Monday, May 24, 2004

Spam and Stupid German Regulations

This Slashdot article is a case-study in the law of unintended consequences.

"As reported on German news site Heise, the system administrators of the Technical University of Braunschweig have temporarily given up the fight against spam [NB - Article is in German]. Because of the legal obligation to deliver all mail and of the delay time exceeding critical 5 days(!), they decided to switch off all filter mechanisms. Before, the 20 servers dedicated to processing e-mail alone had been breaking down under a load of 100000 unprocessed mail messages, ca. 98% of which had been spam or viruses. ... A similar e-mail jam occurred recently at the IT central of the German Federal Government.

This is the sort of idiocy that comes of legislators leaping to regulate everything under the sun, without any thought in mind that technological change or some unforeseen development might ever render their policies obsolete. In point of fact, the German legislation in place is such a stinker that even the delivery of viruses is a legal obligation! I bet no Bundestag representative ever imagined the dandy new legislation he or she was voting for would some day serve as such a boon to online criminals around the world.

What's most pathetic about this development is that all it would take to get rid of most of the spam Braunschweig TU is receiving would be the combination of a subscription to a real-time blacklist like SPEWS and a server-side filter like SpamAssassin or SpamBayes. Instead cash-strapped German educational institutions are forced to bear unnecessary costs in terms of additional bandwidth and storage requirements, and the endless headaches of dealing with preventable virus outbreaks. Well, I guess German IT support staff are smiling, at least, as it means they'll never be short of emergencies to firefight.