Smart Computing Article - Defending The ’Net

Subscribe Today | Contact Us | Register Now

Home | Tech Support | Q&A Board | Article Search | Subscribe & Shop

Defending The ’Net

Email This

Print This
View My Personal Library

Computing Basics August 1999 • Vol.10 Issue 8	Add To My Personal Library
Defending The ’Net Keep Spam Out Of Your Inbox

Internet spam, not to be confused with the fine meaty product from Hormel, is generally defined as unsolicited E-mail or postings sent en masse. You may consider it just "junk mail" that accumulates in your inbox until you delete it. But if you consider the millions of users online, all receiving unwanted ads every day, you can begin to imagine the hard drive space and Internet bandwidth consumed by spam. Like it or not, spam affects everyone online, but we can help you reduce your exposure to it.

Spamming The Globe

In the early days, online users communicated via bulletin board systems (BBSes) and their early in-house electronic mail (E-mail). Most of the traffic was from special interest groups posting messages, but when disagreements got out of hand, people started posting "flames" (or argumentative messages). Eventually, the flame wars spilled over into the personal E-mail. Because these early in-house mailboxes had limits of 10-30 messages, malicious users would repeatedly send an electronic message to a victim's mailbox until there was no more "room" to receive them.

Many online users were familiar with a skit by the British comedy troupe Monty Python, in which a group of vikings chanting "spam, spam, spam, spam, (lovely spam!)" in a restaurant eventually drown out everyone else's conversations. Thus, clogging someone's mailbox became known as "spamming."

Today's spam usually isn't an attempt to max out anyone's inbox. At its worst, it's messages trumpeting stocks, pornography ads, solicitous chain letters, or get-rich-quick schemes. Spammers often use provocative subjects to get you to read their message, such as "Hot Stock Tip!," and some even fraudulently alter their message's header (listing of where it's been) to pretend it came from somewhere else. Sometimes their tactics are patently illegal but difficult to prosecute. "It's clear they're moving toward a new level of sophistication," says Ray Everett-Church, co-founder and counsel for Citizens Against Unsolicited Commercial E-mail (CAUCE; http://www.cauce.org).

With all of this in mind, we'll tell you how to reduce the spam you get in your inbox, and why the problems with spam are more than the inconvenience of deleting a few worthless messages.

What's The Harm?

It is easy to delete spam, so you may be wondering why it infuriates some people while it merely annoys others. For one thing, spam is a 'Netiquette no-no; for another, some of the messages invading your inbox may be offensive or disturbing, especially for young users. Finally, you probably didn't spend hundreds or thousands of dollars on a PC, modem, and Internet connection just to receive a deluge of junk mail.

These are compelling arguments, but the greatest harm from spamming is economic. The sheer volume of bulk E-mail slows down every Internet service provider's (ISP) servers. With a click of a button, a spammer can send a message to hundreds or thousands of addresses. But each message must be routed through the spammer's ISP, your ISP, and any proxy servers in between (not to mention the fileserver in your workplace.)

While it is possible to block E-mail messages at any of these points, most ISPs normally don't screen for spam. This is because filtering would not only slow down its system's overall performance but also may let in either too much spam or exclude too many "real" messages.

Rich D'Amato, a spokesperson for America Online (AOL), estimates 5%-30% of AOL's E-mail traffic may be spam. This means its subscribers (and those of virtually every other ISP) could be enjoying much faster service if it weren't for spam.

How They Get You

"Be aware of how spammers get a hold of [your] E-mail addresses," Everett-Church cautions. Spammers either buy mailing lists or use automated programs (called robots or harvesters) to comb the Internet for E-mail addresses. They then send their sales pitch to their entire list in the hope of making money from a very few.

Some of the favorite hunting grounds for address-gathering robots are chat rooms, forums, and Usenet groups in which people divulge their E-mail addresses. If your loathing of junk E-mail outweighs the benefits of publicizing your address, don't do it.

Still, don't confuse spam with legitimate E-mail you've "asked" for. If you've ever entered an online contest, filled out a survey, or bought an item online, expect some E-mail from that company. The reputable ones let you "opt-out," or specify you don't want any mail from them; the nicest companies only contact you if you opt-in.

Once Sam Spade's Traceroute sings like a canary, you can Finger the dirty rat sending you spam.

Avoiding Spam

A byproduct of our interconnected information age is that it takes a lot of effort just to be left alone. This is because there is a fine line between avoiding spam and missing legitimate messages. Still, there are several decisive steps you can take.

Protest it. Contact your state and federal legislators and make your feelings known. This is the only tactic that seeks to stop spam before it reaches your ISP.

Filter it. See "Trashing Spam" for some tips on filtering spam from various browsers. Just be sure to adjust the software's settings and test it for a few weeks to ensure it doesn't exclude messages you really want to receive.

Trace it. Look at the message's header (in Microsoft Outlook, click Help, Contents And Index, type headers, downloading, and then press ENTER. Next, follow the directions for downloading headers). You'll see a list of the servers the message traveled through to reach you. Generally, the last "from" in the list is the sender's ISP, but many spammers are knowledgeable enough to forge their "signatures." If you have no luck with the last ISP listed, try contacting the next one up, and ask for its help (see the next tip).

If you use Windows 95, Windows 98, or Windows NT 4.0, and you want to find the spammer, there is a free, powerful program with many spam-hunting features called Sam Spade. You can download it from http://www.blighty.com/products/spade.

