[Meng Weng Wong]
Suppose an ISP mailserver acts as a relay for outbound spam carrying
forged envelope/header information. Suppose the bounces from that spam
end up hosing a third party's mail server due to the joe job. Could
that third party sue the ISP for negligence?
IANAL (thank goodness) but my understanding of the new yes-you-CAN-SPAM Act
is that the only parties allowed to bring civil action for spamming are
ISP's or the States Attorneys General. If the damaged third party is a
corporate mail server, no joy in the courtroom. I wouldn't hold my breath
on anyone but the largest ISP's undertaking legal action. ISP's are
for-profit businesses, we are in a terrible business climate and they have
much more urgent places to spend their operating funds than on legal
actions, which even if successful, will not even pay for themselves. As for
the States, I don't know about your State, but ours is flat broke and
prosecuting spammers has a priority of about -1 compared to the other
problems they face.
Recall that the new law was rushed through Congress specifically to beat the
January 1, 2004 implementation date of the California anti-spam act, which
it pre-empted, along with all other State laws with more restrictive
provisions. The CAN-SPAM Act, bad as it is, was heavily debated and really
does represent the consensus of our Congress. We're quite stuck with it, at
least for the present.
That's all water under the bridge, but I wouldn't count on anyone suing
anyone else over spam unless they're Microsoft or AOL. Forging headers and
using compromised systems to relay spam are both specifically illegal under
the new law, but the likelihood of any criminal enforcement is doubtful.
Though the Act designates the FCC as the enforcement agency, I recall that
prior to the passage of the Act, the FCC Commissioner said the law did not
give the FCC sufficient authority to really do anything (I admit to not
understanding that), his agency lacked the technical expertise to
successfully track down and prosecute violators (a shocking statement on its
own) and they didn't have sufficient resources to devote to it in any case
(quite believable).
Basically, we have a law that permits spamming under specific conditions
with no one to enforce it when those conditions are not met. No question,
the spammers had a big-time win on the legal front. That being said, I
think that SPF represent the best chance we have to control the problem
through technical means. There may be better technical solutions imaginable
(i.e. cryptography), but IMO SPF has the best chance of industry acceptance
as it requires relatively small changes to existing infrastructure and
delivers a huge return on investment. If widely implemented, it will
confine spammers to a smaller number or errant ISP's that are more easily
monitored and blocked using DNSBL's. This actually makes the original goal
of the block lists, to create black holes in the internet around networks
that spam, an imaginable outcome. Sorry, I was daydreaming.
I'm still not giving up on the possibility of better laws at some point in
the future. Though laws in themselves will not solve the problem, SPF +
DNSBL's + laws together would make it pretty darn tough to make a living as
a spammer, and in the end, that's the only thing that will stop spam.
Remember, "it ain't over 'til it's over", and it's only over if we quit.
Keep complaining to your representatives that the CAN-SPAM Act is too
permissive to start with and is not being enforced. We need a confirmed
opt-in system like the rest of the civilized world, along with heavy
criminal forfeitures to make spammers pay for enforcement costs. I think
the savings to businesses, both domestic and worldwide, along with the
increase in productivity due to a (nearly) spam-free workplace is a
sufficient argument for legislators to pursue this against the wishes of the
direct marketing industry, _iff_ (if and only if) enough voters complain.
Go make some noise!
--
Seth Goodman
off-list replies to sethg [at] GoodmanAssociates [dot] com
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