Electronic Design

Letters: Readers Respond To Spam

Dave Bursky's August 5 editorial, "E-mail Spam: Enough Is Enough! The Time For Action Is Now!" generated a lot reader response! Here are some of your letters.

Charge It!
To stop spam, the government can charge for every e-mail. It wouldn't be enough to hurt the average guy, but it would kill those who send millions of e-mails.

A Nifty Filter Program
I use Mail Washer, a program designed to block unsolicited commercial e-mail, otherwise known as spam, and e-mail viruses. It also lets you preview and delete e-mails before you download them, like e-mails with large attachments or viruses. So, you never have to download bad e-mails again. Plus, a really handy feature allows you to bounce e-mails back to the people who sent them so it looks like your address doesn't exist. It's free and easy to download and use, so do it now! Just go to www.mailwasher.net/download/ or www.mailwasher.net for more information.

Another Vote For Charging
The one simple and effective way to eliminate spam e-mail is to simply charge Internet nodes that "push" data into the net. The charge could be relatively small, say, 1 cent per Mbyte. You want to send a million e-mails of 1000 bytes each? It's gonna cost $100. I think that's enough to keep out the riff-raff. (Money goes to the carrier.) Before any server would respond to any browser, a little negotiating would take place: "Do you want the text for $0.001, or the text with pictures for $0.1?" Expect pop-up messages from your browser like, "This home page has cost you 10 cents so far. Continue to load?" Something like Paypal could handle the transaction for a few millicents. Of course, this would kill the broadband Internet business. But if UUNet can't turn a profit while carrying half of the nation's traffic, I think that business is dead anyway. The Internet has been like a bar with only a nominal cover charge, where all the drinks inside are free. The stockholders of PSINet, WorldCom, and Enron (they had a big stake in telecom, too, you know) paid for the beer. Ten years from now, we'll look back on it as a social phenomenon, like Prohibition, and marvel, "How did they ever expect THAT to work?" Hold on to your cash. You ain't seen nothin' yet.

Bring Out The Whip...
If we define spam as sending 100 or more unsolicited e-mail messages, then the obvious answer is to bring back an old punishment. People who push the send button should be subject public flogging, preferably broadcast on the Internet as streaming video so all can bear witness. How about one stroke per hundred e-mail? This could very nicely remove the people who send out millions of e-mails from the gene pool.

It's About Responsibility
Well, it does come down to keeping a "handful of overly aggressive marketing companies that from spoiling it for everyone else." This is an irresolvable issue in the current culture. The current culture has freedom as the highest value and not responsibility, when instead responsibility should be a prerequisite for freedom.

Public venues do not entitle anyone to total privacy. For most states, driving on public property is considered a privilege, and a license is required. So, cars and their operators are required to have licenses. Consider the negative impact on automotive safety and crime if licenses were eliminated.

Legislation succeeded in eliminating faxed telemarketing. Recipients incurred costs they did not ask for or want, while senders incurred very few costs. Spam really fits the same model in terms of lost time and productivity.

The international nature of the Internet requires special cooperation between governments to establish control. A country should not be allowed Internet access unless proper control is place. As an example, consider the virus from the individual in the Philippines that ended up costing the United States hundreds of millions of dollars. There was no recourse, though, since the individual did not break any Philippine laws.

Fight Back!
I agree. Spam is irritating and a big concern. Corporate e-mail services and peer pressure can partially fix the problem. Spammers need hosts. When I receive spam, I forward it to a corporate address managed by our e-mail server personnel. They in turn return the message to the sender, who may not be obvious via Outlook but who is ultimately contained in the message header, with a notice that if the sender doesn't stop the spam, future offenses will block and return all mail from the ISP sent to our site. The block in turn leads to a fury of complaints from the ISP's responsible customers who can't legitimately use the service. It works fairly well over the long term. You can do the same at home by bouncing all messages from specific ISPs. You may not have the clout with another ISP, but your paying friends in mass at the other end do.

A Good, Old-Fashioned Boycott
How about if you start a boycott? If all Internet users got fed up enough with spam and agreed not buy anything over the Internet that came from an unsolicited advertisement, I suspect that spam would soon scram. To go even one step further, if we all agreed to boycott the entire product line of any company that used spam, companies would have more reason to abandon this invasive method of advertising. What do you think?

