Spam — Electronic Junk Mail

You Pay for Spam | Dealing with Spam | Email Headers | Ethical Net Commerce

What is Spam?

If you've been on the Internet even for a short time, you know about the unwelcome junk messages that pile into your in-box daily. That is spam.

Simply put, spam is electronic junk mail.

More precisely, spam is the spreading of a single message to a large number of email addresses, posting on an inappropriate newsgroup, or cross-posting a message to (typically) more than three newsgroups.

Other terms for spam are Unsolicited Commercial Email (UCE) and bulk email.

Spam is an issue about consent, not content. Whether the UBE message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant — if the message was sent unsolicited and in bulk then the message is spam.
— spamhaus.org

Spam is an Email Scam

I suggest you never do business with a company that contacts you in an inappropriate manner.

If they don't have the integrity to be courteous when contacting you with their offers, what makes you think they'll be there for you when you need support or if the product they sell is defective?

Use Ethical E-Commerce

Ethical net commerce allows you to get your message out to those that are interested without endangering your organization's reputation.

Don't Be Part of the Problem

Anyone offering to "target market" for you is offering to spam others on your behalf.

The consequences can be severe.

Current legislation in California can find you liable for thousands of dollars in damages if even one of your emails sent to a location within California (or any other location with similar legislation) is determined to be spam.
Not all legislation is this effective, but you still can ruin the reputation of your company.

Dealing with Spam: More than One Aspect

On this page the following sections, we'll deal with the following aspects of spam:

How you pay for spam.
Spam is out of control.
Dealing with spam (including locating email headers).
Ethical net commerce: avoid opt-out; use opt-in.
Why spam is continues.

Return to top

Spam Costs You!

Usually the Advertiser Pays

Tradition forms of advertising is paid for by the advertiser. For example, it costs much more to advertise in a newspaper than it does to purchase it. Some newspapers are free to the reader — completely paid for by the advertiser.

But You Pay For Spam

The opposite is true with spam. The reader pays the most!

It is extremely cheap for the spammer to send millions of messages out. If even one person responds to this junkmail, the spammer will recoup his costs.

This reverses the traditional cost/benefit ratio: the reader subsidizes the advertiser.

Subverting Affiliate Programs

The following illustration shows how affiliate programs can be subverted by greedy advertisers:

The problem of spam is illustrated in this scenario: "How Viagra spam works".
The off-shore pharmacies let unethical spammers do their work for them using an affiliate program.
Of course, the manufacturer will protect themselves from having to clean up their own mess.

How Affiliate Programs Normally Work

There is nothing intrinsically wrong with an affiliate program. Affiliate programs provide an incentive for websites to promote products (just as traditional advertisers pay newspapers, radio and TV to promote their products).

Full disclosure:

Selective products on this site are promoted via affiliate programs, including ZoneAlarm security products. I am careful to select programs that benefit site visitors.

I believe the recommended products are the best solution.
I can often provide better pricing via the affiliate program.
I also provide free alternatives for those with more limited budgets.
I avoid site advertising like Google Ads because of potential conflicts with the advice given on these pages.

The Problem: Unethical Advertisers and Products

The problem arises when the affiliate program is subverted by unethical advertisers using spam and other invasive tactics to promote questionable products (gambling, discounted drugs, pornography, etc.).

Return to top

Spam is Out of Control

Spam is Like a 80% Internet Tax

AOL (America On-Line) once estimated that the proportion of spam at 30% of the total volume of emails received by their servers. How times have changed:

We estimate that at least 80% of all e-mail sent to our servers is junk mail and/or viruses, and that amounts to a lot of wasted resources that cost real money!
— islandnet.com

The next time someone suggests that spam is no big deal, remember that you are either paying 80% more for your Internet service or getting 80% less performance. Ouch!

In 2011, roughly 82 percent of all email traffic was spam. It is estimated that scam and phishing messages make up 19 percent of spam, meaning it is essential to be able to spot and avoid email scams. Use this guide to help you dodge the bait.
— ZoneAlarm Blog

That's nearly 20% that is aimed at stealing your identity or your money.

Beware: Domain Registry of Canada

Do not do business with the Domain Registry of Canada (or the Domain Registry of America, both run by Brandon Gray Internet Services, Inc. as Namejuice.com).

Their “Domain Name Expiration Notice” in a brown envelope with a red maple leaf is designed to make you think you're dealing with CIRA and looks like a government invoice.

These “notices” (known as “domain slamming”) show up significantly prior to expiration — long before you normally renew your domain and prior to any authentic renewal notice.

Their intent is to trick you into moving your domain from your current registrar.
Their pricing is exorbitant and they appear to be culling your domain's WHOIS information for purposes contrary to CIRA's legal notice.
This is not the sort of company that you want to do business with at any price!

Return to top

Dealing with Spam

Don't "Opt-out"

Never "opt-out" of something you didn't opt-in for in the first place.

