Spam

Link: Can Texas Lasso Spam?

The linked article, from the Foat Wurth Startlegram, discusses the pending Texas spam law and quotes me being skeptical.

It says the Texas Attorney General office is ready to go after some spammer hide. Unfortunately, I'm not getting a lot of comfort that they know how to go about doing it--let alone have a plan in place.

For instance, the mechanism they have setup for collecting spam complaints (report via phone or web form) is exactly wrong. People who collect spam complaints know most spam victims don't submit actionable spam reports. Heck, most spam victims will admit it themselves. I'll be surprised if more than 10% of the reports they receive by these mechanisms include the trace information necessary for a spam investigation.

I think the FTC model is superior, where they setup a general mailbox uce [at] ftc [dot] gov to feed a collection that can be used for data mining.

I'm pleased the reporter presented my position accurately, unlike the recent TV news story on the law. There were two key points I wanted to make, and I'm glad to see they were reported. First, this is a weak law, one of the weakest in the nation. Second, this is not a law that prohibits spam, but rather enables it.

Link: Microsoft says sorry to 'spammer'

This is a followup to an article I posted in June. Microsoft had just unleashed a torrent of lawsuits against spammers. It appeared, however, they may have mistakenly snared the wrong guy in their dragnet. At that time, I found their response to the possible mistake to be (engage diplomacy filter) somewhat uncharitable.

Simon Grainger, the innocent victim, was kind enough to stop by this blog the other day and add a comment to that article noting the nightmare ordeal is now over. It took Microsoft nearly six weeks to confirm what was obvious to most everybody else: they had the wrong guy. Microsoft announced the charges against Simon would be dropped, and offered an "unreserved apology."

Buggy code. Buggy lawsuits. Seems like it infests the corporate culture.

Link: Legislation signals round one in the battle of spam. (News 8 Austin)

In the linked story, I talked to News 8 Austin about the impending Texas spam law. Regular readers of this blog (Hi mom! Hi sis!) may be bemused to see me playing the role of supporter. I've been quite clear about my displeasure with this law. They, however, already had somebody for the opponent, and, by the calculus of TV journalism, the opening they had to fill was for somebody in favor.

I'm glad I was able to make the point that this law does not prohibit spam, but actually legalizes it. That's some consolation. That, and the fact they spelled my name correctly.

We are less than a week into the month, and I'm pretty sure I've got this month's winner already. This spam comes from Hong Kong, with a subject of:

Subject: Toweling products from Daily Firm 

It almost sounds like they are trying to sell me something vaguely, but ineptly, naughty. The darn thing is when I read the text of the message, it doesn't make any more sense.

Link: Bellerose Man Convicted Of Selling Apricot Pits As Remedy

Jason Vale was never one of the most significant spammers, but he was one of the more persistent and annoying. For years, my mailbox received a steady stream of his spams, pedaling apricot seeds as a cure for cancer. After the intervention of the FDA and several federal judges, the spam finally should stop.

What made Jason particularly annoying was his excessive self-righteousness. It was also his downfall. His final mistake was violating an order from a federal judge. He was recently found guilty of contempt, and is now awaiting sentencing. I hope the sentence is sufficient to break down his resistence to clue.

Link: Dean for Texas (spam sample).

This is a case study in spam: how to handle a bad incident so that it doesn't damage your organization. Over the weekend, an overzealous volunteer with the Dean for Texas campaign spammed a batch of unsolicited email to publicize a Dallas rally.

The response was immediate and negative--much of it from within the campaign itself. The Dean campaign is known for its sophisticated use of the Internet. The tech-savvy volunteers in the Texas campaign let those responsible know that a bad mistake was made.

Within 24 hours the campaign acknowledged the error, issued an apology, and vowed to send email only to the people on their own lists.

This incident could have been a disaster. The Dean campaign has been reaching out to tech-savvy individuals, precisely the people most offended by an action such as this. I believe the campaign deserves a lot of credit for the way it handled what was an admitted mistake. I think the key things are: they listened to what people were saying, admitted a mistake, issued a public apology and took corrective action.

