To Jeff Blank, the e-mail seemed legit.
No message promising a free Xbox 360. No free Hawaiian vacation. No lotteries from down under writing with good news.
It was his mortgage company in bold letters.
What had he done wrong? Was his payment late? Did his check bounce?
“It had the logo, and the look and feel of the company,” Blank said of his inbox message, which spammers send in hopes of scavenging financial information from careless victims, “but the site points to some place in China.”
As supervisor of microcomputing and networking for the Allegany County school system in western Maryland, Blank has developed an eye for spotting the hundreds of unsolicited e-mails that arrive in his inbox weekly. In just one month, his junk folder collected a staggering 2,800 commercial advertisements.
From fake auctions and pornography to bogus stock reports, spam runs the gamut in the world of online solicitation. Phishing – or requesting e-mail recipients to update, validate or confirm personal information such as credit card numbers or Social Security numbers – is fast becoming one of the most common, and lucrative, spam scams on the net.
The relatively cheap spamming business is so profitable, some spammers use it as their sole source of income, says Tom Merritt, an editor at c-net.com, a consumer-oriented Web site offering tech news and product reviews. And with millions, and sometimes billions, of unsolicited commercial e-mails delivered, spammers typically need a response of less than 1 percent to reap financial rewards.
“It’s pretty costly to be sending out so many pieces of mail to people that you don’t think will respond,” Merritt said. “With spam, you don’t care if 99 percent don’t respond. It doesn’t take that many at all because you can cheaply send them.”
Though spam can pose a potentially serious security risk, its name is actually drawn from a Monty Python skit in which the British comedians repeated “Spam, Spam, Spam” in reference to the Hormel canned meat product. “Spam” soon became the all-inclusive term for “any sort of mindless repetition” on the Internet, including identical messages on multiple news group postings, Merritt said.
Web sites such as www.wikipedia.org allege commercial spamming was initiated by Laurence Canter and Martha Siegel — co-founders of the “Green Card Lottery” in 1994 — who used online bulk e-mails and Usenet postings to advertise immigration law services.
Most spammers now fall into one of two categories: “small fraudulent companies or borderline legitimate direct marketers,” according to Ross Fubini, senior director of engineering for Symantec Messaging & Web Security.
The onslaught of spam, with estimates as high as 98 percent of e-mail traffic, according to Fubini, is being countered by a slew of anti-spam software and filters on the market.
But for every filter upgrade, there is a spammer crafting deceptive techniques to get around it.
You may have snickered at the “Vaigra” ad that a supposed pharmaceutical company claims will sell you medication for a fraction of the retail price, but misspelling words or inserting punctuation in strange places — “s*e*x*,” for example — is a technique spammers use to outsmart anti-spam filters.
“There is a never-ending technology arms race between anti-spam and spammers,” Fubini said of the struggle to stay ahead of the game. “Spammers are able to try thousands of techniques looking to find niches in the anti-spam technology armor and blast out their e-mails.”
New spamming techniques aren’t the only threat to these Internet filters.
Their barricades can backfire if a piece of solicited e-mail is mistakenly labeled as spam and thrown into a bulk folder before the e-mail recipient notices.
“Adjustments are made like a big knob. If you turn the knob too far to one side, valid mail gets tagged as spam. If you turn it too far to the other side, spam gets through,” Blank said of e-mail filters. “It’s a constant battle for administrators. You’re going to get false positives.”
As a result, some companies like The New York Times and the American Red Cross have signed up with a new pay service at AOL to make sure their commercial e-mails turn up in your inbox.
Partnering with GoodMail Systems, AOL will soon launch a certified e-mail system that attaches a graphic to e-mails to tell the user the company and its message have been approved.
The voluntary service will charge commercial e-mailers $2 to $3 per 1,000 messages.
“The fact is, unless there’s an icon there with a message, you don’t know whether the message is truly authentic,” said Richard Gingras, CEO of GoodMail Systems. “We do need a mechanism to help legitimate senders get their message through, and certified e-mail is one of those systems.”
But many supporters of a free e-mail market are not convinced GoodMail is a good idea. Even powerhouse Google has said it will not implement a fee service for its GMail service.
“I think they’re being a little greedy,” Merritt said of the pay service. “You can implement that kind of service pretty cheap.”
In response to the growing spam epidemic, a number of state and federal laws have been passed to impose penalties on spammers. They include the CAN-SPAM Act of 2003 that allows e-mailers to send unsolicited commercial messages only if they contain an opt-out option, have a valid subject line and header, contain a legitimate physical address and label adult material.
Kodak recently was fined more than $26,000 under the CAN-SPAM Act for failing to give e-mail recipients a way to opt out of future messages for its digital photo-sharing service.
But Merritt said he doesn’t think this kind of legislation does much to help curb the overall spam problem.
“They weren’t trying to be devious, they just messed up,” Merritt said of the photo company. “CAN-SPAM is good at catching Kodak. It’s not so good at catching people who are really spammers.”
Merritt says he believes the best way to fight spam is with education. Using a separate e-mail address to sign up for free products and services will cut down on spam, he said, as will turning off images in e-mails.
He also recommended typing in links rather than clicking on them in e-mails, as a click could confirm to a spammer that the e-mail was opened.
Signing up with an Internet service provider that uses a Bayesian filter will also drastically cut down on spam.
“I’m very skeptical about paying for any anti-spam software,” Merritt said. “Software that works usually works at the server level. The best bet is to fight it at the service level, the ISP level."
One option Merritt would support to fight spam is ISPs charging a small fee per e-mail sent, perhaps a fraction of a cent. He said the idea has been tossed around but hasn't caught on yet.
“If you're wanting to send 10 billion e-mails you'll rack up a charge that’s costly,” he said. “The only people hit by it are spammers.”
Meanwhile, like credit offers and sweepstakes junk mail that clogs post office boxes, spam is likely to remain an annoying presence for e-mail users. And some predict spam will soon spread its wings.
“Looking into the future, spam is going to become more prevalent with new technologies and ways of communication,” Fubini said. “Instant messaging spam is already dramatically on the rise and it’s only a matter of time before Skype and Voice Over IP spam starts becoming as common as e-mail.”
Tai Shadrick is a reporter for Cumberland (Md.) Times-News and a CNHI News Service Elite Reporting Fellowship alternate.
To Jeff Blank, the e-mail seemed legit.
7 great holiday stories for season's readings
Holiday-themed movies and TV shows get the most attention during this time of year. But there are just as many, if not more, beloved books that contain cherished Christmas stories -- some of which get shared across generations.Continued ...
VIDEO: World reacts to death of Mandela
Nelson Mandela spent nearly a third of his life as a prisoner of apartheid before leading South Africa in a relatively peaceful transition of power that inspired the world. The iconic figure died Thursday at the age of 95.Continued ...
Nelson Mandela dies at 95
Nelson Mandela,95, anti-apartheid icon and former South African president, has died.Continued ...
- Washington woman unknowingly live-tweets husband's death
- Texas wants background checks for health-care navigators
- How to care for a cut Christmas tree
- Are fake eggs the future?
- 7 great holiday stories for season's readings