Type the spammer's address in Sam Spade's top entry blank, and then click the Whois icon. This feature may give you the name and contact information of the sender's domain. Other features, such as Finger and Traceroute, may help you pinpoint a trickier spammer.

Contact the ISPs. Ask your ISP if it uses spam-filtering software, such as MindSpring's Spaminator (http://www.mindspring.net) or other services.

Many unsolicited E-mails suggest you reply to their message with the word "unsubscribe" in your text if you're not interested. The suggestion may be legitimate and your name might be removed from a bona fide marketing list. However, it's more likely that by replying, you may encourage an unethical sender; after all, you've confirmed your E-mail address is current and valid. Unfortunately, there is no easy way to tell which is which. If the spam continues from that source, your best bet is to politely complain to the ISP listed in the sender's address or uncovered by your tracing.

If the spammer's address is fraudulent, legal penalties are much more severe, and your own ISP (and maybe even the Federal Communications Commission or Federal Trade Commission) should be motivated to track down the offender. They may ask you to forward the spam to them with instructions on preserving the spam's header.

Some activities may not be illegal, but may violate an ISP's terms of service. For example, EarthLink (http://www.earthlink.net) prohibits not only illegal activities such as hacking but also sending the same message to the same address more than 10 times. Your own ISP's regulations should be easily accessed from its home page.

Mung it. If you give your E-mail address when you post a message to a newsgroup or sign up for something online, you are exposing it to the address-gathering robots mentioned above. Because they usually grab any word with an @ sign in it, put an obvious typo in your address whenever you're asked to enter it at one of these sites. (You're not reconfiguring your E-mail account, you're just putting errors into the address you give in public.) This is called "munging" (Mash Until No Good).

For example, if Paco@someISP.net wants to post an opinion somewhere, he could mung his address to read Paco@someISP_NO_JUNK.net when a site asks him to enter it. For personal responders, he could say "take _NO _JUNK out of my address to reply." Of course, a spammer could take the time to do this but most won't.

Be aware that when you register for access to certain sites, they will send a confirmation message to the E-mail address you give. If you don't reply to this (or don't receive it because you provided a munged address), your registration won't go through. Unfortunately, some of these sites sell their lists of confirmed addresses to spammers and can promise there won't be any munged or false accounts. You'll have to rely on other methods of avoiding this spam.

Other Tips

Make sure you have an up-to-date browser. Many early browsers were lax about keeping your E-mail address reasonably private.
If your ISP keeps a directory of members, don't let it publicize your E-mail address.
Be wary of E-mail messages from sources you don't recognize.
Don't spam the spammer. This ties up the ISPs even more, which defeats the whole purpose, and it could get you into trouble.

However indirectly, the E-mail you receive, including spam, costs you money. Don't resign yourself to paying for someone else's sales pitch.

by Marty Sems

Legislating Spam

Spamming closely resembles the illegal practice of advertising by fax. The cost of sending the fax is much less than the paper, electricity, and toner costs of the people receiving it, so they essentially foot the bill for the ad campaign. This is the chief argument against enterprising individuals who proclaim their right to advertise through unsolicited E-mail. Bear in mind that TV, radio, newspaper, and Web site ads are all paid for by the advertiser, but spam is paid for by you.

Enter the regulating hand of legislation. Many spam-related bills have been introduced on the state and federal levels, and some have already become law.

State legislation. In April, Virginia passed the Computer Crimes Act, which outlaws unsolicited bulk E-mail, the falsification of a message's header, and any software that facilitates either. In California, sending spam to or from certain domains (after being told not to) is considered trespassing and can result in a $50-per-message fine. Other provisions require advertisements to be clearly labeled as such, and they also must allow customers to opt-out of the mailing list.

As of press time, about a dozen other states are pondering the merits of their own antispam legislation, including Maryland, Texas, Wisconsin, and North Carolina. The North Carolina bill also would ban unsolicited bulk E-mail that is intended to overwhelm a computer or disrupt its operation.

Federal legislation. It appears Congress is also listening. A handful of bills that would regulate unsolicited commercial E-mail have been introduced in both houses. In the Senate, the Inbox Privacy Act of 1999, if passed, would force spammers to honor domain owners' requests to stop sending unsolicited E-mail to the domain.

In the House of Representatives, the Internet Growth and Development Act of 1999 would back up the spam policies of an ISP with the force of law. A civil action by a service provider thus violated could cost a spammer $50 per message or $25,000 per day. In addition, the Internet Freedom Act would make it a crime to falsify a message's origins or distribute software designed to do so.

Legal concerns. One of the chief problems in drafting such legislation lies in determining its scope. The federal bills are designed to supercede state legislation and expand their jurisdiction. But by extension, the jurisdiction of federal laws over the worldwide Internet is uncertain. Just as individual nations must come to grips with online material that is prohibited in their countries but legal elsewhere, the United States may have problems enforcing regulations against spam that originates in other countries.

The provocative portion of Virginia's antispam legislation is its assertion that it will apply to any Internet traffic that passes through the state. Because an enormous chunk of the world's online communication passes through the northern part of the state (because many major ISPs and servers are located there), the jurisdiction gauntlet has been decidedly thrown down.

The CAUCE Web site (http://www.cauce.org) offers a collection of updates on this turbulent legal scene.

Want more information about a topic you found of interest while reading this article? Type a word or phrase that identifies the topic and click "Search" to find relevant articles from within our editorial database.

Home Copyright & Legal Information Privacy Policy Site Map Contact Us