200,000 pieces of spam.

2003-11-12 04:24

Sometime this week, I got my 200,000th piece of spam. Actually, this is not precisely true. It’s my 200,000th piece of spam since I switched to the MH mailer in October of 1997. I’d gotten a bit before then.

Message #200,000 is actually a Windows virus, distributed via email. But don’t worry! Message #199,999 is regular spam.

Subject: The debt cleaning system znqygpgyg jxut
Date: Fri, 13 Jun 03 16:52:36 GMT
Message-Id: <3w6$9$$q6axfo0l9ux7-0@a0y2q.rug4>

Actually, I got it on November 10th. In fact, the date being set to June of 2003 is spamsign – evidence that a given message is spam. Why? Because some spammers have software that tries to set the date in “the future” so it’ll show up first in your list. Of course, the software is still in use, long after June of 2003 has come and gone.

Why is this still happening?

There’s a number of factors. The first, and biggest, is the incredible amount of lobbying effort that has gone into preventing anti-spam laws. For that, we can thank the DMA (Direct Marketing Association), the organization devoted to guaranteeing that its members can harass you beyond all human endurance, on the off chance that you’ll buy something as a result. Without these lobbying efforts, spam would be less frequent.

The key here is that the same rules that would prevent spams like #199,999 up there would also, almost certainly, end up crimping the style of companies like Equifax and Amazon. Companies who have built a business model which depends on some degree of cost-shifting, and on their ability to do creative things with personal information. When EBay changed their privacy policy from an opt-in one (you get only the things you ask for) to an opt-out one (you get everything you haven’t told them to stop), they sent a clear message: Big customers are going to freak out if ISPs do anything about unsolicited email.

The problem here is that it’s very hard to write a policy that prohibits full-time spammers from spamming you, but doesn’t also prohibit companies like EBay from, say, going into your account preferences and “resetting” them due to a “database problem” and, in the process, marking you to receive everything from telemarketing to promotional email to steel girders up the ass. And there’s a lot of money in hosting companies like EBay.

A second facet of the problem is that, during the internet boom, a lot of companies hugely overbuilt their networks, with the net result that bandwidth is cheap, and it’s very hard to be competitive. Thus, many of the backbone providers have, at one point or another, gotten into the business of offering what are called “pink contracts”. These are contracts which give a customer special license to break the standard anti-spam language of the provider’s Acceptable Usage Policy, but cost extra. Good money, if you can get it.

Spam is a big industry. It’s hard to tell how effective it is; the few companies that have had the guts to come forward and talk honestly about their experiences have generally reported very negative results. The companies that get “good” results from spam are mostly companies like Amazon or EBay, who are, for the most part, engaging only in what’s called “acquintance spam” – spamming people who did give them an address at some point, but without permission, or in many cases, after repeated attempts to “opt out”.

There is no easy solution. Thanks to die-hard spam-friendly providers like Chinanet, and large bulk-mailing companies like Topica, anyone who wants to spam you can reliably produce millions of messages much faster than your filters can really adapt. Techniques for getting spam past filters are well-studied, and actively developed. Of course, the more filter-breaking they do, the more likely it is that you won’t want the product, but I think the spam industry has long since stopped caring about that.

As larger companies get involved (Kraft Foods has at least one subdivision which spams actively and constantly for coffee products), it gets harder to imagine a solution. This is the best example I’ve seen in my lifetime of the tragedy of the commons; email is a shared resource, the value of which decreases rapidly as people abuse it.

The small-time spammers produce the bulk of the traffic, but they do so in an environment carefully created for the benefit of the larger companies.

It’s not ignorance. When I called Barnes & Noble with concerns about their privacy policy, the man I spoke to, Ben Boyd, said that they had formed a plan to, at some unspecified time, start sending promotional messages to everyone whose email address they had access to, even though they had never asked for any kind of permission. They did not plan to send a single notification offering people access to a list; they planned to just start sending mail. He explained that they knew that many people would think of this as spam. At the time, the title he was giving was “director of communications”.

Sure enough, they spammed. Their spam run lasted three days, and over that time, hit just about everyone I know who had ever dealt with B&N online in any way.

Later, they said “gosh, that was dumb”, and stopped. Good for them. But the fact is, when the initial spam happened, they knew.

Network Associates also gets an honorable mention. For a while, their privacy policy said, paraphrased, “if we can obtain your email address, we may send you promotional mailings”. They were not kidding. They sent spam to the support@ address at one off their vendors, with a combination of email address and personal name which exists only in response to support requests – in other words, they scraped addresses out of every message that touched their mail server.

It’s the people like this who built this climate. People like Exactis, and Media3, who sued the MAPS RBL for quite truthfully fingering them as spammers or hosters of spammers. People like Amazon, with, and I am not making this up, instructions like “send email to no-special-offers-ever-3@amazon.com”. No, really, I’m not making it up: Here’s the original post.

The fly-by-night spam operations survive because the big-name spammers actively lobby to prevent legislation which could do anything to stop them, knowing that such legislation might slow them down.

Most of the big, famous, internet companies spam. They do it because it costs very close to nothing to them, and because the majority of the costs are borne by the rest of us. They will keep doing it as long as it’s legal and there’s no significant backlash. And there’s no significant backlash because people are so tired from getting three hundred or more spams in a day that they don’t have the time or energy to complain.

Finally, one last shout out to my special buddies at ZDNet, who have resubscribed the same dead address multiple times, despite repeated complaints. Oh, and Roxio (the part of Adaptec that sells Toast/Easy CD Creator). Oh, and… Why bother? You know the drill. It’s everybody. Everybody out there spams. They all figure that just one more spam won’t hurt, and that, if anyone’s going to benefit from free email before the system melts down entirely, it had better be them.

They don’t care. They have no ethics, no morals, and they don’t even have the sense to look ahead and think about what their actions lead to. And because of them, most of my readers probably get more pornography than personal mail in their mailboxes these days.

To add insult to injury, Sanford Wallace stopped years ago. By all accounts, he decided that spamming was wrong, so he quit.

By the way, if you want to know how long it took me to get this spam, starting from October of 1997:

10,000 spams in just under four years.
20,000 spams in one year.
30,000 spams in one year.
20,000 spams in three and a half months.
60,000 spams in five months.
20,000 spams in one month.
40,000 spams in one month.

Anyone want to make that argument about self-regulation now? We tried it. We failed. The DMA, the Amazons of the world, are simply too greedy.

Peter Seebach

---

Comments

 
---