A Better Way To Measure The Spam Flood

Here’s an interesting take on spam which helps illustrate how big a problem it has become.

Florida-based email service ZeroSpam Net (0SpamNet) says (via email, afraid no URL available at time of writing) that current methods of measuring spam, as a percentage of total email traffic, has become meaningless.

Two years ago, seeing Spam grow from 60% to 70% in a month or two had some meaning. Over the last couple of months the impact of Spam growing from 85% to 90% has been lost by being reported as a percentage. That last 5% of growth as a percentage of total traffic represents a 50% growth in the total volume of Spam. Measurement of Spam volume as a percentage of total traffic is a poor indicator of the ever increasing size of the Spam problem.

Instead it proposes an index, which it calls the ZSN Spam Index, which accounts for spam and legitimate email growth against a constant reference value of 100 valid messages. This takes into account the increase in normal email traffic — roughly 12% per year. The index goes back to November 2002, with a value of 66.67 — i.e. about 67 spam messages for every 100 valid emails. Now the index is at 782.12. That’s 800 spam messages for every 100 valid ones. Gasp.

Here’s the chart (PDF).

Why do people never talk about CAN-SPAM anymore, I wonder?

Email Marketers Peer Into Your Inbox

Email marketers can now peer into your inbox to see whether their emails are getting through.

ExactTarget, an Indianopolis-based company that “delivers on-demand email software solutions for permission- based email marketing” to companies like The Home Depot, General Mills, Scotts and Bristol-Myers Squibb is now offering a service that peers into users’ inboxes at their local ISP to check whether their email marketing newsletters are getting through or getting binned as spam. The product: Inbox Detective.

According to ExactTarget, more than 20 percent of legitimate email never gets through spam filters — numbers, as Chris Baggott, co-founder and chief marketing officer of ExactTarget puts it, that “should be unacceptable to a marketer.”

The ExactTarget Inbox Detective, allows marketers “to peer into the Inbox at the top 21 ISPs to get a quick snapshot of their actual delivery rates”. From there marketers can “track what percentage of email is reaching the inbox, which are being redirected to the bulk folder and which are being discarded.” All this can be done “in real-time, so problem areas can be identified and adjustments can be made.”

Another thing the Inbox Detective does is “keep emails away from content filters, which are the most widely used spam prevention technique, and also often erroneously catch legitimate permission email”. This it does by analysing “email content against major spam filters and black lists before sending”, so the marketer can “receive real-time advice on what content changes are needed to maximize email delivery”.

While I can quite understand that there are lots of legitimate email marketing companies out there, and lots of companies trying to run legitimate email newsletters, the Inbox Detective, as described in the ExactTarget press release, raises some troubling questions about the privacy of users’ inboxes at their ISP.

And, if ExactTarget can peer into inboxes of email providers such as Gmail, AOL, Yahoo, Hotmail, MSN, Earthlink, Comcast, AT&T and RoadRunner, who else might be able to?

Are Spam Lawsuits A Waste Of Time?

Not everyone thinks the big boys are on the right track by pursuing spammers in the courts.

Postini, ‘the industry’s leading provider of email security and management for the enterprise’, says spam “cannot be solved by lawsuits and legislation alone”.

America Online, Microsoft, Earthlink and Yahoo announced on Wednesday that they had filed numerous civil lawsuits against spammers, charging them with violating the provisions of the two-month-old CAN-SPAM Act. Steve Kahan, corporate vice president for Postini, says, “We believe these law suits will only succeed against small unsophisticated spammers, while doing little to stop the overwhelming amount of spam clogging corporate America’s email boxes. We hope these lawsuits do not give people running email systems a false sense of security.”

Postini says that since CAN-SPAM it “has seen no reduction in the amount of spam directed at its customers”: 75-80% of all messages are spam, viruses and other malicious email. On March 3, Postini recorded its highest spam day ever, blocking 103,193,573 spam messages.

Of course, Postini would say all this. “We make sure our 2600 enterprise customers and ISP’s don’t have a spam problem,” says Kahan. “There’s no need for them to spend money suing spammers because we keep them totally protected.” But what about the rest of us, who don’t have an ISP willing to pony up for this kind of service?

That said, Postini are probably right about the lawsuits. Spam is processed outside the U.S. and other territories getting tough on spam. The only way to close down spammers, in my view, is to go after the people using their services. Spammers don’t sell the goods, they just market them.

Stopping Spammers and Scammers By Patrolling Their Shopfront

America’s new anti-spam CAN-SPAM Act is a great way to stop spam, so long as the spammer is legit. The problem is, most spammers aren’t.

Mass.-based software company Ipswitch Inc. estimate that more than two-thirds of all spam is deceptive, meaning that spammers disguise the links to their website “behind unrelated graphics and pictures, or by camouflaging their site as a commonly used consumer e-tail site”. Some of this, of course, is real business (however sleazy) but a lot of it is scamming. From Ipswitch’s press release it’s not quite clear whether their software is aiming at the former, the latter or both.

“Over two-thirds of all spam messages include deceptive content intended to trick the recipient into believing the sender represents a legitimate business,” said John Korsak, messaging product marketing manager at Ipswitch. “Because of their legitimate look and feel, recipients do not associate these types of messages as spam when they appear in their email in-box. To protect people from unknowingly sharing private financial details, it is critical email providers employ a URL Domain Blacklist to verify the sender’s true identity.” That kind of sounds like most spam is scam, which can’t be right. It’s bad, but it is not yet that bad.

Anyway, the URL Domain Blacklist is one filter in 20 in Ipswitch’s IMail Server — the others are Bayesian Statistical filtering, Reverse DNS Lookups, SMTP filters, and whathaveyou — which “unmasks illegitimate spam messages by looking at the actual underlying link and comparing it to a growing list of more than 18,000 repeat spammers”.

It’s not a bad idea. Links are the one things all spams and scams have in common, and they’re relatively easy to identify, unlike text (which can be disguised by clever use of HTML, the language used to create webpages, or by images). But there are still problems, and the press release (and website) are maddeningly imprecise about what, exactly, is being targetted here: Spam or scam?

If it’s the latter, I don’t think URL blacklists are going to be much help. From what we know of phishing scams, the main email-based scam, the website addresses that scammers want us to go to don’t last very long — sometimes only a few hours — meaning that you need to have a very long and rapidly updating list of known scammers. And while Ipswitch is probably right in arguing that they don’t get many false positives — good email mistaken for spam — I don’t think that’s the problem here. The problem is you’re chasing the one element in your average scam email that’s changing most: The scammer’s Internet shopfront. That can be set up and pulled down in a matter of minutes.

Marketers Baffled By Spam Laws

This new spam law, so far, is taking us nowhere.

A new survey conducted by email marketing service Blue Sky Factory reckons that nearly half of email marketers aren’t sure whether the stuff they send out is compliant and more than half admit that they do not understand the new U.S. laws (called, catchily but inaccurately, CAN-SPAM). Marketers, needless to say, aren’t happy: almost 40 percent do not believe the new laws will have a positive influence on the online relationship between businesses and their consumers. (A PDF version of the survey is available here.)

This seems to be the prevailing view at a conference in San Francisco, where WIRED reports that a lot of folk are nervous, since the law carries heavy penalties not just against marketers but the folk selling the product they’re peddling. This may be no bad thing, of course: The story quotes someone from dating site Date.com as saying his company now has a “a strict policy on privacy and bulk e-mailing” in place. Others complain that the law gives too much leeway to Internet Service Providers to block stuff that looks like spam, so they find that their emails are getting stopped even when they’re complying with CAN-SPAM.

Nowhere, so far, is mentioned the alternative: RSS. To me it seems a logical step. RSS feeds don’t get blocked, control over receiving or not receiving is in the hands of the reader, and it’s cool. Get with the program, email marketers.