The Spam Champ Digest

Because I am not completely satisfied with WordPress’s archiving system, I thought I would improve user accessibility by creating a reading guide for the blog so you can pick and choose individual posts to read if you don’t feel like scrolling through the entire blog.

Chronological Order

What Is Spam?

Lions and Tigers and Spam, Oh My!

The Many Faces of E-mail Spam

The Story of the First Spam E-mail

There’s egg and spam, egg bacon and spam…

Spam: How do you do that voodoo that you do so well? Part One

Spam: How do you do that voodoo that you do so well? Part Two

The Why of Spam

Preventing Spam Part One: Spam Filters…Gotta Catch ‘Em All!

Preventing Spam Part Two: Personal Techniques

Preventing Spam Part Three: The Botnet Army

Solutions for Spam: The CAN-SPAM Act of 2003

Spam and Libraries

By Topic

Definition and Types of Spam

What Is Spam?

Lions and Tigers and Spam, Oh My!

The Many Faces of E-mail Spam

History of Spam

The Story of the First Spam E-mail

There’s egg and spam, egg bacon and spam…

How Spam Works and Why We Get It

Spam: How do you do that voodoo that you do so well? Part One

Spam: How do you do that voodoo that you do so well? Part Two

The Why of Spam

Spam Prevention

Preventing Spam Part One: Spam Filters…Gotta Catch ‘Em All!

Preventing Spam Part Two: Personal Techniques

Preventing Spam Part Three: The Botnet Army

Stopping or Regulating Spam

Solutions for Spam: The CAN-SPAM Act of 2003

Spam and Libraries

Spam and Libraries

Miscellaneous Posts

Link to the text of the first e-mail spam

Spam Champ’s first comment spam

Link to History of Spam Infographic

“Nice” Comment Spam

Spam Champ’s “nice” comment spam

 Pages

Don’t forget to check out the navigation bar, where you’ll find other content created for this blog.

An Introduction to the Blog

A Chronology of LIS Computer Technology

Some Parts Are Malicious: A Short Explanatory Film

What My Spam Folder Says About Me

Celebrity Spammers

All About Me, the Spam Champ

Advertisements

Spam and Libraries

I have one last topic I’d like to discuss on this blog before I finish it up for the semester, and that is spam and libraries.

There is surprisingly little literature about dealing with spam in libraries—but that doesn’t mean that it’s not an issue. Beyond the problems of e-mail spam sucking up much-needed time and bandwidth in libraries, libraries are charged not only with the protection of themselves, but also, to a certain degree, their patrons. Here are a few spam issues that are particular to libraries.

The Library Sends Spam?

No, of course not! Libraries do not send their patrons any electronic communications they did not opt into. But spam filters that dump all e-mails from an unrecognized sender will likely send newsletters and notifications from the library to your spam folder unless you add the library’s e-mail address to your contacts list or mark the e-mail as “not spam.”

I’ve learned from personal experience that when a patron says he or she has not received e-mail notifications from the library, it is usually because the notification was sent straight to the spam folder. In order to keep the lines of communication open between the library and the patron, library staff should alert patrons to the possibility that notifications and newsletters may be marked as spam by some e-mail services when they request e-mail communication from the library.

Staff Use of E-mail and Internet

As a library worker, I find it very comforting that there is an IS department we can call on to battle viruses for us, but I believe it is important that library staff are trained in online safety so we don’t wear out our knights in shining armor. Being aware of online risks like drive-by downloads and being able to identify and properly react to suspicious e-mails are vital skills that could save the library time and trouble. And, of course, keeping the library’s antivirus and spam filtering programs updated is a good weapon against spam.

Comment Spam

Library blogs and social media accounts are susceptible to comment spam, which can get so out of hand that sometimes administrators turn off the comment function (Oguz, F. & Holt, M., 2010, p. 174). This is not something libraries like to do because putting the kibosh on comments means they lose out on valuable interaction with the communities they serve (Oguz, F. & Holt, M., 2010, p. 174). Luckily, there are ways to avoid coming to that drastic solution to comment spam. In addition to using a spam filtering service, a Turing test like CAPTCHA, and/or personally moderating the comments, libraries are also advised by Porter & King (2009) to post a list of community discussion guidelines that includes the request that users not post any spam (p. 25).

