Spam Nation - InformationWeek
Business & Finance
01:32 PM
Connect Directly
[Ransomware] Taking the Mystery out of Ransomware
Dec 07, 2016
Lost data. Systems locked down. Whole companies coming to a grinding halt. When it comes to ransom ...Read More>>

Spam Nation

It's a [bad] part of our everyday lives. Who's behind this stuff?

Laura Atkins, partner in the anti-spam software and consulting firm Word to the Wise, offers a more expansive definition. "Some of them do it for the challenge in outsmarting people and filters," she says. "Some of them do it because they truly believe that it's their right to market to you. Some of them do it because they really believe that people want their products."

Lavaste at Brightmail contrasts our knowledge of spammers with that of hackers and virus writers, where we've worked up a fairly good understanding of the kind of people and motivations involved. "We were joking about what would be the typical profile of a spammer," he says. "The problem is, we don't know who they are because they're hiding themselves. The one common denominator that we know is that they want to make money." That doesn't exactly narrow the field.

The cornerstone of the E-mail industry--whether it's spam or bulk mailing--is the list business. How companies get and maintain the names on their lists can make all the difference between the two camps.

Almost every major company keeps an E-mail list to communicate with customers and market to them, including InformationWeek and its parent company, CMP Media LLC, and most manage to stay on the right side not only of the law but of anti-spam sentiment. One company often cited for following best practices with regard to commercial E-mail is online publisher Cnet Networks Inc. "It all comes down to the relationship we have with our end users," says Markus Mullarkey, VP of Cnet's outbound marketing. The key, he stresses, is providing real value for customers, as well as working closely with ISPs to remain whitelisted so mail won't be blocked. "We have what I think most would say are industry-leading permission practices."

Mullarkey also says Cnet has low complaint rates on the messages it sends out. But spammers use techniques that make the number of complaints a less-reliable red flag, while at the same time gathering ever-larger lists.

There are several ways of gathering addresses, says Atkins at Word to the Wise. One is scraping addresses off Usenet or the Web using an address-gathering program. Also, there are dictionary attacks, which, as the term suggests, throw words at Web domains in an effort to hit a valid E-mail address. A third is sites offering prizes, sweepstakes, or free stuff that are really address-harvesting schemes.

Ethical bulk E-mailers want lists collected with exacting standards for opting in, which is known as permission-based marketing. But for those operating on the fringe, the issue isn't how many people didn't really opt in, it's how many complain. That's where list washing comes in. To appear legitimate, senders of unsolicited bulk E-mail purge from their lists people who complain. When the number of complaints falls below a certain percentage, the list appears clean. Rather than permission-based marketing, it's more like omission-based marketing.

Youngblood at EarthLink says for this reason, the ISP relies on monitoring tools to seek out spammers: "We look at E-mails themselves, we look at the products they're selling, we look at how many times our automatic processes had to end the connection with their mail machine because of 'user unknowns' [undeliverable mail], we look at our spam filters."

Spammers, she says, make no effort to fine-tune lists to get higher-percentage response rates. "They don't think that way. What they say is, 'Gee, if I get a one-out-of-a-thousand response, think how much I would get if I doubled my E-mail," she says. "Spammers deal in volume, instead of only sending E-mail to those who want it."

3 of 4
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll