Why SPAM?

by on Jan 16, 2008 | 0 comments

Yes, Spam, is the name for that little blue can of processed “meat” made by Hormel you can find in the grocery store. The meat is junk, which is fitting, but I’m not sure if that’s the source of the word we’ve grown so fond of. Actually, the generally accepted derivation for the word is a Monty Python skit. They had a skit in which a group of Vikings were singing “spam, spam, spam, spam” so loud and often that it drowned everyone out. In the early days of the internet, when the net was mostly populated by nerds of the classical sense, there were very few net surfers who didn’t appreciate Monty Python, so I guess the word caught on and I can see the correlation.

When we hear the word SPAM, our first thought is unsolicited junk mail. For most practical purposes, this covers it. But, some have simply defined it as “unsolicited email”. This is an incomplete definition simply because most of us get emails every day we didn’t directly ask for. It’s simply not plausible for each of us to give people a call and say “Hey, send me an email.”. It’s silly. Others have said SPAM is email coming from an unknown source. Again, this is incomplete because people receive emails every day from people they do not know. If I only accepted emails from people I knew, then anybody reading this book or visiting PC Mechanic at all could never email me. What most people mean when they think of SPAM is simply annoying email. If they find the email annoying in some fashion, then its SPAM. This definition gets a little closer, but it still left to the preference and mood of the recipient and, for this reason, is not a very useful definition. For example, PC Mechanic sends out a Tip of the Day every day. There are always a few people who say we are spamming them and they take themselves off the mailing list. There is nobody on our mailing list who did not directly sign themselves up for it. Therefore, it not unsolicited at all, but that particular day they found our Tip of the Day annoying and therefore, to them, it is SPAM. Again, a very useless definition. How about “unsolicited bulk email” as a definition? Close, but again there are caveats. If I receive an email from my bank or some other company who provides a service to me, then chances are the email is unsolicited. I didn’t ask them to send me emails. But, at the same time, I have a business relationship with them and therefore it is reasonable that I would receive occasional emails from them.

Get the point? Determining whether an email is SPAM or not is a gray area and is, to large degree, in the eye of the beholder. Perhaps the most accurate definition would be “unethical mass email”. Ethics is that effort on each person’s part to perform the most good for the most number. So, on the reverse side of this, if you have a mass email which offends the ethical sense or netiquette of a majority of internet users, it is probably SPAM. Therefore, any email sent individually to a person is not SPAM; it is not a mass email. But, a commercial email (one advertising a product or service) can be if it does the following:

[hidepost=1]

  1. Sent blindly to a large mailing list without any form of targeting.
    Usually, this type of SPAM will be sent to thousands, even millions at a time with the expectation that maybe a few dozen will respond to that ad, whether accidentally or stupidly. These kinds of emails are not of any interest to probably 99% of the people receiving them, and are thus unethical.
  2. Sent with spoofed headers.
    The email header is a block of information appended to the beginning of every email. Think of every email as a packet of information. The body of that packet is what you read in your email client. The header is generally not seen by you when you read the email (some email clients allow you the option to view them), but is useful to the network of servers on the internet which are responsible for delivering the email to you. The header contains the sender of the message, their return address, the subject line, the originating IP address and more. Well, SPAM messages often spoof the headers or use invalid headers. The result is an email which is untraceable or which looks like it was sent from a place where it was not.
  3. Does not contain an opt-out option.
    Any kind of mass mailing MUST contain a working method of unsubscribing from the mailing list.
  4. Is not sent on a list requiring double opt-in.
    A well managed mass email list will require double opt-in, meaning after the email address
    is entered, they receive a confirmation message via email which requires them to perform yet another action to finally subscribe themselves to the list. That action may be to follow a web link or to simply reply. Any other method is unethical, not to mention insecure because then anybody could sign anybody else up for any mailing list.
  5. Performs any kind of tracking or other action.
    Email messages are often opened by the recipient without them even knowing anything about
    it. When you click the subject line in your email client, it shows up in the preview window. Even if it shows there for less than a second, it counts as opening the email. Thus, any email which contains any code which executes on the user’s machine, sets a cookie, or otherwise performs any tracking is unethical and potential SPAM. It should be noted that the use of tracking is ethical if the recipient directly signed up for the list, although such tracking should be mentioned in the website’s privacy policy.
  6. Is Sent using Email Harvesters.
    An email harvester is a software robot which spiders websites across the internet looking for email addresses. These email addresses are usually on “Contact Us” pages and the like, allowing visitors to legitimately contact the site’s author. Harvesters collect these email addresses and saves them in a database, thereby allowing the mailing list to be used and re-distributed to others.
  7. Is Sent using open relay server or unprotected form mail scripts.
    Legitimate emails do not have to hide their identity and usually send through a legitimate source. Using an unsecured relay server (sometimes called an injection point) or form mail script is unethical.

