What is spam?
Costs of spam
Innovative ways to combat spam
Preview of spamsux.com
What is spam?
Spam is flooding the Internet with many copies of the
same message, in an attempt to force the message on
people who would not otherwise choose to receive it.
offensive or illegal content
pyramid trading schemes
misleading or deceptive advertising
or even bona fide commercial marketing material
It is sometimes referred to as unsolicited bulk email or
unsolicited commercial email (UCE).
And we are ALL affected by it!!
More on spam
The first recorded incidence of spam occurred
in 1994 when a US law firm, Canter and
Siegel, put out a mass advertisement for an
immigration advocacy service they offered.
Two types of spam:
Usenet spam is a single message sent to 20 or
more Usenet newsgroups.
Email spam targets individual users with direct mail
Since then, spam has become a major issue—
which eventually led to federal legislation on
Can-Spam was signed by President Bush on
December 17, 2003.
As of Jan. 1, 2004, the first federal legislation
specifically directed at commercial email is
supposed to curb the amount of unwanted email
flooding our inboxes.
Penalties of up to $250 per message to a
maximum of $6 million per scammer imposed
on parties who violate this law.
Under the new law, commercial email is
perfectly fine to send if it complies with
only three stipulations.
It must be labeled as an advertisement or
It must give the recipient an opt-out option.
And it must include a postal address.
Shortfalls of CAN-SPAM
Many in the technical and legal professions have
questioned the government's ability to enforce
those restrictions and have criticized the way the
act supercedes stricter state laws.
In many states, preexisting antispam legislation
included the rights for citizens to sue spammers
directly or through class action lawsuits. Under
the new federal law, U.S. citizens no longer have
What critics are saying
"(Can-Spam) is an abomination at the federal
level," said Stanford law professor Lawrence
Lessig. "It's ineffective and it's affirmatively
harmful because it preempts state legislation.“
"It authorizes every offshore casino, every
Viagra peddler, every pornographer, to send you
as many messages as they want unless and
until you tell them, one-by-one, to stop,“ says an
attorney with Silicon Valley’s powerful Wilson,
Sonsini, Goodrich and Rosati.
Paragraph 12 of the Congressional
findings on CAN-SPAM act:
(12) The problems associated with the rapid
growth and abuse of unsolicited commercial
electronic mail cannot be solved by Federal
legislation alone. The development and
adoption of technological approaches and the
pursuit of cooperative efforts with other
countries will be necessary as well.
Costs of spam
According to Congress:
The receipt of unsolicited commercial e-mail
may result in costs to the recipients who
cannot refuse to accept such mail and who
incur costs for the storage of such mail, or for
the time spent accessing, reviewing, and
discarding such mail, or for both.
E-mail spam (contrasted to traditional junk
mail) is unique in that the receiver pays so
much more for it than the sender does.
Cost Comparison of Unsolicited Marketing Methods*
Cost to Sender Cost to Cost Borne by
Form ($) Recipient ($) Sender(%)
Telemarketing 1.00 0.10 91.00
Postal mail 0.75 0.10 88.00
Fax 0.03 0.10 23.00
Automated phone 0.07 0.10 41.00
Spam 0.00001 0.10 0.01
* All cost figures per contact are estimated.
Source: "SpamCon Foundation News," Issue #0008, 7 August 2001.
Volume of spam
Roughly 40 percent of all e-mail traffic in
the United States in the first half of 2003
was spam, up from 8 percent in late 2001,
according to Brightmail Inc., a major
vendor of anti-spam software.
By the end 2003, industry experts
predicted, fully half of all e-mail will be
Spam costs corporations big time
According to Ferris Research Inc., a San
Francisco consulting group, spam will cost
U.S. organizations more than $10 billion
This figure includes:
consumption of IT resources
and end-user support to deal with the problem.
Costs per corporate user
Filters (server level, and user level)
Blacklists (usually must pay for anti-spam tools which
utilize and regularly update their blacklists)
“No Spam at Any (CPU) Speed” (MSFT origin)
“Payment at risk” (MSFT origin)
“Trusted E-mail Open Standard”
DNS System Modification (MSFT origin)
If your mailbox is protected by a challenge-
response system, people who try to contact you
will be greeted with a response saying
something like "click on this link to deliver this
message" or "type in the word you see in the
In theory, well-designed challenge-response
utilities won't challenge mail from known
correspondents or mail that you've actually
asked to receive.
“No Spam at Any (CPU) Speed”
The theory behind this method is that a
sender's computer must solve a
cryptographic puzzle with its own
processor to get its message into a
The key is that the puzzle takes about 10
seconds to solve. There are only 80,000
seconds in a day, so a computer can only
send 8,000 messages in a single day.
“Payment at risk” (MSFT)
The "payment at risk" system would involve e-
mail recipients setting a level of payment that
would tax the sender, if its e-mail were rejected,
low or high, depending on how greatly recipients
were bothered by the unwanted e-mail.
The idea goes like this: If you receive an e-mail
from an old school friend, and you're happy to
receive it, the sender doesn't pay. If it's another
offer for that annoying little blue pill, you reject it,
and the spammer is forced to cough up.
“Trusted E-mail Open Standard”
TEOS is a new e-mail protocol that essentially
builds on the SMTP.
TEOS allows for more reliable identification of
the sender and includes machine-readable
descriptions or "assertions" about their e-mail's
content. It also establishes an encrypted, spoof-
proof "trust stamp" that appears in the body of
If implemented, experts recommend the
formation of an international, cross-industry
body to maintain this new standard.
DNS System Modification (MSFT)
The Domain Naming System is a distributed database,
maintained by a number of different companies that
provide domain names for Web site and e-mail
Microsoft would like to modify this system so that
individuals, companies and other organizations can
publish the identification numbers of their mail servers in
the DNS database.
In effect, this would let an e-mail recipient compare the
message's actual originating address with the address indicated
in its header. A difference there could help a spam filter
determine that a header is “spoofed,” increasing the likelihood
that the message is spam. Such messages could easily be
filtered or rejected.
Finally, I’ll be creating a webpage for my
project. There, users can find links to
articles, tools, and news about spam
Here is the preliminary layout: