Brad Templeton Home


Brad Ideas
(My Blog)


ClariNet

Interviews

EFF

Jokes / RHF

Photo Pages

Panoramic Photos

SF Publishing

Software

Articles & Essays

Spam

DNS

Jesus
The Book

Dot!

Packages

Interests


RHF Home

Ty Templeton Home

Stig's Inferno

Copyright Myths

Emily Postnews

Africa

Burning Man

Phone Booth

Alice Pascal

The Rules for Guys

Bill Gates

   
 

The Insidious Evil of Spam

The Insidious Evil of Spam

Other than those who send it, it's hard to find anybody who doesn't hate it. SPAM, Junk E-Mail, Bulk E-mail -- whatever you call it, your E-mailbox is probably full of it. (I tried to coin the name SPUME for system-polluting unsolicited mass E-mail but it never caught on.)

You aren't the only one to hate it. Several groups exist to try and stop it, and several laws have been proposed both at the federal level and at state levels in the USA to make it illegal in some fashion.

Perhaps you don't yet know how much of a problem it is because you have kept your E-mail address fairly private and don't get much. But be warned that people who haven't been so lucky typically get 30 of these things every day, around the clock, and some get over a hundred. A large ISP like AOL gets millions every day. Count your blessings, but soon this will happen to you.

But what is it, and why do we hate it? It's junk E-mail, and in some ways quite like the junk mail that shows up in the physical mailbox at your house. But as much as people dislike that, it's never drawn as much ire as Spam.

(I am not thrilled with the term Spam, not just because it is a Hormel trademark, but because this word was really meant originally to refer to mass USENET postings. I have encouraged the term SPUME but accept that Spam has become the common word. UCE implies that the bad bulk E-mail is only commercial, when in fact religious, political and other non-commercial unsolicited mass e-mailings are just as bad.)

In fact, I define this type of net abuse as E-mail that is unsolicited, sent in volume, and from a stranger.)

Perhaps the only thing of this ilk we've come to hate more is the phone solicitor, especially those who call at dinner or other inconvenient times.

Spam exists because vast amounts of E-mail can be sent for very low cost. This is in part due to the shared-cost structure of the internet, which has each end of a communication pay the costs of their end, but in truth, it's primarily because E-mail is a very efficient and very cheap communications technology. For one to one communications there's never been anything anywhere near as cheap, which is part of the reason people like it.

As cheap as it is, the ISPs who handle all the mail do see a cost because of all the Spam, and this is a problem that needs to be addressed. But for the ordinary user, no one message comes with a cost likely to get anybody on a tirade. The real problem comes because of the volume of the staff -- and for other reasons having nothing to do with the cost of carrying it.

It does cost you time

The first impact is in the time it takes. It doesn't take that long to delete a message, of course, but day in and day out, deleting 30 starts to grind. Especially when that far outnumbers the real E-mail you get. People who have E-mail accounts to get one letter from their grandson every week are shutting them down because the Spam makes their mailbox unproductive. But deleting it is also distracting, and that has an even larger cost in time. The Spammers' goal is to write their Subject line to be as distracting as possible, of course.

It interrupts you

For many users of E-mail, it's even worse. E-mail isn't a once-a-day medium like postal mail. For many of us, those who use the Internet in business, there is an E-mail window open all the time on the screen, and mail comes in and is dealt with all day long, often every few minutes. Many people want to have their terminal beep if they have some new E-mail, because many companies run on their employees being able to quickly send E-mail around, or correspond quickly with customers and suppliers.

This is where Spam is most annoying. For those who use E-mail all day, it interrupts them 30 times or more a day. It's almost like a phone ringing randomly 4 times an hour to hear a salesdroid or a hang-up. Just a few moments of your time, but very annoying. E-mail is a fast medium, almost like the phone, not something that comes once a day. It's the first and truest "push" medium, too. An in spite of what some vendors of Push software might believe, you really only want truly important things interrupting your day.

Even so, it's not the cost to the recipient that's the problem, it's the fact that the cost is minimal to the sender which generates the real tragedy of the commons. There is no disincentive -- other than the ire of recipients -- to sending Spam to vast numbers of people. Other media, even the phone or being accosted by beggars on the street -- have costs that put limits on the volume. E-mail lacks that limiting force.

The Spammers feel they are just following the same principles of postal junk mail, but they are not. The lack of limits dooms Spam as a marketing medium, but they won't accept it. Like polluters, they figure their contribution to the pollution causes no harm and in fact allows business to prosper. But it can be so tempting to pollute just a little and promote your agenda or product a bit more. But that philosophy is what filled the world with pollution.

