Spammers have long considered email their preferred medium for a variety of reasons. It costs little or nothing to produce. Its processes are easily automated, and despite a growing array of defences aimed at shutting it out, delivery is all but guaranteed. Instant messenger may be just as susceptible to marketing come-ons, according to spam watchers. They say it offers sufficient convenience and vulnerability to raise the spectre of a major new front in the spam war. In addition, the popularity of instant chat has made IM services and their millions of users prime targets. According to research firm Jupiter Media Metrix, Yahoo! Messenger had 17.8 million unique US users in January 2002, up 57 percent from the previous year. Other services including MSN Messenger and AOL Instant Messenger also have been growing. ICQ Messenger was the only major service to register a decrease in users, according to Jupiter, falling to 8.4 million users last January from nine million users in January 2001. Instant messaging and email are distinguished primarily by IM's ability to detect whether someone else is online, a quality known as "presence." When people log onto an IM service, their user ID and IP (Internet Protocol) addresses -- a unique string of numbers that identifies someone's computer on the Internet -- are captured by a central server. This server essentially shares the information with everyone, allowing people to know who is online and to trade messages in real time. Messages are generally passed between IM users through a direct, client-to-client connection. Email messages, by contrast, are generally passed from a client to a server and subsequently downloaded to another client at the other end of the line. Along the way, email may pass through any number of servers. In theory, instant messaging offers the potential for stricter monitoring of abuse, since spammers currently must subscribe to the same service as their victims. IM services also typically offer a host of filtering options that can restrict messages to lists of pre-approved members, making it harder to pass through unsolicited messages. But IM spammers have found workarounds for at least some of these countermeasures, essentially mimicking widely used email spam techniques such as address "spoofing." Messages from MassMess, for example, appear to originate from the recipients themselves, making it harder to find and shut down the sender. ICQIS, meanwhile, uses anonymous servers to conceal the real source of its messages. In another trend that may provide new opportunities for IM spammers, the back-end differences that have so far served to distinguish email and instant messaging are steadily falling away. IM services such as Yahoo! and ICQ now allow people to send messages to recipients even when they are offline, much like email. The promise of interoperability between competing IM services could level the differences even further, introducing more server-to-server communication alongside the primary client-to-client connections. "It shouldn't be harder in theory to spam over IM than email," said Alex Diamandis, vice president of marketing for wireless IM start-up Odigo. From Russia, with spam
Several programmers are putting that thesis to the test, with mixed results so far. MessMass, a tiny mass-messaging firm based in Kupchino, Russia, has successfully targeted ICQ and Yahoo! Messenger users with an onslaught of commercial pitches. Advertising products and services ranging from pornography to casinos to financial schemes, MassMess charges $100 for a 300,000-message campaign (its most popular seller), and $300 for one million messages. For $650, customers can buy their own messaging utility, complete with a million-strong database of active users, and for $300 the company sells contact names that customers can use to create their own databases. The company culls its Yahoo! IDs from chat rooms and Yahoo! directories, among other sources. In an IM discussion, conducted under the pseudonym Elton Goston, an individual claiming credit as a MassMess founder said the company has pulled in several dozen paying customers so far. But Goston said the company has faced setbacks as well, having switched its primary to target to Yahoo! after ICQ engineers figured out how to shut down MassMess's access. AOL Time Warner acknowledged that it had disabled MassMess from connecting to ICQ users, but the company declined to say how. Goston -- whose primary Yahoo! Messenger account was disabled after CNET News.com queried the company about MassMess -- said his experiences so far have led him to conclusion that instant messaging may have inherent advantages at blocking the efforts of mass marketers over the long haul. "Some day it will be very hard to send messages in bulk," Goston wrote, adding that Yahoo! will act "not too fast, but someday it will definitely. Then we'll switch to emailing or whatever, maybe opt-in mailings. We've got some ideas." Yahoo would not comment directly on MassMess except to say that the service was apparently in violation of Yahoo's terms of service. The portal added that it could take action against individual spammers by shutting down their accounts. ICQ spam war
Although ICQ may have succeeded in deterring MassMess, spammers are lining up to zing the service with messages via ICQIS. ICQIS.com, registered to Ibragimov Ruslan in an undisclosed Russian location, has been unplugged. Ruslan did not respond to emailed queries. But existing copies of the site describe the tool in terms that make its purpose clear. "This tool allows you to send messages to thousands of online ICQ users," reads one copy. "Target audience may be filtered by their interest, country, city, occupation, age, gender, language. The best application for instant business -- site -- promotion. Messages are sending absolutely anonymously, hiding your real IP address." The tool has won raves from some of its corporate users. "I like the program so much, I am going to recommend it to all my friends seeking the same results I have gotten in the last 24 hours," according to one testimonial posted on the ICQIS Web site. "Your program has delivered as promised. It's simple and straight forward...From my point of view, this program is the best thing that ever happened to a new designer of Internet pages." Longtime ICQ users are less enthusiastic about ICQIS and have taken to the service's message boards to complain about the spam onslaught. AOL Time Warner said it has taken steps to counter IM spam, pointing to its ICQ anti-spam guidelines. Hartfiel, part of a group organizing to stem ICQ's spam glut, said the service had been responsive to tips she's sent in reporting the availability of ICQIS software; those pages have been pulled offline. But she said that ICQ's anti-spam tips have not proven effective. The most effective solution, to disable the feature that lets others know an ICQ user is online, cuts out too much of the service's functionality, she complained. Part of the problem may be that AOL Time Warner publishes the service's application programming interfaces in an attempt to encourage developers to build programs that interact with ICQ. While that may help software developers create applications that increase the service's popularity, it may also have the opposite effect by lending that same helping hand to spam toolmakers. Analysts said IM spam likely will be difficult to stamp out, especially as it takes root among overseas operators. MassMess "reminds me of (Sanford Wallace firm) Cyber Promotions establishing itself as a spam factory, which took about two years of litigation to shut down," said Junkbusters' Catlett. "And that was in Pennsylvania. This thing may be a difficult junk factory to stop."
For everything Internet-related, from the latest legal and policy-related news, to domain name updates, see ZDNet UK's Internet News Section.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
