Spam Discussion

It's wonderful when an issue of 60-Second Windows prompts a discussion about an important issue. Beginning with "#159 NEXTEL Spams with Paper," and continuing with a rebuttal from a reader, (#159a) the discussion takes a third layer, which is important enough to stand on its own...

It has gotten a bit out of hand

This is fantastic that you've taken the time to further discuss the issues of spam. And, I'm now aware that our opinions and philosophies are really not that far apart...

 > I am fully aware as to the extent of the "spam plague," 
 > and tend to agree that it has gotten a bit out of hand. 
 > However, I believe that filing litigation against companies 
 > that harvest addresses for use in spam mail is about as 
 > effective as using Tylenol to stop a migraine. 
 > Sure, you may temporarily numb the pain long enough for 
 > the migraine to subside, but unless you discover the root 
 > of the migraine, it's only going to continue to bother you, 
 > thus making you more dependant on the Tylenol or 
 > stronger medication.

Agreed. But part of the reason for litigation is to demonstrate to legislators and law enforcement that this IS an emerging issue that laws probably can't possibly cope with .
      You see, the regulators like the FTC, as well as the politicians up on Capitol hill seem to think that new legislation is the answer. It's not. If the law breakers violate laws already in the Federal Code -- by the millions each day -- and get away with it, actually make it a profitable enterprise, then new laws undoubtedly won't stop them.
      Somehow we need to illustrate (to the legislators) in no uncertain terms that a new approach is called for. That means possibly stepping on a few toes, and surely giving up some personal freedoms. Politicians are always a little shy of 'rocking the boat' when it comes to industry. The new policies we need in place call for a "tough love" approach to ISPs and the Registrar system. We need to take back the control that President Clinton gave away back in the '90s.

much deeper then just spam mail

 > The issue stems much deeper then just spam mail. 
 > This attitude is running rampant amongst all North Americans. 
 > Why are schools so violent? Who cares?!? Just put up metal 
 > detectors and train teachers in self defense. 
 > America is grossly overweight? Tummy tuck's, liposuction, and 
 > diet pills for everyone! 
 > Depressed? Take a happy pill!

Agreed. However, for the SPAM issue, we need to reach critical mass. The spam filtering industry is thriving, and that's postponing that moment when the general population of email users says "enough." And they do something -- which I term "a catastrophic consumer backlash." What that will be, I don't know.

 > I think you can see my point here. Wired magazine (www.wired.com) 
 > recently published an interesting article regarding spam mail. 
 > The article charted the growth of spam mail vs. regular mail over 
 > the past decade, and concluded that, within a few years, spam would 
 > overtake regular mail. Of course this is very upsetting for everyone, 
 > but is the root of the problem really the people who generate 
 > the spam? Maybe, just maybe the problem stems from a much deeper 
 > issue. 
 > Heaven forbid we turn the finger around and point to ourselves.

Agreed. That's another front that has to be addressed.
      If SPAM weren't so profitable, then it would die out. Someone out there is actually buying the product, or is being lured into submitting the forms.
      We know now that a large percentage of SPAM actually doesn't intend to sell a product. It's sole purpose is to:

• Validate the person's email address so it can be sold to more lists,
• Trap the person's personal information for identity theft,
• Detect breached smtp servers as candidates for zombie code, etc.

So, we're seeing a more insidious use of email emerging which are the real criminals that must be stopped.

...the biggest culprit is ourselves

 > Maximum PC magazine (www.maximumpc.com) released a 
 > special issue months ago on spam mail. 
 > As a magazine dedicated to hard-core computer fanatics, 
 > spam is a frequent issue. An interesting point was made 
 > in a listing of ways to defend yourself from spam; don't 
 > give out your primary email address unless absolutely necessary. 
 > I understand that spam harvesters don't require you to 
 > actually enter in your email address at a particular web site 
 > in order for them to obtain your address, but I highly doubt 
 > that spam harvesters account for even a majority of the 
 > spam mail out there. 
 > I believe the biggest culprit is ourselves. 

Again, you're correct. They now employ "super cookies," and various other techniques like "Dictionary spamming" and domain replication.
      Yes, is the most important rule. However a huge segment of the email community either can't implement that rule (for various reasons) or have already been caught in the spam harvest, but cannot delete the email address.
      Besides, that will protect the individual, however bounces are ignored, and they give no notice of "bad" addresses. So the thwart on the bandwidth will continue -- and all those bounces will generate yet more bounces, and headaches for both the industry and the infrastructure. There's more at stake here than just 'hiding' from the spammers, or preventing the epidemic from getting into the individual's email box.

