[an error occurred while processing this directive]

Avoiding Spam & Copyright Abuses

Spam - Phishing - Copyright - Censorship Issues

Spam: Electronic Junk Mail

Spam Costs You - Out of Control - Dealing with Spam - Use Opt-in Lists

If you've been on the Internet even for a short time, you know about the unwelcome offers that can pile into your in-box daily. That is spam.

Promote Responsible Net Commerce: Fight Spam!

Simply put, spam is electronic junk mail.

More precisely, spam is the spreading of a single message to a large number of e-mail addresses, posting on an inappropriate newsgroup, or cross-posting a message to (typically) more than three newsgroups. Other terms for spam are Unsolicited Commercial E-mail (UCE) and bulk e-mail.

"Spam is an issue about consent, not content. Whether the UBE message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant—if the message was sent unsolicited and in bulk then the message is spam."
spamhaus.org

Spam Costs You!

Usually the Advertiser Pays

Traditionally, advertising is paid for by the advertiser. For example, it costs much more to advertise in a newspaper than it does to purchase it. Some newspapers are free to the reader, paid for by the advertiser.

You Pay For Spam

The opposite is true with spam. It is the reader that pays the most.

It is extremely cheap for the spammer to send millions of messages out. If even one person responds to this junkmail, the spammer's costs are recouped. That effectively reverses the cost/benefit ratio: the advertiser is subsidized by the reader.

Spam Costs You 30% of Your Internet Bill

To illustrate the severity of this problem one estimate placed the volume of spam at AOL (America On-Line) at 30% of total volume. The next time someone suggests that spam is no big deal or that you can just delete it, remember that you are either paying about one-third more for your Internet service or getting one-third less performance. Ouch!

That's right, you pay for spam. You pay for increased Internet fees, slower service or both. Spam creates added burdens on the Internet infrastructure that is either passed on by the ISPs to the consumer (you) or results in slower service, again impacting you.

Spam - Out of Control

The volume of spam has become so large compared to legitimate mail that it now threatens the future of e-mail. Even Microsoft has realized this and has initiated their Coordinated Spam Reduction Initiative which involves plans to:

Unfortunately, the Coordinated Spam Reduction Initiative will likely unconvenience those that send out legitimate messages to larger groups of individuals, including clubs, associations, etc.

Microsoft Antispam Technologies provides tools for those using Microsoft software.

Spam = Scam

I suggest you never do business with a company that contacts you in an inappropriate manner. If they don't have the integrity to be courteous when contacting you with their offers, what makes you think they'll be there for you when you need support or if the product they sell is defective?

The U.S. CAN-SPAM Act

If you receive spam from the U.S. that claim to be legal, quoting the U.S. CAN-SPAM Act, they are wrong!

"The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of 'non-forged' spam OK."—spamhaus.org

Unfortunately, instead of banning opt-out lists, the U.S. government merely requires that the originator is not concealed and that they provide a method to be removed from the list. This legislation clearly demonstrates a serious misunderstanding of what spam is and the unethical behaviour exhibited by corporations that practice this sort of "marketing."

"Internet companies, whose apparent 'business model' is the exploitation of consumer trust and ignorance, are sneaking their spyware systems into our machines for their own purposes."
Steve Gibson, Gibson Research Corporation

Opt-out = Spam

It is really sad that marketing companies have been allowed to spam, calling it opt-out. Shame on them!

Don't be fooled by the term opt-out. It is merely an attempt to sugar-coat spam. It's simple: never do business with a spammer, whatever they call themselves.

Don't "Opt-out"

Never "opt-out" of something you didn't opt-in for in the first place.

Few people have the time or resources to determine if the sender is legitimate or not. Responding to spam will only expose you to the thousands of spammers that do not reveal their identity or will simply pass your removal request onto their "sales" department for further propagation.

Domain Registry of Canada

If you have a domain in Canada, you'll probably receive a "Domain Name Expiration Notice" from the Domain Registry of Canada in a brown envelope designed to appear like an invoice and to appear to be CIRA (the Canadian Internet Registration Authority). They tend to show up well over six months prior to expiration—long before you normally renew your domain.

