Spam,
Its
Effects
And
Solutions
By:
Lorena Delgadillo &
Yevgeniy Bangiyev
CS 312
Prof. Carol Wolf
Introduction
Spam on the Internet is an example of how new technologies, along with benefits, create problems. The Internet allows people to communicate and access large amounts of information, however, the hundreds of millions of internet users world wide have their online experiences being ruined by spam. Spam is a source of frustration for people, especially those who don’t know how to deal with it. This annoying problem has developed and grew with the Internet. As the number of internet users increased and the Internet became more important in society, spam turned into a serious issue that raises legal implications globally. What laws are there against spam? Who are the spammers? Are people taking the right precautions to prevent spam? What is the future of spam and how can it be stopped?
What is Spam?
SPAM
(“SPiced hAM”) is a type of canned meat that appeared in the 1930’s as a product of Hormel Foods Corporation located in Minnesota,
US (Wikipedia). In 1970, this
food was the object of a memorable skit on a British comedy show, Monty Python’s Flying Circus. The act was about a café that served
lots of SPAM with everything. One of the items on the menu was “SPAM, SPAM, SPAM, SPAM, SPAM, SPAM, baked beans, SPAM, SPAM, SPAM and SPAM” (Wikipedia). The word was used and sang so much that it was
remembered in association with something unwanted being annoyingly communicated
over and over. Many early users of the Internet were fans of the show and started
referring to bothersome, unwanted chat room, email, and Usenet messages as spam
(Garg). The new term
eventually became a popular way of denoting any message communicated over the
Internet that disturbs a user from his/her online activities.
Spam in its many forms:
·
Email spam – Email messages sent to hundreds, thousand, or
even millions of addresses at once. Being offers of products and services,
chain letters, or scams, they are uncalled for and extremely rarely have any use
for the recipient. This is the most common type of spam and many sources define
spam as only these kinds of messages.
It is not
uncommon for an individual to find his inbox mostly filled with these types of emails.
Recipients are faced with the nuisances of sorting out the legitimate mail from
worthless spam and with constantly cleaning their inboxes to avoid reaching the
mail capacity limit.
·
Usenet/blog/forum spam – Spam on message boards can be even more
annoying for users that use them frequently. Places on the Internet where
people come to discuss certain topics were the first targets of mass spammers. Disturbing
discussion is unpleasant in person, but is equally irritating on the Internet.
This disturbance can be in the form of commercial advertising or have nothing
to do with it. A user posting something of no use or off-topic over and over is
also considered spamming. Administrators of these discussion places are forced
to keep close watch for spam. Also, it is important to note that spammers use
message boards to get valid emails they can spam their messages to.
Flooding
could also be categorized as non-commercial spamming; the term refers to any
spamming action intended to bring down a message board or at least make it
unreadable, for example, posting huge amounts of messages and/or pictures to cause
valid discussion to be overwritten due to storage memory limits or cause the
site to go down because of limits on bandwidth.
Furthermore,
most forums have a private message feature, which basically is the same as
email, but differs in that only the forum users can communicate through it. Just
like email account, the private inboxes of forums can also be subjected to
spamming, however, on a much lower scale since the spammer has to register on
the forum.
·
Chat room spam – These places of discussion differ in that people
communicate through them in real time. Chat rooms basically face the same spam
problems as message boards, including being targets of flooding and a source of
emails to spammers. A unique spamming method used in certain types of chat
rooms like IRC (Internet Relay Chat) are chat bots –
programs that connect to rooms (or channels as they are called in IRC) and automatically spam either for
commercial purposes or for other reasons such as flooding (Wikipedia).
·
Instant messenger spam (SPIM) – Programs used for real time communication
between two people, such as AOL Instant
Messenger, MSN Messenger, and Yahoo Messenger,
have not escaped spamming. IM services have a listing of user screen names with
their profiles that contain user information like age and location. Spammers
use this information to target users with specific advertising (Festa).
·
Pop-ups – Anyone browsing the Internet has encountered
pop-ups or new, usually smaller, browser windows that appear with an
advertisement when one connects to a website or clicks something. There could
be one or multiple pop-ups at one time. Most are easily closed by the user, but
some bring on other pop-ups when closed. Other types of pop-ups intrude on the
window being browsed and don’t let the user continue with the page, asking the
person to make some kind of a choice or forcing him/her to wait for a message
to finish playing.
There are
pop-ups that install spyware through the use of javascript, often tricking the
user into installing it by saying that it is “required software.” The spyware runs
through a process that loads with windows and usually causes frequent pop-ups
when the user is connected to the Internet. Adware is similar, but is installed
with the “user’s consent” and can be removed with ease through an uninstall
feature. Since it still sets off unwanted pop-ups and the user is usually also tricked
(although less blatantly than for spyware) into installing it, most adware is considered
a source of spam too.
Browser
hijackers are a specific type of spyware that make registry changes to the
browser settings, such as modifying the user’s homepage to one that has many pop-ups.
Random pop-ups are typically activated by a browser plug-in rather than a windows
process. Victims of browser hijacking find themselves confused as to why they
can’t change their browser preferences back (the settings always revert to the
hijacker’s defaults or they can’t be changed at all).
There
are other types of spam, for example, spamdexing, which is a way of attracting
people to a site by increasing a website’s chances of being at the beginning of
search results. It involves putting many different keywords concerning some
subject on the webpage, therefore spamming keywords and potentially spamming
the user of a search engine with useless results (Wikipedia). Generally, spamming in internet slang has
come to mean doing anything online many times over, so spam has many other
forms and meanings other than the ones listed..
Who is Responsible?
As was mentioned before, spamming could be
done for commercial or non-commercial purposes. The majority of spam the
average PC user faces is commercial. Companies of all kinds, legitimate or not,
send out spam or most often, pay spammers-for-heir to do the job. These spammers’
pay generally depends on how much sales his/her spam generates. The income of a
spammer can range from a negligent amount to thousands of dollars a month. Individuals
who become spammers usually have trouble finding employment and look for an
easy way to make money (Feinstein
7).
Spamming software is created by spammers and
sold to other spammers. Programs are designed for sending out mass emails, spamming
message boards, chat rooms, and instant messages. Other programs gather email
addresses, screen names, and further spam useful information from message
boards, chat rooms, and instant messages listings. Spammers also write code for
pop-ups and the spyware they spread (Feinstein
6).
Additionally,
email spammers use software that generates likely email addresses, only a small
percentage of which are actually valid (Comentum). Most recipients won’t even
read the spam mail let alone buy what is offered. With these facts in mind,
spammers know they have to send out millions of messages to get enough
customers and, therefore, make money.
In
countries that have anti-spam laws, legitimate companies are forced to make
sure that they or their spammers don’t violate the rules when sending out spam.
However, enforcement of spam laws is rare and many businesses don’t follow them,
especially when they send email to people in other countries. Illegitimate
businesses that offer products illegally and/or aim to scam customers don’t
follow any spamming laws of course. Often, spammers are the ones who initiate
scams (meaning they are not hired by illegitimate organizations to spam scams)
(Feinstein
7).
Spammers
make use of free email service providers, like yahoo, to provide themselves with
multiple email accounts that they send spam through. Those encaged in illegal
spamming take careful precautions to cover any traces leading to them and often
send messages that have fake or no return addresses. To send mass, untraceable
emails, spammers frequently use botnets, which are networks of hijacked PCs or
company servers (Wikipedia).
Another characteristic of email spam is
that the sender has nothing to do with the receiver. This is to distinguish the
also useless and unwanted announcements or advertisements sent by legitimate
organizations associated with the recipient such as his/her email provider or another
company the person is a customer of. In these cases, the person knows who the
sender is and can easily stop future messages by requesting so, therefore, this
is not considered spam (but then again many also categorize this as spam).
There are no laws against pop-ups and even reputable websites have new windows jumping out at the user. Because advertisers pay more for them than for banners or side ads, pop-ups are attractive to website owners, especially ones that provide free services and exist only on advertising. Since pop-ups may make people want to stay away from sites that use them, site owners have to make a choice of how much pop-ups they should have or if they should have them at all.
Most websites that illegally market or offer free products, such as software or pornography, heavily spam pop-ups. These types of sites are the ones that force spyware upon users. Often, people browsing these sites, confused by the multitude of new windows, click on the wrong thing or agree to install something they should not have (Wikipedia).
Lastly, message board, chat room, and instant message spammers are basically the same ones who send out email spam. However, users of message boards and chat rooms are more likely to experience non-commercial spam. Such spam is often done by other users who spam such things as their website. Many times users also post some useless message just to be annoying and bring attention to themselves. In the worst cases, unfriendly users may flood (explained earlier) a message board or a chat room if they have something against those places of discussion or their users.
