News related to UCE (Unsolicited commercial email) or "spam"

 MSNBC Spam-O-Rama, Aug 19, 2008

As a Linux user, it doesn't do anything to me except fill up my inbox with junk. For naïve Windows users, though, it's a real threat.

Currently, FairUCE only works on Linux-based MTAs using Postfix. While popular, Postfix is overshadowed by two other Linux-based e-mail server programs: Sendmail and qmail.

Microsoft said Ballmer's e-mail did not violate federal anti-spam regulations. But anti-spam activists and legal experts said the message does not make it easy for people to remove themselves from future mailings, as required by the law.

Programmers on Wednesday released the new version 3.0 of SpamAssassin, open-source software for filtering out unwanted e-mail, but the changes are as much legal as technological.

Project leaders for the widely used software chose to enter the fold of the Apache Software Foundation to take advantage of the nonprofit group's legal and technical resources. To make the move, SpamAssassin had to adopt the Apache License.

America Online said Thursday that it will not support a Microsoft-backed antispam technology called Sender ID.

The online giant cited "lackluster" industry support and compatibility issues with the antispam technology SPF, or Sender Policy Framework, that AOL supports.

The Apache Foundation, an open-source development group, on Thursday pulled its support of the proposed antispam standard Sender ID, saying Microsoft's license requirements are too strict.

The move by the group responsible for the popular Apache Web server comes as other open-source developers also voiced reservations about Microsoft's attempts to apply stringent license requirements to its contribution to the spam-fighting technology.

"We believe that the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with Apache License 2.0," the group wrote Thursday in its letter to the technical committee working on the technology.

Sendmail has taken a first stab at software to authenticate the source of e-mail messages, a technology that will be key to preventing the proliferation of spam.

The company released a module for its Sendmail e-mail server software that attempts to verify the source of messages to help Internet users block mail from unwanted senders. The technique is part of a developing Internet standard known as Sender ID.

[NY Times requires free registration]

Webmaster's note: The article talks about the same spam methods used to send fake mails purporting to be from Linux.org in early 2002.

Prosecutors also accused Delta Seven of obscuring the origin of the mail by breaking into computers owned by others to relay the mail. As a way to establish the state's jurisdiction, the case centered on a computer owned by Jarjo Promotions of New York City. But documents said that Delta Seven sent e-mail through a grade school in Korea, an Internet provider in Slovenia and the ministry of finance in Kuwait. A central issue will be how much responsibility Synergy6 and OptInRealBig have for any misdeeds of Delta Seven.

President George W. Bush signed a bill into law Tuesday establishing federal rules for commercial e-mail and penalties for unsolicited mass spamming.

Known as the CAN-SPAM Act, the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 takes effect Jan. 1. The law prohibits the use of false header information in bulk commercial e-mail and requires unsolicited messages to include opt-out instructions. Penalties for violations include fines of up to US$250 per e-mail, capped at up to $6 million.

The U.S. House of Representatives approved Congress' final version of the Can Spam Act of 2003 Monday, sending the landmark anti-spam legislation to the White House for President Bush's promised signature.

The bill establishes the first national standards for the sending of commercial e-mail and charges the Federal Trade Commission (FTC) with enforcing the Act. The FTC is required to report back to Congress within two years on the effectiveness of the Act and the need, if any, for modifications.

Congress has reached an agreement on antispam legislation that could end more than six years of failed attempts to create a federal law restricting unsolicited commercial e-mail.

ORN: This change in policy by VeriSign seems to make antispam activists angry.

PV: A lot more spam is getting through my outer defenses than used to. But that's not the only concern: the other registrars are concerned about monetization; ICANN is concerned about a big change in behavior for users; and standards zealots are just annoyed.

Actually ICANN was consulted about a similar issue, that is, to limit this behavior to just internationalized domain names. ICANN advised against doing that, as did the IETF and the IAB. The ICANN and IAB advice about internationalized domain names would apply even more strongly to the use of wildcards.

As for the standards zealots, the IANA has reserved a.com, b.com, and so on. They're not supposed to exist, but they now appear to exist. It's a small point of theory, but it angers some people.

There are also privacy concerns. Think of other information carried in URLs with query strings, all of which ends up, if URLs are malformed, in VeriSign logs now. Such information may include passwords, logins, and other sensitive information. It wouldn't be sent anywhere if the domain name lookups would fail. You also have other branding concerns. If someone guessed at your domain name it would previously have just failed.

 View older news this year: Nov Oct Sep Aug Jul Jun May Apr Mar Feb Jan
 View news from other years: 2008, 2007, 2006, 2005, 2004, 2003, 2002, 2001, 2000, 1999
 View older news in category Spam this year:
 View Spam news from other years: 2008, 2005, 2004, 2003