It's a [bad] part of our everyday lives. Who's behind this stuff?
Laura Atkins, partner in the anti-spam software and consulting firm Word to the Wise, offers a more expansive definition. "Some of them do it for the challenge in outsmarting people and filters," she says. "Some of them do it because they truly believe that it's their right to market to you. Some of them do it because they really believe that people want their products."
Lavaste at Brightmail contrasts our knowledge of spammers with that of hackers and virus writers, where we've worked up a fairly good understanding of the kind of people and motivations involved. "We were joking about what would be the typical profile of a spammer," he says. "The problem is, we don't know who they are because they're hiding themselves. The one common denominator that we know is that they want to make money." That doesn't exactly narrow the field.
The cornerstone of the E-mail industry--whether it's spam or bulk mailing--is the list business. How companies get and maintain the names on their lists can make all the difference between the two camps.
Almost every major company keeps an E-mail list to communicate with customers and market to them, including InformationWeek and its parent company, CMP Media LLC, and most manage to stay on the right side not only of the law but of anti-spam sentiment. One company often cited for following best practices with regard to commercial E-mail is online publisher Cnet Networks Inc. "It all comes down to the relationship we have with our end users," says Markus Mullarkey, VP of Cnet's outbound marketing. The key, he stresses, is providing real value for customers, as well as working closely with ISPs to remain whitelisted so mail won't be blocked. "We have what I think most would say are industry-leading permission practices."
Mullarkey also says Cnet has low complaint rates on the messages it sends out. But spammers use techniques that make the number of complaints a less-reliable red flag, while at the same time gathering ever-larger lists.
There are several ways of gathering addresses, says Atkins at Word to the Wise. One is scraping addresses off Usenet or the Web using an address-gathering program. Also, there are dictionary attacks, which, as the term suggests, throw words at Web domains in an effort to hit a valid E-mail address. A third is sites offering prizes, sweepstakes, or free stuff that are really address-harvesting schemes.
Ethical bulk E-mailers want lists collected with exacting standards for opting in, which is known as permission-based marketing. But for those operating on the fringe, the issue isn't how many people didn't really opt in, it's how many complain. That's where list washing comes in. To appear legitimate, senders of unsolicited bulk E-mail purge from their lists people who complain. When the number of complaints falls below a certain percentage, the list appears clean. Rather than permission-based marketing, it's more like omission-based marketing.
Youngblood at EarthLink says for this reason, the ISP relies on monitoring tools to seek out spammers: "We look at E-mails themselves, we look at the products they're selling, we look at how many times our automatic processes had to end the connection with their mail machine because of 'user unknowns' [undeliverable mail], we look at our spam filters."
Spammers, she says, make no effort to fine-tune lists to get higher-percentage response rates. "They don't think that way. What they say is, 'Gee, if I get a one-out-of-a-thousand response, think how much I would get if I doubled my E-mail," she says. "Spammers deal in volume, instead of only sending E-mail to those who want it."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.