Common Myths About Spam
Myth 1: The spammer won't find out your email address if you don't open the spam.
Although opening an HTML email can send
information back to a spammer, the spammer already knows that he has reached a
“good” email address long before you open his spam. The way email is sent and
received follows a set of rules called SMTP, which stands for Simple Message
Transfer Protocol. When email is being sent and received, there is actually a
dialog between the Sender’s Email Server and your Email Server, which probably
resides at your Internet Provider or business. The dialog goes something like
this:
Sender’s Server: Hello, I have an email to send.
Your Email Server: Ok
Sender’s Server: The email is from joe@joespammer.com
Your Email Server: Ok
Sender’s Server: The email is to username@isp.com
Your Email Server: Ok. Send the email.
This is the moment when the spammer knows
that he/she found a “good” email address. What will the spammer do with your
“good” email address? He will sell it to many other spammers and advertisers
because it is a known valid email address. How do you prevent a spammer from
finding out your “good” email address? Your email server must determine if an
email is spam before it replies to “send the email”.
Myth 2: Filtering email for questionable content will stop spam.
Content filtering is the most commonly used method for blocking spam. There are
numerous filtering techniques, with some that “learn” each user’s definition of
spam. Although filters are updated constantly and filters may block spam for a
week or two, spammers quickly add new tricks to pass through the filters
undetected.
Filtering is trying to “keep up” with the spammers, but it will always be a
reactive method, not proactive. As explained in Myth #1, filtering cannot stop
spam because email servers must accept all email before filtering it.
Filtering actually encourages spam because the spamming programs discover “good”
email addresses when their email messages are accepted to be received. Stopping
spam only occurs by preventing the spam from leaving the spammer’s server.
Myth 3: Greylisting can stop spam.
Greylisting is a fairly new technique which is related to whitelisting and blacklisting. When a new email arrives from an unknown IP address, the receiving email server rejects it with a “try again later” response. Currently spamming programs are not written to “try again later”, but a valid email server will try sending the email later.
As with most other spam-blocking methods, spamming programs will eventually adapt to resend their spam hours later and pass through the greylisting block.
Myth 4: The CAN-Spam Law Will Stop Spam.
The CAN-Spam law actually allows people to spam, as long as they follow certain rules. CAN-Spam requires that spam e-mail include a working return e-mail address, a valid postal address for the sending company, a working opt-out mechanism, and a relevant subject line. Basically, unsolicited commercial email is allowed as long as it meets the CAN-Spam guidelines.
In addition, much of the spam received in the United States comes from overseas, and those that operate in the U.S. can easily move offshore, if necessary. Even when a U.S. spammer is caught, it may still be hard to enforce the law and collect any fines.
Myth 5: The Do Not Email Registry Will Stop Spam.
The Federal Trade Commission recently announced that a national do-not-spam list would make the spam problem worse, not better. According to the FTC, spammers could use the registry as a source of valid email addresses.
The full report by the FTC to Congress
Myth 6: Yahoo’s Domain Key and HotMail’s Sender Policy Framework (SPF) Will Stop Spam.
Yahoo’s DomainKeys and HotMail’s SPF depend on legitimate email servers to incorporate an authentication record that is attached to the server’s DNS record. In theory, a receiving email server would reject all email that was not sent by a server with a DomainKey or SPF. In actuality, private and small business email servers do not have the IT expertise to incorporate a DomainKey or SPF. This would cause all email from them to be rejected by large corporate email servers which require such authentication.
Like the CAN-Spam law, the DomainKey and SPF would only stop illegitimate email. Unsolicited commercial email from legal companies would still be accepted. To most users, unsolicited commercial email is still SPAM.
If DomainKeys and SPF are adopted as the standard, it will take years to update all email servers.