Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

What is the legislation on spam in your area (or how to fight spam by legal means) ?

By Fred_A in Internet
Thu Apr 19, 2001 at 03:20:22 PM EST
Tags: Internet (all tags)

Spam is a problem for almost all email users. In my case, I have use 4 addresses for historical reasons, and I can't remove any of them because they are contact addresses for various NICs. Some of those are posted in the NICs contact information for various domains I use, some got posted to Usenet or other "public" places when spam wasn't yet a problem. Most of them are now in the databases of most spammers.

Nowadays on any given day, 60 to 80% of my mailbox's content is spam. Being in France, I systematicaly attack any identifiable French or European spammer. However, those are in a minority. How can I (and others) act against spammers from the US or Japan? How do you retaliate against spammers in your country? What laws (if any) regulate unsollicited commercial email in your jurisdiction?

In France, the CNIL (the French Commission on Computing and Freedom which regulates computing abuse in France) clearly states that spamming is illegal, thanke to law 78-17, 6th of january 1978 (link points to French document). With spam from other EU countries, directive 95/46/CE is also a useful tool. However I don't know what to do with foreign spammers I don't know what legal tools are available... This is a worlwide problem so there is a real need for a comprehensive listing of local legislation that would enable one to gather tools to fight the spam plague wherever it comes from (I'm considering setting up a site to address this very need). If you have pointers to some local legislation that makes spam illegal, feel free to followup. On the other hand, if spam has been legalized in your country, this is also valuable information.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


What do you do with the spam in your mailbox?
o I haven't opened my mailbox in months 0%
o I just delete the spam and forget about it 40%
o I try to report all the spam I can 14%
o I'd report it but I know it's useless 11%
o I report it whenever I'm in a bad mood 19%
o Spam is nice, I've always wanted to enlarge my penis 12%
o I archive all my spam and read it when there's nothing on TV 2%

Votes: 98
Results | Other Polls

Related Links
o Also by Fred_A

Display: Sort:
What is the legislation on spam in your area (or how to fight spam by legal means) ? | 31 comments (24 topical, 7 editorial, 0 hidden)
Collect it (3.66 / 3) (#1)
by duxup on Wed Apr 18, 2001 at 08:20:31 AM EST

I collect it. It makes receiving spam much less maddening, and sort of fun.

Collecting Spam (3.00 / 1) (#13)
by J'raxis on Wed Apr 18, 2001 at 11:22:36 AM EST

How many megabytes is your mailbox now? ;)

Seriously though, I actually do collect parts of the messages -- Subject, Date, and Sender -- these get published at random on this website for the harvesters to collect. :)

Spammer, spam thyself.

...The spammer data file (only those three headers mentioned above) is already currently 129k.

-- The Antispamming Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

Huge (3.50 / 2) (#14)
by duxup on Wed Apr 18, 2001 at 11:42:32 AM EST

It's huge, one of my primary e-mail addresses is on hotmail so it's pummeled each day. I've been thinking of publishing mine for kicks as well.

[ Parent ]
Where do they find email addresses? (4.50 / 2) (#2)
by jesterzog on Wed Apr 18, 2001 at 08:31:22 AM EST

Nowadays on any given day, 60 to 80% of my mailbox's content is spam.

I know a lot of people who complain about this sort of rate. Where does it all come from?

I'm not absolutely paranoid, but I'm reasonably careful about who my email address is given to. I almost never enter it into any electronic database without reading the relevant parts of a privacy statement first. (If I'm not satisfied, I'll use a throwaway hotmail account.) If it's going to be on display anywhere on the web, I'll usually try to make sure that a munted version goes on display.

I don't send token electronic birthday cards to people, and I ask others not to send them to me. In fact, my standard sig states "Please don't give my email address to commercial entities without permission."

When I'm filling in registration surveys on websites, I give them minimal marketing information. (eg. My occupation is nearly always "Other", if it's an option.)

I don't post to any major open mailing lists (eg. bugtraq) that are sometimes patrolled by spammers, although I know not everyone has that option.

I've had my current main email address for about two years now, and I can count the amount of spam that I've recieved on my fingers. I haven't been stingey about giving it away to places that I think have a use for it. I just don't give it to everyone and everyone without a reason first, and without checking them out. I don't think I've been ultra-paranoid.

For fallback reasons, I've purchased my own domain and I always give a unique email address to every company. This way if they leak it to spammers, I can usually trace it back to who was responsible, and block the specific address at my ISP if it gets really bad - I haven't had to do this yet. (For the record, I no longer trust realaudio to keep their database safe from spammers.)

