SPAM - Junk E-Mail

If your mailbox at home is anything like mine, you go through the daily ritual of filing / flinging your junk mail in the trash. Junk mail has become a common practice in our society, and if you have a mailbox registered with the United States Postal Service (which most U.S. residents do) then you've received unsolicited mail. But can junk mail be sent to your e-mail address, and if so, where does it come from, can it be stopped, and should you report it to someone?

Let's look at these questions one at a time, starting with the first. Can junk mail be sent to my e-mail address? The answer is yes. Many of us, especially those with access to the Internet, have experienced junk mail in one form or another. We've seen it as: "Money-Making Blockbuster"; "It's Your Turn to Win"; and the most common come-on, "Forward This to All Your Friends".

But where does it come from? Most of it originates from the Internet, and it's the electronic equivalent of junk mail. This type of e-mail has been given the name "spam" by the e-mail community, and the senders of unsolicited e-mail are known as "spammers". Note: spam is not an acronym. It is a slang name for Unsolicited Commercial E-mail (UCE). Spam basically involves sending e-mail to large lists of people with whom there has been no previous relationship. The e-mail addresses may have been "harvested" from AOL or CompuServe forums and member directories, classified ads, public newsgroups, etc.

Spam or unsolicited e-mail is enormous in volume (number of messages). Estimates vary widely, but calculations indicate that 30% of all e-mail is unsolicited. Well, what's the problem. Just delete it, right? Wrong. Spam costs the sender next to nothing. However, that does not make it free. The messages have to be carried. One of the largest expenses that Internet Service Providers (ISPs) face is telecommunication bandwidth. If they are carrying a lot of junk mail, they (and us) are paying for it. It also clogs the overall system, making it slower for everyone involved. It costs the recipient, who opens and usually reads whatever it is before clicking-on delete. Estimates of the value of the loss of time run into many, many hours and hundreds of dollars a year per employee or other measure. Many organizations have been hit with spam attacks causing deteriorating system resources and productivity, as well as embarrassment for some when the subject was of a sensitive nature.

Can't spam be filtered? In theory, yes, but in practice, not really. Spammers are constantly finding new ways of hiding their addresses, disguising their messages, and otherwise evading anti-spam technology. One favorite method of penetration is deliberately misspelling key words, like "Viag*a", "gi*ls", "sin*les", and "d*et," so as not to invoke automated spam removal software. Another is offering unwitting consumers an "unsubscribe" link. If you click on it, you only confirm that your e-mail address is active. This information is then sold to other spammers.

A recent Harris Poll found that 74 percent of Internet users want spam banned outright, with only 12 percent opposed. Eighty percent said they found spam "very annoying." Not surprisingly, anti-spam groups are flourishing. One of the biggest is Spamhaus of Great Britain, which issues "blacklists" of fraudulent spammers and alerts their service providers in order to attempt to get their accounts cancelled.

Can it be stopped? Probably not, but there are ways to reduce the spread of spam (pardon the pun). First, never reply back to a spammed message. Doing so lets the sender know that the e-mail address is valid, and more valuable for future mailings. Second, when using the Internet, be cautious to whom you give your e-mail address to. Many spammers purchase large lists of e-mail addresses from other companies on the Internet. Third, never forward spam messages throughout your organization. Become part of the solution, don't become a spammer yourself.

Who can I report a spam attack to? Well, in most cases a single spammed message should just be deleted without any further investment of time, but if you and/or your organization have repeatedly received spammed messages from the same entity, you can report the spammer to one of the many spam watchdog groups available on the Internet - dedicated to stamping out unsolicited commercial e-mail, newsgroup spamming, and other forms of e-mail abuse... they'd be glad to hear from you. They also provide instructions on how to filter e-mail, defend a site from exploitation, and get involved in the fight against spammers.

HUGE Update: U.S. House passes antispam bill.

The U.S. House of Representatives voted overwhelmingly to approve antispam legislation that could end more than six years of failed attempts to create a federal law restricting unsolicited commercial e-mail.

This should put a damper on unwanted e-mail advertisements for undesired "stuff" as disguised above by imposing fines and jail time for offenders. It passed by a vote of 392-5. The Senate is expected to follow soon. President Bush has indicated he will sign the measure, titled the "Controlling the Assault of Non-Solicited Pornography and Marketing Act" (CAN-SPAM).

CAN-SPAM appears to be a compromise that's not as far-reaching as some antispam advocates had urged. It does allow the Federal Trade Commission to establish a "do not spam" registry, overrides many state laws, and imposes an "opt out" standard instead of a more stringent "opt in" requirement.

If the measure becomes law, certain forms of spam will be officially legalized. The final bill says spammers may send as many "commercial electronic mail messages" as they like as long as the messages are obviously advertisements with a valid U.S. postal address or P.O. Box, and an unsubscribe link at the bottom. Junk e-mail essentially would be treated like junk postal mail, with nonfraudulent e-mail legalized until the recipient chooses to unsubscribe.

Other sections of the bill prohibit the following:

• Falsifying e-mail header information or using either a mail server or open relay to "deceive or mislead recipients" about the origin of a commercial e-mail message. Also outlawed is registering for "5 or more" e-mail accounts or "2 or more domain names" with false information and using them to send commercial e-mail messages. Penalties include up to three years in prison for a first offense.
• Sending commercial e-mail with deceptive subject lines that "would be likely to mislead a recipient."
• Sending commercial e-mail that does not include "a functioning return" address or a link to a Web form that is capable of accepting unsubscribe requests.
• E-mail address "harvesting" by crawling Web sites, and automated guessing of e-mail addresses by trying mike1@hotmail.com, mike2@hotmail.com, etc.
• Using automated methods such as scripts to sign up for free Web-based e-mail accounts such as ones provided by Hotmail or Yahoo.
• Sending commercial e-mail with "sexually oriented material" unless it includes a label to be devised by the FTC. That requirement does not apply to opt-in lists. Violations can be punished by up to five years in prison and a $250,000 fine.