Back to FTC Cover Letter

2.16 - How widespread is the practice of sending unsolicited commercial e-mail? Are privacy and other consumer interests implicated by this practice? What are the sources of addresses used for this purpose?

Comment -

The practice at the moment has become quite widespread and is increasing at an alarming rate. At the time of the last workshop in June 1996, the trend was becoming obvious, but had not reached epidemic proportions it has at the present. Prior to 1996, the practice was rare on any continuing large scale, so much so as to almost be a 'non-problem'. However, within the last 18 months we are now experiencing a situation where numerous 'bulk mailers' have been established solely for the purpose of sending unsolicited commercial advertising e-mail. A few have become quite visible and entrenched. Additionally, do-it-yourself bulk mail sending programs are commonly offered for sale (by the very medium of unsolicited advertising mail) which promise to allow anyone with an Internet account to send thousands or millions of unsolicited messages. All this is despite the fact that most responsible Internet Service Providers (ISPs) prohibit the practice by their customers and consider violation as grounds for termination of service. The situation has deteriorated to the level of a continual cat-and-mouse game with providers canceling 'spammer' accounts, and spammers using multiple providers, 'throw-away' accounts, resorting to forgery of mail header information to hide the mailing source, and re-emerging under different names once a spamming account is found and terminated.

There are significant consumer implications of this practice and the current situation. The primary one is that the usefulness of the Internet electronic mail system as a personal mode of communication is fundamentally threatened. As the number of junk mail messages becomes larger, users must wade through the unwanted garbage to read messages of interest. Often this process adds significant monetary cost to the receiver, since they pay for their Internet accounts, and often pay by the amount of on-line time or amount of data they download. Since mail storage space is finite, truly important messages may be lost should the mailbox fill with junk ads. Many view this unwanted intrusion into their mailboxes as an invasion of personal privacy as well. Despite claims to the contrary by bulk-mailers, demands to cease mailing are often ignored, and the very demand marks that account is one which is 'active' where mail is actually read, resulting in still more mail. Sale of address lists also represents privacy violation by further spreading a user's name to additional sources of junk mail. In addition, submission of a user's address to junk-mailers has been used as a revenge technique, the result being that the victim gets floods of unwanted mail.

The sources of addresses, as touted by many of the mail program sellers, the following:

• - Addresses 'harvested' from public newsgroup and discussion forums. Addresses may be obtained from the 'headers' of such postings, or from the body of the posted text. Thus someone not actively posting may have their address compromised by others just by having it mentioned. The number of newgroups, and the number of participants makes this source particularly attractive in terms of shear quantity. Such harvesting is routinely done by software which can scan across all newsgroups carried at a given site. Bulk mailers often make the claim that, by using the topic of the newsgroup where the address is found, a 'targeted' list of addresses is created whereby the mailer can allegedly send mail to only those expressing an interest in that subject. However, experience shows that such a mechanism is flawed at best, and the claim is viewed as just marketing hype by the mailers who sell the lists.
• - Addresses scavenged from World Wide Web pages in a similar fashion by 'web spiders' which are automated routines which examine web pages and strip out what appear to be mailing addresses from the content of the page. A number of products have been advertised by bulk-mailers which accomplish this task.
• - Addresses culled from various on-line directory listings such as Four-One-One, and other repositories of address information such as the InterNIC registry where contact listings of Internet registered domains are kept, or directories of online services such as AOL which allow 'Member Profile' information to be revealed to either members or non-members. In some cases, such directories state they prohibit use of the addresses for commercial purposes, but that restriction is not followed and is largely unenforceable. We have received mail as a direct result our entry on 'The List' an online listing of ISPs for example. Such mailings typically promote networking hardware, web creation services, and other ISP-related services, and a number of those contacting us admit they got our contact address there, despite on-line prohibition of such use by 'The List'.
• - Address lists are routinely sold among various bulk mailers, and to customers purchasing the bulk mailing programs. This situation compounds the ability of a user to get their address 'removed' from spammers' lists since it just gets re- added as lists from various sources are merged. Since the bulk- mail list seller promotes the number of names on the lists they sell, there is no incentive, or a negative incentive, to responsibly trim any names from the list.
• - Addresses submitted directly to mailers or posted in locations likely to be 'harvested' by those out for revenge against the party whose address they submit or post. The victim then faces floods of mail and difficulty getting off the mailing lists.

