MessageLabs now has evidence that spammers are tricking ISPs into relaying marketing emails through their own email servers. The tactic makes spam look as if it is coming from the ISP itself, making it difficult to block the messages using blacklists.

Research published today indicates that the proportion of spam coming from networks of virus-infected machines went down from 79% to 59%. At the same time, the number of total spam messages has increased. This, MessageLabs believes, is "hard evidence" that spammers are sending their messages via the ISPs' servers.

Spamhaus says that ISPs can deal with the problem; according to Steve Linford, "They've got to throttle the number of emails coming from ADSL accounts. They are going to have to act quickly to clean incoming viruses. ISPs have so much spam — they are too understaffed to call people up and tell them they have Trojans on their machines."

Jessica DeGroot was convicted of a spamming felony - one of the nation's first. But Judge Thomas D. Horne overturned the conviction, saying he found no "rational basis" for the jury's verdict. The problem? DeGroot, who was convicted along with her brother, had no evidence whatsoever connecting her with the crime. Prosecutors said that she helped her brother by buying domains with her credit card and turning them over to him to send spam.

However, the only evidence offered up: the fact that DeGroot actually owned a credit card. That may be evidence of materialism, or good credit, but it's not evidence of a crime. Her brother, Jeremy Jaynes, will continue to serve his recommended nine-year prison sentence. The judge refused to overturn his conviction, for which there was significantly more evidence.

After Anthony Greco was criminally charged with violating the Can-Spam Act with his 1.5 million unsolicited instant messages, legally-minded spam watchers wonder: is spim, spam? And more and more are saying, not according to the existing laws. There is, after all, the troubling finding in the Utah appellate court, holding that pop-up ads are not emails.

As SecurityFocus columnist Mark Rasch notes, "To make CAN-SPAM into an anti-SPIM tool, the courts will have to conclude that SPIM is 'sent to a unique electronic mail address'.... reading the statute narrowly, the messages are not sent to 'a unique email address,' and applying the logic of the Utah case, you are not technically sending spam." He urges the government to devise new legislation aimed directly at spimmers.

But why stop there? Why not just make the law more broad? Pop-ups and comment spam are just as annoying, after all. Perhaps the narrowness is the law's best asset; in my legal education, I've understood that broadness is often the thing that brings down an otherwise well-crafted piece of legislation. Is spending more time making legislation just throwing good effort after bad? I'm not sure what the answer is here.

I've found a solution that's more effective against spam than a top-notch spam filter, or a federal regulation, or a dozen multi-million dollar lawsuits from Microsoft. It is, plain and simply, not to list my email address in any mailto: or easily stolen text links.

Here's how. Instead of, say, typing my email address on my personal blog as sarahgilbert@domain.com, or providing a mailto: link behind my name, I write it like this: sarahgilbert @ domain.com, or sarahgilbert[at]domain[dot]com. It's amazingly simple. None of the email addresses I've protected in this manner receive spam. Absolutely zero.

Instead, I get great emails from real people who are interested in talking to me. Nothing else, ever.

Of course, I own my own web sites so I'm not worth "guessing" - i.e., every time I open my little-used @comcast.net or @hotmail.com accounts, there are dozens of unsolicited spam emails. But it's cheap to own your own website, about $8 per year is the going rate. Most registration packages include free email forwarding of as many as hundreds of email aliases. For $8 to $10 per year and a little subterfuge when you include your email address on web sites or in blog comment forms, you get: zero spam. It's a lot cheaper than software, not to mention fun and easy.

Does all the spam you get ever make you just want to turn your computer off and resort to good old-fashioned phone calls and postage stamps? For some technophobes, that is a great answer.

Joe Stewart, security researcher with LURHQ Corp., says that the solutions to the myriad problems of spam, viruses, phishing and spyware are too great for many. "Put a firewall on. Patch this, download that. These are foreign terms to most people. The fixes may be beyond the skill levels of most consumers."

So the answer? Turn it off. After all, "Operating-system vendors have lost sight of what customers want to do with their computers — e-mail, surf the Web, keep a Christmas list — and have loaded up the operating systems with whiz-bang features most people don't need," said Kevin Kealy of AT&T Labs.

Do you think a backlash is coming? Or are consumers just going to have to struggle to get smarter? As for me, I'm considering shutting down a few email addresses that receive particularly vile porn - but never my whole system.

The email had all the marks of illicit marketing: unsolicited, no unsubscribe link, email addresses stolen from web pages, no snail mail address. Yet the company being marketed, Dell Computers, was legitimate, and so was the company's link within the body of the email. No false claims were made; no illegal products were being sold. But still: the verdict was, spam, and Dell was to blame.

It's the dangers of affiliate marketing made a little too real for the retail companies like Dell, and even much smaller companies. If you are reimbursing others for referring customers to you - you can be held liable for their actions, even if those actions are in direct violation of your affiliate agreement, your company's policies - and national and international spam regulations.

Dell cut ties with the Romanian company who sent out the spam on its behalf, but it, and thousands of other companies with affiliate programs, are vulnerable to future illegal marketing conducted on their behalf. And the company that benefited from the spam, even though it's an "innocent victim" in the affair, could ultimately be held liable.

You could soon be receiving alerts via email or text message from a new UK government web site called ITsafe. The site will also offer advice on protecting confidential data, and is a free service.

"The government will use the system to issue official alerts if the NISCC determines that a particular virus, or other security breach, poses a serious enough threat to the public," and estimates six to 10 alerts will be sent each year. The alerts will only be sent if the government believes something can be done to solve the problem, such as downloading a patch or updating software; of course, it will not supply patches or software.

Scientists are teaming up with spam fighters to see if data mining or "machine learning" can be used to "decipher HIV's wildly creative genetic ability to constantly change and disguise itself from immune system detection and deletion." Spammers, the theory goes, are equally creative, adaptable and prone to deception as the virus itself, and the techniques used to discern patterns in their behavior will be useful in developing a vaccine against HIV.

The good news for the medical profession? "Unlike spammers… the AIDS virus likely won't try to further alter itself in some more perverse way in response to being scrutinized."

So there you have it. Fighting spam is harder than developing a vaccine for HIV.

These estimates are always so ephemeral, but the numbers are no less scary. According to a report from Ferris Research, worldwide businesses will lose $50 billion in 2005, from lost productivity and other expenses in the fight against spam. US businesses' share is $17 billion, they say. The figure for 2005 is up 70% from 2003's estimate.

Analyst Richi Jennings says, "For developed countries, deploying competent spam filtering software makes good business sense," but for countries such as India and China, where spam volumes are lower and labor costs are way lower, software doesn't add up as well "simply because labor is so much cheaper."

You're just sitting at your computer, typing away innocently. Sure, you've borrowed a couple of photos from Chinese web sites to use in your PowerPoint presentations, and you may have (accidentally, you swear) checked out some internet porn or dropped by an off-shore gambling site. But you're just a typical reasonably moral netizen, right?

You get an email. From the FBI! You learn that your surfing has been monitored by the FBI's Internet Fraud Complaint Center. The verdict: you have accessed illegal Web sites. Please open an attachment to answer some questions…

OK, stop there. The FBI does not email regular citizens, and certainly wouldn't TELL you if you'd been monitored (at least not via email). The attachment is a virus. And FYI: "The FBI strongly encourages computer users not to open such attachments."

So, there, you've been warned. Go about your business. But don't, whatever you do, fall for this (or any other) silly scam.

Yeah, that's breaking news all right. Breaking…a sense of trust? Breaking…your reputation? However you want to define it, MSNBC is eating humble pie today after sending a piece of spam about a lottery contest to its subscriber list as a breaking news item.

Evidently, the email went through the normal spam-elimination procedure, and was accidentally approved by an employee (who one can only imagine has numbered days at MSNBC). The news service issued a statement today, saying "Due to human error, a spam e-mail sent to MSNBC.com was inadvertently and mistakenly distributed to our breaking-news subscriber list … MSNBC.com is re-evaluating the safeguards on its e-mail alert system."

Yes, I think you'd better.

With a nice summary of the case against 18-year-old Anthony Greco, who was arrested for sending out 1.5 million porn and mortgage ads via IM, Motley Fool's Tim Beyers prognosticates on the future of SPIM. He says that online communities and corporate networks that use IM are ripe for targeting by IM marketers.

Of course, big players like Yahoo! and AOL include buddy lists, which allow you to restrict instant messages from those who are not your buddy. Beyers is skeptical that this is the silver bullet for spim. "I have a hard time believing it will really end that well. After all, I've used IM to reach out to colleagues who didn't have me on their buddy lists. What if I had been blocked? ...spim is as much a threat as spam ever was."

Big stuff is going on among the blogging greats. Dave Sifry reports that there will be a "Web Spam Squashing" Summit next Thursday, Feb 24th, at the Yahoo! campus. Technorati is organizing the meeting of the minds and they've invited AOL, Ask Jeeves/Bloglines, Feedster, Google, MSG, Six Apart, Technorati, WordPress and Yahoo. Most of the biggies have already confirmed their attendance in Sunnyvale, California.

According to Jeremy Zawodny, "this is a technical working session, not a media event. You can expect to see some of the attendees blog about the day, of course."

Tool developers and those "playing a role in enriching conversations on the web" who haven't received a formal invitation may attend, but not us little guys simply in possession of a good blog. If you feel like you fit the bill, shoot an email to rsvp@technorati.com if you are interested in attending. "Include the organization or tool that you're developing or representing as well" plus a "short paragraph covering one or more of the following… Problem Statement: describe a form of spam you are dealing with; Current Solutions: describe a current solution you have implemented and how it works; or In Development: describe a solution you are working on and why it will be better"

We'll be watching from our not-so-ivory tower here at The Spam Weblog and let you know what comes out of this geeky call to action.

Do you know what a "chav" is? Nope, me neither, until today. Evidently it's an annoying British lad with a love for cheap bling-bling, crass culture and brands. (BBC definition; Wiktionary definition) Anyway, evidently the spammers are ahead of us once again and are old hats at marketing to the chav and chavette. In fact, their marketing of luxury knockoffs is responsible for 10% of the spam out there.

The chav's favorite thing to own, evidently, is the Rolex ripoff. So now we all know who to blame when we are offered "R-O-L-E-X, B.v.l.g.a.r.i, Tag Heuer, & so much more s w i s s variety." It's those darned chavs.

And another thing about phishing: if your financial institution sends you emails that sound like they've been painstakingly translated from a vastly foreign language into the Queen's English? Chances are, they're not authentic. Take this example from Washington Mutual (a lovely local bank at which, for the record, I've never had an account):

"We earnestly ask you to visit the following link to start the procedure of confirmation of customers' data. [link] This instruction has been sent to all bank customers and is obligatory to follow.

Thank you for co-operating.

Customers support service"

It's just so…babelfish-y. It's like in Star Trek: Next Generation, when someone figured out that Data was a robot because he never used contractions. That sort of thing. If it doesn't sound like English, leave it alone.