What does ISPA consider to be spam?
All unsolicited bulk email is spam with the following exceptions:
- Mail sent by one party to another where there is already a prior relationship between the two parties and subject matter of the message(s) concerns that relationship, is not spam.
- Mail sent by one party to another with the explicit consent of the receiving party, is not spam.
In essence, ISPA’s position is that consumers should only receive bulk mail that they have requested and/or consented to receive and/or which they would expect to receive as a result of an existing relationship.
What is Spam?
Spam, or unsolicited bulk email, is the posting of emails to large volumes of addresses advertising a service or product. Unlike conventional junk mail where the sender pays the cost of postage, recipients of spam pay the transmission costs, either in the form of Internet access fees and/or data charges.
Spam is one of the most significant threats to the Internet, accounting for around 60% of all email traffic. Spam costs consumers and ISPs a lot of money in bandwidth charges. Despite the growing number of technological means for combating spam, the spammers somehow manage to stay one step ahead and the deluge shows little sign of abating.
Spammers get email addresses in a variety of methods:
- They can write a program which searches the web in spider-like fashion, following links to pages, and the links of those pages to other pages, to infinity. As part of this link following process the program will search for obvious email addresses such as firstname.lastname@example.org or HTML mailto: links. In a short space of time many thousands of email addresses can be harvested in this fashion.
- They can purchase an existing email address database from someone who runs a continuous spider program. Often selling for a few dollars and amounting to millions of email addresses, the purchase of such databases occurs not just by spammers but also more legitimate firms seeking new methods of advertising their product or service in a state of ignorance over spam.
- They can brute force an SMTP server, trying various common names for people and well known role accounts.
- Someone might willingly or unwittingly add your address to an opt-in mailing list for adverts.
One of the ways in which spammers check for valid addresses is by providing an apparently thoughtful “Click here to remove yourself from this list” with a URL pointing to a website. The user seeking to prevent further mail from the spammer clicks the link in a trusting fashion. However all they have done is verify that their email address is active, which results in additional spam being sent to them.
Another means is to insert a pixel image into the email which links to a web server. When you load the message in an HTML capable mail client, the mail client requests the pixel image from the configured web server. By accessing the image and downloading it, a line is added to the web server log file which can be used to verify an address which spam was sent to.
Why is spam bad?
Spam is bad because users are forced to pay to download content they did not ask to receive. In many cases users find themselves downloading more spam than legitimate email messages and this dilutes the value of Internet based communication. No-one wants to wade through spam to find legitimate content.
While ISPs have to bear the bulk of the cost for bandwidth overuse by spammers, this cost is often passed onto the consumer through increased Internet access fees or a degraded service level.
Users themselves are at their wits end, as the process of manually deleting spam is burdensome. Some email clients have special filters which allow for the recognition of spam based on existing messages marked as spam. In addition a number of software companies sell anti-spam software in addition to anti-virus software or content filtering systems.
Spammers generally do not pay much for the sending of spam. They exploit open mail servers to do their task for them. The spammer need only send one email message to an incorrectly configured mail server to reach thousands of email addresses, with the bulk of the transfer being handled by the mis-configured mail server. Recipients in turn need to pay access costs or telephone costs in order to receive content they did not ask for.
More information can be found here: http://spam.abuse.net/overview/