• PC World
• » Software
• » Browsers & Add-Ons

Think Pink

While bulk barn claims to have more than a thousand active members, significantly fewer spammers are probably responsible for clogging your in-box.

Antispam activist Steve Linford oversees the Register of Known Spam Operations (ROKSO) on his Web site, Spamhaus.org. ROKSO offers visitors a detailed database that covers the biggest bulk mailers; the information was culled from such public sources as domain name registrations and court records. Linford estimates that 90 percent of all spam comes from about a hundred big-time operations. "The typical operation has five to ten stealth servers pumping spam all day long through Chinese and Korean relays," says Linford. "There's almost no way to stop them."

Sometimes ISPs turn a blind eye to spammers, according to both Linford and the spammers we spoke with. In the past, AT&T and PSInet have signed what antispammers call pink contracts (named for the canned meat) that permit particular individuals to spam, despite policies prohibiting most other users from doing the same. Both companies blamed rogue employees, and canceled the agreements.

Ronnie Scelson, a self-described spammer who signed such a contract with PSInet, tells me that backbone providers are more than happy to do business with bulk e-mailers. "I've signed up with the biggest 50 carriers two or three times," says Scelson in a thick Bayou accent. The Louisiana-based spammer claims to send 84 million commercial e-mail messages a day over his three 45-megabit-per-second DS3 circuits. "If you were getting $40,000 a month for each circuit," Scelson asks, "would you want to shut me down?"

One of Linford's tactics is to put pressure on ISPs to shut down spamware sites. "If you eliminate spamware, a lot of the problem goes away," he says.

Of the major backbone vendors, WorldCom is the lone holdout in refusing to prohibit spamware operations--even though selling spamware is illegal in WorldCom's home state of Virginia. Linford says the reason is simple: For backbone ISPs, data traffic equals revenue, and nothing produces traffic like spam.

"We don't tolerate transmission of spam on our network," says WorldCom spokesperson Peter Lucht. "But spamware is content, and we're not in the business of policing Internet content. If something illegal on our network is brought to our attention, we'll contact legal authorities and deal with it appropriately."

Who's Spamming Whom?

Defining what e-mail is spam isn't as easy as you might think (see our sidebar, " The Seven Signs of Spam," for more details). And as larger, better-established businesses turn to e-mail as a sales tool, distinctions between legitimate marketing and "pure" spam get fuzzy.

Take, for example, the case of MonsterHut, an e-mail marketing firm based in Niagara Falls, New York.

MonsterHut, which sent 440 million e-mail messages last year, "is not a spam house," asserts CEO Todd Pelow. "We are a 100 percent permission-based e-mailing organization." But when it comes to commercial e-mail, precisely what constitutes permission is not entirely clear.

Pelow admits that MonsterHut provided hosting services to a spammer last fall, but he says it quickly terminated the account once the spammer's intentions became known. When MonsterHut's ISP, PaeTec Communications, received more than 40,000 complaints, it tried to cut off MonsterHut's service. However, MonsterHut then sued, convinced the court that it didn't violate a send-no-spam clause of its contract with PaeTec, and won an injunction preventing a shutdown. Finally, in May, PaeTec won its appeal and immediately took down the site.

"Despite the court's decision and PaeTec's utter disregard for a legal contract, MonsterHut maintains that we never spammed anyone," Pelow said in a statement following the ruling.

Pelow claims that the PaeTec lawsuit effectively shut down MonsterHut's operations, but New York's Attorney General Eliot Spitzer isn't taking his word for it. In late May, the state sued to "prevent MonsterHut from continuing its fraudulent, deceptive, and illegal practices...over any ISP in New York," Spitzer said.

In court filings, the state said it considers the term "permission based" synonymous with "opt-in," where consumers have to ask for it before they get spam. The lawsuit states, in part, that "MonsterHut's promises that its lists are 100 percent permission based...are plainly false."

Yet according to the Direct Marketing Association, a trade group representing marketers, simply sending unsolicited commercial e-mail is not spamming. Pat Faley, the DMA's vice president of ethics and consumer affairs, says marketers may rely on assurances from list vendors that you've consented to receive mail.

If a marketer sends you mail and you don't unsubscribe, the DMA's guidelines consider you to have opted in. That's not a problem if you're dealing with a well-known business, since legitimate companies unsubscribe anyone who asks. But spammers aren't sending ads for well-known companies, and the DMA's position places users in a nasty catch-22 that goes against the usual advice not to respond to spam messages for fear of confirming your e-mail address to the spammer. For consumers, such rules could herald a tsunami of "legitimate" spam, as companies flood in-boxes with ads.

Organizations that follow such guidelines are heading down a dangerous path, however, warns senior analyst Dan O'Brien of Forrester Research, an Internet research firm. "Almost every company we've talked to is incorporating e-mail in its marketing plans," he says. "But we're in an age of overflowing in-boxes. If you're a corporation sending out unwanted messages, you're a spammer, too."

It's Raining Spam

Major internet service providers feel the cost of spam most keenly. All have suffered spam floods that overloaded their servers and shut down subscribers' e-mail service. ISPs, in turn, pass the cost of fighting spam to consumers in the form of higher access fees.

EarthLink's Steve Dougherty works with a team of techs blocking around-the-clock "spam storms" before they hit customer in-boxes. Dougherty says that EarthLink spends at least "seven figures" per year fighting spam, and even then manages to filter out just 60 to 90 percent of it.

Other ISPs subscribe to "blackhole lists" of the IP addresses of known spammers, such as the lists maintained by the Mail Abuse Prevention System (MAPS). When MAPS receives a complaint about mail abuse, it adds the spammer's IP address to its list after an investigation; ISPs can set their mail servers to reject messages coming from these addresses.

Yet these efforts resemble a huge game of whack-a-mole: Knock the spammers down in one place, and they pop up elsewhere. Smart spammers mask their real addresses by routing mail through open relays and won't use the same IP twice.

Even when one ISP shuts them down, spammers can usually find another that's friendlier to bulk mail services. Sometimes, says Linford, the larger spam cartels act as each other's ISPs, ignoring any complaints that might come in.

Brightmail's Francois Lavaste suggests that antispam efforts may worsen the problem. As ISPs block spam and response rates go down, he says, spammers simply send out more messages to make up the difference. "The only way for spammers to maintain revenue is to increase the volume of spam," he says. When one of his high-speed connections gets shut down, Scelson says, he sends five times the spam through his backups.

Here's the ugly truth: Spam may be annoying, offensive, expensive, and a waste of resources, but it's generally not illegal. There's no federal statute regulating bulk e-mail, and while 24 states have some form of antispam legislation, only Delaware bans spam outright.

If we had federal laws to stop inexperienced but legitimate marketers from spamming, claims Linford, antispam organizations would be able to drive the hard core underground and filter them.

Meanwhile, the Federal Trade Commission has prosecuted approximately 30 cases involving spam, says staff attorney Jennifer Brannan, but only where the spam involved deceptive marketing practices, which falls under the commission's purview.

In the absence of aggressive government action, angry Netizens on antispamming crusades hunt down those responsible and try to get ISPs to cut them off. ISPs themselves have been suing spammers for clogging servers with mail or violating antispam contract provisions.

Others believe that the best hope for eradicating spam is to educate the public to ignore it. "No one will admit to ordering Viagra or getting a diploma via spam," notes Jupiter Media Metrix analyst Jared Blank. "But spam wouldn't exist if it weren't so successful."

With the barrier to entry for new spammers so low, and with the potential profits sky-high, the spam problem is likely to get worse before it improves. After all, as Jason Catlett, president of the antispam organization Junkbusters, explains, "it only takes one sucker in 10,000 to make a spam operation economical."

• See more like this:
• spam,
• spammers,
• e-mail marketing,
• bulk e-mail