Top Document: The Email Abuse FAQ, Version 2.02
Previous Document: 2. Basics
Next Document: 4. Actions
See reader questions & answers on this topic! - Help others by sharing your knowledge
3a. When is it email, and when is it email abuse? Email is a tremendously powerful communications tool, used by millions of people in thousands of positive ways. Unfortunately, such a powerful tool has the potential to be used in other, less productive, ways. Someone sending email incurs no incremental cost; sending one message costs about the same as sending 100 messages. Some folks use this feature of email to send messages to thousands, even millions, of people at once. These are usually advertisements, sometimes sermons on the sender's favorite topic, sometimes pleas for financial assistance or scams intended to defraud the unwitting. Almost all of these messages go to people who did not ask to receive them. Also, some people use email in denial-of-service attacks, using various methods to flood someone's emailbox with so many messages that their email becomes unusable. These are examples of abuse -of- the email system. Also, it is possible to impersonate, threaten, disparage, or otherwise harass someone via email. These are examples of abuse -on- the email system, and are not the subject of this FAQ. Notable exceptions to bulk email abuse are legitimate mailing lists, where people subscribe to receive messages pertaining to a particular subject. These lists can be large, and they can account for large numbers of messages being sent, but they are in no way abuse of the email system. Quite the opposite, in fact - they are a perfect example of the productive power of email. 3b. What is 'unsolicited email'? Unsolicited email is any email message received where the recipient did not specifically ask to receive it. Taken by itself, unsolicited email does not constitute abuse; not all unsolicited email is also undesired email. For example, receiving 'unsolicited' email from a long-lost friend or relative is certainly not abuse. The reason that it is defined separately is that email abuse takes several forms, all of which begin with the fact that the email received is unsolicited. NOTE: Usenet convention holds that, by posting to a newsgroup, one is tacitly soliciting individual, *topical* replies via email. The following are examples of soliciting email: - posting to Usenet or saying in a chat group: "please send me e-mail about foobars" - sending email to an advertised auto-reply address: "for more information, send email to firstname.lastname@example.org" - filling out a web form which explicitly mentions email: "fill this out to get email about foo" "fill this out to get on the mailing list about foo" "check this box to get on the foo mailing list" The following acts DO NOT, by themselves, constitute 'soliciting' email: - just posting a message to a Usenet newsgroup or any other public forum (although individual, *topical* replies to Usenet posts are have long-standing status as normal Usenet practice) - chatting in IRC or other chat groups - simply visiting a web site - filling out a survey form at a Web site *that does not explicitly say it is for mailings* - putting one's email address on any other form, such as product registrations or magazine subscriptions - posting one's email address on a web page (web page authors should clearly specify the reason an email address appears on the page) - entering into a business relationship or conducting a business transaction; for example, purchasing a product or service from a company, or downloading a free trial version of a software product from a web site. 3c. What is 'bulk email'? Bulk email is any group of messages sent via email, with substantially identical content, to a large number of addresses at once. Many ISPs specify a threshold for bulk email: ----- 25 or more recipients within a 24-hour period ----- Once again, taken by itself, bulk email is not necessarily abuse of the email system. For example, there are legitimate mailing lists, some with hundreds or thousands of willing recipients. 3d. What is 'commercial email'? Commercial email is any email message sent for the purposes of distributing information about a for-profit institution, soliciting purchase of products or services, or soliciting any transfer of funds. It also includes commercial activities by not-for-profit institutions. 