Responding to spam will only expose you to the thousands of spammers that do not reveal their identity or will simply pass your removal request onto their “sales” department — resulting is even more spam.

Few people have the time or resources to determine if the sender is legitimate or not.

Help Keep Spam Out of Your Inbox

Islandnet.com Recommended

I strongly recommend Islandnet.com for hosting your website or email account because of PEP, their sophisticated proprietary system for dealing with spam, and the multitude of services and gadgets that make hosting a site easier.

Microsoft provides some tools to control spam when using Microsoft Office Outlook, Windows Live Mail & Hotmail and Windows Mail (Vista only).

Getting Help Dealing with Spam

These sites can help you deal with spam:

SpamCop determines the origin of unwanted email and reports it to the relevant ISPs.
spam.abuse.net is one of the best anti-spam sites on the net.
The Coalition Against Unsolicited Commercial Email (CAUSE) proposes an "opt-in" system where only those requesting mail receive it.
Network Abuse Clearinghouse helps you deal with spammers.
The Netcheck Commerce Bureau promotes ethical business practices on the Internet.
Scumware.org defines scumware as the "collective term for software that performs unwanted activity on user's computer like malware, PUA, spying/tracking software, etc."
FTC Spam includes resources provided by the U.S. Federal Trade Commission, as well as an address to report spam.
"Virus" Hoaxes — avoid spreading ignorance.

Getting Help Dealing with Investment Fraud

Not all investment fraud is generated by spam, but the warning signs are usually the same. If it sounds too good to be true, it probably is. Nowhere is this truer than when shown investment proposals.

InvestRight's Be Fraud Aware is a BC Securities Commission program to help investors know the difference between legitimate and fraudulent investments by identifying the warning signs.

Finding the Headers

During the process of getting help dealing with spam (or other email issues) you'll often be asked for a copy of the original problem email with the full headers. Email headers is the term used to refer to the tracking information contained in an email (see example).

“Short Headers”

Usually folks only see the “short” headers which include From, Subject and To but can also include CC:, BCC and List info.

More about To:, CC: & BCC:.
List info: is often included on emails that are part of a list. Expanding the list info provides information on unsubscribing and often the list owner, etc.

Locating the “Full Headers”

Full headers refers to the complete information about an email. This varies by email program and mail provider, but usually including a message ID, user-agent (the software generating the email), tracking information, delivery date and more.

Who@ gives details on viewing the headers for a number of email programs.

Return to top

Ethical Net Commerce

Avoid Opt-Out — Use Opt-In

If you're a business or organization, make it a practice to allow people to “opt-in” to receive your newsletters, offers and other promotions. This ensures that those on your list truly wish to receive the material you're sending.

“Assumed Consent” is Sneaky and Unethical

It is really sad that marketing companies have been allowed to spam, calling it opt-out. Shame on them!

Don't be fooled by the term opt-out. It is merely an attempt to sugar-coat spam. It's simple: never do business with a spammer, whatever they call themselves.

Use Opt-In Lists

If you have a website and offer an emailed newsletter or other similar service, you will want to ensure that people are actually wanting your email. This process is called an opt-in list.

This can take the form of a subscription option on your website or an invitation in an email response to a message originated by the other person.

Confirming Opt-ins

Even with explicit permission, you might want to confirm opt-in requests by sending a message to the new address asking them to confirm their intention to subscribe. This way you know it is a legitimate request from someone that has access to that specific address. If you receive no reply, simply remove that address from your list.

You should also include a method for people to unsubscribe to your list in the future. While you should never "unsubscribe" to lists that you didn't subscribe to in the first place, this works with lists that you've provided permission using the opt-in methods above.

Family Lists

While it may be OK to send a single message to your whole family, you might want to check first.

Not everyone wants to receive your pictures of Uncle Joe at the birthday party, particularly if they are on a lower-speed connection — and definitely not all of them.
Everyone knows someone in the family that loves to talk. The electronic version is even more annoying, since you can't simply leave.

Opt-out IS Spam

Avoid Assumed Consent

A number of very large (and not-so-large) use pre-checked boxes beside statements like, I would like to be notified about product updates and information of interest from our partners.

Why do this?

This practice resulted in an astounding 80% assent rate (compared an average of 0.1% response rate in traditional direct mail).

People Aren't Providing Consent

People were not giving their consent — they were simply not reading what was beside the check box.

Companies were forcing people to uncheck these boxes (i.e. opt-out) in order not to have their name sold to other companies for distribution of sales material.

Pre-Checking Boxes is Unethical

This is an unethical “assumed-close” sales technique.

By pre-checking the boxes they forced the user to take action to not register. This is essentially the same thing as companies sending products to you without your consent then billing you. The assumption that you could send the products back is inadequate.

Consumer Protection

Most North American jurisdictions give protection to the consumer — usually in the form of being able to keep the unordered merchandise without making any payment and a “cooling off” period for door-to-door sales. Why should an electronic version be any different?

