Maintainer: James Farmer <firstname.lastname@example.org>
See reader questions & answers on this topic! - Help others by sharing your knowledge
========================================================================== An FAQ For news.admin.net-abuse.email Part 2: The Evils of Spam ========================================================================== TABLE OF CONTENTS Recent Changes Disclaimer Preface 2.1 The Problem with Spam 2.1.1 What are UBE and UCE? What is SPAM? 2.1.2 Why is spam a problem? 2.2 Advertising by Email 2.2.1 I want to advertise my business using bulk email! How can I do this? 2.2.2 Is it okay to spam if I use a remove list? 2.2.3 What if I use a global remove list? 2.2.4 What's opt-out? Opt-in? Confirmed/Double/Raspberry Opt-in? 2.2.5 What methods of opting-in are the best? 2.2.6 We bought an opt-in list but people still said we were spamming. What gives? 2.2.7 Our opt-in mailing list is contaminated with non-opted-in addresses. Can I send one last mail to its members asking them if they want to remain? 2.2.8 Are there other ways to market on the Internet? 2.3 Legal Issues 2.3.1 Is spam illegal? 2.3.2 What's this about an American law legalising spam? 2.3.3 Isn't spam protected by the First Amendment? 2.3.4 Can I get legal advice in this newsgroup? 2.4 Spammers 2.4.1 Spammers all live in trailers and eat KFC, right? 2.4.2 Spammers don't make any money, right? 2.4.3 Spammers are all scumbags, right? 2.4.4 But some spammers are scumbags, right? 2.5 Organisations 2.5.1 What is "The DMA"? 2.5.2 What is "CAUCE"? 2.5.3 Who is "MAPS"? Credits Use Policy ========================================================================= --------------------------- RECENT CHANGES ------------------------------ ========================================================================= Linked to http://www.whyspamisbad.com/ and http://www.efuse.com/Grow/direct_email_marketing_.html. Plus links to interesting articles at http://www.latimes.com/business/cutting/features/lat_junk010503.htm Slight change to 2.3.3 ========================================================================= ------------------------------- DISCLAIMER ------------------------------ ========================================================================= The following document should, where not otherwise stated, be understood to represent the opinions and beliefs of the FAQ-maintainer only. I endeavour to ensure that these opinions and beliefs are as correct as possible, but take no responsibility for any problems caused by errors herein. This document should not be considered to represent the opinions of any individuals or organisations other than the FAQ-maintainer. Please note that in this document, "we" is intended to collectively refer to all regular or semi-regular posters to the news.admin.net-abuse.email newsgroup, including those of all persuasions, and should not be read as indicating the existence of a "clique" comprising persons of similar viewpoints. ========================================================================= -------------------------------- PREFACE -------------------------------- ========================================================================= This is one of three documents I have compiled to comprise an FAQ for the news.admin.net-abuse.email newsgroup. Each document addresses points in a given area, specifically: The SPAMFIGHTING OVERVIEW offers a taste of the many techniques people use to fight spam. The objective isn't to teach you how to fight spam (there are many far superior documents that do just this), but rather to introduce some of the techniques you can use and refer you to some more detailed works. THE EVILS OF SPAM covers the more ethical, moral, and legal aspects of spam, including just what constitutes spam and the types of people who become spammers. UNDERSTANDING NANAE aims to introduce all of the weird, wonderful, and sometimes impenetrable terminology that people use in news.admin.net-abuse.email (nanae). It covers both colloquialisms (e.g. "chickenboner") and technical terms (e.g. "direct-to-MX"). These three parts are designed to stand alone and don't have to be read in order; feel free to pick and choose just the bits you're interested in. These documents shouldn't be considered to be "the" FAQ, as there are plenty of other FAQs that are superior in insight, detail, or depth of coverage. They are just an FAQ that I hope will answer some questions that have been troubling you. These documents are currently maintained by James Farmer. If you have any suggestions for additions or corrections, then feel free to send an email to email@example.com The latest versions of all of these documents can always be found at <http://www.twinlobber.org.uk/antispam/faq/> ========================================================================= ----------------------- 2.1 THE PROBLEM WITH SPAM ----------------------- ========================================================================= 2.1.1 What are UBE and UCE? What is SPAM? These are all types of email abuse; that is, abuse _of_ the email system. They differ from abuse _on_ the email system (e.g. stalking, sexual harassment) in that they endanger the usability of electronic mail as a communications medium. UBE stands for "Unsolicited Bulk Email" and is an email message that is: (a) Unsolicited i.e. it wasn't explicitly requested by the recipient and (b) Bulk (or Broadcast) i.e. substantively identical messages were sent to a non-trivial number of recipients To put it another way, UBE is most of the junk email messages that plop into your email box every day. UBE isn't necessarily advertising, and emailed advertising is not necessarily UBE (advertising isn't UBE if you request it, or you knowingly request something that it is attached to, for example), but most UBE is advertising (because advertisers are the ones with the most interest in making you see something you don't necessarily want to). UCE is often used as an alternative to "UBE" - it stands for "Unsolicited Commercial Email". Which term you prefer is largely a matter of style. UCE is easier to prove than UBE - it's easier for one individual to see if an email is commercial in nature than to see if it is sent in bulk - but UCE doesn't necessarily endanger the email system if it isn't UBE. Of course, as a spam-victim, you will probably be in no place to judge whether a suspected spam you received really was sent in bulk, as you'll only get one copy of the spam yourself. For the most part, this doesn't matter, as you can make a jolly good guess based upon what it looks like and whether you solicited anything like it. Unsolicited advertising is rarely sent individually. As the saying goes, if it waddles like a duck and quacks like a duck then it probably is a duck. While almost all UCE is also UBE, the converse is not true - there are whole classes of UBE that are not UCE, such as: * Political - politicians love to make direct contact with the electorate. Many of them will see UBE as an ideal medium for this. * Charitable - the world's worthiest causes need our help. Many charities don't understand the issues surrounding bulk email and might think it'd be okay to send UBE requesting donations. * Religious - there is no shortage of people preaching the end of the world and repentance as the only salvation, and seeing UBE as an ideal way to reach a large number of sinners. Five minutes spent thinking about this will throw up plenty more examples. SPAM is a tasty luncheon meat produced by Hormel (<http://www.hormel.com>). Spam (note capitalisation differences) is a colloquial term with a large and sordid history; in news.admin.net-abuse.email it is generally used as a synonym for UBE or UCE. The subtle differences between these terms can be confusing, but for the most part UBE and spam can be equated and UCE considered a subset of them. Other people may have different definitions. For example, some maintain that spam is any unsolicited, non-personal email. Most definitions are broadly compatible but differ in a few places around the edges. RELATED LINKS The Email Abuse FAQ <http://members.aol.com/emailfaq/emailfaq.html> A spam Primer <http://www.spamfree.org/spamprimer.html> The Net Abuse FAQ <http://www.cybernothing.org/faqs/net-abuse-faq.html> EuroCAUCE FAQ: The Definition of spam <http://www.euro.cauce.org/en/faq.html#Q16> Hormel's Policy on spam and SPAM <http://www.spam.com/ci/ci_in.htm> 2.1.2 Why is spam a problem? Many spammers (senders of spam) try to equate junk email with junk postal mail. However, there are several important differences: * Junk postal mail is free to the recipient, whilst junk email must be paid for by the recipient. (Many people pay per-minute for Internet access, and spam means more mail to retrieve means more time online. Also, many ISPs have had to install extra capacity and employ extra staff in order to cope with spam, the money for which is raised by increased subscription charges for the subscribers.) Junk faxes are a better analogy than junk postal mail. * Junk postal mail won't stop your legitimate mail from being delivered. However, many people still have limited sizes (quotas) of emailboxes; the more spam that they receive the less space there is for legitimate email. And if their email box is full of spam, any legitimate email sent to them will be lost. Junk email can also cause loss of legitimate email by overloading mailservers. * Junk postal mail scales, because there is a significant cost for sending each individual junk mail - i.e. the cost of printing, the cost of the paper, the cost of postage, the cost of the envelope-stuffer to put everything together. This forces the junk mailer to send only to a relatively small number of people - it simply isn't economical to send mailshots to everyone in the country. In contrast, junk email is nearly free for the sender, which means that it doesn't scale. There's nothing to discourage every business in the world from sending spam to every person in the world. Sound silly? Think about it for a minute... imagine you're going to send a junk email advertising your pizza parlour in New York, and you've got a list of email addresses for people all over the world that you've harvested from newsgroups/bought on a CD/whatever. How long will it take to extract from the list just the ones in New York? In fact, how long will it take to just weed out the non-American addresses? How much will it cost? A lot, a LOT more than it'd cost just to send your spam to every address on that list, local or not. So which option do you choose; the expensive one or the cheap one? Now imagine that, say, 10% of the other businesses in America are doing the same thing. How many junk email messages do you think the average Internet user would receive every day if this happened? The answer is in the thousands. * Many people feel spam to be a violation of their privacy. Many people are now too afraid of getting more spam to use their email address in public - which is clearly not a good situation as these people are being driven away from the kinds of social intercourse the Internet had grown to facilitate. People's trust in the system has been broken down by spam. So spam is a bad thing. And that's not even considering all the other problems associated with spam (crashed mailservers, scams, pornography adverts sent to children, etc)... RELATED LINKS SPAMJAMR's Spam Numbers and Spam Facts <http://angelfire.com/co2/spamjamr/index2.html> Frederick's Spam Arguments (three links about half-way down the page) <http://hometown.aol.com/frederi108> Spam Costs Everybody <http://www.efuse.com/Grow/postage_due.html> The Spam Maths <http://www.twinlobber.org.uk/antispam/maths.html> CAUCE Does the Math - Why Can't the Marketing Industry? <http://www.cauce.org/pressreleases/math.shtml> What Bill Gates Thinks of Spam <http://www.microsoft.com/billgates/columns/1998Essay/3-25col.asp> Why Spam is Bad! <http://www.whyspamisbad.com/> ========================================================================= ------------------------ 2.2 ADVERTISING BY EMAIL ----------------------- ========================================================================= 2.2.1 I want to advertise my business using bulk email! How can I do this? (For simplicity, I'm not going to cover ideas like sponsorship of Internet newsletters and the like, which, while technically advertising by email (and IMHO very good ideas), aren't really relevant to discussions on spam.) You have two choices: You can send an advert to the email addresses of people you are _sure_ have explicitly requested this advertising. This list could have been assembled by your company or it could be managed by another company who will handle sending the advert to the list for you. Or you can send spam. It's as simple as that. RELATED LINKS Good Direct Email Marketing <http://www.efuse.com/Grow/direct_email_marketing_.html> 2.2.2 Is it okay to spam if I use a remove list? No. There are several big problems with "remove" lists: 1) They have an inhumanly bad reputation because people have found that, on average, trying to be removed results in them being _added_ to more spam lists. 2) Trying to get on the "remove" list of every company out there just isn't practical. 3) Even if an email address gets removed, what's to stop it being added again later? The technical term for using a remove list is "opt-out", which will be discussed in more detail later. 2.2.3 What if I use a global remove list? Still no. A "global" remove list (i.e. one remove list used by everyone) sounds okay to start with, but when it's been tried, there have been problems: 1) All too often, when spammers have got hold of the "global remove list" they've used it as a spam list - i.e. they've purposely spammed the email addresses on the global "remove" list! This is because, of course, each and every address on the global remove list is a confirmed "real" email address being read by a real person. 2) To be effective, a global remove list would have to allow entire domains to be added. For example, anything sent to <anything>@twinlobber.org.uk will end up in my mailbox - if I wanted to be on the global remove list, would I have to add every single possible twinlobber.org.uk email address (of which there are an infinite number)? Yet if you do allow domain-wide opt-out then immediately most ISPs will opt out all of their customers, which would render this solution unattractive to much of the Direct Marketing (junk mail of all varieties) industry. 