Alastair Tempest says regulators and international authorities battling spammers need increased industry support to help win the fight.

Monty Python, that whacky UK television programme from the 1960s, is going to make a small comeback I see. In some ways it never went away – the popularity of its theatre show ‘Spamalot’ is phenomenal. This brings me to my chosen topic for this month’s rant – spam.

Spam and the spammers have certainly not gone away. The days of millions of completely untargeted junk from anyone with a PC and an old list of email addresses has faded.

Filters by ISPs, Access Providers and companies significantly cut out the amateur spammer.  These did much more than the regulations introduced by the EU, the USA and elsewhere to ‘can spam’. The famous ‘silver bullet’ promised by the European Commissioner of the day in 2002 to kill spam by legislation was good political spin and not much more.

What has happened since 2002, however, is the growth of a real, exceptionally well organised ‘business’ of spam, run mainly by eastern European or Chinese mafia. It is very profitable: the US Federal Trade Commission in its case against one vast Ukrainian ‘business’ this year estimated a revenue of more than $100 million, with the product (a false software patch, sometimes called Win Fixer which costs the victim about $50 to download) operating out of about eight centres around the world, in 18 languages, and using more than 1,000 brands or domain names for the product.

Some of the sharpest and most talented IT programmers work for these mafias. They use ‘botnets’ (also known as zombies), which infect and inhabit a PC and then can be activated automatically to relay spam, transmit viruses and spyware, launder money and so on; and use an armoury of other malware and spyware on captive individual PCs and also company servers; or to set up ‘malvertising’ on real websites, which misdirect those who
click on a link into the spammers’ clutches.

This organised, efficient and very serious world of spammers has some of the most avid users of direct marketing techniques. They test, they try different targeting and segmentation approaches based on sophisticated profiling, they often nurture their unaware ‘customers’, holding on for months or even years to captured PCs and leaching them dry of information (financial reports, databases, bank account details, etc).

Take a strong stance
Our business has to be aware, and take a strong stance against spam. We cannot afford to sit on the sidelines and expect the regulatory authorities to solve the problems. The regulatory authorities are often hampered by the complexity of international jurisdiction. Fraud may be a criminal matter in one country, an administrative issue in another. Even within countries the different authorities often fall over each others’ feet – and there are many potential players: the telecom authorities, data protection authorities, financial services authorities, consumer ombudsmen, judicial police, anti-fraud police, anti-mafia police . . .

Authorities such as the US Federal Trade Commission and a few active national authorities in the EU, are being successful at shutting down some spammers, when they can get hold of them, or blocking off their access, but they need industry support to help identify spammers, give early warning of attacks, check that their own security systems are properly protected, check their websites regularly for malvertising and so on.

The French government/industry Signal Spam project, in which the French DMA is very active, is funded by industry and gives early warning of attacks and provides information and advice to the public. There are ways to ensure that bona fide email marketers are certified and not filtered out by Access Providers and ISPs. And soon, the new EU laws will allow anyone whose business has been damaged to take out cases against the spammer. This remedy is only allowed at present in some EU member states.

We need to be vigilant whether we are emailers, or e-commerce businesses, list brokers, fulfilment houses, database managers, or even printers, mailing houses or postal operators. 

All the DM industry has to be very aware of the dangers spam poses for consumer trust, for ourselves as businesses (infecting servers, stealing data, etc) and for ourselves as consumers and citizens. We need to be vigilantes and defend our community from the bad guys.

This is serious stuff: are you with us?