TECHNOLOGY - Green eggs and spam
Spamming is the curse of email - so much so that some businesses have gone to great lengths to try and stop it.
One man's meat is another man's poison. At least, it is if the meatve gone to great lengths to try and stop it. in question is spam, or unsolicited commercial email (UCE). Named after the infamous Monty Python sketch - where tinned luncheon meat is forced down the throats of unwilling cafe patrons - spam, say industry pundits, is threatening to strangle the internet, making email unusable and newsgroups unworkable.
Spammers promoting their own services boast they can send two million spam messages at a time. AOL rejects up to a million spams a day, but still receives thousands of complaints every day from disgruntled subscribers about those that slip through the net. British ISPs such as CIX and Demon Internet estimate that between five and 10 per cent of incoming internet email is spam.
On Usenet, some commentators claim that up to 80 per cent of traffic consists of either spam or antispam - messages aimed at cancelling spam before it can be delivered.
Some users have found that the pink squidgy stuff accounts for up to 99 per cent of their mailbox and people who subscribe to several newsgroups find they have to read the same spam message in every one.
The objections go beyond wounded pride. Unlike paper junk mail, where the sender pays the cost of printing and postage, the cost of downloading spam is borne by the recipient, in phone bills, ISP charges and wasted time. 'It's like trying to read a newspaper while someone sits beside you shouting out the advertisements, then bills you for their time,' complains one spam victim.
And, although some of the content is merely infantile, or promotes ludicrous get-rich-quick and pyramid-selling schemes, some is pornographic, or worse.
'My wife uses my PC, my son will soon. How do I explain that the message "here's the info you asked for regarding teen sluts " was not really requested by me?' asks another spam victim.
Spam is essentially different from other direct marketing media like post, phone and fax, in that it costs the spammers virtually nothing to send, so they can send millions of copies to completely inappropriate recipients.
'Paper direct marketing needs quite a high response rate to be effective,' explains Martin Bartle, PR manager of the Direct Marketing Association.
'Email only needs one customer to respond and the sender has made a profit.'
But observers say spamming has reached its peak and the signs are that the tide is beginning to turn.
Cyber Promotions, the high priest of the spamming fraternity, was rendered impotent last year when its ISP pulled the plug on operations. Some ISPs say they could actually see the drop in email volumes once the company was off the air. In March, Cyber Promotions reportedly agreed to pay $2 million compensation to US ISP EarthLink, which won an injunction last year ordering Cyber Promotions not to send UCE to EarthLink's subscribers, use EarthLink's servers to relay it to other recipients, or fake EarthLink addresses in message headers.
Pressure for legislation against spam is growing on both sides of the Atlantic. In March, Washington became the first US state to pass an antispamming law. It will come into operation in June, making it illegal to hide the point of origin of a message, mask the transmission path, or put misleading information in the subject line. A dozen other states, including California, are said to be considering similar bans.
However, the international nature of the Net means that legislation can only ever be a partial solution, so it will be up to individual users (see box, page 30) and ISPs to put the stoppers on spam.
ISPs and their customers are divided on the merits of blocking emails from known spammers. When CIX polled its members, 93 per cent said they wanted this done, and many report a significant reduction in spam as a result. In a similar poll, Demon found its subscribers did not want blocking, so the company has not implemented it.
B ut there is more agreement on the responsibility of ISPs to police their own networks. 'It's important for ISPs to have acceptable policies for dealing with their own subscribers sending UCE,' says Demon corporate communications manager James Gardiner. 'One of the most effective measures is to close the places the spammers use. It's essential that ISPs and other organisations with permanent connections switch off open relay.'
Open relay is the feature by which third-party servers pass on messages for users of other internet hosts. This can be misused by spammers, who send messages with hidden carbon copy commands. This means the open relay server sends out hundreds or thousands of copies, which have caused delays of up to 15 hours to legitimate users of the server. Modern server software allows this loophole to be closed, and ISPs are under increasing pressure to implement this, as Demon and CIX have already done.
There are several other things ISPs can do. Return addresses can easily be checked for fakes, such as [email protected] (a favourite spammers' address) or anything '.junk'. Even sophisticated fakes and false trails can be deciphered by an expert, especially since, although an email address can be faked, IP numbers cannot. 'I've yet to receive a spam I couldn't prove the source of,' says Rob Lee, CIX chief antispammer. 'In cyberspace, there's nowhere to hide.'
More ISPs are taking a responsible attitude to preventing their own subscribers acting as spammers, not least because of the cost to them in machine resources of sending thousands of messages, many of which may be undelivered and bounced back.
Many have policies on acceptable usage within email and Usenet accounts as well as in Websites to prevent people using spam to advertise a Website which the ISP hosts. Subscribers who transgress have their accounts closed down. Some ISPs also monitor subscribers' mail activity, and may investigate if someone starts sending large volumes of mail.
To counter this, many spammers use free accounts, of the 'one month's free trial' variety, opening another when the first is closed down. This is one reason why spam volumes tend to rise at the weekend, because the spammers believe there are fewer operators on duty at the ISP which might notice what is going on.
As a result, there is pressure on ISPs to perform closer checks on people who take out free accounts, such as cross-checking credit card numbers correspond to the user's name and address, or limiting the size and number of messages which can be sent from free accounts.
The other nail in the spammers' coffin will be the attitude of legitimate businesses towards the medium.
Experienced direct marketeers are steering clear of it for fear of attracting bad publicity and putting off potential customers (see box, page 33).
This leaves the inexperienced and naive. Some try spamming from their own email addresses, quoting real switchboard numbers or postal addresses, but they are soon discouraged by the resulting storm of protest.
The alternative is specialist spam software, with email address lists and features for disguising the point of origin, which sells for about $500.
This is advertised in glowing terms, often using spam itself. 'A lot of the spam business actually consists of spammers promoting their own services,' says Steve Harris, the author of antispam software Spamicide and Spam Hater.
He warns legitimate businesses not to be taken in because of the risk of adverse publicity and alienating customers.
The real irony of the spam business is that most of its perpetrators may be as much victims of the spam merchants as those who receive it, having been duped into paying good money for a product which delivers no business benefit.
'The best way to combat spam is through educating people that it's not going to work,' says Lee. 'There's been a significant drop in the number of legitimate companies sending out spams. I think it will begin to die down as people realise that it's not a good thing to do.'
HOW TO ENSURE A SPAM-FREE DIET
Fed up with eating spam, spam, and more spam? Here's how users can ensure a spam-free diet.
Be careful where you publish your email address. Spammers use crawler programs which Hoover up email addresses from the Web and newsgroups, so the more often your address appears, the more spam you are likely to get (spammers don't de-duplicate their lists, and people often find they receive the same spam several times).
If you do want to leave your email address, disguise it in a way which will be understood by other Net users, but not by the spam robots. A common method is to change 'xyz.co.uk.' to, 'xyz.co. putukhere', or to leave spaces between the elements of the address.
You may need to tweak your browser or newsreader software to prevent it leaving your full email address, for example when posting to newsgroups.
Don't register with an online email directory until you have checked it doesn't publish its lists on an open Website where the spam robots could find it.
If your ISP offers several email addresses on the same account, you could keep your personal and business addresses private, giving them only to named individuals, and use another one for postings to newsgroups. If this address gets infected by spam, you can simply stop reading all mails sent to it.
Don't reply to the spammers and ask to be removed from their mailing lists even if they invite you to do so; it only proves your address is still active, and you will get more spam as a result. 'We've found that many people who receive a lot of spam are those who have asked to be removed from spam lists,' says a representative of CIX. Demon lets users bounce messages back to the spammers pretending they have not been read, which could fool them into thinking the address is no longer used.
If you start receiving a lot of spam, it may be necessary to take evasive action. Mail software, especially if based on SMTP, can be tweaked to reject carbon-copied emails not addressed directly to you, or to dump suspect-looking mails in a separate folder; these could include anything addressed to 'friend@public. com', and anything with asterisks in the subject line.
For users who want more sophisticated filters, there are antispam software packages like Spamicide, which costs #30 from Net Services (www.cix.co.uk/\~net-services/spam/); Spam Exterminator, $28 from Unisyn Software (www.unisyn.com); or Spam Attack Pro, $30 from Softwiz Software (www.softwiz.com/html).
These can filter out mail from known spam sites, and mail with forged headers and incorrect time-stamps. A shareware program from Net Services called Spam Hater produces letters of complaint to ISPs and to spammers if possible, using the address information from the message header.
Finally, be sure to complain to the spammer's host ISP and to any ISPs whose servers have been parasitised to relay copies of the spam. These should be addressed to 'abuse@' and 'postmaster@' the domain name from which the spam was sent, and should contain a copy of the header from the spam message.
Many spammers disguise their addresses, so complaints should be worded carefully (for example, using expressions like 'your network appears to be being used for spamming'). But an increasing number of ISPs are keen to throw spammers off their systems, not least because of the cost in wasted server resources.
THE SPAM SOLUTION
Is all unsolicited email a waste of everyone's time and resources, or could the internet be used for legitimate direct marketing? The UK's Direct Marketing Association (DMA) believes it could, but only if its use is strictly controlled.
'The problem for us is that email is a valuable medium for our members and consumers, and those who misuse it are spoiling it,' says Martin Bartle, PR manager of DMA. He adds that most reputable businesses which use conventional direct mail and telephone selling techniques are scared to use email, for fear of being tarred with the spam brush.
In January, the DMA planned to launch an Email Preference Service, similar to its successful Mailing Preference Service. This allows individuals to opt out of receiving mailshots from direct marketeers which subscribe to the scheme. But it realised that spammers would ignore a voluntary scheme, especially since most operate from the US and are breaking existing data protection legislation anyway.
Instead, the DMA wants to devise a quality control scheme for direct email, which it hopes to launch early next year. Messages from reputable businesses would be allowed to use a DMA 'seal of approval', and be clearly identified as marketing material, making them easy to identify and delete.
This would not necessarily increase the volume of direct email, says the DMA. Scatter-gun direct mailing by reputable businesses is unlikely to be commercially effective. It is more likely that businesses will compile their mailing lists from existing customers, or people who have visited their Website and asked for information.