Bush Declines to Create Do-Not-Spam List

Associated Press
Bush Declines to Create Do-Not-Spam List
06.15.2004, 12:06 PM

The Bush administration will not immediately create a national do-not-spam registry to discourage unwanted e-mails, saying using current technology to do so might even generate more unsolicited sales pitches across the Internet, according to documents obtained Tuesday.

The Federal Trade Commission, expected to announce its decision later Tuesday, said it feared that unscrupulous senders of unwanted e-mails would mine such a registry of e-mail addresses to look for new victims, according to a summary of the FTC's decision obtained by The Associated Press.

The commission, which was obligated to consider the proposal under the "can spam" legislation that Bush signed in December, concluded that it would be "largely powerless to identify those responsible for misusing the registry."

Regulators instead proposed broad adoption of new authentication technology that will make it more difficult to disguise the origin of unwanted e-mails. Several proposals from leading technology companies, including Microsoft Corp., are under industry consideration.

more... http://www.forbes.com/technology/feeds/ap/2004/06/15/ap1414790.html

Before any such software can be installed, there must be a:

1) Clear consent that is explicit by the computer user, and

2) It must be very easy to remove.

I hate that shit.

Most unscrupulous emailers don't give a damn about legality.

That's why you should never 'unsubscribe' from an unsolicited junk email list. If you unsubscribe, they now know that your email address is valid and will add you to a database of valid email addresses.

Alas, it will take much more to regulate spam than a do-not-spam list, which will surely be abused.

And the issue is fraught with privacy concerns. Probably the most effective scheme for controlling spam would require even greater monitoring of email by government. Do we really want that?

It's easy to deal with spam. 1) Get an email program with effective filtering technology. 2) Set up a Hotmail or Yahoo account through which you communicate with web sites; this is your spam catcher. 3) Keep your main email account private except for friends and family, and change it periodically or as needed.

And spammers get around blocking software almost as fast as the latter develops.

No bounce back means the email is valid. Still, there's no point in unsubscribing since they will keep your email on the list anyway.

BLAME BUSH FIRST!

Click here for "BLAME BUSH FIRST", and other fair and balanced yet stunning buttons, magnets and stickers

No bounce back means the email is valid.

Not necessarily true. It's a fairly easy matter to configure most email servers to not send non0delivery reports (NDRs) outside of the email server's host domain. In fact, this is reccomended for most business configurations.

The very first instant I heard about the do not spam list I was thinking the people who proposed it were morons. We might legislate US spamming activity, much as we're able to legislate in regards to the do not call list, but foreign and off shore spammers would only foam at the mouth with excitement over the prospect of getting their hands on on a such a juicy, enormous list of "hot" email addresses.

With all the discussion there's been about the do not spam list this is the first time, incredibly, I'd ever heard this objection raised. And I'm no internet genius but the total lunacy of the plain was plain even to me.

What they need to do is provide temporary legal protection for organizations that create spam registries which ISPs and individuals subscribe to voluntarily to block spam. The spammers hound these guys out of existence with lawsuit after lawsuit.

The Shrubbies do something that makes sense! A "Do Not Spam" list would almost immediately be minied by spammers for valid email addresses. The real solution lies in some as-yet-to-be-defined method of authenticating the source of the email. Basically, if the email comes from a different "From" domain than the sending server, the receiving server rejects the message. Simple, huh? It will take some effort on the part of mailserver software authors, but will slow down quite a bit of spam. Relaying mail servers are one of the main sources of this garbage.

A more complete fix could be implemented if the software authors chose to re-write SMTP or switch to another protocol for e-mail, but that looks to be a bit further out. Fundamentally, SMTP is an open, unsecured messaging protocol, and that's the base source of the SPAM problem.

This is probably one of the few things they've decided that makes sense, but it isn't likely this was the idea of the chimp's camp. They probably stole the rationale from someone else.

just the flunkies working for him. I'd bet money that he doesn't know anything about this process and told his sub-Shrubbies to do what they want...

On this subject, somebody is spoofing my web site to send porn spam.

Here's what's in the header of one of them.

Received: from SUE.org <68.112.44.137> by pacific101.com
(SMTPD32-7.04) id A42C36DB00E8; Sat, 12 Jun 2004 08:41:32 -0700
Date: Sat, 12 Jun 2004 11:15:12 -0500
To: [email protected]
Subject: I like you
From: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------mhrrsneskfmaymqfbswv"
X-RCPT-TO: <[email protected]>
Status: U
X-UIDL: 360163690

The IP pings to Charternet in Maryland. But I'm not sure that helps. What am I missing?

they are using your email address as a return address, and there's not much you can do about that. I suspect that the key to all this lies in the "Received: from SUE.org" bit (unless this was sent to you as a complaint by someone at SUE.org). You may be able to contact the owner of that domain to find out where this is coming from.

If it was sent to you by someone at SUE.org, it's quite possible that you're accidentally running an open relay email server. If that's the case, reconfiguring your mail services to disable relaying will shut that down.

We dealt with open relay years ago, so that isn't it. Sue.org isn't a real web site. I just don't understand enough about how email spoofing works to know how to stop it.

Remember when you create a POP3 account in Outlook how you have to put in the "reply to" address? To spoof a return address you simply put in someone else's email address, and when the recipient clicks "Reply To" they get that email instead of the real source. You can do it more completely than that, but this is intended to be a bit simplified.

I'm guessing that the source may be a "rogue" email server. Basically, I can set up an email server with any domain name I choose, and then bulk send from it, and then shut it down. Since I only have the email server running for a couple days, it's difficult to trace aside from IP address logging. I'd say that you might have to lean on Charter Cable a bit to see if you can't get some more info from them.

I think I understand what you're saying.

Could you help me put my complaint to Charter in a way that they will know what I'm talking about.

I really appreciate this. Most stuff that has my domain name on it I figure it a virus of some sort. But this is porn and really embarrassing! On the other hand, I've also kind of wondered if maybe it isn't free advertising, in a weird sort of way! (Uhm, for my domain name, we've got nothing to do with porn.)

will be to find out the "complaints" email address at Charter. It's usually something like [email protected] or [email protected]. The next step is to contact them with the header of the email as a text-file attachment, and say something like

"Dear Mr. Security Guy,

Someone using one of your IP addresses appears to be sending email using my email address as a return address. This is a problem because the sending party is advertising a porn site, and my company is in no way involved in any such ventures. In your service contract with your customers, you have a section that specifically states 'shall not be used for solicitation, or for distributing spam' and another that states that consumer accounts cannot be used for business. Please help me track down the offending party so that this abuse can be stopped. In the attached text file, please note the source time stamp and IP address.

Sincerely,

Sandnsea"

You can clean this up some to add any specifics you can find, and because of the nature of the offensive emails, you may even want to contact legal representation, since this may require Charter to have some sort of subpoena before they can do anything.

:hug:


:loveya:

N/T

I can't help but wonder how long it will be until some enterprising prosecutor *finally* decides to start treating the spam issue as a DDOS (distributed denial-of-service) attack.

That approach opens the door to criminal prosecution, seizure of equipment, conspiracy charges against providers who knowingly facilitate such behavior, etc.

Furthermore, if you ask me, this really would get down to the core of what the spam issue is all about anyway (it's much harder to use email for, say, political organizing when every account on the net immediately gets flooded to the gills with trash). Of course, I'm sure the DDOS angle hasn't ever occurred to any of our RW friends out there. And certainly not to any of the millionaires and billionaires who fund them. Nope, nothing to think about there. Move along.


MDN