Feedback

TechWatch: Understanding and Dealing with Spam

When I was a kid I was frequently served Spam, the canned meat product from Hormel. The name is a shortened form of “spiced ham.” I admit I was never very fond of Spam, though I guess it has some nutritional value at low cost. In this era of email, “spam” has taken on a whole new meaning, and all of us using email have to deal with it. The old Spam looks like a choice steak when compared with the modern, electronic version.

Defining Spam

Spam is used rather loosely for a wide range of unwanted email. I’ve found two definitions on the web. The State of Washington Supreme Court recently endorsed the view that:

The term “spam” refers broadly to unsolicited bulk email (or “junk” email) which can be either commercial (such as an advertisement) or noncommercial (such as a joke or chain letter).

Monkeys.com offers the definition, with numerous footnotes of explanation, that:

Internet spam is one or more unsolicited messages, sent or posted as part of a larger collection of messages, all having substantially identical content.

Note the second definition is even broader than the first, since it includes posting in chat rooms in addition to email. Further, the first one limits by example (advertisement, joke, or chain letter) while the second is open ended. The second definition uses “substantially identical” to include electronically personalized email. Neither definition gets at the significantly different types of spam.

Flavors of Spam

Spam comes in many flavors, starting with a very innocent form moving to the downright destructive. At the innocent end of the spectrum, I’ve heard people say they were spammed by the boss when he passed on an attachment he thought would be of interest to his staff. It is true the message was unsolicited by the recipient, and it was identical to all that received it. While this practice could be abused, it is generally not what I would call spam at all, but a productive use of email.

The weekly message I get from Dell to buy another computer or peripheral would be considered spam by these definitions, but is relatively harmless. I have purchased from Dell on several occasions, and it is easy to recognize these solicitations and delete them—until I am interested in the next computer. Passing on jokes comes in this category as well, particularly if the person sending them is known to you and is willing to remove you from their distribution list upon request.

More bothersome are the solicitations from generally legitimate vendors that are simply trolling for customers. Offers to buy ink cartridges, stocks, and prescription drugs through the mail, etc. can be downright annoying because of the sheer volume. I have no interest in the products, and probably never will. The spammers are simply taking advantage of the much lower cost compared with junk physical mail, since both reproduction of the message and mailing the message are essentially free. It becomes my job to sort them out and delete them. I recently learned that spam is international when I received what I believe was a spam in Polish.

Beyond these are several flavors of spam that are much worse. Here are several examples from my recent deletions.

I received an email at my university account entitled “Semester Information.” This made it past all of the standard filters, but was an offer for a “teeth whitening” product. Content misrepresentation adds to the irritation with spam.

Offers for products that either don’t exist or have no value are worse yet. Recently deleted examples include, “get a college degree without leaving your living room,” or “enlarge your body parts.” The sheer volume of pornographic spam, not to mention its content and the large number of people who have become addicted to it, is also disturbing.

Spam can also affect your reputation. I received an angry email recently asking me to stop sending advertising for pharmaceuticals or they would report me to the authorities. After an interchange of notes, we found out someone was “spoofing” the ethix.org web site.

Hoaxes, including false virus warnings that suggest you delete files on your computer, have deceived many unwary users. A couple of sites that offer help in identifying these are: www.zone-h.org/en/spam and www.urbanlegends.about.com/library/blhoax.htm.

Spam can go beyond nuisance or reputation to being destructive. I received an email recently that looked like an official notice from eBay, a company I regularly do business with over the web. Entitled “TKO Notice: ***Urgent Safeharbor Department Notice***,” it came from a legitimate eBay email address. The notice, complete with a fraud case number, said there had been a problem with my account, and it would be shut down if I didn’t verify my eBay account name and password within 48 hours. I admit I paused over this message longer than I should have, looking at the legitimate logo and email address. I finally dropped a question to the eBay helpdesk and was assured this came from a spammer “spoofing” the Ebay host, attempting to steal access to my account.

So while all spam is a time waster, not to mention a resource waster as it potentially jams our networks and servers, all spam is not the same. What is being done about all this spam?

Dealing with Spam

The simplest defense mechanism is to simply delete them. Often it’s easy to recognize spam by the strange return address (these artificial addresses are continuously changing so they can’t be tracked) and the strange or non-existent title.

More sophisticated solutions include spam filters that are being made available through Internet hosts. The simplest of these are rather ineffective, since they require you to identify a message as spam and then the system will block further messages from that sender. Since the more prolific spammers continuously change addresses, these simple filters don’t help much. More sophisticated filters are available as well. One of my service providers, AOL, claims a significant decrease in unwanted emails due to their filters, but nothing I can do will filter out the daily offers from AOL.

Some people use “opt in” type filters where they only accept email from specific addresses. This can be very effective in blocking unwanted emails, but can also block legitimate mail. I found out our graphic artist has this kind of filter when she didn’t receive an email I sent her from another account.

Developing tools to block spam has become a high priority. “We’ve got to have the right tools and the right processes. The people who attack these systems are getting more and more sophisticated,” said Bill Gates, Microsoft Chairman, speaking at the RSA conference in San Francisco in February, according to a story in the Seattle Times on February 25, 2004.

Legal action is another approach. Microsoft teamed with the New York State Attorney General Eliot Spitzer announcing legal action against the largest spammers, according to a December 18, 2003 article by Jon Swartz in USA Today. This article also states that spam will cost U.S. companies an estimated $10 billion in 2003, a number attributed to CipherTrust, an anti-spam and email security vendor. I admit to some doubts about numbers like this, which seem rather self-serving coming from vendors who supply tools to stop spam. Seamus Phan (p. 18) discusses this in his column on viruses.

What gets the tech community’s interest is the decline in usage of email because of spam. According the Pew Internet and American Life Project, as reported in the March 22, 2004 Seattle Times, 29 percent of email users have reduced their overall use of the medium because of spam.

Beyond filters, whether manual or electronic, and legal action, what else can be done about spam?

In a radical approach, Gates put out the idea of charging a “postage fee” for email at the World Economic Forum in Davis, Switzerland in January 2004. He proposed establishing a threshold price that would discourage spammers (it’s no longer free) but allow email to go on in the spirit of today. The option of allowing people to establish a high cost in order for email to get to them was also considered. For example, a CEO might only receive email where someone paid a dollar or more to send it to him or her.

This proposal is fraught with difficulties and unintended consequences. Who collects the money and what is it used for? Who decides when to raise the price and by how much? In an article posted on CNN.com in March 2004, one commentator on this proposal asked what would happen to chat communities, like a cancer support group, if charges were made. Charging would change the nature of the Web and needs to be very well analyzed before it is seriously considered.

In spite of the challenges of defining and dealing with spam, in January 2004 Gates promised the World Congress a solution in two years. “Two years from now, spam will be solved,” he told the World Economic Forum delegates in Davos, Switzerland according to an AP report.

Conclusion

In the past two weeks I have received email from people in Bangladesh, Nigeria, Singapore, Switzerland, and China as well as people all over North America. I simply couldn’t assemble Ethix without email for reviewing articles, establishing meetings, and managing our distribution list. Email is not an optional capability these days for most businesses, but a vital productivity tool.

In the past two weeks I have deleted countless offers for web marketing, pornography, relationships, and medical procedures. Like any other technology, email is double-edged. There are great benefits along with the downsides. Perhaps a comment a physician made to me about pharmaceutical drugs is relevant here: “If there is no side effect, there is no main effect.”

I am supportive of the technology community, along with the legal community, continuing to work on the issues of spam. Progress will be made in specific areas, but new and sophisticated spamming will continue to develop and any progress will help. I don’t believe the problem will be solved in two years. And in spite of spam, I believe the benefits of email will continue to far outweigh the pain.

erisman-thumb

Al Erisman is executive editor of Ethix, which he co-founded in 1998.
He spent 32 years at The Boeing Company, the last 11 as director of technology.
He was selected as a senior technical fellow of The Boeing Company in 1990,
and received his Ph.D. in applied mathematics from Iowa State University.

Share Your Thoughts