Murkowski anti-spam bill could be a problem for ISPs
No, this isn't a rant about spam. It's about a misguided anti-spam bill that puts potentially onerous rules on every ISP in the country. Sen. Frank Murkowski of Alaska filed a bill earlier this week that's intended to solve the spam problem. His intentions are clearly good, and based on his press release, he seems to understand many of the issues, but his bill is very unfortunate. It says: * Commercial e-mail must be tagged with "advertisement" * All ISPs must provide tag filtering on inbound mail * Commercial e-mail must provide a real return address, and accept remove requests. They have 48 hours to act on a remove request. * The FTC can discipline misbehaving ISPs. * Various penalties for unsigned ads, for ISPs that don't provide filtering, for spammers who continue to send ads after receiving a remove. There's a press release and a full copy of the bill on the senator's web site at http://www.senate.gov/~murkowski/press/EMail052197.html Seems to me that if this were enacted into law, it'd be bad news for ISPs, since the volume of spam would increase (since it'd be officially legal) and ISPs would have to provide filtering on mountains of inbound spam. And, of course, opt-out lists don't work. There's a separate bill proposed by Rep. Chris Smith of New Jersey which extends the junk fax ban to unsolicited commercial e-mail and says nothing about ISPs. The ISP/C endorses the Smith bill in principle. People say they've been talking to Murkowski, he's amenable to argument and will probably revise his bill next week. If you think this bill would affect your business (he's a pro-business conservative Republican, after all), it's worth a phone call. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
* Commercial e-mail must be tagged with "advertisement" * All ISPs must provide tag filtering on inbound mail * Commercial e-mail must provide a real return address, and accept remove requests. They have 48 hours to act on a remove request. * The FTC can discipline misbehaving ISPs. * Various penalties for unsigned ads, for ISPs that don't provide filtering, for spammers who continue to send ads after receiving a remove.
Seems to me it's even worse than this. Seems to me that the bill, while well intentioned, could be used by Spammers to say "See, it's OK to SPAM, it says so here. We put the word advertisement on the subject line. See, if people don't want to see it, the law says their ISP filters it. We're doing exactly what the law says we should. It condones SPAM." Or did I miss something about this law? Owen
* The FTC can discipline misbehaving ISPs. * Various penalties for unsigned ads, for ISPs that don't provide filtering, for spammers who continue to send ads after receiving a remove.
Don't these two lines cause everyone a little bit of grief? 1) What can the FTC do to discipline an ISP? 2) Why should ISPs be required to filter? Wouldn't it make sense that customers would decide if they want to make a purchase based on *if* filtering were available? The other two [unsigned ads] and [spamming after a remove] are good. It doesn't address the most serious problem. By a real email address, what do we mean? One that doesn't bounce? One that actually goes back to the spammer? What if every 48hrs he/she rotates email addresses so the spammer can ignore the remove requests because (simply put) it is coming from a different spammer (and *still* send untagged email)? -Deepak.
* The FTC can discipline misbehaving ISPs. * Various penalties for unsigned ads, for ISPs that don't provide filtering, for spammers who continue to send ads after receiving a remove.
Don't these two lines cause everyone a little bit of grief?
No, the cause some people (not the spammers) an enormous amount of grief.
1) What can the FTC do to discipline an ISP?
Levy large fines after several years of delay.
2) Why should ISPs be required to filter? Wouldn't it make sense that customers would decide if they want to make a purchase based on *if* filtering were available?
Of course.
By a real email address, what do we mean? One that doesn't bounce? One that actually goes back to the spammer? What if every 48hrs he/she rotates email addresses so the spammer can ignore the remove requests because (simply put) it is coming from a different spammer (and *still* send untagged email)?
Oh, you don't even have to work that hard. If you have to have filtering anyway, you can expect many people to have the filter auto-send a remove messge in response to all spam, so a spammer signs up for a dial-up account, sends 100,000 spams, gets back 25,000 remove responses, of which 24,900 fall on the floor because he's blown his e-mail quota. I said this bill had problems. Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
Deepak Jain writes...
By a real email address, what do we mean? One that doesn't bounce? One that actually goes back to the spammer? What if every 48hrs he/she rotates email addresses so the spammer can ignore the remove requests because (simply put) it is coming from a different spammer (and *still* send untagged email)?
Mailing lists are being sold, perhaps by CDROM. Asking one spammer to remove your name doesn't mean you will be removed by any of the others. And this law may not have any effect on the sellers of mailing lists at all. Thus you could end up with this scenario which is the equivalent to buying mailing labels. The mailing list seller sells a list for a one-time use only. There may be ways to make that work, but even if it is just a contract for one-time use, the seller can impress on the buyer that they need to destroy the list after one use to be within the law (they having effectively removed all names from the list, thus having complied with all remove requests). Later they buy a new list from the seller, who could very well be immune to this law and perhaps anonymous. There are easy ways around this law. -- Phil Howard KA9WGN +-------------------------------------------------------+ Linux Consultant | Linux installation, configuration, administration, | Milepost Services | monitoring, maintenance, and diagnostic services. | phil at milepost.com +-------------------------------------------------------+
On Sat, 24 May 1997, Deepak Jain wrote:
* The FTC can discipline misbehaving ISPs. * Various penalties for unsigned ads, for ISPs that don't provide filtering, for spammers who continue to send ads after receiving a remove.
Don't these two lines cause everyone a little bit of grief?
1) What can the FTC do to discipline an ISP? 2) Why should ISPs be required to filter? Wouldn't it make sense that customers would decide if they want to make a purchase based on *if* filtering were available?
I see serious problems with this as well. First, it is inconsistent with the way that other "unwanted" messages. For example, your postmaster is not required to filter through your mail and remove any junk mail (usually "tagged" as "bulk mail"). And yes, you are paying for that mail to get to you as a US tax payer. Second, I think it opens huge liabilities for an ISP. What happens, for example, if an ISP mistakenly filters out an important legitamate message because it met the conditions of a junk message? Or, if an ISP fails to filter out all junk mail because of a failure of the filtering system or because the junk mail is not properly tagged? On the other side, I think there are huge liabilities that come up from the people who might *want* spam (obviously there must be people who respond to spam), as well as whatever rights spammers may have to communicate their message. It stinks of a ripe first amendment lawsuit when you talk about the carriers of the message completely shutting off communications of this sort. Of course, I'm not an attorney. The thing that most concerns me is that the easiest target to hit is the ISP. The customer isn't doing anything except complaining, and the spammer can pull up roots quickly and move on without leaving tracks. Only the ISP, who bears the brunt of responsibility and liability, is involved enough and is permanent enough that if fines are levied or lawsuits filed, they're the most likely (if not the only) ones to get hit. Ironically, the ISP is actually the one who "suffers" the least, as long as they are protected against spam mail relaying and their customers aren't the ones doing the spamming. The costs of filtering, and potential legal costs related to this bill are far higher than any current costs of spam (some bandwidth and disk space). For these reasons, as an ISP, I'm very fearful of legislation like this. I would prefer that the ISP be completely removed from the loop, and that the legislation focus strictly on ways that Internet users can do their own spam filtering (even potentially having a user-specified server-side filter, so they don't have to download the spam messages), and leave it at that. Pete Kruckenberg VP Engineering inQuo, Inc. pete@inquo.net
At 18:54 24-05-97 -0600, Pete Kruckenberg wrote:
I see serious problems with this as well. First, it is inconsistent with the way that other "unwanted" messages. For example, your postmaster is not required to filter through your mail and remove any junk mail (usually "tagged" as "bulk mail"). And yes, you are paying for that mail to get to you as a US tax payer.
Actually, the USPS is almost 100% postage-funded; the only "subsidy" they receive is that it's a felony to mess with US Mail (which courts will go crazy over), whereas messing with FedEx/UPS packages is barely a misdemeanor.
Second, I think it opens huge liabilities for an ISP. What happens, for example, if an ISP mistakenly filters out an important legitamate message because it met the conditions of a junk message? Or, if an ISP fails to filter out all junk mail because of a failure of the filtering system or because the junk mail is not properly tagged?
This provision is also contrary to the idea of a common carrier... I think we should be trying to get _closer_ to common carrier status, not farther away.
On the other side, I think there are huge liabilities that come up from the people who might *want* spam (obviously there must be people who respond to spam), as well as whatever rights spammers may have to communicate their message. It stinks of a ripe first amendment lawsuit when you talk about the carriers of the message completely shutting off communications of this sort. Of course, I'm not an attorney.
I agree.
For these reasons, as an ISP, I'm very fearful of legislation like this. I would prefer that the ISP be completely removed from the loop, and that the legislation focus strictly on ways that Internet users can do their own spam filtering (even potentially having a user-specified server-side filter, so they don't have to download the spam messages), and leave it at that.
I think that the burden should be placed entirely on the spammer; there is no reason to bother the user or the ISP with this mess. The current US law (USC Title 47 Sec 227) governing commercial telecommunications should be strengthened to explicitly include email. There's already been a few judgements using this law as-is, so there's no reason to create a new law that may not work. The US government can add email addresses to the telephone number opt-out list they maintain; email spammers will have to pay for access to the opt-out list just like phone spammers, and the US Govt will eat any spammer who doesn't use it alive. Other countries will undoubtedly follow the US's lead if/when it works, as many have with telephone opt-out lists. I'm not familiar with snail-mail opt-out lists; it might be worth investigating those (if they exist), but the phone opt-out lists will probably more applicable. Out of curiosity, has anyone considered the effect of this law (or others) on non-profit spam? Stephen
Stephen Sprunk writes...
I think that the burden should be placed entirely on the spammer; there is no reason to bother the user or the ISP with this mess.
The current US law (USC Title 47 Sec 227) governing commercial telecommunications should be strengthened to explicitly include email.
Then all the spammers just migrate across the border. I already get spam from Canada and Europe.
Out of curiosity, has anyone considered the effect of this law (or others) on non-profit spam?
Or has anyone considered the effect of this law on spammers outside of the United States? -- Phil Howard KA9WGN +-------------------------------------------------------+ Linux Consultant | Linux installation, configuration, administration, | Milepost Services | monitoring, maintenance, and diagnostic services. | phil at milepost.com +-------------------------------------------------------+
On Mon, May 26, 1997 at 02:21:33AM -0500, Phil Howard wrote:
Or has anyone considered the effect of this law on spammers outside of the United States?
Yes, many people have. Various answers include: - The Smith amendment doesn't even address the physical location of the machine which originated the message; it goes after the company itself. - A number of countries already have legislation which serves to block spammers, such as Germany's strict "unfair advertising" statutes. - Many countries have poor connectivity, and could not possibly hope to survive the amount of bandwidth used by spammers. - If all spammers move to one country, filtering becomes easier. My personal favorite is the simple fact that while this law may not stop 100% of what we currently consider spam, it will seriously reduce the amount without making it any harder to try other methods to stop the rest. ---------========== J.D. Falk <jdfalk@cybernothing.org> =========--------- | "A straight line may be the shortest distance between two points... | | but it is by no means the most interesting." | | -- Jon Pertwee as Doctor Who in "Doctor Who and | | the Time Warrior" by Robert Holmes (BBC, 1974) | ----========== http://www.cybernothing.org/jdfalk/home.html ==========----
On Mon, May 26, 1997 at 03:43:30AM -0400, J.D. Falk wrote:
My personal favorite is the simple fact that while this law may not stop 100% of what we currently consider spam, it will seriously reduce the amount without making it any harder to try other methods to stop the rest.
Correction: I'm talking about Smith's bill in the above paragraph; Murkowski's is simply awful. Sorry about any confusion. ---------========== J.D. Falk <jdfalk@cybernothing.org> =========--------- | "When that what now is yet to be has come to pass, | | thou shalt realize that thy existance 'tis merely another | | building block upon that edifice which we call reality." | | --Pink Floyd (paraphrased) | ----========== http://www.cybernothing.org/jdfalk/home.html ==========----
Why not voice these complaints to Senator Murkowski? He has the following text on his webpage: NOTE: Senator Murkowski strongly encourages the Internet community to make specific recommendations or comments about the legislation. Please send them to this address: commercialemail@murkowski.senate.gov On Sat, 24 May 1997, Pete Kruckenberg wrote: ]On Sat, 24 May 1997, Deepak Jain wrote: ] ]>>> * The FTC can discipline misbehaving ISPs. ]>>> * Various penalties for unsigned ads, for ISPs that don't provide ]>>> filtering, for spammers who continue to send ads after receiving a remove. ]> ]> Don't these two lines cause everyone a little bit of grief? ]> ]> 1) What can the FTC do to discipline an ISP? ]> 2) Why should ISPs be required to filter? Wouldn't it make sense that ]> customers would decide if they want to make a purchase based on *if* ]> filtering were available? ] ]I see serious problems with this as well. First, it is inconsistent with ]the way that other "unwanted" messages. For example, your postmaster is ]not required to filter through your mail and remove any junk mail (usually ]"tagged" as "bulk mail"). And yes, you are paying for that mail to get to ]you as a US tax payer. ] ]Second, I think it opens huge liabilities for an ISP. What happens, for ]example, if an ISP mistakenly filters out an important legitamate message ]because it met the conditions of a junk message? Or, if an ISP fails to ]filter out all junk mail because of a failure of the filtering system or ]because the junk mail is not properly tagged? ] ]On the other side, I think there are huge liabilities that come up from ]the people who might *want* spam (obviously there must be people who ]respond to spam), as well as whatever rights spammers may have to ]communicate their message. It stinks of a ripe first amendment lawsuit ]when you talk about the carriers of the message completely shutting off ]communications of this sort. Of course, I'm not an attorney. ] ]The thing that most concerns me is that the easiest target to hit is the ]ISP. The customer isn't doing anything except complaining, and the spammer ]can pull up roots quickly and move on without leaving tracks. Only the ]ISP, who bears the brunt of responsibility and liability, is involved ]enough and is permanent enough that if fines are levied or lawsuits filed, ]they're the most likely (if not the only) ones to get hit. ] ]Ironically, the ISP is actually the one who "suffers" the least, as long ]as they are protected against spam mail relaying and their customers ]aren't the ones doing the spamming. The costs of filtering, and potential ]legal costs related to this bill are far higher than any current costs of ]spam (some bandwidth and disk space). ] ]For these reasons, as an ISP, I'm very fearful of legislation like this. I ]would prefer that the ISP be completely removed from the loop, and that ]the legislation focus strictly on ways that Internet users can do their ]own spam filtering (even potentially having a user-specified server-side ]filter, so they don't have to download the spam messages), and leave it at ]that. ] ]Pete Kruckenberg ]VP Engineering ]inQuo, Inc. ]pete@inquo.net ] ]
At 10:51 PM 23-05-97 -0400, John R Levine wrote:
Seems to me that if this were enacted into law, it'd be bad news for ISPs, since the volume of spam would increase (since it'd be officially legal) and ISPs would have to provide filtering on mountains of inbound spam.
If the ISP community doesn't address the email problem with protocols and technical solutions, then the legislators will respond to their constituents with regulations. IOPS.ORG could hire some lawyers or spearhead an email initiative. --Kent
On Tue, May 27, 1997 at 06:08:16PM -0700, Kent W. England wrote:
If the ISP community doesn't address the email problem with protocols and technical solutions, then the legislators will respond to their constituents with regulations.
At this point, we'll have to do both -- there's already a large outcry for legislation, and it's inevitable that something will pass (I support the Smith bill; Murkowski clearly has no idea what he's talking about.)
IOPS.ORG could hire some lawyers or spearhead an email initiative.
The ISP/C already has a published stance...there's also the Coalition Against Unsolicited Commercial E-mail (www.cauce.org). This is getting farther off-topic for NANOG, and there are many other lists out there dealing with spam, so please reply to me personally if a reply is warranted. ---------========== J.D. Falk <jdfalk@cybernothing.org> =========--------- | "Knights in shining armor go | | Protected, safe in Merlin's glow | | Have been blessed by machines, so | | They now belong to the community." --Robert A. Newsom | ----========== http://www.cybernothing.org/jdfalk/home.html ==========----
participants (9)
-
Deepak Jain
-
J.D. Falk
-
John R Levine
-
Kent W. England
-
owen@DeLong.SJ.CA.US
-
Pete Kruckenberg
-
Phil Howard
-
Stephen Sprunk
-
Tony Torzillo