St. Petersburg Times Online: Business

Weather | Sports | Forums | Comics | Classifieds | Calendar | Movies

Cost of spam goes beyond annoyance

Junk e-mail doesn't just bug millions of computer users. Spam sometimes carries scams and viruses and costs users and businesses billions of dollars a year in time and trouble.

By DAVE GUSSOW

© St. Petersburg Times, published March 5, 2001


It started with an innocent question posted on an obscure online bulletin board: "Where can I find information about quilting and buying quilts?"

The inquiry from dmg227@hotmail.com inspired a few helpful responses from users of the bulletin board on crafts. But it also started what became a deluge of electronic junk mail -- "offers" for business opportunities, investment advice, long-distance phone service, and, of course, pornography -- that has continued for weeks.

Dmg227 was an e-mail address I created just to test how little a computer user must do to attract the unwelcome attention of those who spread unsolicited commercial e-mail. A previous test e-mail address attracted more than 1,000 junk mail messages in about eight months before overflowing the limits set by the e-mail provider.

Junk e-mail, or "spam," travels the Internet like a plague, and it isn't just a huge annoyance for millions of computer users. The messages sometimes carry scams and viruses, and they cost users and businesses billions of dollars a year in time and trouble. A recent study by the European Union estimated the worldwide cost of spam at more than $9-billion a year in online connection time alone.

A University of California-Berkeley study estimated that 600-billion to 1.1-trillion e-mail messages will be sent this year, and some groups estimate that up to a third of them will be spam.

"Paper junk mail has a stamp on it," said John Levine, a director of the Coalition Against Unsolicited Commercial E-mail (www.cauce.org). "It may seem like you get an infinite amount in the mailbox, but it's constrained" by whether the sender is willing to pay the postage. "Most of the cost of e-mail is borne by recipients."

And so far the spammers have outwitted everyone trying to fight them.

"People think there must be some way to stop spam," said Levine, author of Internet for Dummies. "If there were, we would have done it."

Fighting spam is a tough job because a single spammer can send millions of automated messages a day.

The spammers use software robots to harvest e-mail addresses from online bulletin boards, Web sites and e-mail directories. E-mail lists, offered by spammers to their counterparts, can cost less than $100 for thousands of names.

Spammers also go fishing for new targets by trying variations on e-mail addresses. For example, knowing that one of my addresses was dmg119@hotmail.com, a spammer sent out junk messages using dmg119@msn.com.

The junk mail creators' recent techniques include a more personal style. Some spammers use the subject line in the message to make the recipient think it's legitimate. Among their favorite lines: "Re: your question," "Getting back to you" and "What's new?" Or they make the message appear to be from your e-mail provider, such as, "Hotmail members notice."

The spammers also are using nastier tactics to get attention, planting software in messages that can automatically verify a user's address, change a computer's system settings so the Internet browser opens to the spammers' Web page, even place a "cookie" on someone's computer to track surfing habits.

"The computer should be yours," said Kim Zetter, features editor at PC World magazine (www.pcworld.com). "For someone to come in and alter the setting and force you to go somewhere you don't want to go, they've overstepped here."

* * *

The relentlessness and ingenuity of the spammers are good news for Gary Hermanson.

"I don't think (spam's) ever going to go away," said Hermanson, chief executive of Brightmail Inc. (www.brightmail.com), a San Francisco company that provides filtering software to Internet service providers and other businesses in an effort to block spam.

Brightmail claims a 90 percent success rate in blocking spam for customers such as MSN, Earthlink and AT&T Worldnet. Its system to catch the junk mail perpetrators includes "salting" millions of fake e-mail addresses around the Web.

As spam arrives at those addresses, it is analyzed and the information included in a database. Brightmail's software and staff look for clues in the e-mail coding and subject line; it does not read individual messages before categorizing them as likely spam.

For businesses using Brightmail's system, suspected spam messages are sidetracked into a special folder where customers can read or ignore them. Brightmail constantly examines spam messages that slip through its filter to update its defenses.

