Murkowski anti-spam bill could be a problem for ISPs

* Commercial e-mail must be tagged with "advertisement"
* All ISPs must provide tag filtering on inbound mail
* Commercial e-mail must provide a real return address, and accept remove
  requests. They have 48 hours to act on a remove request.
* The FTC can discipline misbehaving ISPs.
* Various penalties for unsigned ads, for ISPs that don't provide
  filtering, for spammers who continue to send ads after receiving a remove.

Seems to me it's even worse than this. Seems to me that the bill, while
well intentioned, could be used by Spammers to say "See, it's OK to SPAM,
it says so here. We put the word advertisement on the subject line. See,
if people don't want to see it, the law says their ISP filters it. We're
doing exactly what the law says we should. It condones SPAM."

Or did I miss something about this law?

Owen

> * The FTC can discipline misbehaving ISPs.
> * Various penalties for unsigned ads, for ISPs that don't provide
> filtering, for spammers who continue to send ads after receiving a remove.

Don't these two lines cause everyone a little bit of grief?

1) What can the FTC do to discipline an ISP?
2) Why should ISPs be required to filter? Wouldn't it make sense that
customers would decide if they want to make a purchase based on *if*
filtering were available?

The other two [unsigned ads] and [spamming after a remove] are good. It
doesn't address the most serious problem.

By a real email address, what do we mean? One that doesn't bounce? One
that actually goes back to the spammer? What if every 48hrs he/she
rotates email addresses so the spammer can ignore the remove requests
because (simply put) it is coming from a different spammer (and *still*
send untagged email)?

-Deepak.

> > * The FTC can discipline misbehaving ISPs.
> > * Various penalties for unsigned ads, for ISPs that don't provide
> > filtering, for spammers who continue to send ads after receiving a remove.
>

Don't these two lines cause everyone a little bit of grief?

No, the cause some people (not the spammers) an enormous amount of grief.

1) What can the FTC do to discipline an ISP?

Levy large fines after several years of delay.

2) Why should ISPs be required to filter? Wouldn't it make sense that
customers would decide if they want to make a purchase based on *if*
filtering were available?

Of course.

By a real email address, what do we mean? One that doesn't bounce? One
that actually goes back to the spammer? What if every 48hrs he/she
rotates email addresses so the spammer can ignore the remove requests
because (simply put) it is coming from a different spammer (and *still*
send untagged email)?

Oh, you don't even have to work that hard. If you have to have filtering
anyway, you can expect many people to have the filter auto-send a remove
messge in response to all spam, so a spammer signs up for a dial-up account,
sends 100,000 spams, gets back 25,000 remove responses, of which 24,900 fall
on the floor because he's blown his e-mail quota. I said this bill had
problems.

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, John R. Levine, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47

I see serious problems with this as well. First, it is inconsistent with
the way that other "unwanted" messages. For example, your postmaster is
not required to filter through your mail and remove any junk mail (usually
"tagged" as "bulk mail"). And yes, you are paying for that mail to get to
you as a US tax payer.

Second, I think it opens huge liabilities for an ISP. What happens, for
example, if an ISP mistakenly filters out an important legitamate message
because it met the conditions of a junk message? Or, if an ISP fails to
filter out all junk mail because of a failure of the filtering system or
because the junk mail is not properly tagged?

On the other side, I think there are huge liabilities that come up from
the people who might *want* spam (obviously there must be people who
respond to spam), as well as whatever rights spammers may have to
communicate their message. It stinks of a ripe first amendment lawsuit
when you talk about the carriers of the message completely shutting off
communications of this sort. Of course, I'm not an attorney.

The thing that most concerns me is that the easiest target to hit is the
ISP. The customer isn't doing anything except complaining, and the spammer
can pull up roots quickly and move on without leaving tracks. Only the
ISP, who bears the brunt of responsibility and liability, is involved
enough and is permanent enough that if fines are levied or lawsuits filed,
they're the most likely (if not the only) ones to get hit.

Ironically, the ISP is actually the one who "suffers" the least, as long
as they are protected against spam mail relaying and their customers
aren't the ones doing the spamming. The costs of filtering, and potential
legal costs related to this bill are far higher than any current costs of
spam (some bandwidth and disk space).

For these reasons, as an ISP, I'm very fearful of legislation like this. I
would prefer that the ISP be completely removed from the loop, and that
the legislation focus strictly on ways that Internet users can do their
own spam filtering (even potentially having a user-specified server-side
filter, so they don't have to download the spam messages), and leave it at
that.

Pete Kruckenberg
VP Engineering
inQuo, Inc.
pete@inquo.net

I see serious problems with this as well. First, it is inconsistent with
the way that other "unwanted" messages. For example, your postmaster is
not required to filter through your mail and remove any junk mail (usually
"tagged" as "bulk mail"). And yes, you are paying for that mail to get to
you as a US tax payer.

Actually, the USPS is almost 100% postage-funded; the only "subsidy" they
receive is that it's a felony to mess with US Mail (which courts will go
crazy over), whereas messing with FedEx/UPS packages is barely a misdemeanor.

Second, I think it opens huge liabilities for an ISP. What happens, for
example, if an ISP mistakenly filters out an important legitamate message
because it met the conditions of a junk message? Or, if an ISP fails to
filter out all junk mail because of a failure of the filtering system or
because the junk mail is not properly tagged?

This provision is also contrary to the idea of a common carrier... I think
we should be trying to get _closer_ to common carrier status, not farther
away.

On the other side, I think there are huge liabilities that come up from
the people who might *want* spam (obviously there must be people who
respond to spam), as well as whatever rights spammers may have to
communicate their message. It stinks of a ripe first amendment lawsuit
when you talk about the carriers of the message completely shutting off
communications of this sort. Of course, I'm not an attorney.

I agree.

For these reasons, as an ISP, I'm very fearful of legislation like this. I
would prefer that the ISP be completely removed from the loop, and that
the legislation focus strictly on ways that Internet users can do their
own spam filtering (even potentially having a user-specified server-side
filter, so they don't have to download the spam messages), and leave it at
that.

I think that the burden should be placed entirely on the spammer; there is
no reason to bother the user or the ISP with this mess.

The current US law (USC Title 47 Sec 227) governing commercial
telecommunications should be strengthened to explicitly include email.
There's already been a few judgements using this law as-is, so there's no
reason to create a new law that may not work.

The US government can add email addresses to the telephone number opt-out
list they maintain; email spammers will have to pay for access to the
opt-out list just like phone spammers, and the US Govt will eat any spammer
who doesn't use it alive. Other countries will undoubtedly follow the US's
lead if/when it works, as many have with telephone opt-out lists.

I'm not familiar with snail-mail opt-out lists; it might be worth
investigating those (if they exist), but the phone opt-out lists will
probably more applicable.

Out of curiosity, has anyone considered the effect of this law (or others)
on non-profit spam?

Stephen

Why not voice these complaints to Senator Murkowski? He has the following
text on his webpage:

      NOTE: Senator Murkowski strongly encourages the
                  Internet community to make specific recommendations or
                  comments about the legislation. Please send them to this
                  address: commercialemail@murkowski.senate.gov