Home Up Spying on you Junk Email


Junk Email and "Spam"
© Zoes Network Consulting, 2004



Arguably, the single greatest annoyance in using Email is unsolicited commercial email (UCE, "spam" (not to be confused with the Hormel brand food product), or "junk email"). The problem has grown so pervasive, that some estimates say that up to 99% of all email traffic is junk email. This article will show some elementary ways to limit UCE and will contain links to web sited devoted to fighting spam. While the techniques are applicable to all operating system environments, Windows and Internet Explorer (specifically Outlook Express) will be used for illustrations.

The targeted audience for this paper is the general Internet end-user.

Table of Contents

Abstract *

Introduction *

So what is wrong with this? *

Dealing with the justifications as to why you must open up and swallow your daily dose of spam. *

Comparisons to TV advertising *

Comparisons to bulk or junk surface mail *

"Itís legal" *

"Just hit delete" *

"Get over it" *

How they stuff your inbox with junk *

Using 3rd party "relays" *

"Stealth" or bulk mailing programs *

Using bogus return addresses *

"REMOVE" and other fables *

The "Complain School" *

The "Stealth" School *

Doing Both *

Conclusion *



Anybody who uses the Internet regularly is likely to be receiving junk email (a.k.a. spam, or UCE). It seems that every "marketer" out there feels that they have a God-given, First Amendment, right to dump their advertisement in your inbox and make you pay for it, to boot!. Many of these so-called "marketers" take umbrage when you complain to them. They self-righteously claim:

Itís no different from watching advertisements on TV

Itís no different from receiving bulk surface mail ("junk mail")

Itís legal

Just hit delete

Get over it

Most "spammers" know that the advertisement receiver hates receiving spam. There are studies done by Georgia Tech and World Research, Inc., which clearly show that most email users hate getting it. Most spammers, however, do not care, because they are operating on the percentages. If they send junk email to 1,000,000 email addresses, and only 1% responds to it, that means that have a potential 10,000 sales! Since sending 1,000,000 email messages costs only a few dollars, junk email is an extremely cost effect method of advertising. In fact, it is several orders of magnitude cheaper than traditional surface mail junk advertising.

The junk email operation does NOT have to pay for printing copies of the advertisement, purchase envelopes and postage, or transporting the completed mailing to the post office, that the surface bulk mail advertisers does.

All the email spammer has to do is create his advertisement, get his hands on a list of email addresses, and dump it into the Internet. In standard surface junk (bulk) mail advertising, the advertiser always pays up front for the entire advertising run. This is NOT true for the email spammer. With junk email, the advertisements come "postage due."


So what is wrong with this?

Let's start with a definition: Only unsolicited commercial email (UCE) is considered Spam or junk email.

If you have a business relationship with a company or if you agree to accept "email offers" by signing up for it, then such email is not considered Spam or junk email. Junk email, Spam, or UCE as used in this document is not email you asked for and/or is not email you agreed to receive.

Likewise, if you have subscribed to a "Free Internet" or "Free Email" company, receiving advertisements via email or via the web browser may be part of your terms of use. Hence, these advertisements are not considered spam.

Junk email is wrong because:

The distributors of junk email use other people's property, usually without their consent, to distribute their commercial message.

They pass the cost of distributing their message to the recipients.

They repeatedly harass people by sending the same message over and over again.

They (almost universally) ignore requests to be removed from their mailing list.

Junk email is rather like being forced to pay to receive a long distance, collect-call, telemarketing pitch.

Or being forced to pay for painting a billboard on the side of your house for someone elseís advertisement.

Unlike television, where you can switch channels, skip past the ads via videotape or videodisk, you cannot "skip" past junk email. You will download it whether you want to or not. Since many spammers use deceptive subject lines in order to trick you into reading it, you will most likely read it, whether or not the content is desired or not.

This authorís business email account recently received a junk email advertisement from CAIS, a network provider company, that included a 978,000 byte Acrobat PDF file attachment. This single message could tie up a dial up line for, perhaps, 5 minutes while downloading from an ISP to the end userís computer. When I called to complain to CAIS, the marketing "professional" was completely unsympathetic. Needless to say, this networking professional will never recommend CAIS to his customers.


Dealing with the justifications as to why you must open up and swallow your daily dose of spam.


Comparisons to TV advertising

Receiving junk email is not the same as watching TV advertisements. TV advertisers actually fund the production of TV shows. They pay for the content that is broadcast or delivered via cable. On that basis, they have every right to place advertising in the broadcast.

When was the last time a spammer offered to pay for you Internet connection?


Comparisons to bulk or junk surface mail

From creation of the content, duplication, shipping, and postage, the advertiser pays for the entire advertisement that shows up in your USPS mail box. They pay for it all Ė the whole 9 yards.

Spammers make YOU pay to receive their junk email. They make you pay by passing on the costs to transport it through the Internet, and to store it on your ISPís email server, by shifting those costs to you and every other Internet email user. The people who actually pay for the Internet are actually the end users, people like you. Your monthly bill is income to the ISP, who in turn, uses part of it to purchase increased bandwidth from his upstream connection, and to purchase more hard drives to store all the junk email he gets on you (and your fellow customers) behalf.

Many spammers are under the impression that the Internet is a "public" or "government owned" network. They are wrong. The Internet is an interconnection of privately-owned and government-owned networks. It is not free to operate, people Ė you and I Ė pay for it by our payments to our Internet Service Providers.

Depending on whose numbers you use, between 25% and 35% of all traffic on the Internet are spam. Tens of millions of dollars are spent each year by consumers to support the infrastructure used by and for spam. Everybodyís cost to use the Internet would be lower if the spammers paid for their electronic ads the way direct mailing advertising companies did.


"Itís legal"

These words are often used by spammers to justify their actions. Itís legal, so they can do it. Ethics or recipient-imposed costs are irrelevant. They can do it Ė so they will. After all, they have a First Amendment Right of free speech, donít they?

Well, not quite.

There are a number of court cases that place limits on commercial speech.

In a landmark case, the Supreme Court ruled in ROWAN v. U. S. POST OFFICE DEPT., 397 U.S. 728 (1970), that:

"Nothing in the Constitution compels us to listen to or to view any unwanted communication, whatever its merit.... We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another.... The asserted right of a mailer, we repeat, stops at the outer boundary of every person's domain." [Emphasis added]

So their First Amendment rights to advertise cease where your phone line enters the wall of your home. You are not required view advertisements that you do not want to (or are otherwise not contractually obliged to view).

Is it really "legal" to send junk email?

Not according to the legislatures of a dozen or so states. In these states, it is specifically illegal to send unsolicited commercial email. Illinois is one of these states. In Illinois, it is a deceptive business practice to do so, if you use a forged return email address or misleading subject line. The Electronic Mail Act, 815 ILCS 511 found at http://www.legis.state.il.us/ilcs/ch815/ch815act511.htm, is one such law.

Section 10 of this law reads:

"(a) No individual or entity may initiate or cause to be initiated an unsolicited electronic mail advertisement if the electronic mail advertisement (i) uses a third party's Internet domain name without permission of the third party, or otherwise misrepresents any information in identifying the point of origin or the transmission path of an electronic mail advertisement or (ii) contains false or misleading information in the subject line."

There is another reason that sending junk email just might be illegal.

The concept is based on state laws concerning trespass. There are at least two cases where an ISP sued a spammer for trespassing on their network by sending junk email to their customers. These cases, Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 456 (E.D. Pa. 1996) and CompuServe Inc. v. Cyber Promotions, Inc., No. C2-96-1070 (S.D. Ohio Oct. 24, 1996) stated unambiguously that junk email (UCE) does not create a First Amendment issue and that equipment owners have a right to prohibit spammers from chattel trespass of their equipment.

Is really legal to send junk email? Like any other advertisement, the answer may be YES, provided that the sender does not mislead the customer or trespass. As the typical spammer usually hides his real email address and may use misleading subject lines, then the answer is usually NO. If the spammer does it against your wishes, then the answer is NO.

In the last several US Congresses, legislation has been introduced to ban or limit junk email. The direct marketing lobby is so powerful, that as of now, no such legislation has enacted. Until, like junk faxes (see 47 US Code Section 227), junk email is outlawed, the problem will continue to worsen.

"Just hit delete"

This begs the question. Why should the person receiving junk email, email that they donít want, email that they end up paying for just by the act of receiving it, have to "hit delete?" Why should the person being bothered, BE bothered, in the first place? What the spammers are demanding of receivers of their spam is analogous to being forced to open up your front door to a door-to-door salesman, letting him in you house, being required to listen to his spiel, and only then, being able to tell him that you didnít want him to come in, in the first place.

The Supreme Court says we can not be forced to FIRST hear an advertising pitch and THEN be allowed throw it away.


"Get over it"

The attitude behind this statement is simply that as far as the junk email advertisers are concerned, your rights donít matter. Your right to be left alone means nothing. It does not exist as far as they are concerned. It implies that your only reason for existing is to purchase his product or service, and nothing else. And if you donít like it, tough!

If anybody takes a spammer to court and collects, I advise you to simply say to him: "Get over it."


How they stuff your inbox with junk

Most junk email operations use one of two methods to send their advertisements to you: Using a 3rd party relay, or purchasing so-called "stealth" or "bulk" mailing programs. Both methods also rely on the spammer buying or renting email address lists.


Using 3rd party "relays"

Third party relays are used by many spammers to hide the source of the junk email origination point, and to make it difficult for email administrators to block mail coming from a spammerís site.

A third party relay is simply a mail server somewhere on the Internet that will accept email from anywhere, and send it on (distribute it) to anywhere else. Most ISPís limit their mail servers to send email from ONLY their customers, and no one else. This is done by configuring the mail server to accept mail to be sent ONLY from computers using the network IP addresses that belong to the ISP.

However, there are many other mail servers on the Internet that are not configured to refuse email that does not originate within their Internet domain. These servers are targeted by spammers because they can (and will) be used to distribute the advertisement across the Internet.

The spammer will simply send their advertisement to the third party relay with their distribution list, and once delivered, they can log off and do something else.

Once received by the 3rd party relay, the relay will send the advertisement on to each user in the email list. Independently of what the spammer is doing.

Email administrators, especially the ones who block Internet domains that send out junk email, have to work much harder to block out ads coming from email servers who have been configured to allow 3rd party relaying. To the spammer, placing the advertisement in YOUR inbox is the whole point of it all. Spammers want to defeat you and your ISPís attempts to refuse the incoming advertisements. So by using misdirection, spammers can "sneak" it pass your ISPís filters and any anti-spam mail client rules you have set up, and force you to read the ad.

It is important to note that the spammers are, in fact, committing a trespass to chattel and a theft of service in the process. Almost always, they are using a computer that belongs to someone else for their commercial purposes, without the consent of, or compensation to, the owner. They are dishonest.


"Stealth" or bulk mailing programs

Almost every Internet Service Provider has a provisions in their "Acceptable Use Practices" or "Terms of Service" that prohibits the transmission of junk email by their customers. Upon receipt and investigation of a complaint about a customer sending out junk email or spam, almost every ISP will quickly terminate the spammerís ability to use their network to continue to distribute junk email by canceling their account.

Therefore, most spammers will not use the ISPís mail servers to distribute the advertisments. What they will do, instead, is purchase software to turn their Internet connection computer into an email server that is capable of sending the mail directly.

Most, if not all of these special programs promise to hide the identity of the sending machine, usually by inserting false or bogus email headers in each message in order to throw off the receiving email administratorís attempt to track down the source. With few exceptions, an experienced email administrator can winnow out the bogus email headers and identify the domain where the spammer is connected. The person they are trying to fool, is you Ė the end user -- into believing that they cannot be held accountable.


Using bogus return addresses

Spammers seldom their real return email addresses in their advertisements. Almost always they use email return addresses that "bounce" Ė thatís geekish for "are invalid." There are good and practical reasons why they do this.

They do NOT want to read your angry flame message complaining about being spammed.

They do NOT want to be disconnected from the Internet by their ISP

They do NOT want to deal with the automatic non-delivery notices that the receivers email server will generate if the "TO" address is invalid or no-longer active.

Out of millions of junk email messages being sent each day, a decent percentage of them will generate outrage from the receiver, or will simply be directed to an invalid email address. Either way, a return email message of one kind or another will be generated. The spammer does not want to have HIS inbox filled up Ė only yours.

In some states, like Illinois, using of a bogus email address in an unsolicited commercial message is a violation of the law, specifically, a deceptive business practice.


"REMOVE" and other fables

Now that you know how they do it, how can you get them to stop?

The one thing you must NEVER, EVER do is reply with "REMOVE" as their advertisements say. The "Remove" option is, almost certainly, bogus. As most spammers forge their return addresses, any reply you send them will never be received. In the cases where the spammers DO provide you will a valid spammer-owned email address, all you do is VERIFY that the email address they hit you with is valid.

And then you will get even more spam.

So playing along with them rarely works.

There are several schools of thought on how to deal with spamming. One schools says that you should track down the spammer and complain to the company that is being advertised, complain to the service provider that owns the spammerís connection to the internet, complain to the owner of the 3rd Party relay, and complain to your own ISP and ask them for help.

The other school is to go into stealth mode. Change your email address, and never, ever, display it in a public forum or otherwise advertise it anywhere, especially by placing it on your own personal web page.

A third school is to do both.

Much as you might want it, there is no fourth school that allows you to summarily execute spammers when you catch them. Pity.


The "Complain School"

Complaining works. There are rules on how to do it successfully, however. Go to: http://user.mc.net/~mustang/spammed.htm to view these "Rules of Engagement."

The bottom line is this: As the owner of your computer equipment, you do have legal options to stop them. You have the right to control the use of your property. Spammers have no more right to place an advertisement on your screen, than a billboard company has to place a billboard on your lawn without your consent. In states like Illinois, you have specific protection from junk email in the law.

Remember almost every Internet Service Provider or upstream provider has contractual provisions that prohibit their customers from sending junk email. Complaining works! For ISPís that cannot or will not control their spamming customers, there is a non-profit corporation that provides a blocking service that your ISPís mail servers can use to block the sources of spam on the Internet. See the Mail-Abuse (MAPS) link below.

There are a number of web sites that can help the Internet user deal with spam.


http://user.mc.net/~mustang/ for Tips, Tricks and Rants on dealing with junk email

http://www.jcrdesign.com/junkemaildeal.html for instructions on analyzing junk email

http://www.samspade.org for tools to help you track down spammers

http://www.junkbusters.com for information on how to fight junk email and for you privacy rights

http://www.mail-abuse.org for information on how to get your ISP to help you fight spam using MAPS (Mail Abuse Prevention System).


The "Stealth" School

The stealth school operates with the premise that if they donít know your email address, they canít send you any junk email. This also works. In fact, it works very well.

The corollary is that if they cannot verify your address, theyíll still stop sending you junk email after a while.

But you have to start with a "clean" new email address.

Rule one, keep your personal email address closely held. It is certainly okay for your friends, relatives, and acquaintances to have your email address. You want them to communicate with you, after all. Just donít go publishing it everywhere. In fact, donít publish it ANYWHERE, if you can help it.

Do not post to USENET using your actual name and email address. Configure your "news account" properties of your USENET news client to use a bogus name, organization, email address and reply-to address. On Internet Explorer/Outlook Express, you will find these fields on the "General" tab of the Internet Accounts Properties for the "news" type.

By doing this, you prevent your email address from being harvested by automated programs that read the USENET news groups looking for email addresses to extract. Tests have been conducted that indicate that within less than an hour, new users who post using their real email addresses have started to receive junk email.

This applies to ANY public forum you participate in, not just USENET. Whether an IRC chat room, a web chat, a "guest book" or whatever. Never use your real email address.

When dealing with a commercial web site that requires you to register to use it, first decide whether or not you really care that much about the site. If possible, use a bogus email address. If for reasons of performance or operation you must supply your real email address, check the "do not send me junk email" box, and the "donít sell my email address to others who will pitch me" box.

If they do not have these "opt out" capabilities, then seriously reconsider whether keeping your email address off the junk email lists is more or less important then whatever service or product the web site offers.

In nutshell Ė give the commercial web site as little information as possible. Even if they promise they wonít disclose, do not assume that they are telling the truth. Do not assume that if they enter bankruptcy or are acquired by another company that the new owners or bankruptcy court will adhere to their promise.

Consider setting up a "public" email address to be used as junk email bait. Many ISPs allow multiple email addresses per account. Some services call them "screen names" or by similar designations. On a regular basis, simply "clean it out" without reading anything in that inbox.

Rule two: Keep your business and personal email addresses separate. Do not use the same email address for both, because it is almost certain that somewhere along the line it will be harvested (or sold) by someone more concerned with making a few bucks than your privacy.

There are many "free web" site companies on the net. Many of them are excellent sources for a personal web site. However, there are programs controlled by spammers that run continuously and scan for email addresses in web sites, and then harvest them into mailing lists.

Rule three: Therefore, do not use a "mailto:" tag for your visitors to send you messages, use a form that collects the message, and emails it to you using the web serverís CGI capabilities. There are many pre-canned "form-to-email" programs that you can use that will reside in protected places on the web server where you email address would not be seen by a email address harvester.

Rule four: With respect to your email client, you must configure it to not give away your email address or confirm your email address either through use of the "acknowledgement" or "return-receipt" facility. In addition, you must take steps that HTML enabled mail, which may contain "web bugs," do not get automatically opened.

Both schemes work by tricking your email program to give up your email address. So whatís the problem you say? If they didnít have the email address in the first place, I would never have gotten the junk email in the first place, right?

This is true. But the reason to turn them off is to prevent your email software from CONFIRMING that your email address is valid. For many reasons, spammers do not want to arouse the interest of their targetís email administrator. A sure way for a spammer to get this unwanted attention is via a large number of invalid addresses that generate log entries. Therefore, they are very, very interested in compiling lists of VALID, GOOD email addresses. That is what the "spamhauses" are advertising after all.

When your email client auto-replies, or if you are the victim of HTML email with an imbedded web bug, then you give them what they crave Ė a valid email address. YOUR email address is a valid one and now they can spam you to oblivion.

You can find out how to turn off return-receipts by going to the "receipts" tab of Outlook Express/Outlook "Options" pane and either turning them off or setting them to prompt you before sending. You can stop HTML email web bugs through several methods. The Microsoft web browser email component (Outlook Express) does not provide a very effective way to deal with HTML mail. However, there are options you have available.

First: Drop your link to the Internet before you select or open email messages in your inbox. Do not make your inbox the default folder, either. Access your email application in the OFFLINE mode. This is easy to do for dial up users by turning off the automatic connect in the Internet Options pane of Internet Explorer. If the machine is not connected to the Internet, then a web bug (or the HTML email message) will not be able to connect to the remote server via the Internet without your knowledge.

Second: Turn off the "Preview" pane in outlook and outlook express. If you have it turned on, then an HTML web bug will immediately be activated by simply selecting the message in the inbox. By turning it off, you wonít cause the browser to activate the web bug, unless you actually open up the message. By the way, by turning off the "Preview" pane you also prevent email viruses from launching on selection, either.

Third: Make sure your anti-virus software is running AND that the virus signatures are current and up to date.

These steps are not very pretty, but that is because Microsoft and other vendors are more interested in ease of use and "seamless-ness" than security.

The author uses a non-Microsoft and non-Netscape email client that he can controlÖ..

The bottom line: The most effective way of protecting your email address (and your privacy) is to keep it confidential and reserved for people in your personal circle and those businesses that promise to protect it as well.


Doing Both

There is no reason not to both complain and keep your email address as private as possible.

The author has been using the both the "Complaining" and the "Stealth" schools for his private, personal, email address for over 4 years, and he has received only 3 junk email messages in that entire time, out of over 2000 inbound messages per year. Each of these spammerís ISP received a complaint and each spammer lost their internet account and had to find another service.

In other words, if the spammers do find out your real email address, come down on them and go after their Internet connection, and consider suing them in small claims court if your state outlaws junk email. Send them a "no trespassing" notice via surface mail (return receipt requested) with a notice that you may sue them for trespassing if they do it again. And if they do it again, consider following through. It could be "free money" from a person who thinks that you are nothing but a "mark" waiting to be fleeced with whatever quick-buck scheme heís touting.

This technique works! If you have gone into "stealth-mode" for your new email address, you will not be getting bombarded with junk email in the first place, and the few that do get through can be dealt with on an individual basis. The author went from being overwhelmed with 10-20 junk email messages a day, in his personal email account, to 3 (THREE!) in 4 years. The time spent in tracking down these 3 spammers was spread out over this time. This made it feasible to spend the time to research the origin of the spam and to complain to their ISP.



Email users have a right to "Just Say No" to junk email. As users of the Internet, we are empowered to do something about it. There are strategies to stop the daily barrage of junk email in our inboxes. Finally, we do not have to simply sit in front of our tubes and "eat our daily dose of spam."

Fight back. Contact your representatives in Congress and the Senate and demand that they do something about spam. Implement one of these strategies Ė or invent your own Ė to make it as difficult as possible for the spammer to drop his junk in your inbox, postage due.

The first step in defeating these parasites is to make the decision to fight back.



Home ] Up ]

Copyright © 2011 ZoeS Network Consulting, Solar graphic image copyright © 2000 Christiana V. Zoes
Privacy Statement
Last modified: August 30, 2011