Spam between Law and Reality

Spams, extolling the merits of some types of products or services, encumber mailboxes. In light of the existing laws in France and the European directives in place, spam is illegal. However, illegality does not prevent their issuers from pursuing their activities. The development of this advertising medium is mainly due to the expertise and the professionalism of spammers who, in order to reach a maximum public, use sophisticated techniques allowing to enrich their address books, on the one hand, and regularly create new forms of spams to bypass the filters anti-spam and optimize as a result the rate of delivery of their messages, on the other hand.


Introduction
Advertisers use several media-leaflets, the direct mail advertising, the posting on signs, the TV screens placed on the places of sale and the internet.Advertising on the internet, in comparison with other techniques, has the following characteristic: high effectiveness with lower costs while answering perfectly to the various objectives of the advertising executive.Advertising on the internet constitutes a privileged means which allows the promotion of services or products offered by the advertiser.According to TNS Medium Intelligence, a firm specialized in new advertising technologies, the advertising on internet records a strong progress since several years.In 2008, the market of this sector represents 3.7 billion euros against only 1.6 billion euros in 2006 and 1.1 billion euros in 2005.However, this tool of advertising has not always evolved in the right way (i.e advertising flags, sponsored links) and many people have quickly learned how use excessively these means, and as a result, they gave birth to the "Spam".
The spam tends to promote a certain range of products and services without taking into account the language or the geographical position.The movement of spams is in progress; spam became a true plague of internet and electronic mail.According to a report published by Commtouch Software (Rudiger, 2006), a world leader of the solutions anti-spam, the rate of spams reached 96% of the total e-mail traffic in 2007, against only 62% in 2006.
In order to reach a maximum public, the spammer needs to enrich his address book.For that, he uses various techniques, such as sophisticated software which run the web pages, the forums, the chats… He can also buy lists of e-mails or pirates the waiters of accommodation's mails.
The constant increase of spams, very broadly broadcast, does not any more allow considering these phenomena as negligible quantity, and leads us to wonder on two questions.Firstly, what are the specificities of functioning of this technology which allows having such development?And, secondly, what about the French legislation on spam?The research articles that have addressed this subject are very recent (Bohme and Holz, 2006;Frieder and Zitterain, 2007;Bouraoui, 2007 and2009;Hanke and Hauser, 2008;Nelson, Price and Rountree, 2009).However, these authors were interested in a particular subject of spams, namely the stock spams, and have studied their impact on financial markets activity.Their results show that stock spams affect very significantly the characteristics of the financial securities, which demonstrates the effectiveness of this technique like an advertising tool.Therefore, understanding the mechanism of this technique and its development over time are interesting topics.This paper answers to the following issue.In what consists the activity of advertisers who practise the spam to broadcast their ads, and how explain the development of this advertising support facing the ban of French law for this activity and anti-spam filters?To do this, the suite of this paper has the following structure: the next section defines spam while coming back on the origin of this word.The third section presents spam in point of view the law.Section 4 focuses on the activity of spammers.The various forms of spam created by the advertisers will be developed in the fifth section.Finally, section 6 concludes the article.

Definition and origin of the word "spam"
Spam, the English word of computer jargon, called also spamming, junk mail or UBE (Unsolicited Bulk E-mails) is used to designate unsolicited electronic mails, sent in bulk and having an advertising or commercial character."Spam" comes from a very popular sketch in the Anglo-Saxon world accomplished in 1970 by troops of English comic actors, called Monthy Python.During this sketch, the word spam (contraction of "spiced ham", English mark of ham) was constantly repeated in order to encourage the viewers to become consumers.Because of the repetition that turns to the absurd, and at the same time in remembers of the mark of the product that suffered a little, that these messages ended up to be baptized thus.
The birth of the spam goes back to 1978 (Templeton, 2000) when Gray Thuerk, marketing manager of Digital Equipment Corporation (a U.S computer company) had the idea to retrieve the addresses of 600 users Arapnet (name of the Internet at that time, dedicated to some American universities and military bases) in order to send them the same message.He is regarded as the founding father of the spam.At that time, the spam was not yet of actuality.In 1994, we noted the first commercial massive sending of spams when two American lawyers, Laurence Canter and Martha Siegel, sent thousands of e-mails to the immigrants seeking to have the work permit or Green Card in the United States.This operation aims to promote the juridical services of their office, which offers to these addressees a participation in the drawing of green cards after payment of fees.A few weeks later, and following the enormous benefit that they have collected after this advertising campaign, they have transmitted their knowledge to the future spammers by publishing a book entitled "How to make a fortune on the information superhighway".Since 1997, the spam has been considered as a true problem, and the Real time Black List (RBL) or blacklist appeared in the same year.
Spams can have several themes or subjects.Thus, we can distinguish messages which offer products for adults (pornography, matrimonial services), financial products (loans, mortgages), health products (diet, hormones),… etc. Nowadays, these messages are sent massively and automatically, and often with dishonest intentions.According to the American journal New Yorker (August, 2007), more than 100 billions of spams are sent every day in the world.This number represents 90 % of traffic e-mail (Hsu, 2007).In 2004, this rate was only 70 % against 5 % in 2001.This increase is largely explained by the low cost associated to the sending in bulk of unsolicited messages: Judge, Alperovitch and Yang (2005) state that the sending of a spam costs approximately 2800 times less expensive than the sending of a regular mail (see table 1).They also show that people who send mails, called direct mailer, need an answer rate of about 2 % so that the advertising campaign, object of mails, bring them a benefits.In contrast, for the spammers, an answer rate, ridiculously low, of about 0,001% is enough to make for them gather colossal benefits.
Table 1 here The spammers, seduced, have quickly adopted this technique to promote all and anything, which has further amplified the movement of spams.The increase of this activity leads us to wonder about the reaction of the law in order to fight against this phenomenon.

Spams and the French law
Some countries try to regulate spam through legislation (Moustakas, Ranganathan and Duquenoy, 2005;Park, Kim and Kang, 2005).Juridically, a spam can be defined as a message which was sent without respecting the rules of law relating to the consent of the recipient.Moustakas, Ranganathan and Duquenoy (2005) provide a comparison between the anti-spam legislation of the European Union, Australia, Canada, USA, Japan and New Zealand.They find that Canada has the highest number of directives to fight spam.To spammer, collecting e-mail addresses is required.However, the e-mail is a personal and nominative data.So, its collection should be regulated.For that, the law created in 1978 the first independent administrative authority of France charged to look after the personal data and privacy, namely the National Commission of Computer science and Freedom.This organization imposes that the personal data are collected for specified, explicit and legitimate purposes, and are not processed in an incompatible way with these finalities.
In 2002, France adopted a specific directive on spams and the sending of unsolicited e-mails by enacting a new article L34-5 of the Code of posts and Electronic Communications which is based on the European Directive of July 12, 2002, and which prohibits «…direct marketing through an automated call, fax or e-mail using any form whatsoever the coordinates of an individual who has not expressed his prior consent to accept direct prospecting by this means».This prohibition was, in the spirit of the law, supposed to protect only the private individuals and does not refer to the companies.For that, the French law set up two basic rules concerning the sending of prospecting e-mails.The first one is the opt-in, for the individuals, which allows the sending of prospecting e-mails if the addressee agreed to accept it and if the broadcasting organism shows clearly its identity.The second one which is the opt-out is adapted to the professionals and consists in the fact that the recipient must have the possibility to stop, in a simple way and without cost, the sending of e-mails.In other words, for the personal e-mail addresses (opt-in), the authorization of the recipient is required before sending him an advertising e-mail.Whereas for the professionals addresses e-mails (opt-out), this authorization is not required if the advertisement is related to the profession of the recipient, but this last has the right, if he wishes, to unsubscribe in order to stop receiving messages.The non respect of these rules involves an infraction and leads the spammer to pay a ticket of 750 euros per spam.
These measurements taken by the French legislation protect principally the addressee of the electronic message, who is able to make a complaint for illegal use of his personal data.However, the prejudice of the provider of messaging is very difficult to make recognize because it is not born from a particular message but from their accumulation.To fight against the plague of spams, these providers develop technical solutions which are generally expensive.Here, the law plays a crucial role because even if it does not protect in a direct way the technical providers, the latter will be automatically saved if the spam measurements are effective and, consequently, stop the movement of spams.
Unfortunately, all the directives adopted by the law to struggle against the undesirable messages did not prevent the spammers from continuing their activities, and French law shows its inability to counter this nuisance.Then, in what consists such activity which escapes the law?This is the subject of the following section.