SPAM is sent usually by someone who wants to sell you something. Sometimes these are companies, but more often, these are individuals or fly-by-night small businesses. Sometimes these entities go to a third-party company who they then pay to send a bulk mail on their behalf. Most of the time, these third party bulk email companies are ethical and will seek to enforce anti-spam regulation on their clients. But, other times spammers will use simple home computers to send their bulk email. Computer security experts estimate that as much as 30% of all spam is relayed using compromised home PCs located around the world in home offices and living rooms. These computers are not necessarily set up for the purpose of spamming, but could be vulnerable to outside control, which thus allows the unethical spammer to use that PC as a relay.

But, who is the typical spammer? Usually they are an individual person. They are predominantly male, around 16-35 years old. They are usually living in or working from their home. They are usually technically competent, and you would need to be to devise ways to send emails using other people’s computers. Sometimes, a spammer will be involved with other illegal activities such as credit card fraud. Almost all of them consider their “business” to be harmless and see absolutely nothing wrong with what they do. Properly set up, a single spammer can send millions of emails every single day. A well-known spammer by the name of Ronnie Scelson boasts that he can send as much as 84 million emails every day. They use software like News Blast, Mailbomb or Prospect Mailer. Some spammers will have software custom written to send their bulk mails. Spammers generate income based on sales or leads, so the more emails they send out, the better. Even though nobody really wants spam in their inbox, a few still respond and this is what keeps the spammer in business. For any given 1 million bulk emails, maybe 100 or 150 will respond to it, which is a sales lead or even an actual sale for the spammer. The spammer’s products might be by way of drop shipping or something similar. Some take clients who pay them to send spam, so the spammer will make money for sales leads or simply for the service of having sent the bulk mail. A good spammer can generate a decent income from this practice; some earn as much as $100,000 per year.

Ronnie Scelson, as I mentioned above, is a notorious spammer that is well-known. Based in Louisiana, he is known as the “Cajun king of spam”. He is a high school dropout, early thirties, married with 3 kids. In a USA Today profile, he says “I hate spam as much as the next guy. What I do is not illegal. It’s the people who spam sex, Viagra and get-rich-quick schemes that give commercial e-mailers a bad name.” The article goes on to reveal a man who lives life on the edge, constantly trying to out-flank anti-spam forces online. He chain-smokes. He claims to send out 60 million to 70 million emails per day. He has no qualms about what he does. He says he provides all recipients an option to remove themselves from the mailing list, does not hide behind forged email addresses, and leaves contact info in the email. He has testified before the US Senate about spam, but says openly that if any anti-spam legislation is passed which affects his business, he will simply move offshore.

Scelson makes a good income in the business, too. He works from a home office, but has a dozen rack-mounted servers on 24 hours per day, going though 165,000 emails per hour in order to weed out the roughly 16% that are actually legitimate addresses. He sends those emails to servers located throughout the US, China, South America and Europe. He says he sends them an automated message asking them if they want spam, and if they say yes, he will send them bulk emails. Otherwise, he says he leaves them alone. He charges clients anywhere from $10,000 to $50,000 per month to send their ads, and Scelson estimates he makes $30,000-$40,000 per month in profit. He has a staff who help fend off anti-spam attacks and maintain his various operations around the world.

Scelson is an extreme case of a bulk mailer, and is not really a typical case. But, his notoriety has earned him a threat-filled life, one in which he keeps a 9mm handgun right next to his computer. Scelson has been kicked off of numerous networks and has sued to stay on others. His costs and legal fees forced him to file for Chapter 13 bankruptcy in March of 2003, claiming $500,000 debt.

While Scelson may escape much of the anti-spam tactics, others are not so lucky. There are estimated 2,000 spammers in the United States. Many companies spend millions battling SPAM. Microsoft and AOL have had strong anti-spam efforts. Earthlink has pending legal action on a long list of known spammers. A spammer named Howard Carmack, known as the “Buffalo Spammer”, was sentenced to 7 years in jail on 14 counts of identity theft and forgery in 2004. He was estimated to have sent 850 million emails. Earthlink won a judgment of $16.4 million against Carmack, who was accused of using stolen credit cards to sign up for Earthlink accounts and then using those accounts to send spam.

Some other spammers you can check out are Scott Richter, “Captain Bob” .

You can research spammers on your own using the ROKSO database, hosted by the SpamHaus Project. The Register of Known Spam Operations (ROKSO) is a database of spammers which have been terminated by a minimum of 3 ISPs for spam offenses. Each member of the list has detailed information, including their aliases, media stories on them, etc. They even mention which other spammers they are partnering with, something that occurs rather frequently in the spammer community. According to the ROKSO site, 80% of spam received by users in North America and Europe “can be traced via aliases and addresses, redirects, hosting locations of sites and domains, to a hard-core group of around 200 known spam operations (“spam gangs”), almost all of whom are listed in the ROKSO database”. This is a very interesting database.

[/hidepost]

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: