Anti-Spammers Suffer From "Spam Exceptionalism"

In response to the conviction of Robert Soloway, the "Spam King", Eric Goldman, assistant professor with Santa Clara University School of Law, who blogs about technology and marketing, stated that many Internet users may be happy to hear about Soloway's criminal prosecution, but law enforcement shouldn't necessarily rush into these criminal cases. Why? Well according to Goldman, spam is principally about speech and we should be very reluctant to criminalize speech-based behaviour. Goldman added that there's such an antipathy towards spam that there's almost a sense that anyone who ever engages in spam is so evil that they should be punished, an attitude that Goldman likes to call "spam exceptionalism". He believes that if people really thought about the issues, they wouldn't necessarily find spam any more invasive than other forms of advertising, like television commercials or junk postal mail.

So I guess I'm one of the worst spam exceptionalists in the world and the reason for my "problem" is because I'm not thinking clearly about the issues of spam, as a result I'm blinded by my negative attitude towards spam and can't see it as another form of advertising. Is spam just another form of advertising? Is vandalism just another form of art? Is drug trafficking just another form of doing business? Can we justify a crime just because it bears a striking resemblance to something legitimate?

So what are the basic characteristics of spam?

• It is unsolicited;
  
• It is obtrusive and a hindrance;
  
• It needs to be managed and is therefore counterproductive;
  
• The recipient of the message pays for it, not the sender.
  

If you evaluate the different forms of advertising against these characteristics, you soon realise that actual advertising is not nearly as invasive as spam. When advertising material bears all the characteristics mentioned above, you can't classify it as advertising anymore, at best you can call it spam (or perhaps a couple of stronger words). So lets take a quick peek at the different forms of advertising to see how spam matches up against them.

TV Commercials
Television commercials can be seen as unsolicited, because you turn on the TV to watch your favourite show, not the annoying commercials. TV ads can become obtrusive and a hindrance during the show, especially when the broadcaster interrupts the show on a frequent basis. TV commercials can be useful at times (something that can't be said about spam), for instance to grab a snack, stretch your legs or to make a quick phone call. Some TV ads can be entertaining, but spam is boring and hardly entertaining (unless you're a 419 scam baiter or spam collector). Broadcasters love to raise the audio of TV ads, so much that you often have to hit the mute button on your remote control to prevent your speakers from exploding. This may be seen as a form of management, but unlike spam, you don't need to manage TV ads, once the ad is played it's gone (for now at least), but you need to take specific action to get spam out of your life, it's going to sit there in your inbox until you select it and hit that darn spam button. The viewer never pays for TV commercials, on the contrary the commercials sponsor the shows watched by the viewer. So spam is a far cry from advertising when you compare it to TV ads.

Radio Commercials
Radio and TV commercials have a lot in common, the only difference is that TV commercials are audiovisual and radio ads are, well… audio only. Radio ads are often less invasive and annoying because they are often played between songs and do not interrupt programs as much as TV ads, but it all depends on the advertising policy of the radio station off course.

Magazine and Newspaper Ads
These ads have more or less the same characteristics as TV commercials, but they are less invasive and annoying than TV ads. If you are not interested in an ad, you simply read on or skip a page, it is as easy as that. There is nothing to manage and there is no cost for the viewer of the ads.

Online Banners and Text Ads
Well-behaved online advertising is never obtrusive, invasive or a hindrance (I will discuss spam ads later in this article). As a matter of fact, people have developed a sense of banner blindness and automatically ignore the majority of these ads. There is no need to manage these ads because when visitors see the ad, they either choose to click on it or they ignore it completely. Web ads may be seen as unsolicited, but they are often there to cover the operating expenses of the website, so they often serve the same purpose as TV commercials. The visitor pays a small amount in terms of bandwidth, because the ads need to be downloaded along with the rest of the content of the web page. However, the advertiser still pays the full price for the ads, the exact opposite of spam where everybody else pays for the "ads" except the "advertiser".

Billboards and Outdoor Advertising
These ads are neither solicited, nor unsolicited, they are there to be seen if you want to look at them. The advertiser pays for the ads, so there are no costs for the people viewing the ads and there is no need to manage these ads because you either respond to them or not, it is as simple as that. They are not a hindrance or obtrusive, except when they are deliberately placed in front of something else to draw unnatural attention to them. These ads are normally next to busy roads, on the walls of large buildings or at the main entrance of buildings. Because of their size and nature, there are often legislation regulating the use of these ads, so it is very hard to spam with them. Putting up a billboard in certain a way to draw extra attention to it, but causing a road hazard at the same time will get you into trouble. With spam you can do as you wish because there are simply not enough proper anti-spam laws to regulate the digital advertising industry and the laws that exist are seldom used.

E-mail Advertising
There is a huge difference between e-mail advertising and spam. E-mail advertising is opt-in advertising, in other words the recipient chose to receive e-mail ads and may opt-out at any time by un-subscribing. But some publishers do not seem to grasp the true meaning of opt-in. It means choice, the choice to receive e-mail ads or not. Certain publishers force their subscribers to sign up for 3rd party and additional marketing mailings as well. This means that you never get a choice to receive the newsletter alone, if you want to receive the newsletter, you also need to live with all the additional advertising e-mails as well. You can un-subscribe at any time, but this means you will opt-out from the newsletter as well, not just the advertising e-mails.

Proper e-mail advertising means you give your readers the choice to receive additional marketing material or not, it should not be a precondition to receive your publication. If you do not want to give your readers such a choice, place the ads in your newsletter (but sparingly, remember your readers signed up for the newsletter, not the ads). Forcing your readers to receive extra advertising e-mails, whether it is from a 3rd party or not, is a big no-no. Additional e-mails means additional management and when your newsletter becomes too much of a hassle, subscribers will either opt-out or hit the spam button. The advertiser ends up paying for advertisements that never reach their audience.

So what is the bottom line? Proper e-mail ads are opt-in and not unsolicited. They are neither obtrusive, nor a hindrance and subscribers are allowed to opt-out at any time. There is no additional management for the recipient and the advertiser pays for the ads. The only cost to the recipient is perhaps the bandwidth used to download the e-mails, but remember this is not a wasted bandwidth because the recipient opted in to receive the e-mails.

Postal Mail Advertising
No this is not the junk filling up your mailbox, I will discuss that a bit later. The rules for proper e-mail advertising also apply to this form of advertising. Some companies send a free magazine (containing 3rd party ads) along with your monthly bill. I have seen this with cell phone companies, sending a free magazine containing interesting articles on mobile communication, or medical aids sending free healthcare magazines every quarter. This form of advertising is often less invasive and annoying because the reader gets a free magazine. I normally do a 5-minute scan through the magazine to see if there is anything interesting. If I can't find anything compelling it goes straight to the waste bin. I am sure many people never even look at these magazines, especially if the readers know they only contain a load of junk. Unfortunately, this contributes to a lot of additional household waste.

Up to now I discussed the most common and more accepted forms of advertising. These forms of advertising are less invasive, require little to no management at all and there is no substantial costs for the recipient of the advertising material. We will now take a look at the less desirable, annoying and invasive forms of advertising, or should I rather say forms of spam?

Junk Postal Mail
This form of advertising has all the characteristics of spam. It is unsolicited because you never opted to receive it, it's obtrusive, a bloody hindrance and needs to be managed because it takes unnecessary space in your mailbox, space that could have been used for more important mail and you need to filter through all the junk to get to your actual mail. The only thing that separates it from spam is the fact that the advertiser paid for the advertisements and their distribution. However time is money and it takes time to sort out your own mail from all the junk, so there is some form of substantial cost to the recipient. Very few people look at them (the loads of flyers lying on the floor at the post office is proof of this) and the majority of mailbox owners are annoyed by them. Some of the scams in circulation on the web are also distributed via postal mail. It is actually shocking to think that post offices agree to distribute this junk, because think carefully about it, they are paid to place this stuff in your mailbox, so the only conclusion one can make is that they are prepared to put almost any kind of correspondence in your mailbox, as long as they are paid for it. With that being said said, junk postal mail falls under the umbrella of spam.

Flyers
Flyers are distributed in many ways, including the post as discussed in the paragraph above. Flyers are distributed on street corners, in parking lots, magazines, and newspapers and from door to door. Each one of these methods forces the recipient to take some form of action, therefore the advertisements need to be managed by the receiver. If you ever saw the movie National Lampoons Loaded Weapon, you will recall the scene where one of the lead characters stood in a store scanning through some magazines. Flyers kept pouring out of the magazines and it was not long before he stood knee-high in a huge pile of flyers. This is an old movie, so this has been a problem for a long time and it is getting worse by the day.

Imagine how much time goes to waste when you take a flyer presented to you at every darn street corner, when you remove the bouquet of flyers from your windscreen each time you park your car at a parking lot and when you take out all the flyers, compressed into your mailbox by every idiot who distribute the junk from door to door. That's just one part of managing these ads, you also need to get rid of them. Receiving a flyer on every street corner and at every parking lot quickly fills up your car with junk. What do most people do when they are done with the flyer, they toss it out of the window. Flyer advertisements therefore contribute to pollution just like junk postal mail. No matter how you look at it, flyers have a lot of unnecessary costs for the consumer and even though the advertiser pays for them, they are just as annoying, problematic and unsolicited as spam.

Telephone and Instant Message Marketing
This is not really marketing, it is just another form of spam. You are forced to answer your phone or read the instant message because the caller ID is often hidden, so it is impossible to see who is calling. There are costs in terms of time involved in these annoying calls, because you need to answer the phone and tell the salesman you are not interested. Many of these marketers are persistent and do not take no for an answer so it wastes additional time if you have one of these spammers at the other end of the line. Telephone marketing is unsolicited, obtrusive and quite a pain in the… you know what. The U.S. may have a do-not-call registry but very few countries see this form of "advertising" as a potential problem for consumers.

Door-to-door Marketing
Door-to-door salesmen are a big problem in many neighbourhoods. It is really annoying to show salesmen away several times a day, especially for people working from home, because you are interrupted every hour or two by someone knocking at the door. There is nothing more annoying than a salesman ringing the bell while you are on the phone with an important client. Imagine a hundred salesmen at your doorstep and you have to show them away one by one, it my not be spam, but it is basically the same principle.

Pop-up Ads
If you ever wanted to experience annoying advertising, visit a website with pop-up ads. Nothing is more irritating than an ad floating over menus and buttons, forcing you to take notice of it before you are allowed to explore the rest of a web page. Whether it is a pop-up or pop-under ad, it is unsolicited and it uses unnecessary bandwidth. These ads are prone to use a lot of bandwidth because they are constantly in your face whenever you try to navigate to another page or website. Some advertisers love to throw you one last sales pitch just before you leave their site. These pop-up ads are often a chat window giving you the chance to talk to a so-called sales consultant. They are often not real people but bot-scripts repeating the same thing over and over again (try swearing at them and you will soon see they don't have a clue what you are talking about). A chat window like this need to be closed before you can navigate to another site, so you definitely take notice of them. These ads are unsolicited, obtrusive and in-your-face, therefore they need to be managed by the visitor, wasting valuable time and money.

Ads Disguised As Content
Just the other day I searched the web for drivers for my laptop. Believe me, after several searches and several hours of no success you slowly become irritated by your inability to find what you are looking for. The last thing you need, is a website pretending to have loads of drivers and when you use the search facility of the site, you only get a page filled with camouflaged Google Adsense ads (by the way this is against Google Adsense policy, so more people should start to report these spamvertisers to Google). A click on one of these ads will result in a low quality click, because the visitor is unlikely to be a targeted visitor and this raises the click-through costs for the advertiser with no return on investment. These ads are unsolicited and annoying because you don't get what you asked for. There is an additional management burden on the visitor, because whether you click on the ad or not, you end up bumping your head against a brick wall, so you need to track back and look for another site. It often happens that you visit several of these Made-For-Adsense sites before finding a real site with the actual content you were looking for. This waste of time is counterproductive and causes a lot of frustration. These sites are just as bad as the Viagra spam you get in your mailbox.

I think it is clear that spam can never be seen as another form of advertising, it is criminal, invasive and very hard to manage. Spam is not about speech, whether the intent of spam is commercial or not, if it is unsolicited, it is spam. When we criminalize spam, we are not criminalizing speech-based behaviour, freedom of speech does not give a spammer the right to puke in my mailbox. A criminal deserves punishment and the definition of a criminal fits a spammer quite well.

One of the readers of the InfoWorld article on Robert Soloway's trial, recommended his stupid POINT-CLICK-TRASH theory to manage spam. He reckons that it is much easier to trash spam than junk postal mail and he also thinks spam does not deplete natural resources; contribute to land fills; pollute the air, ground or water, so people should stop complaining about spam. Well I've got news for this narrow-minded fool and everyone who thinks like this, where do you think does the energy come from to handle the volumes of spam distributed worldwide, every single day? Spam leads to increased energy consumption and increased energy consumption contributes to global warming, so spam does deplete natural resources. Try applying the POINT-CLICK-TRASH theory to dump trucks dropping off waste on your property, you keep on trashing and the dump trucks keeps on dropping, it is an endless struggle. With spam you keep on trashing and the spammer keeps on spamming. The solution to spam is not to invent some stupid theory to manage it, the only solution to spam is to stop it at its roots and the only way to do that is to put the spammers behind bars, whether people like it or not.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about spam and malicious software.

How Did They Get My E-Mail Address?

Unsolicited commercial e-mail, more commonly known as spam, can be seen as another form of e-mail fraud. Spammers use clever and misleading techniques to collect and verify e-mail addresses, yes, that 'innocent' spam e-mail, advertising the next technological breakthrough, uses misleading marketing techniques to entice the reader to click on a link, buy a bunch of junk or some dangerous substance or even infect your PC with malware. No matter what the spam e-mail is trying to market, the only goal of the spammer, aside from making money, is to take the recipient for a ride.

The most frequently asked question from spam victims is: "How did they get my e-mail address?" This clearly shows that most victims of spam don't have a clue about preventing it. Knowledge about the techniques used by spammers to collect e-mail addresses is crucial, because this gives the e-mail user an edge in the war against spam. In this article we will look at the e-mail harvesting methods used by spammers and the precautions you can take to prevent your e-mail address from falling into the wrong hands.

Using a Secondary E-mail Address to Limit Exposure to Spam
Before we get to the nitty-gritty details of this article, lets look at a very useful method of preventing spam. Using a secondary e-mail address is a very effective method of keeping your primary e-mail address private. I recommend a free e-mail service like Gmail, Hotmail or Yahoo! Many websites demand an e-mail address in exchange for something else, or you often need to supply your e-mail address to activate an account or membership. This is where a secondary e-mail address comes in very handy. Just remember, the idea behind a secondary e-mail address is not to expose it to spam unnecessarily, but to use it in circumstances where you have concerns about your privacy or possible exposure to spam.

Chain Letters, Petition Lists and Hoaxes
Oh yes, those very popular chain letters and petition-lists being forwarded so vigorously by friends and family. That 'innocent' e-mail about some missing or sick child no one ever heard of, the warning of a syndicate, drugging people and removing their kidneys, yet it is never mentioned in the news media and you can't help to think that you have seen this e-mail before. What about the Osama Bin Laden virus destroying your hard disk, Mars coming to large view every 60,000 years, yet an e-mail about this event is distributed each and every year, or the one from Microsoft or AOL donating money to an non-existent fund of a non-existent cancer patient, each time the e-mail gets forwarded to 3 different people. These e-mails may seem innocent, some may contain a lovely message, some may even be true, but whatever the case, it should NOT be simply forwarded to everyone you know and neither should you encourage the recipients to forward it to all their friends and family as well.

The main problem with chain letters is the exposure of e-mail addresses along the line. E-mail clients often place the Subject, Date, From and To entries from the e-mail header in the body of the e-mail when you forward it inline. Forwarding the e-mail as an attachment, forwards the full header and not just the entries mentioned above. This procedure is repeated each time someone forwards the e-mail to someone else, resulting in pile of e-mail addresses building up in the body of the e-mail. Very few people remove this information before forwarding the e-mail, so you will be able to see the e-mail addresses of many other people who received the stupid e-mail as well. A chain letter, forwarded as an attachment each time, delivers more or less the same result as explained above, the only difference is that the recipient has to open attachment after attachment several times before getting to the original e-mail (which can be quite annoying).

A chain letter will be passed along the line and will definitely land in the mailbox of someone you never met and probably never will meet. Even if you send the chain letter to trustworthy people alone, you can never be sure where their friends and family will send the e-mail, so your e-mail address may land in the hands of a spammer or someone who sells e-mail addresses to the spammers.

Online Forums, Discussion Groups and Community Sites
419 scammers love to browse social networking sites in search of possible victims. Making your e-mail address public on the Internet will expose you to all kinds of Internet criminals. Spam bots crawl the web in search of e-mail addresses posted by unwary Internet users on forums and other community sites. Whenever you register on one of these sites, use your secondary e-mail address to sign up. Your e-mail address is normally required to activate your account, to receive notifications when people send you private messages or when someone replies to a post you made. However you won't really need these e-mail notifications if you visit the site regularly, so a secondary e-mail address will do fine when this is the case, because you will basically use it only to activate your account.

Contact Pages and Web Forms
There will always be scenarios where you need to publish your contact details online if you wish to stay in touch with your visitors or customers. Contact pages of websites will often contain an e-mail address. A Webmaster will always try to make the contact page as accessible as possible to his visitors, so a spam bot will not have any difficulty finding this page. This means the e-mail addresses on these pages are always sitting ducks for spam harvesting software. There are a couple of ways to protect your e-mail address if you need to make it available to the public.

One way is to embed the e-mail address in an image. A simple program like Microsoft Paint can be used to create the image. You can even make the image blend into the text of the page by saving it as a GIF or PNG and making the background transparent by using Microsoft Photo Editor. It is advisable to use a font that's easy to read to the human eye but hard to read for OCR (optical character recognition) software. OCR software will have problems reading an image when the characters appear faded, if they contain indistinct edges, if they are aligned at different angles, if the lines of text are wavering up and down across the image or if they appear to be dipping at the side of the image.

Another method of protecting your e-mail address from spam bots is to 'encode' it with a random format that's clear to humans but not to computers. You can 'encode' it by breaking the e-mail address up with spaces and spelling the special characters out with words, for example johndoe at example dot com. You can also use random substitutes for special characters and provide instructions in brackets, for example johndoe$example?com (replace the dollar sign with an at and the question mark with a dot). Another technique is to spell your e-mail address backwards, most people will realise that they will need to reverse the e-mail address before using it, for instance moc.elpmaxe@eodnhoj. You can even swap the special characters, for example johndoe.example@com (swap the at and dot characters). The possibilities are endless, so use your own creative 'encoding' methods, as long as it makes sense to humans. You may argue that there is no need to provide decoding instructions, because people with a bit of technical savvy will be able to decode it anyway. This will automatically exclude those dumb scammers who can't tell the difference between Western Union and Western Onion.

Webmasters can use a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to protect their web forms from being bombarded with spam. Many webmasters avoid CAPTCHA to make their websites more user-friendly, but a small loss in user-friendliness is nothing compared to the burden of filtering through all those spam submissions. However CAPTCHA is a must when the information submitted through a form is published on a site without any moderation.

Online Recruitment Sites
Yet another example of where it is critical to publish proper contact details, because a job seeker will always want a prospective employer to reach him or her without any troubles. The only problem is you need to disclose quite a lot of information in your CV in order to clear up any suspicions an employer might have. If you choose to omit critical information from your CV, you might just miss out on a great job opportunity.

Luckily online recruitment is quite expensive for the employer, something the online scammer often avoids. The online scammer will most of the times be on the lookout for cheap and free services. Some online recruitment agencies have specific criteria for employers before allowing them to browse CV's or post ads. For instance certain agencies demand a landline number from the employer, mobile numbers are not accepted. We all know that it is much easier to obtain a disposable cell phone than a landline and confirming the personal details of a disposable cell phone owner is much harder than tracking down the owner of a registered landline. Still these precautions are very limited and can easily be circumvented by more advanced scammers.

The bottom line is, your e-mail address and most probably other contact details will be exposed to various prospective employers. Spam bots won't be able to crawl the databases because they are password protected. It is very unlikely, but not totally impossible, to find a spammer going manually through each CV, recording the e-mail address of each job seeker in order to build a mailing list for spamming purposes.

Your best defence against online scams, while using an online recruitment agency, is a vigilant eye. You need to spot the scam before it catches you. Your contact details are exposed, so be ready for a dodgy proposition or two.

Replying to 419 Scammers
Many people get so sick of advance fee fraud e-mails that they reply to a scammer out of anger, to insult him, to insult his mother or just to tell him where he can shove his phoney e-mail. This is the last thing you should do when you receive a fraudulent e-mail. If the 419 scammers can't steal your money, they will sell your e-mail address to the spammers to make at least a buck or two out of the deal. So no matter how you look at it, you will always loose something if you reply to a 419 scammer, unless you are a scambaiter off course.

Responding to Commercial Spam
This is perhaps one of the most overlooked ways of loosing your e-mail address. Clicking on that strange link in a spammy e-mail, filling out that mortgage application form or un-subscribing to something you never signed up for, will most certainly get you on a spammer's list. Why am I saying this? Ever saw one of those spam e-mails sent to several recipients, but each e-mail address starts with more or less the same characters and it is only the last couple of characters or digits of each e-mail address that's different? It is a primitive technique similar to the one we used to made prank calls when we were kids. You dial a random number, do the prank and hang up. Then you only increment the last digit of the previous number until you find another number that's working and do the prank again. When the last digit reaches zero, you start incrementing the second last digit and when the second last digit reaches zero, you move on the third last digit, repeating the process until you're tired of making prank calls.

It's really a shot in the dark and your e-mail address is not really on a spammer's list, it is merely on a sample list generated by a computer program. Each e-mail address on the sample list needs to be confirmed before adding it to a priority spam list. Clicking on a link in a spam e-mail will give an indication to the spammer that your e-mail address is active and that you are responding to his or her e-mails. This makes you a much more promising target in the eyes of a spammer. So whatever you do, don't click on any links or follow any instructions given to you in a spam e-mail, unless you enjoy receiving spam.

Conclusion
This is not an exhaustive list, there may be many other causes of spam, but these are the most common reasons why you are getting all those junk e-mails in your inbox. Be my guest, open a new e-mail account and avoid all the pitfalls discussed in this article and you will discover that it is possible to live in a spam free world.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.