L-Soft L-Soft
ProductsDownloadSupportCorporateCustomersNewsContactContact L-Soft
Print Page

About Spam

Spamming is an Internet term invented to describe the act of cross-posting the same message to as many mailing lists as possible, whether or not the message is germane to the stated topic of the mailing lists that are being targeted. It also refers to unwanted email solicitations sent to an individual whose email address has fallen into the wrong hands. We hope you find the following information regarding this issue helpful.

The Basic Facts of Spamming
L-Soft's Official Policy Regarding Spam
About LISTSERV's Spam Filter
How to Respond to a Spam

From the LISTSERV List Owners' Manual

Spamming; What it is and what to do about it
How NOT to advertise a mailing list

The Basic Facts of Spamming

Spamming has become a commercial industry. There are books telling you everything you need to know to make a "successful" spam, and there are companies that will spam millions of people for a fee (usually a few hundred dollars).

The basic facts of spamming are that:

  • Anyone can spam: Anyone with Internet access can spam. It is impossible (as well as undesirable) to control who does or does not have the right to use the Internet, so there is nothing you can do to prevent people from sending out spam over the Internet.
  • In most countries, spamming is still legal (unfortunately): There is legislation in some countries that aims to prohibit unsolicited bulk email, but to date, most forms of spamming break no laws. As long as this activity remains legal, there can be no fine or other punishment for spammers. This is a very profitable, if disreputable, form of advertisement, so one can safely assume that it will only grow unless comprehensive legislation is passed that clearly defines the rules and legal consequences for violators.
  • People spam because it actually works: If spamming did not turn up any sales, it would have died out a long time ago. Unfortunately, people are actually buying from the companies that spam, making spam the most cost-effective form of advertisement currently available. As long as this remains the case, companies will use it. As a proof of concept, you will find that (real-world) junk mail and telemarketing are virtually non-existent in some European countries for the very simple reason that people do not buy when solicited in this fashion.

The first point is pretty much a given. In countries where freedom of speech is taken for granted, restricting Internet access is simply not an option. So, the key issues are in the second and third points. The third point is the most irritating but probably very difficult to change. People who react positively to junk snail-mail and telemarketing will probably do the same with junk email. Only a fundamental change in people's habits could turn spam into a non-business, and this will not happen overnight.

Anti-spam legislation?

The only credible solution seems to be in the legal arena. Most countries have existing legislation to regulate phone and fax solicitations to ensure that people are not harassed by greedy salesmen and that they never need to bear the costs of the advertisements they are sent. There is no reason, at least in theory, why these laws could not be extended to cover electronic media. For instance, most countries require telemarketers to clearly identify themselves and the companies that they represent and to provide a mechanism for customers to request not to be called again. This makes it possible for people to tell telemarketers to leave them alone, something that is not currently possible with spammers as many of them send their solicitations under forged email addresses and ignore recipient requests to be removed from future mailings. In fact, such requests often lead to even more spam as this action only confirms to the spammers that the email address is active and that someone is actually opening the messages.

Similarly, in most countries it is illegal to advertise in a manner that would force the recipient to bear part of the cost of the advertisement. Today, the spam companies only pay a tiny fraction of the cost of delivering their advertisement. In most cases, the bulk of the costs are borne by the victims, who incur hourly connection charges to download the advertisements. Even in cases where hourly connection charges do not apply, such as businesses that have broadband Internet connections, having to clean out one's email inbox every morning and weeding out the spam from legitimate business messages takes time and results in a significant loss in employee productivity.

The future of spamming – short vs. long term

To conclude, when you get down to the basic facts, spamming is here to stay until legislation is changed to recognize the fact that this form of advertisement is unfair to the recipient, who needs to bear most of the costs of the advertisement and does not even have a mechanism to stop future occurrences as the messages are sent from a forged origin and requests to be removed from future mailings are ignored. Unfortunately, legislative changes will not happen overnight.

The hard reality, however, is that people do not want to be subjected to large volumes of spam at their expense, so something is bound to be done to restrict spam, sooner or later. Imagine what would happen if, every day, you found 100 advertisements in your mailbox, all coming from randomly generated (but valid) bogus addresses that you cannot filter out. And why should the spammers stop at 100? If spamming becomes a successful business, thousands of new companies will be started every year to "develop this new marketing concept." In a matter of months, you may find that there are not 100 but 1,000 new advertisements in your mailbox every day. The Internet would become completely unusable, and you would not be able to get your work done. The legal system would not be able to ignore the situation. To a large extent, the reason very little has happened so far is that the issue has not been taken seriously enough because there haven't been enough spam to create a major disaster on the Internet.

Current legislation

Fortunately, things are starting to change. The perception of spam as a major nuisance and a serious threat to legitimate Internet commerce has prompted lawmakers to take notice. In July 2002, the European Parliament passed the Directive on privacy and electronic communication, which contains an opt-in law that states that the recipient's permission must be obtained prior to sending promotional email, with certain exceptions. In brief, the decision makes it unlawful to send email messages to what is referred to as natural persons (essentially B2C communication) without the recipient's explicit consent within the European Union. Unsolicited communication to recipients other than natural persons (essentially B2B communication) will still fall under the current opt-out legislation. The responsibility of enforcing the law falls on each member country. The law, which must be implemented in all EU member countries no later than October 2003, also says that recipients, regardless if they are considered natural persons, must be given the opportunity to opt out from future mailings in each email message. This law is a step in the right direction in creating clear rules and guidelines. It is, however, unclear how big of an impact the law will have since most spam does not originate from EU member countries. It is, hence, important that legislative bodies in other countries follow suit.

For more information about the EU Directive on privacy and electronic communication, see
http://europa.eu.int/eur-lex/pri/en/oj/dat/
2002/l_201/l_20120020731en00370047.pdf (Article 13)

In the United States, the first federal law designed to curb spam, the CAN-SPAM Act, took effect on January 1, 2004. The law, which supersedes and pre-empts provisions of many state laws, is essentially an opt-out law as opposed to the opt-in B2C component in the European Union. The CAN-SPAM Act requires that unsolicited commercial email be labeled and that opt-out instructions and the sender's physical address must be included in such messages. The law prohibits the use of deceptive subject lines and false headers and also spells out penalties for spammers and companies that violate the law.

For more information about United States spam legislation, visit http://www.spamlaws.com.

L-Soft's Official Policy Regarding Spam

Because L-Soft is the company that licenses the LISTSERV® software, and because LISTSERV's scalability and cost-effectiveness for the delivery of bulk email make the use of our software very desirable to potential spammers, spamming has become a critical issue for us. L-Soft strongly urges all mailing list software users to send mail only to those individuals who have given explicit permission to have their names added to the mailing list in question, so called opt-in.

L-Soft has turned down many sales to companies that were known to engage in unsolicited mass mailing. Unfortunately, we do not always know in advance how customers plan to use our software, and we may not always be in a position to legally refuse to make a particular sale.

Why it sometimes looks like a spam is coming from L-Soft

Occasionally, someone will report a spamming incident to us and suggest that the spam originated at our site. We are definitely not in the business of spamming, and we do not want our software to be used to send unsolicited email messages. As a matter of fact, spamming is the single largest threat to our business because it makes people want to refrain from using mailing lists and buying our products.

Furthermore, L-Soft is not an Internet Service Provider. We do not sell Internet access or shell accounts. The reason some spam may appear to have originated from our domain is that we deliver a lot of traffic on behalf of some of our customers, and also as a public service to the BITNET academic community. The sites in question run LISTSERV lists on their mainframe systems, and we deliver their mail using LISTSERV's "DISTRIBUTE" function and our high-performance software. L-Soft delivers more than 10 million messages on a typical business day.

If a list at one of the BITNET sites using our free mail delivery service gets spammed, our machines will deliver the spam and leave a trace in the "Received:" lines. This is sometimes the first "Received:" line because it is common for people to configure their lists to eliminate "Received:" headers before reposting the message. Again, we do not sell Internet access in any form. People cannot possibly spam from our site because only employees and business partners have accounts on our machines.

For more information about the right way to conduct opt-in email marketing, see the L-Soft white paper titled, "Successful email Marketing Practices" at http://www.lsoft.com/resources/wp-email-marketing.pdf.

About LISTSERV's Spam Filter

We are actively developing technology to filter out spam from LISTSERV lists. The first version of LISTSERV to include a spam filter, version 1.8b, was released in May 1995. This spam filter proved very effective in detecting spamming attempts but did not always react quickly enough to catch the first few occurrences of the spam, especially if the spam was sent during peak hours or while a major network hub was down. In other words, some spam "leaked" through the original (1.8b) version of the detector. We are continuously improving the spam filter and in particular its detection speed. Version 1.8e appears to be able to catch most spam from the very first copy. Version 14.3 added several more spam control enhancements, including the ability to connect LISTSERV to third-party spam filters, which can scan all messages processed by LISTSERV.

How does it work?

LISTSERV attempts to detect spam using a variety of proprietary methods, none of which are keyword based. To LISTSERV, a spam is a message that is being sent to a lot of mailing lists in a very short time frame. It does not matter whether it is an advertisement for an adult gift shop, a racist pamphlet or an invitation to a conference in a tourist resort. There are many advantages with this approach:

  • The spam filter does not need to be programmed and will catch new or infrequent types of spam just as easily as the more common "make money fast" types. And, of course, it will work even if the spam is not in English.
  • The spammer cannot defeat the filter by deliberately misspelling catch phrases such as FREE or INCREDIBLY LOW PRICE.
  • Legitimate messages that happen to trigger one of the catch phrases are not rejected.
  • The spam filter does not infringe on freedom of speech. All subjects can be discussed freely, with the technical restriction, however, that massive cross-posting is not allowed. The spam filter does not implement an automated moderation scheme and does not increase the host site's liability for opinions expressed on the mailing lists it is sponsoring.

When LISTSERV decides that a message is spam, it locks out the sender for 48 hours – worldwide in the case of "backbone servers". While locked, the user is still able to use LISTSERV normally and to post to mailing lists, but all messages will be forwarded to the list owners for human verification. The user is informed that this has happened but is not informed which lists caught the message and which didn't, denying him any information on how successful he has been.

L-Soft will not document the algorithms used by the LISTSERV spam filter because this would make it much easier for spammers to defeat the spam detector. There are now a number of books giving clear, step-by-step instructions on how to create and send spam.

How to Respond to a Spam

If spam gets through to your list, it will probably engender sarcastic replies (often with the spam quoted in its entirety) – and these replies will often be posted back to the list. It is, therefore, imperative that you make subscribers aware that when a spam occurs:

  • The person responsible for the spam is probably not subscribed to the list and, thus, any response back to the list will fail to reach the offender.
  • An appropriate response to a spam is to forward a single copy of the spam to the person in charge of the site from which the spam originated ("POSTMASTER", "root", etc.), pointing out that the spammer is probably violating the site's appropriate-use policies.
  • It is inappropriate to attempt to flood the spammer's mailbox with network mail in response. This is probably in violation of your network's appropriate-use policies, and it just wastes bandwidth.

Perhaps the best policy an individual subscriber can adopt toward spammers is to simply ignore them, leaving the problem in the hands of list owners and newsgroup moderators, who usually have more Internet experience. If this does not work and subscribers send their complaints to the list anyway, it might be a good idea to moderate the list for a few days until the furor dies down.

Finally, we would like to propose the following guidelines for reacting to unwanted solicitation on or off your lists:

  • Do not flame on the list. The spammer is probably not subscribed, so you would just be adding to the noise level.
  • Remember the name of the company that sent you the ad, and make sure never to buy anything from them. Call their corporate headquarters and let them know how much the spam upset you. In many cases, the companies whose products are featured in the spam acted out of ignorance and genuinely did not know that this form of advertisement was not appreciated. Educating them will make the spam company lose a customer.
  • Do not bother flaming the spammer. By the time you read the spam, the account will already have been closed, assuming it isn't a bogus account to start with. At any rate, the spammer will not bother reading people's indignant replies. Spammers are usually well aware of what they are doing and are totally indifferent to your feelings. Replying is just a waste of your time.
  • Do not flame the service provider. It is easy to say "You shouldn't be allowing people like so-and-so to get an account," but this is impossible to implement in practice. Just as L-Soft cannot do much to monitor and control how individuals use our software once they license it, it is equally difficult for an Internet Service Provider to control what customers do with their accounts. There are unscrupulous people on the Internet, just as there are in the rest of the world, and there isn't much anyone can do about it because until they speak up, they're just an email address like any other. The same goes with spammers.
  • Do not press the service provider for assistance in "tracing" the spammer. In most countries it would be unlawful for them to release this kind of information to you. However, the spammer probably provided a snail-mail address or phone number in his message, or some other contact point to place orders. If you really want to find out more about him, this is a good starting point, and it places you squarely in the realm of real-world law, which is well understood by lawyers and judges.
  • If you want to inconvenience the spammer in retaliation for the inconvenience you have suffered, by all means do go ahead, but not over the Internet. Mail-bombing the provider's Postmaster address will inconvenience the provider, not the spammer, and in most cases the provider is a victim, just like you. It's going to cost them thousands of dollars in wasted manpower just to discard all the flamage they will receive. Instead, what you should do is use the real-world contact info that was provided with the advertisement. This will actually reach the spammer because this is where he is hoping to receive the checks. Yes, it means you will have to use a real-world communication medium, but that's your only option. The hard reality is that complaining over the Internet will accomplish nothing. After sending the ad, the spammer is gone from the Internet. Orders will be placed using real-world methods, and that is your only means of reaching the spammer from then on.
  • When accusing people or companies in public, make sure to check your facts carefully before pressing the "Send" button. Remember how spamming works: The spammer abuses the computer resources and manpower of hundreds of thousands of sites worldwide to deliver the advertisement. The victims are you, us, and just about everyone on the Internet. Yes, even people whose name or hostname is mentioned in the mail header are likely to be victims; spammers have no qualms about forging email addresses, and even when they don't, it still doesn't mean the parties involved had knowledge of the spammer's activities or will share the profits.

So, if you have to make an assumption, it should be that the people involved in the delivery of the message are victims, just like you, except that the spam will waste even more time for them than for you. The last thing you need, when you have just spent four hours answering spam complaints from (other) victims, is to see a message where someone accuses you and your employer of being the mastermind of organized spamming and suggests that someone should send the FBI to your house and have you put under arrest, with dozens of messages agreeing with the previous one or suggesting even more barbaric forms of punishment.

In fact, such messages are taken seriously by some of the people they target and may result in serious psychological trauma. They may also result in a lawyer or police officer giving you a phone call, when you did not really mean what you were typing. So far spamming has yet to result in human death; please, let's keep it that way.


LISTSERV is a registered trademark licensed to L-Soft international, Inc.
All other trademarks, both marked and not marked, are the property of their respective owners.
See Guidelines for Proper Usage of the LISTSERV Trademark for more details.

Related Links


Resource Center
Technical Support
Renewals
Manuals
FAQs
White Papers
Glossary
Opt-In Laws in USA, EU
LISTSERV Community

L-Soft Newsletter
Tech Tip Archives

Receive Product Update Alerts by Email
LISTSERV CommunityLISTSERV Choice AwardsLISTSERV at Work NewsletterLegalSite Map