2.17 - What are the risks and benefits, to both the consumer and commercial entities, of unsolicited commercial e-mail? What are consumer perceptions, knowledge, and expectations regarding the risks and benefits of unsolicited commercial e-mail?

Comment-

As mentioned earlier, the fundamental risk for the consumer is the potential for floods of unwanted, unsolicited mail to overwhelm the recipients' mailboxes and effectively make Internet e-mail a worthless tool for personal communication. Further risk evolves for those who may actually lose valuable messages either by having them buried, or by having them actually be rejected from a filled mailbox.

Additional consumer risk arises because, to date, most of the observed unsolicited mail is marginally, if not outright, fraudulent. The 'high-tech' aspect of the Internet has given rise to re-emergence of the classic scams and snake-oil peddlers widely cautioned against in other media. Frequently, mailings promote flashy and impressive looking web pages to further lure the consumer into the scam. It is nearly impossible to sort legitimate offerings from the scams and come-ons. As a result, we caution our subscribers to treat ALL unsolicited advertising e- mail as a scam and to not respond to it. Products or services routinely advertised by unsolicited commercial mail include:

• - Quack medical products and 'wonder' cures, vitamin/food supplements, etc. which promise results and often don't provide required mandated medical or ingredient information.
• - Stock and security announcements or investment scheme offers not in keeping with Security and Exchange Commission guidelines regarding information to be disclosed in such offers.
• - Adult phone services or adult content web site promotions. The non-targeted nature of these mailings often result in recipients being offended, and the possibility of the mailing reaching minors is significant.
• - Ponzi, pyramid, and chain letters of the classic 'add your name at the bottom and remove the top one' variety. One 'high- tech' variant of this scheme involved 'selling' duplicated computer disks containing the list of names as a 'software distribution business' since the addition/removal of the names was done by a program also on the disk.
• - Make Money Fast schemes offering classic 'work at home' plans (envelope-stuffing, etc.), real estate courses, and other offerings which are widely cautioned against as scams by consumer groups and the National Fraud Information Center.
• - 'Own your own 900 number' schemes whereby the applicant gets a 900 phone number 'announcement' service either free, with some fee, or along with the purchase of some manual or advertising materials. The applicant is then responsible to promote 'their' number, from which they get a portion of the number's generated profit. Often the recommended promotion technique is to further spam-advertise the number by e-mail or Usenet newsgroup postings.
• - Multi-Level Marketing (MLM) schemes of all sorts, most not providing the basic information required by the Federal Trade Commission Franchise Rule.
• - Offers for products at 'discount' such as computer parts which, when compared with other sources offer no real saving and often higher prices than would be paid by a careful shopper.
• - Offers of bulk-mailer programs which openly tout their ability to circumvent Internet service provider restrictions on sending unsolicited mass mailings, and highlight the bogus information they insert into mail headers to disguise the source from tracing and accountability.
• - Offers of mailing lists containing thousands or millions of names and addresses to use with bulk mail programs.
• - Offers of complete bulk mailing/spamming services by spammers themselves, such as Cyber Promotions' 'ISPam.net' spamming network.

Risk to the commercial community is simply that the trust of consumers is lost by the preponderance of scam and fraudulent offers currently representing the majority of unsolicited mail. This lack of trust coupled with the pure animosity raised against the mail in the first place, causes many receiving such mail to boycott the advertiser entirely, respectable company or not.

From the ISP perspective, the practice degrades the quality of service which we can offer to our subscribers. Should subscribers find the electronic mail service they obtain from us to be of little worth due to being overwhelmed with advertising, they will cancel accounts and/or move to other providers in attempt to 'start-fresh'.

2.18 - What costs does unsolicited commercial e-mail impose on consumers or others? Are there available means of avoiding or limiting such costs? If so, what are they?

