Few folks will disagree that spam (in which I would include phishing and other scam attempts) is the ultimate bane of the Internet. But efforts to control it have been the proverbial finger in the leaking dike. A dike which is way past just leaking…
The e-mail address I’ve had for decades receives 40 to 60 spam messages daily. Almost all of it goes into the Spam or Trash folder but I still have to scan each folder for any legitimate e-mails. A second e-mail address I’ve had for a number of years but which I don’t use for any online business might receive only a dozen spam messages a week.
Imagine a cyber world without spam. It’s not easy even if you try.
Here’s a concise history of spam from an article in Time:
“Though it wasn’t called spam until the 1980s — the term comes from a Monty Python skit set in a cafeteria, where a crowd of Vikings drowns out the rest of conversation by repeatedly singing the name of the unpopular processed meat — the first unsolicited messages came over the wires as early as 1864, when telegraph lines were used to send dubious investment offers to wealthy Americans. The first modern spam was sent on ARPANET, the military computer network that preceded the Internet.
In 1978, a man named Gary Turk sent an e-mail solicitation to 400 people, advertising his line of new computers. (Turk later said his methods proved so unpopular that it would be more than a decade before anyone would try again.) In late 1994, Usenet — a newsgroup precursor to the Internet — was inundated by an advertisement for the immigration-law services of Laurence A. Canter and Martha S. Siegel. Despite the ensuing outcry, the lawyers defended their practice, called their detractors anti–free speech “zealots” and wrote a book about the practice titled How to Make a Fortune on the Information Superhighway. Pandora’s Box had been opened.”
Spam is in fact all about money. Big money. When there was no anti-spam legislation, there was no risk. Even with legislation, spam easily surpasses any other endeavor for big money with minimal risk. And if a spammer is caught, jail is rare. Fines and forfeiture of any money the government can find is the typical punishment.
Government efforts at reducing spam have been ineffective. Before 2000, there were no state or federal government anti-spam laws. Virginia (home to AOL, which may or may not be a coincidence) became the first state to enact anti-spam legislation.
In 2005, Jeremy Jaynes became the first person convicted of violating that Virginia law. At the time, he was considered the eighth most prolific spammer. Using primarily an AOL e-mail database of 84 million addresses, his spamming was bringing in $500,000 to $750,000… a month. He was sentenced to nine years in prison.
However, the Virginia Supreme Court overturned his conviction. Here’s the reasoning from a law site analysis:
“The court then noted that Virginia’s law impinges on the Constitutional right to anonymous free speech. Because e-mail transmission protocol requires entry of an IP address and domain name, entering false information is the only way a sender can send an anonymous email, the court reasoned.
“The right to engage in anonymous speech, particularly anonymous political or religious speech, is ‘an aspect of the freedom of speech protected by the First Amendment,’” the court stated. The court further determined that statutes that burden “core political speech” must be narrowly tailored to further a compelling state interest.”
I think the justices failed to consider that there is no right to free speech on private property, which an Internet provider is. CNN and all other websites can delete any comment they like at any time, ban a user from commenting, etc. because the website is their private property.
In 2003, Congress enacted the CAN-SPAM (an acronym for Controlling the Assault of Non-Solicited Pornography and Marking) Act. Among its provisions are requirements for no deceptive headers, no using “harvested” e-mail addresses, a procedure in the e-mail for the recipient to opt-out of future e-mails, and listing a legitimate physical address in the e-mail. However, religious and political e-mails are not covered.
Nevertheless, most spam does not comply with the federal requirements. Because there is little risk in getting caught. Especially if the spammer is outside the U.S.
There have been some “victories” but with so many spammers it’s no surprise that enforcement is focused on those engaged in the most massive fraud. In 2009, for example, 64-year old Alan Ralsky, called the Godfather of Spam for sending 70 million e-mails a day, was sentenced to 51 months in prison.
His scam (called “pump and dump”) involved encouraging folks to buy Chinese penny stocks which he owned and then selling them after their price increased. In the summer of 2005, he made… $3 million… from it. Not bad for a “summer job.”
As a webmaster, I have a weapon against spam. I can create an e-mail address using my website that will forward to my “real” address. I use the website address when doing business online. When I see that spammers are using the address, I can shut it down and create a new one to use.
Unfortunately, I didn’t have a website until 2000 and so I still have to deal with all the spam I’m receiving from when I used one e-mail address. I’m looking at shutting that address down after notifying everyone of a new address and waiting a month or two. (Besides, I’m a bit peeved that Yahoo Mail always first sends me to a page about using a higher screen resolution when I prefer 800 x 600 because I’m a senior and like that larger type.)
Most folks don’t have their own website and so cannot do what I am doing. There are at least two options I can think of.
First, you can register a domain which, depending on the registrar you use, will provide one or more “free” e-mail accounts. Domain pricing varies according to registrar but GoDaddy is a popular one (which I use) and it sells some extensions for as low as $5 a year.
After you buy a domain, you can “park” it free and use the e-mail capability even without a website. Use that e-mail for all online shopping and other activities which may generate spam and forward e-mails to a new free online e-mail account. When the spam gets to a certain point, delete the e-mail address at your domain and set up a new one.
A second option is disposable e-mail addresses. Do a Google search for “disposable e-mail address” and you will find many sites offering them for free. There are different ways a disposable e-mail works, so pick an option that fits your circumstances.
For example, some sites will keep the address alive for only ten minutes or other short time. But that’s enough for situations where you need another website to “confirm” your e-mail address by sending an e-mail with a link to click that confirms the message was received at the address you provided.
Other sites might not only keep the e-mails received for a very short time but also allow anyone else to have that same e-mail. That latter “feature” is obviously a short-lived potential privacy issue but if you can come up with an unusual name it might not be an issue.
Heck, I could string together a few Tagalog words with some numbers and special characters thrown in front and back that would be unlikely for anyone to also come up with. And in fact, all my passwords use Tagalog words, which I suspect few non-Filipino hackers will know, as well as numbers and special characters.
If for some reason a disposable e-mail won’t work for you, there’s another option. Some free e-mail websites have what’s called a “challenge-response” procedure. An incoming e-mail will not be delivered to you until it provides the proper response to a challenge. This procedure can be implemented in various ways.
For example, the sender may be sent a “form” email asking only that the sender click “reply” and send the “challenge” e-mail back with no other information. Since most spam uses a fake return e-mail address, that “challenge” will not receive a reply and so the spam will not be delivered. You can also identify e-mail addresses which will not be challenged, but that opens you up to a compromised e-mail hacked from one of your friends.
If you’re interested in this type of e-mail account, check out hushmail.com. It also has encrypted e-mail using the PGP (Pretty Good Privacy) system. Hushmail is based in Canada and says it will not provide any information about its accounts unless a Canadian court requires it.
Until someone develops a spam killer and becomes, deservedly, a gazillionaire for that effort, we’ll have to be creative in spam deterrence. Just don’t be waiting for that Godot…
Finally, here is the birth of spam: