Ann Arbor Business to Business
Small Business and the Internet
The State of Spam
By Mike Gould
"rock gnarl commend personage convention eire epicure emendable albrecht berman telephotography repetitious trundle carcass patty abrasive..."
The above is not an example of surrealist poetry but a bit of spam. It is an effort by a spammer to confuse the anti-spam filters my ISP is using in an attempt to block it, and it seems to have worked, as this was excreted into my mailbox this evening. It evaded the SpamAssassin filter on my ISP, the SpamFire filter I added to my Eudora setup and the spam filter in Eudora itself.
Congress Likes spam
And this behavior is now largely legal, thanks to the fine folks in Washington who have effectively legalized spamming with the notorious Can-Spam Act of 2003. Notice the increase of garbage in your mailbox lately? Thank the current administration and the best Congress that money can buy.
Here's what the international Spamhaus organization has to say about this: (From their website at http://www.spamhaus.org)
"Against the advice of all anti-spam organizations, the U.S. House of Representatives has passed the CAN-SPAM Act, a bill backed overwhelmingly by spammers and dubbed the "YOU-CAN-SPAM" Act because it legalizes spamming instead of banning it. Spam King Alan Ralsky told reporters the passage of the House bill "made my day". Spammers say they will now pour money into installations of new spam servers to heavily ramp up their outgoing spam volumes "all legally"."
In Europe, it will soon be illegal to send spam, basing their laws on the principle of "opt-in". This means that unless you specifically request to receive this sort of thing, it is illegal to send it to you. The Can-Spam Act is based on "opt-out" - unless you specifically tell the spammers not to send you anything, they can send whatever they want. Europe receives most of its spam from the U.S., mostly from Florida which has no anti-spam laws at all (and apparently no shame, but what can you expect from the home of the hanging chad?)
The worst part of all of this is that the bill supercedes much tougher state laws, such as the Californian one that actually managed to prosecute some major spammers.
This, from Scott Hazen Mueller, chairman of the Coalition Against Unsolicited Commercial E-Mail (CAUCE - http://www.cauce.org/), sums it up:
"This bill does not stop a single spam from being sent. It only makes that spam slightly more truthful. It also gives a federal stamp of approval for every legitimate marketer in the U.S. to start using unsolicited e-mail as a marketing tool. Congress has listened to the marketers and not to consumers, and we have no faith that this law will significantly reduce the amount of spam that American Internet users receive."
Folks, we've been sold down the river again.
The Can-Spam Act does have some positive features; it makes it illegal to fake (spoof) the return address of such messages, and mandates an "opt-out" address where you can send email requesting to be taken off the mailing list. But as replying to any spam is tantamount to telling the spammers "this is a valid email address; please send me more spam", this feature is ludicrous in the extreme. There are other features of the Act that may have some positive effects, but the bad outweighs the good.
I foresee a series of well-publicized lawsuits against major spammers and "spam rings". A few will go to jail, most will get a slap on the wrist, and business as usual will include lots of spam as usual for the rest of us.
The random list of words at the start of this article is technically known as a "hash buster". It is designed to thwart the efforts of anti-spam filters that look for tell-tale trigger words, like "Viagra" and "enlarge". The filters often tag an email as spam based on the preponderance of trigger words against the rest of the message. The result of the hash buster is that the spam "payload" is concealed from the filter by the normal words making up the gibberish message.
All this is a result of a fierce battle being waged between the computers running spam filters on the world's email servers (the good guys) and the nefarious forces of evil filling your mailbox with garbage (the never-to-be-sufficiently-damned bad guys). The bad guys figure out a new way to get to your email, the good guys figure out a way to block it. The bad guys figure out a new way to evade the blockade, the good guys figure out a way to block that. Folks without any spam filters at all sink beneath the sheer volume of it all.
I suspect that the hash busting form of spam camouflage is not going to last very long. As soon as anyone opens the message it is instantly obvious that the content are spam, and the message will be discarded. And it doesn't seem to me that filters against this sort of thing would be very hard to implement.
The insidious part of this is that these messages usually contain images that, when they appear, "phone home" the address of the recipient to the evildoers' lair. This tells the spammers that an address is valid and a good target for further spamming. The way to thwart this is to not decode html messages. How you do this is beyond the scope of this article, but if you poke around the Internet you can find out about this - search on "spam images".
And the Internet Had Such Promise...
The most depressing aspect of this whole debacle is that spam works. There are actually users of the Internet who respond to these offerings. People who desperately need larger body parts, vast quantities of Viagra, and access to Paris Hilton's best-selling videotape. People who are so stupid that spammers can make a tidy living off of them while polluting the data stream for the rest of us.
As Frank Zappa said, we are "Dumb all over, a little ugly on the side."