News & Features » News

Spammed if you do. Spammed if you don't.

by


During the research and writing of this piece I received an average of 69 spam e-mails per day. Do you know just how low an interest rate you can get? Care to help the Nigerian Empress Ndugndugndug smuggle $500 million out of Africa? Are you in dire need of a truly unstoppable penis?

If you're like most of us, you probably recognize these familiar queries as spam, or unsolicited bulk e-mail.

"It's commonly believed," says Steve VanDevender, a university systems administrator, "that there's about as much spam now as legitimate e-mail. And signs indicate that it's just going to get worse."

I don't know if "TEEN BARNYARD SEX" can get any worse. What's happening with the spam problem? What can you do to make your inbox more friendly? What'll happen if my wife takes Viagra? Read on for answers to not all of these questions.

Spammers vs. anti-spammers

You're not the only one who wishes a violent end to e-mails featuring subject headings such as "MAKE MONEY FAST" or "MASSIVE BLACK COCKS." You'll be glad to know there are others, with more techie knowledge than you can possibly imagine, who fight the good fight against the terror of unsolicited e-mail.

Spamhaus (www.spamhaus.org) may be one of the world's leading anti-spam warriors. An organization dedicated to tracking and cataloging Internet

addresses of career spammers, Spamhaus notes on its site, "90 percent of spam received by Internet users in North America and Europe is sent by a group of under 200 hard-core spam outfits." Almost all of them, claims Spamhaus, are "blacklisted" on their site, allowing Internet providers, such as UO or EFN, to freely access the Spamhaus list. Then providers can filter out messages originating from the worst spam-associated locations.

But career spammers are continually finding new ways to exploit the Internet. "It's not a technical problem," says EFN System Administrator Patrick Wade. "It's a social problem. We can get technical and try to find out where spams are coming from, but then spammers work hard to get around what we come up with. It's a cycle. For example, proxies used to not be a problem."

Proxies are programs used by spammers to hide their tracks. Valuable to companies that use more than one computer on a network, proxies, if set up improperly, can become hidden treasure

to the ever web-scouring tech-savvy spammer. Spammers use web-crawling programs, sometimes called spiders, to search the 'net for proxies. When a spider program tells a spammer it has found an unguarded proxy, off go millions of e-mails, and the spammer's identity is concealed.

When anti-spam organizations fight back by publishing known spam origins, spammers return the blows, legal style. Take for example the April 2003 lawsuit (spamhaus.org/legal/answer-03-80295.html) filed against Spamhaus by Mark Felstein of EMarketersAmerica.org in Boca Raton, Fla. (Florida is one of 24 states where spam is still legal.)

Felstein claims that Spamhaus' activity threatens EMarketersAmerica's existence through the posting and trade of libelous information (their black list), sale of products which block EMarketers transmissions, "interrupting the flow of interstate commerce and international commerce" and a direct attack upon EMarketers-America.org. However, Spamhaus asserts that not only had it never heard of EMarketersAmerica before the suit, but that the corporation was formed only four weeks prior to the suit for the express purpose of filing it. Spamhaus adds that it sells no product or information whatsoever, that users may freely access Spamhaus' list of servers in order to block entry of spam transmissions onto their own private computers and that Felstein also happens to be the sole proprietor of EMarketersAmerica as well as the personal lawyer of Eddy Marin, "America's top spammer." (See sidebar.)

The cast and characters are serious, and it seems they're dedicated to battling it out. In a previous e-mail response to Felstein's impending lawsuit, Spamhaus wrote "`l`et me know when you'll be coming over to London to file a real lawsuit under UK law, until then you spammers simply spin on my forefinger."

At this time, a temporary restraining order request by EMarketersAmerica to prohibit Spamhaus from continuing its activities has been denied.

Legislative action

Pressure is building in Congress and the Federal Trade Commission (California-based Ferris Research says in 2002 spam cost U.S. corporations $8.9 billion and U.S. Internet Service Providers $500 million in lost time and productivity) from both vehement anti-spam groups as well as fervent marketing, retailing and Internet provider industries. It won't be long before spam will crawl back in the can or flip its lid wide open. There are several ways it could fall, and opinions vary widely.

Opt-in or opt-out?

One version of legislation pushed by marketing, retailing and Internet pro-vider industries protects the rights of "legitimate" marketers to advertise by e-mail unless consumers specifically "opt-out."

New federal bills, pushed by Republi-cans Richard Burr (The Reduction in Distribution of Spam Act of 2003) and Heather Wilson (The Anti-Spam Act of 2003) contain provisions requiring advertisers to honor consumers' requests to be removed from specific e-mail lists. Can you imagine responding to all the spam you receive, asking to be taken off each list? "Unsubscribing is almost always useless," said EFN's Wade, "because that tells the spammers it's a real address. Even if they do take you off, which isn't always the case, they can sell your 'live' address to someone else." The concept of "opt-out" makes anti-spam groups want to gag.

Ray Everett-Church, counsel for CAUCE (Coalition Against Unsolicited Commercial E-mail), expres-sing the sentiment that any legitimization of unsolicited bulk e-mail is a step in the wrong direction, said of the two bills, "They're both equally ineffectual. It's like two flavors of Swiss cheese."