It's not what your mailbox is for

Now the Spammers have been told many times that we didn't set up our E-mail systems just so they could use them to send us advertising. Nor do we buy a phone to receive phone solicitations. But at least the phone solicitation can't be trivially automated to let one person call a million phones in an hour (and the amount to which it can be automated was made illegal.)

But with E-mail the distinction is even clearer because there are other technologies associated with it. I set up my E-mail box for mail for me. For me personally, and not to all members of groups I belong to. (Though in general, if I know the party doing the mailing, particularly if it's a group of friends, it is also acceptable.) When I've subscribed to a mailing list to get mail for a group I belong to, I've done that explicitly.

There are other ways to reach particular group audiences, such as web pages or ads on services for those audiences. Newsgroups and forums exist for people to receive information as groups. And in fact, many newsgroups don't mind a single, low-hype newsworthy commercial announcement done a single time. Some even welcome it. (Newsgroup readers hate messages posted to vast numbers of unrelated newsgroups, messages with no real new content or repeated messages almost as much as Spam, though.) I don't want to imply in any way that Spammers should post their messages to newsgroups, but it's certainly true that getting it in your E-mail box is even worse than getting it in a public forum.

We made our mailboxes to get mail written for us, or group mail we asked for. Not form letters and not mailing lists we didn't ask to be on. When people abuse this resource for their own ends, that's one of the things that gets people upset about Spam.

"Legitimate" bulk E-mail

The Direct Marketing Association -- the association of postal junk mail marketers -- is against Spam. They feel it's important to stop it before the wildcat Spammers spoil the market for the "legitimate" mass mailers. The bad news for the DMA is that they are too late. Without checks and balances, nothing can stop Spam from running rampant. There are just too many people out there with a message they think you want to read.

They've proposed mailing only to people who ask to be on lists. A good idea, but still mostly doomed. People just won't ask, not when they see the volume and realize they can go to a web site when they want to to learn about any area of interest. They propose paying people to be on lists, and that might work because it has the inherent self-limit of cost.

But the truth is people just won't tolerate Spam making their mailbox significantly less useful. E-mail is far too valuable to let the bad drive out the good. That doesn't mean it's impossible for legitimate Spam to exist, but unless some factor keeps it down to a very small volume (smaller than the volume of real mail) of very well aimed messages, the anti-Spam forces will do what they can to stop it.

This point will never be well understood. Engineers talk about "signal to noise" ratio to describe how useful a communications channel is. Too much noise, and it drowns out the signal. But if there is too much signal, then the signal itself becomes noise. There are simply too many products that might have a "legitimate" reason to market to me or anybody else. They simply can't all have access to my mailbox, and without a way to pick a select few, the only answer is to let none of them have it.

The only legitimate bulk mail comes from people you've already voluntarily had contact with -- non-strangers. They can still annoy you with mail you don't want, but the amount is limited, both because there are only so many parties who are not strangers, and because having a relationship (especially as a customer or prospect) gives you some power over the sender.

It Invades Your Privacy

I have yet to come to the greatest evil of Spam. The mailers of Spam have been indiscriminate in gathering names. They had no reason not to. So they go about extracting the E-mail addresses of anybody who posts to a public newsgroup or a public mailing list. They scan chat-rooms and extract addresses. They browse web pages and extract E-mail addresses. They pull out site directories, user files and databases of all sorts. They suck down internet databases like the domain registries and anywhere else an E-mail address might be found.

The result has been catastrophic. Do almost anything in public under your E-mail address and you will quickly get Spammed. And that may be what bothers people the most. Going "out" in public in cyberspace shouldn't mean you'll get inundated with unwanted E-mail. Privacy is the right to be left alone when minding your own business; but go out into the world of cyberspace and the Spammers won't leave you alone

The saddest thing is that ordinary net users have come to realize what is going on, and as a result they start to fear public participation in the net. Many people now don't want to post to a newgroup or mailing list because they know they will get Spam. It's become common to see people hiding their E-mail address, removing it from the place it's supposed to go, and spelling it out in human language so that automatic reply is not possible. They want to stop the Spam, but they end up making it harder for the legitimate people who want to reply to them to use the net the way it was intended.

(They are almost as selfish as the Spammers in that way. They put the burden on others rather than themselves, making all replyers figure out and type in the reply address by hand, rather than fighting the problem themselves.)

But it's a tragedy that Spam has scared people away from the net. For now the Spam hasn't just annoyed me and my neighbour, it's stopped me from even meeting my neighbour. She's afraid to go out because of the noise.

But is all bulk E-mail wrong?

Of course not. But when we have no way of telling them apart, what can we do?

There are lots of bulk mails that are legitimate. Many people ask to be put on mailing lists, after all. And you can't deny companies the ability to mail their own customers or other people they have existing relationships with. (If they annoy their own customers, they pay the price for it.) If you stop by a trade show booth and have them scan your card to get literature, you can hardly complain if they do a bulk mailing of literature to you.

That's solicited mass E-mail, but a company mailing its list of customers, former customers and prospects isn't exactly solicited, but it's not exactly spam, either.

We've all used personal mass E-mail too. Who hasn't gotten a bulk E-mailing about a party, or the announcement of a wedding or the birth of a baby? Often we didn't ask to get on those mailing lists, but we don't mind it.

What we object to is the fact that revealing in our name in one context, like a web page -- so that people can mail us about our web page -- causes us to get bulk mailings from total strangers even though we had no intention of soliciting them when we revealed our name.

Yet this is what the postal junk mailers have done for years. They grab names any way they can. They figure that if you went to a computer trade show, it's legitimate to mail you offering to sell you computers. That if you registered Republican they can mail you about their candidate. That if you subscribed to Fortune Magazine and make $100,000 per year, they can mail you an ad for a Mercedes Benz. But if Nissan were to mail all the people who posted to the newsgroup "rec.autos.makers.honda" (a user group for drivers of Hondas) people would be up in arms.

We've tolerated (but not liked) this for years because of the inherent limits and costs, and because it annoys us only once a day. If you're like me, you go to your mailbox, bring in your mail and stand over your wastebasket. You quickly pull out the real mail -- and sometimes the odd piece of interesting junk mail -- and let the rest fall into the basket. No big whoop. The costs also help, because frankly, if the mailer had any way at all of knowing you were going to just drop it in the basket, or otherwise have no interest in their product, they would love to take you off their list.

It turns out that handling your Spam isn't so bad if you can get it consigned to delivery once a day, or to a different mailbox or mail folder, with your regular mail coming in "real time" the way you want it. In fact, I believe many of the long-term solutions lie along this road.

Damage to the "end to end" principle

Another great evil of Spam is that it interferes with the "end to end" principle, an ethos of network design near and dear to the hearts of many of those involved in internet design.

This principle says that internet applications should work directly, from user to user, without requiring special smart gateways in the center of the network. End-to-end systems scale and foster innovation.

Stopping spam, however, requires some central control, a violation of the principle. If everybody can email everybody directly, we get the abuse of spam. Given this, we must try to not let spam make us abandon our principles altogether.

The ISPs

The internet service providers, companies like Netcom and AOL, have paid a real price for Spam. The biggest get literally millions of messages per day, and at that rate, even .01 cents per message turns quickly into real money. Worse, they have to devote staff, in some cases full-time, to dealing with customer complaints over Spam, complaints about Spam by their own users, and tuning mail software and Anti-Spam software to deal with the problem.

And more frightening, they have users cancel their accounts, saying that E-mail (in many cases the prime internet application for a customer) just isn't productive because of all the Spam. Almost nobody does that to the postal service. (Though in Canada now you can put a sign on your mailbox telling Canada Post not to deliver certain types of bulk mail, and many do it.)

The ISPs are fighting back, with lawsuits, and time spent tuning anti-Spam software and filters to block all mail from known Spam. They have no choice.

(One of the nastiest techniques of the Spammers is to abuse the friendly way most mail computers are configured. They will relay mail from point to point, holding it and forwarding it. They do this because if your computer isn't working, you want somebody else to receive and hold your mail for you. This open configuration can be abused, and Spammers will send a single message to a large site and tell the mail system to deliver it to thousands of addresses all over the net. The Spammer uses almost no computer resources, the victim uses tons, and worse, it looks to some angry recipients that the hated Spam is coming from the innocent relaying victim. Slowly, sites are working to close up the old friendly, open configurations of their mail systems.)

It's hard for the ISPs for there are many Spammers. One Spam is like one piece of litter. It doesn't ruin the countryside on its own, but it has to be stopped because once everybody litters, the land is ruined and the costs are high.

What to do about it

On these pages you will find essays on some of the proposed solutions to the problem, as well as essays on why certain efforts go way overboard and "throw out the baby with the bathwater."

An index of the essays is available.

