Spam salesmanship

The use of spam to sell software raises many questions about shady sales tactics and the best way to combat them

WHAT SHADE DO you get when you mix white with gray? In the spam world, it appears to be a murky, slimy green.

Adding to the ever-growing spam problem is a deluge of junk e-mail advertising Symantec’s Norton SystemWorks2002 Professional Edition — “a $300 value,” according to the spammers — for $29.99. While spewed out by a seeming army of bulk e-mailers, the SystemWorks spams are all similar in appearance and phrasing.

Although they ship their goods in an unmarked or “white box” package, the spammers brazenly displayed the retail packaging for all the products in the SystemWorks suite, either in the HTML message itself or on a URL for customer orders. The materials looked so much like a Symantec advertisement it led some readers to wonder whether Symantec really was involved in the spams. If not, they wondered, why didn’t Symantec shut down the spammers for software piracy, trademark violations, copyright infringement, etc.?

“It’s not like these guys are hard to find,” wrote one reader who had easily traced one of the main bulk e-mailers to a Florida location and phone number with just a few WHOIS database queries. “How come Symantec doesn’t sick the software Gestapo on them — too busy threatening innocent customers to raid some real slimeballs? … It’s very interesting that these e-mails for SystemWorks 2002 started flooding the Internet just before Symantec brought out SystemWorks 2003. Maybe this is just Symantec’s new way of holding a clearance sale — let the spammers sell it all.”

While it struck me as improbable that Symantec would countenance their brand being marketed this way, it was puzzling that they didn’t appear to be doing more to stop the spammers. The reader was certainly correct in saying the spammers were easy to track. One of the SystemWorks spams that’s been in circulation for months even has an 800 number. I called it and, thinking I was a customer who wanted to send them a check, they readily gave their mailing address as the same Florida location the reader had identified.

When I asked the spam house how I could be sure their SystemWorks CD was a legal copy, they even gave me the name and the number of the distributor from whom they purchased their CDs. The distributor, an Oregon company that advertises itself as an “OEM software” supplier, was reluctant to talk to me after I told them who I was. From their Web site, though, it’s clear the company claims its software is “gray market” — legal copies sold through channels not authorized by the manufacturer.

Now, I’ve got no problem with real gray market and/or white box software. While software publishers profess to consider it absolutely criminal, in fact many wink at the gray market because they know it’s a necessary safety valve when the channel is over-supplied. And if Symantec was involved with dumping unsold goods on the gray market, it wouldn’t be the first time a software publisher has done so.

But a considerably darker shade of gray is involved when you’re talking software being sold via spam. With spammers, after all, you don’t even know if they have goods of any sort to ship you, much less whether it’s legal, counterfeit, or something in between. They just want you to mail them a check or, better yet, give them your credit card number.

In fact, Symantec officials say that’s one of the things that have made their investigation of the SystemWorks spams slow going. William Plante, Symantec’s director of worldwide security and brand protection, says the SystemWorks spammers fall into two broad categories: credit card scammers who ship nothing and spammers who mostly ship counterfeit product produced in Asia. “There are a number of gangs who are just using the Norton products as bait to skim credit cards, and those cases we turn over to the credit card companies. With those who are actually selling product though, we have to purchase it and have it in hand to determine if it’s legitimate or counterfeit,” Plante says.

Once Symantec makes a determination that the spammer is selling counterfeit product, Plante says his staff is using every means at their disposal to go after the culprits. But the Florida spammer is a good example of how difficult that is. “We used the DMCA [Digital Millennium Copyright Act] to shut his Web site down several times, but he just pops up again with another one a few days later,” Plante says. “He’s a slippery guy.”

Plante says some of the spammers may actually believe they are selling legitimate gray market software, but in fact the vast majority is counterfeit. “Further up the ladder, [the spammers’ suppliers] certainly know it’s counterfeit,” Plante says. “The reason they can afford to sell it to the spammers at $7 or $8 per CD is because they’re getting it from Asia for as little as 50 cents a disk. So they’ve got a terrific margin. Until we implement DRM [digital rights management], the problem is not going to go away.”

Uh-oh. I’m willing to accept that Symantec is a victim here, but DRM technology is a cure that carries the potential of being worse than the illness. There’s no guarantee it really will make that much of a dent in the flow of counterfeit software. But it might very well eliminate white boxes, gray markets, and all manner of perfectly legitimate secondary markets, along with forcing legitimate customers to jump through more hoops just to install and maintain the products they buy.

I have little sympathy for anyone who buys anything from a spammer, and the spam plague is already threatening to rob much of the Internet’s potential. If the spam plague helps justify software publishers’ plans to lock down their products in ways that restrict customers’ rights, the slime who spam will have done us an even greater disservice than we ever expected.

Source: www.infoworld.com