Yeah, I too received one of these spoofed emails from “firstname.lastname@example.org” purportedly warning that my IP address had been recorded visiting “40 illegal Web sites.” Virus Arrives in E-mail Allegedly Sent by FBI [ZDNet.com]. It’s just hard to understand that anyone could be so gullible as to believe that the FBI would do such a thing or that, even if it did, the agency would notify a target via email. Even harder to comprehend is why anyone would open an attachment forwarded with such an email, which arrived with a .pif extension that all but cried out “virus.” But it happens every day. Folks fall for the silliest phishing ruses to disclose their confidential financial information, answer those ridiculous emails from ex-wives of deposed Nigerian dictators promising millions of dollars, and the like. Take the latest scam, a mythical French company that allegedly promised cases of free champagne for forwarding a chain lettter to 10 friends. C’est fantastique!
Standards are good (by promoting interoperabilty) and standards are bad (by deterring innnovation for component products). And there has been an ongoing controversy, lasting decades, about whether “open” industry standards may or should include patented inventions. For instance, ANSI and W3C each have patent policies calling for disclosure and nondiscriminatory or royalty free licensing of intellectual property (IP) included in standards.
Now that same debate has spilled over into IETF, the Internet’s standards-setting body. Anti-Spam Effort Killed Amid Patent Row [washingtonpost.com]. This time the standards body killed a proposal by Microsoft for an email “Sender ID,” designed to prevent spoofed emails, because the folks in Redmond had patented the scheme. Though the company promises to make the IP available for free, it wants to bar software developers from further licensing it, a restriction that several members of the open-source community find unacceptable.
The end result is that consumers get stuck holding the bag — in this case, junk emails — while the engineers and lawyers bicker, perhaps endlessly. So what else is new?
Last year the U.S. Congress outlawed spam. Of course, the actual legislation was so weak, and covered only American firms, that it was doomed from the start and has done nothing to stop the torrent of unsolicited commercial email.
Now legislators want to make it a crime to engage in “phishing.” This is the use of chameleon-like emails, typically made to look as if they originate from a bank, PayPal, eBay or some other financial-related institution, to entice folks to part with sensitive personally identifiable information, like passwords and account numbers. Senate Bill Targets “Phishers” [TechNews.com].
The new bill is a charade. Pfishing is fraud, which is already a civil tort and a crime under both federal and state law. Adding a specific statute ciminalizing this behavior will do nothing to stop it and will not protect consumers who are too stupid to protect themselves. It’s grandstanding of the worst sort, because it won’t stop the abuses one iota. And don’t even get me started on the United Nations’ recent declaration of a two-year “war against spam.” Worse than empty words.
Well I just spent an hour deleting 200 spammed comments — advertising online casinos — from Fear & Loathing. So I went over to Movable Type and upgraded to the new release version, which promises to “throttle” commenters by limiting the number of seconds between posted comments. We’ll see if this works.
The vote was 97-0 for a bill in the Senate outlawing spam. Senate Votes to Crack Down on Some Spam [nytimes.com]. But the rules in the CAN SPAM Act are empty and the proposed creation of a “Do Not Email” list meaningless. “If such a list were established, I’d advise customers not to waste their time and effort,” Tim Muris, chairman of the FTC said in August. “Most spam is already so clearly illegitimate that the senders are no more likely to comply with new regulations than with the laws they now ignore.”
The issue with spam isn’t whether it’s illegal — lots of spammers have been sued on a variety of legal grounds — it’s that they use technology to cloak their identities and move from server to server, and place to place, at the drop of a hat. The Bush Administration is spending $100 million on a witness protection program in Iraq. If we devoted the same resources to hunting down and prosecuting spammers, maybe the government could make a dent in the ever-increasing volume of unsolicited commercial email. Otherwise, it is indeed a waste of time trying to make spammers obey new rules when they don’t care about rules in the first place!
The Senate Commerce Committee has passed a “tough” anti-spam bill, reports MSNBC. But this Cox-Wyden-Burns measure would only require accurate headers and opt-in — nearly all spam messages already say you “asked” to be on their list — but would also preempt all state remedies against spammers. Meaning there’s no way to go after these folks. It’s a little bit of nothing on spam and a lot of political spin. But that’s Washington.
Our patent system is becoming crazy if MailBlocks can stop EarthLink from deploying a challenge-response e-mail system just because it thought of the idea first. EarthLink Is Sued by Holder of Anti-Spam Patents.
You can’t patent ideas, only inventions. If someone figures out a way to do something with a different process or using different technology, a patent is not a barrier. So what’s the problem, Phil?
EarthLink to Offer Anti-Spam E-Mail System [TechNews.com]. This is the MailBlocks system I wrote about last month, and I still think it’s both too clunky and aimed at the wrong part of the spam problem. But with EarthLink on board, perhaps the culture of e-mail will change to accomodate a one-time verification by the sender.
Always On includes a post by Phil Goldman, founder and CEO of Mailblocks and former co-founder of WebTV, commenting that spam is killing consumer e-mail and that the Web portals — which dominate consumer e-mail — are doing nothing about it. The State of Consumer Email: Consumers Deserve Better :: AO
Well, I think that Mailblocks is doing nothing, too. Filtering and blocking e-mail is a quixotic exercise, because spammers proliferate domains and e-mail addresses and because doing so only increases the chances that good e-mail will be filtered out. Mailblocks requires human confirmation, from the sender, if a “from” address is not in the recipient’s address book, which of course just makes getting mail from new people — like prospective clients, long-lost childhood friends, etc. — problematic.
Goldman does say:
It’s perfectly clear to me that the industry needs to turn the way we deal with consumer email and spam on its head. Otherwise we risk killing the killer Internet app.
Now I can agree with that entirely. See Suing Spammers.
America Online on Tuesday said it is filing five lawsuits against individuals and companies that are allegedly purveying bulk unsolicited e-mail, or spam, to its members. [CNET News.com]. Boowah! Spam is destroying the Internet’s real killer app, e-mail, by forcing users towards filtering software that kills the good unsolicited messages along with the hundreds of bad ones for Viagra, penis enlargement and Nigerian ex-dictator’s wives fortunes. It is preventing legitimate marketers from communicating with customers and raising costs for ISPs, enterprises and regular Joes. Legislation won’t do anything. AOL, we salute you!