First, the stuff you already know. Swine Flu is spreading. The virus originated in Mexico and has since spread around the globe, with UPI reporting at least 148 cases worldwide and an increased alert level from the World Health Organization (up to a level 5, which is the highest it’s been since the 6-level system was put into place in 2005). Nearly 100 cases were reported in 11 U.S. states as of this morning, 51 of which are in New York. According to Bloomberg.com, the government has begun to warn of school closings and increased precautions (in Texas, several school districts are already closed, and high school sporting events have been canceled for more than 1 million students). Many deaths in Mexico are blamed on Swine Flu, though the exact number is something of a mystery. Drug companies are working on vaccines and stepping up production of antivirals, and everyone is bracing for the next announcement about how this disease is spreading. So if you weren’t taking it seriously before, it might be time to start. Like a virulent computer bug, this one spreads best via those who don’t take the right precautions to prevent it.

There are ways to protect yourself and your family from this virus. It is, after all, the flu, albeit a new and particularly brutal strain. Five to 20 percent of Americans catch the “regular” flu each year, and 36,000 Americans die from it, so while hospitalizations and deaths are expected from the Swine Flu, we can’t pretend that it’s causing the only flu-related deaths we’ve ever experienced. And since the Swine Flu spreads like the seasonal flu, hand washing, healthy living, good hygiene and a measure of caution are excellent precautions against catching it.

You know how we always remind you not to click on strange links, open files that are attached to strange emails, or give away your sensitive data to strangers? And how we encourage the use of anti-virus software to keep your files safe? That sort of common-sense behavior works the same for avoiding the flu: Don’t touch something if you don’t know where it came from or how clean it is, minimize contact with others, and keep your own hands as clean as possible.

Here are some flu-prevention tips from the Centers for Disease Control and Prevention (CDC) and others: Wash your hands with soap frequently, and encourage your family to do the same. Don’t shake hands with others or touch surfaces (such as desks, public phones and other communal surfaces) if you can help it. Avoid being in the proximity of anyone with a cough or sneeze, especially those who don’t bother to cover it. Cover your own coughs or sneezes with a tissue, and wash your hands after you cough or sneeze. Don’t touch your face, eyes, nose, mouth, etc. since viruses spread very easily through contact with the face. Take care of your overall health by eating right, staying active and getting enough sleep. And of course, stay home if you start feeling sick, and keep kids home from school if they start showing symptoms.  

What should you do if you DO have symptoms (which include a fever, cough, sore throat, headaches, body aches, chills, fatigue and occasionally diarrhea and vomiting)?  Stay home, get rest and drink plenty of fluids. Antivirals, available from your doctor, can help take the edge off the worst of it and help you get better faster. But if you or your kids start having difficulty breathing, or if you have confusion, dizziness or persistent vomiting, get to the hospital. This is not something to mess around with.

Be cautious, be safe, and keep washing those hands. And next time, we’ll be back to our usual tips on protecting your privacy and the environment, including signing up for the Privacy Council’s List Removal Service. You know, the one that takes you off the major marketing lists and cuts your junk mail to almost nothing… Feel free to sign up now while you’re thinking about it, and stay healthy!

Recently, the President’s office implemented the Homeowner Affordability and Stability Plan, which is designed to allow 7 to 9 million families to refinance or modify their home loans, thus avoiding foreclosure. Reuters reports that one in eight American households are late on payments or in foreclosure, so this aid could not come at a better time. Right on cue, though, the bailout-themed spam returned to my inbox, and I received several versions of the same email, below (sent from “President Obama,” subject line: “I have Signed the Largest Stimulus Package & there is $15 Billion available 4 u Today! see how”):

The text reads as follows:

“Do you watch Television, Read the Newspapers? If so, You would know that our Government Passed a $787 Billion Dollar “Stimulus” Plan. So, what does this mean to you right now? Probably NOTHING! That’s right, unless you are on Social Security whereby Our Government will be mailing a whopping $250 1 time check To those On Social Security, you will have to Dig Deep to see where YOU will benefit From this New Stimulus Plan!

“Now Don’t Trust Us to do your reading, do it yourself, But within the New Stimulus Plan Is an Opportunity to Get Your Hands A Piece of $2 Billion Dollars! All you have to do is know how to get your Piece of this $2 Billion Dollars That According to the Stimulus Plan WILL BE MADE AVAILABLE STARTING TODAY MARCH 4, 2009!

“So this is a First Come First Serve Type of Deal our Very Own Government Has Made!

“Our Question to you is as follows: Would You like to learn how to get a piece of this $15 Billion Dollars in as little as 1 Week? If YES, Use your common sense, you have nothing to lose only to gain by pressing below for FREE!

“Press here if You Want Guaranteed Free Money From The US Government in as little as 12 DAYS!”

Impressive, no? The random capitalization and poor grammar and punctuation really sell this gem.

Once you get into this email, you discover that it’s not actually FROM the government, despite the alleged source of President Obama (I doubt that the president uses “text talk” like “4 u” when he means “for you,” anyway). Also, you notice that the numbers are a little off… One line suggests a $2 Billion handout, another a $15 Billion stimulus. One paragraph says “as little as one week,” but the final line says “as little as 12 days.” Clearly, numbers are not the spammer’s strong suit.

You might also note that, while timed to go out during the week that the Homeowner Affordability and Stability Plan is in the spotlight, the email doesn’t actually address this plan at all. Rather, it refers to the stimulus package that President Obama signed into law a few weeks ago. That package, designed to provide relief to millions of Americans through a variety of tax cuts, aid for states and other initiatives, does not involve handing out cash to those who ask for it. Even those who make the request via a spam email link.

I have received this email (or some version of it) a few times a day whenever a financial plan or bill is in the news. The really shameful thing about it is that many Americans truly are hurting right now, with the economy struggling and layoffs increasing. This spam plays on the fear and despair of the American in trouble. It’s worse than playing on the insecurities of men with ED (”Click here for cheep V1@gra”) or on the greed of those who want inexpensive luxury (”Designer handbags available at knockoff prices!”). For all these reasons, it’s an easy inductee into the Marketing Hall of Shame.

Want to reduce the amount of spam, junk mail and telemarketing calls you receive? Privacy Council’s list removal service is the answer. Sign up for Privacy Council today and see fewer emails from “President Obama” or any other spammers in your inbox. You’ll also be doing the environment a favor by saving a few trees’ worth of junk mail! Click here to get your name removed from the lists.

First, consider Janet Nelson, whom we learned about via Art News Blog. She’s behind the “A Planet Named Janet” blog, and she uses spam subject lines to create single-panel comics. The series of cartoons, called “Innocent Spam,” reinterprets spam subjects in more family-friendly, hilarious ways. As Janet herself says on her page, “Wouldn’t it be nice if all spam were innocent?” She places the cartoons into her blog periodically, so be sure to visit her site if you’d like a few laughs at the expense of clueless spammers. 

Also, check out Linzie Hunter and her series of Spam One Liners. We found this artist through Art News Blog, as well, and her use of spam subject lines is just as entertaining and creative as Janet Nelson’s. Linzie is a U.K. artist who turns spam subject lines into colorful, playful postcards and prints. She recently released a book of her creations, called Secret Weapon: 30 Hand Painted Spam Postcards (link goes to Amazon.com, where the book retailed for $9.95 as of 1/4/08). According to her bio on Amazon.com, she enjoys traditional print-making and book-binding when she’s not creating digital freelance artwork for a variety of clients (or making beautiful pieces of art from the unsolicited emails in her inbox).

Finally, don’t miss Alex Dragulescu, a computer artist who grows digital ”spam plants.” As we learned from both Alex’s site and CNET, Alex created algorithms that analyze the data and text contained within spam email messages and then create plantlike artwork from the findings. The spam plants expand and develop based on the spam that comes through the system, a process that Alex notes can serve to illustrate how technology changes art. As he told CNET, ”My efforts (have been) to expose the ubiquitous forms in which data and technology are both actively and passively shaping the ways we perceive and construct ourselves and others.” And for Alex, it all started with the spam messages that annoy and frustrate the rest of us. He claims that spam led him to see text differently, and the artistic creations that bloom from his algorithms are delightfully unique, thanks to spammers trying to unload everything from shady prescriptions to knockoff watches.  

With the rest of us struggling to handle the onslaught of unsolicited email messages, it’s good to know that some people are turning the annoyance of spam into creations of beauty, humor and art. So the next time you shudder at the thought of your email inbox, maybe you should consider buying some paintbrushes or grabbing a sketching pencil and unleashing your own creative side.

Sources for this article: A Planet Named Janet, Art News Blog, Linzie Hunter’s webpage, CNET, Alex Dragulescu’s page

Recent reports indicate a rise in text message phishing. Phishing, for those not in the know, means sending messages that claim to be from banks or other financial institutions and which use fear and urgency (”Your account will be closed immediately unless you respond”) to try to trick victims into giving up their sensitive information. Cell phone text messaging had already become an avenue for spam messages, which are annoying but not particularly dangerous from an identity theft perspective. Now, the combination of spam texts and illegal intent has led to a rise in text messages that try to provoke a response. The response that the phishers want contains your Social Security number, bank account number or other private information. It’s the same old thieves wearing a newer, cooler costume.

The most recent major text-message phishing scam was reported nationwide just a few weeks ago. In this particular effort, phishers sent untold numbers of bogus text messages, claiming to represent U.S. Bank. The messages said, “Dear US Bank member, your account with us is closed due to unusual activity, call us at [number withheld].” The recipients represented customers of various cell phone providers and were not necessarily U.S. Bank customers. Like many email phishing schemes, this one had a broad scope in the hopes of getting a few victims to nibble at the bait. It’s difficult to know how many people fell for the scam, but the three return phone numbers that were known to be used in the phishing texts have been shut down by the state.

Banks, meanwhile, must now work to make sure that customers who benefit from their mobile banking services aren’t burned by the same technology. U.S. Bank issued a statement shortly after the phishing attempts were reported, reminding account holders that U.S. Bank does not request sensitive information via email, phone call or text message. CIBC, the Canadian Imperial Bank of Commerce, is one of many financial institutions providing additional information online about phishing, including ways to check for an email’s legitimacy and ways to report fraudulent communications. Most banking websites include safety and security information for consumers, even if consumers don’t always read or heed the warnings.

The advice, of course, has been heard before: treat suspicious texts the same way you treat suspicious emails. Don’t reply, don’t call any phone numbers listed, and don’t go to any websites suggested in the message. If you do receive a message claiming to be from your bank, call your local bank office or a trusted customer service representative (using a number you already know to be valid) to investigate the issue. Remember, no bank is immune to being used as text-phishing bait (Oregon-based Bank of the Cascades was used as a phishing front several months ago, for example, so scammers aren’t limiting their phishing efforts to national banks), and no cell-phone-toting consumer is immune from the potential attack.

If you still have doubts about mobile banking, you can elect to discontinue it entirely. As IdentityTheft.com noted, mobile banking has many pros (including ease of use, free updates and no account numbers sent in text messages), but it also has many cons (including potential lack of encryption, lack of security and lack of anti-virus software in some phones). The site notes that the technology is still fairly new and untested and suggests asking both the bank and the cell phone provider about the security of the systems used before signing on for mobile banking, just in case. When in doubt, consumers can just skip the mobile updates and do their banking the old-fashioned way (well, as old-fashioned as “online” can be). That way, ANY text messages that claim to represent the bank can be known as fraudulent the minute they arrive on one’s phone.

Sources for this article: Minneapolis Star Tribune, CIBC, IdentityTheft.com, ConsumerAffairs.com

This spam message enters the Hall of Shame for a few reasons. One, it’s blatantly trying to capitalize on the negativity of the current economic climate. The best spam draws on the opportunities that are available, after all, and this one certainly fits that bill. Many people are afraid of foreclosure, and playing to that fear is a powerful method to gain attention. The emotional manipulation begins with the title of the message itself: “Behind on House Payments? Don’t go into Foreclosure!” Gosh, maybe I AM behind on my payments! I fear foreclosure! And exclamation points make me excitable and nervous!

Two, it’s persistent. The spammers behind this message want to be certain that EVERYONE receives it, and that they receive it enough times for the message to sink in. Over the past three days, I received this message in my spam email box a total of 18 times. That’s some very determined spam! I guess I see their point, because you never know, I might have missed the first 17 emails that came through, so that 18th one was important.

Three, the message itself contains carefully-chosen imagery that further manipulates the reader’s emotions on a subconscious level. See the smiling, all-American family, posed in front of the home they hold so dear? See the combination of American flag and America itself, indicating patriotism and all the great things about this country? See the holiday artwork, evoking further feelings of family and home? And of course, see the scary threat of foreclosure in red and white, with the calm, rational solution in soothing blue? Every visual piece of this spam is calculated for maximum emotional impact. There’s no way your subconscious can avoid equating loan modification with mom, the flag and apple pie.

Last, it’s vague. How do you modify your loan and save your home? There’s no way to know for sure from this ad. What about the pull-down menus? They don’t actually work, it turns out. Is there any information at all that might explain how this loan modification thing works? Nope. You’re supposed to simply trust the emotional imagery and fear the potential consequences enough to click the ad and start the process. Simple enough!

Congratulations to the loan modification spammers for your persistence, timeliness, vagueness and emotional manipulation! It’s all earned you a spot in the Marketing Hall of Shame.

Consider the case of James McGrath Morris, who publishes an email newsletter called “The Biographer’s Craft.” When some of his readers were not receiving the newsletter, he ran his copy through a spam checker. Use of the phrases “young adult” (as in literature), “getting nasty” (referring to a legal matter) and “hot” (in reference to what’s popular in books) were red flags, so to many spam filters, his content was questionable enough to block it from those at the other end of the email stream. Context was irrelevant.

Or consider Mike Fratto, a writer at InformationWeek.com who reported that one of the site’s visitors was having trouble forwarding spam to the FTC’s spam reporting email address (spam@uce.gov) because the forward was — what else? — blocked by a spam filter. The same email, when forwarded to Mike himself, also ended up in the junk email folder.

It’s reasonable to expect some normal emails to fall into the spam filter through unlucky phrasing, but the problem has begun to increase. When Morris asked a professional about lowering his spam-check score, the answer was simple: he just had to censor himself and change any questionable phrases to different ones. But that, as he notes, creates a slippery slope as spam filters try to keep up with more sophisticated junk email onslaughts. “If I surrender those words now,” he writes, “what might I be asked to give up next month?” He muses about ordinary writers becoming stymied in their craft when spam filters trip them up for using phrases like “beastly behavior,” Lolita” or “swelling ranks of investors.” Those who write and distribute email newsletters are fighting a battle of words against software, with strict self-censorship as a result. Writers have had to begun to write for the filters, not for the audience.

In addition to screening for key words and phrases, some filters also check for “bad reputations” from mail servers and IP addresses. If a given server or IP address has been used by spammers, it could end up on a list that makes content from that server or IP address automatically questionable to spam filters. These lists change constantly, and as Fratto notes, it’s hard to get one’s server or IP address removed from the list. Morris experienced this sort of frustrating filtering when his IP address turned up on a list of questionable sources at www.spamhaus.org. The Spamhaus Project claims to maintain the list free of charge to keep email administrators in the loop on spam sources, but Morris hadn’t sent any spam from his IP address. Later, when he checked his IP address again, it was no longer on the list, or on any other lists he checked.

These sorts of restrictive filtering and quiet blacklisting are an obvious problem with spam filters today. What complicates matters is that the person sending the email might not know that their IP address or server is on a black list (the list keepers don’t notify those who are listed; they just maintain the lists), and those who receive an email that is labeled a spam message may never see it, as it’s usually diverted into a junk mail folder or deleted entirely without notifying the recipient. In my own case, Yahoo! puts my spam into a junk mail folder and tells me when I have new messages there, but it’s up to me to wade through the hundreds of spam emails I receive in a day to make sure that no legitimate email is being sent there in error. If I delete the contents of the spam folder, they’re gone, bypassing the “trash” folder completely and going out into the ether. 

And to add insult to injury, many spam messages still slip by the filters and into my inbox.

What can be done to make spam filters and blacklists more aware of context and intent in email? Not much, unless we’re willing to open up the restrictions and allow more spam to reach our inboxes as a result. The price of protection from unsolicited advertising in our email is that some emails will be filtered that shouldn’t be. So which is more important: access to the information, or protection from the noise? For now, that’s an individual choice. You can help the filters perform at their best by putting desired addresses on your email “approved” list, removing yourself from as many spam lists as possible, and checking your junk mail box periodically to see if any legit messages fall through the cracks.

The vast majority of emails sent today are spam… We just have to do what we can to make sure that the filters we use don’t eventually consider ALL email spam.