Other spam-fighting tools include detecting mail sent in big batches and checking for fake e-mail headers used to hide the origin of the spam.

Some Internet service providers use software filters, and some try to block networks where spam originates. "Savvy spammers do find ways around these methods by relaying through multiple networks, which makes it hard to block them," said Mary Rickert, vice president of marketing for Internet Junction in the Tampa Bay area.

More businesses are taking precautions, though some are reluctant to talk about the problem because it's a security issue.

"We have measures in place for spam, both for internal (system protection) and customer service," said Verizon spokesman Bob Elek in Tampa. The phone company's measures include filtering, but the company would not give out details.

Tech Data Corp. in Clearwater became a spammer's victim a few years ago, said Will Milor, senior manager for information security. The problem went beyond receiving a flood of sales pitches. Instead, a spammer found an e-mail forwarding system that was used by the company and managed to send out spam that looked as if it originated from Tech Data.

To prevent that scam and to manage the flow of mail, Tech Data about two years ago installed a gateway system, which receives incoming mail like a post office and distributes it, and antispam filtering software. As with Brightmail's system, the software weeds out the spam but stores it on the system in case a legitimate message gets stopped.

"The filters have never grabbed anything that wasn't really spam," Milor said.

Some organizations try to cut down on spam by pressuring Internet service providers that permit customers to originate it. The Mail Abuse Prevention System (www.mail-abuse.org) keeps a list of supposedly spam-friendly providers so other services can block mail from them.

Spammers also have faced four consecutive years of "Project Mailbox," investigations conducted by the Federal Trade Commission, the U.S. Postal Inspection Service, the Securities and Exchange Commission and the National Association of Attorneys General. The group recently congratulated itself for more than 300 "law enforcement actions," including 180 for fraud sweepstake and promotion offers, but the spam continues.

Congressional efforts to restrict spam passed the House last year but failed in the Senate. Though the legislation has been filed again this year, its chances remain iffy, says Levine of the Coalition Against Unsolicited Commercial E-mail (motto: "Take Back Your Mailbox").

"We're not making much progress," Levine conceded, noting that even reaching agreement on defining spam has been difficult.

Some organizations say their legitimate messages are being blocked by crude antispam tools.

For example, Gilles Frydman, president of the Association of Cancer Online Resources, said spam filtering at Internet "post offices" prevented messages from reaching members of his online support groups, often without their knowledge.

Online research company Harris Interactive sued America Online and other Internet providers last summer for classifying Harris survey requests as spam, even though recipients had agreed to participate in the surveys. The suits were dropped when the providers accepted the mail again.

And last week, eBay sellers complained that a new system intended to filter spam was instead blocking messages from online auction bidders.

Defending online junk mail isn't a popular cause, but those who make their living from it argue that they wouldn't survive in business unless many people wanted what they are selling. And they defend their First Amendment right to free speech.

"We think the federal government should stay out of the Internet. Let (the states') deceptive practices act work," said Jerry Cerasale, senior vice president of government affairs for the Direct Marketing Association (www.the-dma.org), a trade association whose members conduct direct sales through catalogs, telephone, television, the Internet and conventional mail.

Cerasale says legislation can be passed, including provisions that the association can support, such as allowing people to "opt-out," or unsubscribe, from receiving commercial e-mail; identifying the e-mail as a commercial message; banning the falsifying of headers to avoid tracing; and letting Internet service providers protect their property.

But the association objects to two other proposals:

Letting Internet service providers individually set rules on spam that the federal government would then enforce. With thousands of providers, all with different rules, it could wreak havoc for marketers trying to abide by the law, he said.

Allowing individuals to sue for damages. And if individual suits are allowed, the association wants limits on liability.

Because of the furor created by spammers, Cerasale doesn't think many of the association's members use e-mail and acknowledges that they are being lumped with those sending scams and other schemes.