Comment -

The cost of receiving mail over leased communications lines, storing it, filtering it (if such is implemented), administrative time needed to respond to subscriber inquiries and complaints about unwanted mail are all contributing to higher ISP operating cost, which ultimately must be passed onto the subscriber as higher fees for online accounts. The situation with CompuServe and AOL being inundated with junk mail reached such proportions with one junk-mailer that they sued and won at least some injunctive relief from that source. For the smaller provider which lacks the legal resources needed to mount challenges to each of the many emerging mass-mailers, the problem is even more significant. Currently, organizations such as the Internet Service Provider Consortium (ISP/C) are considering how smaller providers might cooperate to combat this growing scourge with possible legal class action.

The added costs of dealing with the rise in unsolicited commercial mail represent an uncompensated, forced subsidy of the junk mailers' advertising campaigns by ISPs who are targeted by the mailings. It is also seen as a theft of service when communications bandwidth, processing power, and storage capacity are used without compensation by those who are not paying for such use. In many cases, the bulk mailer exploits the basic mail 'relaying' capability of the mail system to actually make an unsuspecting, unwitting, third party's machines handle the brunt of the task of delivering the thousands or millions of mailings. It is the relaying machines which must labor to deal with delivery, mail bouncing from bad addresses, and repeated attempts to deliver to inaccessible sites. Often, the forged headers in the mail also result in floods of complaints directed against the 'apparent' source of the mailing, the innocent third-party whose machines performed the relay. That unlucky provider must then work to clean up the resulting mess and attempt to restore their damaged reputation. They also must implement security measures, upgrade software, and devote other system administrative time and expense into trying to stay a step ahead of the spammers.

In our experience, talking with subscribers, other providers, and net users working to combat unsolicited commercial mail, the consumer's perspective on the practice is that it is an annoying invasion of privacy, a practice which reduces the usefulness of e-mail to communicate, and which will raise his cost of service. There are no real perceived benefits under the current situation. The very few users who may get a legitimate, honest offer from some company, then respond and obtain a satisfactory product or service are minuscule in number compared to the number facing the opposite fate of continued harassment by mailers and being sucked into fraudulent scams.

Loss of consumer confidence and good will, translated into lost sales, also hurts any business which is mistakenly lured into attempting to use unsolicited mail advertising. Bulk mailers readily admit the response rate is low, and they tout the numbers which receive the mailings as the offsetting factor. However, there are numerous examples of businesses which have used this method of advertising and have found it unsatisfactory. Thus, the practice is limited mostly to the uninitiated, those willing to accept a large percentage of angered recipients for the sake of a few orders, or the hard-core scam artist.

Regarding limiting the cost, the most effective from the provider's perspective is to simply block all known junk mail sources from access to the provider's network. However, this alone represents added administrative cost to continually monitor, respond to complaints, and adjust the blocking/filtering parameters for new sources. The most effective way to limit the cost to both provider and end recipient is to eliminate the practice of unsolicited advertising by e-mail completely.

Since e-mail is fundamental in any online-service offered to subscribers, doing away with mail service entirely is not a viable option.

2.19 - Are there technological developments that might serve the interests of consumers who prefer to not receive unsolicited commercial e-mail? If so, please describe.

Comment -

The method most often pointed to by those wishing to somehow legitimize the practice of unsolicited advertising e-mail is filtering within the recipient's mail reader program. By far, not all, mail programs offer such features, but some allow rather sophisticated screening and selection techniques based on matching filter parameters against selected items in the mail's header. The matching can thereby sort the mail and divert junk mail to special folders or trash it automatically. The main problem advocates of this approach avoid discussing is that the receiver has already paid the cost of receiving the 'postage-due' advertising before they have a chance to filter and trash it. If the mail must be batch-downloaded over long distance, metered ISDN, or other pay-by-time or pay-by-byte connection, this cost becomes significant. Spammers often claim that most have 'unlimited' connections now, but this is simply not the case for the rest of the world, nor is it a valid argument for the US in many areas or for travelers who face toll or other metered phone charges to make a call to retrieve mail. Regardless of the phone or provider rate involved, flat or otherwise, the portion of those charges taken up by unwanted junk mail transmission is still paid by the recipient and represents a forced subsidy by the reader to pay for the advertiser's e-mail campaign.

