Greetings to U.! Online life has never been a bigger deal than it is now. As college students growing up with e–mail, instant messaging, and the web, you are among the most active group of Internet users. That’s why I am writing a column that deals with the realities of life online. From the sublime to the ridiculous, just about everything is available in the connected world, and an unimaginably large amount of stuff keeps getting added everyday. As Chief Product Officer for Yahoo!, I’ve seen my fair share of it, both personally and professionally. In this column, I’ll cover different aspects of online life and answer questions or address issues of particular interest to you. Whatever the topic, I hope to offer some insights based on your experiences and mine. Questions can be as technical or as simple as you like. For this first edition, I’m focusing on spam. It’s on everyone’s mind — even the folks in Congress. I’m looking forward to hearing what else out there merits discussion so send your thoughts to UASKYAHOO@YAHOO.COM . Geoff Ralston Chief Product Officer for Yahoo!
Q: I heard a new spam law was passed what is it all about and how will it help fight spam?
You heard right. A new law was passed, which is bad news for spammers. The CAN–SPAM Act went into effect on January 1, 2004. The law requires that all e–mail with a commercial purpose has to: 1) clearly indicate that the message is an advertisement, 2) clearly show how to "opt-out" (how to unsubscribe to the e–mail), 3) contain a working opt–out mechanism, and 4) offer a physical postal address. If it doesn’t, then whoever sent it can be subject to fines or criminal charges. The law does NOT include messages that are transactional or relationship messages. In other words, an e-mail that discusses a previous commercial transaction (like an order confirmation, or a reminder of an existing commercial relationship (like an e–mail about a sale from a store where you purchased something online or off) is acceptable. Those kinds of messages don’t have to have an opt-out or need to be labeled in any special manner. What does all this mean in the fight against spam? Federal law should help strengthen the ability of Internet companies and the government to penalize spammers. It also simplifies the task of states which don’t each have to come up with their own anti–spam laws. This legislation can also energize other anti–spam efforts, like enhanced technology, litigation efforts and consumer awareness. However, it is probably true that nearly 3/4 of all mail is now spam and there will be no one magic answer to stem that flood. Spammers will move offshore and use other methods to work around legislation and this struggle will continue.
Q: Will spam ever be defeated?
Actually, despite the extraordinary amount of spam today, significant progress really has been made. Several important e–mail systems, Yahoo!’s included, catch the vast majority of spam. Legislation like the CAN–SPAM law is creating an even riskier proposition which will help thwart spammers and new technologies are on the horizon to make it even easier to catch spam. The perpetrators of spam do exhibit seemingly endless ingenuity as they craft their e–mail plots, but nevertheless, I do believe this problem will fade into the category of a minor annoyance in the not too distant future.
Q: How can spammers fake e–mail addresses, making it look like my friends are sending me spam when they’re not?
I get lots of spam where the "From" address is at a legitimate Internet provider. Why do they allow this spam to be sent? This is a very common spammer technique called "spoofing." In fact, the sender address is almost always a counterfeit. It turns out that e–mail systems were intended to be used in the most open and friendly of ways. As a result, it is easy for a spammer to hide their identity and make a message appear as though it came from someone else (even you!) — even though it really didn’t. Because of this, the Internet industry is evaluating solutions to update e–mail to make spoofing difficult or even impossible. The idea of spoofing is especially important when it comes to viruses. It means you cannot trust a program you receive, even if it seems to come from a friend, unless you are positive they meant to send it to you. Even worse, sometimes a virus can actually be sent from a friend’s computer if that virus infected their system and gained access to their e–mail address and the people in their address book. This is why it so important in order to protect yourself by virus–scanning all e–mail attachments before you download them, and to avoid opening attachments in formats such as those ending in .exe, .pif or .scr. That is, unless you know for sure that the sender really intended to send the file and you can trust that the file is not infected.
Q: Sometimes I get e–mails that appear to be from well–known companies asking me for my credit card information. Am I right to be suspicious?
This fraudulent technique is also known as "phishing." Many spammers try to spoof or imitate a trustworthy brand (such as Yahoo!) in the hope that you will submit your personal account information. You should assume that any unsolicited message asking for your credit card information, bank account number, password, security key, or other sensitive information is part of a scam to gain unauthorized access to your account. Do not give out any sensitive information to anyone you cannot trust. When you see this type of e–mail message, be a good e–mail netizen and forward the message to the ISP from which it originated. They’ll know how to take action to help stop the scam.