Sources for this article: InformationWeek, The Hartford Courant, The Spamhaus Project

It seems amazing that a single firm can be responsible for so much spam traffic. Security researchers have been watching McColo and collecting evidence of wrongdoing for over a year, and they were the ones who eventually brought the evidence to McColo’s ISPs and asked for the shutdown. U.S. law enforcement officials aren’t giving statements about the case or about the potential repercussions for McColo’s spamming actions. After all, firms like McColo provide a service, and they frequently claim ignorance when a client misuses that service, making them tough to blame for annoyances like spam traffic. Shutting them down is frequently difficult, because as frustrating as spam is, it isn’t illegal. In this case, McColo might have broken no laws, and they haven’t been charged with any crime. The spam decrease, however, is a welcome change for the companies and consumers who monitor its traffic. 

Of course, the respite won’t last; experts caution that the slowdown in spam is only temporary because other servers will start taking up the slack. In fact, you might have noticed your spam inbox filling up once again with the usual assortment of ads and scams. But we can take some hope from this case, at least. Everyone from the security professional to the average consumer is fed up with spam, and finally, some steps are being taken to help curtail it. Perhaps more pressure from a frustrated community could help to shut down additional spam servers worldwide, or perhaps a “Do Not Spam” list will eventually be created to spare our accounts from the onslaught. With annoying sales pitches, false advertising and identity-stealing scams peppering our email accounts daily, a change can’t come too soon.  

Sources for this article: The Washington Post. Photo courtesy of freedigitalphotos.net.

Lose Weight With Your Mate! – Flush out up to 25 pounds – Remove Deadly Toxic Buildup – Relieve Constipation and Bloating – Best of all, you can try it FREE!* Get Your FREE Bottle and Colon Health Kit Today! http://z12.e-booksmarts.com/r/777/3448727/830.htm *Plus S&H Unsubscribe: http://z12.e-booksmarts.com/r/777/3448727/831.htm ColonMed700 3600 Oceanview, Glendale CA 91208

Here are the things that really jump out at me from this spam message:

1. Of course, it was unsolicited, which is what makes it spam. But it’s so far from anything I might have wanted to know about that it’s not even remotely linked to my buying preferences and interests. I can’t imagine a moment in which I might want to read about colon cleaners in my email, and yet, here it is.

2. “Lose weight with your mate” – What does this have to do with anything? Does my mate have to be a part of this cleansing process? What if I’m mate-free? This phrase is probably there for the rhyming catchiness and for the fact that everyone likes to do things with their mates (although hawking a colon-cleaning product as a bonding benefit for couples might not work the way they expect).

3. “Flush out up to 25 pounds” – I get the charming “flush” reference, but 25 pounds?? I suspect that my entire intestinal weight is less than that, let alone what’s in my system. So now I have a healthy fear of this product, since I’m pretty sure most of my internal organs would have to be removed in order to reach that touted 25-pound weight loss. Truth in advertising? I certainly hope not.

4. “Remove deadly toxic buildup” – There are deadly toxins building up in my body?? Maybe so, but I doubt a laxative will fix that. The use of “deadly,” however, is a classic scare tactic to motivate buyers. Too bad the spammers probably lost most readers before they even reached that line, thanks to number 5…

5. The text above is the entire contents of the spam message. It has no graphics, no fonts, no testimonials, and no more information about the product. It’s so small and plain that it breaks almost every rule of visual marketing. As a means of sucking people in, this falls very short. After all, even if I hadn’t been in the market for a colon cleaner, a snazzy message with bright colors and happy customers might have intrigued me. In theory, anyway.

6. FREE – They mention “free” twice, in big letters. Really, they claim, it’s free! Except for that tiny asterisk that notes the added, undisclosed cost of shipping and handling. They also say you can “try it” free, not just get it free; in most cases, “try it free” means “you get a short trial period until we start charging your credit card for the astronomical recurring costs of this product,” at which point you end up frustrated and trying to cancel the charges before they add up. In just about every case, “FREE” isn’t free at all, but spammers love to use it.

7. The date – What you can’t see in the text alone is that the email was date-stamped on 1/18/2037. Since that’s in the future, the email will stay on the top of the inbox as long as the user doesn’t delete it, keeping the lovely colon-cleansing ad front and center for as long as possible. Lots of spammers mess with the dates on emails in order to manipulate where they end up in the inbox. Some take the opposite tactic and put a much older date on the email, making the new message appear at the bottom of the list so that the user has to hunt for it in order to delete it.

8. The small bit of good news: The spam does include an unsubscribe link and an address for the company, and while either or both of those might be bogus, it’s a nice touch that almost makes it appear that the marketing company would rather not send you colon cleaning ads if you don’t want them.

So for this spam ad’s unsolicited nature, random content, dishonest advertising, manipulation of the calendar and unappealing design, it officially becomes part of the Marketing Hall of Shame! Congratulations! Sort of.

You can imagine my confusion: I hadn’t sent any spam emails selling vitamins and supplements, but I was receiving the undeliverable spam messages back to my account. Sure enough, in each message, the “return” address was listed as mine! Now I was concerned. I followed the link in the emails and contacted the company about the my email address being used as the return address on their spam messages (no one responded to me). I also contacted Yahoo! and let them know that I was receiving these “undeliverable” messages, but that I hadn’t sent them in the first place. In short, I was inconvenienced, annoyed, and slightly violated because of spammers using my perfectly legitimate email account as their own return contact.

As it turns out, I wasn’t alone in my “undeliverable” spam troubles, and this problem is growing worse. There’s even a name for it: Backscatter spam.

According to USA Today, backscatter spam now makes up 3 percent of all email sent, and it clogs up the email accounts of hapless users. Backscatter spam consists of NDR (undeliverable) messages, but it’s also floods of “out of office” autoreply messages, waves of “confirm your subscription to our service” emails, and misdirected virus alerts. Spammers create this problem by collecting legit email addresses (like mine), often by employing viruses that attack corporate databases and steal the data. Email addresses that have been in use for a long time (again, like mine) tend to be good targets because they’ve been “floating” around in cyberspace for a while. The real email addresses are then “spoofed” so that any emails the spammers send look like they’re coming from the real email accounts, not from the spammersthemselves. The holder of the legit account is unaware of all of this, meanwhile, until the “undeliverable” spam emails – those sent to inactiveaddresses that can’t receive email – start bouncing back. They go to the return address that the spammers provided, which of course is the one that belongs to the victim. The bounced messages can pack the victim’s inbox full and create a very large headache.

Why would spammers do this? Aside from the obvious desire to avoid bounce-back emails themselves, spammers know that most emails sent without a valid “From:” address (or those sent from addresses and/or domains that are known as spam originators and are blocked accordingly) don’t reach their destinations. A forged return address gives an air of legitimacy to the mailing. The spammers aren’t using your server for their mass mailing; they’re just using your email address in the “From:” field.

How many messages are we really talking about here? Spam email lists are notoriously inaccurate, as a high percentage of the emails on the lists are no longer active or deliverable. Of the undeliverable emails sent, most will simply disappear, but 7-10% of the emails will be accepted by the server on the other end, then sent back as undeliverable later. These are the bounce-backs that end up causing the problem. As Al Iverson wrote on his Spam Resource blog, the math is simple: if a spammer sends 2 million messages in a single mailing, and 40% of the email addresses he uses are invalid, and 9% of those invalid addresses send the message back as undeliverable, that means that 72,000 bounce notifications will go to the return address listed on the spam emails. And that address might be yours or mine.

So what can you do? For one thing, don’t contribute to backscatter yourself. Don’t use a “challenge/response” anti-spam program, since your automated challenge/response messages are a form of backscatter, and they make life more difficult for other legitimate users. Also, don’t use an “out of office” auto-response message if you can help it… Again, this is a form of backscatter, and worse, it lets spammersknow that your address is active. Finally, don’t use a fake bounce-back anti-spam system (a system that sends fake bounce-backs in response to spam in the hope that spammers will take your address off their lists when the spam is undeliverable) – your bounce-back doesn’t go to the spammer, as we’ve already made clear. It goes to a victim whose email address was spoofed as the spammer’s return address, and your bounced message just becomes another of the backscatter messages that the victim receives. Since the spammers never receive the bounced message, they don’t update their own mailing lists based on the bounces, so the fake bounce-back systems are pretty useless.

As for stopping backscatter from hitting your own inbox, it’s generally hard to prevent it if a spammer has used your email address in the “From:” field. A spam filter sometimes helps to stem the tide a bit, so make sure you have one. Also, if you have a domain with a catch-all mailbox (an email inbox that catches any emails sent to your domain that aren’t sent to a specific user’s mailbox), you can deactivate the catch-all, since most backscatter spam heading for your domain will end up there as the spammers try different variations of emails for the return address. Check with your ISP or hosting provider on how to eliminate the catch-all address while still receiving emails directed at specific mailboxes or at certain required accounts, such as “postmaster.”

Backscatter is annoying, but if you get spoofed and end up with an inbox full of undeliverable email, you can rest assured that your reputation is probably safe. Few people in today’s world of spam email believe that the “From:” address in a spam message is the actual source of the message. If you do get backlash from an angry Internet user, show them this article; after all, they might be the next personspoofed by spammers.

Sources for this article: USA Today, Al Iverson’s Spam Resource blog, SpamNation

Photo attributed to freezelight, posted to Flickr, licensed under Creative Commons Attribution-Share Alike 3.0

The answer is as simple as it is frustrating: Spam works.

Up until recently, the general belief was that spam received low response rates, meaning that a million spam messages sent might result in 10 purchases, tops. But on August 19, the Internet security company Marshal released a study regarding the success of spam email marketing. It found that not only were people reading their spam emails, but that 29% of Internet users surveyed admitted to actually BUYING something from a spam email. Perhaps not surprisingly, the most popular items purchased were sexual-enhancement products, adult material, pirated software and luxury items, many of which are knock-offs.

And before we can assume that “regular” people don’t buy anything from spam, we must remember what the spammers are selling. Marshal’s VP of Products, Bradley Anstis, said, “The Internet provides convenience and a degree of anonymity to people who want to buy illegal or restricted goods. It is a black market and spam has become a conventional means of advertising to a willing audience of millions of people who are purchasing from spam.” Worse, most of those who admitted to buying from spam also admitting to buying multiple times from spam. A similar poll by Forrester Research in 2004 found that fewer people (20%) were buying products from spam emails, which means that, if this recent survey is accurate, the percentage of spam-buyers has gone up significantly in 4 years.

Can this be true? Can almost one-third of Internet users actually be misled enough to buy things advertised in spam? That doesn’t inspire a lot of hope for the fight against unsolicited email marketing. After all, maybe the spammers are actually giving people what they want: an anonymous way to buy questionable stuff they can’t get elsewhere.

Before we get too despondent, it helps to keep in mind that the poll surveyed just 622 people, hardly a representative sample of Internet users. In fact, that’s a less than .0002% sampling of the roughly 360 million people using the Internet (according to Download Squad). Add to this the fact that there is some skepticism regarding the veracity of these numbers because of the small sample and the data gathering method in general (Terry Zink’s anti-spam blog, for example, raises questions about whether so many people would actually make purchases from their spam folders). Even aside from the skepticism, one can find instances of general “who cares?” attitudes about the number of purchases made through spam; as Lee Mathews of Download Squadput it, “People decide to buy things from all kinds of unwanted sources: flyers, stickers, magazine insert cards, bumper stickers, board signs at hockey games. Why is it big news that people buy products advertised in spam?” He’s got a point; we assume spam is widely disdained, but every unsolicited marketing campaign can find a handful of people willing to buy from it. 

Still, spam is annoying to most of us, and in recent years, spam messaging has grown by leaps and bounds; the Marshal TRACE (Threat Research and Content Engineering) team found that global spam volume doubled for the year ending in June 2008, with approximately 150 billion spam messages sent per day. That, according to Marshal, accounts for more than 85 percent of the total emails sent around the world, and because it uses bandwidth and resources (and also because it’s increasingly becoming a means to spread malware), it’s a major problem for Internet security professionals and for the public in general. It’s true that most of the spam ends up filtered, so it’s just a small percentage that makes it into a user’s inbox. But once it gets to the inbox, the response rates go up much higher than the 10-purchases-per-million-messages estimate.

Thanks to the advent of botnets (which infect regular people’s computers and allow criminals to send messages without the need for their own servers) and the sheer cheapness of spam messaging (Marshal estimates the cost can be as low as $5-10 US for a million messages), spam is a very lucrative endeavor for those selling less-than-legitimate products and services. But it wouldn’t be worthwhile at all, of course, if people didn’t buy what the spammers were selling. As the website SpamDontBuyIt.orgpoints out, “if you buy products or services from spam email, you are just as guilty as the spammers for creating the problem.” It’s a simple supply-and-demand equation: if spam didn’t pay, spammers wouldn’t do it. Which means we, as Internet users, must take a little responsibility for the ever-increasing pile of spam emails in our inboxes.

Seems obvious, but up to 29% of Internet users don’t seem to understand. Or maybe they just don’t care. Either way, you can take ownership for your own role in the spam problem: Don’t buy what you see in spam.

Sources for this article: Marshal, SpamDontBuyIt.org, Download Squad, Terry Zink’s anti-spam blog