Much of this unwanted spam is illegal under various regulations
but Shelagh Gaskill, a partner at Masons, said: "The people sending
it could not care less about the law."
Iomart set up separate accounts to receive spam, or unsolicited
commercial e-mail, and the team of investigators played dumb and
opened up all spam that came into these accounts.
They found that 83% were HTML e-mails with hidden tracking codes
that notified the spammers as soon the messages were opened. After
a two-week period, the volume of spam received on these accounts
virtually doubled. Hundreds of worthless e-mails became thousands
in almost no time at all.
Next, the team 'sterilized' the spam flowing into these
accounts, removing the hidden tracking codes. During the next few
weeks there was a slight but steady decline in the mountain of spam
being received.
Their conclusion was simple and stark: that spam e-mailers
respond to the hidden tracking codes by sending more e-mail to
identified accounts.
For a third trial period, spam e-mail was 'bounced' by means of
an automatic e-mail being sent to the spam sender, stating that the
e-mail could not be delivered, but not giving a specific reason
why.
Predictably, based on their earlier findings, there was a marked
drop in the number of spam e-mails being received. The decrease in
spam e-mails started almost immediately, and after about two weeks
the volume being received had decreased by about 40%.
"The rule is simple: do not open spam if you want to minimise
it," says Iain Richardson, a software developer with iomart. "A lot
of spam is evident from the subject header and sender's name. If
you suspect it's spam, the easiest thing to do is to delete it –
otherwise you're letting the senders know that you exist and you
will receive more."
Richardson offers a few tips on reading e-mail, and explains how
people get caught out. "Popular software, such as Microsoft Outlook
or Express, lets the user read a section of the e-mail in the
preview window before opening the full e-mail. Be warned that
viewing a preview pane will activate the hidden tracker code – so
don't use it if you want to minimise spam."
Another option is to apply spam filters. The problem with
filters is that no system is perfect: there is likely to be an
occasional loss of legitimate business communications, unless
someone examines all filtered e-mail.
Iomart has developed a product, part of its NetIntelligence
suite, which businesses can install in their system to give the
option of filtering or sterilising only the hidden tracker
mechanism in spam.
There were a couple of points of note in the results of the
tests conducted by iomart: most notably that the decrease recorded
after spam was bounced was less pronounced than the increase noted
when the accounts were newly set up and no action was taken to
remove tracking codes or bounce e-mails.
So far, so good. Cutting down spam requires little more than
ignoring the obviously tacky. Unfortunately, the iomart study
suggests that the spammers have thought of that and are involved in
a subtle form of electronic warfare to circumvent those who take
the simple precautions outlined above.
When the team began bouncing e-mails there appeared to be an
increase in the amount of spam coming from different domain names.
They concluded that this is likely to be an attempt by the spam
senders to circumvent blocking mechanisms based on domain
names.
There are laws that are relevant to spam. Depending on how the
e-mail addresses were obtained and the manner in which spam is
sent, there may be a breach of the Data Protection Act. Do not
trust those unsolicited offers of "128 million e-mail addresses on
a CD for $200."
There may also be a breach of the contract that the sender has
with its internet service provider – since many ISPs forbid the
sending of spam.
Also relevant is the E-mail Preference Service, a list to which
people can add their e-mail addresses to say that they do not want
to receive e-mail marketing – although it lacks any legal
weight.
Most recently, under the UK's E-commerce Regulations, all
unsolicited commercial e-mail must be clearly and unambiguously
identifiable as such as soon as it is received. Such e-mail must
also, among other things, clearly identify the person on whose
behalf it is being sent.
The UK has to implement a European Directive on the protection
of privacy in the electronic communications sector before November
2003 that goes further than the current UK position on spam.
It requires that unsolicited commercial communications such as
e-mail, text messages, faxes or telephone calls from automated
calling systems, are only lawful if consumers have already
indicated that they are willing to receive such communications.
Shelagh Gaskill said:
"The problem with the type of spam that
clogs up our inboxes is that the people sending it could not care
less about the law.
"Much of what they're promoting is illegal anyway, so they're
not going to take much notice of laws from the UK, EU or anywhere
else. Occasionally, a spammer will be caught and successfully sued.
But this is not a viable option for most people."
"It's important that there are laws against pure spam – it must
be deterred; but it's also vital to protect the right of companies
to market their products legitimately. The best way to deal with
spam is not in court; it has to be found in technology."
