UK Home >  About Us >  Press >  The spammers are watching you

The spammers are watching you

Press release: 12/02/2003

Eight out of ten spam e-mails contain covert tracking codes which allow the senders to record and log recipients’ e-mail addresses as soon as they open the message.

These are among the findings revealed this week by OUT-LAW.COM, the IT and e-commerce legal service from international law firm Masons. The research was carried out for OUT-LAW.COM by network security experts iomart.

Much of this unwanted spam is illegal under various regulations but Shelagh Gaskill, a partner at Masons, said: “The people sending it could not care less about the law.”

Iomart set up separate accounts to receive spam, or unsolicited commercial e-mail, and the team of investigators played dumb and opened up all spam that came into these accounts. They found that 83% were HTML e-mails with hidden tracking codes that notified the spammers as soon the messages were opened. After a two-week period, the volume of spam received on these accounts virtually doubled. Hundreds of worthless e-mails became thousands in almost no time at all.

Next, the team ‘sterilized’ the spam flowing into these accounts, removing the hidden tracking codes. During the next few weeks there was a slight but steady decline in the mountain of spam being received. Their conclusion was simple and stark: that spam e-mailers respond to the hidden tracking codes by sending more e-mail to identified accounts.

For a third trial period, spam e-mail was ‘bounced’ by means of an automatic e-mail being sent to the spam sender, stating that the e-mail could not be delivered, but not giving a specific reason why. Predictably, based on their earlier findings, there was a marked drop in the number of spam e-mails being received. The decrease in spam e-mails started almost immediately, and after about two weeks the volume being received had decreased by about 40%.

“The rule is simple: do not open spam if you want to minimise it,” says Iain Richardson, a software developer with iomart. “A lot of spam is evident from the subject header and sender’s name. If you suspect it’s spam, the easiest thing to do is to delete it – otherwise you’re letting the senders know that you exist and you will receive more.”

Richardson offers a few tips on reading e-mail, and explains how people get caught out. “Popular software, such as Microsoft Outlook or Express, lets the user read a section of the e-mail in the preview window before opening the full e-mail. Be warned that viewing a preview pane will activate the hidden tracker code – so don’t use it if you want to minimise spam.”

Another option is to apply spam filters. The problem with filters is that no system is perfect: there is likely to be an occasional loss of legitimate business communications, unless someone examines all filtered e-mail. Iomart has developed a product, part of its NetIntelligence suite, which businesses can install in their system to give the option of filtering or sterilising only the hidden tracker mechanism in spam.

There were a couple of points of note in the results of the tests conducted by iomart: most notably that the decrease recorded after spam was bounced was less pronounced than the increase noted when the accounts were newly set up and no action was taken to remove tracking codes or bounce e-mails.

So far, so good. Cutting down spam requires little more than ignoring the obviously tacky. Unfortunately, the iomart study suggests that the spammers have thought of that and are involved in a subtle form of electronic warfare to circumvent those who take the simple precautions outlined above. When the team began bouncing e-mails there appeared to be an increase in the amount of spam coming from different domain names. They concluded that this is likely to be an attempt by the spam senders to circumvent blocking mechanisms based on domain names.

There are laws that are relevant to spam. Depending on how the e-mail addresses were obtained and the manner in which spam is sent, there may be a breach of the Data Protection Act. Do not trust those unsolicited offers of “128 million e-mail addresses on a CD for $200.” There may also be a breach of the contract that the sender has with its internet service provider – since many ISPs forbid the sending of spam. Also relevant is the E-mail Preference Service, a list to which people can add their e-mail addresses to say that they do not want to receive e-mail marketing – although it lacks any legal weight. Most recently, under the UK’s E-commerce Regulations, all unsolicited commercial e-mail must be clearly and unambiguously identifiable as such as soon as it is received. Such e-mail must also, among other things, clearly identify the person on whose behalf it is being sent.

The UK has to implement a European Directive on the protection of privacy in the electronic communications sector before November 2003 that goes further than the current UK position on spam. It requires that unsolicited commercial communications such as e-mail, text messages, faxes or telephone calls from automated calling systems, are only lawful if consumers have already indicated that they are willing to receive such communications.

“The problem with the type of spam that clogs up our inboxes is that the people sending it could not care less about the law,” says Shelagh Gaskill. “Much of what they’re promoting is illegal anyway, so they’re not going to take much notice of laws from the UK, EU or anywhere else. Occasionally, a spammer will be caught and successfully sued. But this is not a viable option for most people.”

“It’s important that there are laws against pure spam – it must be deterred; but it’s also vital to protect the right of companies to market their products legitimately. The best way to deal with spam is not in court; it has to be found in technology.”

For further information please contact:

Struan Robertson
OUT-LAW.COM
struan.robertson@out-law.com
+44 (0)141 249 5422
http://www.out-law.com/

Colin Rose
iomart
colin.rose@iomart.com
+44 (0)141 931 7080
http://www.netintelligence.com/

Notes to Editors:

  1. The research was carried out by the analysis of more than 5,000 e-mail messages, to provide a representative sample.
  2. The full report on these findings is available in the OUT-LAW Magazine, a free-subscription publication from Masons, at www.out-law.com.
  3. OUT-LAW.COM is part of Masons, a law firm based in London with offices in Brussels, Hong Kong, the People’s Republic of China, Singapore, Dublin and throughout the UK.

-ends-

OUT-LAW Recommends

Data Protection training
We offer training courses on Data Protection and Freedom of Information laws

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.