|Site Menu: About Me Resume (C.V.) Quotations Anti-SPAM|
If you are like the majority of Internet users, you are frustrated, or maybe even directly financially impacted by the proliferation of SPAM on the Internet (SPAM costs everyone indirectly). Well, this page is dedicated to explaining not only what SPAM is, but also why it may be hurting you, even if you don't mind it, and what you can do to combat it.
SPAM is any unsolicited email sent to you to try to entice you to purchase something or take part in some activity. In most cases SPAM falls into one of four categories:
SPAM got it's name from a Monty Python comedy sketch. For those too young to know, or those that lived under a rock for the last forty years, Monty Python was (is?) a British comedy troupe famous for a television series, several movies, and numerous recordings. In one of their comedy routines, the audio track was repeatedly overwhelmed by a men's choir singing the name SPAM (a canned pork sandwich meat) over and over and over again. When unsolicited email began to become a problem, someone decided the repeating nature of SPAM reminded them of the Monty Python sketch, hence unsolicited email acquired the name SPAM.
Basically, this is just an electronic version of the junk mail that gets stuffed into your mailbox. It is similar in many ways to the junk faxes that proliferated a few years ago before they were outlawed in the US (and maybe elsewhere as well, I know I still often receive junk faxes here in Canada), but they are easier to send, harder to stop, and cost everyone (except the perpetrator) much more (see below). Most bulk advertising SPAM is sent by small companies on a limited budget, but some of the worst SPAMmers are huge organizations sending millions of SPAM messages per day. Probably the most notorious of these is Sanford Wallace, whose company 'CyberPromotions' has been the subject of many lawsuits (Note: I just read that Sanford Wallace has 'reformed' and sworn off using SPAM... we'll see!). Most of these companies jump from one Internet service provider to another as their accounts are terminated because of their SPAMming activities.
UPDATE! On May 10th, 1998, Bigfoot announced a court victory against Sanford Wallace. CyberPromotions, Sanford Wallace, and all clients of CyberPromotions are now prohibited from sending any unsolicited email to customers of Bigfoot. They are also prohibited from placing the Bigfoot domain in the headers of any SPAM sent. Since Bigfoot's email redirection service is a useful weapon against SPAM (see below), this is welcome news.
UPDATE-UPDATE! Well, it is now ten years after that previous update was written, and it seems our old friend Sanford wasn't being entirely truthful about getting out of the SPAM business. The US District Court for the Central District of California made a default judgment (because the accused didn't show up) in early May of 2008 against Sanford Wallace and Walter Rines for using MySpace to send more than 700,000 spam messages to users of the popular social networking service. The result is $234 million in damages for MySpace (the highest award ever to date)... assuming, of course, that Wallace and Rines can be tracked down and forced to pay up.
This is similar to normal bulk advertising except that the solicitations are intended to defraud anyone foolish enough to take them up on the offer. The pitch typically relies on the greed of the recipient, though the less gullible would usually recognize the promise as too good to be true. Typical examples are phoney stock market recommendations, big-money/no-effort business "plans", and online "confidence schemes", such as the Nigerian.Advance Fee Fraud (4-1-9). More than just SPAM, the key word here is SCAM.
Another variation on bulk advertising, this has some additional considerations beyond normal non-sexual SPAM. Since email addresses are collected at random, usually by automated SPAMbots, the recipient of these often explicit ads can be anyone, including children. Usually these ads contain a clickable WWW address, making it easy for those children to find sexually explicit sites. Due to their overt sexual nature, this type of SPAM is often offensive even to those who don't otherwise mind SPAM.
Again, this type of SPAM is an electronic variation on a real-world theme. Chain letters, electronic or otherwise, are a type of scam known as a pyramid scheme, similar to a Ponzi scheme, except the participants know from the outset that the only thing changing hands is the money obtained from recruitment. In a Ponzi scheme (named after Charles Ponzi) the investors believe they are investing in some real property or project. For more information on pyramid and Ponzi scams check out this US Postal Service pyramid scam alert.