For those who like cheddar, the flip-side is the "opt-in" approach, favored by anti-spam organizations such as Spamhaus and CAUCE. So far there's nothing to represent "opt-in" in federal or state legislative processes. It's the idea that everyone has the undeniable right to receive only that which they wish to receive. The "opt-in" concept sets a precedent that spam will not be allowed unless someone goes through the trouble of signing up for it.

E-marketing businesses would remain, but in order to receive a marketing e-mail, an individual would have to sign up their Internet address with a particular group or company, be sent a reply e-mail asking if their sign-up was intentional, send a confirmation to that reply, and the previous "spammers" would then and only then find themselves in the realm of "legitimate Internet marketing."

Of course, to the e-marketers who currently send out 100 million e-mails a day, who use the argument that some individuals do reply to their electronic deluge, that solution smells like limburger.

Do-not-e-mail registries

Borrowing steam from the recent enactment of a federal Do-Not-Call List (10 million sign-ups in the first four days), state and federal legislation has popped up in a similar effort to taper unsolicited e-mail. The idea is that individuals would pay to be on a do-not-e-mail list and all e-marketers would be required to check the list, being prohibited by fines of up to $25,000 from e-mailing people on it.

U.S. Senator Charles Schumer's bill, SB1231, to initiate a national No-Spam Registry has been read twice and referred to the Committee on Commerce, Science and Transportation, but appears to have only one co-sponsor and has seen little action since June 6, according to the U.S. Senate website, as compared to federal "opt-out" resolutions such as Rep. Richard Burr's bill HR2214 with 33 co-sponsors and activity in the House as recent as July 8.

While a do-not-e-mail registry sounds attractive, anti-spam experts fear it could be a disaster. First, one reason that do-not-call registries seem to work is that most solicitation calls are made from inside the country. Abusers are and will be easier to track and prosecute. Some say that the great majority of spam is already shuttled offshore before it comes back in, through unsecured, trail-obscuring proxies. Secondly, a do-not-e-mail registry would consist of a list of e-mails. A big, fat, juicy, long list.

As to whether a spammer would use the list, well, the answer is yes, but perhaps not for the reason you think. "They're never going to follow the rules," said VanDevender, the systems administrator. "There are spammers out there who have several millions of dollars worth of legal judgments against them, which they'll probably never pay, and they're still blasting away millions of spams a day. For some of them spamming is almost a sociopathic outlet. It's very hard to prove where a spam came from, and they'll get e-mail addresses any way they can. The list," he said ironically, "would be a prize."

Do's and don'ts

DO: Use "plus addressing" (offered at EFN) if you care about who's giving out your e-mail address. Here's how it works: Get an account, with an e-mail of, for example, nospam@efn.org. What's different with plus addressing is that nospam1, nospam2, nospam3 and so on will also be sent to you, only they'll each come into individually labeled folders. Next, when you sign up for a Victoria's Secret credit card and they ask for your e-mail, you give them one of those plus addresses, such as nospam14. If you ever get a spam e-mail sent to the nospam14 folder, you know which organization sold or shared your e-mail, and therefore where not to buy your panties.

DON'T: Register software or other products, or buy products that require you to enter your e-mail, without reading the fine print. Many of these companies put you on mailing lists, which theoretically could circulate forever. Send your e-mail address at your own spam peril.

DO: Check the address of incoming e-mail. Some e-mail from sites that look just like eBay or Penpal may ask you to re-enter your account or credit-card information because they misplaced it. You might notice that the return address isn't www.penpal.com but something nearly identical, like www.penpaI.com. A general ground rule is that once you've entered personal information, a company is never supposed to ask you for it again.

DON'T: Reply to spam e-mails. If you do, some spammers will know they have a "live" one and keep spamming, as well as sell or share your e-mail address.

DO: Use spam filters built into your mail program. Outlook Express, for example, has filters to keep out all e-mails containing certain words. If you get a lot of spam, go to the "Tools" menu, pull down to "Junk Mail Filter" and raise the "sensitivity" of your filter. If you're afraid certain messages won't get through, add desired incoming addresses to your address book, and they'll make it to your inbox. Outlook Express also provides you with a box to enter domain names, such as "Excite," or "Hotmail," so that all e-mails originating from those domains are allowed passage (Pull down the "Tools" menu and select "Rules.")

DON'T: Publish your e-mail on the web as a hot link. Each time you do gives web-crawling programs that much more of a chance to find your address.

DO: Use this great timesaver: When you come to work in the morning, or whenever you've got a loaded inbox, select or highlight ALL the e-mails in your inbox. Then, instead or going through and eliminating spam one at a time, use the "Apple" key (on PCs it's the "control" key) and the mouse to de-select just the legitimate e-mails. When you've selected all the good e-mails, hit "delete"and the spam will disappear all at once. At work this cut my daily spam time down from a half-hour to about five minutes.

Ben Fogelson lives in Oregon and writes for the Eugene Weekly.


comment

Tags