Anti-Spam Day – From Telegraph to SMS Snowshoe Attacks

I enjoyed the recent video created by Snapple named “Telegraph spam” so much I wanted to investigate the historical basis of the video and verify what spammers in the 19th century had in common with spammers of today. First of all what is spam? The word spam as applied to SMS, Email and other types of messaging means “Unsolicited & Bulk”. This is the normal industry definition used by the anti-spam community. The name spam is derived from a famous Monty Python sketch. For us in AdaptiveMobile we see that the vast majority of spam text messages have what we call a ‘call to action’. The call to action (CTA), is usually a URL, phone number or email embedded in the message. These call to actions are placed in the message so the sender or someone else can monetise or benefit from sending message to the recipient. The use of a call to action has been a factor throughout the history of spam, not just for email and text messaging but for any form of messaging.

The first bulk and unsolicited telegraph was recorded in the 1860’s. Promotional telegraph messaging became very popular in this decade with innovations such as booklets of telegraph stamps and contract messages for tradesmen. On January 2nd, 1862 the London District Company offered, for the first time, an offer called ‘Trade Circulars by Telegraph’ at a special trade rate of 100 messages for 20 shillings a considerable discount from previous rates. This new discount, which presumably brought down the price to a level at which it was economic to send the unsolicited advertising/spam encouraged Maurice and Arnold Gabriel, trading as “Gabriel, the Old Established Dentists”, to send out bulk advertising telegraphs,  about their practice to a large amount of people including some government ministers on May 29th, 1864. The first recorded complaint of a mass unsolicited commercial telegraph was reported the next day on May 30th 1864, when a British Member of Parliament had a letter printed in the Times newspaper:

If we were to apply the techniques we use to analyse the telegraph, which was thankfully included by the Member of Parliament, the call to action in this message is the Dentist Messrs Gabriel address 27, Harley-street, Cavendish-square and their opening hours as cited in the complaint letter.

Today the spam landscape has changed in many ways, but some elements remain the same. Here in AdaptiveMobile we work every day in identifying new spam campaigns over mobile messaging.  The situation currently in North America is that the vast majority of bulk and unsolicited SMS/MMS spam messages come from what we term VoIP or OTT carriers. Some examples of everyday examples of spam we see originating from VoIP carriers, in these examples the call to action is the URL:

What do I mean by VoIP carriers? VoIP carriers are not the traditional mobile carriers, but small companies providing SMS or MMS connectivity to business or individuals using APIs. The messages sent via these methods are far more likely to be spam, than messages from ordinary carriers. To give an example  from analysis we carried out on spam rates from the 19th to 25th of May 2016 we can see that in the US and Canadian market a message from a VoIP carrier is over 1400 more times more likely to be a spam message than a message from the main big 8 carriers in North America. This is a consistent feature of mobile messaging spam in North AmericaWe can even easily visually see the difference in spam that comes from VoIP carriers and those that come from ordinary carriers.

Why is it more likely to receive a spam message from a VoIP carrier rather than a traditional carrier in North America you may ask?

1. VoIP Carriers API’s- Many VoIP Carriers offer their customers an API where they can freely acquire and discard phone numbers. Thus when one phone number is blocked by an operator due to spamming activity, the spammer can easily acquire a new phone number. With ‘traditional’ mobile carriers API’s are not offered and the possibility of changing phone numbers is nowhere as simple as with the VoIP carriers with traditional carriers you have to buy new SIM cards or get a new phone to acquire a new number.

2. Ability to send snowshoe attacks- Like a snowshoe spammers can distribute the spam load over a large number of senders to great effect (usually in short bursts – which makes blocking more difficult), in order to avoid subscriber reputation blocking and other filtering. This is one of the reasons the majority of all spam blocked by AdaptiveMobile last month (and for many months) in North America came from OTT carriers using SMS services. With the availability of the API’s persistent spammers can quickly and easily discard numbers blocked due to spam activity and acquire new fresh numbers to sustain or restart an attack.

3. Message Filtering- Many VoIP operators may not have sophisticated message detection and blocking systems active. Instead they may just have simple volume based systems that are easily circumnavigated by spammers.

The original complaint about the first known telegraph spam occurred 152 years ago this week, and in one sense we could regard this event as the beginnings of the anti-spam industry. It is clear, that the same situation then and now drive the formation and growth in messaging abuse. Once the economic factors make it attractive to send bulk, unsolicited messaging via a technology, then there are individuals and businesses that will abuse it. However if the years of dealing with spam have taught us one thing, it is that the ultimate deterrent is by addressing the economic factors. This is can be done via regulatory methods (fines, convictions), but normally the most effective methods are via:

  • Technology: Creating advanced filters stopping the attacks before they are sent and so making the return on investment too low to justify staying in the ‘business’.
  • System change: Looking at the underlying technology and closing any loopholes that make it overly attractive to send spam from.
  • Education: Telling users what these attacks are about and making them aware of the dangers.

All together these methods, once taken seriously have a far greater chance of success than relying on any one method alone, as they make the economic reasons for sending spam less attractive. What is interesting that this very first telegraph spam involved members of the government trying to appeal to newspapers to change social behaviours and what they described as the “intolerable nuisance” of unsolicited messages. We can see from the history of spam a certain percentage of people will abuse a technology if it is economically advantageous to do so, regardless of social norms. The only answer is to take action to stop it. Little did the readers of the Times on the May 30th 1864 know that over 150 years later, we would be still dealing with the legacy of “Messrs Gabriel” and the “intolerable nuisance” of spam.