Spam — Electronic Junk Mail
You Pay for Spam | It's Out of Control | Dealing with Spam | Use Opt-in Lists
What is Spam?
If you've been on the Internet even for a short time, you know about the unwelcome junk messages that pile into your in-box daily. That is spam.
Simply put, spam is electronic junk mail.
More precisely, spam is the spreading of a single message to a large number of email addresses, posting on an inappropriate newsgroup, or cross-posting a message to (typically) more than three newsgroups.
Other terms for spam are Unsolicited Commercial Email (UCE) and bulk email.
“Spam is an issue about consent, not content. Whether the UBE message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant — if the message was sent unsolicited and in bulk then the message is spam.”
— spamhaus.org
Spam Costs You!
Usually the Advertiser Pays
Tradition forms of advertising is paid for by the advertiser. For example, it costs much more to advertise in a newspaper than it does to purchase it. Some newspapers are free to the reader, completely paid for by the advertiser.
But You Pay For Spam
The opposite is true with spam. It is the reader that pays the most.
It is extremely cheap for the spammer to send millions of messages out. If even one person responds to this junkmail, the spammer will recoup his costs.
This reverses the traditional cost/benefit ratio so that the advertiser is effectively subsidized by the reader.
Of course, the manufacturer will protect themselves from having to clean up their own mess. The problem of spam is illustrated in this scenario: "How Viagra spam works". The off-shore pharmacies let unethical spammers do their work for them using an affiliate program.
There's Nothing Wrong with Affiliate Programs
There is nothing intrinsically wrong with an affiliate program. I promote selective products on this site, including Firefox, Thunderbird and ZoneAlarm — often providing better pricing via sales and other promotions to benefit my clients and site visitors.
I want visitors to use the recommended products because if believe they are the best solution and therefore provide the incentive for them to do so. I also provide free alternatives for those with more limited budgets.
Spam is Like a 80% Internet Tax
AOL (America On-Line) once estimated that the proportion of spam at 30% of the total volume of emails received by their servers. How times have changed.
“We estimate that at least 80% of all e-mail sent to our servers is junk mail and/or viruses, and that amounts to a lot of wasted resources that cost real money!”
— islandnet.com
The next time someone suggests that spam is no big deal or that you can just delete it, remember that you are either paying about three-quarters more for your Internet service or getting three-quarters less performance. Ouch!
That's right, spam creates added burdens on the Internet infrastructure that is either passed on by the ISPs to the consumer (you) or results in slower service — again impacting you.
Spam is Out of Control
This problem is not new. In 2004, Microsoft reported:
“As of mid-2003, about 83% of the e-mail messages received by Microsoft Hotmail on a typical day are spam, unwanted and unsolicited e-mail sent indiscriminately to users. That's around 2.5 billion out of nearly 3 billion messages, and the numbers keep climbing.”
— Microsoft's Coordinated Spam Reduction Initiative
The Coordinated Spam Reduction Initiative involved plans to:
- Establishing verifiable identity in email through Caller ID for email.
- Setting reasonable behaviour policies for high volume email senders.
- Creating viable alternatives for smaller organizations to distinguish themselves from spammers.
AOL, Google, Microsoft, and Yahoo are to Blame
A 2007 ZDNet post, Why AOL, Google, Microsoft, and Yahoo are to blame for spam because they are the only ones large enough to agree on a global standard to deal with spam effectively and decisively. It seems the problem is one of cooperation:
- Microsoft killed one strategy by claiming their Sender ID is proprietary. They relented (but only after the others had already left the table).
- Yahoo! and eBay cooperated on dealing with phishers going after users of eBay while PayPal cooperated only with Google about issues with Google Checkout. None of parties shared the information with the other major email services.
Help Keep Spam Out of Your Inbox
Microsoft provides some tools to control spam when using Microsoft Office Outlook, Windows Live Mail & Hotmail and Windows Mail (Vista only).
Islandnet.com Recommended
I strongly recommend Islandnet.com for hosting your website or email account because of PEP, their sophisticated proprietary system for dealing with spam, and the multitude of services and gadgets that make hosting a site easier.
Spam is an Email Scam
I suggest you never do business with a company that contacts you in an inappropriate manner.
If they don't have the integrity to be courteous when contacting you with their offers, what makes you think they'll be there for you when you need support or if the product they sell is defective?
The U.S. CAN-SPAM Act
If you receive spam from the U.S. that claim to be legal, quoting the U.S. CAN-SPAM Act, they are wrong!
The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of "non-forged" spam OK.
— spamhaus.org
In fact, this legislation is so useless in protecting unwilling recipients of spam it is nicknamed the "You Can Spam Act."