(Image retrieved from http://bethwellington.files.wordpress.com/2009/09/spam.jpg)

Patron Computer Use and Spam: To Teach or Not to Teach?

This is a very tricky area because, on the one hand, most of us who work in libraries have our patrons’ best interests at heart and would not want to see them fall victim to an e-mail scam. On the other hand, we are also huge advocates of patron privacy and therefore do not want to stand over the shoulders of patrons reading their e-mail with them. The library also does not want to be held responsible for (or experience security threats because of) a patron’s use or misuse of the internet. This is why libraries have policies about patron computer and internet use. Below are a few samples of the policies of different libraries regarding internet security.

New Brunswick Free Public Library (2009):

 All library patrons have the right to confidentiality in their research and use of services provided by the library. The library supports the patron’s right to privacy [sic] however, patrons are advised that because of the open nature of the Internet, the library cannot guarantee the privacy of information or searching conducted at its public access computers. (9.2.8)

The library is not responsible for any virus, or damage to a patron’s text or other programs that results from the use of the wireless network. Users are solely responsible for the security and misuse of any device connected to the Internet service. Users accept sole responsibility for their data security and the loss, interception, or misuse of any data or personal information due to their connection to this service. (9.3.1)

Humboldt County Library (2000):

 Privacy cannot be guaranteed when using a Library computer. Users are cautioned that the Internet is not a secure medium and that privacy of electronic communication cannot be guaranteed.

Viruses: If the Library makes downloading available, patrons need to be aware that software downloaded from the Internet may contain a virus. The Library takes no responsibility for damage to patron owned hardware or software that might occur due to data downloaded by a patron while using Library Internet workstations.

Personal software: Patrons may not use their own software programs on Library Internet computers. This limitation is intended to help prevent the spread of viruses and to prevent unauthorized access to the Library and County computer networks.

As you can see, the common theme here is that, although libraries do warn their patrons about the risks of using the internet, it is ultimately the patron’s responsibility—not the library’s—to make sure he or she practices online safety. This policy extends to spam e-mails or other spam a patron encounters online while using the library’s computers and internet service.

While it may be hard to hear a patron talk about how they’ve recently become a multi-millionaire by helping a foreign prince access his funds, it is not our responsibility as library staff to correct that patron. Even when a patron asks a reference question about spam, it is not a good idea to get personally involved with his or her e-mail because the library could then be held responsible for any advice given to a patron by library staff. Instead, answer the question without using the patron’s actual e-mail as an example. Most libraries do offer online safety or “intro to the internet” classes, which are the perfect venue to educate patrons about the dangers of spam and how to identify and fight it without invading their privacy.

Compared to funding issues and the struggle to stay on the cutting edge of technology, spam certainly isn’t the largest problem that libraries face. However, spam is an annoyance that has been around nearly as long as the internet and will continue to be with us for a long time, if not forever. It is wise not to ignore it—at least long enough to hit the delete button and banish it from your sight.

At last, we have reached the end of this blog! I hope you have found it informative and entertaining. I have certainly learned a lot of valuable information that I can apply to both my professional and personal lives.

So long and farewell,

The Spam Champ

References

  • Oguz, F. & Holt, M. 2010. Library blogs and user participation: A survey about comment spam in library blogs. Library Hi Tech29(1), 173-188.
  • Porter, M. & King, D.L. 2009. Dealing with comments on your website. Public Libraries48(6), 23-25.

Solutions for Spam: The CAN-SPAM Act of 2003

Alright, cats and kittens, rockers and rollers…..we’ve been through the who, what, how, and why of spam, and what it takes to fight it. Now we’re going to look at how to stop it. For good.