Spamming Yourself?
There is a new spamming system that uses your own e-mail address as the sender. It's impossible to trace and annoying, because even with filters, you cannot really block your own address! (I tend to send myself links when I find an informative site.)

Spam = Stolen Goods
You touched a serious issue with your editorial on spam (unsolcited commercial e-mail, or UCE) in the August 5 issue. But you did not say enough. Spam is effectivly stolen goods. The spammers do not pay for getting access to the Internet, and America Online has testified that some 30% of its traffic is spam. Your e-mail program has to dowload spam before it could be filtered or discarded. That's not much of a problem for people with high-speed lines, but it's a killer for someone on a modem. Spam causes people to exceed their e-mail account limits and pay again for the spam. Some spammers encode a lot of the text, espcially domain names, into the =xx hex notation. This makes the spam at least three times longer that it needs to be. Or, spammers send mutliple copies, in both clear ascii plus the same stuff in html or base64.
I wonder how many ISP mailboxes are overlowing with spam. I've heard several people say they never read their e-mail because of the spam. I've seen reports that the Federal Trade Commission gets some 15,000 complaints about spam a day. The FTC needs to get more. Send your spam to [email protected]

A How-To Guide For Stopping Spam
Hear, Hear! I agree with your editorial wholeheartedly. Here at work, we reject over 800 spams per hour! I've been running my own mail services since 1990 in my home and have found spam to be my biggest problem. 95% of all incoming mail can be deemed unsolicited consumer e-mail (UCE). I have made a serious commitment to kill spam before it enters my system. It is important to recognize that almost everything in a mail header can be fraudulent. Even an IP address can be hijacked, but it is very rare. Before an e-mail is allowed to enter my system, I do some checking on the connecting IP.
First, does it have a reverse DNS entry? I reject it if it doesn't. Second, is it on an external blacklist? I reject it if it is. Third, is it on an internal blacklist? I reject it if it is. The internal blacklist is populated by forwarding any spam received to a special account that parses out the (actual) sender and puts it on the list. If there are no further spam attempts within a specified period, the address is removed. This blocks over 90% of all incoming spam before it enters my server! But I still get a few per user each day. So, I also take some pre-emptive actions.
First, I report spam to appropriate authorities, such as the Federal Trade Commission and Spamcop. I have gotten many accounts closed by their ISPs. Second, I provide on-the-spot mail aliases. This is the best defense. This lets me create a new e-mail address any time I want. I typically use a new address every time I am required to fill in a valid e-mail address in any Web form. This way, I can determine who leaked my e-mail address, report them, and remove that alias. The alias can also expire automatically if it is only used for one-time confirmation purposes. Third, some individuals go as far as to promote a whitelist, where they only receive e-mail from sanctioned sites. If the e-mail isn't from one of these sites, the sender must then respond to a bounce message to get its message through. This is too extreme in my opinion.
Anyway, I believe that strong legislation is the best way to resolve the situation. Another way is for people just to say no. Do not respond to any UCE. If the spammers don't get any positive return for their efforts, they will go away. Unfortunately, spam does work. Even a 0.001% response can bring enough money to spammers to make it profitable. Thanks for your coverage of this subject.

Try A Different Angle
I totally agree with your comments about spammers in the August 5 issue of Electronic Design. I used to get two or three messages a day, all with forged addresses for all kinds of solicitations, with the most prevelant for debt consolidation or second mortgages. I too realized that replying to the messages with the "remove" request was fruitless and did indeed increase the frequency of the messages. I decided however to attack the problem from another angle. I realized that the spammer has no interest in the recipients of all these messages. Since the recipients don't pay the spammer either way, they have no real power. The spammers get paid by the people who sponsor them. A sponsor pays the spammer a fee for every "live" contact they generate. Hence if the spammer sends out 2 billion spams for next to nothing in costs and gets 100 live hits, the spammer is successful. I invested some time and actually filled out the Internet forms for these solicitations and waited for a representative to call me. I then very politely told the representative how he is buying contact lists from spammers who refuse to abide by any rules or common courtesy. I went on to explain that since I can't get the spammer to stop filling my e-mail with solicitations of no interest to me, that I in essence wasted the sponsor's money by generating a "dead" contact and giving me the opportunity to talk to the sponsor to try to modify the spammers' tactics.