Similar filtering techniques are possible at some provider's installations, either on a global scale for all the ISP's customers, or for selected ones. This approach may allow for filtering the mail prior to end-recipient download, but the cost of reception, storage, and processing are still borne by the provider (and ultimately the consumer).

Still more stringent methods are available which allow a provider to totally block mail or any other traffic from known spamming domains. These methods would save the majority of processing and storage costs associated with actually receiving and dealing with junk mail, but a total block would also reject any legitimate mail from the blocked source.

The drawback, for all the filtering methods discussed above, is that spammers are continually mutating the headers of the mail, changing mailing source domains, or otherwise making themselves a continually moving target to evade filters and blocks. Cyber Promotions, for example, has dozens of domain names registered to it, and prior to a court settlement with AOL which restricted the mailing domains Cyber Promotions could use to send to AOL, was registering new names as AOL entered older ones into their blocking filters. Obviously, this cat-and-mouse game becomes expensive and time consuming for both the provider and/or the end recipient to continually modify filter parameters. There is no single or simple technological solution for this situation: as long as spammers can obtain new sources and use new names from which to mail, receiving-end filters will be ineffective in stopping all unwanted junk mail from getting through.

Various 'tagging' solutions of varying complexity have been proposed to allow easier and more consistent filtering. The simplest is to put some tag, such as {B}, in the subject line of any bulk mailing. Supposedly, this would be an easy tag to use to filter on. Other schemes become more complex, offering to include within the tag more information about the sender or the subject of the message, thereby allowing more 'selective' filtering by those who might want junk mail on one subject but not others.

One particular tagging/filtering scheme attempts to allow filtering early in the mail delivery process and tries to minimize the requirement to actually have to receive and store the entire message. However, this scheme would require an entire new set of Internet mail protocol standards to implement. Given the millions of computer systems online, some with very old operating software, fully implementing such a scheme so that it would become universally available and effective will be both extremely costly and time consuming.

Other schemes involving dedicated 'spam-me' addresses, or special spam mail delivery ports on providers' machines have also been proposed.

All these schemes have differing relative potential advantages, but none adequately address the issue of recipient cost either to implement the scheme itself, or to continue to receive, store and process floods of unsolicited, unwanted advertising mail.

Filtering/tagging schemes do not effectively address the issue that junk mail advertisers have no incentive whatever to tag their mail so that it can be trashed unread. These spammers tout the numbers they mail to, so they have every incentive to keep mailing lists large, and to evade any filters and blocks to reach the most readers. Nor do they address the 'one-shot' spammer who uses throw-away accounts and other evasive measures which aren't repeated.

All of the possible schemes above would require force of law to ensure spammer compliance in order to be reasonably effective. Given the extent to which the unscrupulous spammers are going through now, voluntary measures simply will not work.

Technology alone cannot make an irresponsible bulk mailer into a responsible one. 'Responsible unsolicited advertising' is an oxymoron.

2.20 - How many commercial entities have implemented the Principles for Unsolicited Marketing E-mail presented at the June 1996 Workshop by the Direct Marketing Association and the Interactive Services Association?

Comment -

This is difficult to determine with certainty from the perspective of a small provider or consumer. Experience indicates very few, if any. What few there may be have likely generated few complaints. However, the number who have NOT implemented such principles are, in the damage they do, causing enough problem regardless. Note that nearly all the junk mail has some sort stated of 'opt-out' provision, making the receiver send back a 'remove' request following some set of instructions. Experience, again, has shown that these provisions seldom work, or if they do work initially, they don't for very long. Therefore, we have come to advocate only the clear 'opt-in' approach where commercial mail should legally only be sent to those who explicitly request it.

We are also seeing a rapid increase in the 'one-shot' mail, which proclaims that the recipient is 'not on any list' and that there is no use responding as 'this is the only mailing you will receive'. Often such mailings proclaim they have no ability to process any response at all (which given that much of the origin information is forged and bogus is quite true). Of course, the sender of such 'one time' mailings simply changes providers, forges new bogus source information, and sends again. In a discussion with one provider who hosted such mailing operations, they admitted directly that this was the intended method of operation. Even if lists were indeed not re-used, the probability of being on the next list obtained is high. The business of unsolicited commercial mail is rife with the unscrupulous, and any 'voluntary' code of ethics or suggested guidelines for responsible behavior are simply ineffective.

The only viable solution to this problem is a strict 'opt-in' scenario whereby individuals *ask* for mail on subjects they want to hear about, while banning *unsolicited* advertising as a whole. Given the resources and abilities of the World Wide Web, it is entirely possible (and easy) to search for and get information on any subject under the sun. It is also possible to query those sources and get *solicited* responses. Any advertiser wanting to reach large numbers need simply place his information onto the web where it can be found by those wanting it. At least one bulk-mail operator also provides indexed subjects whereby advertisers receive pre-screened lists of addresses from people who have actually *asked* to receive mail from multiple sources on that subject.

3.16 - How widespread is the practice of sending children unsolicited commercial e-mail? Are privacy or other consumer interests implicated by this practice? What are the sources of e-mail addresses used for this purpose?

Comment -

There is no indication of a potential recipient's age in an e- mail address, therefore it is impossible given a list of addresses to sort out which might belong to minors. Therefore, how widespread the practice is would be difficult to estimate with accuracy. Presumably, lists might be developed using the techniques discussed in earlier comments, but attempting to use sources with high numbers of children in the audience. Examples might include web pages of schools, newsgroups with primarily young appeal, etc. This sort of approach would yield spotty results. The same issues regarding unsolicited mail cost issues apply here, though the parent would be paying in most cases.

3.17 - What are the risks and benefits, to children, parents, and commercial entities, of unsolicited e-mail directed to children? What are parents perceptions, knowledge and expectations of the risks and benefits?

Comment -

Again, the risks parallel the adult case previously discussed. However, the younger target audience could even more easily be lured into buying into scams or purchasing unnecessary items. From a parent's perspective, it potentially could be like taking a kid to a toy store and having them suddenly want everything in sight. Given the low scruples of those already advertising by unsolicited e-mail, the quality of anything offered for sale would likely be low quality and a disappointment.

3.18 - What costs dies unsolicited commercial e-mail directed to children impose on children, parents, or others? Are there available means of avoiding or limiting such costs. If so, what are they?

Comment -

The costs parallel the adult case previously discussed. Added cost would be likely due to the child's pressure on parents or guardians to purchase items advertised in this manner. There is a way to avoid these costs: Eliminate unsolicited e-mail advertising as a legal form of reaching any audience.

3.19 - Are there technological developments that might serve the interests of parents who prefer that their children not receive unsolicited commercial e-mail?

Comment -

Tagging and filtering, along with their limitations have been discussed earlier. The situation becomes more complex in the case of minors because parents might wish to shield them in more complex ways than they might choose for themselves. Any number of scenarios might be proposed, all of which would complicate the task of screening the mail, perhaps into the body of the message as opposed to just the header and subject. While some filtering technologies are emerging for the World Wide Web and Internet site access in general, it's not known if any of these products or approaches is specifically addressing e-mail.

3.20 - How many children's commercial Web sites have implemented the Principles for Unsolicited Marketing E-mail presented at the June 1996 Workshop by the Direct Marketing Association and the Interactive Services Association?

Comment -

I've not the slightest clue, although I expect few. I would also expect that determining this with any certainty would be an impossible job without dedicated studies being performed.

Back to FTC Cover Letter

PUBLIC NOTICE: Use of Tigerden computer and network facilities for the purpose of transmitting unsolicited commercial advertising electronic mail to any user or account on or through Tigerden machines is expressly PROHIBITED. Appearance of any e-mail address on these pages does *NOT* constitute solicitation of advertising email.

Last revised: 22 Apr 1997