I do not want to receive spam

schermafdruk eerste transatlantische e-mail over niet-militaire internetverbinding

A talk given at CWI’s “Netwerken in Nederland – Piet Beertema: from pioneer to guru” in september 2004. About the spammers triangle, effective education by isp’s, spamvrij.nl and the OPTA and some of the trends in Dutch spam at that moment.

About spamvrij.nl

I do not want to receive spam. – Piet Beertema

The foundation spamvrij.nl is a Dutch nonproift organization dedicated to fight spam of Dutch origin. The two important tasks underlying spamvrij.nl are:

  1. A publication and analysis of spam runs executed by or commissioned by Dutch companies and targeting the .nl population;
  2. Informing and educating all relevant players, including the public at large, politics, providers, (semi) government, law officials, media and other antispam organizations.

On it’s website, spamvrij.nl publishes a list of companies that have sent spam or have commissioned the sending of spam. For each spam run the commissioner, the sender and facilitating providers are listed. This list has a deterring effect: companies do not seem happy with an entry on our list of spammers. A high Google ranking only increases the impopularity of our list.

However, spamvrij.nl is about to collapse under its own success: being the only independent party with extensive knowledge, spamvrij.nl is an important information source for amongst others media and politics. Its website is also one of the few offering consistent and correct information regarding Dutch spam.

The spammers triangle

The spammers triangle Dutch spammers can be placed into a triangle: opportunists, main sleaze and hardcore spammers.

The hardcore spammers use whatever legal or illegal method they can to dump their spam. It is this group of spammers which makes heavy use of open proxies: unsecured computers which allow spammers to send spam in such a way that the abused computer is technically the origin of the spam. A method which diverts attention away from the spammer. This is the type of spammer featured in our top 10.

Incorporating these open proxies into blacklists is a moderately effective yet time consuming and reactive remedy against this form of spam. Moreover, because these open proxies are quickly blocked, spammers keep requiring new proxies. To quickly have enough open proxies at their disposal, spammers are cooperating with virus writers. Once it has contaminated a computer, the virus will allow the spammer to abuse that computer.

Halfway through the pyramid one can find the so called main sleaze spammers. They are just as persistent, yet technically this group of spammers behaves itselves: they do not abuse systems not belonging to them and their identities are usually not very hard to discover.

The main sleaze spammers are the spammers who very much value the term third party supplying , as in the (re)selling of addresses. This group deviously collects addresses (and sometimes the permission to mail them) through unclear or invisible terms of use with which a customer has to agree if he or she wishes to peruse an offer. Usually, they shun explicit permission.

The use of blacklists is moderately effective because this group of spammers is traceable and doesn’t abuse systems not belonging to them to send out their spam.

And finally there’s the group of opportunistic spammers. Usually small companies who do not understand it why a mailing is marked as spam or simply do not know what is wrong about it. And, they are oblivious to the detrimental effect spamming has on their public image. In the everyday life of spamvrij.nl, we often run into theses spammers: highly traceable and approachable. This group detests all the Viagra spam being dumped in their inbox, yet do not realize that their mailing is no different.

Who can educate?

These different types of spammers have to be approached ­ of course in different ways to either convince them or force them to stop.

The various parties who try to fight spam all have their own methods. That’s a good thing, provided that they cooperate.

Providers have a strong medicine: a scissor. Customers who are oblivious can effectively be educated by good terms of use. Important is that the basic approach should be to educate the customer: an exspamming customer is preferable to a spamming excustomer. An abuse desk should have sufficient rights to enforce those terms of use.

Spamvrij.nl excels in having intimate knowledge of the terrain, its it’s quick response and the information it offers the public. We are hardly slowed down by safeguards, only by our selfimposed values.

At best a spammer, especially when categorized as an opportunist, will be gone within a couple of days. A few hours after the start of a spam run, spamvrij.nl will have enough submissions to point out the problem to the relevant ISPs and add the run to our online overview. The company is not happy with that entry and promises to abide by our conditions in exchange for a less negative entry. Hardcore spammers do not promise to better themselves, but they stop – at least within .nl – after being exposed.

The OPTA is the Dutch Independent Post and Telecommunication Authority, appointed as the enforcer of the antispam law. The OPTA has a lot of power, ranging from requesting address information for an IP address to raiding an office. Those special powers do require extra guarantees. Those guarantees, and prioritizing, do take time however.

These are the three strong parties who can each act. Three parties with power to act against spam and three categories of spammers.

Educate or disconnect?

Against hardcore spammers any kind of cautious action is futile. They will use any means necessary to deliver their spam.

Providers should cease servicing (potential) customers with a known spam history as soon as possible. Educating is important, but customers who have shown to resist education, are beyond a warn first, disconnect on repeat ­policy. Only a pair of cutters will suffice.

The hardcore spammers go to great lengths to hide their identify and a sufficient deterrent would seem to break that anonymity. With extensive, precise and deep investigation spamvrij.nl has been able to identify a great deal of the people behind hardcore spammers. In almost all cases, revealing the true identity of the person behind the spammer has made them stop. Out of the top 10 spammers, only 1 or 2 cases can be pointed out where a spammer later started again, and when they did this, it was mostly low key.

The fines which the OPTA can impose are especially suited for this group. The marginal profits the average spammer makes can vanish because of the imposed fine. By doing so, the OPTA not only punishes the spammer, but also contributes to a deterring effect which should come from the Tw. This group however, will pose a hard challenge for the OPTA. The use of open proxies and bullet proof hosting will make it difficult for the OPTA to gather evidence which they must to uncover the culprit.

Main sleaze spammers are easier to deal with. Because they don’t make any effort to hide their identity, it becomes clear much more quickly who should be held accountable. If the OPTA takes a restrictive stand on the law, it has to be less reluctant about the way it’s going to uphold it. These spammers might send out their mailings just fine from a technical point of view, but the way in which they gather addresses and / or permission usually isn’t in the least bit.

Spamvrij.nl can’t do much against this group of spammers. Asking for a statement on where the marketeers stand is in vain: they will not disassociate themselves from the bad guys and selfregulation through so called email codes appears pointless when one such code exists and three more have been announced.

The opportunistic group has been helped through good and adequate education often enough. From the daily work of spamvrij.nl, we have learned all too well that immediately contacting them by phone induces a shock effect. Explaining the problem with spam, referring to various statistics, usually suffices. It’s not too often that the opportunist himself confesses to finding all that Viagra spam a nuisance, but doesn’t realize that his spam also falls within that same category.

Good education and prompt response is enough. An ISP can suffice with temporarily suspending service to such a customer, providing information and, if necessary, requesting explicit (repeated!) signing of the terms of use.

In such cases the OPTA should not aim for a fine. A warning, or better yet, providing with good information, would suffice. The OPTA (read: the Ministry of Economic Affairs) should focus more to educate this group of spammers then on punishing them, by starting targeted campaigns and / or supporting organization(s) who can do that educating for them.

Trends

Since the 19th of May, the Telecommunications Act ( Tw ) is in force. It forbids unsolicited commercial, idealistic and charitable email to consumers. Nonconsumer addresses aren’t protected. Furthermore, there is an exception: if a sales relation already exists and the customer doesn’t object he can be spammed senseless.

Since last May a significant decrease is noticeable. Not only have a lot of the hardcore spammer from the top 10 been identified over the years, also the Tw does seem to have a deterring effect.

Spammers appear to be laying low to see how decisive the OPTA will be when enforcing the Tw. A graphical representation (data for September 2004 incomplete of course):

stats spamruns per month

This graph clearly shows a decrease since May 2004. The expectation is that this trend will continue if the OPTA will indeed show its teeth. If that doesn’t happen, an increase is guaranteed, something which is already apparent these last few weeks at the end of the summer period.

The decrease can also be attributed to the Top 10 spammers ceasing their activities. Of these 10 hardcore spammers, 6 have stopped after publications by spamvrij.nl, 3 others seem to have stopped since the Tw came into effect. What made the last one decide to stop is unknown. Number 11 however, is still spamming himself senseless.

Apart from that there also appear to be a number of companies who are beginning to realize that we do not want to receive their spam: they change their policies. In the period before the Tw came into effect, we have witnessed many companies adjusting their mailing lists, or explicitly changing their policies due to our pressure

It would look like a positive start for the times to come. The Internet in no way resembles what it was twenty years ago – for a couple of things that’s for the better. The new users by themselves don’t seem able to raise to the same responsibilities. Where they fail to do that, others will have to educate them, friendly or a bit less friendly.