3) Many people object to the principle of the thing. I didn't ask to receive spam, so why should I have to make the effort to be "removed"? Around 1998, there was a "spam summit" between a group of leading antispammers and representatives of the Direct Marketing industry. One of the results was an understanding between the two sides to develop a global remove list. This caused mass controversy in the anti-spam newsgroups, which quickly subsided as the Direct Marketers allegedly reneged on every commitment they had made. RELATED LINKS DMA RENEGES ON AGREEMENTS REACHED AT SPAM SUMMIT <http://mail-abuse.org/rbl/renege.txt> CAUCE's opinion on a Global Remove List <http://www.cauce.org/pressreleases/pr-emps.shtml> DMA to Internet: Shut Up and Eat your Spam! <http://www.mail-abuse.org/anti-dma.html> Direct Mail Double-Cross <http://www.salon.com/tech/feature/1999/11/12/spam/> DmNews - Is E-MPS a relic? <http://www.dmnews.com/articles/2001-01-08/12608.html> E-MPS - The DMA's E-Mail Preference Service <http://www.e-mps.org/> 2.2.4 What's opt-out? Opt-in? Confirmed/Double/Raspberry Opt-in? Opt-Out email marketing is similar to spam with a remove list. A company collects email addresses, sends as much advertising to them as they like, but have to remove an email address if its owner asks them to ("opts-out"). Opt-In email marketing is a system in which companies send advertising to lists of email addresses to which people are only added if they explicitly consent. Note that opt-in consent to be added to a mailing list should only be considered as consent to be added to _that_ mailing list, and not consent to be added to any other mailing lists as well. Verified Opt-In (sometimes known as Confirmed Opt-In or Complete Opt-In) is a system by which people have to "confirm" or "verify" their wish to join a mailing list if the initial request came through a non-secure channel - e.g. an email message (the sender can be trivially forged) or a WWW form (ditto). The confirmation typically takes the form of an email message containing a unique token or URL; the recipient must reply to the message or visit the URL to confirm that they really do want to be on the mailing list. Double Opt-In is the Direct Marketing community's name for Verified Opt-In, reflecting their belief that this makes it too difficult for people to join mailing lists. However, many believe that Verified Opt-In is essential for two reasons: 1) With Unverified Opt-In, anyone can "opt-in" someone else to a mailing list. (There is a common revenge tactic, known as a "list-bomb", in which you subscribe someone to a few thousand high-traffic mailing lists and watch their email box die.) 2) Given this, it is impossible to tell the difference between Unverified Opt-In and Opt-Out. If you receive an advertisement supposedly sent to a "100% opt-in" mailing list when you know you haven't opted-in, the list-owner can just say "someone else must have signed you up; here's how you can remove yourself" when you challenge them about it. Are they being honest or are they opt-out spammers? If the list is run using Verified Opt-In procedures, this situation is impossible. Opt-out is, by the way, an important component of opt-in; it should be possible for a person who has opted in to a mailing list to opt out of it at some later date. This tends to preclude opt-in lists from being passed from party to party - if you send a copy of an opt-in list to a third party, and subsequently one of your subscribers wants to be removed, how can they also be removed from the copies of that list held by the third party and anyone they might have passed the list to? Many proponents of opt-in email marketing have stated that it produces a vastly superior response-rate than purely opt-out email marketing. Other people will have their own definitions of these terms which differ somewhat from those I've described here (e.g. <http://www.permissionmail.org/glossary.html>). As ever, the FAQ-maintainer advises you to read around. RELATED LINKS MAPS Basic Mailing List Management Principles for Preventing Abuse <http://www.mail-abuse.org/manage.html> Draft Recipient Choices for Permission-Based Email <http://www.permissionmail.org/choices.htm> 2.2.5 What methods of opting-in are the best? Always a good favourite for an involved discussion is just what opt-in means beyond the typical setup of a mailing list. Let's look at a few examples: * Example.com is an ISP that decides to send regular advertising messages to their customers. Is this spam? No, it's not spam because they own the email addresses. Their customers are perfectly free to opt-out of this advertising by finding another ISP. Example.com may choose to run a traditional opt-out system with a remove list for customers who don't want to receive this email, or they may decide not to. But is this opt-in or opt-out? IMHO, it's certainly not wrong so it doesn't really matter. * Example.com is