Permission marketing, an idea that came and went with the surge of IPO’s in the late nineties, and the lust for crust that followed, may have been the biggest loss to the free market economy and the advance of the Internet. In the beginning, circa ’95 or so, the idea that you could sign up for the push and pull meme of the century, and that no one would violate your choice seemed Utopian and before long it dropped like the NASDAQ did soon after. I remember a Los Angeles trade show in the late nineties when guys stood up on a podium and swore that marketing would never be the same as web merchants would not dare ignore the choices people made and flood their inboxes with the worthless detritus we have seen daily since then. Yet, the problem of SPAM and, along with it, the ravages of viruses, spyware, and other parasites, have slowly deteriorated the experience of the Internet and jeopardized the potential of open communications.
The “low-hanging fruit,” those who wanted to get the latest information on securing their networks locking down business secrets and building solid firewalls around their data, promised a rapid expansion and secure future for the Internet. For the most part, you could trust what showed up on your desktop. But, to quote Gordon Gecko, “greed is not only good, it’s now legal.” Today you don’t see many folks inhibited by complaints of spamming, and data is sold for dimes on the dollar. The game is on, and what you do with the data you’ve accumulated, or bought, all goes into a huge mixing bowl which blends it all together with your Facebook profile, your twitter smarm and your “secret” anonymous email accounts. Today, there are no secrets; and there are no constraints. As an old friend said, the only test for spam is, if it doesn’t work. In other words, 11% of all spam gets a response; 75% of all email is spam.
According to the Wiki , tracking what has come to be called, “’You-Can-Spam’ Act because while the bill does not explicitly legitimize e-mail spam, it preempts laws that allowed for (among other things) easier prosecution and rights to private action. In particular, it does not require e-mailers to get permission before they send marketing messages.” They show the path we’ve watched the last ten years or so as the government has failed to understand the implications or the opportunities for enhancing our brand of free market enterprise while respecting the audience it serves. They list handfuls of arrests and more smacks on the wrists of the con-men who have manipulated the law and the people willing to risk their reputations for a buck.
Our Swiss friends started an organization some years back called, “The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet’s spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam gangs worldwide, and to lobby governments for effective anti-spam legislation.”
They offer a technical definition of spam:
“An electronic message is “spam” if (A) the recipient’s personal identity and context are irrelevant because the message is equally applicable to many other potential recipients; AND (B) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.”
Unlike the guys selling the nifty email marketing applications, who ostensibly decree that if it works, it’s not spam, the Spamhaus group offers, “Spam is an issue about consent, not content. Whether the Unsolicited Bulk Email (“UBE”) message is an advert, a scam, porn, a begging letter or an offer of a free lunch, the content is irrelevant – if the message was sent unsolicited and in bulk then the message is spam.”
They provide a simple, honest and intelligent guideline for anyone considering a risk to his or her freedom: “The Golden Rule is: Never buy email addresses from anyone. No legitimate company will ever sell you a list of ‘opt-in’ email addresses. Anyone selling you lists of ‘opt-in’ email addresses is very simply a spam outfit. If you have been sold a list of email addresses which the seller promises are “opt-in”, you have been conned.”
Here are some important definitions from their web site:
Listwashing is the systematic removal of complainants from an illicitly gathered address list with no other action taken to stop spamming the remainder of the list. Listwashing removes spam symptoms without curing the underlying problem. ISPs which simply pass abuse reports on to their spamming customers without investigation or further consequences are aiding in listwashing and spamming.
Listwashing is often done in conjunction with snowshoe spamming and waterfalling to attempt to clean bad lists and improve deliverability, rather than simply using OPT IN address acquisition in the first place. Listwashers nearly always include per-recipient codes in the headers and payload URLs. Together with careful list segmentation, dirty lists can be washed to a clean enough state that some ESPs are willing to risk sending spam by importing those lists.
A list owner is “waterfalling” when they run the same illicitly obtained address list through a series of ESPs, each time cleaning bounces, complainants and maybe non-respondants, and then hoping to move up to a cleaner ESP with better deliverability. The result still includes spammed addresses but fewer spam complaints to the ESP.
A spamtrap is an address that is used to capture spam sent to it in order to provide information on what spam is being sent and from where. Spamtraps do not belong to real users, they are decoys set up to catch spammers, monitor and collect spam.
When using spamtraps in automated systems, in order to prevent legitimate email from being invited, a spamtrap e-mail address is never published where a human can find it. As the address is never visible to humans, no sender would be encouraged to send messages to the email address for any legitimate purpose.
An IP address (Internet Protocol address) is a unique address that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 220.127.116.11 could be an IP address.
Domain Name System Block List – a list of IP address ranges or other information compiled as a DNS zone. Information in DNS format is easy to query and transport, and its small answers are very “light” on bandwidth overhead (UDP vs. TCP). A DNSBL of domain names is often called a URIBL, Uniform Resource Indicator, although there are numerous such lists written under other names.
Understanding DNSBL filtering
noun: A range of IP addresses is a “block” or subnet, often expressed in CIDR notation.
verb: An action taken by an ISP or network to prevent unwanted traffic from entering its private servers, including mail servers.
Some spam-filtering systems add a “tag” to the headers of messages which have a high spam-score, such as “X-Filter: yes” or “[spam]” in the Subject. The user can then have their mail client filter those to a quarantine, or delete them sight-unseen. Many of those filtering systems include Spamhaus lists as part of their scoring.
“Bouncing” or “rejecting” refer to the two courses of action a server may take when it detects undeliverable or unwanted mail. In the case of spam, bouncing is very undesirable because most spam has forged headers, and the bounce is sent on to an innocent third party who is often the target of a malicious “bounce bomb” attack.
Visit their community to learn more at: http://www.spamhaus.org/faq/answers.lasso?section=Glossary
Yet the idea of building a business around a credible brand, that respects customer choices, has always been an idea that not to be ignored. After all, how many customers can you afford to risk losing in the fight for market share?
It’s important to understand that much of the spam you see in your inbox is in the form of consumer offers, often submitted by third parties with little risk on the table. You won’t find big IT using spam tactics because they would be punished harshly and they understand the risk. This is why it is up to bit IT to confront the situation and demand enforcement.
Yet, talk to any of the multitude of email marketing application peddlers and, while they may not put it into an email, they’ll casually explain that as long as the message is “interesting” you won’t have a problem. Or, as long as you include an opt-out option, it’s Kosher. Naturally, like almost everything these days, politics have destroyed any hope that a rational discussion can work to everyone’s benefit. And with the spread of intrusions by groups like Anonymous, which have sorely embarrassed U.S. law enforcement, to the point of going after the wrong people because they have no clue how to prevent it, there seems to be little leadership to revive the once flowering promise of a junk free channel to the information we want, versus the mountains of garbage that we all have to filter from our lives.
IT leaders remain the wild card in the fight against unwanted junk email and intrusions that serve to inhibit growth, destroy the work of honest folks, and risk the loss of Internet freedom. We’d like to propose an alternative to the failed policies of government, at the risk of them throwing the baby out with the bathwater. We’d like to see IT leaders provide the path to stopping junk email and foster a better system of correcting the problems we face in the future. We invite your ideas and complaints about those you feel abuse the system and increase risk for no one’s benefit. We’ll post whatever you think can help restore the idea that if you mess with the elegance of permission communications, you will suffer the wrath of those who cherish it. Let me know what you think, and we’ll do what we can to make the Internet a channel for free open communications without the threats we now face.