Spamming

From Wikipedia, the free encyclopedia
Jump to: navigation, search
This article is about unsolicited electronic messages. For the food, see Spam (food). For other uses, see Spam (disambiguation).
An email box folder littered with spam messages

Electronic spamming is the use of electronic messaging systems to send unsolicited messages (spam), especially advertising, indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, television advertising and file sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch in which Spam is included in every dish.[1]

Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. In the year 2011, the estimated figure for spam messages is around seven trillion. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming has been the subject of legislation in many jurisdictions.[2]

A person who creates electronic spam is called a spammer.[3]

In different media[edit]

Email[edit]

Main article: Email spam

Email spam, also known as unsolicited bulk Email (UBE), junk mail, or unsolicited commercial email (UCE), is the practice of sending unwanted email messages, frequently with commercial content, in large quantities to an indiscriminate set of recipients. Spam in email started to become a problem when the Internet was opened up to the general public in the mid-1990s. It grew exponentially over the following years, and today composes some 80 to 85% of all the email in the world, by a "conservative estimate".[4] Pressure to make email spam illegal has been successful in some jurisdictions, but less so in others. The efforts taken by governing bodies, security systems and email service providers seem to be helping to reduce the onslaught of email spam. According to "2014 Internet Security Threat Report, Volume 19" published by Symantec Corporation, Spam volume dropped to 66% of all email traffic.[5] Spammers take advantage of this fact, and frequently outsource parts of their operations to countries where spamming will not get them into legal trouble.

Increasingly, email spam today is sent via "zombie networks", networks of virus- or worm-infected personal computers in homes and offices around the globe. Many modern worms install a backdoor which allows the spammer to access the computer and use it for malicious purposes. This complicates attempts to control the spread of spam, as in many cases the spam does not obviously originate from the spammer. In November 2008 an ISP, McColo, which was providing service to botnet operators, was depeered and spam dropped 50%-75% Internet-wide. At the same time, it is becoming clear that malware authors, spammers, and phishers are learning from each other, and possibly forming various kinds of partnerships.

An industry of email address harvesting is dedicated to collecting email addresses and selling compiled databases.[6] Some of these address harvesting approaches rely on users not reading the fine print of agreements, resulting in them agreeing to send messages indiscriminately to their contacts. This is a common approach in social networking spam such as that generated by the social networking site Quechup.[7]

Instant messaging[edit]

Main article: Messaging spam

Instant messaging spam makes use of instant messaging systems. Although less ubiquitous than its e-mail counterpart, according to a report from Ferris Research, 500 million spam IMs were sent in 2003, twice the level of 2002. As instant messaging tends to not be blocked by firewalls, it is an especially useful channel for spammers. This is very common on many instant messaging systems such as Skype.

Newsgroup and forum[edit]

Main article: Newsgroup spam

Newsgroup spam is a type of spam where the targets are Usenet newsgroups. Spamming of Usenet newsgroups actually pre-dates e-mail spam. Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). The prevalence of Usenet spam led to the development of the Breidbart Index as an objective measure of a message's "spamminess".

Main article: Forum spam

Forum spam is the creating of messages that are advertisements on Internet forums. It is generally done by automated spambots. Most forum spam consists of links to external sites, with the dual goals of increasing search engine visibility in highly competitive areas such as weight loss, pharmaceuticals, gambling, pornography, real estate or loans, and generating more traffic for these commercial websites. Some of these links contain code to track the spambot's identity; if a sale goes through, the spammer behind the spambot works on commission.

Mobile phone[edit]

Main article: Mobile phone spam

Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to customers not only for the inconvenience but also because of the fee they may be charged per text message received in some markets. The term "SpaSMS" was coined at the adnews website Adland in 2000 to describe spam SMS. To comply with CAN-SPAM regulations, now SMS messages have to have the options of HELP and STOP, the latter to end communication with the advertising spam altogether.

Despite the high number of phone users, there has not been so much phone spam, because there is a charge for sending SMS, and installing trojans into other's phones that send spam (common for e-mail spam) is hard because applications normally must be downloaded from a central database.

Social networking spam[edit]

Facebook and Twitter are not immune to messages containing spam links. Most insidiously, spammers hack into accounts and send false links under the guise of a user's trusted contacts such as friends and family.[8] As for Twitter, spammers gain credibility by following verified accounts such as that of Lady Gaga; when that account owner follows the spammer back, it legitimizes the spammer and allows him or her to proliferate.[9] Twitter has studied what interest structures allow their users to receive interesting tweets and avoid spam, despite the site using the broadcast model, in which all tweets from a user are broadcast to all followers of the user.[10]

Social spam[edit]

Spreading beyond the centrally managed social networking platforms, user-generated content increasingly appears on business, government, and nonprofit websites worldwide. Fake accounts and comments planted by computers programmed to issue social spam can infiltrate these websites.[11] Well-meaning and malicious human users can break websites' policies by submitting profanity,[12] insults,[13] hate speech, and violent messages.

Online game messaging[edit]

Many online games allow players to contact each other via player-to-player messaging, chat rooms, or public discussion areas. What qualifies as spam varies from game to game, but usually this term applies to all forms of message flooding, violating the terms of service contract for the website. This is particularly common in MMORPGs where the spammers are trying to sell game-related "items" for real-world money, chiefly among them being in-game currency.

Spam targeting search engines (spamdexing)[edit]

Main article: Spamdexing

Spamdexing (a portmanteau of spamming and indexing) refers to a practice on the World Wide Web of modifying HTML pages to increase the chances of them being placed high on search engine relevancy lists. These sites use "black hat search engine optimization (SEO) techniques" to deliberately manipulate their rank in search engines. Many modern search engines modified their search algorithms to try to exclude web pages utilizing spamdexing tactics. For example, the search bots will detect repeated keywords as spamming by using a grammar analysis. If a website owner is found to have spammed the webpage to falsely increase its page rank, the website may be penalized by search engines.

Blog, wiki, and guestbook[edit]

Main article: Spam in blogs

Blog spam, or "blam" for short, is spamming on weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site.[14] Similar attacks are often performed against wikis and guestbooks, both of which accept user contributions. Another possible form of spam in blogs is the spamming of a certain tag on websites such as Tumblr.

Spam targeting video sharing sites[edit]

Screenshot from a spam video on YouTube claiming that the film in question has been deleted from the site, and can only be accessed on the link posted by the spambot in the video description (if the video were actually removed by YouTube, the description would be inaccessible, and the deletion notification would look different).

Video sharing sites, such as YouTube, are now frequently targeted by spammers. The most common technique involves spammers (or spambots) posting links to sites, most likely pornographic or dealing with online dating, on the comments section of random videos or people's profiles. With the addition of a "Thumbs up/Thumbs down" feature, groups of spambots may constantly "Thumbs up" a comment, getting it into the Top Comments section and making the message more visible. Another frequently used technique is using bots to post messages on random users' profiles to a spam account's channel page, along with enticing text and images, usually of a sexually suggestive nature. These pages may include their own or other users' videos, again often suggestive. The main purpose of these accounts is to draw people to their link in the home page section of their profile. YouTube has blocked the posting of such links. In addition, YouTube has implemented a CAPTCHA system that makes rapid posting of repeated comments much more difficult than before, because of abuse in the past by mass-spammers who would flood individuals' profiles with thousands of repetitive comments.

Yet another kind is actual video spam, giving the uploaded movie a name and description with a popular figure or event which is likely to draw attention, or within the video has a certain image timed to come up as the video's thumbnail image to mislead the viewer, such as a still image from a feature film, purporting to be a part-by-part piece of a movie being pirated, e.g. Big Buck Bunny Full Movie Online - Part 1/10 HD, a link to a supposed keygen or an ISO file for a video game, or similar. The actual content of the video ends up being totally unrelated, a Rickroll, sometimes offensive, or just features on-screen text of a link to the site being promoted.[15] In some cases, the link in question may lead to an online survey site, a passworded archive file, or in extreme cases, malware.[16] Others may upload videos presented in an infomercial-like format selling their product which feature actors and paid testimonials, though the promoted product or service is of dubious quality and would likely not pass the scrutiny of a standards and practices department at a television station or cable network.

SPIT[edit]

SPIT (SPam over Internet Telephony) is VoIP (Voice over Internet Protocol) spam, usually using SIP (Session Initiation Protocol). This is almost identical to telemarketing calls over traditional phone lines. When the user chooses to receive the spam call, a pre-recorded message is usually played back. This is generally easier for the spammer as VoIP services are cheap and easy to anonymize over the Internet, and there are many options for sending mass amounts of calls from a single location. Accounts or IP addresses being used for VoIP spam can usually be identified by a large number of outgoing calls, low call completion and short call length.

Academic Search[edit]

Academic Search Engines enable researchers to find academic literature and are used to obtain citation data for calculating performance metrics such as the H-index and impact factor. Researchers from the University of California, Berkeley and OvGU demonstrated that most (web-based) academic search engines, especially Google Scholar, are not capable of identifying spam attacks.[17] The researchers manipulated the citation counts of articles, and managed to make Google Scholar index complete fake articles, some containing advertising.[17]

Noncommercial forms[edit]

E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and e-mail media with preaching messages. A growing number of criminals are also using spam to perpetrate various sorts of fraud.[18]

Geographical origins[edit]

A 2011 Cisco Systems report shows spam volume originating from countries worldwide.[19]

Rank Country Percentage of spam volume
1  India 13.9
2  Russia 9.0
3  Vietnam 7.9
4 (tie)  South Korea 6.0
 Indonesia 6.0
6  China 4.7
7  Brazil 4.5
8  United States 3.2

History[edit]

Pre-Internet[edit]

In the late 19th Century Western Union allowed telegraphic messages on its network to be sent to multiple destinations. The first recorded instance of a mass unsolicited commercial telegram is from May 1864, when some British politicians received an unsolicited telegram advertising a dentistry shop.[20]

Etymology[edit]

According to the Internet Society and other sources, the term spam is derived from the 1970 Spam sketch of the BBC television comedy series Monty Python's Flying Circus.[21] The sketch is set in a cafe where nearly every item on the menu includes Spam canned luncheon meat. As the waiter recites the Spam-filled menu, a chorus of Viking patrons drowns out all conversations with a song repeating "Spam, Spam, Spam, Spam... lovely Spam! wonderful Spam!", hence "Spamming" the dialogue.[22] The excessive amount of Spam mentioned in the sketch is a reference to the preponderance of imported canned meat products in the United Kingdom, particularly a brand of tinned pork and ham (SPAM) from the USA, in the years after World War II, as the country struggled to rebuild its agricultural base. Spam captured a large slice of the British market within lower economic classes and became a byword among British children of the 1960s[citation needed] for low-grade fodder due to its commonality, monotonous taste and cheap price — hence the humour of the Python sketch.

In the 1980s the term was adopted to describe certain abusive users who frequented BBSs and MUDs, who would repeat "Spam" a huge number of times to scroll other users' text off the screen.[23] In early chat rooms services like PeopleLink and the early days of Online America (later known as America Online or AOL), they actually flooded the screen with quotes from the Monty Python Spam sketch.[citation needed] With internet connections over phone lines, typically running at 1200 or even 300 bit/s, it could take an enormous amount of time for a spammy logo, drawn in ASCII art to scroll to completion on a viewer's terminal. Sending an irritating, large, meaningless block of text in this way was called spamming. This was used as a tactic by insiders of a group that wanted to drive newcomers out of the room so the usual conversation could continue. It was also used to prevent members of rival groups from chatting—for instance, Star Wars fans often invaded Star Trek chat rooms, filling the space with blocks of text until the Star Trek fans left.[24] This act, previously called flooding or trashing, came to be known as spamming.[25] The term was soon applied to a large amount of text broadcast by many users.

It later came to be used on Usenet to mean excessive multiple posting—the repeated posting of the same message. The unwanted message would appear in many if not all newsgroups, just as Spam appeared in nearly all the menu items in the Monty Python sketch. The first usage of this sense was by Joel Furr[26] in the aftermath of the ARMM incident of March 31, 1993, in which a piece of experimental software released dozens of recursive messages onto the news.admin.policy newsgroup.[27] This use had also become established—to spam Usenet was flooding newsgroups with junk messages. The word was also attributed to the flood of "Make Money Fast" messages that clogged many newsgroups during the 1990s.[citation needed] In 1998, the New Oxford Dictionary of English, which had previously only defined "spam" in relation to the trademarked food product, added a second definition to its entry for "spam": "Irrelevant or inappropriate messages sent on the Internet to a large number of newsgroups or users."[28]

There was also an effort to differentiate between types of newsgroup spam. Messages which were crossposted to too many newsgroups at once - as opposed to those that were posted too frequently - were called velveeta (after a cheese product). But this term didn't persist.[29]

History[edit]

Earliest documented spam (although the term had not yet been coined[30]) was a message advertising the availability of a new model of Digital Equipment Corporation computers sent by Gary Thuerk to 393 recipients on ARPANET in 1978.[26] Rather than send a separate message to each person, which was the standard practice at the time, he had an assistant, Carl Gartley, write a single mass e-mail. Reaction from the net community was fiercely negative, but the spam did generate some sales.[31][32]

Spamming had been practiced as a prank by participants in multi-user dungeon games, to fill their rivals' accounts with unwanted electronic junk.[32] The first known electronic chain letter, titled Make Money Fast, was released in 1988.

The first major commercial spam incident started on March 5, 1994, when a husband and wife team of lawyers, Laurence Canter and Martha Siegel, began using bulk Usenet posting to advertise immigration law services. The incident was commonly termed the "Green Card spam", after the subject line of the postings. Defiant in the face of widespread condemnation, the attorneys claimed their detractors were hypocrites or "zealouts", claimed they had a free speech right to send unwanted commercial messages, and labeled their opponents "anti-commerce radicals." The couple wrote a controversial book entitled How to Make a Fortune on the Information Superhighway.[32]

Within a few years, the focus of spamming (and anti-spam efforts) moved chiefly to e-mail, where it remains today.[23] Arguably, the aggressive email spamming by a number of high-profile spammers such as Sanford Wallace of Cyber Promotions in the mid-to-late 1990s contributed to making spam predominantly an email phenomenon in the public mind.[citation needed] By 2009, the majority of spam sent around the world was in the English language; spammers began using automatic translation services to send spam in other languages.[33]

Trademark issues[edit]

Hormel Foods Corporation, the maker of SPAM luncheon meat, does not object to the Internet use of the term "spamming". However, they did ask that the capitalized word "Spam" be reserved to refer to their product and trademark.[34] By and large, this request is obeyed in forums which discuss spam. In Hormel Foods v SpamArrest, Hormel attempted to assert its trademark rights against SpamArrest, a software company, from using the mark "spam", since Hormel owns the trademark. In a dilution claim, Hormel argued that Spam Arrest's use of the term "spam" had endangered and damaged "substantial goodwill and good reputation" in connection with its trademarked lunch meat and related products. Hormel also asserts that Spam Arrest's name so closely resembles its luncheon meat that the public might become confused, or might think that Hormel endorses Spam Arrest's products.

Hormel did not prevail. Attorney Derek Newman responded on behalf of Spam Arrest: "Spam has become ubiquitous throughout the world to describe unsolicited commercial e-mail. No company can claim trademark rights on a generic term." Hormel stated on its website: "Ultimately, we are trying to avoid the day when the consuming public asks, 'Why would Hormel Foods name its product after junk email?".[35]

Hormel also made two attempts that were dismissed in 2005 to revoke the marks "SPAMBUSTER"[36] and Spam Cube.[37] Hormel's Corporate Attorney Melanie J. Neumann also sent SpamCop's Julian Haight a letter on August 27, 1999 requesting that he delete an objectionable image (a can of Hormel's Spam luncheon meat product in a trash can), change references to UCE spam to all lower case letters, and confirm his agreement to do so.[38]

Cost-benefit analyses[edit]

The European Union's Internal Market Commission estimated in 2001 that "junk e-mail" cost Internet users €10 billion per year worldwide.[39] The California legislature found that spam cost United States organizations alone more than $13 billion in 2007, including lost productivity and the additional equipment, software, and manpower needed to combat the problem.[40] Spam's direct effects include the consumption of computer and network resources, and the cost in human time and attention of dismissing unwanted messages.[41] Large companies who are frequent spam targets utilize numerous techniques to detect and prevent spam.[42]

In addition, spam has costs stemming from the kinds of spam messages sent, from the ways spammers send them, and from the arms race between spammers and those who try to stop or control spam. In addition, there are the opportunity cost of those who forgo the use of spam-afflicted systems. There are the direct costs, as well as the indirect costs borne by the victims—both those related to the spamming itself, and to other crimes that usually accompany it, such as financial theft, identity theft, data and intellectual property theft, virus and other malware infection, child pornography, fraud, and deceptive marketing.

The cost to providers of search engines is not insignificant: "The secondary consequence of spamming is that search engine indexes are inundated with useless pages, increasing the cost of each processed query".[3] The methods of spammers are likewise costly. Because spamming contravenes the vast majority of ISPs' acceptable-use policies, most spammers have for many years gone to some trouble to conceal the origins of their spam. E-mail, Usenet, and instant-message spam are often sent through insecure proxy servers belonging to unwilling third parties. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. In some cases, they have used falsified or stolen credit card numbers to pay for these accounts. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs.

The costs of spam also include the collateral costs of the struggle between spammers and the administrators and users of the media threatened by spamming.[43] Many users are bothered by spam because it impinges upon the amount of time they spend reading their e-mail. Many also find the content of spam frequently offensive, in that pornography is one of the most frequently advertised products. Spammers send their spam largely indiscriminately, so pornographic ads may show up in a work place e-mail inbox—or a child's, the latter of which is illegal in many jurisdictions. Recently, there has been a noticeable increase in spam advertising websites that contain child pornography.[citation needed]

Some spammers argue that most of these costs could potentially be alleviated by having spammers reimburse ISPs and persons for their material.[citation needed] There are three problems with this logic: first, the rate of reimbursement they could credibly budget is not nearly high enough to pay the direct costs[citation needed], second, the human cost (lost mail, lost time, and lost opportunities) is basically unrecoverable, and third, spammers often use stolen bank accounts and credit cards to finance their operations, and would conceivably do so to pay off any fines imposed.

E-mail spam exemplifies a tragedy of the commons: spammers use resources (both physical and human), without bearing the entire cost of those resources. In fact, spammers commonly do not bear the cost at all. This raises the costs for everyone. In some ways spam is even a potential threat to the entire e-mail system, as operated in the past. Since e-mail is so cheap to send, a tiny number of spammers can saturate the Internet with junk mail. Although only a tiny percentage of their targets are motivated to purchase their products (or fall victim to their scams), the low cost may provide a sufficient conversion rate to keep the spamming alive. Furthermore, even though spam appears not to be economically viable as a way for a reputable company to do business, it suffices for professional spammers to convince a tiny proportion of gullible advertisers that it is viable for those spammers to stay in business. Finally, new spammers go into business every day, and the low costs allow a single spammer to do a lot of harm before finally realizing that the business is not profitable.

Some companies and groups "rank" spammers; spammers who make the news are sometimes referred to by these rankings.[44][45] The secretive nature of spamming operations makes it difficult to determine how proliferated an individual spammer is, thus making the spammer hard to track, block or avoid. Also, spammers may target different networks to different extents, depending on how successful they are at attacking the target. Thus considerable resources are employed to actually measure the amount of spam generated by a single person or group. For example, victims that use common anti-spam hardware, software or services provide opportunities for such tracking. Nevertheless, such rankings should be taken with a grain of salt.

General costs[edit]

In all cases listed above, including both commercial and non-commercial, "spam happens" because of a positive cost-benefit analysis result if the cost to recipients is excluded as an externality the spammer can avoid paying.

Cost is the combination of

  • Overhead: The costs and overhead of electronic spamming include bandwidth, developing or acquiring an email/wiki/blog spam tool, taking over or acquiring a host/zombie, etc.
  • Transaction cost: The incremental cost of contacting each additional recipient once a method of spamming is constructed, multiplied by the number of recipients. (see CAPTCHA as a method of increasing transaction costs)
  • Risks: Chance and severity of legal and/or public reactions, including damages and punitive damages
  • Damage: Impact on the community and/or communication channels being spammed (see Newsgroup spam)

Benefit is the total expected profit from spam, which may include any combination of the commercial and non-commercial reasons listed above. It is normally linear, based on the incremental benefit of reaching each additional spam recipient, combined with the conversion rate. The conversion rate for botnet-generated spam has recently been measured to be around one in 12,000,000 for pharmaceutical spam and one in 200,000 for infection sites as used by the Storm botnet.[46] They specifically say in the paper "After 26 days, and almost 350 million e-mail messages, only 28 sales resulted".

In crime[edit]

Spam can be used to spread computer viruses, trojan horses or other malicious software. The objective may be identity theft, or worse (e.g., advance fee fraud). Some spam attempts to capitalize on human greed whilst other attempts to use the victims' inexperience with computer technology to trick them (e.g., phishing). On May 31, 2007, one of the world's most prolific spammers, Robert Alan Soloway, was arrested by U.S. authorities.[47] Described as one of the top ten spammers in the world, Soloway was charged with 35 criminal counts, including mail fraud, wire fraud, e-mail fraud, aggravated identity theft and money laundering.[47] Prosecutors allege that Soloway used millions of "zombie" computers to distribute spam during 2003.[48] This is the first case in which U.S. prosecutors used identity theft laws to prosecute a spammer for taking over someone else's Internet domain name.[citation needed]

In an attempt to assess potential legal and technical strategies for stopping illegal spam, a study from the University of California, San Diego, and the University of California, Berkeley, “Click Trajectories: End-to-End Analysis of the Spam Value Chain” (PDF), cataloged three months of online spam data and researched website naming and hosting infrastructures. The study concluded that: 1) half of all spam programs have their domains and servers distributed over just 8% or fewer of the total available hosting registrars and Autonomous Systems. Overall, 80% of spam programs are distributed over just 20% of all registrars and Autonomous Systems; 2) of the 76 purchases for which the researchers received transaction information, there were only 13 distinct banks acting as credit card acquirers and only three banks provided the payment servicing for 95% of the spam-advertised goods in the study; and, 3) a “financial blacklist” of banking entities that do business with spammers would dramatically reduce monetization of unwanted emails. Moreover, this blacklist could be updated far more rapidly than spammers could acquire new banking resources, an asymmetry favoring anti-spam efforts.[49]

Political issues[edit]

Spamming remains a hot discussion topic. In 2004, the seized Porsche of an indicted spammer was advertised on the Internet;[50] this revealed the extent of the financial rewards available to those who are willing to commit duplicitous acts online. However, some of the possible means used to stop spamming may lead to other side effects, such as increased government control over the Internet, loss of privacy, barriers to free expression, and the commercialization of e-mail.[citation needed]

One of the chief values favored by many long-time Internet users and experts, as well as by many members of the public, is the free exchange of ideas. Many have valued the relative anarchy of the Internet, and bridle at the idea of restrictions placed upon it.[citation needed] A common refrain from spam-fighters is that spamming itself abridges the historical freedom of the Internet, by attempting to force users to carry the costs of material which they would not choose.[citation needed]

An ongoing concern expressed by parties such as the Electronic Frontier Foundation and the American Civil Liberties Union has to do with so-called "stealth blocking", a term for ISPs employing aggressive spam blocking without their users' knowledge. These groups' concern is that ISPs or technicians seeking to reduce spam-related costs may select tools which (either through error or design) also block non-spam e-mail from sites seen as "spam-friendly". Spam Prevention Early Warning System (SPEWS) is a common target of these criticisms. Few object to the existence of these tools; it is their use in filtering the mail of users who are not informed of their use which draws fire.[citation needed]

Some see spam-blocking tools as a threat to free expression—and laws against spamming as an untoward precedent for regulation or taxation of e-mail and the Internet at large. Even though it is possible in some jurisdictions to treat some spam as unlawful merely by applying existing laws against trespass and conversion, some laws specifically targeting spam have been proposed. In 2004, United States passed the CAN-SPAM Act of 2003 which provided ISPs with tools to combat spam. This act allowed Yahoo! to successfully sue Eric Head, reportedly one of the biggest spammers in the world, who settled the lawsuit for several thousand U.S. dollars in June 2004. But the law is criticized by many for not being effective enough. Indeed, the law was supported by some spammers and organizations which support spamming, and opposed by many in the anti-spam community. Examples of effective anti-abuse laws that respect free speech rights include those in the U.S. against unsolicited faxes and phone calls, and those in Australia and a few U.S. states against spam.[citation needed]

In November 2004, Lycos Europe released a screen saver called make LOVE not SPAM which made Distributed Denial of Service attacks on the spammers themselves. It met with a large amount of controversy and the initiative ended in December 2004.[51][52][53]

Anti-spam policies may also be a form of disguised censorship, a way to ban access or reference to questioning alternative forums or blogs by an institution. This form of occult censorship is mainly used by private companies when they can not muzzle criticism by legal ways.[54]

Court cases[edit]

United States[edit]

Sanford Wallace and Cyber Promotions were the target of a string of lawsuits, many of which were settled out of court, up through a 1998 Earthlink settlement[citation needed] which put Cyber Promotions out of business. Attorney Laurence Canter was disbarred by the Tennessee Supreme Court in 1997 for sending prodigious amounts of spam advertising his immigration law practice. In 2005, Jason Smathers, a former America Online employee, pled guilty to charges of violating the CAN-SPAM Act. In 2003, he sold a list of approximately 93 million AOL subscriber e-mail addresses to Sean Dunaway who, in turn, sold the list to spammers.[55][56]

In 2007, Robert Soloway lost a case in a federal court against the operator of a small Oklahoma-based Internet service provider who accused him of spamming. U.S. Judge Ralph G. Thompson granted a motion by plaintiff Robert Braver for a default judgment and permanent injunction against him. The judgment includes a statutory damages award of $10,075,000 under Oklahoma law.[57]

In June 2007, two men were convicted of eight counts stemming from sending millions of e-mail spam messages that included hardcore pornographic images. Jeffrey A. Kilbride, 41, of Venice, California was sentenced to six years in prison, and James R. Schaffer, 41, of Paradise Valley, Arizona, was sentenced to 63 months. In addition, the two were fined $100,000, ordered to pay $77,500 in restitution to AOL, and ordered to forfeit more than $1.1 million, the amount of illegal proceeds from their spamming operation.[58] The charges included conspiracy, fraud, money laundering, and transportation of obscene materials. The trial, which began on June 5, was the first to include charges under the CAN-SPAM Act of 2003, according to a release from the Department of Justice. The specific law that prosecutors used under the CAN-Spam Act was designed to crack down on the transmission of pornography in spam.[59]

In 2005, Scott J. Filary and Donald E. Townsend of Tampa, Florida were sued by Florida Attorney General Charlie Crist for violating the Florida Electronic Mail Communications Act.[60] The two spammers were required to pay $50,000 USD to cover the costs of investigation by the state of Florida, and a $1.1 million penalty if spamming were to continue, the $50,000 was not paid, or the financial statements provided were found to be inaccurate. The spamming operation was successfully shut down.[61]

Edna Fiedler, 44, of Olympia, Washington, on June 25, 2008, pleaded guilty in a Tacoma court and was sentenced to 2 years imprisonment and 5 years of supervised release or probation in an Internet $1 million "Nigerian check scam." She conspired to commit bank, wire and mail fraud, against US citizens, specifically using Internet by having had an accomplice who shipped counterfeit checks and money orders to her from Lagos, Nigeria, last November. Fiedler shipped out $609,000 fake check and money orders when arrested and prepared to send additional $1.1 million counterfeit materials. Also, the U.S. Postal Service recently intercepted counterfeit checks, lottery tickets and eBay overpayment schemes with a face value of $2.1 billion.[62][63]

In a 2009 opinion, Gordon v. Virtumundo, Inc., 575 F.3d 1040, the Ninth Circuit assessed the standing requirements necessary for a private plaintiff to bring a civil cause of action against spam senders under the CAN-SPAM Act of 2003, as well as the scope of the CAN-SPAM Act's federal preemption clause.[64]

United Kingdom[edit]

In the first successful case of its kind, Nigel Roberts from the Channel Islands won £270 against Media Logistics UK who sent junk e-mails to his personal account.[65]

In January 2007, a Sheriff Court in Scotland awarded Mr. Gordon Dick £750 (the then maximum sum which could be awarded in a Small Claim action) plus expenses of £618.66, a total of £1368.66 against Transcom Internet Services Ltd.[66] for breaching anti-spam laws.[67] Transcom had been legally represented at earlier hearings but were not represented at the proof, so Gordon Dick got his decree by default. It is the largest amount awarded in compensation in the United Kingdom since Roberts -v- Media Logistics case in 2005 above, but it is not known if Mr. Dick ever received anything. (An image of Media Logistics' cheque is shown on Roberts' website[68] ) Both Roberts and Dick are well known figures in the British Internet industry for other things. Dick is currently Interim Chairman of Nominet UK (the manager of .UK and .CO.UK) while Roberts is CEO of CHANNELISLES.NET (manager of .GG and .JE).

Despite the statutory tort that is created by the Regulations implementing the EC Directive, few other people have followed their example. As the Courts engage in active case management, such cases would probably now be expected to be settled by mediation and payment of nominal damages.

New Zealand[edit]

In October 2008, a vast international internet spam operation run from New Zealand was cited by American authorities as one of the world’s largest, and for a time responsible for up to a third of all unwanted emails. In a statement the US Federal Trade Commission (FTC) named Christchurch’s Lance Atkinson as one of the principals of the operation. New Zealand’s Internal Affairs announced it had lodged a $200,000 claim in the High Court against Atkinson and his brother Shane Atkinson and courier Roland Smits, after raids in Christchurch. This marked the first prosecution since the Unsolicited Electronic Messages Act (UEMA) was passed in September 2007. The FTC said it had received more than three million complaints about spam messages connected to this operation, and estimated that it may be responsible for sending billions of illegal spam messages. The US District Court froze the defendants’ assets to preserve them for consumer redress pending trial.[69] U.S. co-defendant Jody Smith forfeited more than $800,000 and faces up to five years in prison for charges to which he pled guilty.[70]

Bulgaria[edit]

While most countries either outlaw or at least ignore spam, Bulgaria is the first and until now[when?] only one[citation needed]to legalize it. According to the Bulgarian E-Commerce act[71] (Чл.5,6) anyone can send spam to mailboxes published as owned by a company or organization, as long as there is a "clear and straight indication that the message is unsolicited commercial email" ("да осигури ясното и недвусмислено разпознаване на търговското съобщение като непоискано") in the message body.

This made lawsuits against Bulgarian ISP's and public e-mail providers with antispam policy possible, as they are obstructing legal commerce activity and thus violate Bulgarian antitrust acts. While there are no such lawsuits until now, several cases of spam obstruction are currently awaiting decision in the Bulgarian Antitrust Commission (Комисия за защита на конкуренцията) and can end with serious fines for the ISP's in question.[when?][citation needed]

The law contains other dubious provisions — for example, the creation of a nationwide public electronic register of email addresses that do not want to receive spam.[72] It is usually abused as the perfect source for e-mail address harvesting, because publishing invalid or incorrect information in such a register is a criminal offense in Bulgaria.

