The Computer Paper
September, 1997

Cooking spam

More recipes for dealing with junk email

by Keith Schengili-Roberts, kschengi@interlog.com

Would you trust a spammer to keep his word?

As a "courtesy" some spam emailers include a notice within the body of the email message offering to remove you from their list. But here's the dilemma: would you trust somebody whose job it is to get the most coverage to actually remove you from their email list? Considering the techniques that many spammers use to acquire email addresses, many of them are out of date and so out of a large emailing list of hundreds of thousands of email addresses, only a fraction of them are likely to be valid.

Why is this? Consider the following: at institutions such as universities, students are often given a free account. At the end of the term, these accounts are terminated. Multiply the number of these accounts by the number of universities in North America, then add those to the accounts at universities around the wired world, and you get a glimpse into how many invalid accounts are out there. Don't forget to add the corporations that decide to switch to new domain names, people who leave for other jobs and whose email accounts are terminated at their original job, and the people who simply decide to go with a different Internet service provider (ISP). Even worse for the spammer, many of these accounts may still be active, but no one uses them anymore, so the email piles up, unread.

As a result, many of the lists the spammer gets contain plenty of invalid addresses. Most of the invalid email addresses will simply bounce back to the spammer, saying that the email address no longer exists. But for those that are not rejected, the spammer still cannot be sure that the email they send will be read. The only way they will know if an email address is valid is if the email is responded to in some way. Therefore, it is usually considered a bad idea to respond to a spam email directly in any way, because you are just confirming that the email address they sent their spam to is still valid.

Worse, by sending a remove request or a nastily worded response, you could be putting yourself on a fresh email list. For a long time there have been rumors that "remove" requests didn't work, and instead simply added you to a more valuable list of qualified, valid email addresses. One person recently decided to put this theory to the test: in the "Spamford Experiment" a user set up a brand new email address. It had never been used, and there was no registry or Web link to it anywhere else on the system, so there was no possible way any spammer could have gotten the address from anywhere. A single email was sent from this address: a remove request from a prominent email spammer. Within five minutes, the email account received its first spam from that same email spammer. Assuming of course that you are not sucked in by the pyramid scheme or whatever else a spammer is trying to push on you, once you have received an email spam, your best bet is not to respond to it directly.

What can you do about spam?

Increasingly, there are calls by some people in the online community to initiate laws that would stop spammers, or at least make them more accountable. In the United States, there is a group that is looking to add an amendment to the existing law that makes junk-faxers more accountable. A similar law was set up a couple of years ago in Canada to deal with people sending junk-faxes, and there have been rumblings by a few people here to extend the existing law to the realm of Canadian email spam as well. But is legislation the way to go?

Electronic Frontier Canada (EFC), an organization devoted to upholding freedom-of-speech rights in cyberspace, recognizes that spam is a problem in Canada. The EFC's take on legislation is that "anti-spam laws would be ineffective at catching the real troublemakers who often forge email headers and are therefore difficult to locate." They also note that, in contrast, "junk-fax laws are effective because it is easy to determine the telephone number of the originating fax machine."

As an alternative to new laws to deal with spam, (and the possibility of encroaching Internet-related legislation that could follow it), the EFC instead recommends that both ISPs and users come up with their own solutions. Their stance is that ISPs should create and publicize a policy with regards to spam, and their stance on it. Some sort of reporting mechanism would be necessary so that people could report abuses of the policy. Many ISPs have already instituted such a policy, which generally tries to discourage the abuse of email privileges on their systems, and encourages people to report abuses. People caught sending spam typically have their accounts terminated.

In addition, users can also take it upon themselves to help stem the tide of spam by using filtering mechanisms. The ultimate goal would probably fall somewhere along the lines of the EFC's ideas of a software-based "executive assistant." Ideally, it should be a new kind of mail program that could "categorize incoming mail, according to its apparent importance. No mail would be deleted or censored, but it would be sorted, with messages that are likely to be spam being given the lowest priority." By adding some artificial intelligence available today, "the mail program could 'learn' which senders and which messages were likely to be spam. For instance, 'Get Rich Quick', would pretty quickly become an indicator of spam."

Unfortunately, no such email program exists as yet, but there are things you can do right now with many existing email programs. Many email programs these days come with a basic filtering system that allows you to block email from specific addresses or with key words. Both Netscape Communicator and Internet Explorer's email program allow the user to create rules to sort incoming email into various folders. The same capabilities exist in most other commercial email programs.

Your ISP may also be able to help you screen out spam. Some ISPs can set up a screening program that stops spam from getting to you at all. Interlog is a major Toronto-based ISP that recently set up a program called "NOSPAM" that stops email from getting to users when it originates from a well-known spammer on the Internet.

Jamie Reid, a system administrator at Interlog who helped set up this program on the ISP, says they were responding to complaints from users as to the spam coming in from rogue Internet providers encouraged the use of their services for sending spam. Based on his own experiences and complaints he received while answering mail to Interlog's postmaster, Reid found on average "if a user posts in Usenet, and leaves their real mail address in the message, they can expect to receive a minimum of one to four messages a day from spammers." The NOSPAM program he helped to create has received high praise from its users, who are also able to add and remove email addresses of people and rogue Internet providers sending them spam.

The only major drawback to this type of program is a possibility that it may keep out email from a friend or associate. As an example of this, I recently got a spam from a popular free-email service. I have several friends who use this service, so I didn't want to simply screen-out email from this service. In the end, it turned out that the email had been forged, and did not in fact come from the free-email service in the first place. However, I was very close to simply blocking all email from the site, which would have kept out more useful email from the site than not. If you feel confident about using an email blocking program on certain addresses and do not mind the possibility of missing out on some non-junk email, then you should consider investigating email screens further. Check with your ISP or online service to see if anything like this is in place.

A future for spam?

Is spam here to stay? In the short term, yes, but in the long term, who knows? Better email programs and enhanced filtering systems may eventually mean an end to spam as we know it. At least, we can hope that is how things will happen. Increased knowledge and awareness about spam email and what can be done to combat it are percolating through the Net community, and those seemingly few legitimate entrepreneurs who try to sell their wares online are realizing that spam is not the way to go.

Still, pyramid schemes abound not only on the Internet but in the real world. Remember the saying "a fool and his money are soon parted"? It is a very old saying, and will likely be applicable in both the virtual and the real world for a long time to come.

Copyright © 1997 by Canada Computer Paper, Inc. All Rights Reserved. Reprinted with permission.