Politech mailing list archives

Previous By Date Next
Previous By Thread Next

Did Congress just make inbound spam filtering illegal? [sp]

From: Declan McCullagh <declan () well com>
Date: Thu, 04 Dec 2003 14:59:23 -0500
---

Date: Wed, 3 Dec 2003 17:10:32 -0500
From: Al Donaldson <al () escom com>
Message-Id: <200312032210.hB3MAWn32417 () escom com>
To: declan () well com, gnu () new toad com
Subject: Re: [Politech] Another round on what Congress spam bill actually does [sp] 
Cc: cjlamb () camharris com

John Gilmore wrote:
> I won't spend further time on this message because there is an 80% chance
> that it will bounce unread -- your antispam software will reject it.
> (So far, *every* response I've sent to people who sent me email after
> Declan posted my note has bounced.)

Then wouldn't that be 100% chance? :-)  But seriously, John, I don't
know what your timeframe is here.  I know that you and I have exchanged
mail both ways after I replied to one of your mailings on Politech.

The real point of my note is to question whether S.877 will make
inbound spam filtering illegal for commercial companies.  Section
5(a)(3) of the document I read states:

      (3) INCLUSION OF RETURN ADDRESS OR COM-
  PARABLE MECHANISM IN COMMERCIAL ELECTRONIC
  MAIL.--
  (A) IN GENERAL.--It is unlawful for any
  person to initiate the transmission to a pro-
  tected computer of a commercial electronic mail
  message that does not contain a functioning re-
  turn electronic mail address or other Internet-
  based mechanism, clearly and conspicuously dis-
  played, that--
    (i) a recipient may use to submit...
[deleted]
    (ii) remains capable of receiving such
    messages or communications for no less
    than 30 days after the transmission of the
    original message.
  (B) MORE DETAILED OPTIONS POSSIBLE.--
[deleted]
  (C) TEMPORARY INABILITY TO RECEIVE
  MESSAGES OR PROCESS REQUESTS.--A return
  electronic mail address or other mechanism
  does not fail to satisfy the requirements of sub-
  paragraph (A) if it is unexpectedly and tempo-
  rarily unable to receive messages or process re-
  quests due to a technical problem beyond the
  control of the sender if the problem is corrected
  within a reasonable time period.

And so it would appear that if my company sends a commercial e-mail,
from me personally to to any recipient, we could not filter
*inbound* e-mail from that recipient for 30 days, even if they
started sending continuous spam.  Paragraph (C) explicitly waives
temporary outages, but since the authors did not provide an
equivalent waiver for inbound spam filtering, I must conclude
that it would be illegal for me to spam filter mail from any
of those addresses.

This may sound reasonable at first, because if a () b com sends mail
to c () d net, then a should generally be prepared to receive mail from c.
But the implications of putting this into law are enormous.
Most spam filters use other mechanisms than just blocking individual
email addresses.  For example, most RBL servers list IP addresses
or domain names.  (Blocking email addresses isn't much good because
they're so commonly forged.)

So if I send a commercial message to xxx () comcast net (to pick a user
name and ISP at random), does that mean that it would be illegal
for me to blacklist the client comcast.net IP addresses or domains?
"xxx" might conceivably use one of those client IP addresses (e.g.,
c-67-170-243-205.client.comcast.net/67.170.243.205) to send his
opt-out reply.  As most of you know, a lot of spam is sent via
infected Microsoft clients or servers that have been hijacked
as spam redirectors.

There's even a case to be made that I couldn't filter anything.
Suppose comcast.net kicks xxx off their network for spamming,
and then he gets an account at adelphia.  What then if xxx wants
to opt out of my commercial mail from his new adelphia account?
What if xxx wants to opt out from my mail while he's on vacation
in Korea or Brazil?  Such is the web we weave...

So while the Senate paid lip service to the need for technical
solutions to spam, they certainly don't seem to understand
the technology.  This bill will make a lot of money for lawyers,
will cost businesses to comply with all this, and will grow
government.  Maybe that's the goal.

I have some more thoughts online at www.escom.com/spamlaw.html.
CAUTION!!! This is a commercial site.  Don't go there if you are
offended by commerce.  Sheesh..

Al Donaldson
al () escom com
703-620-4823

PS -- Declan, if you post this message you may certainly leave my
address in it, because I have spam filtering.  At least for now...

PPS -- When spam filters are outlawed, only outlaws will have
spam filtering.
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
Previous By Date Next
Previous By Thread Next

Current thread: