The Wall Street Journal Online (By Stacy Forster)
Is unsolicited commercial e-mail, or spam, illegal?
There is no federal law against spam. Several states, including Washington and California, have strict laws prohibiting certain junk e-mail, and some individuals have won damages under anti-spam laws. Also, big Internet service providers, such as America Online, have sued to stop bulk e-mailers from sending spam through their networks, claiming the spammers are violating the terms of service by essentially stealing the Internet provider’s resources.
Further, if a bulk e-mailer — whether solicited or unsolicited — fraudulently offers a product or service, it is in violation of federal trade laws. FTC spam cop Eileen Harrington is teaming with local and federal law enforcement officials to crack down on spammers who deceptively advertise products or services, as noted in a recent interview, going after claims of instant weight loss and other too-good-to-be-true deals.
If spam is so annoying, why are there no laws against it?
Spam is commercial speech, and as such is protected by the First Amendment. That makes crafting legislation difficult. Also, opinions differ on whether commercial e-mail should be strictly “opt-in” — where a consumer has to have a pre-existing relationship with the mailer — or “opt-out” — where consumers merely have the option to be removed from future mailings. Consumer advocates say the sleazy and often fly-by-night nature of many spammers make “opt-in” a no-brainer. But marketers say that under a strict “opt-in” system, legitimate companies would be unfairly prevented from reaching potential customers.
How do they get my e-mail address?
It’s very easy to accidentally expose your e-mail address. Any time you post your address to a chat room, newsgroup or Web site, it’s like putting your phone number out there for telemarketers to start dialing. That’s because spammers use programs that troll the Web in search of live e-mail addresses, which are added to directories used to send spam. Spam experts caution consumers to shield their e-mail address just like they would any other piece of personal information or data. If you want to post to a newsgroup, stick an extra character in your address that is obvious to human readers, but that a computer would miss, such as user(at)something(dot)com.
Unfortunately, though, that will slow the flood but not stop it entirely. One of spammers’ favorite tactics is the dictionary attack, where a program sends millions of address — whether they work or not — using every possible combination of letters and numbers: johnsmith, jonsmith, johnsmythe. The frequent targets are common e-mail and Internet service providers, such as MSN, Hotmail and Yahoo, because they support millions of users.
Is some of my spam actually legitimate commercial e-mail that I did opt in for?
It could be possible that you opted in to receive more information when you registered or ordered something from a particular Web site. If so, then your address could have legitimately been passed on to a third party. Sometimes, the third parties have different policies about who and how they sell their e-mail lists, and an address could be sold to a less-legitimate e-mail marketer. It’s extremely difficult to trace how your e-mail address was passed from list to list, but the best place to start is with the original source, by asking who its business partners are.
Why doesn’t the “unsubscribe” link work?
It would be more surprising if it did work. A study by the Federal Trade Commission found that two-thirds of all “unsubscribe” links fail. Many anti-spam experts caution that replying to a piece of spam asking to be removed from a list could actually invite more unsolicited e-mail. Once a spammer knows an address works, it will be added to dozens of e-mail lists. Don Citarella, an executive with Era 404, a New York direct-marketing firm, did his own test of unsubscribe links for a client. After setting up a new account at a free e-mail service, Mr. Citarella submitted his e-mail address asking that it be removed from the list. Within days, Mr. Citarella had received more than 60 pieces of spam at that address. “You may be unsubscribed from the initial list, but you’re setting yourself up for much more e-mail than before,” he says.
How do they make it look like I sent a message to myself?
Spammers use deceptive return addresses as a way of enticing people to open e-mail and to hide from angry recipients. But anyone can do this using an average e-mail platform, such as Microsoft Outlook or Eudora, simply by customizing the return address information in outgoing e-mails, says Jason Catlett, president of Junkbusters, a privacy-advocacy firm in Green Brook, N.J. It’s a simple technical step that can be replicated on a bigger scale with more sophisticated programs. It amounts to a simple form of “spamouflage,” he says. “It’s as easy as writing a fake return address on an envelope.”
What if I haven’t signed up for any newsletters and I’m still getting spam saying I’ve opted in?
A spammer can sign you up for a mailing list and then claim you did it yourself, and then ignore your requests to be removed. Fed up with spam, Bill Parks, a computer-support technician, did a little digging with his Internet service provider and found out that one company claimed he had opted in for their e-mails. The only problem was the address they said he used to register was in Littleton, Colo., far from his Atlanta home.
New York’s Attorney General Eliot Spitzer is cracking down on such practices. In May 2002, his office sued MonsterHut, a Niagara Falls, N.Y., e-mail marketing firm, for allegedly misrepresenting its e-mail lists as composed of addresses of consumers who asked for more information. Mr. Spitzer is holding MonsterHut responsible for what he says are deceptive business practices.
Who pays for spam?
You do. E-mail users pay for spam in their fees for access to the Web. Because of the huge amount of resources Internet service providers must devote to keeping spam out of their systems, about $1 to $2 of a $20 monthly fee goes to fighting junk e-mail, Mr. Catlett says. Greater, but harder to measure, is your lost productivity — the time wasted every day clicking through and deleting the unwanted messages.
What are Internet service providers doing to fight spam?
Spam also costs Internet service providers dearly. They don’t want to see their servers exploited by spammers, and they must devote countless resources and employees to monitor spamming activity, hoping to prevent it from ever reaching your inbox. Not only do they work in tandem with law enforcement officials, but Internet service providers are aggressive about blocking e-mail messages that come from domains known for sending spam, says Mary Youngblood, an abuse-team manager for Earthlink in Atlanta. “Everyone has gotten spam at some point, but they don’t know what’s going on behind the scenes and why they didn’t get 100 spam e-mails,” Ms. Youngblood says. “Some people get enraged over one e-mail but most don’t understand there’s a whole industry and thousands of groups that do what I do.”
Write to Stacy Forster at firstname.lastname@example.org