The other day I happened to encounter this fine fellow, who is doing something that I briefly dabbled in -- fighting spam. In fact, he's been wading in virtual sewers, dealing with the dreck and offal that would put the Palestinians' "turdnami" to shame, for seven years, studying, analyzing, and creating a taxonomy of spam -- and lemme tell ya, it's downright ugly.
During the course of our conversation, we noted three things:
1) The infamous "CAN-SPAM Act" of 2003, in which the utterly immoral, downright indefensible practice of "opt-out" was enshrined into law, had a tremendous affect on the spam problem -- it sent it skyrocketing through the roof.
2) The drop-off in "stealing cable" spams was quite probably linked to the rise in popularity of digital cable and satellite TV service, both considerably more difficult to steal.
3) Spammers are are scumbags.
Just to clarify point #1, "opt-out" is the electronic version of "negative option" marketing -- "congratulations, you're on our list! We're going to keep sending you our crap until you beg and plead and jump through these hoops to get off it." To me, it's a violation of a fundamental principle -- no one should have to actively seek to be left alone. That should be the default.
Unfortunately, our Congress, in its infinite wisdom (and infinite pocket-space for "campaign contributions"), decided that every spammer should be entitled to one free spam, and can continue spamming you until you follow THEIR rules and get off THEIR list, that you never asked to be one.
That's every spammer. Potentially, that's every single company in the United States -- and the last count I heard listed that number was in excess of 22,000 different companies. Assuming that they take turns sending the spam, and only spam once inside the 10-day window they have to process opt-out requests, that means that you can receive 60 spams a day, every day, all year.
And don't even think of hoping that your state might decide to protect you better than Congress. Another part of the law specifically prevents that. Should the CAN-SPAM act conflict with any state law, the federal law takes precedence and trumps state laws.
My favorite analogy: "Congratulations! You're now a member of the 'Punch In The Nose' club! Once a day, a very large man named Guido will come by and punch you in the nose. If you don't wish to continue your membership, click here and enter your e-mail address on the form that comes up. Please allow up to 10 days for your request to be processed -- and during that time Guido will continue to share with you the benefits of your membership. And your request will be good for 30 days only, at which time we may choose to renew your membership and start this whole thing over again."
And what is so wrong with spam? It's because it is "free" to the sender. It's just as cheap to send a single e-mail as it is to send a zillion. The real cost of the spam is paid by the companies that carry the e-mail -- and sooner or later, they're going to look at the cost-benefit ratio and simply stop carrying the traffic entirely.
The cost is shared by the recipients, who pay for their computers, their internet connections, their e-mail, and have to watch the spammers use those resources without their consent -- and they can't do a goddamned thing about it, thanks to Congress and that "CAN-SPAM" act.
This whole situation has confirmed a few beliefs of mine:
If you want to find the absolute worst, most inefficient, most cumbersome, most easily perverted solution to a problem, have the federal government do it. There are times when this is the only solution, but as a general rule it's a bad idea.
Any time Congress passes a law with a tortuous acronym such as CAN-SPAM ("Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003") or the USA PATRIOT Act ("Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001"), the ensuing legislation is pretty much guaranteed to be a dog's breakfast of untested ideas, loopholes, earmarks, sneaky exceptions for favored individuals and groups, and in general cause more problems than it cures.
In this case, according to e-mail giant Postini, we have reached the point where 90% of all e-mails are spam. The signal-to-noise ratio in e-mail is decreasing to the point where it very well might destroy the utility of e-mail entirely -- meaning that these "marketing" scumbags are on the verge of killing off something that has become an essential part of so many people's and businesses' lives.
Mr. Stearns has done a tremendous job, looking at the sort of thing most of us (myself shamefully included) "just hit delete" on. He's given us a good look at just what the spam problem looks like -- and where it's heading.
Permalink | E-mail This | Technorati Links | Sphere: Related Content | Digg this! | FARK It!
