| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 46183 | 2004-06-16 01:07:00 | OT - Submision on antispam legislation - comments please | aronking (2294) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 244988 | 2004-06-16 01:07:00 | Submissions are being requested on the Anti-spam legislation proposed by this Parliament . I intend to make a submission and would welcome input from PF1 members . There are two aspects to be covered – a proposal and examples as to how it is to work . There are a few areas that I would like to address: 1 . Filtering . How feasible would it be for ISP's to reject any emails coming from another ISP? An example is that a spammer uses an ISP to send its messages . While a spammer is able to "spoof" an email address, can the spammer also "spoof" the metadata that accompanies the email? If the metadata is secure in its identification protocol (ie the true ISP is still identified), then the receiving ISP can block all traffic that emanates from that spamming ISP, and it will only be a matter of time before ISP's take the responsibility (or sue) those spammers that use their servers . If an ISP is not aggressive enough to do this, customerswill change to one that is . Even if a handful of receiving ISPs do this, the "offending" ISP would have to resort to action or its own customers would object to legitimate emails not getting through . At present, there isn't enough of an incentive for ISP's to crack down on spammers - maybe this will change their "incentive" levels . The incorporation of the ability for ISP’s to block such traffic would need to include an immunity to the NZ ISP's for the effect of such filtering or blocking of traffic . 2 . Jurisdiction . Presently, anti-spam legislation would only cover the spammers operating from within one's borders, and in some cases where mail is received into one's borders . While the legislation can deal with the spammers within one's borders (including a spammer who lives in Mt Eden), prosecution of spammers that are based overseas becomes an inter-jurisdictional problem . I propose that the legislation has a provision that would allow reciprocal jurisdiction with countries that pass similar anti-spam legislation overseas (subject to agreement between the corresponding governments) . An example . Say both the Australian and NZ governments grant reciprocity to the anti-spam legislation . Then the NZ spammer can be prosecuted in NZ for spam sent to an Australian address, using the Australian legislation or the NZ legislation . This would have the effect of the prosecutions being on the higher (or tougher) legislation . That way, if our NZ Parliament passes tougher legislation, it would not be watered down by the other countries loopholes . This would not be too onerous as the objective to spammers would be - abide by NZ laws if you wish to send spam locally and the other countries laws if you wish to spam there . There would be no excuse for any spammers from pleading ignorance (read excuse) that they were unaware of the foreign legislation . Obviously, there would be jurisdictional issues but if our legislation can make such a start, other countries may be apt to follow our lead . NZ would thus be claiming the high ground in attacking this problem . The net effect (I would hope) would be that, over time, there would be a white list of countries, from which persons can have a greater reliance that spam would not originate (and users can lower the spam detection software from these sources) and a grey or black list, from which persons can apply anti-spam software aggressively or even ban completely . What is the effect on legitimate email senders from the black lists? They can always obtain email addresses from while list countries and continue as normal . They would obviously be subject to being sued if they spam (I am sure the ISP's would find a way to do this before they allow any such customers to sign up) . Note that the ISP’s would not be liable for any prosecution; the only effect is a commercial one, their traffic would be banned . If they do not comply, they would lose their customers very quickly . This is far more efficient than a lengthy prosecution process . Any comments on the above would be appreciated . I am sure that there would be a number of other areas that can be addressed and I welcome suggestions . Please note that at this stage, please address the issues and not attack the technicalities (at least not at this stage) . I am seeking areas to explore further for the submission . Cheers PS Apologies for the lengthy post . |
aronking (2294) | ||
| 244989 | 2004-06-16 06:21:00 | You know, people never make submissions and sometimes they should. However, it costs to go to Wellington and hang around to say things to a committee in person. I think submissions in writing are acceptable, however. I think it is a worthy endeavour. When are submissions due and how can people find out about how to submit? robo. |
robo (205) | ||
| 244990 | 2004-06-16 06:40:00 | What I'd like to know is how to block the stupid trademe automailer spam that informs me my account is in debt and that I need to pay money. Spams me at least twice a week :| | kiki (762) | ||
| 244991 | 2004-06-16 08:31:00 | Kiki, this is an oldie but a goody and should work just about every time. Pay the account or cash it up ;) Aaron, I imagine that if you blocked entire ISP's email traffic the attempted cure would be worse than the problem. Can you see businesses standing for their email being halted because some low life has spammed someone else. It simply has the potential to do enormous damage before any action to rectify the problem could be forced out of the victims. Yes, ISP's can victims in this too. I think the jurisdiction/sovereignty issues need to be addressed but that is going to take an age. All it will take is a few of non supporting countries and some servers to bring it down. IMO the best we can do is get legislation in place to stop the perp's here and support international initiatives. Some R&D funds, perhaps via a levy, would not go amiss either. We also have to wary that any legislation enacted does not impinge on the overall freedom and function of the internet or can not be twisted to that use. Making a submission is a very good idea, however you think it should be dealt with. Cheers Murray P |
Murray P (44) | ||
| 244992 | 2004-06-16 09:26:00 | From what I understand it hasn't made much difference in the USA. The whole protocol needs changing so no spoofing can happen in the first place. | mikebartnz (21) | ||
