October 22, 2003

Spam: How it is hurting email and degrading life on the Internet

Part 2. What Is Spam Anyway?

Internet users share a general concept of spam but disagree on many specific points of definition.

Spam is a relatively new phenomenon in American life. The trajectory of its rise is so steep that those addressing the problem are playing catch-up to reach even the first stage – defining spam. In the spring of 2003, the Federal Trade Commission sponsored a three-day forum, comprehensively addressing every issue related to spam from economics to legislation, technology to best practices. The opening morning was dominated by a lively and often heated debate over the definition of spam, but one that failed to reach consensus. What are we actually talking about when we refer to spam?

The essential elements of spam

The debates over definition focused on unraveling the essential elements of spam; they are ultimately the points that legislation and litigation must address to have a chance of being effective. The elements are easy enough to identify: the sender and subject lines, the content of the message, the routing information. But the issues around these elements quickly become muddied: Are the senders who they say they are? Is there a way to contact them? Does that method function? Is the subject line misleading? Is it offensive? Should unsolicited email signal that it is advertising? Is the message legitimate or fraudulent? Is it pornographic? Should all content be treated equally, or is some unsolicited email different from other email? Is anything exempt, like the messages from religious or political or nonprofit groups? Is the routing information legitimate? And further, what right does the sender have to contact you? Did you give permission? Did you give permission to exactly that sender? How? And once you receive emails, should you be able to remove yourself from future mailings? The list of questions goes on.

We found that when Internet users were asked what they consider to be spam, they easily agreed on a basic definition, but become fuzzy about the edges. Some 92% of emailers2 agree that spam is “unsolicited commercial email from a sender they do not know or cannot identify.” But there is less agreement on other qualifying factors.

Emailers also say that content matters. Some 92% consider unsolicited messages containing adult content to be spam. 89% consider unsolicited investment deals, financial offers, or money-making proposals to be spam. 81% consider unsolicited product or service offers to be spam. Beyond that, agreement dropped off; there was less consensus that unsolicited religious content (76%), or political messages (76%), or personal or professional messages from an unknown sender (74%) are spam.

Americans also believe that the relationship between the emailer and the solicitation sender matters. About two-thirds of emailers (65%) do not consider unsolicited commercial email to be spam if it comes from a sender with whom they’ve already done business; about one-third (32%) do consider it spam. And 11% of the most stalwart insist that unsolicited commercial email be considered spam even if they have given the sender permission to contact them.

UCE — unsolicited commercial email

What emailers consider spam

These somewhat mixed messages from users – “I have given you permission to contact me, but I still consider this spam” – reflect some of the conundrums of legislative debates on spam. For example, what are the limits of “already done business with” or “had a prior relationship with,” or does any kind of contact between a consumer and retailer open the door to further solicitation? If you bought a TV from a large discount house online, does that mean the same discount house’s automotive center can contact you about buying tires? Or if you went in person to buy a stroller from the baby center, does that mean the shop can contact you in the future by email to purchase diapers?

Although still largely considered spam, unsolicited messages from senders outside the world of commerce are more likely to be tolerated. “Only” 74% of emailers consider unsolicited messages from political or advocacy groups to be spam; 65% consider unsolicited messages from non-commercial groups, like non-profits or charities, to be spam.

Spam is easy to recognize using a message’s subject line or sender.

Almost 90% of users say they identify spam by looking at the subject line and/or the sender. These can often be a dead giveaway that you have got spam. Spam subject lines often announce solely in caps, or lots of exclamation points, VIAGRA TODAY!!!!!!!!. Sometimes nonsense garble is mixed in, or “beach muscle boys tell their secret!…..da wvi cqa uxpia.” And many entice with announcements about being a winner or offering a deal you cannot refuse, “Work At Home; Free Money.”

Similarly, sender lines are sometimes obvious with just plain silly names you would surely recognize if they were your correspondents: SweettalkAmy@Hotmail.com. More unsettling are the spam that arrive when your own email address or that of someone you know has been hijacked and appears as the sender. Writes one emailer in the TRAC sample: “I have been receiving spam mail from myself! Usually it is of a pornographic nature…(I do not) understand this!”

The Federal Trade Commission has collected over 11 million pieces spam forwarded to them by consumers. Officials’ analysis of a random 1,000 pieces showed a high occurrence of fraud and misleading characteristics in precisely these features where most consumers look for authentication of email, the subject and sender lines. One-third of the spam had false sender lines; 22% had false subject lines. They further found that 40% of their sample contained falsity in the messages. And overall, a full 66% of the FTC messages contained falsity in one or another element of the content; the sender line, the subject line, or the message text itself.3

The FTC found that two-thirds of spam contains false or misleading information in the sender line, subject line, or message content.

Spammers are often clever enough to fool or at least confuse users. While nearly two-thirds (63%) of all emailers say about spam that they “know it right away when they see it,” the rest admit, “it is sometime hard for me to tell spam from other email.” Smart spammers use fraudulent ploys to lure users into opening a message, including subject lines like “Re: your query” or “important information” or sender lines like “customer service.” These efforts drive at least 9% of email users to open their email and look at the contents.

One of the TRAC respondents wrote: “Just tonight I opened an email which had the message ‘Mail not Delivered’ from the sender MailerDaemon. What I got upon opening it was not my undelivered message…but an unsolicited invitation to a ‘Brutal Rape Website’ with a graphic picture.”

Email users can also become unwitting players in the spam game when their email addresses are hijacked and they appear to be spammers themselves. The results can be costly. Many emailers wrote in about such a tale, including these representative cases in the TRAC survey:

  • “A spammer forged one of our company domain names in the return address of a (unsolicited commercial email) UCE promoting a Florida holiday package scam. We received hundreds of complaints ranging from polite opt-out requests to vitriolic hate mail as well as complaints to our bandwidth providers. The hate mail and damage to our reputation continued for several weeks and occupied hundreds of man hours.”
  • “A spammer recently sent out UCE with forged sender information indicating that I sent the mail from a personal email account I maintain. I suffered a deluge (thousands) of bounced emails, death threats, complaints, and removal requests in the short span of time it took me to notice and disable that email account. Consequently, I have been forced to retire the email address from use and all mail to it is now discarded. I am unable to receive legitimate correspondence as a result. I have no reason to believe that I was personally singled out but rather that my address was simply chosen at random by the marketer where the UCE was crafted.”
  • “Someone sent a mass emailing promoting a porn site and forged the return address to address on my domain. This had four nearly devastating effects: 1. I received over 20,000 returned emails in the course of two months while mass mailing was going on. 2. I received irate and abusive email from some people who believed that our legitimate domain was the source of the mass mailing. 3. I now receive on the order of 100 Klez viruses a day from people who got my email address from the mass mailing. 4. I am now having a much harder time trying to find legitimate email from my customers among all the spam I’m receiving.”

MessageLabs, a company that produces spam filtering software, estimates that 70% of spam is sent via hijacked computers.4

  1. To clarify a possible ambiguity, the term “emailer” in this report means “email user,” not simply “one who sends email.”
  2. Available at: http://www.ftc.gov/reports/spam/030429spamreport.pdf
  3. Research cited at: http://www.msnbc.com/news/940853.asp?0cb=-415171549