Filter Tip

|

Sending deceptive spam is now a felony in Virginia. Gov. Mark Warner predicts the law will have a substantial impact because so much Internet traffic travels through the state, home of AOL and other major ISPs. In a recent commentary (not available online yet), Hanah Metchis of the Competitive Enterprise Institute offers grounds for skepticism:

The problem of spam starts with the fact that it's very easy for spammers to hide their true identities and contact information. When e-mail headers are forged, it is difficult to discover who actually sent the e-mail. Police or private companies contemplating a lawsuit must hire experts to trace the e-mail to its source. Once a spammer is found, local police must often pursue him out of state, or even to foreign countries. Certain countries, such as China, are known for being "spam havens" where law enforcement officials are reluctant to cooperate with investigations. Because of these difficulties, anti-spam laws are rarely enforced….

Research has shown that the likelihood of being caught is far more important to criminals than the possible penalties. That is, a law that is effectively enforced but carries a light penalty will be a much better deterrent than a law with a heavy penalty that is rarely enforced.

Penalties for spamming have not, in fact, deterred spammers. Twenty-nine states have passed anti-spam legislation, and fraudulent advertising is illegal regardless of the medium through which it's distributed. And yet, because these laws are not regularly enforced, the amount of spam is constantly growing.

Metchis argues that technological fixes are much more promising than legislation. One of her examples, the Matador spam shield, has worked quite well for me so far. Unlike McAfee's Spamkiller, which takes forever to load, Matador inserts itself into Outlook, so it's up and running whenever you check your e-mail. It also catches a bigger proportion of spam, missing just 10 or so come-ons per day (out of around 150). In addition to filters, it uses a challenge-response protocol for iffy messages.

Of course, I was also pleased with Spamkiller when I first got it, but lately it's been letting through a lot of obvious spam.

NEXT: Grocery Shopping with the Jetsons

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Hanah Metchis of the CEI offers grounds for questioning either her understanding of technology or the CEI’s motives for publishing the article. I’d hate to think it was “sponsored” by the Direct Marketing Association, but I’m not sure the specter of lazy research makes a “research” foundation look any better.

    She writes:

    The problem of spam starts with the fact that it?s very easy for spammers to hide their true identities and contact information. When e-mail headers are forged, it is difficult to discover who actually sent the e-mail.

    A common statement repeated a lot in mainstream media, but one that’s just plain not true. While it’s easy to forge portions of the message header, including the “From:” address and even the name of the originating mail server, the numeric IP address of the originating mail server is still there, even if that server itself has been doctored by spammers to report a fake originating IP address for the message sender.

    The IP address of the originating mail server is one of two things: it’s either a server under the spammers’ control, in which case you’ll know who to go after once you find out who “owns” the IP address, which takes about a minute to do by hand, or it’s a organization’s or ISP’s public mail server that’s being abused by somebody–an employee, a customer, or a spammer preying on lax security. If thew latter is the case, then that mail server is recording the correct IP addresses of the computers sending the spam. Once again, look up the owner of the IP address and you have your culprit. Is the culprit an ISP’s dialup or DSL customer? No problem. You have the IP address they used and a timestamp of when the mail was sent. That’s enough for the ISP to go on to figure out who sent it. I get a couple of spamming operations kicked off their ISPs every week by tracing them back to the right source.

    This isn’t going to help anyone prosecute offshore spammers, but other things will. Most spam tries to sell you something, and in order to do that, they have to give you a website to go to or a phone number to call. It’s not as though businesses that operate in the US don’t already operate with regulations imposed on what they do outside the country.

  2. There’s another product out, as well, called “SpamArrest”. It also uses a challenge/response system, and only allows through mail that either the user approves, or that has a real, verifiable sender behind it. I don’t receive spam anymore. At all. I can’t tell you how happy that makes me.

  3. So, we’re still basically stuck with spam & eggs, spam, spam, & eggs, fried spam, spam spam with spam….

  4. An idea I’ve heard for junk mail – stuff all of their material (including the original evelope, if you can make it fit) in the return response ‘No Postage Necessary’ evelope and send it back to them. Forces them to pay for mailing to get their own junk mail back. If enough people do this, it might start to discourage generic bulk mailing.

  5. Now if only we can get rid of all the PAPER-BASED (hard copy) junk mail that clutters our outdoor mailbox as well . . .

    Do you know of any filters for THAT?

  6. I thought computer guys didn’t want government intervention in anything?

  7. I used to do that. Still do — IF and when there is such a SASE. But most paper-based junk mail nowadays doesn’t arrive with a SASE anymore. (Apparently they wised up.)

    And there’s especially no SASE with all those colorful, plastic-wrapped, generically bulk-mailed ad sheets from Target, Walmart, etc., that include those perennial “Have you seen me?” (lost kids) cards.

    By the way, esmith, we’re not asking for any government nose-in-the-tent here. We’re simply looking for a market-based solution.

    Nature (and the market) abhors a vacuum. If there’s a need, it will be filled — somehow — and without some politician reaching into your pocket again.

  8. If they privatized the postal service, perhaps you could pay them a fee to sort out junk mail – kind of like spam filters some ISPs have. Kind of hard to do if the spammer (junk mailer) is paying to carry it right to your house. But if you rent a post office box from someplace like Mailboxes, Etc. then the deliverer would have to get it through someone else, who could then provide the ‘filtering’ service. Just a thought.

    For those who really want to think outside the box – many years ago I saw a show on TV that featured a guy who wanted to get as much junk mail as possible – he used it to heat this house. This guy got hundreds of letters a day, and all these suckers sending him stuff were just providing him free fuel, with free delivery to boot. The only snag I see with this plan is finding your bills and stuff you actually need stuck in all that mail. Anyhow, if you’ve got a wood burning stove or fireplace, might just be a good way to turn a nuisance into a resource. Now if we can only find a way to burn our emial…..

  9. Without getting the environmental (smoke) whackos on your case.

  10. EMAIL: pamela_woodlake@yahoo.com
    IP: 62.213.67.122
    URL: http://online-casino-gambling.best-gambling.biz
    DATE: 01/20/2004 12:16:27
    Men are close to one another by nature. They diverge as a result of repeated practice.

  11. EMAIL: nospam@nospampreteen-sex.info
    IP: 212.253.2.205
    URL: http://preteen-sex.info
    DATE: 05/20/2004 02:10:47
    Every decent man is ashamed of the government he lives under.

Please to post comments

Comments are closed.