Vendors spamming NANOG attendees
rbf+nanog at panix.com
Wed Jun 14 16:26:44 CST 2017
On Wed, Jun 14, 2017 at 01:21:21PM +0000, Mel Beckman wrote:
> You make a good point. But I wonder how often spammers are so
> obvious, and I wonder if his "leveraging" falls amiss of CAN-SPAM's
> specific prohibition:
> (I) harvesting electronic mail addresses of the users of a website,
> proprietary service, or other online public forum operated by another
> person, without the authorization of such person; and
> (II) randomly generating electronic mail addresses by computer;
> Technically, this spammer harvested the names of attendees at a
> physical conference, not of some online resource, which is what
> CAN-SPAM prohibits. I know it's splitting hairs, but that's what
> spammers do.
There is no such specific prohibition in CAN-SPAM.
The section of CAN SPAN from which you are quoting (15 USC 7703)
instructs the Sentencing Commission to consider sentence enhancements
for criminals convicted under existing computer crimes laws if they did
one of the two things you list above.
The part you left out (and which immediately precedes the part you
(2) In carrying out this subsection, the Sentencing
Commission shall consider providing sentencing enhancements for—
(A) those convicted under section 1037 of title 18 who—
(i) obtained electronic mail addresses through improper means,
[ then (I) and (II) from above ]
Merely sending non-misleading spam does not violate 18 USC 1037.
> My point is that CAN-SPAM is virtually useless. There have been a
> handful of prosecutions in more than a decade, and spammers are not
> seeming to be deterred.
> I know there are honeypots that try to catch electronic harvesters,
> but I don't think they could provide proof of someone who got his
> emails from a list of attendees at an event, a shared customer list,
And even if someone did, no crime is committed.
But if someone uses those addresses in the commission of another crime,
he might go to prison for longer.
More information about the NANOG