Book Review: Inside The SPAM Cartel
The Vikings
from Monty Python's
Flying Circus love SPAM so much,
that the mere mention of the word has them break out in song, singing "Spam!
Lovely spam! Lovely spam!".
For e-mail users, there are not many who would give the same response.
We get it. We despise it. We wonder how many times we will get the same
messages over and over again. But do we truly understand the machinations
behind the scenes of the SPAM industry? It is this fundamental question
that drives "Inside
the SPAM Cartel: Trade Secrets From The Dark Side"
(Spammer X, Jeffrey Posluns, Technical Editor, Syngress Press, 2004, 413
Pages). Written by an insider, the book provides detailed information and
background but at times falters because of some very strongly stated opinions
and facts that are just plain incorrect, as well as a very significant
omission.
The book starts out strongly, as the
author profiles the typical Spammer he is associated with and moves on
to show that their is inherent trust among spammers. This trust, it seems,
is based on necessity so that they can help each other make money. Money
is part of a larger theme in this book because it is money that drives
spammers and the content they deliver. Did you ever wonder why you see
less and less pornography spam and increased amounts of messages for home
mortgages? Because that is where the money is to be made.
The author makes a strong presentation
throughout the book on how SPAM came to be from a simple but fatal flaw
in SendMail, taking advantage of an Internet Architecture that was based
on trust and not security, to the big money it is today. Consider that
even if SPAM filters catch 99% of SPAM, the Spammers are still making money.
Why? Because people are buying. The author not only gives an education
on the many different types of SPAM, but shows you the tricks of the trade
to bypass SPAM filters and get SPAM Messages read. You will also learn
how to create a digital forensic trail to create a profile of a Spammer.
You will also learn how they create profiles of you and your behaviours.
You will also learn how the CAN-SPAM Act works, what is covered under the
law, how to comply with the law and the huge legal loopholes that exist
in the law that has Spammers scoffing at the law.
Yes the book is comprehensive, but suffers
from what this reader considers to be some fatal flaws which take some
of the sheen off of the credibility of the author and of the editorial
vetting process of the publisher (note that this is not referring to the
technical editing, but the editing to validate content. First, it is safe
to assume that "Spammer X" is a citizen of a country in the British
Commonwealth. How is this known? When you read in his book that the CAN-SPAM
Act was passed by "Parliament", it is clear of the author's origin
and his lack of knowledge of "big picture" issues. This is further
compounded by the author's statement that CAN-SPAM will eventually become
international law. This statement misses the point that there is no such
thing as International Law that is binding on any country that chooses
to ignore it.
The most egregious number that sticks
out in this reader's mind comes from this quote in Chapter 10:
"With an estimated 273,706,064
Americans on the Internet...".
When this reader saw that number, some
checking had to be done. Keep in mind that this book was written in 1994.
According to the 2005
CIA World Factbook, last updated
on June 30, 2005, the 2005 U.S. Population is estimated to be 295,734,134.
That would mean the author is stating that 92.5% of Americans are on the
Internet. This is very amazing when you consider that only 235,404,000
(and change) Americans are over the age of 14, and that only 260,000,000
live above the poverty line.
The reason that this concerns this reader
is that if the author has played this fast and loose with these facts,
and it was not caught in the editorial process, how can any of the other
numbers in the book be trusted? It pains me to say this given my distrust
of IT analyst firms, but how can an author who has played so fast and loose
with numbers and facts be in a position to criticize anyone else's number?
Finally, I am disappointed that the
author devotes a 29 page appendix and numerous references in the book on
the anti-SPAM features of Microsoft Exchange, while totally ignoring the
built in anti-SPAM features of Lotus Domino 6, which has over 100,000,000
users worldwide. Before writing this review, I asked the technical editor
about this. He indicated that it was more than likely a reflection of the
experience of the author(s), and that on at least two occasions he had
made recommendations to include other products and service types as well.
The author and Syngress did not do so, and it leaves this reader feeling
a little empty.
Who Should Read This
Book?
This book should be read by people interested
in SPAM as a topic, information security managers, e-mail administrators,
and educators.
The Business Controls
Caddy Scorecard
Because of the opinionated presentation,
in some cases based on suspect facts and information, I am giving this
book two ratings.
For readability, technical education
and content: Birdie on short Par 4
For errors, mistakes of fact and opinions:
Bogey on a Par 5 Reachable in 2 and playing downwind. The author should
not have duck-hooked his drive into the trees.
Related Links