Newsgroups[edit]

See also[edit]

References[edit]

Notes[edit]

  1. ^ "Spam - Definition and More from the Free Merriam-Webster Dictionary". Merriam-webster.com. 2012-08-31. Retrieved 2013-07-05. 
  2. ^ "The Spamhaus Project - The Definition Of Spam". Spamhaus.org. Retrieved 2013-09-03. 
  3. ^ a b Gyongyi, Zoltan; Garcia-Molina, Hector (2005). "Web spam taxonomy". Proceedings of the First International Workshop on Adversarial Information Retrieval on the Web (AIRWeb), 2005 in The 14th International World Wide Web Conference (WWW 2005) May 10, (Tue)-14 (Sat), 2005, Nippon Convention Center (Makuhari Messe), Chiba, Japan. New York, N.Y.: ACM Press. ISBN 1-59593-046-9. 
  4. ^ "Email Metrics Report". maawg.org. 
  5. ^ "2014 Internet Security Threat Report, Volume 19". Symantec Corporation. Retrieved 7 May 2014. 
  6. ^ "FileOn List Builder-Extract URL,MetaTags,Email,Phone,Fax from www-Optimized Webcrawler". Listdna.com. Retrieved 2013-09-03. 
  7. ^ Saul Hansell Social network launches worldwide spam campaign New York Times, September 13, 2007
  8. ^ "Marketers need to build trust as spam hits social networks", Grace Bello, Direct Marketing News, June 1, 2012
  9. ^ Understanding and Combating Link Farming in the Twitter Social Network, Max Planck Centre for Computer Science
  10. ^ On the Precision of Social and Information Networks
  11. ^ [1]
  12. ^ [2]
  13. ^ [3]
  14. ^ The (Evil) Genius of Comment Spammers - Wired Magazine, March 2004
  15. ^ Fabrício Benevenuto, Tiago Rodrigues, Virgílio Almeida, Jussara Almeida and Marcos Gonçalves. Detecting Spammers and Content Promoters in Online Video Social Networks. In ACM SIGIR Conference, Boston, MA, USA, July 2009.
  16. ^ "Toy Story 3 movie scam warning". Web User magazine. Retrieved 23 January 2012. 
  17. ^ a b Joeran Beel and Bela Gipp. Academic search engine spam and google scholar’s resilience against it. Journal of Electronic Publishing, 13(3), December 2010. PDF
  18. ^ See: Advance fee fraud
  19. ^ Cisco 2011 Annual Security Report (PDF)
  20. ^ "Getting the message, at last". The Economist. 2007-12-14. 
  21. ^ "RFC 2635 - DON\x27T SPEW A Set of Guidelines for Mass Unsolicited Mailings and Postings (spam*):". Retrieved 2010-09-29. 
  22. ^ "The Origin of the word 'Spam':". Retrieved 2010-09-20. 
  23. ^ a b "Origin of the term "spam" to mean net abuse". Templetons.com. Retrieved 2013-09-03. 
  24. ^ Goldberg, Myshele. "The Origins of Spam". Retrieved 2014-07-15. 
  25. ^ Spamming? (rec.games.mud) - Google Groups USENET archive, 1990-09-26
  26. ^ a b At 30, Spam Going Nowhere Soon - Interviews with Gary Thuerk and Joel Furr
  27. ^ Darren Waters (31 March 2008). "Spam blights e-mail 15 years on". news.bbc.co.uk. Retrieved 26 August 2010. 
  28. ^ ""Oxford dictionary adds Net terms" on News.com". News.com.com. Archived from the original on 2012-07-10. Retrieved 2013-09-03. 
  29. ^ "velveeta" from The Jargon File 4.4.7
  30. ^ Zeller, Tom (1 June 2003). "Ideas & Trends; Spamology". The New York Times. 
  31. ^ "Reaction to the DEC Spam of 1978". Templetons.com. Retrieved 2013-09-03. 
  32. ^ a b c Tom Abate (May 3, 2008). "A very unhappy birthday to spam, age 30". San Francisco Chronicle. 
  33. ^ Danchev, Dancho. "Spammers go multilingual, use automatic translation services." ZDNet. July 28, 2009. Retrieved on August 31, 2009.
  34. ^ https://cyber.law.harvard.edu/metaschool/fisher/domain/tmcases/hormel.htm
  35. ^ "Hormel Foods v SpamArrest, Motion for Summary Judgment, Redacted Version (PDF)" (PDF). Retrieved 2013-09-03. 
  36. ^ Hormel Foods Corpn v Antilles Landscape Investments NV (2005) EWHC 13 (Ch)
  37. ^ "Hormel Foods Corporation v. Spam Cube, Inc". United States Patent and Trademark Office. Retrieved 2008-02-12. 
  38. ^ "Letter from Hormel's Corporate Attorney Melanie J. Neumann to SpamCop's Julian Haight". Retrieved 2013-09-03. 
  39. ^ ""Data protection: "Junk" e-mail costs internet users 10 billion a year worldwide - Commission study"". Europa.eu. Retrieved 2013-09-03. 
  40. ^ "California business and professions code". Spamlaws.com. Retrieved 2013-09-03. 
  41. ^ "Spam Cost Calculator: Calculate enterprise spam cost?". Commtouch.com. Retrieved 2013-09-03. 