Errors, unfortunately, will happen. I think there is a lesson here on how to act when they do.

Link: . . . And On The 1st Day Of July, Assembly Committee Proclaims:

Link: Fooling Bayes (Joho the Blog)

David Weinburger is surprised a spam message got through his Bayesian filter and into his mailbox. I'm not.

New anti-spam methods can be very effective early on. But, like an evil deranged mutant virus, spammers adapt and attack. For instance, now that Spamassassin has become so popular, spammers have adapted to it. Spammers will test messages prior to sending, and tweak them to get by the filters.

This is easy to do with rule-based filtering such as Spamassassin. The rules are fixed. You simply push a message through, see what things cause negative points and adjust accordingly.

This is tougher for Bayesian filters, which are adaptive. The filter actually trains to your spam (and non-spam--sometimes called ham) stream. Unfortunately, I fear even this system can be gamed. Spammers can train their own Bayesian filters and use them to develop a vocabulary that avoids spam classification.

That's why I think people who believe filtering is a silver bullet solution are being naive. Doesn't mean you shouldn't use filtering technologies--I certainly do. Just means you shouldn't think they will vanquish the spam problem.

Remember, spam has nothing to do with content. It's about permission and delivery. Content filtering may exploit some weak heuristics that may identify spam, but ultimately cannot be depended upon as the solution.

Link: State's high court upholds right of ex-Intel mass mailer.

One of the arguments against spam is that it represents a trespass of private property. Today, the California Supreme Court rejected that theory.

The case in question involves a disgruntled former Intel employee. This person took to mass mailing complaints about Intel to other employees. Intel blocked the mailings and sued for damages. A lower court supported Intel, but the state Supreme Court overturned that ruling.

The court's ruling appears to be squarely in line with the position put forward by the EFF. I hadn't put much credence in that position, preferring to believe that spam violated the property rights of computer owners. It looks like I may be dining on crow this evening.

Last week, registration was opened for the national "Do Not Call" list. The list has been flooded with requests, with nearly three-quarters of a million phone numbers registered in the first day. This outpouring highlights two facts. First, Americans are fed up with intrusive telemarketing. Second, the spam solution being touted by the junk mail lobby and big Internet providers (like Microsoft and AOL) is a crock.

For years, Americans have been growing steadily angrier about telemarketing. Congress has been grappling with the problem for over a decade. Back in 1991, the Telecommunications Privacy Act of 1991 (TCPA) was introduced to solve the telemarketing problem. It gives you the right to opt-out from telephone solicitations. If a telemarketer contacts you, you can say the magic words, "Add me to your Do Not Call list." Telemarketers are required to maintain such a list, add you on request, and not call you again once listed.

Clearly, opt-out is a failure. If it worked, then TCPA would have solved the telemarketing problem and the national Do Not Call list would be unnecessary. The problem is that you can get added to a telemarketer's private Do Not Call list, but there are three more ready to take their place. Opt-out simply doesn't work for a problem of this scale.

Yet, this is exactly the solution that the big Internet providers are pushing. AOL and Microsoft want to make spam legal, but mandate a right to opt-out. This approach has been proven a failure for telemarketing. It won't work for junk email either. You'll be sending hundreds of Do Not Email requests every day. Every time one spammer drops your email address, a dozen more will pick it up. Opt-out will be a total debacle.

What's worse, right now junk email lives in that grey zone between right and wrong. Most people think it's wrong even if it isn't against the law. So, most email services prohibit spamming from their network. If opt-out becomes the law, then spam becomes legitimized and it moves out of the grey zone. Internet service provider will be hard pressed to keep spammers off their network. If you think the problem is bad now, just wait until Congress legalizes spam.

Do we really need to repeat the failures of the last decade? Opt-out was an unmitigated failure for telemarketing. It won't work any better for junk email. It will be a disaster if Congress legalizes spam and mandates opt-out.