If P.T. Barnum were alive, he'd probably say there's a spammer born every minute. Given the volume of junk filling our in-boxes, it certainly seems that way.
In just a few years, spam has grown from a minor annoyance to a major epidemic. In May, MessageLabs Ltd., a U.K. e-security vendor, announced that unsolicited bulk mail now accounts for more than half of all messages sent over the Internet. A report released this month by the Radicati Group Inc. says U.S. businesses will spend US$20 billion this year--and nearly $200 billion by 2007--trying to keep spam out of their in-boxes. A survey conducted by Internet security firm Symantec Corp. reveals that 80 percent of children between ages 7 and 18 receive "inappropriate, unsolicited e-mail"--nearly half of it ads for porn sites.
Computer companies and the federal government are taking note. Microsoft has filed 15 civil lawsuits--13 in the U.S. and two in the U.K.--against alleged spammers targeting the company's customers. Currently, two separate antispam bills are making their way through the U.S. Senate. Moreover, the Federal Trade Commission is asking Congress for greater powers to combat spammers, including the authority to force ISPs to turn over spam complaints about their customers.
How did we get into this mess? And is there any way out? Here are answers to the your frequently asked questions about spam.
Why Is It Called "Spam"?
Spam takes its name from a Monty Python skit about a restaurant that served the stuff and the Vikings who ate there while chanting the word "spam" over and over. According to Internet lore, the first spam attack took place in 1985 inside a multiuser game. Some wannabe Viking sent the message "spam spam spam" (and so on) to every player on the system until he got booted. After that, the term was applied to mass advertisements posted to online discussion groups and then to unwanted bulk e-mail--all to the continuing dismay of the Hormel Foods Corporation.
Why Am I Getting Spammed?
The most common way to become spambait is to publish your e-mail address on a Web page, or in a chat room, discussion group, or online directory. Spammers use automated programs known as "spiders" or "bots" to harvest these addresses. A March 2003 study by the Center for Democracy and Technology found that 97 percent of the spam it received was sent to addresses harvested from the Web.
But that's not all. You may have given your address to a site in exchange for a free service or the chance to win a prize. Besides sending you ads, these sites may have sold your information. Or you may have been the victim of a "dictionary" or "brute-force" attack, where a spammer deluges an ISP's mail server with thousands of possible e-mail firstname.lastname@example.org, email@example.com, and so on--then discards the ones that bounce and uses the rest. In other words, you could do absolutely nothing wrong and still get spammed.
Why Is My Spam Load Increasing?
You're getting more junk mail because spammers are very good at sharing, and there are more people getting involved. On sites like Bulkers Club and The Bulk Barn you can buy a list of 15 million names for as little as US$50. In fact, all the tools that enable spamming--harvesting bots, mass mailers, lists of vulnerable servers that spammers can hijack to cover their tracks--can be had for just a few hundred dollars. (Read "Spam Inc." to learn all about the spamming business.) And as more spam gets blocked, spammers compensate by sending even more junk mail.
Why Do People Send Spam?
Money, honey. Most advertisers pay spammers based on the percentage of e-mail that results in a sale or a visit to a Web site. Spamming can be very profitable because it costs relatively little to send millions of messages each day, and spammers need only a small number of sales--a fraction of 1 percent--to cover their costs. Newbie spammers can make $100,000 a year or more, and they don't have to be smart, attractive, or practice good personal hygiene.
What Are ISPs Doing About It?
Plenty. The big e-mail carriers--AOL, Earthlink, Yahoo, and MSN/Hotmail--block literally billions of spam messages each day before they reach anyone's in-box. (Imagine how much spam you'd get if they didn't do this.) Most provide tools, like Earthlink's SpamBlocker or Yahoo's SpamGuard, that let you filter even more junk. They're also suing spammers for breach of contract and trespass.
What Can I Do About It?
Well, you could abandon your spam-soiled e-mail address and start over. But that's impractical for many, especially business users--and it's a short-term solution at best. A better answer is to use a filter like IHateSpam, Qurb, or SpamKiller. These programs scan your incoming e-mail and quarantine suspected junk, though you'll have to check each day's catch to make sure legitimate mail hasn't been blocked by mistake.
You can also lower your spam profile. Don't publish your e-mail address (or if you do, change it so humans can read it but bots can't: "joe dot smith at yahoo dot com"). Don't use your primary e-mail address to sign up for Web sites. If you're creating a new address, make it one that can't be easily guessed by a dictionary attacker (i.e., avoid firstname.lastname@example.org and use email@example.com instead).
Finally, don't open any spam you receive--don't even look at it in the preview pane of your e-mail program. The messages often contain hidden software code, a "Web beacon" that tells the spammer the message has been opened, marking you as prime spambait.
Will Spam Ever Go Away?
Sure. Spam will stop cold once people stop believing they can lose weight, make millions, maintain eternal youth, or add inches to their body parts by taking a pill or clicking a Web link. Until it stops being effective, spam will be an unfortunate fact of cyberlife. Somewhere, P.T. Barnum is looking down at us and laughing.
- Former PC World executive editor Daniel Tynan recently spoke at a Federal Trade Commission conference on spam and has written extensively on the topic. He's won more than 20 journalism awards and is a two-time finalist for a National Magazine Award. Tynan has appeared on CBS, CNN, and NPR to share his comments on the world of technology. He's also an accomplished chicken farmer.