back to article Mushy spam law's IDEAL for toothless watchdog: Spamhaus slams CAN-SPAM

Antispam organisation Spamhaus has reacted phlegmatically to a recent survey that one in 10 of the world’s largest online retailers are still violating the CAN-SPAM Act, a full 10 years after the US anti-spam legislation went into effect. Richard Cox, CIO of The Spamhaus Project, suggested the Online Trust Alliance (OTA)'s …

  1. Anonymous Coward
    Anonymous Coward

    Zero enforcement in the UK

    from what I've seen. And very small enforcement for phone spamming (aka nuisance calls) via OFCOM in that sector.

    1. James 100

      Re: Zero enforcement in the UK

      There is at least a token effort at enforcement of nuisance call prohibitions now - a few big names got fined. Far too little, though - and of course they are still allowed to make anonymous calls, which is a large part of the problem. (Prohibit anonymous calls from non-residential lines, and the spam problem will be greatly reduced.)

      I'm planning to set up Asterisk soon to route all anonymous calls straight to voicemail without ringing. That should solve the problem - but I really resent having to make that effort to deal with people who break the law to boost profits! My e-mail spam filtering is pretty effective - but again, why should we make that effort, when spammers are getting away with breaking the law? Start *jailing* directors of companies violating it, and terminating their companies' phone and Internet access, and we might see real progress.

      1. Fatman

        Re: Zero enforcement in the UK

        RE: Asterisk

        I have only taken a cursory look at it, can you set up policies for blacklisting incoming phone numbers?

        i.e. If CallerID happens to belong to a previously blacklisted spammer, then "sinkhole" the call. I would be curious to know if that were possible. ICON tells why---------------------------->

        1. gerdesj Silver badge

          Re: Zero enforcement in the UK

          Asterisk: Yes you can blacklist which is nearly useless.

          On mine I have a message (IVR) that says: "Press 1 if you think we'd like to speak to you, press 2 to leave a message. Unsolicited callers - please hang up."

          No spam any more at all. The auto diallers don't know what to do. You can bypass it with a white list for friends and family if you like if they pass CLID (painful!)



  2. frank ly

    If you have a 'business relationship', it's ok

    I started getting spam for 'baby things' = disposable nappies, prams, etc., to a unique email address that I'd set up for communication with a retailer that I'd bought my old laptop from some years previously. A quick 'Google' told me that the laptop supplier was apparently no longer in existence but the 'baby things' retailer was operating out of the same retail park (= shabby industrial estate). I assume the laptop supplier had sold or handed over their customer email address collection as some kind of business asset.

    A similar thing can happen to your eBay email address if you buy anything from someone on eBay, though that has been gratifyingly rare in my experience. A few times, after an eBay purchase, I did get phishing spam to the unique address which I use for Paypal (along with spam for cheap Ugg boots). That's because the idiots at Paypal give your registered Paypal e-mail address to anyone you use Paypal to make payment to.

    1. Anonymous Coward
      Anonymous Coward

      Re: If you have a 'business relationship', it's ok

      I get spam to my unique email address used for Amazon purchases. Some are from Amazon partners from whom I have bought something - but others are malware links.

      It was a surprise to get malware spam using the unique email address reserved for orders with Scan Computers - as there seems no reason for them to pass it to others. Happened a couple of times last year.

  3. Anonymous Coward
    Anonymous Coward

    All I can say is thank goodness for the Bayesian spam filter that we use here. In the last three years there has been only one legitimate e-mail that got caught in with the several hundred a day spams we get.

    1. phil dude


      The one I use is called spamassassin, though the university probably uses something commercial, and a bit flaky....had a small rash of spam/phising stuff a month ago, but it seems to have abated...

      It is quite possible that other readers might get their spam headers set, so they can implement the last line of defence in the mail reader. In Thunderbird this is straightforward, but I imagine there are mechanisms in other tools.


    2. Jamie Jones Silver badge

      "All I can say is thank goodness for the Bayesian spam filter that we use here. In the last three years there has been only one legitimate e-mail that got caught in with the several hundred a day spams we get."

      But how do you know?

  4. Mage

    Spamming old Databases

    Three after taking over O2 in Ireland spammed both ex O2 customers and those that O2 had stopping emailing as they had asked for no more.

    Three should never have been allowed to purchase O2. But that is another story.

    Anti-spam legislation seems to be pointless. But the underlying problem is how email was designed in the first place. Step 1 should be "xyz" wants to add you as a contact, Yes/No. If No is selected then every email from "xyz" should be bounced from first SMTP / MX not under "xyz" control. Implementing this with the current systems is impossible as "spoofing" an approved contact as "from" is trivial.

  5. Ugotta B. Kiddingme

    wait a second...

    You're telling me that a government devised "solution" to a private sector problem doesn't work?!?

    My gast is appropriately flabbered!

  6. This post has been deleted by its author

  7. Kevin McMurtrie Silver badge


    - Invent fake business named $SLEAZE

    - Spam Earth for partner web site

    - Apologize and say that $SLEAZE will never e-mail you gain.

    - Repeat for new value of $SLEAZE

    There are even biznesses sites that help automate this. Salesforce/ExactTarget, eNom, and Internap come to mind first.

  8. Version 1.0 Silver badge


    "The lax and/or inadequate enforcement regime of North American anti-spam regimes..." - really?

    I don't understand how they can even consider enforcement to be "lax" - lax is a pretty high bar for the US. And don't get me started on spam faxes and phone calls - nobody give a sh*t here at all. Complaints to the FCC are routed to null:

    1. Alan Brown Silver badge

      Re: ROTFLMAO

      Let me introduce you to the Telephone Consumer Protection Act.

      You don't need to complain to the FCC. Just fill out a couple of forms and trot down to your local small claims court for $500 per instance ($1500 for wilful violations)

      The fax/phone spammer AND the company that they spammed for are jointly and severally liable under the TCPA, and even if the spammer isn't traceable, the company who hired them always is (they're usually more than willing to 'fess up who they hired, in order to reduce the fees levied against them if they don't and you get a court order compelling 'em to 'fess up anyway.)

  9. Glenn 6

    Shame list

    We need a Shame List. SpamHaus should post the retailers who are breaking the rules whom they've caught with their trap addresses.

    1. Anonymous Coward
      Anonymous Coward

      Re: Shame list

      If you've ever found your organization mysteriously on their list due to their high false positive rate, and tried to get your organization off their list, you'd know that if they published a "shame" list they'd be sued out of existence for negligence rather quickly.

      1. Alan Brown Silver badge

        Re: Shame list

        Spamford? Is that you?

        Every single claim of false positives has been ripped to shreds by the spamfighting community being more than able to provide supporting evidence.

        I can see why you're posting AC to make false assertions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like