FAQ's about SPAM


Q. What is spam ?

A. Spam (aka UCE: Unsolicited Commercial E-mail, UBE: Unsolicited Bulk E-mail) is the Internet version of "Junk mail."

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems.

Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.

One particularly nasty variant of email spam is sending spam to mailing lists (public or private email discussion forums.) Because many mailing lists limit activity to their subscribers, spammers will use automated tools to subscribe to as many mailing lists as possible, so that they can grab the lists of addresses, or use the mailing list as a direct target for their attacks.


Q. Why is spam bad ?

A. Why do we get so upset when we receive E-mail which was not requested ?

There are several reasons:

  1. The free ride. E-mail spam is unique in that the receiver pays so much more for it than the sender does. For example, AOL has said that they were receiving 1.8 million spams from Cyber Promotions per day until they got a court injunction to stop it. Assuming that it takes the typical AOL user only 10 seconds to identify and discard a message, that's still 5,000 hours per day of connect time per day spent discarding their spam, just on AOL. By contrast, the spammer probably has a T1 line that costs him about $100/day. No other kind of advertising costs the advertiser so little, and the recipient so much. The closest analogy I can think of would be auto-dialing junk phone calls to cellular users; you can imagine how favorably that might be received.

  2. The "oceans of spam" problem. Many spam messages say ``please send a REMOVE message to get off our list.'' Even disregarding the question of why you should have to do anything to get off a list you never asked to join, this becomes completely impossible if the volume grows. At the moment, most of us only get a few spams per day. But imagine if only 1/10 of 1 % of the users on the Internet decided to send out spam at a moderate rate of 100,000 per day, a rate easily achievable with a dial-up account and a PC. Then everyone would be receiving 100 spams every day. If 1% of users were spamming at that rate, we'd all be getting 1,000 spams per day. Is it reasonable to ask people to send out 100 "remove" messages per day? Hardly. If spam grows, it will crowd our mailboxes to the point that they're not useful for real mail. Users on AOL, which has a lot of trouble with internal spammers, report that they're already nearing this point.

  3. The theft of resources. An increasing number of spammers, such as Quantum Communications, send most or all of their mail via innocent intermediate systems, to avoid blocks that many systems have placed against mail coming directly from the spammers' systems. (Due to a historical quirk, most mail systems on the Internet will deliver mail to anyone, not just their own users.) This fills the intermediate systems' networks and disks with unwanted spam messages, takes up their managers' time dealing with all the undeliverable spam messages, and subjects them to complaints from recipients who conclude that since the intermediate system delivered the mail, they must be in league with the spammers.

    Many other spammers use ``hit and run'' spamming in which they get a trial dial-up account at an Internet provider for a few days, send tens of thousands of messages, then abandon the account (unless the provider notices what they're doing and cancels it first), leaving the unsuspecting provider to clean up the mess. Many spammers have done this tens or dozens of times, forcing the providers to waste staff time both on the cleanup and on monitoring their trial accounts for abuse.

  4. It's all garbage. The spam messages I've seen have almost without exception advertised stuff that's worthless, deceptive, and partly or entirely fraudulent. (I include the many MLMs in here, even though the MLM-ers rarely understand why there's no such thing as a good MLM.) It's spam software, funky miracle cures, off-brand computer parts, vaguely described get rich quick schemes, dial-a-porn, and so on downhill from there. It's all stuff that's too cruddy to be worth advertising in any medium where they'd actually have to pay the cost of the ads. Also, since the cost of spamming is so low, there's no point in targeting your ads, when for the same low price you can send the ads to everyone, increasing the noise level the rest of us have to deal with.

  5. They're crooks. Spam software invariably comes with a list of names falsely claimed to be of people who've said they want to receive ads, but actually consisting of unwilling victims culled at random from usenet or mailing lists. Spam software often promises to run on a provider's system in a way designed to be hard for the provider to detect so they can't tell what the spammer is doing. Spams invariably say they'll remove names on request, but they almost never do. Indeed, people report that when they send a test "remove" request from a newly created account,, the usually start to receive spam at that address.

    Spammers know that people don't want to hear from them, and generally put fake return addresses on their messages so that they don't have to bear the cost of receiving responses from people to whom they've send messages. Whenever possible, they use the "disposable" trial ISP accounts mentioned above so the ISP bears the cost of cleaning up after them. I could go on, but you get the idea. It's hard to think of another line of business where the general ethical level is so low.


Q. UBE, UCE... What do they mean ?

A. First, a short lesson on the term 'SPAM'. Spam describes a particular kind of Usenet posting (and canned spiced ham), but is now often used to describe many kinds of inappropriate activities, including some email-related events. It is technically incorrect to use 'spam' to describe email abuse, although attempting to correct the practice would amount to tilting at windmills.

