Chapter 15: FAQs of Spam

1.

In my spam e-mails, why does the first and last name never really sound “right?” I get a lot of spam from people like Mohamed Jones. Why do spammers choose such bizarre names?

2.

I get a lot of spam that is completely blank. It is addressed to no one, has no body and is completely pointless in my opinion. Why was a message like this even sent out?

3.

I get spam that consists of just one URL in the body. I click on the URL and the Web site does not respond, therefore making the spam completely useless. Why?

4.

I just created an account at a free Web mail provider, I have not given this e-mail address to anyone yet but this morning when I checked it, the account had five spam messages. How is this possible?

5.

I previously bought a product from a spam e-mail with my credit card. Is this secure or safe? Can spammers get my credit card and use it without my consent?

6.

In Hypertext Markup Language (HTML) spam e-mails, the text in the message is always large, blue, and underlined. Why?

7.

Is OEM software really cheap, or is it just counterfeit? And if it is counterfeit, why don’t the FBI just shut down the shop or the spammer promoting it?

8.

I get tons of spam telling me to invest in a certain company listed on the NASDAQ or NYSE that is soon to announce huge profit gains. Is there any truth behind this and is this even legal?

9.

I am female and I am very annoyed that all of the spam I receive is male-orientated. Why don’t I ever receive any products for females? Women buy products too!

10.

All my spam contains unreadable subject lines composed of unreadable characters and a body that is equally as hard to read. It makes absolutely no sense and looks like complete gibberish. If the spam is meant for another language, why do they send it to me?

11.

Spam always contains a link to “unsubscribe.” Is it actually a good idea to unsubscribe or will I only receive more spam?

12.

My e-mail account receives very little spam and I am scared of this changing. Is it safe to give my e-mail account to legitimate companies for news lists and updates, or do most companies sell my information?

13.

Is there any truth behind any Nigerian scam spam. Was there ever any?

14.

Why does all my spam begin with the subject “SPAM.” Why doesn’t my spam filter just delete them if they are obviously spam?

15.

Do you have to visit pornographic sites to get pornographic spam?

16.

I am an American citizen and I just received some spam that was totally unsolicited and broke several points of the CAN-SPAM. I want to sue the spammer. Can I and how?

17.

Is it really worth being a spammer?

18.

I keep receiving the same spam message repeatedly, I never open the messages and just hit delete, but why doesn’t the spammer just realize that I do not read his spam and stop sending me these messages?

1.

The majority of mailing programs support using random first and last names, keeping the e-mail sender unique for each spam sent. However, there is no correlation between these first and last names, so names like Mohamed Jones that obviously do not fit together often pop up.

2.

There could be a few reasons for this. First a blank e-mail can be used as a way of brute force-verifying an e-mail account’s validity. Mail servers will often return a “Message delivered successfully” when the e-mail account exists, or a “Message not delivered” if the account does not exist. A blank message is the shortest message possible to send. Another reason might be a fault in the way the spammer is sending the spam. Perhaps the sending program or proxy server used has stripped out some content or is not working as expected. Such activity is often seen when spammers exploit Common Gateway Interfaces (CGIs) to send spam, but the CGI does not function as expected and sends a blank e-mail instead.

3.

When a spammer begins sending spam that promotes a Web site, that Web site and the Internet Service Provider (ISP) that hosts it will receive many compliant e-mails. Programs such as Spamcop (www.spamcop.net/) will actively send an e-mail to the ISP that hosts any Web site linked within a spam message. With the possibility of millions of e-mails being sent, many Web-hosting companies will close a spam-hosting Web site down very quickly, unless the hosting company is spam friendly. Spammers may be annoying, but the goal is to make money from their spam, so the URL probably did work when the spam e-mail was first sent, but after a few million complaint e-mails, it no longer exists.

4.

If you gave no one the e-mail address, the likelihood is that your Web mail provider sold or gave away your personal information. E-mail addresses and demographics are often sold to marketing companies, who then sell your personal information again to spammers. Read the terms and conditions of your account. There is probably a clause in there saying they are allowed to give your information to “Partners” or “Subsidiaries.” You agreed to these terms when you created the account, making what they are doing legal.

5.

This really depends on whom you actually bought the product from. If you bought a product from a third party that the spammer was only promoting for referral sales, then your information is probably safe. If you bought the product from a company the spammer owned, then I would be more dubious about the integrity of your credit card. If a spammer promotes www.pharmacypills.com and you buy a product from them, the spammer will not be able to see your credit card or even your name, just that “someone” bought a product.

Be careful when buying products online. Make sure the site looks “legitimate.” Additionally, make sure the site has an Secure Sockets Layer (SSL) certificate installed (this shows as a small padlock in the lower right hand corner). Although encryption is not a big worry, it shows that the company has gone to the effort of creating a certificate and this adds to their legitimacy. Also, look for a third-party billing agent, a separate company that handles the payment for products. These offer a certain level of legitimacy, but spammers have been known to create their own, fake online billing agency. The best rule is to use your own discretion and be careful. If you think someone may have your credit card details, go to your bank and get your credit card replaced. It’s better to be safe than sorry.

6.

This is done to look like a hyperlink in Internet Explorer. Mail clients do not often show HTML links as blue and underlined, so if a spammer specifically makes the text look like a link, recipients have a higher chance of clicking on it.

7.

Good question. Original Equipment Manufacturer (OEM) software is almost always pirated; the majority of products sold on these “OEM” sites, are not released in an OEM version. Products such as AutoCAD, 3DSMAX, and PhotoShop, are not created as an OEM package. What’s more, they can cost upward of $500.00 per copy. If someone is offering you a copy for $30.00, you can be sure it’s counterfeit. Be careful with counterfeit software. Even if the software works, you will be missing manuals, technical support, and the ability to update the software. Of more concern is the fact that using counterfeit software is illegal. If your company uses counterfeit software and the Business Software Alliance (BSA) finds out, you could face very substantial fines in the hundreds of thousands of dollars.

Such spammers are often shut down. There are many large raids each year on software counterfeiting. The problem is that software-counterfeiting companies often operate out of third world countries, where little or no laws exist around copyright fraud. There are simply too many people selling counterfeit software.

8.

No, this is not legal. The spammer in this case has a vested interest in a certain company’s stocks. By trying to convince others to buy these stocks, they are trying to make money for themselves. Be careful. It’s unlikely that this spammer has any inside information, but if they do you are legally liable if this information influences your stock purchase. Pay no attention to this spam and if you receive a lot of it, report it to the Federal Trade Commission (FTC). Influencing the stock market with spam may be creative, but it’s also illegal.

9.

Here is an interesting statistic I found from research I undertook with an e-mail marketing company. Males are twice as likely to buy a product from spam than females. This is why the majority of your spam is promoting male-based products. Although there is no shortage of products for females, women don’t spend money as easily on spam.

10.

Spam like this usually contains Unicode characters not within the English character set. Languages such as Chinese and Russian will render as strange American Standard Code for Information Interchange (ASCII) characters. Unless you have the correct character set installed, the spam probably does mean something, but in a different language. Why are you getting this spam? This is a spammer being lazy. Perhaps this spammer has a list of 100 million e-mail addresses and can’t be bothered filtering out only addresses that end in .ru (Russia) or .cn (China), or perhaps the spammer just doesn’t care who receives the message.

11.

This depends greatly on the person or company that sent you the spam. If the spam is from an upstanding company who obeys the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), then you have a good chance of being unsubscribed and not receiving any more spam from this company. However, if the spam came from a real spammer, someone out to ruthlessly make money, then it is a very bad idea to unsubscribe. Once you unsubscribe, you are telling the spammer that not only is your e-mail account valid, but that you read the spam sent to it. This makes you a valuable asset and you will receive much more spam. You can usually tell a spammer’s intentions from the body of the message. If a message contains fake headers, content designed to evade a spam filter, or any other piece of content that breaks the CAN-SPAM, then the spammer’s intentions are not pure and unsubscribing is not suggested. If the spam comes from a CAN-SPAM-compliant company, someone who has gone to the effort of making the message compliant, then you should not have any problems unsubscribing. Unsubscribe at your own discretion; think carefully before you unsubscribe.

12.

To be honest, there is very little you can do to stop this. Even if you give your e-mail address to a completely legitimate company who promises never to sell your details and whom you want to receive communication from, you may still receive spam. Hackers target mailing lists and often a company has no control if hackers steal their mailing list. My suggestion is to open a free Web mail account for any newsletter service you want to subscribe to. If the account becomes too cluttered with spam, stop using the account and open a new account. Using a throwaway account system allows you to subscribe only to the mailing lists you found useful previously. The majority of the time there are only one or two mailing lists you actually read, so this also allows you to keep down the amount of newsletters you receive while keeping one step ahead of spam.

13.

No. Nigerian scams have never had any truth behind them. Nigeria has become infamous for criminals running backhanded illegal operations throughout Africa. Since the early 1980s, Nigeria has been the largest country for bank and check fraud. It seems only natural that Nigerian criminals are now looking to the Internet to cash in on naive citizens of different countries. Again, there is absolutely no truth in their ploy. Do not listen to a word they say and if you are ever scammed by a Nigerian 419 scam, call your local secret service field office and report the crime (www.secretservice.gov/field_offices.shtml).

14.

Spammers are not adding this tag. Instead, your ISP’s spam filter is detecting the message is spam and is prefixing your message with this visible marker to warn you. Although you may hate spam, you would hate for your spam filter to delete legitimate e-mail even more. This is why many filters have a “tag and release” attitude toward spam, notifying the recipient that a message is probably spam but not deleting it.

15.

Ironically enough, yes. In most cases you do get pornographic spam from pornographic sites, but not always. Pornography is seen as a niche product and pornographic sites are only interested in reaching people who are genuinely interested in pornography. General Internet users do not make good targets for pornography, since many users are quickly offended and send complaints. Having said this, many pornographic Web sites will still target anyone with a credit card or an e-mail address. It depends on the Web site being promoted. In general, however, pornography is sent to a much smaller demographic than other types of spam. Perhaps you gave your e-mail address to a pornographic Web site once, or another adult-related product.

16.

Good question. Legally, if your server(s) received the e-mail and it was unsolicited in nature and you can prove this, then you can press legal action against the sender under the CAN-SPAM (or any local legislation your state may have in place).

First you need to lodge a formal complaint with legal authorities, then you need to track down the spammer. Tracking down a spammer can be very tedious, time-consuming work. However, some spammers do not hide their tracks very well, making tracking them down for prosecution very possible. You would press legal action in the same way you would sue someone for damages; obtain a lawyer (preferably someone who covers e-crime) and file a law suit. Good luck finding the assailant, though. Unless your spammer is a 14-year-old inexperienced youth, tracking the spammer down might cost more than receiving their spam.

17.

Apart from the stereotypes that spammers are labeled with and they are not the most liked people, spam is very worth it for some people. Sending spam can be a “rush”, a real fast-paced hobby that can be highly addictive; the possible financial gain is also very nice. Try walking into a designer store on 5th avenue and buying whatever you want, all from spam, it often feels very unreal, but sending spam is totally worth it!

18.

It’s actually much more effort for a spammer to detect that you read or don’t read spam than it is to simply keep sending you that spam. Often you will find email accounts you have never used in years will be full of spam messages, hundreds of very similar sales pitches, which are more than likely all from the same spammer. It’s easier to just keep sending you the same spam message than it is to detect and filter.