History of Spam
The origin of spam can be traced back 1978. On May 3, 1978, a Digital Equipment Corporation (DEC) marketer named Carl Gartley used his colleague’s account on Arpanet, a network system created by the Department of Defense in 1968, to advertise DEC’s new models of the DEC-20 computer to people on the west coast. The sender did not know the mailing system well and started typing the rest of the long list of email addresses in the Subject after he ran out of space in the To and CC fields. The result was a message with a very long subject consisting of emails and a long Body also being made up addresses, which overflowed from the Subject field. The actual message was way at the end. This is considered to be the first spam because most users did not want to receive the e-mail, it was annoying to read (due to its length and structure), it was sent in a bulk, and in one case, it crashed a person’s computer (Templeton).
Four year later, the first e-mail chain letter appeared (Robat). By the end of the decade, MUD (multi-user dungeon - an early chat room system for gaming) users who were known to flood their databases with unwanted data, first used the word spam in reference to unwanted online messages.
On
Over
the next ten years, spam spread from being a problem of email and Usenet users to
affecting people who use instant messaging, blogs, forums, or simply browse
websites. Spam has become something people have to learn to deal with if they
want to use to the Internet.
Preventing Spam
There are many advices email spam prevention sources give. Obviously, providing emails to unknown sites or people is not a good idea. Moreover, since spammers search the Internet for valid emails, it is advised to not reveal email addresses publicly when ever possible. This means not posting email on websites, message boards, and chat rooms if there is no real need to (Feinstein 7). When a person does decide to post his/her address, munching it helps throw off automated bot email address collectors that are deployed by spammers. Munching refers to altering the email in a way that people will only understand how it was originally, for example, myemail@website.com could be changed to myemail@website<(dot)>com or myemail at website dot com (Comentum). With munching people have to be ever creative since the spam bots are always reprogrammed to recognize common deceptions.
Another counter measure is having an email that one does not use much. This secondary address a person can give out without worrying about the consequences (Feinstein 7). Furthermore, it is silly for a person to respond to spam by asking the sender (whether politely or not) to stop sending email. The spammer, if the return address does exist, most likely will be alerted that the person’s email is valid and will put it in his/her database of working emails, resulting in more spam for that person (Comentum).
Also foolish, is buying products offered by spam, not only because of potential fraud, but because buying encourages spam. Millions of people actually purchase goods advertised to them by spam (Rainie), which gets spammers paid and fuels their trade.
Reporting spam to ISPs or third party anti-spam websites is recommended. If the return address is valid, the spammer could easily be blocked by the ISP and the user. Internet providers can also track the spammer’s IP, which can be blocked too. More importantly, the IP identifies the spammer who can then be banned by his/her ISP or even sued if the spammer lives in a country with anti-spam laws. However, smart spammers have methods to conceal their IPs or use botnets to send their spam, in which case, the owner of the hijacked computer can unjustly get into trouble (Wikipedia).
Most email providers have spam filters, allow users to adjust these filters, and provide an easy way of reporting spam. The effectiveness of spam filters varies with email providers. For example, Google Mail blocks spam well, while MSN Hotmail does not. This may not have to do with filter quality, but could be because Hotmail does not seem to be willing to filter legal spam as much. MSN Hotmail also makes emails available for spammers by listing them on Internet White Pages directories (Leyden), unless the user specifies not to.
Instant
message services also allow users to block abusers and report spam. As for
message boards and chat room type discussion places, a user there, besides not
giving out mail (or not spamming him/herself), cannot control spammers. Whether
commercial spam or an angry user attempting to flood, it is the administrators
and moderators that must take care of spam on such internet places.
For the problems of pop-ups and
adware/spyware, there are plenty of prevention applications, both free and
for-charge. GoogleBar and YahooBar are good for getting rid of annoying pop-ups
while browsing. Also useful are programs like Ad-Aware and SpyGuard,
which stop any attempt to install adware/spyware. Anti-virus and security
programs are helpful in that they block malicious javascripts that pop-up on
websites and some, like Norton Internet
Security AntiSpyware Edition and Zone
Alarm, also block adware/spyware.
In case of adware/spyware removal, Ad-Aware, SpyGuard, along with Spybot:S&D and the mentioned security programs are effective, but less so against browser hijackers, which often require other special removal programs, like CW Shredder. Some spyware and especially browser hijackers cannot be removed by any programs and have to be eliminated manually by following specific instructions. It could be difficult for a user to find these instructions on the Internet since identifying malicious programs, again this especially concerns browser hijackers, can be a pain. In these cases, diagnostic programs, like HijackThis, may help.
Legal Issues and Laws
Spam
is not only an annoying problem for individual users, but is a major concern
for business. Companies face productivity and bandwidth costs forcing them to
use expensive filtering technology and waste money on other maintenance
measures. These costs add up to tens of billions of dollars annually (Zeller).
What
can be done to stop spammers from sending spam? The
Even though this law is
strict to offenders, research done the year of its introduction showed that an
overwhelming majority of spam did not comply with its terms and that spam was
continuing to increase (Gross). According to a NY Times article by Tom Zeller, spam email was higher
than ever in 2004 making up approximately 80 percent of all email sent, compared
to 50-60 percent before the law (Zeller). However, in a report at the end of
2005, the FTC stated that its law is working. The commission said that most
legitimate businesses that spam (at least those located in the US or in other countries
with similar laws) are following the law and pointed to statistics which indicate
that spam has gone down nine percent in the last year (Leyden).
Because of the CAN-SPAM
Act and other state laws against spam, enforcers have been able to convict many
serious spammers. In December 2004, the
first felony conviction for spamming was made by a court in Virginia (Brulliard). A month later, an
Despite this optimism, Postini, a leading
provider of integrated message management, reports that spam has not gone down
and that spammers are increasingly using methods other than emailing for mass
spamming like attacking through instant messaging, which grew by 1700 percent in 2005 (Postini).
Spam legal issues exist in all countries with a sizable
internet using population. Some of these
countries have similar anti-spam law to the
Conclusion
Spam evolved from being a minor matter to making a great impact on people’s everyday life. Every time we check our emails, use instant messaging, or even browse the web, we are targeted by spammers who send messages that we do not want to see. Opinions over the success of spam laws have varied and the next few years will show whether spam will decline or continue to grow, whether more action is needed or not. In the mean time, we must make sure that we are protected.
List of References
1. Feinstein, Ken. How to Do Everything to Fight Spam, Viruses, Pop-Ups, and Spyware.
2. Festa,
Paul. “Spammers target IM accounts.” CNETnews.com. 12 March 2002. 2 March 2002 <news.com.com/2100-1023-857637.html>
3.
Brulliard,
Karin. “Jury Finds 2 Guilty of
Felony Spam.”
4.
Garg, Anu. “Of
Nerds And Words: The etymology of technology terms we know and love.” SFGate.com.
5.
Gross, Grant. “Is the CAN-SPAM Law Working?” PCWorld.com.
6.
Leyden, John. “Why Hotmail users get so
much spam.” The Register.
7.
Leyden, John. “CAN-SPAM working - FTC.” The
Register.
8. Mello, John. “Iowa ISP Wins $1 Billion in
Spam Suit.” TechNewsWorld. 21 Dec. 2004. ECT News Network. 10 March 2006
<www.technewsworld.com/story/Iowa-ISP-Wins-1-Billion-in-Spam-Suit-39143.html>
9.
Rainie, L., Fallows, D. “The Impact of CAN-SPAM
legislation.” Pew Internet & American Life Project. March 2004.
10. Robat,
Cornelis. “Spam – timeline of spam.” The History of Computing Project.
11. Templeton,
Brad. “Origin of the Term Spam to mean net abuse.”
12. Zeller, Tom. “Law
Barring Junk E-Mail Allows a Flood Instea” The New Yoirk Times.
13. “Resources
& Info: How to Fight Junk Mail and Spam.”
Comentum
Corporation.
14. “The
CAN-SPAM Act: Requirements for Commercial Emailers.” Federal Trade Comission.
April 2004.
15. “Postini
2006 Message Management & Threat Report.” Postini, Inc. January
2006.
16. “Spam (electronic).“ Wikipedia
Encyclopedia.
17. “Botnet”
Wikipedia Encyclopedia. 23
February 2006.
18. “Stopping
email abuse.” Wikipedia Encyclopedia. 6 March 2006. 8 March 2006 <en.wikipedia.org/wiki/Stopping_e-mail_abuse#Avoiding_responding_to_spam>