UBE: Unsolicited Bulk Email

Email with substantially identical content sent to many recipients who did not ask to receive it. Almost all UBE is also UCE.

UBE is undoubtedly the single largest form of email abuse today. There are automated email sending programs that can send millions of messages a day; the bandwidth, storage space, and time consumed by such massive mailing is incredible. One month's worth of mailings from one of the most nefarious bulk email outfits was estimated at over 134 gigabytes, yes that's right, gigabytes. Each message was sent over the email wires, consuming bandwidth. Then, each message was either stored locally or 'bounced' back to the sender, taking up storage space and even more bandwidth. Finally, each boxholder was forced to spend time dealing with the message.

These are all legitimate, measurable costs, and they are not borne by the sender of the messages. UBE is, at best, exploitation of email for profit; at worst, theft. There are currently few regulations regarding UBE; the potential for growth is open-ended. All by itself, UBE could render the email system virtually useless for legitimate messages.

Some would argue that there is such a thing as 'responsible' UBE; those who honor 'remove' requests and use the lists on 'Remove Me' or 'No Spam' web sites would fit their description of 'responsible'. However, due to the types of messages contained in most UBE, and the historic lack of responsibility on the part of the sending organizations, UBE and UCE have earned a reputation as tawdry, widely unpopular methods of disseminating information.

UCE: Unsolicited Commercial Email

Email containing commercial information that has been sent to a recipient who did not ask to receive it.

This is widely used, and confused with UBE, (see above). UCE must be commercial in nature but does not imply massive numbers.


Q. Where do these people get my email address ?

A. Here are a few different places:

  1. Chat Rooms - Collect member names from online "chat rooms".

  2. Finger - Use finger on a host computer to find online users addresses. (We have taken steps to prevent this to site outside of our domain name)

  3. ISP - Some ISP might sells their maillists to spammers. (We do not sell/give out our customers email addresses)

  4. List-serves - Do not sign up for any list-serves.

  5. Newsgroups - Run programs that collect email addresses out of Usenet posting headers.

  6. Online forms - Do not sign up with online forms since they might sells their lists to spammers.

  7. Web site - Use web-crawling programs that look for mailto: codes in HTML documents.

  8. White Pages - Rip them out of online 'white pages' directories.


Q. How do I keep my address off the lists ?

A. For a junk-free mailbox, don't browse the web, don't put your email address on a web page, don't subscribe to a large ISP, and don't post to Usenet. In other words, don't use the Internet.

Some people have taken to forging their own From: and Reply-to: lines in their posts. They might add an easily-recognized 'spam-block' to their address, or they might use those header lines to tell folks where to look for their real address (usually in the sig). Some attempt to boast of their elitist-Unix-nerd-programmer capabilities by burying their email address in a maze of code. Such measures, while effective, are frowned upon by some as 'giving in' to the bulk emailers.

If you do a lot of web browsing, be careful about filling out forms; some outfits take such action as carte blanche to stuff your mailbox. There are also those who sell addresses collected in this manner. Don't assume that because you are visiting the site of a 'reputable company' that this will not happen to you.

If you are using Netscape Navigator 2.0, it is possible for your email address to be collected without your knowledge when you visit a web site. This bug was quickly corrected, and versions 2.01 and above do not have this problem. (See: http://ng.netgate.net/~barry/badJavaSc.html )


Q. I did all that and I still get spam ?

A. Your options are few; your address is probably on one of the lists that gets swapped/bought/sold among the bulk email 'community'. Your only alternative might be a new address.

There have been several reports of U*E dropping off considerably as soon as someone has stopped posting to Usenet; this may indicate that the U*E outfits are constantly creating new lists, and not reusing old lists.


Q. I asked to be 'removed' - guess what? I got another spam ?

A. Not surprisingly, many UBE outfits treat a 'remove' request as evidence that the address is 'live'; a 'remove' request to some bulk emailers will actually guarantee that they will send more to you. For many others, the remove procedure does not work, either by chance or design. At this point perhaps you're starting to get a feel for the type of people with whom you are dealing.

Also, getting removed doesn't keep you from being added the next time they mine for addresses, nor will it get you off other copies of the list that have been sold or traded to others. In summary, there is no evidence of 'remove' requests being an effective way to stop UBE.


Q. What can I do about it ?

A. Here are a few different things that can be done to prevent you from receiving spam.

  1. Setup filters in your email client. Please consult the documantation for the email program that you use.

  2. Use the UNIX program "procmail" to setup a .procmailrc file on our server which would stop spam from even being downloaded to your email box.