Jan
24
What is spam – Law
garrymoore@mc.edu | January 24, 2012 | Tagged about spam, internet law, spam | Comments Off on What is spam – Law
The problem of unsolicited email (or “spam” as its commonly referred to) continues to grow. For many people, the number of junk messages they now receive promoting sexual aids, get rich quick schemes or pleas to help fictious deposed African leaders, has overtaken the number of legitimate messages they receive. Not only does the arrival of such messages create a distraction during the work day, but the apparent increase in the last few months has been overwhelming many email delivery systems, causing a general slow down in the transmission of legitimate messages.
Some US states, such as California, have passed anti-spam legislation. There is also a US federal bill being considered, The Can Spam Act of 2003. These legislative responses typically prohibit senders from disguising their identities or including deceptive subject lines. Penalties can include huge fines or even prison terms.
The California law, due to take effect on January 1, 2003, takes an “opt-in” approach, similar to what the European Union as adopted. This is the contrast to the “opt-out” approach taken by the proposed federal bill. The California bill makes it illegal to send an email to an email address utilized by a resident of, or accessed from California unless the sender has a preexisting relationship with the sender or has been given direct consent. Violations allow recipients to sue for damages of US$1,000 per unsolicited message. Legitimate businesses all over North America are scrambling to vet their email lists before the end of the year.
Legislative measures, while welcomed by most businesses and users, won’t totally eliminate the problem because certain types of messages will still be allowed and because many spammers can use foreign servers. Consequently, many users have been turning to technical means to deal with the problem.
One option for dealing with the problem is to set the very basic (but often, not very effective) spam filtering options available in email programs such as Microsoft Outlook. These can often be configured to filter incoming messages based either on keywords contained in the messages or based on the identity of the sender. Although Outlook ships with a default list of keywords that can be used to screen for spam, larger and more effective lists are available on the Internet and can be installed as a replacement to what Microsoft provides. The keyword approach can typically catch 30-50% of spam messages. Filtering based on the identify of the sender is usually not effective as most spammers will use a different email address each time they send out a broadcast.
A step beyond the built-in anti-spam functionality built into certain email programs is to install any one of the dozens of programs now available which work in conjunction with a user’s email programs to provide added features and more sophisticated functionality. Programs of this type are available either for installation on the user’s PC or on the organization’s mail server.
The premium approach, being increasingly adopted by many organizations, including larger law firms, is to outsource spam control to a third party filtering service. Due to the large volume of emails processed by such service providers, they are better able to see patterns and detect spam. In addition to filtering spam, most also offer a virus scanning capability. Some also offer additional features, like the ability to send a copy of incoming messages to user’s cell phones as an SMS message. This is a handy capability for those of us who are still walking around without a Blackberry and don’t want to lose touch while traveling or during all day meetings outside the office.
Some of the outsourced antispam services hold onto any messages identified as potential spam, requiring the customer to periodically log in and review the list of captured messages. Other services insert a special flag in the header portion of such messages and then forward them onwards to the recipient. The recipient can then run a filter in their email program to automatically move any such flagged messages into a designated folder on their on system for periodic review. The later can be easily accomplished by setting up a rule in Microsoft Outlook.
In either case, it is prudent to not simply automatically delete messages identified as spam but rather to set up a once a day routine to skim through them. This 30 second process can help ensure that legitimate messages are not inadvertently ignored. Most antispam filtering services and software will also usually provide the user with the ability to define how aggressively they want the system to filter the incoming messages.
Based on personal experience, the above approaches can help eliminate 80-90% of the unwanted emails. An option offered by some programs is the ability to require verification of any message coming from a sender who is not in the recipient’s address book. The program sends back an email to such senders asking them to confirm that they sent the original message. Unless such a confirmatory email is received, the original message is flagged as spam and not delivered. This step, which only needs to be done once per sender, is effective because most spam messages are sent with forged or non-existent return addresses or by automated systems which cannot respond to such requests.
An important rule to follow for junk email is to delete such messages without opening them. This also means turning off any automatic preview functionality provided by email programs such as Outlook. A trick used by many spammers is to send their messages invisible embedded codes (called Web bugs) that “call home” when the message is viewed. This technique is used to tell the spammer that the email address is valid and can be used again (or sold). Outlook 2003, which was just recently released, has been updated to block such code.
Comments