3e. UBE, UCE, MMF, MLM... What do they all mean? First, a short lesson on the term 'SPAM'. Spam describes a particular kind of Usenet posting (and canned spiced ham), but is now often used to describe many kinds of inappropriate activities, including some email-related events. It is technically incorrect to use 'spam' to describe email abuse, although attempting to correct the practice would amount to tilting at windmills. For more on the history of the term, look for '2.4) Where did the term 'Spam' come from?' in <http://www.cybernothing.org/faqs/net-abuse-faq.html> UBE: Unsolicited Bulk Email Email with substantially identical content sent to many recipients who did not ask to receive it. Almost all UBE is also UCE (see next). UBE is undoubtedly the single largest form of email abuse today. There are automated email sending programs that can send millions of messages a day; the bandwidth, storage space, and time consumed by such massive mailing is incredible. One month's worth of mailings from one of the most nefarious bulk email outfits was estimated at over 134 gigabytes, yes that's right, gigabytes. Each message was sent over the email wires, consuming bandwidth. Then, each message was either stored locally or 'bounced' back to the sender, taking up storage space and even more bandwidth. Finally, each boxholder was forced to spend time dealing with the message. These are all legitimate, measurable costs, and they are not borne by the sender of the messages. UBE is, at best, exploitation of email for profit; at worst, theft. There are currently few regulations regarding UBE; the potential for growth is open-ended. All by itself, UBE could render the email system virtually useless for legitimate messages. Some would argue that there is such a thing as 'responsible' UBE; those who honor 'remove' requests and use the lists on 'Remove Me' or 'No Spam' web sites would fit their description of 'responsible'. However, due to the types of messages contained in most UBE, and the historic lack of responsibility on the part of the sending organizations, UBE and UCE have earned a reputation as tawdry, widely unpopular methods of disseminating information. UCE: Unsolicited Commercial Email Email containing commercial information that has been sent to a recipient who did not ask to receive it. This is widely used, and confused with UBE, (see above). UCE must be commercial in nature but does not imply massive numbers. Several ISPs specify a threshold for unsolicited commercial email: ----- sending one UCE is a violation ----- In a specific case, individuals took offense at having been sent commercial messages regarding their web sites. Their addresses were posted for the purpose of comments and suggestions about the site; the messages received were commercial offerings to buy ad space on the site or sell something to the site maintainer. MMF: Make Money Fast Messages that 'guarantee immediate, incredible profits!', including such schemes as chain letters. Originally a problem in "snailmail" and on Usenet, these messages are now expanding into email. Chain letters and most MMF schemes are illegal, regardless of any claims they might make to the contrary. They should be reported to the proper authorities. Also, chain letters and MMFs don't work! No one sends the 5 dollars, and claims of unlimited wealth made by people who then ask -you- for money should be taken with a large grain of salt. Many chain letters and MMFs are sent by clueless college freshmen - a note to the administrator of their system is often sufficient to cure them. For the more serious offenders, the US Post Office, Inspection Service - Consumer Fraud Division, *loves* to hear about chain letters! Send any sightings to email@example.com, and see their web page at <http://www.usps.gov/websites/depart/inspect/consmenu.htm> MLM: Multi-Level Marketing Messages that 'guarantee incredible profits!', right after you send them an "initial investment" and recruit others. Some of the MMF senders will say, "This isn't one of those illegal get-rich-quick schemes. No, this is multi-level marketing, and perfectly legal." However, many MLM schemes are little more than illegal pyramid schemes with a fancy name to confuse the unwitting. Particularly popular recently are "Work at Home!" schemes. Whether or not the offer is legal is not important to this FAQ; MLM is commercial email, so go ahead and complain. 3f. What is a mailbomb? Delivery of enough email to a mailbox to overload the mailbox or perhaps even the system that the mailbox is hosted on. Mailbombs generally take one of two forms. A mailbox might be targeted to receive hundreds or thousands of messages; this makes it difficult or impossible for the victim to use their own mailbox, possibly subjects them to additional charges for storage space, and might cause them to miss messages entirely due to overflow. This is seen as a denial-of-service attack, perhaps also harassment, and is not tolerated by any known service providers. Alternatively, a message will be bulk-emailed, with the intended victim's address forged in the From: and/or Reply-To: lines of the headers. The victim is then deluged with responses, mostly angry. There is a third, particularly nasty, form of mailbomb. This one forges subscription requests to many mailing lists, all for one recipient. The result is a huge barrage of email arriving in the victim's email box, all of it unwanted, but "legitimate". Many mailing list administrators are countering this form of abuse by sending a confirmation email to each subscription request, which must be returned in order to be subscribed to the list. 3g. What is email harassment? Any message or series of messages sent via email that meet the legal definition of harassment.