⚠ We would appreciate if you would disable your ad blocker when visiting our site! ⚠

DAMN SPAM!

Order a reprint of this story
Close (X)
ORDER A REPRINT

To reprint an article or any part of an article from Hospitality Upgrade please email geneva@hospitalityupgrade.com. Fee is $250 per reprint. One-time reprint. Fee may be waived under certain circumstances.

SEND EMAIL

October 01, 2003
E-mail | Security
David Hostetter - dhostetter@its-services.com

View Magazine Version of This Article

© 2003 Hospitality Upgrade. No reproduction without written permission.

Direct advertisers armed with spam cannons are targeting e-mail users. How you can avoid their blasts.

It’s probably a bit hackneyed by now to refer to the Monty Python skit that was the inspiration for the Internet term “spam.” You know, the restaurant where everything on the menu includes spam (the over-processed mystery meat), and poor Mrs. Bun, who does not want spam, cannot seem to avoid ordering it while some Vikings loudly sing, “Spam, spam, spam, spa-a-a-a-m.” As the online world inexorably expands and more and more people are connected, having every dish served up with mandatory spam seems ever more an Internet truism.

As every cyber-surfer knows, spam refers to unsolicited, bulkmailed, e-mail messages. Today, the methods for bombarding Internet users with bulk advertising have become so varied, that the term spam is often used to refer to many different forms of unsolicited and ubiquitous advertisements.

Internet users are quite familiar with such advertising schemes as pop-up Web advertisements, repetitive commercial postings to Internet newsgroups and message boards, automated instant message advertisements, and even the misuse of the built-in messaging system in Microsoft Windows which can display advertising messages right on your desktop. Indeed, our Information Age culture now refers to any useless and repetitive content as spam—Internet related or otherwise. This article, however, will deal specifically with e-mail spam and how people who rely on e-mail can deal with what is now a full-blown junk mail crisis.

That Python skit is a comedy classic, but unfortunately there is nothing humorous about the reality of e-mail spam. Current bulk email generating programs, an e-mail advertiser’s main weapon, are actually nicknamed “spam cannons” due to the high volume of messages they can transmit. Current state-of-the-art spam cannons can fire at a rate of up to 5,000 e-mails per minute. That’s over 7 million messages a day potentially generated by one “spammer” using only one spam cannon. In actuality, the leading spammers individually send tens to hundreds of millions of messages every day.

Not only are we being bombarded with a staggering amount of email spam, with much more to come, the spam itself often contains objectionable, even harmful content, including computer viruses, which often use infected computers to generate even more spam. And spammers don’t discriminate as to who receives what kind of advertising content. People with good credit receive e-mail solicitations for credit repair. Renters receive e-mail solicitations to refinance their mortgages.

Worst of all, children with access to e-mail often receive spam containing explicit pornographic advertisements for adult Web sites. Enter the U.S. Federal Government. Among several other popular anti-spam bills introduced into Congress in June 2003, U.S. Senator Charles Schumer, D-N.Y., presented legislation intending to combat childrens’ exposure to pornographic and otherwise inappropriate marketing e-mails.

In the press release announcing S-1231—also known as the Stop Pornography and Abusive Mail (SPAM) Act—Schumer said, “The avalanche of pornography being sent to kids by spammers makes checking e-mail on par with watching an X-rated movie.” The press release also claims, “Pornographic pictures appear in 1 out of every 5 spams.”
(Source: http://www.senate.gov/~schumer/SchumerWebsite/pressroom/press_releases/PR01782.html)  

In April of 2003 the U.S. Federal Trade Commission held an antispam symposium during which they revealed their own study on e-mail spam and consumer fraud. The FTC found that 66 percent of randomly sampled e-mail spam contained one or more seriously fraudulent claims.
(Source: http://www.ftc.gov/opa/2003/04/spamrpt.htm)

While good intentioned, it remains to be seen how effective federal and state anti-spam legislation can be. Congress has been attempting to pass anti-spam legislation since 1997 although the urgency is perhaps greater now than it has been. Even if they finally succeed in creating new law, the Internet is a worldwide cooperative institution under no central authority, and many direct advertisers operate outside the borders of the United States. Similarly, email and Internet customers of U.S. companies may reside and receive service outside the jurisdiction of the United States.

Spammers who do operate within the United States frequently use sophisticated techniques to disguise the origin of their messages making it appear that the messages originate in a foreign country, if it is even possible to trace their origin at all. Spammers punished under U.S. law may ultimately represent only a small fraction of the billions of spam messages sent worldwide every day. As a rule, spammers do not respect potential U.S. legislation anyway, believing anti-spam laws to be inherently unconstitutional as a violation of the First Amendment.

In the absence of any current federal anti-spam laws, Internet and e-mail providers are fighting back and winning. Earthlink, a leading Internet service provider, has responded to the results of spam— wasted bandwidth, server slowdowns and angry users— by filing successful lawsuits against egregious spammers. Earthlink’s suits allege billions of spam messages sent out by one or a few people and have resulted in millions of dollars in damages awarded.
(Source: http://www.earthlink.net/about/press/pr_nyspamring/)

Ironically, Internet service providers themselves may be to blame for a large part of their spam woes. Spammers boast that they purchase the bulk of their e-mail address lists from mega ISPs such as AOL. Major online merchants and popular portal sites are also key resources for spammers in their quest for new recipients. One might sign up for a popular online mortgage broker Web site and find their inbox inundated with dozens of random financing offers within just a few days – everything from home and auto loan offers to secured credit card applications. Legislation, legal consequences for abusive spammers and the ensuing public awareness are important and should be pursued. However, practical solutions for thwarting e-mail spam are likely to be technical, not political or legal. To this end, most ISPs and e-mail providers are implementing anti-spam measures.

Combatting Spam
Current anti-spam solutions generally take the form of filtering. Similar to anti-virus software, email filtering systems search all of the e-mails received by an e-mail server for known phrases and other text patterns that allow the software to “recognize” the message as spam. Repetitive messages over a certain threshold are also flagged as spam. These systems then delete the spam before it even reaches a user’s mailbox. However, spammers can thwart some filtering logic through subtle misspellings such as “vigara” and “diet.”

Filtering solutions sometimes mis-identify legitimate mail as spam. In June 2003, consumers who signed up over the Web for the FTC’s telemarketing “do not call” list and provided an e-mail address from yahoo.com were unable to complete the registration process due to the FTC’s e-mailed confirmation replies being blocked by Yahoo’s spam filtering software. Without access to the confirmation messages, such consumers were unable to complete the registration process. Apparently the high volume of similarly worded FTC messages to Yahoo account owners caused the messages to be wrongly flagged as spam.

Generally though, spam filtering software is a very effective solution. But the crippling volume of spam presents its own problem. Filtering software must scan every e-mail message received in order to determine its legitimacy. For major e-mail providers this can involve analyzing millions, even billions of messages per day, thanks to spam. The costs for mega ISPs and e-mail providers can reach millions of dollars per year for filtering software and the servers needed to run it.

Whether they filter out spam or not, e-mail systems are still vulnerable to the massive amount of mail that can be generated over just a few hours by a “spam storm.” In August 2003, the spam-generating Windows virus Sobig.F infected over 1 million computers worldwide in one week. It generated such a huge storm of e-mail spam that beleaguered e-mail systems all over the globe were impaired, even rendered inaccessible for hours at a time. The spam messages themselves were responsible for spreading the virus.

As individual users there are several things we can do to avoid the daily blasts from spammers and their spam cannons.

Choose the right e-mail provider. Purchase email services from a provider that implements a strong anti-spam solution. Smaller discount providers may not have the resources to implement any solution, and although the mega-providers (MSN, AOL, Yahoo, etc.) do implement anti-spam measures and block billions of spam messages per day, their volume of total e-mail is so huge that they cannot catch all spam messages. Many medium to large-sized ISPs and e-mail providers implement very effective anti-spam measures and do not have an overwhelmingly large volume of daily mail to protect. Earthlink and Speakeasy are examples of national ISPs offering effective anti-spam filtering.

Although most people use ISP e-mail accounts bundled with an access plan, there are companies that specialize in providing spamfree e-mail accounts for individuals and businesses. Many will even provide customers with a custom, unique e-mail address such as one based on their last name, hobby or their own Internet domain. Everyone.net and Netidentity.com are examples of such companies.

Use disposable e-mail addresses. Spammers “harvest” your e-mail address wherever it appears on the Internet, as well as purchase lists from entities such as ISPs, e-tailers and popular Web sites. If you need to provide an e-mail address to register for a product or service, sign up for access to a Web site, log on to a chat room or for any use other than your personal communications, use an account from one of the free providers such as Yahoo or Hotmail. This includes listing e-mail addresses in a classified posting such as an online job site – anywhere your address might be captured or
saved. When this temporary e-mail address starts to accumulate too much daily spam, abandon it and sign up for a new free e-mail account. The occasional hassle of updating Web sites and online merchants with your new address is probably less than the daily chore of manually filtering through all the spam you receive.

Guard your work or personal address like you would your social security number. Only provide it to specific individuals with whom you wish to communicate, but never to an online service or other company. Also, if you need to list e-mail addresses on your company Web site, instead of listing your employees’ individual e-mail addresses, consider listing generic addresses such as info@yourcompany.com or sales@your company.com.

Use personal or business anti-spam software. Necessity breeds inventions, and lots of it. The crisis of spam has resulted in a flood of anti-spam products for personal and business use. Most products filter spam once it has been downloaded into your inbox, flagging spam messages, deleting them or moving them to a temporary folder for your occasional review. However, to be effective such solutions need to be installed on every computer you might use to retrieve your e-mail. A leading consumer magazine rated the free SAProxy from Stata Labs as the best anti-spam software, but noted its complex installation. SpamCatcher Universal from Mailshell also rated highly and is inexpensive and easy to install. There are many other programs available, both free and low-cost. Look for programs with a free trial so that you can experience how easy and effective software is before purchasing. More expensive solutions for corporate mail servers are also available, which filter and block spam before it reaches users’ inboxes.

Spam blocking is starting to be incorporated into home editions of anti-virus software and Internet firewalls, such as the Norton Internet Security 2003 by Symantec, which incorporates anti-virus, anti-spam and Internet protection for under $70.

A very intriguing solution is offered by www.CleanMyMailbox.com. Their $9 per month service periodically logs into your email account and cleans out all spam. There is no software to install and the service works directly against your e-mail account so you can enjoy the results no matter where and how you retrieve your e-mail.

Never reply to spam. Spammers often send mail to address patterns or guesses. If they successfully guess your e-mail address and you reply in any fashion, that proves that you are a recipient and legitimizes you as a target for further spam. Displaying spam in a preview pane can also confirm to the spammer that you received the message, so consider disabling preview panes in your e-mail program.

Use spam-blocking firewalls. A recent innovation, and one that should prove very effective, has been to incorporate spam filtering mechanisms into business firewalls. These techniques are already in place to successfully thwart the spread of computer viruses and should be just as useful against spam messages. The advantage of this type of product is that spam messages are blocked as they traverse the Net before they reach your computer, mail server or corporate network. Firewalls offered by Barracuda Networks and Borderware are among the first products to fight spam in this fashion. Eventually this technology should find its way into inexpensive small office and home firewalls as well.

As filtering logic steadily approaches the level of artificial intelligence, wide deployment of such solutions among businesses, ISPs and home users could ultimately prove decisive in the battle against spam and viruses. As hoteliers, how can we be sure that our high-speed Internet access networks are not being hijacked by spammers, checking in as guests, and using our bandwidth to give access to their spam cannons?

Use an HSIA vendor that provides “SMTP proxy.” This is a technique that intercepts and forwards all outgoing e-mail. Ensure that their SMTP proxy detects and forbids bulk e-mailing. High-speed Internet access vendors such as StayOnline and Guest-Tek offer this feature. The good news is that SMTP proxy is an important feature that you will want anyway, as it allows guests to seamlessly send outgoing e-mail through your network without having to reconfigure their e-mail program.

Incorporate user limitations. Ask your current or prospective HSIA vendor about setting a per-user throughput limitation. This won’t limit the speed that users can access the Internet, but does put limits on how much data they can send over short periods. A spammer will find that the HSIA system simply won’t allow him to send packets fast enough to make it worth his while to send spam over your
connection.

If you implement your own HSIA solution, build in protection. It is not recommended for most hoteliers to implement their own HSIA solution, but rather to use a solid, experienced HSIA vendor. However, a hotelier with a significant IT staff that has the appropriate knowledge and resources may attempt to “roll their own” HSIA. In that event, it is critical that along with your detailed security policy and network protection systems, you build in SMTP proxy or some other mechanism to block guests from sending out blasts of bulk e-mail messages using your
server.

One can easily imagine a modern rendering of the Python skit: Internet User: “OK, what’ve you got?” Internet: “Well, there’s e-mail with spam, Web pages with spam, newsgroups and message boards with spam, instant messaging with spam, or simply your desktop… with spam.” Internet User (shrieks): “But I don’t like spam!” Direct Marketers: “Lovely spam! Wonderful spam! Spam, spam, spa-a-a-a-m!”

Like those singing Vikings, e-mail marketers with their spam, spam, spam are drowning out everyone else.

David Hostetter is a consultant with ITS, a consulting firm located outside of Atlanta, Ga., specializing in technology in the hospitality industry. For comment or question he can be reached at dhostetter@its-services.com.
© Hospitality Upgrade 2003 Reproduction without written permission is prohibited.

Brightmail, a company whose anti-spam software analyzes and filters 10 percent of the world’s e-mail, estimates that 50 percent of all e-mail messages received during July 2003 were unsolicited bulk messages. This is an increase from their estimate of 8 percent for 2001.
Source: http://www.brightmail.com/pressreleases/082003_50-percent-spam.html

 

How to avoid the daily blast from spammers:
  • Choose the right e-mail provider.
  • Use disposable e-mail addresses.
  • Use personal or business anti-spam software.
  • Never reply to spam.
  • Use spam-blocking firewalls.
 
 

Spam, spam, SpAm, sPaM, SPAM!
All of this junk e-mail results in some alarming statistics:
Most estimates of current spam volume are in excess of 10 billion spam messages per day. Symantec, a producer of leading anti-virus and security software, commissioned a survey which found that 80 percent of children surveyed who use e-mail receive inappropriate spam on a daily basis. In addition, half of the kids surveyed reported feeling uncomfortable and offended when seeing improper email content. Source:http://www.symantec.com/press/2003/n030609a.html

Many studies regarding “lost productivity” of U.S. workers due to e-mail spam estimate lost productivity in terms of hundreds of hours per worker year, and billions of dollars to U.S. companies. E-mail spam volume studies universally conclude that, unchecked, the amount of spam messages will grow exponentially both in number and as a percent of all email over the next few years. Spam doesn’t just double in volume per year, but has been increasing two to three times every few months.
 
 
 

You’ve Got Spam!
Hoteliers
BEWARE

As an industry hotels should consider taking these precautionary steps to avoid spammer’s attacks.
Without a little vigilance you can open yourself and your property up for attacks.
1| Use an HSIA vendor that provides SMTP proxy.
2| Install user limitations.
3| Build in protection to your own HSIA solution.


want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.