What really is “spam” anyway?
A few days ago I was reading the attempt by e360 and Dave Linhardt to force Comcast to accept his mail and to stop people posting in the newsgroup news.admin.net-abuse.email from claiming he is a spammer. The bit that pops out at me in this complaint of his, is the fact that he believes that by complying with the minimal standards of the CAN-SPAM act, he is not spamming.
The problem with this claim is that CAN SPAM lists the minimal standards an email must meet in order to avoid prosecution. CAN SPAM does not define what is spam, it only defines the things senders must do in order to not be violating the act. There is no legal definition of spam or of what is not spam.
To add to the confusion there are a number of confusing and contradictory definitions of spam. Definitions people have used over the years include:
- unsolicited bulk email
- unsolicited commercial email
- mail I don’t want
- mail I don’t think my customers want
- mail that is identical/similar to mail that hit my spamtrap
- mail that was sent to a non-existent address at my domain
- mail that contains HTML
- unsolicited email
- mail that advertises Viagra or porn sites or similar
- mail that other people send
I rarely use the word spam. There are so many different definitions of spam, I have no way to know if my clients understand what I am saying, so I avoid the term completely. I do think it is important for senders to understand the definitions of spam as used by entities responsible for filtering large amounts of incoming email.
Spamhaus and some other blocking lists use “unsolicited bulk email” as their definition. Generally, they have addresses that have never been used to sign up for email, and if a mailer sends mail to them, the mailer is sending unsolicited bulk email and is eligible for listing on the blocklist. The lists believe that if a mailer is sending one piece of email to a user who did not request it, then they are likely mailing many other users who did not request any mail. This definition centers around permission, and only sending email when you have the permission of the recipient.
Many of the large ISPs use “mail our users complain about” as their definition. With this definition, they do not have to argue permission status with a sender. The data shows that their customers complain about mail from that sender or with that URL. The ISPs are going to block, or deliver to the bulk folder, email that their users do not want.
Filters and some blocking lists use “mail that has characteristics of mail we know is unsolicited bulk mail” as their definition. These characteristics can be things like an invalid HELO string, or lack of reverse DNS on the connecting IP address, or badly formatted HTML. Mail that looks like spam, in the technical sense, is often treated like spam.
Resolving a block or listing requires first understanding the definition that entity is using. For blocklists senders usually must make changes to eliminate any possibility an address will get on the list without permission of the owner of that address. For ISPs, senders must decrease the complaints from users, usually accomplished by improving the signup process, getting a FBL from the ISP and and sending more relevant email. For filters, fixing the technical issues, cleaning up HTML and sending mail that does not look like spam will resolve many of the issues.
Complying with the law is not sufficient to meet the standards of recipients. If e360 is sending mail users are complaining about, then the recipient ISPs are going to treat the mail as spam and filter or block it. If e360 is sending mail to people who have not requested it, then posters in NANAE are going to claim e360 is spamming. Is e360 sending mail that complies with CAN SPAM? I expect that they are. Does this mean they are not spamming as defined by some people? Of course not.