| 244993 | 2004-06-16 10:12:00 | > if you blocked entire ISP's email traffic the attempted cure would be worse than the problem Upon my first reading of the applicable section in aronking's post, I had thought that it meant block all mail coming into their SMTP servers, which is an obvious move which most ISPs have already made, but is still spoofable. However, blocking traffic from whole ISPs would be like shutting down the North Western motorway because a few people go over the speed limit. And I honestly don't think that there is a significant number of people who send spam in New Zealand. Also, I don't really want to be paying a levy just because some evil sods in our country are sending spam. Something to take into consideration in your submission is to suggest that people who send spam can be prosecuted even if no one who receives their spam is involved - so an informant could dob in a spammer, or they could be caught by analysis of outgoing traffic from their account. Which leads on to: ISPs should be required to monitor outgoing email traffic - would this mean they could catch people who are sending spam by the volume being sent? You've got to take into consideration peope whose computers have been turned into zombies, and that they shouldn't be prosecuted. And perhaps running an open-relay mail server should be illegal (for obvious reasons). Oh, and maybe using overseas SMTP servers to send mail should be blocked at the ISP level (and be mandatory to impose), thus meaning that it is easier to find people sending spam from our country. This last item could have implications on multi-national corporations, who could potentially be exempt from this. |
agent (30) | ||
| 244994 | 2004-06-17 23:47:00 | Thanks very much for the comments . It has been helpful . On the "spoofing" issue, is the metadata on the address from where the emails are being sent "spoofable"? Basically, I would like to find out if there is a foolproof way of identifying the source of the traffic . On the blocking of the ISP's, if my receiving ISP banned traffic from a source that very rarely has spam sent from (ie that sending ISP being duped by a rogue customer), I would not envisage my ISP banning that sending ISP . In reality, I would expect that with commercial pressures of ensuring emails do get through, it would be only the ISP's that are "willfully" careless that would eventually be banned . At the moment, as I understand it, a receiving ISP has very limited options to ban incoming emails . While this option is not envisaged to be a compulsory act it is to allow the ISP's from being able to use it if they so desire . I take the point that if it is done in all cases (including minor instances) it can cause havoc! Of course, none of the above would work if the metadata can be spoofed - so any comments on that would be helpful . Jurisdiction is an issue and I will leave it to the experts in Government to sort it out . I, for one, support granting interjurisdictional prosecution in this case (and maybe others, like terrorism, but this is not the forum to discuss this latter item) . Thanks also to the very informed and calm manner in which the discussion has proceeded . On contentious issues, other threads degrade to a low level very quickly with hardened views by some . The objective is to try to make it easier to rid ourselves of what some consider a scourge on e-communication . Robo, written submissions are possible at this stage and a trip to Wellington may not be required . However, when it does reach the select committee stage, maybe a PF1 reader in Wellington could support our democratic process by going there . I will post the date, site, address etc for submissions to be sent to . Agent, thanks for your comments on a dobber - that would be a classic example to include in the submission . Mike, I agree that the US legislation is severely deficient in many respects . Some have commented that in the US legislation now gives protection to spammers as it is an "opt-out" scheme rather than an "opt-in" scheme as is the case in Australia . The US regulatory body has already commented that an "opt-out" list is not practical so we need to ensure that our legislation does not go this way . In the submission that I propose, it would be an "opt-in" process with no sharing of email addresses - ie no implied opt-in if you enter a contest . An example, if one enters a contest or requests information, before any unsolicited mail can be sent, the person (read subscriber) would have to categorically agree to receive emails (either by going to another page or clicking an AGREE button) . That consent would be only for THAT service and the address cannot be shared "by reputable partners who have products that may interest you" (read we can sell your address to anyone else) . Further, any unsubscription to any service specifically is not to allow the party to "sell" or transfer the email address to any other party . The above is another area to be covered in the submission - thanks for the prompt Mike . Agent, thanks for your comments about computers being made into zombies . We are all apt to be hit by this if we are not careful . A question, should we impose a liability that all users should be liable for some punishment where they are willfully negligent in not keeping machines safe at a basic level (ie with free firewalls and anti-virus)? Otherwise, the spammers may be able to get away . In the submission, I would propose a higher level of redress from spammers who resort to this measure (but comments on the minimum standard for users would be helpful) . Cheers |
aronking (2294) | ||
| 244995 | 2004-06-18 01:34:00 | could we have law that means that all ISPs in NZ will spam filter email that leaves there network as well as filtering email that comes in to there network. at the moment most ISPs spam filter all in comming email and this has helped the end user of NZ but will not stop an NZ user spaming the world. |
robsonde (120) | ||
| 244996 | 2004-06-18 04:03:00 | Written submissions are certainly acceptable; this one isn't even a "submission" in a strict Parliamentary sense (as we don't have a first-reading Bill yet); it's a response to a "discussion paper" - a much earlier stage. In a surprising piece of state-of-the art thinking, the officials responsible for this stage have even undertaken to accept submissions by email! The address is spamsubmissions@med.govt.nz. The discussion paper and other advice on submissions can be read (fearsomely hypertexted) and downloaded in one piece (Yay!) as a PDF (boo!)* at www.med.govt.nz/pbt/infotech/spam/discussion/index.html And I don't think an offer to come to Wellington and "speak to your submission" would be entertained at this stage. Meanwhile, for "real" submissions (post-first reading), it's still 20 copies on flat pieces of dead tree :-( Parliament seems incapable of receiving or copying them in digital form. * One of the several things I have against PDFs is that I haven't found a way to highlight the bits that in my eyes are important. Word documents (and presumably documents in other word-processor formats) let you do the highlighter-pen thing in a brilliant range of colours. Someone had a mildly amusing piece going the rounds about one of the greatest dangers of the internet being the endemic presence of evil "PDFfiles". I can't help but agree (tho' I appreciate many would consider it in bad taste). Closing date for responses to the spam paper is June 30. Argus I see (looking this up on the IDG database) that IDG has at least one article on "spim". Could be spam from a public relations company. |
argus (366) | ||
| 244997 | 2004-06-18 04:08:00 | Sorry; should have read the piece. "Spim" is spam via IM (instant messaging). Apologies for impugning IDG's proofreaders. Argus |
argus (366) | ||
| 1 2 3 4 | |||||