Everyone knows spam when they see it, but what is spam? The most widely accepted definition comes from Spamhaus, an international nonprofit organization that tracks spam. They define spam as “unsolicited bulk email.”
But when is spam not spam? There are two key tests to apply when checking if an email is spam: Is the email unsolicited, i.e., did the recipient consent to receive the email? And, was the email sent in bulk to many recipients?
Many of us give consent to receive bulk mail, like newsletters and even commercial advertisements, from our favorite retailers. But there are some gray areas when it comes to the words ‘consent’ and ‘bulk.’
For example, some retailers may feel it is acceptable to send commercial mass mailings to their previous customers believing there is a commercial relationship. But many of those customers may feel they have been spammed since they never expressed consent to receive bulk mail. The retailers’ defense may be one of implied consent as part of a commercial relationship, or to cover this issue in a clause in their legal terms and conditions. However, recipients may feel aggrieved having never been given the chance to give or withdraw consent.
Equally, some scam emails are written to be unique and sent to a handful of individuals or even a single person. Certainly there has been no consent given by the recipient to receive these mails, yet the emails have not been sent in bulk. Nevertheless, they are still considered spam.
Newsletters to which a recipient has subscribed, but later decides they no longer want, do not qualify as spam. In this case, the recipient must contact the sender to withdraw their consent and unsubscribe. Likewise, some people sign up for email lists in exchange for points and prizes. By signing up for such services, the recipient is giving their consent to receive bulk emails.
In my own personal dealings, I find it most useful to be wary of signing up for online programs, and also to pose the question: ‘Did the sender intend to spam?’ If the sender knew they were spamming and tried to disguise their message or hide their identity to evade spam filters, then this is clear evidence that the email is indeed spam.
In one example, spammers disguise certain keywords that may be detected by traditional spam filters. Attempting to evade a spam filter is a sign that the sender knew they were spamming.
In other instances, senders not only misspell keywords, but also replace certain letters with other characters, again, in an attempt to disguise the content. In these messages, the spammers include a large chunk of apparently random text to try and fool spam filters into believing the content of the email is innocuous. Spammers also often include fake ‘From’ addresses in their emails so that they cannot be traced.
Most developed nations have implemented anti-spam laws that establish minimum requirements for commercial emailers, such as the recently updated CAN-SPAM Act of 2003. However, enforcement is often patchy and some conflict remains within businesses about what exactly constitutes spam.
Almost all spam contains some clues that ‘give away’ the email as spam. If you do send legitimate bulk email, by ensuring that your emails are open and honest about their origin and content, your communications can avoid being incorrectly tagged as spam.
The best way of avoiding spam filter detection is to make sure that your recipients opt in for your emails. Ensure that you have their clear, expressed consent to receive bulk mail, and make it easy for them to unsubscribe if they change their minds. Of course, when in doubt, the best advice is to use common sense and basic email etiquette, and always comply with local privacy and spam legislation.
Martin Lee is a software engineer at MessageLabs.