Back To Archive Index

The 10 Biggest Spam Myths › › › What's the Buzz?
BY Rebecca Lieb

Sponsored by washingtonpost.com

November 21, 2003

The more spam panels, conferences, and symposia I attend and the more spam articles and press releases I read, the more I hear certain facts, figures, and other received ideas cited and re-cited. They're then duly parroted in the media. Some enjoy a measure of validity. Most can be filed under "say it often enough and they'll think it's true."

Everyone battling the spam scourge -- marketers, consumers, lawmakers, and the media -- could do with a little reason and rationality just about now. It's time to think critically about received ideas on spam.

1. There are only 200-300 hardcore spammers worldwide. They account for the overwhelming majority of junk e-mail.

This idea is a staple of mainstream media. But I've never encountered anyone able to source this stat -- and I've asked. DMA head Bob Wientzen cites it often. On a recent panel discussion, he was asked where the figure came from. He replied just that week he'd "talked with the FBI." This neither answers the question nor addresses the fact he and others have bandied the figure about for years.

My guess is the assertion had its genesis in the ROKSO list of known spam operations. These are spammers who have been booted from ISPs three times or more. Although the list doubtless includes plenty of nasty characters, ROKSO's methodology hasn't changed in years. Meanwhile, spammers' techniques are increasingly sophisticated and elusive. If the figure isn't wholly untrue, it's certainly unproven.

2. Most spam comes from outside the U.S.

Maybe it does, maybe it doesn't. So what? Where spam comes from is of significantly less interest than where it originates. Europeans claim most spam is American. Americans point to Asia, Eastern Europe, and Latin America. It's reminiscent of Germans dubbing a certain malady "the French disease," while the French called it "the English disease." Speaking of English -- as long as it's the broadly spoken international language and the lingua franca of large, wealthy nations, rest assured English-language spam will proliferate, wherever it comes from.

3. Spam legislation can end the problem.

No, it won't (see no. 2, above). But a federal law can help lay a foundation of rhyme, reason, and consistency. International cooperation will help even more. New technology is also essential. There really is no silver bullet.

4. The definition of spam is...

Congress hasn't enacted federal spam legislation, in part because a definition hasn't been reached. Anti-spam absolutists will tell you spam is e-mail from anyone unknown to the recipient (even a friend of a friend). The Direct Marketing Association (DMA) has defined spam as "only porn and scams, sent fraudulently." (This definition makes a federal law superfluous; these are already covered by legislation.)

Spam will be defined. And redefined. The Supreme Court hasn't been able to nail the definition of "obscenity" for the past 50 years. As Justice Stewart so infamously said, "I know it when I see it."

5. Legitimate marketers don't spam.

Oh, yes they do. This is true only for those whose definition of spam is the egocentric "e-mail sent by others, not by us." Former ClickZ contributor Nick Usborne coined the term "white-collar spam" in a recent New York Times interview to describe the phenomenon.

Like Mafia capos, white-collar spammers tend to engage henchmen (list outfits, renegade affiliates) to do the dirty work. White-collar spam is why the awful new California law takes pains to indemnify advertisers, not just senders. As Sen. Murray said, "We're going after Disney, and we're going after Vi^gra [Pfizer]." Current and former "legitimate" spammers (many are DMA members) include Kraft Foods, Palm, AT&T, and countless major banks and lenders.

6. Opt-in is a sufficient spam deterrent.

No, it isn't. Opt-in can cover marketers' and publishers' rear ends under state spam laws if they can produce records of opt-in date, time, and IP address. Soon, some clever attorney will think this through to the next step. Anyone who knows your address can opt you in to a single opt-in mailing list (happens to us at ClickZ all the time). Black Hat developers write bots that can opt you in again and again -- ad infinitum, literally. One day, someone will prove in a court of law she couldn't possibly have opted in on a particular date and time from a Fargo, ND, IP address. Double confirmed opt-in is the way to go.

7. Never opt out.

The public's heard this so often, they accept it as gospel. A recent Bigfoot Interactive study found 58 percent of respondents believe unsubscribing from unwanted e-mail actually results in more unwanted e-mail. Bad as the spam problem is, sometimes good judgment and common sense can prevail. Educated (not just alarmed) consumers are less inclined to report as spammers known and trusted senders just to get off their lists.

8. Microsoft is committed to helping end the spam epidemic.

Its executives are certainly committed to saying they are. These days, Bill Gates is front and center: testifying before the Senate; penning a Wall Street Journal editorial; putting millions up in bounty for spammer arrests; building a Web page for consumers; and forming an Anti-Spam Technology & Strategy Group, "fighting spam from all angles -- technology, enforcement, education, legislation and industry self-regulation."

When I meet members of that group, I always ask the same question. Every version of the Windows OS that shipped prior to XP's release last year is configured -- by default -- as an open relay. Millions have been upgraded to broadband. Ergo, most PCs on planet Earth emit a siren call to spammers: "Use me! Abuse me!" Why won't Microsoft tell its millions of registered customers how to close the open relay?

I usually get a stunned, rather slack-jawed reaction to the query, but never an answer. Yet their boss told the Senate to "capture all bad actors involved in sending unlawful spam, including those who knowingly assist in the transmission of unlawful spam."

9. A do-not-e-mail database will stop you from getting spam.

Poppycock. Do-not-call works because relative to e-mail addresses, there are very few phone numbers (most belong to families and businesses, not to individuals). And every phone number is tied to a name and address. The average Web user has three e-mail addresses, not necessarily tied to any personal identification. These can be acquired and discarded as casually as Kleenex. Many services promote "disposable" e-mail addresses. Once shucked, there's nothing to stop an address from being used by someone else. As the Federal Trade Commission will tell you, there's no way this can work under present circumstances. E-mail isn't the telephone.

10. Spam can take down the whole Internet.

No, say the experts at the Internet Engineering Task Force. But spam can take down your business or ISP. A hacker can cripple a network with an e-mail-distributed DoS attack -- or a worm or virus. Servers overload or crash. Networks clog with traffic. Spam doesn't "break" the Internet, but it can make it seem that way.