What sorts of places do spammers get email addresses from apart from the places where people haven't been reasonably careful? Maybe I've just been lucky, and I'd like to know for future reference.

jesterzog Fight the light

Spam, spam, spam, spam, spam, spam...!! (3.50 / 2) (#10)
by J'raxis on Wed Apr 18, 2001 at 09:37:56 AM EST

I know a lot of people who complain about this sort of rate. Where does it all come from?
I think the vast majority of spam harvesting is still done through Usenet, or website archives thereof. I have an old email address I've not even touched in well over a year (it's an old account I no longer use), other than to clean out the junk in it. A Google search for the address brings up twelve pages, nearly all of which are archives of Usenet posts at various places on the web.

A long time ago I used the address relatively freely in Usenet; but it has not been published since. Now the account still receives at least a dozen spams per day.

-- The Antispamming Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

They can guess, too (4.00 / 2) (#12)
by jasonab on Wed Apr 18, 2001 at 11:02:58 AM EST

When I started my current job, the first day I was there (after the account was created the previous Friday) I had tens of spams waiting. My problem is, I'm jason@domain. I don't have to give my address to anyone -- it's too obvious to not get hit by a dictionary attack.

[ Parent ]
Where they find addresses, basic protection (3.00 / 1) (#25)
by Fred_A on Thu Apr 19, 2001 at 09:11:48 AM EST

All those precautions you take are currently basic precautions that everybody takes. My solution has been to use sneakemail (www.sneakemail.com) disposeable addresses for all my public postings, which includes discussion boards, website registration thingies, and so on. As a result, my current main address gets almost no spam.

However, some of my addresses are 6 years old. At the time, it was natural to post your address on Usenet (which was still useable back then). That same address could safely be used at the InterNIC or any other such legitimate database. That was the purpose of an email address. To have it listed so people coud contact you. Nowadays I'm working on several new websites I maintain as a hobby, what contact address am I supposed to list there ? It doesn't feel right to me that I have to use a disposeable address that has to be renewed monthly. That's not what email is for. People are not supposed to abuse this resource.

So currently, I protect myself (although I can't do anything about my old addresses that are now on a zillion CD ROMS) and hate every minute of it. It's just wrong. I shouldn't be in hiding because some schmuck decides he can freely abuse the network. He should be in hiding because if I ever get my hands on him, I'll sure as hell file a complaint.

Fred in Paris
[ Parent ]

You could filter... (3.00 / 1) (#27)
by Karmakaze on Thu Apr 19, 2001 at 03:32:53 PM EST

Nowadays I'm working on several new websites I maintain as a hobby, what contact address am I supposed to list there?
I have some hobby sites myself with an comment email address listed. I have a keyword embedded into the mailto link to fix the subject line and a note in the text next to it saying "please put one of the following words in the subject to make sure I do not mistake your message for spam" (It's different words depending on the site). I find that and a bulk-mail filter (only accept emails with my address in the to: field) keeps most of the spam out of my way. Every now and then I just empty the spamtrap.

I just wish I could get my core email off the spam lists. I'm in the same boat you are. I was on usenet when you could still post to newsgroups without excessive paranoia. That mailbox is almost unusable now.

[ Parent ]

Safe Hex (3.50 / 2) (#3)
by br284 on Wed Apr 18, 2001 at 08:37:46 AM EST

Wasn't there some sort of saying in the antivirus community years ago about practicing "safe hex"?

My spam management is simple. I have two e-mail accounts that go to the same destination. At the destination, I am able to filter the messages so that most of it goes into a "Junk Mail" bin. This way, I know that when something is in my "Inbox" folder, it might actually be somethin useful. As far as cleaning out the junk mail bin, I do it when I'm looking to kill a little time.

All this can be done using Yahoo! Mail if you aren't too keen on setting up Unix-based filters.


The author's problem (5.00 / 4) (#4)
by wiredog on Wed Apr 18, 2001 at 09:00:13 AM EST

Some posters have said, in effect, "why don't/didn't you use junk addresses (hotmail/yahoo) and only give the real one to the people who need it?"

The author's problem is that the addresses that get the spam are the ones in the contact records for his equivalent of internic. (In this case NIC==Network Information Center,not nickname.) As anyone who's moved a web/ftp/news site to a new host can tell you, those can be difficult to change. Also, those addresses got posted to usenet in the Good Old Days(TM) before spammers regularly harvested addresses from usenet.

The idea of a global village is wrong, it's more like a gazillion pub bars.

Solution... sort of... (3.50 / 2) (#11)
by flieghund on Wed Apr 18, 2001 at 10:46:16 AM EST

My solution to that has been to set up a filter on my NIC contact addresses to only accept email coming from one of the main NSI domains (and internic.net just for kicks). It doesn't stop the NSI spam, but it's a good start.

Using a Macintosh is like picking your nose: everyone likes to do it, but no one will admit to it.
[ Parent ]
Denmark (5.00 / 3) (#5)
by Per Abrahamsen on Wed Apr 18, 2001 at 09:18:48 AM EST

Unsolicited e-mail, fax and phone messages to privates for the purpose of selling goods or services are illegal.

The "Jesus love you" messages and spam to companies are not covered by the anti-spam law.

On the paper side, there is a voluntarily system (involving a label on the post box) to avoid unaddresses junk mail. It mostly works.

There is also a central opt-out register to avoid direct mail, anyone who sends direct mail must check that register to see the reciever hasn't opt'ed out.

Legislation (5.00 / 4) (#7)
by J'raxis on Wed Apr 18, 2001 at 09:26:07 AM EST

Google Directory. The particularly good sites are CAUCE (U.S.) and it's Australian equivalent, CAUBE. The CAUCE site has a whole page on pending U.S. legislation.

-- The Antispamming Raxis

[ J’raxis·Com | Liberty in your lifetime ]

Curious (3.00 / 3) (#8)
by Mashx on Wed Apr 18, 2001 at 09:30:23 AM EST

Being in France, I systematicaly attack any identifiable French or European spammer.
I have given up reporting Spammers, certainly try not to open any that I recieve and generally just delete it. Every now and then, I get caught out by one, simply because of the amount of mail that I get. They are the ones that I would like to systematically attack, so if you would like to expand on what this actually entails, I would be interested to hear it.

Life moves pretty fast...
If you don't stop and look around once in a while...
...You could miss it.

What "attaking" entails... (5.00 / 2) (#23)
by Fred_A on Thu Apr 19, 2001 at 08:38:43 AM EST

When I said I "attacked" spammers, it's not just reporting them to their ISP, it actually goes a bit further than that. For spam originating from France :
  • Find the address and phone # of the company behind the spam
  • Call them to know how they build their database, and if that database has been declared to the CNIL (a legal oblication when collecting personal data in France, email addresses are personal data).
  • If the emails are in an undeclared database and have been collected fraudulently (this is always the case), write (in paper) to the CNIL with a formal complaint.
  • email the ISP and the offender.
  • Wait and hope that the 2 million francs fine and 3 years imprisonment listed in the text of the law aren't just for show.
I'm currently waiting a for a good case to take to court as this would further enforce the illegality of local spam.

Fred in Paris
[ Parent ]

Thanx (3.00 / 1) (#26)
by Mashx on Thu Apr 19, 2001 at 09:24:45 AM EST

This is exactly the sort of thing I was wondering, as I guessed that you didn't just mean reporting them.

Most of my SPAM originates in the States so I don't have that ability, but for the bits that do originate in the UK, there is the Data Protection Act which I could well use. I don't think the fines are as big as they are in France, but it could be worth finding out.


Life moves pretty fast...
If you don't stop and look around once in a while...
...You could miss it.

[ Parent ]

Technical Measures! (2.50 / 2) (#16)
by dice on Wed Apr 18, 2001 at 12:13:00 PM EST

We all complain about how the government gets too involved with technical stuff, and then they mess it up. And here you all are, telling how to work through a legal system to deal with spammers.

Procmail isn't hard to use. Hell, the blackhole lists aren't hard to use.

People spam, it's really not that big of an issue.

international "treaty". (4.00 / 5) (#17)
by Signal 11 on Wed Apr 18, 2001 at 12:53:49 PM EST

Since governments and most large corporations have decided unanimously that spam is not a problem and helps the bottom line, I suspect it'll be up to grass-roots efforts to remove spammers.

There's several ways to approach this, but all of them start with forming an international coalition of users and system administrators who can donate part of their time to tracking down spammers and forcing them off the 'net. And for legal reasons, it might be a good idea to create some kind of document such that if you (as a citizen of France) are spammed by an american, you can forward it to one of the US coalition members and they can have the legal authority to act on your behalf from within their own country.

There's two main roles such a coalition would play - first, to distribute anti-spam software and keep it up to date. Something like Spambouncer but cross-platform and international. This should not be difficult! Second, a political foundation. This need not be political in the conventional sense of the word - if we had sympathetic network administrators working at backbone sites like UU.Net who could (and would) place blocks against ISPs who are spamming into the router tables, it would be one way of effectively getting ISPs in line - and keeping their AUP up to date. Combine this with a network of smaller ISPs who are part of the coalition and who subscribe to something like the RBL and you have the makings of an anti-spam Cabal.

Again, assuming that the legal climate on the 'net continues the way it is, covert attacks need to be made against non-compliant ISPs. Naturally this is going to generate a great deal of bad press because of all the "electronic terrorism". Poor businesses, someone's denying them profits! Spam is pretty much universally hated by the wired world, however, and therefore such press releases are only going to influence conservatives who couldn't identify a computer in a lineup of household appliances. Per usual, such activities will likely occur independently of any such coalition, so taking a stance for or against it is pretty much a moot point - it'll happen no matter what... so it might as well be examined ahead of time and channeled.

That's my suggestion to how to kill spam: with technology instead of law... because it's obvious which side of the fight the law is on - the side of corporate interests.

Society needs therapy. It's having
trouble accepting itself.

Route to /dev/null (3.00 / 1) (#18)
by weirdling on Wed Apr 18, 2001 at 01:35:25 PM EST

These days, my favorite trick, bouncing with the entire text of some book as the message, is getting harder and harder to do, so there's only one thing left to do: route to /dev/null.
Seriously, I wish there was a law that said that in order to send out unsolicited email, you have to have a valid and working return address.
It's quite one thing to send out sixty million copies of a short advert, but another thing entirely to receive Edgar Allen Poe's 'Fall of the House of Usher' times sixty million in return...
<br>I'm not doing this again; last time no one believed it.<br>

Checking for valid return addresses... (3.50 / 2) (#29)
by static on Thu Apr 19, 2001 at 07:49:54 PM EST

I've recently put in place a new SMTP server which is a real stickler for correctness. It's called Courier. Amongst other things, it insists on a valid return address before accepting an email for delivery. I'm wondering how effective this would be as a basic anti-spam measure...


[ Parent ]

Worship and be thankful. (3.40 / 5) (#20)
by your_desired_username on Wed Apr 18, 2001 at 02:29:27 PM EST

Advertising is a vital and important part of US religion. Nearly everywhere one might go, almost anywhere in the US, one can see the Proud Icons of American Advertising. We Americans believe Advertising is important to our spiritual well-being; its mark can be found in nearly every American activity. Eating, watching a movie, driving, playing a game, engaging in outdoor sports - even email.

Each time one buys an American product, one makes a donation to Corporate America's Marketing Industry. These donations provide the resources necessary to produce and maintain the aforementioned icons of the American Advertising Religion.

The spam which you are complaining about is intended to better your soul by teaching you how to be a tool of Corporate America. You should be showing your thanks by helping to improve the economy of America's wealthy; your complaints and cries for help are crass and not called for.

The laws enacted in the EU to restrict this vital part of American Culture are repugnant and in violation of the American Corporate Constitution. Surely the Supreme Court will strike down these laws.

Thank god... (3.25 / 4) (#28)
by ttfkam on Thu Apr 19, 2001 at 04:56:29 PM EST

...that we can worry about hitting the delete key in our mail reader a dozen more times instead of other less important global issues like child labor, extreme poverty, pennies a day for some Gap clothes, pollution, etc.

I'm glad that we can all strive to find workable solutions to spam. This is definitely the worst scourge of our generation and should garner our undivided attention.

I hate spam! It takes me as much as a minute every day to get rid of. This is a minute I could be spending asleep in bed.

Filters never work. I've never tried using them to cut down the volume of spam, but I'm sure they wouldn't help.

I also feel bad for those system administrators who have to battle the spam influx. I think we should protect them with legislation which won't be effective across international borders instead of promoting technical solutions like the RBL or disabling the username verification of SMTP.

Liberty from spam or death!

If I'm made in God's image then God needs to lay off the corn chips and onion dip. Get some exercise, God! - Tatarigami
Norwegian laws: (3.00 / 1) (#30)
by Eivind on Fri Apr 20, 2001 at 09:39:31 AM EST

Here in Norway spam where the receipient bears the majority of the cost, such as by email or fax is unconditionally forbidden unless the receipient has actively opted in.

For spam where the sender pays the cost, such as phone-marketing or postal mail there is a national opt-out list run by "Brønnøysund-registerene" which are governmental database-people. You enter your adress there and it is thereafter forbidden for anyone to send you adressed comercials or do phone-marketing. You can select for yourself if you want to allow charities to phone you for fund-raising or not.

US law is the major obstacle to getting rid of spam. 95% of the spam I get originates in the US. And there's largely nothing to do about it. I'm aware that some of the spammers would move abroad if the US laws where to change, but aslong as the spammer is physically in the US, runs a US business or spesifically targets US customers US law is likely to apply, even if he's got a server in FarAwayistan.

In Finland... (none / 0) (#31)
by WWWWolf on Fri Apr 20, 2001 at 04:12:04 PM EST

I'm in Finland, and here, spamming is illegal ("Law about privacy in telecommunications and information security in telecommunications", 565/1999, section 21). Spammers get fined. I don't know if this has lead to anything Really Major...

There's information about this in Finnish out there...

-- Weyfour WWWWolf, a lupine technomancer from the cold north...

What is the legislation on spam in your area (or how to fight spam by legal means) ? | 31 comments (24 topical, 7 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest © 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!