Spam Slayer: Be Wary of Opting In
New laws offer some protection, but they can't save you from yourself.
Tom Spring, PC World

Tip of the Month

Viruses Love Spam. If you can read this, it means the spamlike Mydoom virus didn't crash the Internet. To keep your system running virus-free, it's vital to stay informed of the latest threats. The Computer Emergency Response Team won't patch your system, but it will alert you the second it identifies an Internet threat. To sign up for e-mail alerts, go to the CERT Web site. For mobile access to alerts, visit wap.cert.org on your WAP-enabled phone.

Opting in to receive commercial e-mail that might interest you seems harmless enough. But it can turn the trickle of spam in your in-box into a torrent. A huge volume of spam, regardless of new antispam laws, still plagues e-mail users. Sharon Lewis is one example.

I spend about an hour every day deleting spam, Lewis says.

I found Lewis and others like her through opt-in e-mail lists, which are sold through a perfectly legal network of e-mail address brokers. I obtained a list that contained Lewis's e-mail address, full name, postal address, phone number, IP address, credit rating, the estimated value of her house, how many times she was late paying her mortgage, and whether she was approved for a loan she requested.

Lewis was painfully aware that her e-mail address was being circulated online. But she didn't realize the level of personal detail being bought and sold as part of these lists. This doesn't sit right with me, she says.


The Hazards of Opting In
The massive amount of unwanted e-mail peddling everything from get-rich-quick schemes to herbal Viagra are usually associated with underhanded scammers. But spam, which is simply the popular name for unsolicited commercial e-mail, also comes from legitimate sources. This sort of spam arrives in your in-box because at one point you agreed, or opted in, to receive e-mail of some sort. It may have been at only one site. But if it was the wrong site, that one indiscretion could quickly balloon into hundreds of spam messages daily.

That's what happened to Lewis. She admits she has only herself to blame for her spam. She traces her fatal mistake to an online application for a loan last October. She doesn't remember reading any fine print or agreeing to let the service share loan information with marketing partners, but it's likely the opt-in agreement required just that.

But with some sites, failing to opt out leaves you fair game for future e-mail. It is perfectly legal for a Web site that accepts loan applications to do whatever it wants with your personal information, say the Federal Trade Commission and even the privacy-watchers at the Electronic Privacy Information Center.

Lewis and other people I contacted from the list now count spam messages in their in-box by the hundreds. No one I spoke with could say for certain that the spam explosion correlates to the loan application that each of them filed, but their stories sounded the same.


Watch for Fine Print
Lewis says she doesn't feel that she gave informed consent, a view shared by others. But marketers that make a business out of gathering e-mail addresses have no incentive to make opt out provisions obvious. If a Web site states--however covertly--that your e-mail address and other information you share is up for grabs, you have only yourself to blame.

The business of e-mail list marketing is worth millions to the spammers who rent, sell, and swap e-mail addresses for advertisers. They're compiling them from loan applications, contest entries, or people who accept a free Web service.

The lists are large and the information cheap when purchased in bulk. In the detailed list I obtained, the personal and financial information about Lewis cost about 20 cents.

Under CAN-SPAM laws now taking effect, permissions-based e-mail is legal. As a result, opt-in e-mail lists are more important than ever to spammers. That's because CAN-SPAM outlaws use of software programs that scour the Internet to harvest millions of likely e-mail addresses from Web postings. That puts more pressure on gathering e-mail addresses through opt-in means.

Anyone who has ever made the mistake of entering an online sweepstakes or applied for anything online at the wrong Web site knows just how dicey protecting your e-mail address can be.


Address-Gathering Techniques...........................
More at PCWorld