Filed under:
Tech Stuff
Comments (13)
Ending e-mail and comment/t... (Below threshold)1. Posted by Bullwinkle | March 29, 2007 6:21 AM | Score: 0 (0 votes cast)
Ending e-mail and comment/trackback spam would be simple if ISPs and hosting services wanted it ended. All it would take would be for providers to block access to any site that spams their customers for all their users. A 'if you spam one of our customers nobody using our service will be able to access your site' policy would end it completely. Spam only works because they don't do that. Nobody would go to the trouble of spamming if it meant that the people they sent it to wouldn't be able to visit their site. Other users of the hosting companies that host spammers would pressure their hosts stop spam at the source so people could access their sites. They'd either stop hosting spammers or end up only hosting spammers who couldn't get traffic. As easy as spamming is to do it wouldn't be worth doing if if there wasn't even a remote possibility of gaining something from it. Business from spammers wouldn't justify losing every legit customer you had and eventually losing the spammers too.
1. Posted by Bullwinkle | March 29, 2007 6:21 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 06:21
2. Posted by wolfwalker | March 29, 2007 7:51 AM | Score: 0 (0 votes cast)
Ending e-mail and comment/trackback spam would be simple if ISPs and hosting services wanted it ended. All it would take would be for providers to block access to any site that spams their customers for all their users.
Sorry, the spammers beat this idea years ago. Many spams don't come from the business directly anymore. They're subcontracted out, in the best capitalist tradition, to the filth that run "spambot" networks. The way it works is this: Spammer company sends their spam form letter to a botnet operator. The botnet operator sends the text to all the little zombie PCs on his botnet. Each zombie sends out ten or twenty spams to a few dozen email addresses. There's no mass emailing to arouse suspicion, and no evidence trail back to the source company, therefore no legal way to attack it. If you make it legal to base a blackout of the company's site on a mere appearance of guilt, then you simply open the door to spam-blackmail: a botnet operator says "I will fake a spam attack from your company unless you pay me a lot of money." Meanwhile, the spammers will continue their operations from noncompliant countries, and/or steal space on legitimate countries' webservers to host their operations. Many companies do a horrible job of securing their webservers.
On top of all that, the current major round of spam doesn't even depend on selling anything directly. They're stock pump-and-dump schemes, which don't require any feedback and therefore there's no way at all to tell what sites to blacklist. Look at Stearns's list: three-quarters of it is stock spams.
2. Posted by wolfwalker | March 29, 2007 7:51 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 07:51
3. Posted by Oyster | March 29, 2007 7:58 AM | Score: 0 (0 votes cast)
Chances are, too, we all know someone who sends spam emails. They would never admit it of course. I would take great pleasure in signing up said person to my own "I-get-to-punch-you-in-the-nose-daily" club even if it's my own brother.
3. Posted by Oyster | March 29, 2007 7:58 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 07:58
4. Posted by Bullwinkle | March 29, 2007 8:07 AM | Score: 0 (0 votes cast)
Would you contract spamming out if it was going to get your site blocked? Doesn't matter where it originates, there'd be no benefit from doing it no matter where the spam came from. If spam blackmail starts then maybe the government would step in and enforce blackmail laws if they won't enforce anti-spamming laws. The blackmailers have to collect the money somehow so they should be pretty easy to catch. I'd be happy if they just put a stop to the wiener pill and gay pron ads like I just finished deleting over 500 of. Those certainly link back to sites that could be blocked.
4. Posted by Bullwinkle | March 29, 2007 8:07 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 08:07
5. Posted by Mike | March 29, 2007 8:10 AM | Score: 0 (0 votes cast)
"If you want to find the absolute worst, most inefficient, most cumbersome, most easily perverted solution to a problem, have the federal government do it. There are times when this is the only solution, but as a general rule it's a bad idea."
Jay, I apologize for changing the subject, but just can't resist. If you think spam is problem, just wait until we get "universal health care". People that think health care can't get worse need to think again.
5. Posted by Mike | March 29, 2007 8:10 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 08:10
6. Posted by Paul Hooson | March 29, 2007 8:22 AM | Score: 0 (0 votes cast)
Spam is so offensive that it draws together a great bipartisan coalition of liberals and conservatives alike. Spam ranks right between Sanjaya and Al Qaeda as one of the greatest threats of our time.
