Spam FAQ (Part 2)
Why do these spam mails have so many misspelled words and unusual symbols?
Because many anti-spam systems work by detecting certain words in the subject line or body of the message, spammers get around them by misspelling the words or replacing some of the letters with symbols that somewhat resemble them.
Why do spam messages contain long lists of random words, or quotations from books?
This is an attempt to fool more modern versions of anti-spam products, which detect spam through statistical analysis of the words in a message. Anti-spam companies are already working to ensure this sort of trick does not fool their products.
I want to complain about a nasty spam message. Who do I go to?
You can forward spam messages to the FTC's complaint address at email@example.com, and under the new anti-spam law (see below) the FTC is supposed to take action against the worst spammers. You should never reply to a spam message; most likely the address was fake and won't go anywhere, but it is also possible that the address of an innocent person was used as a fake. There is also a chance that the address goes to an automatic address-collecting program that will mark your address as "guaranteed live". Please do not forward spam to firstname.lastname@example.org unless you have a question about it, no matter how dubious or offensive that spam may be.
What sorts of frauds are common with spam?
Spammers have no incentive to establish good business relationships with their customers, because they don't know their customers, and in any case they keep shifting their identities to avoid the consequences of their actions. Thus it is extremely likely that any product ordered from a spam message will be defective, inferior, or simply never arrive at all. Another common type of spam fraud is the pyramid scam, which ranges from simple chain letters to elaborate multi-level marketing schemes that pretend to be similar to legitimate offline operations. These sorts of spam are a dime a dozen and not worth reporting; please don't forward them to UCS. However, there are far more serious types of fraud.
What are the more serious types of fraud?
Some spammers make their living through more major fraud; common examples include sending messages claiming to be from an official of a foreign bank asking for help in secretly transferring an enormous sum of money, and promising a sizable percentage as a reward. If you fall for it, eventually you will be asked for your bank account number "to deposit the funds." Other versions claim that you have won an international lottery, or that you should enter your credit card number into a web form to "verify your account with the bank". Some of these last varieties use web pages that are designed to look very much like the sites of legitimate companies such as eBay, PayPal, or various banks and credit card companies. (This practice is known as "phishing".) Legitimate companies never email customers and ask them to click a link in the email and enter account details; you should never click on a link in an email message unless you know for certain that it came from someone you trust. Note that it is possible for a link to look like it goes to one location, while really going to another, so the appearance of the link is no guarantee.
I got an email message that asked me to forward it to everyone I know, but it wasn't asking for money. Isn't that OK?
Not really. There are a lot of jokes or inspiring messages going around, as well as hoaxes about viruses, or any of a dozen other things. It might be interesting to send a funny joke on to a few friends, but anything beyond that does more harm than good. It is an especially bad idea to spread rumors or warnings whose source you do not know; they are almost guaranteed to be false.
I got an email message about a missing child, and it asked me to forward it to everyone I know! Isn't it worth it if it might save a child's life?
Most likely you aren't saving the child's life. In every single case where I've received such an email, a very quick bit of research revealed that the child was never missing, or had already been recovered. A good place to check on this sort of thing is the "Inboxer Rebellion" site at "http://www.snopes.com/inboxer/". The parent site, "http://www.snopes.com" is an informative and highly entertaining source for the truth behind Internet rumors and urban legends of many varieties.
Why are you talking about this sort of stuff in the spam FAQ?
Because it is just another type of spam. It is often less harmful than the more common kinds, but it is still spam.
A spam message gave me a link I can click on to get off their mailing list. Should I do it?
No. Most likely, the majority of the people who send those spams really intend to remove people who want to opt out of future emails. However, a significant number just ignore remove requests because it is too much trouble to deal with them, and others use remove requests as traps to verify that an address really is being read by someone. Such addresses can be put in "guaranteed live" lists and sold for much more money. If you click on unsubscribe links, you may get off a few lists, but it only takes one trapped link to get your address onto many more lists. The new anti-spam law (see next question) requires that opt-out requests be respected.
Isn't there a law against spam now?
Sort of. The CAN-SPAM act (Yes, this is really the title; it stands for "Controlling the Assault of Non-Solicited Pornography and Marketing") requires all spam to contain working opt-out links, prohibits the use of fake email headers, requires that sexually explicit messages carry a warning in their subject lines, and forbids the harvesting of addresses from the web. These things are all good, and this law is an important first step. However, under this law, any spammer can send at least one message to your inbox without penalty, and there is still no guarantee that unscrupulous spammers won't use fake opt-out links as traps for guaranteed live addresses. Also, the law only applies to people living in the USA, so spammers in other parts of the world are unaffected.
Where can I find out more?
One of the recognized authorities on the spam problem is CAUCE, the Coalition Against Unsolicited Commercial Email. Their website has a lot of useful and interesting information, including a FAQ (at "http://www.cauce.org/about/faq.shtml") that is much more in-depth than this one. Another informative website can be found at "http://spam.abuse.net/". An interesting case study of how an address spreads through mailing lists is available at "http://www.honet.com/Nadine/".
University Computing Services 503-838-8154 | or e-mail: email@example.com