Spam Sham
One of my titles at work is that of Sr. Postmaster. Among the duties which comes with that exalted title is that of reducing the amount of Unsolicited Commercial Email (SPAM) which enters our network. First let me say that I am a firm believer that commercial speech has
no where near the protections and priviledges accorded to political or other types of speech or expression. Therefore, I have very little tolerance for spam to
begin with. In the past few months the situation has become nearly intolerable, as we have seen the overall amount of spam increase several fold to a point where 80%+ of e-mail arriving at our gateways can be classified as spam. Perhaps some statistics will help clarify this, these begin as we started to filter spam and are taken from one of our primary gateways:
Now the federal government has stepped in to legalize spam. This week the President signed into law S.877, the CAN-SPAM Act of 2003. While this law has some good provisions, such as outlawing the use of illegitmate e-mail headers and open proxies, it does not outlaw unsolicited commercial e-mail; rather, it reiterates the general restrictions on all advertising (viz. truefulness, fraud, etc.), and requires that all UCE contain an “opt-out” facility. Yet, as any of us who fight spam on a daily basis know, these “opt-out” options are mainly used by spammers to gather legitimate e-mail address. One of the greatest problems with this law is the sense of empowerment it gives to the average user. The law itself is premised on the idea that most spam comes from legitimate companies operating within U.S. jurisdiction. By suggesting to average users that by clicking an “opt-out” URL within all their spam they will be removed from all future mailings is ridiculous. Most of the spam we see is is either sourced from countries outside the U.S., or from open proxies controlled by spammers ourside the U.S. By misleading average users, congress has created a law which will simply feed the spammers more legitimate addresses then they could have ever hoped for. For those spammers which the law does apply to, CAN-SPAM removes the ability of individual and corperate reciepients to seek civil penalties against spammers; instead, in most circumstances, only ISPs will be able to seek civil redress. Under the provisions of CAN-SPAM the famous case of Microsoft sueing spammers would be illegal. Furthermore, it is almost impossible to imagine the FTC enforcing this law on a regular basis — the resouces of the entire agency would have to be dedicated to simply tracing back email headers to their points of origin and filing subpoenas.
In essance, this law is yet another example of congess and the executive branch trying to control something they have no understanding of. The solution to the spam problem lies with the ISPs and not in federal — or even state — laws. Responsible ISPs have already begun filtering spam at the edges of their networks with some success, and have strengthened and enforced their Acceptable Use Policies to reflect strong anti-spam positions. Users not wanting to recieve spam would then move their accounts to these ISPs and away from spam friendly ones — the free marketplace in action. Yes, there is a great deal more to be done, and many theories have been floated such as global whitelists and trusted email certificates. Yet, by interfering the federal government may have set these current trends back by making the use of RBLs and spam filters illegal — as UCE is essentially legalized in CAN-SPAM it can, and will, be argued that ISPs which block it are violating fair trade and commerce laws. For most of its existence the Internet has been a self regulating body, and has functioned amazingly well, all things considered. By attempting to locally regulate a global network the goverment has simply made it easiser for spammers to function, and potentially more diffcult for mail operaters to stem the ever increasing tide of spam. In the end I believe that CAN-SPAM will simply lead to more spam for average users, and greater frustrations for everyone involved.
In keeping with the general open source attitude of this site, below are most of our regex (pcre) header filters and access filters for Postfix. They have been cobbled together from various sources and are updated regularly.
This entry was posted by steve on Tuesday, December 23rd, 2003 at 8:14 pm and is filed under Internet, Politics. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Have your say
Fields in bold are required. Email addresses are never published or distributed.
Some HTML code is allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>URIs must be fully qualified (eg: http://www.domainname.com) and all tags must be properly closed.
Line breaks and paragraphs are automatically converted.
Please keep comments relevant. Off-topic, offensive or inappropriate comments may be edited or removed.