CAN-SPAM Act Legislators Ignorant of What Spam is
Unfortunately, instead of banning opt-out lists, the U.S. government merely requires that the originator is not concealed and that they provide a method to be removed from the list.
This legislation clearly demonstrates a serious misunderstanding of what spam is and the unethical behaviour exhibited by corporations that practice this sort of "marketing."
Internet companies, whose apparent "business model" is the exploitation of consumer trust and ignorance, are sneaking their spyware systems into our machines for their own purposes.
—Steve Gibson of Gibson Research Corporation
Opt-out IS Spam
It is really sad that marketing companies have been allowed to spam, calling it opt-out. Shame on them!
Don't be fooled by the term opt-out. It is merely an attempt to sugar-coat spam. It's simple: never do business with a spammer, whatever they call themselves.
Don't "Opt-out"
Never "opt-out" of something you didn't opt-in for in the first place.
Few people have the time or resources to determine if the sender is legitimate or not. Responding to spam will only expose you to the thousands of spammers that do not reveal their identity or will simply pass your removal request onto their "sales" department for further propagation.
Domain Registry of Canada
If you have a domain in Canada, you'll probably receive a Domain Name Expiration Notice from the Domain Registry of Canada in a brown envelope designed to appear like an invoice and to confuse you into thinking you're dealing with CIRA. They tend to show up well significantly prior to expiration — long before you normally renew your domain and your registrar usually notifies you about the need for renewal.
This is a sleazy business tactic.
Do not do business with the Domain Registry of Canada (or the Domain Registry of America, both run by Brandon Gray Internet Services, Inc. as Namejuice.com). Their pricing is exorbitant and they appear to be culling the WHOIS information for your domain, contrary to CIRA's legal notice:
Purposes which are prohibited shall include, but are not limited to, any activities which are unsolicited and can reasonably be viewed as harvesting WHOIS addresses (electronic or otherwise) for transmission by email, telephone, facsimile, or regular mail for commercial, advertising, market research, solicitation, or any other purposes which may be reasonably viewed as intrusive to a reasonable domain name holder.
—CIRA
This is not the sort of company that you want to do business with at any price!
Dealing with Spam
Anyone offering to "target market" addresses for you is offering to spam others on your behalf.
The consequences can be severe. Current legislation in California can find you liable for thousands of dollars in damages if even one of your emails sent to a location within California (or any other location with similar legislation) is determined to be spam.
The Profit Motive
Perhaps you've wondered, like I have, how spammers can process stolen and scammed credit card information? This would seem to be relatively easy given the numbers quoted in a recent Information Week article:
95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.
All told, they saw 13 banks handling 95% of the 76 orders for which they received transaction information. (Only one U.S. bank was seen settling spam transactions: Wells Fargo.)
But just three banks handled the majority of transactions: Azerigazbank in Azerbaijan, DnB NOR in Latvia (although the bank is headquartered in Norway), and St. Kitts-Nevis-Anguilla National Bank in the Caribbean.
The article quotes one potential reason:
We have to remember that spam is actually very profitable for the banks and credit card companies that move the money. That might affect how likely they are to actually do something about this.
— Mikko Hypponen, chief research officer at F-Secure
Lack of Prosecution
As well, the legal action that could stem the tide is more difficult than you might think.
- Many operations originate overseas where prosecution under existing laws is difficult or impossible.
- This is further exasperated by protection provided by the U.S. CAN-SPAM Act (lawmakers in most states other than California are reluctant to introduce legislation that makes it more difficult for legitimate businesses to use email for promotion and sales).
- Hacking and the information gathered through spam is undoubtedly being used by nations as modern espionage. The June 2011 hacking of the IMF may have been triggered by malware when an employee clicked on a link in an email.
However, it is not impossible. It is merely a lack of commitment. There is more attention given to protect big media companies than individuals from such illegal activities.
Getting Help Dealing with Spam
These sites can help you deal with spam:
- SpamCop determines the origin of unwanted email and reports it to the relevant ISPs.
- spam.abuse.net is one of the best anti-spam sites on the net.
- The Coalition Against Unsolicited Commercial Email (CAUSE) proposes an "opt-in" system where only those requesting mail receive it.
- Network Abuse Clearinghouse helps you deal with spammers.
- The Netcheck Commerce Bureau promotes ethical business practices on the Internet.
- Scumware.org defines scumware as the "collective term for software that performs unwanted activity on user's computer like malware, PUA, spying/tracking software, etc."
- FTC Spam includes resources provided by the U.S. Federal Trade Commission, as well as an address to report spam.
- "Virus" Hoaxes — avoid spreading ignorance.
Getting Help Dealing with Investment Fraud
Not all investment fraud is generated by spam, but the warning signs are usually the same. If it sounds too good to be true, it probably is. Nowhere is this truer than when shown investment proposals.
InvestRight's Be Fraud Aware is a BC Securities Commission program to help investors know the difference between legitimate and fraudulent investments by identifying the warning signs.
Spam Legislation
The following sites will help you to learn more about legislation in various countries:
- Privacy Commissioner of Canada - Privacy Legislation
- Spam Laws includes legislation links for the United States, the European Union and other countries.
Opting Out
The Internet and Privacy
Privacy on the Internet has become a huge issue since it is so easy to gather personal information and to share it electronically with others. Look at the various resources in the Computer Security section of the free resources area of this site for more information.
Avoid Assumed Consent
A number of very large (and not-so-large) companies made the mistake of creating pre-checked boxes beside statements like, "I would like to be notified about product updates and information of interest from our partners."
This forced people to uncheck these boxes (i.e. opt-out) in order not to have their name sold to other companies for distribution of sales material (a sort of "assumed-close" sales technique used on an unsuspecting public).
The Numbers Didn't Add Up
They should have realized their mistake when they received an astounding 80% assent rate (compared to as low as one response per thousand in traditional direct mail). People were not giving their consent — they were simply not reading what was beside the check box.
Consumer Protection
By pre-checking the boxes they forced the user to take action to not register. This is essentially the same thing as companies sending products to you and billing you without your consent.
The assumption that you could send the products back is inadequate, and most North American jurisdictions give protection to the consumer — usually in the form of being able to keep the unordered merchandise without making any payment. Why should an electronic version be any different?
Use Opt-in Lists
If you have a website and offer an emailed newsletter or other similar service, you will want to ensure that people are actually wanting your email. This process is called an opt-in list.
This can take the form of a subscription option on your website or an invitation in an email response to a message originated by the other person.
Confirming Opt-ins
Even with explicit permission, you might want to confirm opt-in requests by sending a message to the new address asking them to confirm their intention to subscribe. This way you know it is a legitimate request from someone that has access to that specific address. If you receive no reply, simply remove that address from your list.
You should also include a method for people to unsubscribe to your list in the future. While you should never "unsubscribe" to lists that you didn't subscribe to in the first place, this works with lists that you've provided permission using the opt-in methods above.
Family Lists
While it may be OK to send a single message to your whole family, you might want to check first.
Not everyone wants to receive your pictures of Uncle Joe at the birthday party for your niece, particularly if they are on a lower-speed connection such as dial-up — and definitely not all of them.
Everyone knows someone in the family that loves to talk. The electronic version is even more annoying, since you can't simply leave.
Marketing Lists
Never purchase a list of email addresses from anyone. Rather than bring you success, this is likely to get you listed as someone with shady business practices.
Why do those marketing these lists usually forge other people's addresses (rather than using their own) if these lists are a legitimate "service" when making their unsolicited sales pitch to you?
Let the Innocent Suffer
Simply because they only want to deal with the susceptible (gullible) respondents — those clicking on their advertising links.
They'd rather that the real owners of the addresses suffer the high volume of complaints. They only see the result of click-throughs to the website in the message — not the collateral damage. They let the owners of the stolen addresses deal with that.
False Links
Spammers and scammers often mask the actual destination of clickable links within their messages by making it appear to go to a legitimate address, when in fact it goes to a redirected address.
When hovering over the links in a message, look in the status bar to see the actual destination of the link. It is easy to mask the actual destination so that a link that appears to be "from your bank" actual takes you somewhere dangerous.
Beware of Phishing & Identity Theft
Hint, legitimate banks and companies don't warn you by email that your account is suspended. Such messages are an attempt to gain access to your account by requesting your user name and password under false pretenses.
Such actions are called phishing and lead to identity theft. While you're entering information into a fake site, the thief is logging into your real PayPal or bank account.
More About Related Issues
Protecting Your Online Identity
The following related pages offer more information about protecting your online identity:
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Phishing & Identity Theft — Obtaining Information by Deceit
- Proper Email Address Etiquette — Using To:, CC: & BCC: Correctly
Securing Your Computer
The following related pages offer more information about securing your computer:
- Security Basics — Preventing Unauthorized Access
- Firewalls — Your First Line of Defense
- ZoneAlarm Security — Recommended Firewall Products
- Anti-Virus Protection — Current Alerts, Strategies, Hoaxes & Software
- Your Privacy At Risk — Spyware Detection & Removal
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Web Security — Vulnerabilities in Internet Software
- Windows Security — Vulnerabilities in Windows
www.RussHarvey.bc.ca/resources/spam.html
Updated: May 21, 2012