Many solutions are possible. At this time my personal recommendations are:

  1. Encourage use of existing laws -- relay abuse, fraud, denial of service attack, impersonation, etc.
  2. Continue to discourage all legitimate companies from sending Spam.
  3. Use special, more filtered addresses in public, but don't use fake addresses that just make things harder for others.
  4. Encourage ISP terms of service clauses, block open SMTP for trial accounts or users not signing anti-Spam clauses.
  5. Secretary "whitelist" programs or other programs that divert probable Spam into lower priority queues.
  6. Development of tagging systems to allow users to accurately filter their mail.

Defining Spam

So what is Spam? Perhaps the central question to ask when examining any mail is:

"If everybody who could and wanted to did something like this, would it to ruin?"

Ruin in this case of usable E-mail systems, because they become swamped with undesired mail, or ruin of public cyberspaces because people fear to participate and let their email-address be revealed.

The Key to Spam is that without a barrier against doing it, its volume becomes unchecked and it does lead to ruin.

This is not a definition, however, it just frames our definition. Things that are not likely to present a problem as they scale do not need to be addressed or stopped. The real essence of Spam is this:

Spam: Performing a bulk mailing to a group of people to whom you are a stranger, and who did not request the mailing.

The first key element is bulk. A single, personally written E-mail to somebody you don't know is not a problem. It's how you get to know people. It's mail that is meant for more than one person that is Spam. Note that even if the messages are sent one at a time, they can still be bulk mail. A form letter modified with a few parameters (like filling in a name or profession or hometown) and mailed to 10 people every day is still Spam.

This is not to say that single E-mails can't be unwanted or annoying. It simply says that they are not a problem, and won't be a problem because their volume is inherently limited.

Is it possible to send unsolicited mass email to people who know you? Sure. But there is a limit on how many people who know you, and so this process is self-limiting. As noted, it's not uncommon for people to gather together a list of the e-mail addresses of all their friends and send out a birth announce, holiday greeting or party invitation. Sometimes it's personal junk mail -- people looking for work, or funding, or help, but because it's self-limiting, we can tolerate it.

The definition of a stranger can be quite loose and still work. Somebody is not a stranger if you've had some sort of interaction with them personally. If you've done business with a company, it is no stranger. If you stopped by its booth at a trade show, you know it. If you subscribed to a publication, you know it. (But that doesn't mean its associates that it sells your name to are not strangers.)

And of course people routinely request to be on lists, and that's never unsolicited -- though people abusing an existing list by mailing something that has unwelcome on the list can be guilty of Spam. They are strangers, the list managers are not.

Sidebar: Auto-Reply

There is another definition also worthy of consideration, in particular because it is very precise: Unsolicited Bulk E-mail whose reply address does not go to a human being.

This doesn't ask any questions about the mail or the relationship between the sender and recipient. It simply sets a standard that the sender must be willing to assign a real person to handle the replies. This pretty much allows all personal bulk-mail from non-strangers. But it self-limits large mailings and disallows bulk mailing from non-existent addresses. The rule that "If you want to take up my time with your mailing, you must be willing to have me take up your time with my response" has some value.

However, since reply ratios are probably no more than 1 in 100, this may not be limiting enough. If it becomes productive for mailers to fill our mailboxes and pay overseas workers $1/hour to answer them, the tragedy of the commons still remains.

Spam Rationalizers

Of course, many who do Spam have heard that "spam is bad" and so try to rationalize that what they are doing is not Spam. I've even seen anti-Spam crusaders talk about using Spam tactics, rationalizing that when the other guy does it, it's Spam, but when I do it, it's not.

Many Spams begin with the sentence, "This is not SPAM." Of course sometimes they are just plain lying, but sometimes they have actually convinced themselves of it. You will see people accused of Spam saying, "Oh no, we are firmly against SPAM, we would never do that." That's because they know that people think Spam is bad, but don't know why.

It's for a good cause

Some people rationalize if the Spam is non-commercial, and more to the point, for a cause they stronly believe in (even fighting Spam) then it's OK. The ends justify the means, in other words. They forget that for 1,000 people there are 1,000 particularly worthy causes.

They might even know the "if everybody did it" rule, but they rationalize it as, "If everybody did it for a cause this important by my judgement, it would not be a problem since there aren't that many causes this important by my judgement." But of course it's really people doing it for a cause they think is important in their judgement.

The problem with Spam is not so much the motive of the sender. The motive (commercial in most cases) is only a problem because it encourages so much Spam. It's the pollution of the net that's important.

There is no other way to reach these people

Usually this one means, "There is no other free way to reach these people." It's obvious why they prefer free over expensive. And in some cases, the cost of another method, like paper direct mail, is simply beyond their means, so there is "no other way."

