Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2016
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 9 February 1997, with an update from April 2004
© Xamax Consultancy Pty Ltd, 1997
This paper is at http://www.rogerclarke.com/II/Spam.html
This page provides a review of the phenomenon of spamming. Its approach is partly historical, partly anthropological, and partly analytical. Its purpose is to provide a case study to support projects on 'understanding cyberculture' and 'encouraging cyberculture'.
Spamming and the Law
Guidance Regarding Responsible Net-Marketing
Spam is unsolicited electronic communications.
The term is often used more restrictively, to refer only to unsolicited electronic mail, but in that case an additional term is needed for postings of a similar nature to newsgroups, e-chat sessions, MUDs, etc.
The scope of the term can also be limited on the basis of the purpose of the communication. In this document, however, it is not limited in this way. The motivations for sending spam encompass at least the following:
Spam is only one among many different forms of dysfunctional behaviour on the net. Some kinds of unsolicited messages tend to be treated separately, in particular flaming and harassment, but also directly criminal acts such as extortion.
This document commences by providing a retrospective on the emergence of spam. It then addresses the law relating to spamming, and examines alternative ways in which the net can be used for marketing. A set of sources is provided for people who wish to pursue any aspect of the phenomenon.
For a couple of decades, the ARPANet then Internet developed in a context that involved very little in the way of commecial interest.
From about the late 1980s onwards, the Internet progressively moved into the mainstream. In Australia, the change can be traced to a specific event at the very beginning of 1990, when the AVCC established AARNet, and converted the Australian segment of the Internet from a research artefact to a professionally-managed infrastructure.
The early community (or more correctly, communities) comprised computer scientists and other researchers. A culture arose, and it has been largely sustained. It is based on presumptions of freedoms, community management of an anarchic architecture rather than hierarchies of power, and mutuality in relation to information as well. This implies freedom of access to information, a large amount of altruistic (or perhaps just community-spirited) behaviour delivering a vast amount of 'free-to-air' information and gratis services.
The ever-increasing population drew a crowd of onlookers eager to set up the virtual equivalent of food stalls to feed the people. Soon the gypsies arrived, and took advantage of the festive atmosphere to sell yuppie trinkets, such as audio CDs. Not long after that came corner shops, and finally the inevitable occurred, and someone built a massive shopping centre ...
It doesn't help to push the metaphors too far; but what is clear is that the net has become very attractive to people seeking to promote their goods, services, appeals and ideas to others.
The means used to promote on the net have been diverse, reflecting the variety of services that are available. Usenet predated the Internet, and newsgroups were an early target.
Email services, and email lists (hereafter 'e-lists') were also attractive. This is the current mainstream, and an area where this author has personal experience. This document accordingly concentrates on email and e-lists rather than on newsgroups, MUDs, chat-sessions, and other forms.
The term used to describe unwanted messages, 'spam', is an interesting co-option of what was (and remains) a brandname for a pre-cooked tinned meat product made partly from ham. The (Australian) Macquarie Dictionary identifies the usage as being 'chiefly British', and the neologism as having been derived from sp(iced) (h)am. A history of the product offered at http://www.cusd.claremont.edu/~mrosenbl/spam.html states that the product is American, and was marketed from 1926 as `Hormel Spiced Ham'. It was re-launched in 1937 using the trademark `Spam', together with a jingle comprising the tune `My Bonny Lies Over the Ocean' and lyrics comprising `Spam' repeated many times over. It was presumably helped by a Monty Python sketch (whose lyrics also primarily comprised the word `Spam' repeated many times; but also, for no apparent reason, also featured Vikings), at http://semantic.rsi.com/spam/spam-skit.html.
My understanding is that the word gained pejorative overtones because of an association with army rations and wartime civilian rationing. It certainly acquired 'silly' overtones as a result of the 1937 jingle and its Monty Python revival.
Persons who remain (at least to this author) unknown, presumably during the days of pre-Internet Usenet (I've speculated on the mid-late 1970s, but perhaps it was later) used the term as a disparaging reference to unwanted promotional postings or messages; and it stuck. See http://www.cybernothing.org/faqs/net-abuse-faq.html#2.4.
Anyone can send a message from a conventional user-account to anyone else whose address they can acquire. In addition, anyone can send a message to an unmoderated e-list, and hence reach everyone who has their email address recorded on that list by the relevant list-server (i.e. listserv, listproc or majordomo software). (Depending on the parameters set by the list-manager, the sender may have to first join the list).
If few of the recipients are unhappy to receive the message, then it is generally not regarded as spam. This point is re-visited later in this document.
A celebrated instance of spam was the first incarnation of Canter & Siegel, which is documented in remarkably few places (but see http://www-math.uni-paderborn.de/~axel/BL/#list). During 1994, this pair of lawyers sent vast numbers of messages offering their (essentially unnecessary) services to assist people to enter the US greencard lottery.
If a message is sent from a conventional account, and sufficient of the recipients are sufficiently unhappy to have received it, the sender is liable to be subject to retaliatory action. This may be a quite straightforward reply explaining the error of the sender's ways. This author uses a pleasantly phrased 'alternative signature block' to reply to spam.
Not everyone replies this way. Various means are available to make life unpleasant for the sender. The most obvious is to send a large message, or a large attachment, and hope that this causes the sender difficulties. 'Large' is a relative term, but a reasonable index of its meaning at any point in time is provided by the size of successive releases of Microsoft Word ...
The most effective and least pleasant responses of this kind are referred to as 'denial of service' attacks. Unfortunately they have a strong tendency to deny service to more than just the sender, typically by causing overflow of the storage facility carrying the sender's email account, crashing the machine (since most operating systems are still woefully fragile under such circumstances), and hence denying services to all users who are dependent on that machine.
In general, responses of this nature are frowned upon by responsible netizens. In extremis, however, many people would regard them as being legitimate weapons, e.g. against an Internet Service Provider (ISP) which had a demonstrated record of failing to act against users who send spam, or who are themselves sources of spam, especially if they steadfastly refuse to recognise the merits of netiquette and seek to assert that the Internet is a commercial medium, available for them to exploit.
The original Canter & Siegel spam resulted in a hail of Internet gunfire. Far from being contrite, however, they have made a business out of their experiences.
People like Canter & Siegel quickly discovered that, if they sent their messages from a conventional account, it was advisable to immediately close it, in order to avoid suffering the consequences of retaliatory action.
But Internet email protocols do not require that the package generating a message enforce the inclusion of the sender's account-name. It is therefore open to the sender to use a Reply-To address different from the their actual account-name. If it is a real account-name then the account-owner (and their ISP) receives all of the recipients' responses; if not, then the network returns a negative acknowledgement to those recipients who attempt to reply.
This author uses the term 'non-replyable spam' to refer to unsolicited messages which, for any reasons such as the above, cannot be effectively responded to by their recipients.
Having no reply-to address appears to be dysfunctional from the point of view of the spammer. It does make some degree of sense, however, for messages that don't need a response, for nuisance messages, and for promotional messages that are responded to via conventional channels that are not susceptible to retaliatory action.
An example of an outrageous non-replyable spam is Tempting Tear-Outs, sent in January 1997. This was cheeky enough to say "SORRY, BUT.... our software is not set up to accept forms via return email; WE CAN ONLY acknowledge forms sent in via fax or smail", and specifying precisely how the fax had to appear lest it be rejected by the company's computer.
From the viewpoint of the spammer, the logic of the non-replyable spam is that the promotion reaches and is responded to by only a tiny proportion of the recipients, but by a number significant enough to cover the (probably quite low) costs of dealing with such negative feedback and retaliatory action as does reach the promoter. The logic from the perspective of netizens is of course quite different. Such spams represent an enormous waste of bandwidth, and of the time of the vast majority of recipients who are not interested in the message.
During the second half of 1996, non-replyable spamming became the norm. This author's experience was that virtually every message sent back using the reply function was returned, with the mail-server message 'user unknown', or 'server unknown'.
One further possibility that has to be considered is whether some of the non-replyable spams are actually spoofs, intended as an indirect retaliatory measure. The logic of this would be that the actions of spammers may become so notorious that legislatures and police authorities would be forced to act against them.
Like the direct marketing business more generally, spammers are discvering that there can be benefits in taking notice of people who do not wish to receive their messages. This involves maintaining an 'off-list' of account-names of such people, and checking the list used for each new message against that list. An example of such a facility is at http://www.emory.com/remove (but be warned: that page attempts to set half-a-dozen cookies, and includes a large number of advertising images, one of which appears to have frozen this author's Mac Netscape Navigator 3.0).
In other forms of direct marketing, such as direct mail and tele(phone)-marketing, each message has a measurable cost. It is in the sender's self-interest to avoid posting brochures and making phone-calls, where the probability of a sale resulting from the expense is very low.
Unfortunately the same does not hold true for spamming. The cost to the spammer of sending to people who are known to be poor prospects is virtually zero. Moreover, there are costs in maintaining and referring to an off-list. It is therefore against the interests of a spammer to apply the technique. There is hence an apparent need for extrinsic control mechanisms, such as the costs of handling large numbers of customer complaints, and the credible threat of meaningful sanctions, such as fines or de-registration.
An example of a persistent generator of spam is Cyber Promotions, Inc., at http://www.cyberpromo.com/. Their promotional material for advertisers is at http://www.cyberpromo.com/truths.html.
A particularly strong criticism of the company is Mark J. Welch's '"Cyber Promotions" Harasses Millions With Junk Email', at http://www.ca-probate.com/cyberpro.htm.
In late 1996, the company was adopting a defensive approach to dealing with complainants, as evidenced by an email message that was widely distributed. By early 1997, however, Cyber Promotions was adopting a much more aggressive stance (mirrored at http://www.cyberpromo.com/tactics.html, in case it disappears from the company's pages). It was also pursuing a very strong marketing campaign against its competitors, specifically MCI and Compuserve, based on those ISP's (at least nominal) anti-spamming stances.
Various operators have seen an opportunity in the umbrage taken by many people to spamming. Value Times Newsletter said, in effect, 'Trust us to send you all of the worthwhile spams in one regular newsletter: and every time you get a spam, send it back to the sender with a message referring them to us'. The image of responsibility is heightened by a clear and up-front offer to remove the recipient's name from the list on request. The 'Newsletter' offeror overlooks the irony that it set out to build its mailing list on the basis of ... a spam.
During January 1997, an ISP run by a frequent writer on spam, Simson Garfinkel, was subjected to a fairly extreme spam attack. Garfinkel's article on the matter is at http://www.packet.com/packet/garfinkel/. It includes the specifications for a modification to email-handling to address the particular form of spam he was being subjected to.
Naturally, much of what little is written approaches the topic from the U.S. perspective, which is very different from the Australian context.
Arelene Rinaldi claims in her Netiquette Guidelines, at http://www.fau.edu/rinaldi/net/elec.html, that "Under United States law, it is unlawful "to use any telephone facsimile machine, computer, or other device to send an unsolicited advertisment" to any "equipment which has the capacity ... to transcribe text or images (or both) from an electronic signal received over a regular telephone line onto paper." The law allows individuals to sue the sender of such illegal "junk mail" for $500 per copy. Most states will permit such actions to be filed in Small Claims Court. This activity is termed "spamming" on the Internet". For details, see under Sources below.
According to the 'Washington Post' on 5 November 1996, A federal district judge in Philadephia ruled that America Online may block mass marketing firms from sending unsolicited mail to AOL subscribers. Rejecting arguments that America Online is a public forum, the judgement said that mass mailer Cyber Promotions Inc. "has no right under the First Amendment" to reach AOL subscribers with e-mail advertisements sent over the Internet".
AOL is understood to offer a 'Preferred Email service', which filters out messages whose sender or reply-to addresses have been previously recorded as being associated with spamming. This runs into hundreds of names. This may be ineffectual if spammers keep changing their address. Some people, such as Mark J. Welch, are cynical about AOL's claims to be protective of their users against spammers.
Two different aspects need to be considered: impacts on computer services or data; and impacts on people. The primary jurisdictions in such matters are the States and Territories, except in areas where the Constitution passes the power to the Commonwealth, e.g. in relation to the Commonwealth government, and to telecommunications carriers.
UPDATE: The Commonwealth conducted consultations, and negotiated a very sensible and world-leading Spam Act 2003, which came into effect on 10 April 2004. Under the new law it is illegal to send, or cause to be sent, 'unsolicited commercial electronic messages' that have an Australian link. The Australian Communications Authority enforces the Spam Act, and provides information about spam laws and spam security, and means for reporting spam.
Some of Australia's various Crimes Acts make it an offence to do particular acts relating to computers. The A.C.T. Crimes Act, for example, at section 135K, makes it an offence to damage data "intentionally or recklessly, and without lawful authority or excuse". Data is defined by section 135H(1) as including "information, a computer program or part of a computer program". The Commonwealth Crimes Act has a similar provision at section 76E. In addition, section 76C makes it an offence to (paraphrased) intentionally destroy, erase or alter the Commonwealth government's data; or to interfere with, interrupt, obstruct, impede, prevent access to or impair the usefulness or effectiveness of the Commonwealth government's computers or data.
Hence some kinds of denial-of-service spam attacks, such as e-mail 'bombing', may be criminal offences.
As could reasonably be expected with such a new phenomenon, there appears to be no Australian law that relates explicitly to spam. However a significant number of different laws may be relevant to particular kinds of spam.
Advertising messages are generally subject to the Commonwealth Trade Practices Act, and to State and Territory Fair Trading legislation. At Commonwealth level, perhaps the most significant protection is section 53, relating to false and misleading representations. In addition, particular forms of behaviour are regulated, such as 'bait-advertising' ( section 56), 'referral selling' ( section 57), and 'pyramid selling' ( section 61).
Messages that are usually referred to on the net as 'hate-speech' may be subject to the racial vilification laws of the States and Territories. These typically refer to public acts that "incite hatred towards, serious contempt for, or severe ridicule of, a person or group of persons on the ground of the race of the person or members of the group." See for example, the laws of N.S.W. and the AC.T.
Also relevant to hate-speech is the little-known crime of incitement. The Commonwealth Criminal Code Act of 1995, at section 11(4), makes it a crime if a person"incites to, urges, aids or encourages [verbally or in writing, including electronic communications] the commission of ... an offence". When Pauline Hanson's unpopularity peaked, and several newsgroups were flooded with posts calling for her assassination, each post was prima facie an offence under that law.
Another area in which existing laws are relevant is sexual harassment. Under Commonwealth legislation, this occurs where a "person makes an unwelcome sexual advance, or an unwelcome request for sexual favours, to the other person or engages in other unwelcome conduct of a sexual nature in circumstances in which the other person reasonably feels offended, humiliated or intimidated". Advances and requests can be made orally or in writing, including via electronic means. State and Territory legislation generally follows that formulation; see, for example, the A.C.T. law.
There are also a number of torts which may be of relevance to protecting people from harm inflicted by spam. One important example is defamation.
There are difficulties in preventing a spammer from continuing their actions. A court injunction could be sought, but only from the Supreme Court of a State or Terriroty; see, for example, the relevant provision in the law of the A.C.T. But gaining an injunction is expensive, the bench may not understand the issue or consider it important enough to demand their attention, and even if granted it may not be effective.
For a wide variety of reasons, spamming is an inappropriate promotional mechanism.
Avenues exist, and can be readily developed, whereby the promotion of goods, services and ideas can be undertaken. These include:
The idea of 'soft spam' can also be considered. Instances do occur in which promotional messages are acceptable to net communities. Most e-lists exist to cross-inform and support discussion within a community. A promotional message may be successfully conveyed in a manner that is consistent with that objective, e.g. by blending it with a gratis service to a community, or with a request for comments in order to improve a product or service. Individuals who are frequent or respected participants in a particular community also often gain acceptance for restrained promotion as a by-product of a message.
Some short messages to announce the availability of a product or service may also be tolerated by net-communities. Such messages tend to be 5-10 line, structured messages that convey the nature of the offering, relate it to the community's interests, and provide a URL, e.g. "For those who are interested in the current discussion on [insert topic], my company has a product which does [insert a dozen words]. Details are available at [URL] . A restricted demo version is available for download" (Thanks to Tony Barry for the sample wording).
The argument in favour of spam is that it is very cheap for the sender, and very cheap (in financial terms) for the recipient. It therefore has the appearance of an efficient means of marketing communications.
Arguments against spam include that it is costly for recipients in terms of their time; in terms of the time taken, the volume transferred and the volume stored in their account on-line; and of the clutter it creates in their mailboxes. It uses a medium that, for many individuals, is all about community and not about business.
Fundamentally, spamming is a force-fed, supply-driven mechanism. Even where off-lists are created and effectively administered, recipients are forced into an 'opt-out' scheme, when what most of them want is a demand-driven, 'opt-in' scheme.
This analysis has drawn heavily on various of the sources mentioned above, and has greatly benefitted from discussions on the link e-list, archived at http://online.anu.edu.au/mail-archives/link/. My thanks to Gillian Dempsey for assistance with legal aspects of the matter.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 25 January 1997 - Last Amended: 9 February 1997, with an update from April 2004 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/II/Spam.html