Marketing Lists

Never purchase a list of email addresses from anyone. Rather than bring you success, this is likely to get you listed as someone with shady business practices.

Why do those marketing these lists usually forge other people's addresses (rather than using their own) if these lists are a legitimate "service" when making their unsolicited sales pitch to you?

Spammers are Cowards

Simply because they only want to deal with the susceptible (gullible) respondents — those clicking on their advertising links.

They'd rather that the real owners of the addresses suffer the high volume of complaints. They only see the result of click-throughs to the website in the message — not the collateral damage. They let the owners of the stolen addresses deal with that.

Hiding Behind False Links

Spammers and scammers often mask the actual destination of clickable links within their messages by making it appear to go to a legitimate address, when in fact it goes to a redirected address.

How can you tell? When hovering over the links in a message, look in the status bar to see the actual destination of the link. It is easy to mask the actual destination so that a link that appears to be "from your bank" actual takes you somewhere dangerous.

Beware of Phishing & Identity Theft

Hint, legitimate banks and companies don't warn you by email that your account is suspended.

Such messages are an attempt to gain access to your account by requesting your user name and password under false pretenses.
This is called phishing and leads to identity theft.
While you're entering information into the fake site, the thief is logging into your real account.

Never follow a link in an email. Type the known address into the location bar of your browser or contact your financial institution directly by phone.

Return to top

Ever Wonder Why Spam is Allowed to Continue?

Have you ever wondered how spam can continue to exist? How can something this disruptive be allowed to continue. Can't governments or companies stop it?

There are three aspects to this:

Spam is profitable.
Legislators don't understand the problem.
Corporate interests often are at odds with effectively dealing with spam.

Perhaps you've wondered, like I have, how spammers can process stolen and scammed credit card information? This would seem to be relatively easy given the numbers quoted in a recent Information Week article:

The Profit Motive

95% of spam-advertised products are monetized using merchant services from just a handful of banks, suggesting payment handling is the weak link in the global spam value chain.

All told, they saw 13 banks handling 95% of the 76 orders for which they received transaction information. (Only one U.S. bank was seen settling spam transactions: Wells Fargo.)

But just three banks handled the majority of transactions: Azerigazbank in Azerbaijan, DnB NOR in Latvia (although the bank is headquartered in Norway), and St. Kitts-Nevis-Anguilla National Bank in the Caribbean.

The article quotes one potential reason:

We have to remember that spam is actually very profitable for the banks and credit card companies that move the money. That might affect how likely they are to actually do something about this.
— Mikko Hypponen, chief research officer at F-Secure

Lack of Prosecution

The U.S. CAN-SPAM Act

If you receive spam from the U.S. that claim to be legal, quoting the U.S. CAN-SPAM Act, they are wrong!

The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of "non-forged" spam OK.
— spamhaus.org

In fact, this legislation is so useless in protecting unwilling recipients of spam it is nicknamed the "You Can Spam Act."

Prosecution is Difficult

As well, the legal action that could stem the tide is more difficult than you might think.

Many operations originate overseas where prosecution under existing laws is difficult or impossible.
This is further exasperated by protection provided by the U.S. CAN-SPAM Act (lawmakers in most states other than California are reluctant to introduce legislation that makes it more difficult for legitimate businesses to use email for promotion and sales).
Hacking and the information gathered through spam is undoubtedly being used by nations as modern espionage. The June 2011 hacking of the IMF may have been triggered by malware when an employee clicked on a link in an email.

However, it is not impossible. It is merely a lack of commitment. There is more attention given to protect big media companies than individuals from such illegal activities.

Spam Legislation

The following sites will help you to learn more about legislation in various countries:

Privacy Commissioner of Canada — Parliamentary Activities
Spam Laws includes legislation links for the United States, the European Union and other countries.

Corporation Interests Hamper Success

AOL, Google, Microsoft, and Yahoo are to Blame

In 2007 ZDNet examined Why AOL, Google, Microsoft, and Yahoo are to blame for spam. It noted that they are the only ones large enough to agree on a global standard to deal with spam effectively and decisively.

It seems the problem is one of cooperation:

Microsoft killed one strategy by claiming their Sender ID is proprietary. They relented (but only after the others had already left the table).
Yahoo! and eBay cooperated on dealing with phishers going after users of eBay while PayPal cooperated only with Google about issues with Google Checkout. None of parties shared the information with the other major email services.

This is also hampered by the anonymity of these free email programs. This is beginning to change. These companies are now seriously investigating methods of authentication that can help avoid spamming.

Return to top

More About Related Issues

Protecting Your Online Identity

The following related pages offer more information about protecting your online identity:

Securing Your Computer

The following related pages offer more information about securing your computer:

Return to top

www.RussHarvey.bc.ca/resources/spam.html
Updated: May 9, 2013