"The Internet will change and so will e-mail," Cerasale said. "E-mail may become a good marketing tool. We don't want to have the medium itself hogtied so that you can't use it. We want to allow technology to still grow in the area, which is why we take a more cautious approach."

* * *

Alan Schwartz, co-author of Stopping Spam: Stamping Out Unwanted Email and News Postings, predicts the spam problem will be solved, but not soon.

"I think we'll get it more under control in the next five years," Schwartz said. "Right now, the government hasn't given us any help. There have been a few places where bills were proposed and passed, but they were basically well-intentioned but misguided legislation."

Consumers can take steps as well, including installing filtering software. They can complain to their Internet service provider and attempt to track down where the spam originated.

"We see more people suing and winning," Schwartz said, including ISPs going after spammers who send messages through their servers. In some suits, ISPs have won up to $50 per e-mail.

"Those are the types of things we're going to see more of," he said. "When someone spams from an ISP, it looks bad for (the ISP), and it causes them a lot of problems, so they're willing to take action."

The most important step consumers can take is to carefully guard their e-mail addresses, but that also has consequences.

"The only way to avoid spam is to come up with an obscure address and not tell anybody, which makes it not very useful," Levine said.

- Times news researcher Kitty Bennett contributed to this report, which includes information from Times wires. Contact Dave Gussow at gussow@sptimes.com or (727) 445-4228.

From recent junk e-mail:

See your favorite celebrities naked!!!

You Have Been Chosen to Register for Our Vacation Special!!!

Get The Lowest Price on Your New Car Without Negotiating for Hours!

Lose 30 lbs in 29 Days Guaranteed!

Safe Herbal Weight Loss Supplements

Did you know that there's a way to lose 2 to 14 inches of fat PERMANENTLY and SAFELY in only 1 HOUR?!

This is ADULT MATERIAL. You must be at least 18 years of age before you can lawfully view it.

Now, you can have 24 hour access to an experienced attorney for just pennies a day.

How would you like to quit your job, become your own boss, and build up enough residual income to support yourself for the rest of your life?

BET ON SPORTS OR VISIT OUR ONLINE CASINO AND PLAY WITH NO DOWNLOADS!

FIND BEST LOANS AMONG 500,000 LOAN PROGRAMS FROM 500 OF THE BEST LENDERS IN THE COUNTRY.

CUT YOUR BILLS IN HALF INSTANTLY!! CLICK HERE FOR YOUR FREE QUOTE!!

ACNE CURE* & PENNY STOCK PICK!

Get money for any reason: Pay Off Bills, Go on Vacation, Get a New Car, etc...

"Mastering the Art of Learning . . . Power Guide to Great Grades And a Great Education."

Grand prize -- Florida Bahamas vacation and cruise

1st prize -- Airline tickets

Other Prizes -- 3 days and 2 nights hotel accommodations

If you buy groceries, wear shoes, drive a car, purchase prescriptions or see a physician, USA+ is designed to save you money!

Now you can make Windows 95 and 98 almost as dependable as Windows NT/2000, Microsoft's professional version of Windows.

Dear Homeowner, We are a referral agency and our goal is to provide homeowners with lenders that fit your specific situation.

How would you like to get a loan for $50,000? With no Collateral, Credit check, or Cosigners!

Increase Holiday Sales w/4 Powerful Words!!! We Accept Credit Cards !!

Knowledge is Power! We will teach you how to get the best bang for your buck! You'll receive a FREE audio cassette on currency trading!

Dear Friend, FREE CASH GRANTS, NEVER REPAY! You Can Receive the Money You Need . . .

ALERT -- $50 FREE GROCERY COUPONS!

We've already paid out over a cool MILLION DOLLARS to WINNERS just like YOU. Enter the Finest, Highest Paying Casino Online

We work with a large group of your local doctors and dentists and are offering a Dental-Optical Plan that runs approximately $3 a week for an individual and $4 a week for the entire family with NO limit to the number of children.

© Copyright, St. Petersburg Times. All rights reserved.