But sit down and face it. Your cause or product just isn't that important. If it were, there are other channels -- TV, print, etc. where the message will reach people. People use those systems because they have somebody controlling what comes out of them. Even though there may be 100,000 important messages in the world, nobody has time to consider them all. If we got them all, we would consider none. Each time somebody bypasses the systems that filter this information by sending Spam, they in fact block out all the other messages. Is your cause, by objective standards, the most important in the world.

The world simply doesn't owe anybody a free channel for their messages.

Sometimes there is no way to get anything but the E-mail addresses for a group of people. In this case, the answer has to be "too bad." There was no way to reach them before E-mail and there still isn't today.

Sure, it will annoy people and destroy the utility of E-mail, I will pay that price

That's not a rationalization. This type knows what they are doing. They must be stopped, with blacklisting and other tools. This is the one area where government intervention might be considered.

It wasn't a very big list

Yes, that means the Spam annoyed fewer people, but the people who did get the mailing are no less bothered by the fact that other people didn't get the mailing. If the list is small it's easier to find other ways to reach the people.

It should be recognized that many people don't mind a small number of very well targeted mailings, particularly in business. As such I'm encouraging a tagging standard that has the message specify how many people it was sent to (in all mailings for all time, combined.) If the number is low, many people might accept such mail.

This is perfectly fine when done on paper

This is the hardest thing for the "legitimate" direct marketers to understand. The rules have to be tougher here. How would it be if anybody in the world could send a 1,000,000 piece direct mailing for $100, with the only other cost being that some whiners get annoyed? There would be thousands of those mailings every day, and you would need a wheelbarrow to empty your mailbox, and a staff to pull out your real personal mail.

The rules are different here. There is no inherent requirement that the principles of direct mail flow through into the E-mail world. Some would like that, especially as E-mail replaces paper mail in people's lives, but it just can't work that way.

At the same time, however, we must be dedicated to the concept that the online world does not become more regulated or restricted than the paper world. It's hard to reconcile the added abuse possible online with this important principle.

One answer to this is that if E-mail can get the same cost structure as paper, it should be no different. The paper problem, while annoying, has not caused vast harm to the postal service, and in fact subsidizes it. Should it be the same for E-mail, that would be appropriate.

Secondly, it's not out of the question to suggest that paper mail should be reduced and be under the same rules as E-mail. Because paper mail is expensive in bulk, there are organizations of junk mailers (the DMA) who do in fact provide opt-out facilities for people that do have some effectiveness.

This is a legitimate product

The level of annoyance of Spam recipients has done some good. It's kept most legitimate companies out of Spam. They don't want to be associated with its bad name. But some do, figuring that Spam means all the truly junk mailings -- the porn sites, the "make money fast" pyramid schemes and the like. Sure, those are bad, they argue, but people won't mind getting real product offers from real companies.

It's true that a lot of Spam comes from people who might only sell a dozen products by mailing to a million people. Those mailings hurt 999,988 people. But even if a mailing does well, and sells 10,000 units, the other 990,000 are still bothered by it. Viewed from that perspective there is effectively no difference.

Many users are glad to receive our mailings

This is, in most cases, a lie. There are a few people who respond positively to mailings but they are very few. I have seen no evidence of any support by recipients for Spam, and much evidence of widespread disgust.


Summary of Issues

Summary of Issues

  1. SPAM is unsolicited bulk e-mail from somebody who is a stranger. And there's a lot of it going around.
  2. Current attempts to make Spam illegal are ill-advised. They violate 1st amendment principles, and in general, all non-governmental methods should be exhausted before we begin inviting the government to make legislation.
  3. For the individual user in the USA, the physical cost of a single E-mail or even 30 of them is inconsequential. The real problem lies elsewhere.
  4. Spam wastes your time, and interrupts you. But it also invades your privacy and is making people afraid to go out "in public" in cyberspace, thus hurting all on the net.
  5. Spam is like pollution or litter. One causes very little harm, but because there is insignificant cost to the sender, nothing keeps it in check. Other media had some factor to keep them in check, this one needs one.
  6. People have a right to communicate, and even to be anonymous, but people also have a right to decline to listen to communications, and to make that decision based on whether the sender is anonymous or identified.
  7. Some techniques available include attacks from ISPs on the worst offenders, carefully done blacklists, filter programs and secretary programs, and mailers and tools that insist on real return addresses on messages. However these tools should be created with certain principles of protection of free expression in mind.