The activity of spammers
Spammers use specific programs to generate and transmit billions of e-mails which are sent every day.That requires a considerable investment in time and money.The spammer's activity is summarized in three stages:

Collecting e-mail addresses
To create and enrich their address books, spammers use several techniques: ¾ They buy e-mail lists from the providers of e-mail addresses: the latter resell whole or part of their lists of subscribers to a third, who resells them to another, etc.Finally, the addresses are diffused in several copies on the net.This operation can be made in legality.
¾ They use specialized software which runs web pages, forums, blogs and chat sites.They search especially the fields `@ ' and `mailto' in the visited pages.
¾ Spammers use also some softwares which enable to generate randomly addresses.By using all the possible combinations between the most current last names and first names (last name_first name, first name-last name,…, etc), on the one hand, and on the other hand, the domain name of providers (@yahoo.com,@hotmail.com,@gmail.com,etc), they generate thousands of addresses e-mails which are most likely to exist.
¾ They can steal or pirate databases in order to obtain the identities of individuals.
¾ The internaut communicated his e-mail to a web site: when placing an order on e-business site or when subscribing in the services of a website, he left his e-mail address.If he forgot to check or uncheck a small box, in this case he authorizes the diffusion of his address.Schryen (2007) show that placing email addresses on the Internet enables the spammer to use theses addresses for spamming.

Checking e-mail addresses
After collecting e-mail addresses, the spammer checks whether each e-mail is still consulted by its user or not.
Valid addresses are more victims of spamming than others; they receive a lot of undesirable e-mails.To know whether an e-mail address is valid or not, the spammer uses the following methods: ¾ The response to a spam validates easily the address of the internaut; this is the simplest method for the spammer.
¾ A message with a random text, designed to avoid the filters anti-spam, is sent to the mailing list.The log server, a program which allows to identify the internaut and to draw the history of his actions, is analysed to detect valid and obsolete addresses, and database is consequently modified.
¾ The spammer sends a message which contains, for example, a link towards a picture located on a specific server.Once the message is read, the picture is automatically opened and the server records the address as active.
¾ The inclusion of an unsubscribe link is also functional.The majority of the owners of e-mail addresses know that they have the right to unsubscribe in unsolicited messages.For that, spammers include in their messages a link entitled for example "unsubscribe" or "cancel the inscription".The internauts, while clicking on this link, receive a message showing that they have cancelled their inscription.At the same time, the spammer receives the confirmation that the address in question is not only valid but also the user is active.

Sending spams
Once the database created, the e-mail addresses checked and selected, the spammer sends in bulk the advertising messages.Obviously, the success of this technique as a method of advertising depends largely on the form of spam.Nowadays, the spammers are developing various methods to mask similarity between messages and to escape anti-spam filters.

The forms of spams
The forms of spams have evolved facing the continuous improvement of filters.As soon as the security companies develop efficient filters, spammers change their tactics to bypass them.Several forms of spams can be distinguished:

The spam text
Originally, the spam was basic: it was identical messages, containing simple text, sent from a mailing list.In this classical form, the content of spam is only text. Figure 1 illustrates an example of spam text speaking about pharmaceutical products (Le, 2007).This first form has remained in activity on the traffic e-mail from 1994 to 2004.Starting in 2004, anti-spam filters became available.
Figure 1 here

The spam picture
The use of the picture rather than the text to transmit the message spam goes back to 2004.The spam picture is a form of spam where the text of the message is inserted into a picture.This picture is not attached to the message, but usually included in the message body.So, the picture appears directly when the internaut opens the message.This gives to spammers a good opportunity to see their messages sent to the addressees, since this form allows avoiding detection by filters anti-spam which cannot analyse the contents of the picture.Moreover, the picture is often animated, which further complicates the analysis.
The volume of this type of spam has increased rapidly.According to McAfee, a world leader in antivirus, firewall and internet security software, the spam picture accounted for only 5% of the total volume of spam in 2005.In 2006, it had its heyday; its proportion has evolved from 30 % at the beginning of the year to 50 % of all spams at the end of the year.Nevertheless, from the beginning of 2007, the spam picture has started to decline with the creation of new software which analyzes the contents of pictures.Figure 2 gives a classic example of a spam picture on products for adults.
Figure 2 here

The spam PDF
When the spam picture is no longer able to cross the filters set up by the internet access providers, spammers invented a new concept: the spam PDF.Appeared in June 2007, the spam PDF took the place of the spam picture.With this form, the spam message is not shown any more in the text or within a picture, but as an attachment in PDF format.According to Commtouch Software, an Israeli company of computer services, in June 20, 2007, a spammer has launched a gigantic campaign of spam PDF with more than 5 billion messages, representing 9% of the 60 billion spam messages observed in the day.This operation aims to sell the stocks of the German firm Talktech /Telmedia which were bought at low prices by spammer.Consequently, the share price of the firm in question has climbed of 20% during the day, and the spammer has certainly benefited from this increase in prices to resell all his securities.Researchers in security have observed an increase of the volume of spam PDF from 1 to 4 percent of the total volume of spams between the beginning and the end of June 2007.This progression continued to reach up to 8% the next month, with occasional peaks close to 20%. Figure 3 provides a common example of spam PDF that encourages investors to buy stocks of a given company.However, on the last days of August 2007, the spam PDF did not stop declining to represent no more than 1% of the total volume of spams.This is explained by a simple reason: new filtering softwares have been implemented.

The spam Excel
In their perpetual search of new means to cross anti-spam filters, the creators of spam innovate continuously.At the end of July 2007, the spam Excel is emerging.The principle is always the same: the e-mail contains an attachment in XLS format in which the spammer praises the merits of a product or proposes a service (see figure 4).The particularity of a spam dissimulated in a spreadsheet is that the spammer can play with the contents, the fusion and the alignment of the cells in order to scramble the tracks facing the anti-spam barriers.
Figure 4 here

The spam MP3
After the classic spam, the spam picture, the spam PDF and the spam Excel, a new form has disembarked in the mailbox: the spam audio in MP3 format.As the two last forms, an attached file but in MP3 format this time, makes the promotion of some products or services (see figure 5).According to a report established by MessageLabs, one of the leading providers of integrated services for messaging security and internet, the first spam MP3 was intercepted on October 17th, 2007 in 15 million copies.To attract the attention of the internaut, the files MP3, of 29 seconds duration each one, were named according to names of singers or songs known as Jackson.mp3,Britney.mp3,so that users open them.Upon opening them, artificial feminine voice advises to buy the stocks of the company Exit Only Incorporation which launches its new website: a classic example of stock spam which aims to encourage stock purchases of a small firm to influence its share prices.
Figure 5 here

The spam video
The spam video is the last weapon to mislead the robots which fight against the massive sending of not requested e-mails.The idea is ingenious: in the body of the message, a link is present on which the internaut is invited to click, in order to watch a video which lasts less than one minute.At the end of 2007, Symantec, American editor of security solutions, has captured the first examples of spam included in videos (see figure 6).By clicking on the link contained in the message, a high definition video of a real duration of 30 seconds, speaking about advertisement for stock market investments, is displayed.At the end of the video, the internaut is redirected automatically to a web page which proposes a subscription in a newsletter to inform him on the opportunity of financial investments in connection with the video viewed at the beginning.
This new practice enables to fool the user while making him believe that the message which he receives is legitimate, since spam is treated with a high audio-visual quality.
Figure 6 here Since the appearance of the picture as a mode of diffusion of spams, the topic the most approached in messages, according to the statistics compiled by BitDefender, a global provider of anti-virus software and security solutions, is about the stock exchange information.In front of these various forms, the fight against spams is becoming increasingly difficult.Hardly the filters of detection of a given form of spams are effective; the spammers develop a new tactic to spread their messages.Moreover, Li and Hsieh (2006) show that when spammers work together, the probability of reaching target is higher than working individually.

Conclusion
Spams constitute an opportunity for advertisers to reach a maximum target in a very short time and with very low cost.Traditionally, they cover various areas such as meeting websites, medical products, financial loans.Appeared in various forms, spams avail each time a new look to escape the progress of mail filters.Sometimes having the form of textual messages, picture, PDF, Excel, MP3 and recently with the form of spams video of high quality, spammers employs all stratagems to diffuse their advertising messages.To fight against this plague, spams are illegal in France.The purpose of the law is to reconcile between the prospecting and the respect of the consumers, on the one hand, and to define a border between sending e-mails of prospecting and sending spams, on the other hand.
In spite of the legal texts which prohibit the spamming, this, unfortunately, did not prevent the transmitters of spam from continuing their activities and so, inventing new forms of spam to circumvent anti-spam software.
After the failure of the actual dispositions against the spam, numerous working hypotheses remain opened in which the question of the authentication of the spammer constitutes a way of struggle to be explored.

Table 1 .
Cost of different methods of advertising