6. Posted by Paul Hooson | March 29, 2007 8:22 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 08:22
7. Posted by Sabba Hillel | March 29, 2007 8:38 AM | Score: 0 (0 votes cast)
Luckilly, my ISP takes care of spam at the server level. Thus, I do not see most spam messages. Every so often I double check the spam folder to make sure i do not miss a real message (once in a blue moon), but normally, I just hit "empty the folder".
Similarly with gmail. Of course, if this gets too burdensome for the ISP, perhaps the economy of scale would kick in and they could buy enough congresscritters. Then again, maybe forwarding all spam to Nancy Reid (sic) and Harry Pelosi (sic) would work.
7. Posted by Sabba Hillel | March 29, 2007 8:38 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 08:38
8. Posted by Lugnut | March 29, 2007 8:50 AM | Score: 0 (0 votes cast)
60 spams a day?
Heck, that ain't nothin'. One of my mail accounts got 193 spams in a 24 hour period a few weeks ago.
8. Posted by Lugnut | March 29, 2007 8:50 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 08:50
9. Posted by OregonMuse | March 29, 2007 10:08 AM | Score: 0 (0 votes cast)
Heck, I routinely find 300+ spam emails waiting for me when I arrive at work on Monday mornings.
9. Posted by OregonMuse | March 29, 2007 10:08 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 10:08
10. Posted by OregonMuse | March 29, 2007 10:49 AM | Score: 0 (0 votes cast)
I arrived here at work just a few minutes ago and I had 78 emails waiting for me, and 76 turned out to be spam. That is since 4:00 pm yesterday. That's only 16 hours. 76 spam emails. I wonder if I qualify for some sort of prize?
10. Posted by OregonMuse | March 29, 2007 10:49 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 10:49
11. Posted by wolfwalker | March 29, 2007 11:49 AM | Score: 0 (0 votes cast)
OregonMuse: Alas, 76 spams in 16 hours is small potatoes. Some people can get hundreds of spams in that timespan.
Oyster: Chances are good you know somebody whose computer is sending spam and they don't know it. A frightening number of people don't secure their computers from intrustion, and their computers are rapidly zombified and co-opted into one or more botnets. Zombie-bot programs have gotten so sophisticated that some of them actually search for and remove other bot programs from the computers they infect, so no other bots are stealing computer resources from them while they steal resources from the hapless users.
You want to kill spam, this will hurt it more than any law: secure all personal PCs. A firewall (hardware or software) and an anti-malware program are all it takes. Maybe fifty bucks and an hour's worth of work per PC.
11. Posted by wolfwalker | March 29, 2007 11:49 AM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 11:49
12. Posted by kbiel | March 29, 2007 1:18 PM | Score: 0 (0 votes cast)
While CAN-SPAM certainly hasn't helped, I'm not so sure that it has done any harm. Does anyone here actually receive spam form legitmate companies with a tangible U.S. presence? I certainly don't. Almost all of my spam falls into two buckets, penny stock pump-and-dump scams or v!@gR@ crap. In the case of the pump-and-dump, there is no site or contact that needs to be made between the scammer and the mark. As for the drug stuff, all of the ones I've actually opened point to some off-shore website or phone number. I do occasionally still receive the Nigerian 419 missive. Obviously none of these types of spammers are going to care one whit whether the CAN-SPAM act says they can spam me once or not.
12. Posted by kbiel | March 29, 2007 1:18 PM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 13:18
13. Posted by OregonMuse | March 29, 2007 4:03 PM | Score: 0 (0 votes cast)
Time was I used to amuse myself by poring over spam email and reporting the abuse to the actual ISP I could find buried in the header, but these days, it's all coming from offshore. Or, as wolfwalker points out, it's coming from multitudes of ignorant boobs who don't think it's important to secure their computers from malware
13. Posted by OregonMuse | March 29, 2007 4:03 PM |
Score: 0 (0 votes cast)
Posted on March 29, 2007 16:03