing problem. Creating this universal opt-
out list, which spammers will use to "wash" their recipient
lists, will avoid the distrust of opt-out links, along with the
need for individuals to opt out 50 times per day, every day.
Senator Mark Dayton (D-MN) has proposed this in his Computer
Owners' Bill of Rights, and it should be added to any anti-spam
bill passed by Congress, along with the modest amount of money
needed to build it.

* An international anti-spam effort. In response to any anti-spam
laws passed in the United States; some spammers are likely to
move their operations offshore. Solving the problem of foreign
spammers, therefore, will require either blocking all e-mail from
foreign senders or cooperating with foreign governments to spread
these anti-spam measures around the world. Obviously the
cooperative approach is preferable, and Congress should take the
initiative to get it started by instructing the Bush
Administration to work with other countries to draft reciprocal
treaties.

This tougher approach to the spam problem may earn some
opposition from foot-dragging industry groups that only belatedly
got on board the anti-spam train. And some may use the tired
argument that any law will be evaded by some determined and
lawless spammers (an argument that does not convince anyone to
repeal, say, all traffic laws).  But Congress should not
surrender to opposition or avoid its responsibility to regulate
this menace to daily life and to the development of an
information-age economy. We wish lawmakers had acted years ago
and nipped spam in the bud. Now it will take a bit more force to
put spam back in the can.

Related Links:

Text of the "CAN SPAM" Act, Senate Bill 877,
Introduced by Sens. Conrad Burns (R-MT) and Ron Wyden (D-OR):
<http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=108_cong_bills&docid=f:s877is.txt.pdf>

"The Battle Over Spam,"
By Shane Ham, PPI Policy Briefing, March 27, 2003:
<http://www.ppionline.org/ppi_ci.cfm?knlgAreaID=140&subsecID=288&contentID=251429>




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------