  42. ^ Shuman Ghosemajumder (18 March 2008). "Using data to help prevent fraud". Google Blog. Retrieved 12 August 2011. 
  43. ^ Thank the Spammers - William R. James 2003-03-10
  44. ^ Spamhaus' "TOP 10 spam service ISPs"
  45. ^ "The 10 Worst ROKSO Spammers". Spamhaus.org. Retrieved 2013-09-03. 
  46. ^ Kanich, C.; C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson and S. Savage (2008-10-28). "Spamalytics: An Empirical Analysis of Spam Marketing Conversion" (PDF). Proceedings of Conference on Computer and Communications Security (CCS). Alexandria, VA, USA. Retrieved 2008-11-05. 
  47. ^ a b Lombardi, Candace. "Alleged 'Seattle Spammer' arrested - CNET". News.com. Retrieved 2013-09-03. 
  48. ^ Claburn, Thomas. "'Spam King' Robert Alan Soloway Pleads Guilty". InformationWeek.com[4], 3/17/2008.
  49. ^ "Click Trajectories: End-to-End Analysis of the Spam Value Chain". Journalist's Resource.org. 
  50. ^ "timewarner.com". timewarner.com. Retrieved 2013-09-03. 
  51. ^ Screensaver tackles spam websites BBC News Online. 29 November 2004
  52. ^ Anti-spam plan overwhelms sites BBC News Online. 2 December 2004
  53. ^ Anti-spam screensaver scrapped BBC News Online. 6 December 2004
  54. ^ See for instance the black list of the French Wikipedia encyclopedia
  55. ^ U.S. v Jason Smathers and Sean Dunaway, amended complaint, US District Court for the Southern District of New York (2003). Retrieved 7 March 2007, from "Pair Nabbed In AOL Spam Scheme". thesmokinggun.com. 
  56. ^ Ex-AOL employee pleads guilty in spam case. (2005, February 4). CNN. Retrieved 7 March 2007, from "Ex-AOL employee pleads guilty in spam case". CNN.com. February 5, 2005. Retrieved 27 August 2010. 
  57. ^ Braver v. Newport Internet Marketing Corporation et al. -U.S. District Court - Western District of Oklahoma (Oklahoma City), 2005-02-22
  58. ^ "Two Men Sentenced for Running International Pornographic Spamming Business". United States Department of Justice. October 12, 2007. Retrieved 2007-10-25. 
  59. ^ Gaudin, Sharon, Two Men Convicted Of Spamming Pornography InformationWeek, June 26, 2007
  60. ^ "Crist Announces First Case Under Florida Anti-Spam Law". Office of the Florida Attorney General. Retrieved 2008-02-23. [dead link]
  61. ^ "Crist: Judgment Ends Duo's Illegal Spam, Internet Operations". Office of the Florida Attorney General. Retrieved 2008-02-23. [dead link]
  62. ^ "Woman gets prison for 'Nigerian' scam". upi.com. 
  63. ^ "Woman Gets Two Years for Aiding Nigerian Internet Check Scam (PC World)". PC World. Retrieved 2014-01-30. 
  64. ^ Gordon v. Virtumundo, Inc., 575 F.3d 1040 (9th Cir. 2009).
  65. ^ "Businessman wins e-mail spam case". BBC News. 27 December 2005. Retrieved 13 November 2011. 
  66. ^ "Gordon Dick v Transcom Internet Service Ltd". Scotchspam.co.uk. Retrieved 2013-09-03. 
  67. ^ "Article 13-Unsolicited communications". Eur-lex.europa.eu. Retrieved 2013-09-03. 
  68. ^ "website". Roberts.co.uk. Retrieved 2013-09-03. 
  69. ^ "Kiwi spam network was 'world's biggest'". Stuff.co.nz. 16 October 2008. Retrieved 13 November 2011. 
  70. ^ "Court Orders Australia-based Leader of International Spam Network to Pay $15.15 Million". Ftc.gov. 2011-06-24. Retrieved 2013-09-03. 
  71. ^ "Закон За Електронната Търговия". Lex.bg. 2011-08-14. Retrieved 2013-09-03. 
  72. ^ "Регистър на юридическите лица, които не желаят да получават непоискани търговски съобщения". Kzp.bg. Retrieved 2013-09-03. 

Sources[edit]

Further reading[edit]

  • Brunton, Finn. Spam: A Shadow History of the Internet (MIT Press; 2013) 304 pages; $27.95). A cultural and technological history
  • Sjouwerman, Stu; Posluns, Jeffrey, "Inside the spam cartel: trade secrets from the dark side", Elsevier/Syngress; 1st edition, November 27, 2004. ISBN 978-1-932266-86-3
  • Brown, Bruce Cameron "How to stop e-mail spam, spyware, malware, computer viruses, and hackers from ruining your computer" Atlantic Publishing Group, 2011. ISBN 978-1-601383-03-7
  • Dunne, Robert "Computers and the law: an introduction to basic legal principles and their application in cyberspace" Cambridge University Press, 2009. ISBN 978-0-521886-50-5

External links[edit]