SPAM Fight Losing Costly Battle

August 2, 2004
Print
Text Size:
A A

GRAND RAPIDS — Most area professionals spend at least a small portion of each day sorting through their e-mail inbox, often eliminating a number of unsolicited missives. But imagine their surprise when they begin to routinely receive e-mails from themselves offering Viagra at bargain basement prices.

It happens.

“Anyone can send you an e-mail that looks like it’s from anyone else,” said Bill Bereza, vice president of the software company Atomic Object. “One thing they’ll do a lot of, too, is that they’ll add in the ‘reply-to’ part of the header instructions to send any reply e-mail back to the address it’s being sent to, so it really does look like it’s coming from you.”

So when you send that nasty reply message, it just ends up in your own mailbox.

“If you have it set up so that the ‘from’ address is you and the ‘reply to’ address is you,” Bereza added, “then it has nowhere to go back to but yourself.”

The self-e-mailing concept is part of an increasingly popular next generation method of delivering SPAM and viruses through “spoofing,” the Trojan horse of SPAM. According to Brian King, an Internet security analyst with the CERT Coordination Center, one of the nation’s foremost reporting centers for issues concerning Internet security, spoofing is nothing new.

“It’s already a very common practice,” King said. “We’ve seen it for 10 years or more. It’s not really a difficult thing at all to do because mail protocol wasn’t designed to be secure. It’s a good way for spammers and others to hide and trick people into opening their mail.”

Bereza and his friends used to spoof each other with celebrity e-mails while students at Grand Valley State University. He demonstrated the practice with a message to the Business Journal from George W. Bush, and was even able to explain the six-command process of producing such an e-mail over the phone.

Most spoof e-mails aren’t manually generated, however, and some are downright dangerous.

“A lot of times it isn’t necessarily SPAM, as (much as) it is virus behavior,” said Charlie McGrath, director of creative services at Structure Interactive. “It’s a virus-generating SPAM, but it isn’t generating SPAM to sell something — it’s SPAM purely for the nuisance value.”

In a case like this, a virus may infect a computer, then walk through that computer’s address book, sending out e-mails to each contact. These may appear as traditional SPAM, purveying things such as mortgage refinancing and adult Web sites, but may also come with a large attachment with a copy of that same virus inside.

In this scenario, the e-mail actually is coming from that person.

“We had a situation a month back like that,” said Todd Gardner, director of network development for Internet service provider Iserv. “It occasionally happens where we’ll see someone’s e-mail sending out a boatload of SPAM, and we’ll give that person a call and say, ‘Hey, Sally, do you know you’re sending out a bunch of e-mails?’ And she’ll say, ‘I’m just little old Sally at the house here and I don’t know what you’re talking about.’ So then we’ll help her take that virus off.”

Most often, however, a SPAM or virile e-mail that appears to be coming from a friend or colleague probably isn’t.

While Bereza performed his prank manually, spammers use software programs to generate their mail, often operating not from a list, but in the same manner as most SPAM generating software.

“A lot it is just people shooting stuff in the dark,” said Dan Calabrese, principal of North Star Public Relations. “They say, ‘I’ve got this ability to reach millions of people, so I will.’”

When a normal user mistypes an address, an “undeliverable” response will come back from the server. In this fashion, SPAM software is able to discover live addresses without the use of lists. This is oftentimes seen in the “cc” line of an e-mail header.

“They keep track of these, and if it comes back, well, there is no sense sending any more there — it doesn’t exist,” Gardner said. “But this one here didn’t come back; I’ll put that one in a special place.”

When a spammer gets hold of a server address — (your company’s name here).com — it will generate baby name book e-mails to that server until all of its employees are properly saturated with SPAM. Then it will put those on a list for other spammers.

In order to stop spoof e-mails, a company needs to upgrade its SPAM filter to a tool that operates through a statistical analysis. “SPAM Assassin” is a popular open source solution for this.

Many filters block messages that contain certain words in the subject line. ISPs will block many of these, as well as many “blacklisted’ senders before they even reach a company or end user’s filter. Besides spoofing, many other SPAMs break through these filters by other means. For instance, as cockeyed.com illustrates, there are more than 6 trillion ways to spell Viagra.

What SPAM Assassin analyzes is a variety of factors in the content and sender of those e-mails for signs that it is SPAM. These include notables like the presence of numbers in the address, signature words in the content, and an origination from sites like Hotmail or Yahoo.

Even with the signing of the CAN-SPAM Act, the burden of stopping SPAM is not falling on regulators or spammers, but instead on end users and ISPs.

“As an Internet service provider we try to reduce the amount of SPAM our customers get,” Gardner said. “Every SPAM that comes in ties up disk space and takes bandwidth and time to delete — and the customers hate it.”

With its 40,000 customers, Iserv processes nearly 2 million e-mails a day, 1.2 to 1.4 million of which are instantly filtered out as SPAM. They were one of the most active lobbyists for the passing of anti-SPAM legislation, and one of the most disappointed when no changes occurred after its enactment.

“We had to buy all these bigger and beefier servers up front to strip the really obvious SPAM before it even gets to our customers,” Gardner said. “We’ve had to get a bigger pipe so that that SPAM can get through, and a bigger hard drive to store it. We have to manage and maintain filters. Then we have to deal with the possibility of deleting legitimate e-mail.”

Iserv’s filters block millions of junk e-mails a day, so the ones that get through are frustrating, especially when it turns out to be coming from a competitor.

In May, Triton Technologies sent out a pair of e-mails promoting the Whitecaps and Berlin Raceway to Iserv customers. The e-mails promised a pair of free screensavers and accompanying tickets to patrons that downloaded a Whitecaps or Berlin Raceway screensaver. The link also prominently featured promotions for Triton’s services.

Nearly 600 people responded to these e-mails.

“We follow the rules. If someone wants off the list, we take them off the list,” said Dennis Gramza, Triton’s director of sales and marketing. “It’s just silly. I get 350 pieces of junk e-mail a day. I don’t see why they want to go after us for giving away tickets to a Whitecaps game.”

There is actually somewhat of a feud between the two companies, as Triton alleges Iserv stole its logo.

“We went into a marketing agreement with Triton to help expose our company to their customers,” Whitecaps Director of Marketing John Guthrie said. “I was understanding that they had a list of people opted in to receive these e-mails. This was our first attempt at e-mail marketing, and we weren’t even actually doing it. We’ve avoided doing anything like that ourselves because we don’t completely understand it. Unfortunately, once you hand things over you lose control.

“I can say that with marketing today, it’s hard to get things to stick, and if it brought in 565 people, that’s a success.”

The Triton situation illustrates that SPAM does work, even if at a small percentage.

“If people stopped clicking on these links,” Gardner said, “SPAM would go away. We’d stop having things like spoof e-mails.”

Like many companies, McGrath conducts some campaigns at Structure Interactive through direct e-mail marketing, often times through newsletters.

“The important distinction is that it is consensual,” he said. “There is no ambiguity about that. I often times have customers that have a product that they think everyone will want, and they just want to buy a list. That’s just wrong; it’s just a nuisance. I’m sure that somewhere out there, there are people who honestly think that I’m interested in generic Viagra or lonely housewives.

“I tell those customers that if you do, they’ll ignore it, they’ll delete it, they’ll get mad at you and they’ll curse your name.”

McGrath also explained that he works to educate his customers in the use of newsletters. Mail focusing on news, rather than promotion, is much more likely to be read.

Is there hope for people burdened with unwanted e-mails?

Well, Atomic Object and Structure Interactive both have three levels of SPAM filtering, and both Bereza and McGrath still receive hundreds of SPAM e-mails each week.

Editor's Picks

Comments powered by Disqus