Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

British anti-spam legislation 1

Status
Not open for further replies.
GwydionM

GwydionM

Programmer
Oct 4, 2002
742
GB
Interesting things are happening over here. [2thumbsup]
"From the end of this year, it will be an offence for a British firm to send unsolicited junk mail to personal email accounts - but business addresses will remain unprotected" - see and for details.

There is valid concern that businesses are not protected. But when was your small business last offered a penis enlargement?[noevil]

Companies get harassed by people offering them things that they might occasionally want. Also someone [profile] gets paid for sifting them and passing them on to a manager who might be able to say yes or no.

If advertisers have to check who they are writing to, filter out the business from the personal, that will stop the worst abuse.
 
Sort by date Sort by votes
You people must be signing up for trial software, etc. to be receiving so much spam. I recevie some, but not even 50 a week.

To get so much, "At the moment I filter about a thousand spam messages a WEEK." then you need to look at what you are signing up for, downloading, etc.

Not all of it is from these activities but more often than not it does.
 
Upvote 0 Downvote
unixtechie: "You people must be signing up for trial software, etc"

So you're suggesting that the majority of spam comes from people signing up to software trials. Where do you get this data from?

The March 2003 CDT (Centre for Democracy and Technology) report does not support this premise.

Their data suggests that the majority of spam originates from email lists scraped from websites (who knows - this may even include websites like Tek-Tips?) and Usenet news groups.

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
I think so. Maybe TT Removed them. My inbox had like 10 notifications for this thread and I came here and got this!!!
 
Upvote 0 Downvote
the discussion got rather heated.

It will be interesting to see what approach the US decide on - there's a delegation of UK MPs descending on Washington to discuss this very issue....

With a bit of luck, the US will agree that opt-in provides a more stable model than opt-out.

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
at least this time the non offending posts were left behind! Nothing more disconcerting than to show up and have an entire thread missing!



Leslie
 
Upvote 0 Downvote
Opt-in isn't enough.

I also want spammers to be legally required to maintain a &quot;chain-of-evidence&quot; on every address they use.

That way, when I get one of those emails which reads in part, &quot;This is NOT spam. You are receiving this because you agreed to accept email from one of our affiliates...&quot;, then the onus of proving the email is not spam falls on the sender, not me.

And make sure the chain-of-evidence specifically excludes current address lists. That way the spammers have to dump their lists and derive new ones.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
I also want spammers to be legally required to maintain a &quot;chain-of-evidence&quot; on every address they use.

They are in many countries including the US.
Problem is that if they don't they're virtually untracable so prosecuting them for it becomes virtually impossible ergo they can go on because they won't get caught anyway.
 
Upvote 0 Downvote
I'm still in favour of a better handshake:

Server1: I have some mail for you!
Server2: Great, are you real? (quick check)
Server1: Yup still here!
Server2: Aknowledged.

Dumbed Down I admit as my knowledge of protocols and handshakes is limited.

It would create more traffic, but damnit it would be worth it (in my opinion, of course).
 
Upvote 0 Downvote
There's that line from the movie &quot;Field of Dreams&quot;: If you build it, they will come. Short of some kind of international registry of non-spamming mail servers, I don't see how changes to protocols are not going to be abused by spammers.

But if you want to add stuff to the SMTP protocol, go right ahead. Submit an RFC to the IEFT.

Keep in mind, however, that there is no rule that says legal and protcol actions can't both be pursued.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
I agree, but stopping people being able to send mail from spoofed addresses would surely cut down on the spam aswell as making it simple to trace.
 
Upvote 0 Downvote
I think that he means that for legislation to come into effect then mails would need to be traceable. By ensuring that emails cannot be spoofed would not only reduce spam but also make viruses a lot easier to trace.

If people think that they can get caught then people are less likly to do it.
 
Upvote 0 Downvote
To answer Grenage's problem:

As part of Step 2, it would have to say &quot;Are you real&quot; AND &quot;Is this username valid&quot; and the response would have to result in a positive response to both questions. A negative response, or none would stop the mail transmission at that point.

The trouble is that this procedure could be used in bulk to obtain a valid list of email accounts on a particular server.
It also has a problem where one box is used as a multidrop for something further down the line, as each account within the domain would have to be registered at the top level to work properly.

John
 
Upvote 0 Downvote
Not necessarily, because it just wouldn't get put in the mailboxes. Spammers could transmit whatever they wanted to (so it would still use bandwidth), but only messages passing the check would go into the mailboxes for their viewing.
Verifying a mail server would be as simple as looking up the MX record for a particular domain, and checking that port 25 is open on it.

John
 
Upvote 0 Downvote
Checking for an MX record for what domain?

The &quot;From:&quot; header? If I'm a spammer and I have a database with a million known-good email addresses in it, all I have to do is forge headers so that my email to recipient 123456 looks like its coming from recipient 123455.

The &quot;mail-from&quot; value of the SMTP protocol? See above.


Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
1. rev-dns the sender's IP address
2. dns the domain name that rev-dns provides

if the IPs match and the domain name matches the senders domain name, then the email address wasn't spoofed.

the downside is that this generates a dns lookup and a rev-dns lookup for EVERY email sent. a self inflicted DoS attack.

<marc> i wonder what will happen if i press this...[pc][ul][li]please give feedback on what works / what doesn't[/li][li]need some help? how to get a better answer: faq581-3339[/li][/ul]
 
Upvote 0 Downvote
It would be the &quot;To:&quot; header or envelope-to (in case the message was a mailing list). This would stop spam coming into the receiving mail server.

I like Manarth's idea though, but as he says it would generate a lot of DNS traffic.

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Remou
  • Locked
  • Question
Anti-Counterfeiting Trade Agreement
Replies
2
Views
41
Opieo
Opieo
wahnula
  • Locked
  • Question
Update on spaces.live.com redirection spam... 2
Replies
6
Views
106
wahnula
wahnula
wahnula
  • Locked
  • Question
Spam for sites at spaces.live.com…who is to blame?
Replies
5
Views
61
brettuthius
brettuthius
ecobb
  • Locked
  • Question
Feds Overthrow Spam King
Replies
13
Views
82
mrdenny
mrdenny
johnherman
  • Locked
  • News
Data Privacy Legislation
Replies
4
Views
50
alexhu
alexhu

Part and Inventory Search

Sponsor

Back
Top