"What is
Spam Anyway?"
By Richard Lowe
I've found when people discuss spam they really
have no idea what they are talking about. There are as many different
definitions of spam as there are people. In point of fact, this
factor alone (not being able to define what spam is and what it
consists of) makes it virtually impossible to control.
In order to control spam, a useful definition
is necessary. Why? Simple. In order to control something, you
must know what you are controlling. When you understand the basic
facts, then you can take whatever course of action is necessary.
Until you achieve that understanding, you will be shooting blindly
at an undefined target. This makes it very difficult to actually
do anything useful.
So on that note, what kind of definitions for
spam work and don't work?
Commonly spam is defined as unsolicited email.
Unfortunately, this definition by itself is NOT spam and means
absolutely nothing. What's wrong with it? This definition does
not help you solve the problem, and thus is incorrect. If this
definition was true, then to prevent spam you would have to somehow
contact a person to ask them if you could send them an email.
For example, I don't generally call someone on
the phone and ask them for an email message. That would be silly.
In fact, by definition most email is unsolicited; I don't, for
example, expect my wife or a friend to ask me if it's okay to
send me a message.
Sometimes spam is defined as emails that are
from unknown sources. Hmm. This really doesn't work well either.
I'll get emails from my website from people I don't know - these
are not spam. Also, sometimes my friends will pass my email address
to their friends, who send me email. These are also not spam,
even though they were from an unknown source and were unsolicited.
How about just plain annoying emails? That seems
to be the definition that most people have in mind when they mention
spam. If the email is annoying in some manner, and especially
if it was unsolicited, it is spam. This definition probably gets
a little closer to the heart of the matter, but it really doesn't
define spam well.
What about unsolicited bulk email? This definition
gets a little bit closer but it still doesn't really define spam
well. I mean I give my email address to my bank and I really didn't
ask them to send me emails (although I didn't ask them not to
as well). Yet I would not call this spam as I do business with
the bank. Their emails might be annoying, but since I have a business
relationship with the bank I expect them to communicate with me
occasionally.
Okay, so what is spam?
I like to think of spam as "unethical mass
email". By this I mean emails which violate the netiquette
standards of the majority of users of the internet.
Note that by this definition, an individual email
sent to a person is not spam. A commercial email, however, is
another matter. Even a single commercial email might be unethical
if it does not follow the rules below.
Ethical emails are targeted well towards their
audience. Unethical emails are mass mailings sent out blindly
to a large number of people.
These are emails that are sent to thousands,
tens of thousands, even millions of people, hoping against hope
that a few dozen will be stupid or greedy enough to respond. These
emails are untargeted and will not pertain to the majority of
the recipients. Since the majority of the people reading the message
(usually upwards of 99%) will simply delete it immediately, this
makes the mailing unethical.
Ethical email messages include valid email header
information. This information properly identifies the sender of
the message. In addition, all of the other header data in the
message is correct.
Spam messages often have forged or invalid email
headers. This means it is difficult (if not virtually impossible)
to trace the source of the email based upon the header information
within the email message. Since the sender of the message cannot
be identified the message is unethical. In this case, even a single
email message would count as spam.
Ethical mailings include a method for opting
out which actually works.
If you run a newsletter or do any kind of mass
mailing, you must include at least one method of removal in the
email message itself. This removal method (and more than one is
preferable) MUST WORK. Some things which I often see in opt-out
schemes which ARE NOT VALID include the following:
- Any email message which states that the reader
must go to a web site, log in and then modify his email preferences
is UNETHICAL. This requires too much information from the user
and forces him to do too much work.
- If the email message includes an unsubscribe
link (or other means) which does not work, then it is UNETHICAL.
- Messages which validly allow for opt-out but
then say "you will be removed in a week" or some other
long period of time are UNETHICAL. These are computers people,
and there is no reason to include these long delays. Remove the
person immediately.
Ethical mass mailings are double-opt-in. This
means after a person signs up for the mailing list, he receives
a confirmation message. He must either reply to this message or
click a link to activate the mailings to him. Any other form of
opt-in is UNETHICAL as it allows people to be subscribed by others
or by accident.
Ethical mailings do not include webbugs, set
cookies or perform any kind of involuntary tracking.
Email messages are often opened up by the recipient
before he knows anything about the message. This means if you
are doing any kind of tracking, the person has no way to stop
it, short of blocking the receipt of the message entirely. This
lack of a choice on the part of the recipient makes this kind
of tracking UNETHICAL. The only time this would be ethical is
if it was clearly stated when the user signed up for the mailing.
In that instance, this behavior is known and this makes it ethical.
Note that while the web site privacy policy should state this
fact, it must also be stated clearly on the page where the person
actually signs up for the mailing.
Ethical mailers do not use email harvesters.
Using special robots to gather email addresses from web sites
is UNETHICAL. These email addresses are generally included on
web sites to allow individuals to communicate with individuals.
Rarely is the intention to join a mass mailing list distributed
on CD. ALL USES OF EMAIL HARVESTING IS UNETHICAL.
Ethical mailers do not take advantage of open
relays or use other "spammer tricks". If you are legitimate,
then there is no need to attempt to hide your whereabouts or cover
your tracks. Using a relay without permission or sending millions
of emails through an unprotected formmail script is simply bad
manners.
Get the idea? Spamming is NOT sending someone
one or more email messages without their express permission. Spamming
is simply ignoring the rights of others (your audience, system
administrators and even the users of the internet as a whole).
That's all it is.
|