This is a scam. Do not do business with these people. Their pricing is exorbitant and they must be viewing the WHOIS information for your domain, contrary to CIRA's legal notice:

"Purposes which are prohibited shall include, but are not limited to, any activities which are unsolicited and can reasonably be viewed as harvesting WHOIS addresses (electronic or otherwise) for transmission by e-mail, telephone, facsimile, or regular mail for commercial, advertising, market research, solicitation, or any other purposes which may be reasonably viewed as intrusive to a reasonable domain name holder."
CIRA

This is not the sort of company that you want to do business with at any price!

Dealing with Spam

Anyone offering to "target market" addresses for you is offering to spam others on your behalf. The consequences can be severe. Current legislation in California can find you liable for thousands of dollars in damages if even one of your spam e-mails is sent to a location within California (or any other location with similar legislation).

These sites can help you deal with spam:

Hosted by Islandnet.com

I strongly recommend Islandnet.com for hosting your Website or e-mail account because of PEP, their sophisticated proprietary system for dealing with spam, and the multitude of services and gadgets that make hosting a site easier.

The following sites will help you to learn more about legislation in various countries:

Opting Out

The Internet and Privacy

Privacy on the Internet has become a huge issue since it is so easy to gather personal information and to share it electronically with others. Look at the various resources in the Computer Security section of the free resources area of this site for more information.

Avoid Assumed Consent

A number of very large (and not-so-large) companies made the mistake of creating pre-checked boxes beside statements like, "I would like to be notified about product updates and information of interest from our partners."

This forced people to uncheck these boxes in order not to have their name sold to other companies for distribution of sales material (a sort of "assumed-close" sales technique used on an unsuspecting public).

The Numbers Didn't Add Up

They should have realized their mistake when they received an astounding 80% assent rate (compared to as low as one response per thousand in traditional direct mail). People were not giving their consent–they were simply not reading what was beside the check box.

Consumer Protection

By pre-checking the boxes they forced the user to take action to not register. This is essentially the same thing as companies sending products to you and billing you without your consent. The assumption that you could send the products back is inadequate, and most North American jurisdictions give protection to the consumer—usually in the form of being able to keep the unordered merchandise without making any payment. Why should an electronic version be any different?

Use Opt-in Lists

If you have a Website and offer an e-mailed newsletter or other similar service, you will want to ensure that people are actually wanting your e-mail. This process is called an opt-in list.

This can take the form of a subscription option on your Website or an invitation in an e-mail response to a message originated by the other person.

Confirming Opt-ins

Even with explicit permission, you might want to confirm opt-in requests by sending a message to the new address asking them to confirm their intention to subscribe. This way you know it is a legitimate request from someone that has access to that specific address. If you receive no reply, simply remove that address from your list.

You should also include a method for people to unsubscribe to your list in the future. While you should never "unsubscribe" to lists that you didn't subscribe to in the first place, this works with lists that you've obtained permission using the methods above.

Family Lists

While it may be OK to send a single message to your whole family, you might want to check first.

Not everyone wants to receive your pictures of Uncle Joe at the birthday party for your niece, particularly if they are on a lower-speed connection such as dial-up. Everyone knows someone in the family that loves to talk. The electronic version is even more annoying, since you can't simply leave.

Marketing Lists

Never purchase a list of e-mail addresses from anyone. Rather than bring you success, this is likely to get you listed as someone with shady business practices.

Why do those marketing these lists usually forge other people's addresses (rather than using their own) if these lists are a legitimate "service to others" when making their unsolicited sales pitch to you? Simply because they only want to deal with the susceptible (gullible) respondents—those clicking on their advertising links. They'd rather that the real owners of the addresses suffer the high volume of displeased recipients of their junk.

Spammers and scammers often mask the actual destination of clickable links within their messages by making it appear to go to a legitimate address, when in fact it goes to a redirected address. When hovering over the links in a message "from your bank" (hint: legitimate banks don't warn you by e-mail that your account is suspended), look in the status bar to see the actual destination of the link. It is easy to mask the actual destination. See the examples in Phishing, below.

Return to top

Phishing—Obtaining Information by Deceit

Going on a Phishing Expedition

Phishing is a new form of spam that takes advantage of both vulnerabilities in some browsers and e-mail programs combined with people's ignorance of how the Web works.

The purpose of phishing is to obtain financial and personal information by deceit. They intend to steal your on-line identity.

Looks Can Be Deceiving

The first step in phishing is usually to set up a look-alike site that closely resembles a site that you are already using or could be using. The company's logo and other trademarked images are used to convey authenticity. This could be your bank (several have been targeted), e-Bay, or any site where you conduct business using a credit card or by entering a user name and password.

Next, an e-mail message is sent to you indicating that there is a problem with your account, or that your account will be closed unless you go to the Website and re-enter personal information, including your user name and password (or bank PIN).

Of course, this information is not going where you think it is. It is being given to thieves.

Identity Theft on the Increase

The information obtained in this manner is then used to either obtain funds from your account or to set up credit in your name. Identity theft is, unfortunately, a rapidly growing crime.

Protect Your Identity

Do not release the following personal information, since it is your identity when you conduct business on-line:

Be careful about releasing billing addresses and employment information as well. While the successful completion of many credit card transactions requires that the shipping address match the credit card's billing address, this information is not necessary for other transactions.

Identity Theft Resources

More information about identity theft and how to prevent it is found on these sites:

Abusing Transfer of Trust

The successful phishing scheme depends upon your trust for your financial institution being carried over into trust in the e-mail and the Website that is fraudulently sent to you.

The Internet Can Be Exploited

Browsers and enhanced (HTML) e-mail messages can be exploited for this purpose. Unless you understand the language (code) you are unlikely to detect this deceitful practice. Take a look at the following link and then see where it leads you (a new window opens):

www.mybank.com

Just because the link says it is pointing towards "www.mybank.com" doesn't mean that is the page which is actually linked.

If you are interested in the mechanics of this process explained in a relatively simple manner, there is more on the Cut 'N Paste HTML Editing page on this site.

Preventing Successful Phishing

There are a number of things that you can use to avoid being the victim of this type of attack:

More About Phishing

The following sites deal more with the issue of phishing.

Return to top

Copyright

Copyright and the Internet

The Internet, just like other mediums, depends upon copyright protection to ensure that content is safe. No matter how noble the intention, the Internet should never be separated from other jurisdictions in terms of copyright protection.

The Education System is Not Exempt

One major violator of this premise is the educational system. Special interest groups have proposed that we should exempt the education system from having to respect copyright, particularly when it comes to information on the Internet. Essentially, they are proposing legalized theft.

Their argument "that it is in our children's best interest" doesn't hold water. If that were true, why don't they propose to not pay teachers, janitors or other suppliers to our schools as well? Perhaps they place no value in the effort it takes to create intellectual property?

Copyright is Ownership

Copyright in its simplest terms is ownership. All text and images you find on the Internet were created by someone and the copyright is retained by the owner unless there are express indications that either the text or the images or both are public domain. It is usually best to assume that copyright exists unless you are sure that it does not.

Imagine someone cashing your pay-cheque without your permission. That is how copyright violation feels to the person whose copyrighted information is used without permission or payment.

If you wish to share your own content, using a system such as Creative Commons, be sure that other people's content on your site unless a similar willingness to share that information is clearly indicated on their site and that it is theirs to give away.

Obtaining More Information

These sites will give you a greater understanding of the issues and implications of copyright and copyright reform.

Return to top

Censorship Issues

Protecting Children v. Censorship

The U.S. Communications Decency Act and other legislation with the stated purpose of "protecting children" is censorship. That is not to say that you have to approve of the material that this legislation claims to be removing. How can you trust anyone but yourself to judge what is appropriate for yourself and your children?

Tools to Protect Children

A number of tools can help you accomplish this task:

Return to top

www.RussHarvey.bc.ca/resources/webrx.html
Updated: November 28, 2008