Spammers break law with covert tracking

They couldn't care less

Many spammers are ignoring laws forbidding them to insert covert tracking codes in their messages, according to a survey by out-law.com, the IT and ecommerce legal service arm of law firm Masons, and network security outfit iomart.

The survey highlights how spam messages often contain covert tracking codes which enable senders to record and log recipients' email addresses as soon as they open a message.

Such spamming techniques, often used by spammers to identify active accounts, are well known. Although iomart's investigation yields a little more insight into this (more anon), we'll draw your attention first to Masons' assessment of the effectiveness of laws on unsolicited commercial email.

The Law and Spam

There's certainly no shortage of UK legislation applicable to spam. Depending on how the email addresses were obtained and the manner in which spam is sent, there may be a breach of the Data Protection Act.

Also relevant is the E-mail Preference Service, a list to which people can add their email addresses to say that they do not want to receive email marketing - although it lacks any legal weight, Masons' reckons.

Then there are the UK's recent ecommerce regulations, which mandate that all unsolicited commercial email must be clearly and unambiguously identifiable as such.

A European Directive on the protection of privacy in the electronic communications goes further than this. It requires that the UK to ban all forms of unsolicited commercial communications (emails, text messages, faxes or telephone calls) aside from those sent through opt-in lists. The UK is obliged to introduce laws to this effect by November.

419 fraudster taken to court for spamming? Don't make us laugh

Plenty of legal bullets to fire against spammers then, we may think? But these laws are nearly unenforceable, Masons believes.

"The problem with the type of spam that clogs up our inboxes is that the people sending it could not care less about the law," says Shelagh Gaskill, a partner at Masons.

"Much of what they're promoting is illegal anyway, so they're not going to take much notice of laws from the UK, EU or anywhere else. Occasionally, a spammer will be caught and successfully sued. But this is not a viable option for most people."

"It's important that there are laws against pure spam - it must be deterred; but it's also vital to protect the right of companies to market their products legitimately. The best way to deal with spam is not in court; it has to be found in technology," she adds.

Technology is the answer! Not

Ah technology, yes. But as even iomart (which like world+dog is developing filtering technology itself) admits spam filters are unreliable. Filters sometimes lead to the "loss of legitimate business communications, unless someone examines all filtered email," (which kind of defeats the object), iomart warns.

To investigate spamming techniques, iomart set up dummy accounts to find how people's actions on receiving spam affected how much crap they subsequently received.

It found that 83 per cent of unsolicited commercial HTML emails sent to these accounts contained hidden tracking codes that notified the spammers as soon the messages were opened.

Opening such messages (even in the Outloook/Outlook Express preview pane) results in yet more junk, natch, thanks to information gleaned through the hidden tracking codes.

After a two-week period of opening all the spam it received, iomart's team found the volume of spam received by the dummy accounts virtually doubled.

Next, the team 'sterilized' the spam flowing into the decoy accounts, using iomart's technology to remove hidden tracking codes. During the next few weeks there was a slight but steady decline in the mountain of spam being received.

iomart (unsurprisingly) concludes spammers use hidden tracking codes to target further assaults. For a third trial period, spam email was bounced.

Predictably, based on iomart's earlier findings, there was a marked drop in the number of spam emails being received.

The decrease in spam emails started almost immediately, and after about two weeks the volume being received had decreased by about 40 per cent. iomart did, however, notice an increase in the number of domain spam was originating from.

It reckons this was a sign of spammers trying to fox blocking mechanisms based on domain name alone.

After all this iomart's basic advice is simple: do not open spam if you want to minimise it.

Iain Richardson, a software developer with iomart, comments: "A lot of spam is evident from the subject header and sender's name. If you suspect it's spam, the easiest thing to do is to delete it - otherwise you're letting the senders know that you exist and you will receive more."

Indeed.

But to all spam messages are easily recognised as such, which leaves the option of applying filters. But spam filters are far from perfect...

Hang on a minute, isn't that where we came in? ®

Related Links

The spammers are watching you, Masons/iomart survey
Show 419 spammers what you think of them with our exclusive T-shirts, from Cash 'n Carrion

Related Stories

We hate Spam (email your friends)
Climbing Spam Mountain
Porn spam on the rise
Where the heck is aall this spam coming from?
Plaid up in arms as Commons spam filter bans Welsh
Anti-spam filters kill legitimate email
BTo anti-spam move kills its users' mail servers
Messenger Pop-up Spam makes us sick
Europe bans spam
Text spammer fined £15,000

Sponsored: How to determine if cloud backup is right for your servers