NOTE: do not confuse pyramid scams with legitimate MLM companies such as Amway, Quixtar, Mary Kay, or Avon, etc. Many blatant email pyramid schemes try to convince the reader that they are an MLM business instead by offering some worthless product or information as a smokescreen. The classic example is the 4-letter scam where to reader is asked to send a sum of money to each of four individuals on a list, supposedly to purchase a different valuable business tutorial from each. These documents are actually worthless drivel purporting to teach you how to reap big profits from the Internet, but which actually instruct the hapless dupe on how to repeat this ancient scam for their own benefit. The kicker that clearly flags this as a chain-letter scam is that after sending the four cheques, the reader is supposed to remove the name on the top of the list, add their own to the bottom, and continue the cycle by sending the new list out to all their friends. Make no mistake, despite the "valuable" merchandise being offered, this is an illegal chain letter scam. In a flabbergasting display of sheer audacity, almost every example of the 4-letter scam I've seen has a paragraph claiming that the program has been reviewed by the FTC and declared legal, even going so far as to refer to a paragraph and subsection in a Federal Trade Commission document as supposed proof. Amazingly, if the reader took the time to look this reference up they would find that the specified clause clearly defines the solicitation as illegal. The perpetrator relies on important sounding prose and the laziness of the gullible to create a false aura of authenticity. Arguably, by pointing the reader to a clear declaration of the illegality of the program being promoted the culprits might be somewhat protected from legal liability by claiming that the recipient had been warned from the outset.
For information on the legal differences between a pyramid scam and a legitimate MLM company see this MLM Law Library page.
Quite simply because it is by far the cheapest way to get your advertising message out to a huge number of people. Except for the nominal cost of an account with a service provider, all the remainder of the cost of distribution of the message is borne by the Internet community as a whole, and by the recipient of the message. By comparison, imagine that every piece of junk mail that was delivered by your mailman had a COD charge of a few cents to cover the postage. This transfer of the cost of advertising from the sender to the recipient makes SPAM irresistibly attractive to the less than scrupulous in the business world. The other reason, and this is a compelling one, is that it WORKS! Despicable as it is, when you send ten thousand messages to the general public, even totally at random, at least a few people will respond with an order. Personally, I would like to slap these people "up-side-of-the-head", but they are out there, and as long as they are, we will have SPAM.
Isn't SPAM really harmless? I mean, can't you just delete it from your mailbox if you don't want to read it? Well, actually no, SPAM is an immense drain on the resources of the entire Internet community, both in time and money. Here are some of the ways that SPAM costs us all:
SPAMmers use something called a SPAMbot to collect email addresses from the Internet automatically. A SPAMbot is a program similar to the ones used by the Internet search engines such as Lycos and AltaVista to collect information on Web pages. By searching for any sequence of letters that conforms to the layout of an email address (firstname.lastname@example.org), SPAMbots compile huge databases of unqualified addresses that are later fed to the programs that actually do the SPAMming. These addresses are unqualified because they may or may not be valid or active, but as I'll describe in the section on combatting SPAM, you may be tricked into inadvertently confirming a valid address. Even if they are not confirmed, an address picked up by a SPAMbot may still be valid so it will be used anyway. Here are some of the places the SPAMbots look for your address, and other ways SPAMmers can find you:
FrontBridge, an E-mail protection vendor, evaluated hundreds of millions of SPAM messages and identified the top 10 ways that SPAMmers obtain or guess your address:
There ARE effective ways to minimize the impact of SPAM on your life:
If you are like I was, your email address may have already fallen into the hands of SPAMmers. When I decided to take action against SPAM my email address was already in wide circulation amongst the SPAM companies, and I was receiving 5-20 pieces of SPAM mail each day. If you are in this boat, here's what you can do:
After changing my physical address, and by following the guidelines above, I received NO SPAM mail for over a year, and minimal amounts for several more years. Try it, it really works! (for a while anyway - repeat as needed)
Many people react to SPAM in anger, and the most obvious target of that anger is the email address in the "sender" or "return to" field of the SPAM message. Unfortunately this is probably the worst response to SPAM, since you are almost guaranteed to harm an innocent party. SPAM is almost always camouflaged with a fake return address. Supplying a fake address is simple, and even neophyte SPAMmers use this trick. Although these false addresses are often just alpha-numeric sequences randomly generated by the SPAM software the perpetrator is using, tacked on to a real or fake domain name, sometimes they are real addresses of unsuspecting computer users. When you respond to SPAM by "mailbombing" the return address, you are not hurting the offender at all, but you may be jumping all over an innocent bystander and/or his service provider.
Also, it is likely that even the source domain name for the SPAMmer is counterfeit, so "denial of service" attacks against what seems to be the SPAMmers ISP are likewise more likely to harm an innocent than to have any effect on the perpetrator.