an online shop that decides to send regular advertising messages to their current and past customers. Is this spam? This is a good one. Does the existence of a past relationship imply a solicitation of future promotional material by email? Various online shops have dipped their toes into this water and some have jumped straight in, but the consensus of opinion on this newsgroup is that it is spam... _unless_ the online shop made it clear to you at the time they acquired your email address that you would receive such promotional material. But is this opt-in or opt-out? As written above, it's clearly not opt-out, as the buyer doesn't have a method of stopping the flow of mails. Is it opt-in? Well, if the buyer knew the promotions would be arriving before they signed up then they certainly opted-in at that point, but this takes no account of the fact that the buyer may well change their mind later. Opting-in shouldn't be considered as permanently binding unless this itself is explicitly stated. * Example.com is an online shop that decides to send regular advertising messages to their current customers. But they don't want to spam, and want to be ethical, so they put a notice about the promotional emails in a small typeface at the bottom of their order form and supply a selected box that the buyer can deselect if they don't want to receive the promotional emails. There are two opposing viewpoints on this issue: a) The order form clearly explains about the promotional emails and tells the buyer what to do if they don't want to receive them, and everyone should read the entirety of a page before they input any of their personal details into it, so this is okay. b) The order form is clearly structured in the hope that the buyer will fail to notice the explanation about the promotional emails, and in the event of this happening, the form is set up (checkbox ticked by default) so that the user's consent will be presumed even if the it wasn't explicitly given. This is not okay. There is no clear concensus as to which of these viewpoints is correct. As ever, you should consider the issues involved, sample the debate on both sides, and make up your own mind. * Example.com is an online shop that decides to send regular advertising messages to their current customers. But they don't want to spam, and want to be ethical, so they put a notice about the promotional emails at the bottom of their order form and supply a box that the buyer can select if they want to receive the promotional emails. In this case there is no controversy; positive action is required by the user to "opt in" to the mailing list, and if the buyer fails to notice the request for this action then it is assumed that he/she has not consented. This is opt-in, pure and simple. And because there's no attempt to trick the customer into receiving the promotional emails, they'll generally be better received, which means that the recipients will be more receptive to example.com's email promotions than would otherwise be the case. 2.2.6 We bought an opt-in list but people still said we were spamming. What gives? There are a number of possibilities: 1) What you bought wasn't a real opt-in mailing list. Be especially beware of lists that claim to be "targeted" or offer "qualified addresses" or "screened contacts". 2) The people on the mailing list had opted-in to mail from the list's original creator, but not from you. This is very common. 3) The people may have opted-in to the list but then opted-out of it between you receiving the list and you sending your email. This is why opt-in email lists shouldn't be passed around or sold. 4) The people complaining have forgotten that they signed up to the list. You or your list-supplier should be able to prove that they did sign up; however, some may still fail to believe this even when confronted with the proof. This is not uncommon. In either of the first three cases, I suggest you take it up with your list supplier... and bin that dodgy list now. In general, it is always good practice to ensure that you know exactly where the email addresses on a mailing list came from before you undertake to make use of it. RELATED LINKS Opt-In Email List Fraud! <http://www.optinnews.com/news/showart.asp?DB=NewsTable&ID=430> 2.2.7 Our opt-in mailing list is contaminated with non-opted-in addresses. Can I send one last mail to its members asking them if they want to remain? Ah; a tough one. There are two schools of thought on this: * Sending more email to that old list will be spam. Throw it away immediately, start a new list and put information about it prominently on your website. * Okay, just this once. But make sure you throw away the dirty list after the mailing and build a new one containing solely the verified opt-ins that result. Again, think things through for yourself, weigh up the pros and cons, and make an informed decision. 2.2.8 Are there other ways to market on the Internet? Yes. Email is by no means the only way to market online, just as postal mail isn't the only way to market offline. From banner ads through sponsorship and the like, to attention-gathering innovation, there's a whole host of ways you can market. Here's just a few links to get you started: Good Ways to Market on the Internet <http://spam.abuse.net/good-marketing.html> We Are Not Opposed to Commerce <http://spam.abuse.net/spam/dweebs.html> Using the Internet to Advertise Successfully (An Index) <http://www.coyotecom.com/advertise.html> Advertising, Marketing and Promotion for Free! <http://www.whew.com/on-line_marketing/> <http://www.whew.com/Spammers/freeads.shtml> <http://www.whew.com/Spammers/freesrchenglinks.shtml> Free Internet Marketing Resources <http://www.whew.com/Spammers/freemktg.shtml> Internet Marketing Tutorial <http://www.rapiddata.com/nethome.html> Marketing on the Internet <http://www.dnaco.net/~tinc/market.htm> How to E-Market <http://www.spamfree.org/marketers/howtomarket.html> Direct Email Marketing <http://www.efuse.com/Grow/direct_email_marketing_.html> ========================================================================= --------------------------- 2.3 LEGAL ISSUES ---------------------------- ========================================================================= 2.3.1 Is spam illegal? Perhaps. It depends on where you live, and may depend on certain interpretations of certain laws. I Am Not A Lawyer, but the spam laws website seems like quite a good resource for finding out about specifically anti-spam laws: SpamLaws.com <http://www.spamlaws.com/> Many contend that spam is "theft by conversion" (because the spammer is "stealing" your resources to send his spam) and "trespass by chattel" (because the spammer is gaining entry to your computer (your mailbox or mailservers) against your will). These issues are beyond the legal expertise of this FAQ-writer, so if anyone can supply links to some discourse on these matters it would be appreciated. Spam may also form a Denial of Service attack if it is sent in sufficient quantity (it can cause legitimate email to be lost as mailboxes fill with spam, can cause the network to slow down, and can even crash mailservers). This may be a crime in your locality. Spam which forges header information to appear as if it's from another entity is very probably illegal in your locality, and it is in this area that most successful court actions have thus far taken place. Yahoo, for example, won a well-publicised court case against spammers who had forged "yahoo.com" in their spams. In another case, the owners of "flowers.com" successfully sued some spammers who had forged their domain. Here's a few links about this affair: Judgment Against Spammers <http://www.mids.org/press/prnov.html> Spam Suit Settlement <http://www.mids.org/mn/803/spamset.html> Flowers.com Final Judgment <http://www.whiteice.com/~tv2go/news/tracy_case.html> Spam which contains content that's illegal in your locality is, of course, illegal. But in this case it's illegal not because it's spam, but because of what it is, and thus this isn't a spam issue. RELATED LINKS Pending Legislation <http://www.cauce.org/legislation/> Email Abuse Legislation <http://www.emailabuse.org/legislation/> Cyberspace Law - Unsolicited Email <http://www.jmls.edu/cyber/index/spam.html> SueSpammers <http://www.suespammers.org> Court Cases Involving Spam <http://www.whew.com/Spammers/legal/> Junk Email Lawsuits <http://www.junkemail.org/lawsuits/> AOL vs IMS et al <http://lw.bna.com/lw/19981117/0011.htm> 2.3.2 What's this about an American law legalising spam? Ah. I'm guessing you've seen something like this in a lot of spam messages: Under Bill s. 1618 TITLE III passed by the 105th US Congress this letter cannot be considered spam as long as the sender includes contact information and a method of removal. This is a one time e-mail transmission. No request for removal is necessary. What happened was that a few years ago Senator Frank Murkowski (R-AK) championed a spam law that was widely panned by most anti-spam activists as being an effective green light to spamming. The bill, as it happened, died in Congress (i.e. the 105th US Congress ended before the bill could become law). That's why in all these disclaimers, it's called a "bill" - not a "law". So no, there's no American law legalising spam. Almost all of the spam that quotes this disclaimer doesn't comply with the terms of the bill anyway. If you're interested you could have a look at the text of this bill; technical reasons prevent me giving a direct link but go to <http://thomas.loc.gov/home/c105query.html> and enter "S. 1618" in the "Bill Number" field, then select either the version passed by the Senate or referred in the House. (I'm not sure what the difference is. Can anyone who understands the American legislature enlighten me?) Senator Murkowski recently championed another spam-related bill. More information is available at: CAUCE's Legislation Page <http://www.cauce.org/legislation/> Senator Frank Murkowski <http://www.senate.gov/~murkowski/> 2.3.3 Isn't spam protected by the First Amendment? No. Sanford Wallace and Cyberpromo tried to argue this in court back in the mid-1990's, but the courts ruled against them. As I understand things, freedom of speech gives you the right to speak but not the right to force people to hear you. Plus it only affects the right of government to restrict speech, and doesn't extend to private entities such as ISPs. (But I am not an American and I am not a lawyer.) For more information, see: Spam FAQ: Isn't Spam Protected by National Free Speech Laws? <http://spam.abuse.net/faq.html> Does the First Amendment Apply to spam? <http://www.utdallas.edu/~pauls/spam_law.html> Outcome of Cyberpromo vs AOL <http://au.spam.abuse.net/spam/news/firstam.html> AOL vs Cyber Promotions <http://legal.web.aol.com/decisions/dljunk/cyber.html> U.S. Supreme Court on Commercial Speech <http://www.abuse.net/commercial.html> 2.3.4 Can I get legal advice in this newsgroup? Many of the denizens of news.admin.net-abuse.email will be only too happy to furnish you with legal advice on any spam-related issues. However, you should remember two things: * Laws differ between localities; the law in, say, Mississippi may not be identical to that in, say, Quebec. * Free legal advice is worth exactly what you paid for it. Should you really need legal advice, this FAQ-maintainer suggests that you seek the paid hours of a trained professional. Incidentally, these points apply also to this FAQ. The FAQ-maintainer is not trained in law and the descriptions of legal issues are merely the way this untrained monkey believes things to be. ========================================================================= ----------------------------- 2.4 SPAMMERS ------------------------------ ========================================================================= 2.4.1 Spammers all live in trailers and eat KFC, right? There is a popular stereotype of spammers as penniless, jobless wasters who dream of making it big and meeting a girl (see also 3.2.26 in part 3 of this FAQ, "Understanding NANAE".) While some spammers are undoubtedly like this, many are not. In fact, spammers aren't all that different from normal, regular people. In fact, spammers tend to _be_ normal, regular people. Spammers can come from any walk of society; so suit-wearing businessmen can be spammers, caring mothers can be spammers, your granny can spam and so can a kid wearing a baseball cap backwards. And not all spammers are fly-by-night one-man businesses either; some large companies have been known to use spam. In general the stereotypes, while amusing, can distract us from the important business of dealing with spammers as fellow human beings. RELATED LINKS Types of Spammer <http://www.supertroll.com/spammers.htm> 2.4.2 Spammers don't make any money, right? Despite our best efforts, some spammers do manage to make money from this business. You only have to contrast the kind of prices some professional spammers charge (a randomly chosen spammer charged $375 for a 500,000-address spamming) for their spam runs, with the cost of the resources they need (a dialup account, a piece of spamware and some harvested email addresses) to see that they're still laughing all the way to the bank even if they only ever have two or three customers. And the authors of spamware do pretty well for themselves too. The kind of prices they charge ($299 for Desktop Server 2000!), for what are pretty simple programs, mean that the only way they can fail to make a profit is if they don't sell a single copy. Other spam-support services must be similarly raking it in. www.bulk-isp.net for example charges $300/month for a (supposedly bulletproof) email account. Now admittedly I'm not privy to their hosting costs, but I can't believe they're not making a pretty packet out of that. And of course there's the horde of other scams that take place over spam, from the world of "Pump & Dump" share scams (see 3.2.29 in "Understanding NANAE") to the good old favourite "You send us the money and we don't deliver the goods!". Just about the only people I'm not so sure make money from spam are the businesses that have their websites advertised by spam ("spamvertised"). Are the few hits they'll gain from this really worth the pain and the damage to their reputations that the spam will cause? In many cases, I doubt it. 2.4.3 Spammers are all scumbags, right? Would that the world were painted in black and white. Anti-spammers on one side, spammers on the other; a unanimous cheer would go up as we metaphorically malletted the spammers one by one. Unfortunately, it's not that simple. It's not uncommon for otherwise good people to spam because they've been sold a service by an unscrupulous spammer. "I'll send your message to a list of 500,000 opt-in email addresses I've assembled", the spammer will say. Or maybe it's "Nobody minds getting email like this." Perhaps they've been sold on the "It's just like junk postal mail" rhetoric. Whatever the specifics, someone somewhere has sold them a boatload of lies and now they've spammed, and their business is paying the price. "What's happening? That nice Mr Spammer said nobody would mind getting our emails. After all, everyone else is doing it," they will cry. Such people aren't the enemy; they've been wrongly advised, so now's the time to gently tell them the facts of the matter. Most people in such situations see very quickly the problems of spam and are undoubtedly feeling the extremely negative impacts on their business. They may even be able to help you to track down and eliminate the spammer who took advantage of their innocence. RELATED LINKS True Tale: The Danger of Purchasing a Mailing List <http://www.cauce.org/tales/1.shtml> 2.4.4 But some spammers are scumbags, right? Right. You've got folks selling apricot seeds as the cure for cancer, envelope-stuffing as the way of the future, viagra as a universal cure-all, and information about anyone. Spammers are advertising porn to children, US dentistry in the UK, and "We'll remove you from credit blacklists!". And even if you go beyond the obvious scams, lots of spammers are still knowingly stealing our computing resources to send their adverts, clogging up our mailboxes with their rubbish, lying, and cheating to get internet accounts. Yup, there's a whole lotta scumbags out there. RELATED LINKS Spambook Spammer Manual <http://www.canismajor.demon.co.uk/antispam/spambook.htm> Seven Days of Spam <http://www.latimes.com/business/cutting/features/lat_junk010503.htm> ========================================================================= -------------------------- 2.5 ORGANISATIONS ---------------------------- ========================================================================= 2.5.1 What is "The DMA"? The Direct Marketing Association; a trade organisation and pressure group for the junk mail industry. Some parts of it are pro-spam; some parts of it are anti-spam; some parts of it don't give a damn. (Hey, I made a rhyme! :) ) For more information see: The DMA <http://www.the-dma.org/> Debunking the Direct Marketing Association <http://www.whew.com/Direct_Marketing_Association/> 2.5.2 What is "CAUCE"? CAUCE (Coalition Against Unsolicited Commercial Email) is an all-volunteer organisation created to advocate legislative solutions to the spam problem. CAUCE's website includes a look at the anti-spam legislation currently worming its way through the U.S. legislature. In addition, there are European, Australian and Indian versions of CAUCE. RELATED LINKS Coalition Against Unsolicited Commercial Email <http://www.cauce.org/> 2.5.3 Who is "MAPS"? MAPS (Mail Abuse Prevention Systems) LLC is a not-for-profit organisation which has, in recent years, become an important combatant in the battle against email abuse. Amongst other things, MAPS publishes non-definitive lists of IP addresses classified according to various criteria. It is commonly believed that many Internet Providers and others use some or all of these lists, in a variety of ways, in order to reduce the amount of spam received by them or their customers. More information on MAPS can be found on their website at: RELATED LINKS Mail Abuse Prevention Systems LLC <http://www.mail-abuse.org/> ========================================================================= ------------------------------- CREDITS --------------------------------- ========================================================================= No document of this magnitude can be the work of only one man. I would like to thank everyone who offered ideas and suggestions, everyone who pointed out grammatical errors and gaps in my logic, and places where I was just plain getting things wrong. This wouldn't have been possible without you, people. Thanks also to Paul Anderson for giving the document an official proof-read. ========================================================================= ----------------------------- USE POLICY -------------------------------- ========================================================================= You may copy and redistribute this FAQ in unmodified form by any means or media you see fit. You may modify the presentation of this FAQ as you see fit, so long as the content remains unaltered. You may modify the content of this FAQ so long as you appropriately credit both your changes and the original authors of this FAQ. At a minimum, the link to the FAQ's website _must_ remain in place.