Evading spam, but not the problem

 > I am a lot like you. I get quite a lot of spam mail 
 > in a given day. But I am also an intelligent computer 
 > user who is very cautious about who gets what 
 > information when it comes to my email address. 
 > This email, for example, is being sent through a Hotmail address. 
 > The very same Hotmail address that I use whenever I sign up 
 > for anything online. This ensures that the majority of spam 
 > I receive is sent to an email address that I really could care 
 > less about. My primary address is kept secret from all 
 > except my closest friends. To date, I have received one spam 
 > mail to that address in the 8 months that I have had it active. 

Another good method of evading SPAM. However Hotmail, and the others like it are a major part of the problem. In the late '90s, when the industry was desperately reaching for anything that would generate web-based revenue and keep the dot-coms afloat, "FREE" email and web hosting became a big trend. It was that very situation that allowed the SPAM industry to explode and prosper. Any time you could have a new, unverified, unauthenticated method of electronic purveyance, you had no accountability. So you could sell anything, email anyone, commit as many crimes as you could dream up -- ALL without any recourse, or accountability for your actions.
      If the ISPs would just eliminate the anonymous accounts and open relays, that would end about 60% of criminal email activity immediately. Few child pornographers, charge card forgers, financial scam artists, and fraud con artists leave their address and phone number where they can be reached.

 > Consumers and computer users in general need to be 
 > less ignorant and more aware. 

Absolutely.

 > Don't freely offer your email address unless you 
 > expect to get emails sent to it. 

Absolutely. And, that goes for charge card numbers, mailing addresses, social security numbers, and even phone numbers.
      Or, have a "scrap" email address (like AOL, or Hotmail) that you can provide, to "test" the sender's intentions.
      However, remember that the original intent of email to a large population in industry and commerce was "contact."
      The promise of electronic communications is a wonderful and powerful BENEFIT for industry, institutions, government, and commerce. They can't simply drop their published email accounts and "hide" from the rest of the world. That defeats the whole purpose of email in the first place. That's the biggest problem as cited by the FTC. "It's too good, and too important to let the criminals drive us into hiding."

Lessons from the past

 > You'd think people would learn lessons from past 
 > experiences with telemarketing phone calls and 
 > regular snail mail. 
 > Do I see a point in your litigation efforts? Yes. 
 > Do I believe you will affect any sort of long term, 
 > or short term, changes? no. 
 > Let's stop putting metal detectors at the entrances 
 > of our schools. 

You are SO right on!

 > Think back to a period in the Internet before spam was 
 > a huge issue. What has changed since then? 
 > Spammers are still using the same techniques to 
 > obtain our information for emails as they have for 
 > years with telemarketing and with junk mail, the 
 > only difference is, it's easier to click 'Send' 
 > then it is to lick a stamp.

Exactly right. AND, they know they can get away with it because there is NO morals in place to do the right thing, and NO accountability for their deeds so long as they are freely allowed to get away with it.
      What happens when the pedophile hands a child a porno magazine on the school playground? What happens when bars openly sell alcohol to minors? What happens when the con artist sells the elderly a fraudulent or non existent piece of property in Florida?

We gave them what they need...

If they do it via email, they get away with it because

• They didn't have to authenticate their online account
• They can have accounts all over the world with forged identities and addresses
• They can host web sites all over the world with forged identities and addresses
• They can send millions of emails a day through foreign open relays, and unsecured proxies (6,000 new ones appearing every day)
• They can forge and/or falsify identities in the Whois
• They can program robots forge "free" email accounts, send spam then close those accounts
• They can process charge cards, through forged merchant accounts, then close the account and disappear
• They can redirect online forms, and shroud them in code as to make them invisible to a paper trail
• They can launder the proceeds through off-shore accounts
• AND... they can do all the above by the millions so that the mere scope of the crime defies law enforcement

Yes, you're right: we did it to ourselves for allowing this to continue.

Where to from here?

The industry gave them the tools and the capability to do all this.
Guess what? The industry has the power to cure the problem. If they would.
That's the challenge.
 

We have to bring the internet technologies industry to the point where their very existence depends of cleaning up their act, and running an efficient, clean operation -- or face extinction. There's no other solution.
 

If we could just get AOL, MSN, EarthLink, Juno, and a half dozen of the big players in the ISP industry to adopt and fiercely administrate the "Anti-UBE Initiative" you would see 90% of the spam evaporate. All the rest would either continue to spam each other, or fade from the email boxes of US Citizens.
 

Thank you very much for your comments, input, and most importantly for getting me energized to respond and expand.
 

With kind regards, thanks for reading...

Please also read: #158 Email problems getting SoBig which also sheds light on real cause for concern about spam.

Got comments?