If you are determined to find the true source of junk email, you will need an email reader that allows you to see all the mail servers that have passed the SPAM from the source to your mailbox. Find the first two servers the mail passed through, and send a copy of the SPAM to the postmaster and abuse mailboxes on those servers. Include a blurb just before the body of the SPAM text, explaining how the SPAM was received and what you expect the ISP to do about it. Here's an example of text I sent to two ISP's when I received the same piece of SPAM repeatedly over the course of a week via an email mailing list:
The following unsolicited email marketing has been sent to the PICLIST mailing list four times in the last week. The PICLIST is a technical roundtable mailing list focusing on microcontroller hardware and software. This advertising has no place in this venue.
There is no guarantee that this will have any effect on the evil SPAMmer, but better that than to make life miserable for an Internet user that doesn't deserve it. By the way, the product being advertised by the SPAM that prompted this notice to the ISP's was a new type of SPAMming software robot that would walk the tree from any Web page you gave it, gathering any email addresses it found on those pages into a database. These addresses could be used later by the same program to send out bulk unsolicited advertising. The idea was to get higher quality addresses by starting your search on a Web page catering to the kind of customer you were hoping to lure. Meta-SPAM... SPAM being used to advertise a tool to create SPAM!
Since I originally posted this page the SPAMmers have become much more sophisticated. The cleverest trick I've seen so far is to send the SPAM to a known bad email address on a known good mail server. The stroke of evil genius here is that they doctor the email to look like it came from you, then when the mail server rejects the SPAM it gets sent back to you, not the originator. This is a difficult ploy to counter, you normally won't block returned messages since you want to know when your legitimate mail doesn't get where you want it to. Even worse, a message that reaches you mailbox this way will normally have had all the message headers removed, which makes it nearly impossible to trace the SPAM back to the perpetrator (see Reporting SPAM below).
Another popular trick these days is to start the solicitation by claiming the email was sent to you in response to a form you filled out on a website, or in some other way initiated by you. Just today I got one claiming that I had played online blackjack with the person on the Yahoo gaming site, and trying to convince me to try out a new online casino. Not only have I NEVER played blackjack, or gambled in way on the internet, I didn't even know Yahoo had a game site (maybe they don't, I didn't check). In most cases you will never have even heard of. the bogus web page or service they are claiming you visited. But you will probably look at the message a little longer and harder than you otherwise would have, and that might be enough to pique your interest in the "product" or "service" they are hawking.
A recent deception I've seen is to send you an innocent looking message, usually only a few lines long, thanking you for a file you sent, a business lunch you bought for them, or some other help you provided them with. Of course you don't even vaguely recognize the senders name. This message is not SPAM in the traditional sense, it doesn't fall into any of the four categories listed above in What is 'SPAM'?, but it's insidious nonetheless. When you, as a good-Samaritan, send back a helpful note telling the sender that their thanks have been sent to you by mistake, you confirm your email address is not only active, but "live", with a real breathing person behind it. If you reply to this type of message, expect to be deluged with fresh SPAM in the near future.
ZDNet is also reporting that some especially devious culprits are now making SPAM look like it came from a trusted source, such as the System Administrator at your office. An innocent message, such as "Your mailbox is over its size limit" invites you to click on a link to fix the problem, but of course you are taken to a sexually explicit site instead.
No matter how hard you try, it is unlikely you'll be able to eliminate SPAM entirely. When it shows up you can report it to a couple of different places. These are North Americans links since that is where I live and they are the only places I know of. If anyone wants to let me know of any other place to report SPAM, including internationally, I will include them here.
SPAM (fraudulent or just annoying) can be forwarded to the Federal Trade Commission in the USA. In Canada fraudulent SPAM (such as chain letters or investment scams) can be forwarded to PhoneBusters. In either case it helps if you copy all the headers in the email into the body of the message since this is the info the authorities will use to track down the offenders. I won't give details of how to display these headers since it varies depending on the mail client you use so check the manual or help file. Even if you don't live in Canada or USA you can still forward SPAM to these addresses if you think it originated in those countries.
One type of scam is so widespread that PhoneBusters has dedicated an email address solely for reporting it. Sometimes known as the the Nigerian, or Advanced Fee Letter Fraud, regardless of the country of origin the common thread is that an individual claims to be trying to move a large sum of money to North America from a repressive or violence torn African country. The most recent one I have received claimed to be from the son of a white farmer from Zimbabwe murdered by Robert Mugabe's land-reform thugs. They promise a substantial fee to you if you will act as an intermediary, but the sting is that if you reply with interest they will request a "good faith deposit" or processing fee from you before any funds can be transferred to your account. Of course, your deposit will never be seen again, nor will any funds ever be transmitted to you. Rather than the regular PhoneBusters address send a copy of this type of SPAM to their West African Letter Scam line.