Consider the case of James McGrath Morris, who publishes an email newsletter called “The Biographer’s Craft.” When some of his readers were not receiving the newsletter, he ran his copy through a spam checker. Use of the phrases “young adult” (as in literature), “getting nasty” (referring to a legal matter) and “hot” (in reference to what’s popular in books) were red flags, so to many spam filters, his content was questionable enough to block it from those at the other end of the email stream. Context was irrelevant.

Or consider Mike Fratto, a writer at InformationWeek.com who reported that one of the site’s visitors was having trouble forwarding spam to the FTC’s spam reporting email address (spam@uce.gov) because the forward was — what else? — blocked by a spam filter. The same email, when forwarded to Mike himself, also ended up in the junk email folder.

It’s reasonable to expect some normal emails to fall into the spam filter through unlucky phrasing, but the problem has begun to increase. When Morris asked a professional about lowering his spam-check score, the answer was simple: he just had to censor himself and change any questionable phrases to different ones. But that, as he notes, creates a slippery slope as spam filters try to keep up with more sophisticated junk email onslaughts. “If I surrender those words now,” he writes, “what might I be asked to give up next month?” He muses about ordinary writers becoming stymied in their craft when spam filters trip them up for using phrases like “beastly behavior,” Lolita” or “swelling ranks of investors.” Those who write and distribute email newsletters are fighting a battle of words against software, with strict self-censorship as a result. Writers have had to begun to write for the filters, not for the audience.

In addition to screening for key words and phrases, some filters also check for “bad reputations” from mail servers and IP addresses. If a given server or IP address has been used by spammers, it could end up on a list that makes content from that server or IP address automatically questionable to spam filters. These lists change constantly, and as Fratto notes, it’s hard to get one’s server or IP address removed from the list. Morris experienced this sort of frustrating filtering when his IP address turned up on a list of questionable sources at www.spamhaus.org. The Spamhaus Project claims to maintain the list free of charge to keep email administrators in the loop on spam sources, but Morris hadn’t sent any spam from his IP address. Later, when he checked his IP address again, it was no longer on the list, or on any other lists he checked.

These sorts of restrictive filtering and quiet blacklisting are an obvious problem with spam filters today. What complicates matters is that the person sending the email might not know that their IP address or server is on a black list (the list keepers don’t notify those who are listed; they just maintain the lists), and those who receive an email that is labeled a spam message may never see it, as it’s usually diverted into a junk mail folder or deleted entirely without notifying the recipient. In my own case, Yahoo! puts my spam into a junk mail folder and tells me when I have new messages there, but it’s up to me to wade through the hundreds of spam emails I receive in a day to make sure that no legitimate email is being sent there in error. If I delete the contents of the spam folder, they’re gone, bypassing the “trash” folder completely and going out into the ether. 

And to add insult to injury, many spam messages still slip by the filters and into my inbox.

What can be done to make spam filters and blacklists more aware of context and intent in email? Not much, unless we’re willing to open up the restrictions and allow more spam to reach our inboxes as a result. The price of protection from unsolicited advertising in our email is that some emails will be filtered that shouldn’t be. So which is more important: access to the information, or protection from the noise? For now, that’s an individual choice. You can help the filters perform at their best by putting desired addresses on your email “approved” list, removing yourself from as many spam lists as possible, and checking your junk mail box periodically to see if any legit messages fall through the cracks.

The vast majority of emails sent today are spam… We just have to do what we can to make sure that the filters we use don’t eventually consider ALL email spam.

Sources for this article: InformationWeek, The Hartford Courant, The Spamhaus Project

Experian, one of the three main credit bureaus, says no. They filed a lawsuit against LifeLock in February, claiming deception and fraud in the attention-grabbing advertising campaign. Davis calls the lawsuit groundless. Some of the details of Experian’s claims:

1. Fraud alerts, which notify companies that check credit to be on the lookout for imposters, are LifeLock’s main fraud prevention tool. Under the Fair Credit Reporting Act, fraud alerts be requested only by an individual, either the consumer or someone acting on the consumer’s behalf, not by a corporation. They can also be requested only when there is a strong suspicion of impending fraud or identity theft (say, when your credit card goes missing). LifeLock, however, has placed continuous fraud alerts on the credit files of its approximately 1,000,000 customers, which is against federal law, Experian claims. They say that LifeLock pretends to be the consumer and actively avoids detection as a corporation. They also maintain that this constant “crying wolf” ties up the Experian systems and slows the process down for legitimate fraud alerts.

2. Experian also claims that LifeLock uses deceptive advertising because credit reporting is free under the Fair Credit Reporting Act, but LifeLock does not make it clear to consumers that the credit reports (and many of the other services, such as junk mail reduction) are free to obtain through other means. Experian also charges that the advertising is deceptive because the service does not afford all of the protection it claims; it cannot prevent an identity theft in progress or the unauthorized use of a credit card, and is not always effective in preventing undocumented workers from using stolen Social Security numbers to get a job.

Davis counters the first claim by saying that placing fraud alerts is legal and “in the spirit of the Fair Credit Reporting Act.” He notes that LifeLock customers are happy and satisfied with the service, and that he had received no complaints of deceptive practices. He addresses the second claim by saying that his service makes it “virtually” impossible for someone to steal a client’s identity (the word “virtually,” he says, keeps the ads from being deceptive).

It should be noted that the fraud alerts do cost the credit bureaus time and money to run, which they don’t appreciate, obviously, but may not be as illegal as they claim. Experian is also under investigation by the FTC for running www.freecreditreport.com, a site that charges customers for credit monitoring and could be considered a competitor to LifeLock. Davis suggests that Experian simply wants to make more money and sees LifeLock as a threat.

As to the reports that Davis’s identity WAS stolen, the reality is that it was not. One man got a $500 payday loan using Davis’s Social Security number, but the clerk who took his information did not run the number through any of the credit bureaus for verification before handing over the money. Once the fraud was discovered, LifeLock fixed it, and Davis’s credit is just fine, even after 87 other, failed attempts to steal his identity.

LifeLock is not the only company that offers its services to consumers (see also Debix, LoudSiren and TrustedID). But as of this month, LifeLock had become the target of several class-action lawsuits from competitors, credit bureaus and lawyers in several states. LifeLock an easy target, thanks to its memorable and slightly scary advertising. But many experts doubt that the lawsuits have any merit, and interpreting the Fair Credit Reporting Act might easily go in favor of LifeLock (especially since many people have been potentially compromised when their personal information has gone missing from the computers of companies, banks and other agencies, so they’d have reason to put fraud alerts on their accounts).

Wired Columnist Bruce Schneier makes the point that LifeLock does what the government should do anyway: make stolen personal information harder to use. That said, though, he is not a customer of LifeLock because, as he puts it, dealing with identity theft is routine and not nearly as damaging as it used to be. Also, it’s hard to tell how effective LifeLock is, since it gains customers more from the fear of identity theft than the theft itself.

In the end, LifeLock can be a very useful and reassuring service if you choose to pay for it, but you can keep track of your own credit and identity yourself, for free. You can put your own fraud alerts on your account if you remember to renew them every 90 days (since fraud alerts expire). You can request free credit reports at one per year (visit www.annualcreditreport.com, for example). And of course, above all, you should be careful with your personal information. Shred credit card offers and other documents that come to you in the mail; don’t give out your personal info over the phone or in email; and investigate unknown charges to your accounts. Being a conscientious consumer may be all it takes to protect yourself from identity theft and fraud.

Sources for this article: MSNBC, LifeLock Reviews, WIRED

Wrong. Let’s go through some of the most common misconceptions of the Do Not Call Registry, and what the reality is:

Misconception #1 – Being on the list means no one can call you to sell you anything.

The reality – The list doesn’t include calls from political organizations, charities, telephone surveys, companies that you have a business relationship with (i.e., you bought something from them recently), and companies that you have already given permission (in writing) to call you.

Misconception #2 - You can register just home phones and landlines, not cell phones.

The reality – You can register any number, including cell phones, with the Do Not Call Registry. There is an email that has been making the rounds for years that insists a cell phone database is about to be released to telemarketers, but this email is a hoax. You are not about to be inundated with telemarketing calls to your cell phone, as it is against FCC regulations for automated dialers (which most telemarketers use) to dial cell phone numbers. Still, if you choose to register your cell number with the Do Not Call Registry, you may do that.

Misconception #3 – The same day that you register your number, the calls must stop.

The reality – It may take up to 31 days for telemarketers to update their systems and stop calling you.

Misconception #4 – Even if a telemarketer calls me without permission, they won’t be penalized. 

The reality – If you receive a call from a telemarketer more than 31 days after signing up for the Do Not Call Registry, and you don’t think the telemarketer is included in the list of permitted callers, then you can file a complaint with the Registry on their web page. If a telemarketer is found to be in violation of the rules, they will be penalized with a hefty fine, up to $11,000 per violation.

Misconception #5 – If you add your number to the Do Not Call Registry, the privacy of your information will be compromised.

The reality – Your number is placed in the registry solely for telemarketers to use in updating their own do-not-call records every 31 days. Phone numbers may also be shared with law enforcement officials, but other than that, all information is stored securely and not shared with anyone else. 

Misconception #6 – Your registration will expire after 5 years.

The reality – Pending final Congressional approval to make the list permanent, your number won’t be dropped from the list after a 5-year period (or any other period).

Misconception #7 – There is a deadline for registering your number.

The reality – There is no deadline for adding your number to the National Do Not Call Registry. You can do it at any time.

To learn more about the National Do Not Call Registry, visit the FAQ page.

If you are a business that uses telemarketing techniques, you should make sure that you are in compliance with the National Do Not Call Registry guidelines. The registry’s website has some information for businesses that you can use to learn more, such as the cost for accessing the Do Not Call database (the first five area codes are free), the potential penalties for violations, and the specifics about what calls are exempt from the regulations.

Sources: www.donotcall.gov, www.ftc.gov, www.fcc.gov, www.snopes.com