CAUCE director John Levine notes:
The governor of Colorado recently signed a new anti-spam law into effect. Since CAN SPAM draws a tight line around what states can do, this law is mostly interesting for the way that it pushes as firmly against that line as it can.

Read the rest of his comments on his blog.

Posted on behalf of: Neil Schwartzman, Executive Director CAUCE

A friend of mine just wrote to me about a new service called NotchUp.com so I looked them up on DomainTools.

Now, why would a company obfuscate their domain registration? I can’t think of a good reason why. That isn’t to say that NotchUp.com is not a fine upstanding company, I don’t know, but having correct and open information in your domain registration means you are taking responsibility for your online conduct.

Unemployed folks, and others looking to change jobs should be very careful when joining a job recruitment site; they can be real hornet's nest. For one, job applicants are giving out a tremendous amount of personal data that can be misused to the ends of personal identity theft. As well, many of them are not worth the bother, or can be out-and-out malicious.

Another friend was the victim of a drive-by virus-infected when someone ostensibly reached out to him about a VP-level job, one for which he was suitable (he's a sales guy, so it might not have been entirely targeted).

The CAUCE advice?

• Stick with the biggies - to name a few; Linkedin, Monster, Workopolis, Craigslist
• Check out new companies and new job sites from the comfort of your own browser!
• Run the domain through DomainTools
• Get yourself a copy of the great tool from McAfee Site Advisor, a plug-in that works for both Internet Explorer and Firefox, and check out their reviews.
• Use the Alexa Firefox plug-in to check out if the site has a reasonable amount of traffic.
• Use your favourite search engine on the name and the domain name of any potential job site or employer. Then search again and add the qualifier + spam. Or + scam
• Never respond to Unsolicited email
• If the job seems too good to be true, (especially if you are desperate!), stay away!

For example, LinkedIn currently has many 'work at home' jobs touted, money-laundering for 419 and phish-stolen money. Getting involved in those schemes helps sustain spamming, and you can be arrested. (LinkedIn are doing a fine job of deleting these as fast as they come in, but the bad guys slip through, nevertheless)

Good luck with your job search, don’t let the bad guys swindle you!

The scuttlebutt around Ottawa these days is the Harper government is seriously considering tabling a spam law in the House of Commons possibly before the summer break. More on this as it develops!

"Plaintiff e360Insight, LLC is a marketer. It refers to itself as an Internet marketing company. Some, perhaps even a majority of people in this country, would call it a spammer. e360 sends e-mail solicitations and advertisements, for a fee, to millions of e-mail users. More than a few of those users are subscribers to Comcast, an Internet service provider. Many e-mail users do not want to see (or delete unread) the messages sent by e360. Even if every user wanted these e-mails, Comcast might well have its network overloaded by the mailings."

-- Judge James B. Zagel, e360Insight, LLC vs. Comcast Corporation,

Memorandum Opinion and Order filed April 10, 2008

We've been wondering what e360 hoped to gain with their recent lawsuits against Spamhaus and others. If they were trying to clarify the right of ISPs to protect their users from spam, then they've certainly done a good job -- especially in this particular case.



If it wasn't clear before, Judge Zagel's explanation should satisfy even the most pedantic of filtering opponents:

1. ISPs acting in good faith to protect their customers are not liable for blocking messages that some spammer claims are not spam
   
2. "...compliance with CAN-SPAM...does not evict the right of the provider to make its own good faith judgement to block mailings."
   
3. an ISP rejecting messages, during the SMTP session, that a spammer knowingly sent to them, does not constitute a "denial of service" attack against the spammer
   
4. saying "hey, you let those other spams through, why not me?" is just dumb (that's my interpretation, of course; the judge used more polite language)
   

It's statement #2 above -- the one about CAN-SPAM -- which will have the most direct and immediate effect on companies who try to walk the edge between spam and legitimacy. Complying with CAN-SPAM is the bare minimum required by law; as the courts have stated before any sender has to do a lot more to get their mail delivered into other peoples' inboxes.



Unfortunately, this case won't affect most spam. The near-unbelievable volume of messages sent every day are sent by individuals who don't even pretend to comply with any law, and who know that if they ever tried to file suit against Spamhaus or Comcast or anyone else they'd be laughed out of court -- and most likely arrested.



Even so, CAUCE thanks e360, Comcast, and Judge Zagel for providing us with a good laugh and a small ray of hope in the fight against spam.



Stay tuned for the results of Comcast's counter-suit against e360.

A letter to the editor sent to Ken Magill of Direct News / Magilla Marketing
* Reposted with Permission from Neil's Personal Blog.

Ken,

Thank-you for your April 1 column 'Anonymous Group Takes Aim at Spamhaus', it is no joke.

Consider for a moment what the circumstance for the email world would be, were the people behind Online Marketing Advocacy Group to be successful in putting The Spamhaus Project out of business.

Literally hundreds of millions of user inboxes would be left unprotected. Spam would flow, unabated, into them. How then, would users react? I imagine a goodly portion of them would simply give up on the medium. We have already seen evidence of users either migrating to social networking closed gardens or dumping email altogether, how much more tempting will these alternates be in such a world?

ISPs would scramble to put other measures into place, using DNSBLs far more draconian those of Spamhaus.

Legitimate marketers will be severely affected, with a far, far lessened ability to get their messages delivered, or actually seen, amidst the blizzard of spam.

Is a listing on Spamhaus onerous enough to sue the company out of existence? I imagine it must be for some of the highest degree of frustration to be listed at Spamhaus. However, in both my personal and professional life I have never experienced anything but professionalism and ease of use with their products. The clients I have encountered with Spamhaus listings who made the appropriate changes were quickly delisted, plain and simple as that.

I expect of the tens of thousands of legitimate marketers who are not listed at present, some may have had some unfortunate intersection with Spamhaus, and had to change their practices. At present, they are humming along happily. To them I ask - do you like getting your mail to the inbox of your subscribers? Then do not sit on your hands, and allow this pernicious, short-sighted initiative to move forward an inch without a challenge:

Contribute to Spamhaus in any way possible; they surely have a legal defense fund to fight against this spurious attack, pony up some money!

Strictly follow industry guidelines - the Messaging Anti-abuse Working Group has several available through their website (including a terrific new paper on email authentication, check it out - all these documents have been developed with the full participation of senders, receivers, CAUCE and Spamhaus associates.

Agitate in industry associations like the DMA and ESPC to very publicly voice and undertake initiatives against the actions of the cowardly Online Marketing Advocacy Group and indeed for The Spamhaus Project. This may cause some internal pain to these groups. It is my understanding that some of their members, in fact, very vocal members are the main supporters of this attack-dog group. Take a stance, divest yourselves of these sectors of the industry that do nobody any good, far least, the ever-loving recipient of email

Be forewarned, if you don't take an active stance now, today, and these vile back-room people are successful, you will doubtlessly wish you had done so. It will hurt your business, and in these business climes, I'd say that in and of itself is a very brave stance indeed. Good luck with that.

--
Neil Schwartzman
Executive Director
CAUCE: The Coalition Against Unsolicited Commercial Email