(Image retrieved from https://cdn2.content.compendiumblog.com/uploads/user/8574d69b-b83b-102a-92aa-669ad046edd4/b379a9fe-3e00-456e-bd84-6d044347011a/Image/d36e874d372697df345623b0a4a301fa/stopspam.jpg)

The CAN-SPAM Act of 2003 is the U.S. federal government’s attempt to regulate spam by increasing the risks (read: jail time and/or hefty fines) of sending spam.

First, let’s take a look at what the law is supposed to do.

Because commercial speech is protected under the First Ammendment, the CAN-SPAM Act cannot outlaw all commercial messages in any format (Pike, G.H., 2007, p. 15). What it can do, however, is put restrictions on the content and purpose of commercial electronic messages, including text messages.

So, if a direct marketer wants to be able to spam you without getting in trouble with the law, he or she must meet certain requirements:

  • The message must include a visible, working opt-out function (Direct Marketing Association, 2004).
  • The message must not contain misleading subject lines or content and must announce itself as an advertisement or promotion. (Direct Marketing Association, 2004).
  • The body of the message must be relevant to and consistent with the subject line. (Direct Marketing Association, 2004).
  • The “from:” line must accurately represent the sender’s identity (Direct Marketing Association, 2004).
  • The message must contain an accurate postal address or phone number as an alternate means for the recipient to contact the sender (Direct Marketing Association, 2004).
  • The recipient’s e-mail address must be obtained through legal means, meaning not through e-mail harvesting or from an illegally purchased list of e-mails (Zhang, L., 2005, p. 319).
  • Sexually oriented messages must contain warning labels (Zhang, L., 2005, p. 318).
  • And, of course, the e-mail must not contain illegal content (such as child pornography), any abusive, predatory, or obscene content, or be used to conduct identity theft (Zhang, L., 2005, p. 319).

As long as unsolicited direct marketing e-mails meet these requirements, the spam is considered legal.

This seems all well and good until you look in your spam folder and none of the spam e-mails contained therein seem to comply with CAN-SPAM. Chances are, they don’t. In 2006, a study showed that only 0.27% of all unsolicited commercial e-mail complied with CAN-SPAM (Pike, G.H., 2007, p. 16). I could not find a more recent statistic than that, but just imagine what those figures look like today, six years later!

Needless to say, CAN-SPAM draws a lot of criticism because spam is still with us, and in greater numbers—perhaps because CAN-SPAM tells spammers how to spam legally.

In addition to that major flaw, the enforcement of CAN-SPAM leaves something to be desired. Because it only has jurisdiction in the U.S., it has no effect on spam that comes from outside the U.S. borders—which, unfortunately, is where most spam originates (Pike, G.H., 2007, p. 16).

The other problem with enforcement is that, while spammers may recognize the risks of not complying with CAN-SPAM, the cost is not enough to deter them from noncompliance: sending an e-mail costs them nothing and hiding behind a botnet makes it harder for the government to find and prosecute them (Rutenberg, D.J., 2011, p. 237). In the words of one spammer: “I do not think it [the CAN-SPAM Act] will have any effect in the short run, [sic] it is a little convoluted, it is untested, and the reality is who will bother enforcing it. [sic] The price it would cost to prosecute a spammer is a lot more than the cost of spamming” (Vircom, 2004, p. 9).

(Image retrieved from http://www.socialfollow.com/blog/wp-content/uploads/2011/02/spam-can-300×268.gif)

So, if CAN-SPAM isn’t doing the trick, how do we make it harder for spammers to spam?

Well, one idea that’s been around for a while comes from Bill Gates and Microsoft. First introduced in his 1995 book The Road Ahead, Gates’s idea to discourage spam effectively is a fee-based deterrent software in which e-mail from unfamiliar sources would be forced to offer up an amount of money—say, 30 cents per message—in order to deliver the e-mail (Maney, K., 2003). If you, the recipient, chose to open that spam e-mail, you would get the 30 cents. You could also choose not to accept the money if the message turned out to be from someone you knew. This method would make it more costly for spammers to send e-mails and thus not worth it.

A similar idea that has also been around for a while but is being more seriously discussed is an e-mail tax. Recently, Berkeley city councilman Gordon Wozniak proposed to add a tiny bit-tax to e-mail (hypothetically one cent per gigabit of e-mail) as a plan to provide revenue for the struggling United States Postal Service (Bradford, H., 2013).

The fringe effect of this tax would be that spammers would also have to pay an e-mail bit-tax, which may discourage them from trying to make money this way. While this method sounds promising, I wonder if this may not actually encourage spammers to use botnets and force unsuspecting users to pay the bit-tax for them or drive spammers to other spamming methods, such as web, SMS, or comment spam. I also do not like the idea of the internet (which is mostly free) being taxed. In any case, this solution could not be put into effect until the Internet Tax Freedom Act expires in 2014 (Bradford, H., 2013).

So what do you think? Would you support the e-mail tax to discourage spammers? Or do you think CAN-SPAM just needs to get more aggressive? Should CAN-SPAM require that all marketing e-mails must first be opted into (that is, a person must personally sign up for commercial e-mails) in order to be legal?

Until next time,

The Spam Champ

References

  • Pike, G.H. 2007. The CAN-SPAM act: Not canning spam. Information Today, March 2007, 15-16.
  • Rutenberg, D.J. 2011. Silence of the spam: Improving the CAN-SPAM act by including an expanded private cause of action. Vanderbilt Journal of Entertainment and Technology Law, 14(1), 225-252.
  • Zhang, L. 2005. The CAN-SPAM act: An insufficient response to the growing spam problem. Berkeley Technology Law Journal, 20(301), 301-332.

Preventing Spam Part Three: The Botnet Army

Botnets are a pretty terrifying aspect of spam, but never fear: the Spam Champ is here! Below you will find some ways to prevent, detect, and conquer those beastly botnets.

Prevention:

  • Disconnect from the internet when you’re not using your computer (OnGuardOnline.gov, 2011a). This makes it impossible for hackers to infiltrate your system.
  • Only open or download e-mail attachments if you are expecting to receive it or you know what it is (OnGuardOnline.gov, 2011a). Do not open just anything—even if it looks like it’s from someone you know.
  • By that same token, be wary of downloading free software: it often contains malware (OnGuardOnline.gov, 2011a).
  • Always update your operating system and security software (AVG, 2012). I know it can be annoying and time-consuming to download updates and restart your computer, but this easy prevention method provides the latest patches and software to keep your computer safe from the ever-evolving face of malware.
  • Install a Firewall to prevent malware from communicating with its command and control center (AVG, 2012).

Detection:

  • If your friends tell you they’ve been getting strange e-mails from you (or at least stranger than the ones you usually send), your computer may be a zombie (OnGuardOnline.gov, 2011a).
  • If your computer is running slowly or sluggishly, it may be a zombie (OnGuardOnline.gov, 2011a).
  • If you find e-mail messages in your “sent” folder that you didn’t send, your computer may be a zombie (OnGuardOnline, 2011a).
  • If your security software detects threats when you aren’t online, your computer may be a zombie (AVG, 2012).
  • If your internet usage suddenly and inexplicably increases or your internet service provider detects erratic behavior from your computer, it may be a zombie (AVG, 2012).
  • If your computer suddenly has a deep affinity for “Thriller” or attempts to eat your brains, it may be a zombie. Like, an actual zombie.

Rescue:

  • If you know your computer has been hacked or taken over by malware or a virus, disconnect from the internet immediately and run a security scan (OnGuardOnline.gov, 2011a).
  • Seek technical support from your computer’s manufacturer or other professional assistance (OnGuardOnline.gov, 2011b).
  • Start over and reinstall your operating system (AVG, 2012).

According to AVG (2012), botnets target the Microsoft Windows operating system almost exclusively because Windows is used by most businesses and homes. But don’t get too comfortable, Mac users. Just a year ago a trojan horse named Flashback hijacked over 600,000 Macs to form a Mac botnet (Claburn, 2012).

The important thing to remember is that no one is invincible. Even the smartest, most tech-savvy user can be duped by spam or malware. The best you can do is be wary, be practical, and be safe.

Catch you on the flip side,

The Spam Champ

References