Another Vote For Mail Washer
Yes, I know about how the spammers "hide" their return address. But in Outlook Express, if you right-click on the message and select "Properties," the very first field lists the sender's real address. The "Received: from..." will also tell you who the sender's service provider is, but this info isn't useful if it comes from some server in Iraq or Korea, where your complaints would go ignored anyway.
Bill Gates' e-mail application, Outlook, is a horrible way to do business. There is absolutely no sane reason an e-mail system should be allowed to execute anything, whether it is macros or ActiveX components. I've always believed that Bill Gates put that unwanted and unneeded functionality in there for some sinister ulterior motive anyway. I don't need all that super-duper fuctionality in my e-mails, so why is it there, and why can't I turn it off? All I want to do is read a message, whether in simple HTML (with ActiveX disabled) or plain text. Period.
It should be against the "law" to e-mail people more than once if spammers do not have the recipients' permission. Spam should be reportablenot to the service providers, who usually won't do anything (i.e., porn sites in Korea), but to Internic or whoever it is that issues domain names to begin with. If the spammers e-mail you more than once, their domain IP should be revoked and revoked immediately.
Meanwhile, I think I found the perfect solution to the e-mail problem. It's called Mail Washer and can be found at www.mailwasher.net. It's free. It "bounces" e-mails instead of simply e-mailing them, and it does so without having to download them. It can import your already configured e-mail accounts. It is a very professionally written program.

Legal Obligations To Pay?
Right on! I too am outraged at the amount of junk mail I get from spammers. I wonder if the following solution would take a chunk out this kind of "advertising:" When an unsolicited promotional item comes in the U.S. mail, I understand you are allowed to keep it without any obligation. What would happen if you were allowed by law to say "yes" to any spam offers without any legal obligation to pay? Hang in there. Things have got to get better.

A Three-Step Solution
The solution to the spam problem is threefold.
First, ban the stuff. Junk faxing is illegal. Junk e-mail should be too, for the same reasons. Legitimate bulk e-mails should be required to state, in each message, when and how the recipient requested the mail, with heavy penalties for falsification.
Second, enforce existing fraud laws aggressively. Almost 100% of spam contains evidence of fraud. And if it's not illegal to solicit business from a false address, it ought to be.
Third, modify the whole Internet to reject e-mail with malformed headers. Most spam has incomplete or contradictory headers. Rejecting such mail might also cut off a few honest but misconfigured sites, but in the long run, that's not a bad thing.
Spammers can be caught. They conceal their Internet connections, but they still want customers to contact them, which means detectives can find them, too. There are indications that most spam comes from just a few people who use multiple identities. A few years ago, spammers almost convinced Congress to explicitly legalize spam as a legitimate form of advertising. We can't let that happen again. Each of us should collect our spam for one month, print it out, and send it to our senators and representatives. Is there anybody who makes bumper stickers that say "Ban Junk E-mail"? I could use a few dozen!

Still Another Vote For Charging
I almost feel badly about sending this, because clearly you get a lot of unwanted e-mail, and writing an article on spam is likely to trigger a flood of non-spam e-mail, too. The problem with e-mail is that the sender doesn't pay, but the receiver does, in time, bandwidth, and disk space. This problem will not be solved until spammers pay for the load they place on computer systems.

Another Mail W asher Fan
My ISP doesn't use any of the server-side anti-spam solutions like Brightmail, so I've started using a free app called Mail Washer (www.mailwasher.net). It puts another step in your e-mail-checking process. But once you ID something as spam, you click a checkbox that sends a bogus "invalid address" message to the spammer. Most automated spam systems will then remove your name from the list. It takes a time investment of several weeks of using Mail Washer, but my spam is now half of what it was. It might be worth a try.

CookiesNot The Tasty Kind
Your editorial "E-mail Spam: Enough Is Enough..." is right on target! Thank you! A recent article in The Atlantic Business Journal reported that Earthlink Inc., the third-largest Internet service provider, had won a $25 million judgment against one of the most notorious spammers, and that news came as a true breath of fresh air! It is heartening, indeed, to learn that a prominent ISP has taken this important step, and I truly hope the word is spread about the Internet community with enough fanfare that it might serve as a warning to spammers that they will eventually be brought to justice. I can tell you that should I have a reason to change ISPs, I'd certainly check with Earthlink first, and I would think many others might share my feelings.
Just recently, I decided to increase the security level of my browser (Internet Explorer 6.0) to be more restrictive about accepting cookies to warn me about third-party cookies in particular. Some highly peculiar things happened as soon as that change was made. A few of my correspondents reached me by telephone or through an alternate server to tell me that their e-mails sent via Yahoo were being returned as undeliverable. I also got some strange messages from somewhere in cyberspace that some services were being denied me because I was blocking cookies. I wasn't using my browser at the time and had only downloaded my usual e-mails90% disgusting and irrelevant spam, as usual. This is especially true of Yahoo customers who were sending animated graphic e-mails.
I have a strong suspicion that cookies are imbedded in these e-mails and that Yahoo is now irritated because I am blocking them. Also, I participate in at least four list-serves that are Yahoo groups, and I wonder now if every time I get a message from Yahoo Groups if some software is collecting my e-mail address and selling it to the spam community. Over the last year or so, I've noticed that the Yahoo name is associated with a lot of the spam I receive. I have written to [email protected] and asked that Yahoo respect my privacy and not give my e-mail address to anyone or use it for advertising purposes, and I have not received a reply. Also, I forward all spam that I receive to the Federal Trade Commission at [email protected], with the hope that the FTC will be able to learn enough about the spam problem to bring about sweeping changes with respect to unsolicited commercial e-mail.
It isn't my intent to unduly criticize Yahoo, but this is the name that seems to be associated with a great deal of spam that finds its way here. I do hope that Yahoo will use its resources to crack down on the abusers, and that the ISP community will collectively tackle this outrageous problem and return us to the once-civilized and productive Internet that we have grown up with.

Don't Forget About Pop-Ups
You, of course, are right on the money. Spam is damaging the fabric of the web. It is difficult to imagine how we (old timers) were able to work effectively prior to the Web, with its enormous information-gathering capability. I have great hope that some smart "ex-hacker" will get so fed up with the spam situation that he or she will create a clever software tool that solves the problem. Also, please don't forget the exploding pop-up window problem. When those nasty ad windows start to pop up all over, some of them pornagraphic, you realize that this thing is out of control. It is clearly a sick abuse of the wonderful Web, and we need to unite and wipe out the infection.

One Last Vote For Charging
In your dejected editorial about spam, you did not realize that you already have the solution.
There are only two ways the spammer can get to us: by e-mailing a large number of people via a list residing in some Internet access provider, or by e-mailing individuals one at a time, which is highly unlikely. Providers could limit the number of addresses in a mailing list, except for registered senders like technical societies. E-mailing to people beyond that limit would cost, say, 10 cents per address. That will discourage spammers. Outfits like Texas Instruments will gladly pay the 10 cents because that would be a much cheaper way to send new product or seminar notices than surface mail. Jim Cooley's ESNUG probably qualifies as a registered mass mailer. He does not even include graphics that do not bear useful information. Also, Internet providers should test to see if the so-called removal notice address actually exists. Any fictitious address in a mass mailer, paid or otherwise, should be rejected.
These actions require lawmaker cooperation, and you have the means to organize an anti-spam society to exert voter pressure. There should be a law against lies like "you got this e-mail because you registered with us or requested such...." All mass e-mails should have a valid removal address that can be tested or subject to stiff penalties, like summary execution in Times Square. Korean spammers may require extradition. China probably also suffers from spammers and would be glad to execute them for you, according to the ancient principle of "kill one, warn hundreds." With voter pressure, lawmakers will come on board. Penton must have a Washington rep that can get to lawmakers. So, please get an anti-spam society going.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish