Spammers break law with covert tracking

They couldn't care less


Many spammers are ignoring laws forbidding them to insert covert tracking codes in their messages, according to a survey by out-law.com, the IT and ecommerce legal service arm of law firm Masons, and network security outfit iomart.

The survey highlights how spam messages often contain covert tracking codes which enable senders to record and log recipients' email addresses as soon as they open a message.

Such spamming techniques, often used by spammers to identify active accounts, are well known. Although iomart's investigation yields a little more insight into this (more anon), we'll draw your attention first to Masons' assessment of the effectiveness of laws on unsolicited commercial email.

The Law and Spam

There's certainly no shortage of UK legislation applicable to spam. Depending on how the email addresses were obtained and the manner in which spam is sent, there may be a breach of the Data Protection Act.

Also relevant is the E-mail Preference Service, a list to which people can add their email addresses to say that they do not want to receive email marketing - although it lacks any legal weight, Masons' reckons.

Then there are the UK's recent ecommerce regulations, which mandate that all unsolicited commercial email must be clearly and unambiguously identifiable as such.

A European Directive on the protection of privacy in the electronic communications goes further than this. It requires that the UK to ban all forms of unsolicited commercial communications (emails, text messages, faxes or telephone calls) aside from those sent through opt-in lists. The UK is obliged to introduce laws to this effect by November.

419 fraudster taken to court for spamming? Don't make us laugh

Plenty of legal bullets to fire against spammers then, we may think? But these laws are nearly unenforceable, Masons believes.

"The problem with the type of spam that clogs up our inboxes is that the people sending it could not care less about the law," says Shelagh Gaskill, a partner at Masons.

"Much of what they're promoting is illegal anyway, so they're not going to take much notice of laws from the UK, EU or anywhere else. Occasionally, a spammer will be caught and successfully sued. But this is not a viable option for most people."

"It's important that there are laws against pure spam - it must be deterred; but it's also vital to protect the right of companies to market their products legitimately. The best way to deal with spam is not in court; it has to be found in technology," she adds.

Technology is the answer! Not

Ah technology, yes. But as even iomart (which like world+dog is developing filtering technology itself) admits spam filters are unreliable. Filters sometimes lead to the "loss of legitimate business communications, unless someone examines all filtered email," (which kind of defeats the object), iomart warns.

To investigate spamming techniques, iomart set up dummy accounts to find how people's actions on receiving spam affected how much crap they subsequently received.

It found that 83 per cent of unsolicited commercial HTML emails sent to these accounts contained hidden tracking codes that notified the spammers as soon the messages were opened.

Opening such messages (even in the Outloook/Outlook Express preview pane) results in yet more junk, natch, thanks to information gleaned through the hidden tracking codes.

After a two-week period of opening all the spam it received, iomart's team found the volume of spam received by the dummy accounts virtually doubled.

Next, the team 'sterilized' the spam flowing into the decoy accounts, using iomart's technology to remove hidden tracking codes. During the next few weeks there was a slight but steady decline in the mountain of spam being received.

iomart (unsurprisingly) concludes spammers use hidden tracking codes to target further assaults. For a third trial period, spam email was bounced.

Predictably, based on iomart's earlier findings, there was a marked drop in the number of spam emails being received.

The decrease in spam emails started almost immediately, and after about two weeks the volume being received had decreased by about 40 per cent. iomart did, however, notice an increase in the number of domain spam was originating from.

It reckons this was a sign of spammers trying to fox blocking mechanisms based on domain name alone.

After all this iomart's basic advice is simple: do not open spam if you want to minimise it.

Iain Richardson, a software developer with iomart, comments: "A lot of spam is evident from the subject header and sender's name. If you suspect it's spam, the easiest thing to do is to delete it - otherwise you're letting the senders know that you exist and you will receive more."

Indeed.

But to all spam messages are easily recognised as such, which leaves the option of applying filters. But spam filters are far from perfect...

Hang on a minute, isn't that where we came in? ®

Related Links

The spammers are watching you, Masons/iomart survey
Show 419 spammers what you think of them with our exclusive T-shirts, from Cash 'n Carrion

Related Stories

We hate Spam (email your friends)
Climbing Spam Mountain
Porn spam on the rise
Where the heck is aall this spam coming from?
Plaid up in arms as Commons spam filter bans Welsh
Anti-spam filters kill legitimate email
BTo anti-spam move kills its users' mail servers
Messenger Pop-up Spam makes us sick
Europe bans spam
Text spammer fined £15,000


Other stories you might like

  • Red Hat Kubernetes security report finds people are the problem
    Puny human brains baffled by K8s complexity, leading to blunder fears

    Kubernetes, despite being widely regarded as an important technology by IT leaders, continues to pose problems for those deploying it. And the problem, apparently, is us.

    The open source container orchestration software, being used or evaluated by 96 per cent of organizations surveyed [PDF] last year by the Cloud Native Computing Foundation, has a reputation for complexity.

    Witness the sarcasm: "Kubernetes is so easy to use that a company devoted solely to troubleshooting issues with it has raised $67 million," quipped Corey Quinn, chief cloud economist at IT consultancy The Duckbill Group, in a Twitter post on Monday referencing investment in a startup called Komodor. And the consequences of the software's complication can be seen in the difficulties reported by those using it.

    Continue reading
  • Infosys skips government meeting – and collecting government taxes
    Tax portal wobbles, again

    Services giant Infosys has had a difficult week, with one of its flagship projects wobbling and India's government continuing to pressure it over labor practices.

    The wobbly projext is India's portal for filing Goods and Services Tax returns. According to India's Central Board of Indirect Taxes and Customs (CBIC), the IT services giant reported a "technical glitch" that meant auto-populated forms weren't ready for taxpayers. The company was directed to fix it and CBIC was faced with extending due dates for tax payments.

    Continue reading
  • Google keeps legacy G Suite alive and free for personal use
    Phew!

    Google has quietly dropped its demand that users of its free G Suite legacy edition cough up to continue enjoying custom email domains and cloudy productivity tools.

    This story starts in 2006 with the launch of “Google Apps for Your Domain”, a bundle of services that included email, a calendar, Google Talk, and a website building tool. Beta users were offered the service at no cost, complete with the ability to use a custom domain if users let Google handle their MX record.

    The service evolved over the years and added more services, and in 2020 Google rebranded its online productivity offering as “Workspace”. Beta users got most of the updated offerings at no cost.

    Continue reading

Biting the hand that feeds IT © 1998–2022