The SPAM Problem
The last time you checked your email you were doubtless reminded of the continuous problem that spam creates. How many ads for cheap designer shoes, refinanced mortgages, and virility drugs is one human being expected to endure? The answer, sadly, is as many as make it over the barbed wire of your junk mail filter into your inbox. We all know that spam is anathema, but here are some things about it you might not have realized:
The First Spam: 1978
Roughly seven years after the first incarnation of email on the precursor of the Internet[1] dozens of unsuspecting people received a sales pitch from a company called DEC. Gary Thuerk worked in marketing for DEC (Digital Equipment Corporation) and was looking for a way to spread the word about a new computer known as the DECSYSTEM-20[2]. Not realizing the limitation of SNDMSG, the first email system, he had the list of everyone he wanted to reach typed into the "To" and "CC" fields. The addresses quickly overflowed into the body of the message. As a result only a fraction of those he intended to launch his pitch at received the email. He then resent the message to those who had been left out. Although Mr. Thuerk was not what we would today term a spammer the reaction to his email was mostly negative. This backlash and the fact that it was an unsolicited message sent to a mass of recipients for moneymaking purposes set the unfortunate trend for future generations of spammers and spamees.Rough Spam Statistics
Although there are almost 200 nations on the planet a mere dozen or so today produce about three quarters of the world's spam, and the top two (always the United States frequently partnered with either China or South Korea) account for almost half of all electronic junk mail annually[3].
Zombie Computers and Spam
Spam is propagated in various ways, but among the most common is via a zombie computer. A "zombie" is a system that has been compromised by an outside source to perform various malicious tasks. This commonly takes the form of zombified machines being used to forward masses of spam email. The major benefits to the spammer are that they can mask the source of their floods of unwanted emails while passing their bandwidth costs onto the zombies' owners. Also, the hapless owner of a zombie most often doesn't even know his or her machine is infected because the computing power that is being used to perform its zombie-related functions is comparatively small. This is because the spammer distributes his workload amongst a legion of zombies called a botnet. 1000 machines sending 50 emails are not as likely to raise the red flag that one computer sending the same amount would. The effect of all of this is that the majority of worldwide spam emanates from zombie computers[4].
Recently it was discovered that computers within drug behemoth Pfizer's corporate network were moonlighting as zombies[5]. Among the spam that they were spewing were ads for imitation name brand watches, questionable stocks, and coincidentally that inescapable erectile dysfunction pill that the company is famous for. What this case highlights is that even the largest of companies can be shanghaied to send oceans of spam. Thus the need for increased diagnosis and security is paramount.
Is Spamming a Crime?
Yes, in various ways[6]. The most comprehensive legislation in the United States is a 2003 law known as CAN-SPAM or the Controlling the Assault of Non-Solicited Pornography and Marketing Act. This law supersedes previous state laws that had aimed at wrangling in the most odious of spammers. It provides for a substantial fine and/or imprisonment for each violation of the basic rules outlined below. According to the Federal Trade Commission[7] a commercial email is considered to have violated the law (and thus is considered illegal spam) if any of the following conditions apply:
1) The email's header is false or misleading.
2) The email's subject line misrepresents the content of the message.
3) The email contains no online link by which the recipient can opt out of future emails.
4) The email is not clearly labeled as an advertisement.
5) The sender's correct physical address is not contained in the email.
6) The recipient's address was harvested online without permission.
7) The recipient's address was generated using a dictionary-like method of automatically combining letters and numbers into countless permutations.
8) The sender has multiple email addresses from which only spam is sent.
9) The email was forwarded through a computer or network without the owner's permission.
Besides CAN-SPAM most Internet Service Providers include a proviso in their Acceptable Use Policy that explicitly forbids spamming. Enforcement varies by ISP and depends primarily on their will and resources.
Bill Gates' Optimism
In 2004 Bill Gates announced at a meeting of the World Economic Forum that spam would be eliminated by 2006[8]. Microsoft CEO Steve Ballmer has said that Gates is "the most spammed person in the world" with a biblical plague of over 4 million emails per day[9]. This dumbfounding amount of junk mail necessitates a separate department in the company solely responsible for the management of Gates' inbox.
A few months before his prediction Gates wrote an article in the Wall Street Journal describing why spam is more harmful than annoying as well as the ways in which he was looking to combat it[10]. According to Gates spam reduces worker productivity, spreads viruses, scams, and identity theft. In the same article he announced that Microsoft had filed several lawsuits aimed at bringing down the most virulent of spammers. In addition, he commented that technological rather than civil methods of spam eradication will be the most effective in the future. Key to this would be a next generation of spam filters overseen by "machine learning software" i.e. a smart system that can learn from the data that it has collected over time. Added to this would be new authentication protocols and a charge levied on individual junk mail messages. Finally, he stated that his vision of the elimination of spam would not be achievable without cooperation between email and Internet providers.
It's now 2008 and unfortunately Gates' dream of a spamless world has not yet arrived. However, the battle between the spammers and the spammed is an ongoing arms race. And so there is hope that we might someday find the pendulum has swung in favor of those whose hope is to be able to check their email once, just once, without finding out that they can get Cialis at 75% off!
References
[1] ARPANET (Advanced Research Projects Agency Network) was a system that linked different government and university computers together via a means of data communication called packet switching. Ray Tomlinson, an engineer working for a contractor involved with ARPANET, combined two programs he had written to allow electronic mail messages to be sent between two different computers. The first email was sent in 1971.
[2] http://www.templetons.com/brad/spamreact.html#msg
[3] http://www.sophos.com/pressoffice/news/articles/2006/01/dirtdozjan05.html
[4] http://www.theregister.co.uk/2004/06/04/trojan_spam_study/
[5] http://www.wired.com/politics/security/news/2007/09/pfizerspam
[6] http://en.wikipedia.org/wiki/E-mail_spam#Legality
[7] http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
[8] http://www.cbsnews.com/stories/2004/01/24/tech/main595595.shtml
[9] http://news.bbc.co.uk/1/hi/business/4023667.stm
[10] http://www.microsoft.com/presspass/ofnote/06-23wsjspam.mspx