On 27 June 2003, the federal government implemented a national "Do Not Call" registry, giving those who did not want to be solicited by telephone an effective way to take themselves off call lists used by telemarketers. This warning about a phony vote for your favorite soda being used to circumvent the wishes of those opting out began appearing in inboxes in mid-July 2003, scant weeks after the registry went into operation.

We haven't seen a copy of specific come-on described in the e-mailed warning quoted above, but others like it certainly exist. A few examples can be found on the web, accompanying entry forms for sweepstakes conducted by a soap company and a web hosting outfit.

The national "Do Not Call" list does not shield consumers from every type of unwanted phone call. Political organizations, charities, and telephone surveyors are still free to make unsolicited calls without penalty, as are companies with which consumers have existing business relationships. It is this last exemption that provides ample reason for examining very closely any "too good to be true" offers, or for even rejecting them out of hand.

Filling out a survey form or mailing in a completed contest entry or taking some business up on its offer of free product might be construed as establishing a business relationship with that entity, a condition that would allow that group to make un-asked-for sales pitches over the telephone despite that particular consumer's inclusion on the national "leave me alone" list:

Even if you put your number on the National Do Not Call Registry, a company with which you have an established business relationship may call you for up to 18 months after your last purchase or delivery from it, or your last payment to it, unless you ask the company not to call again. (In that case, the company must honor your request not to call. If they subsequently call you again, they may be subject to a fine of up to $11,000.) Also, if you make an inquiry to a company or submit an application to it, for three months afterwards the company can call you. If you make a specific request to that company not to call you, however, then the company may not call you, even if you have an established business relationship with that company.

No doubt companies will attempt to claim that a completed survey form or sweepstakes entry constitutes a request for information. And if you answer a survey that asks you about six different brands or types of products, you might very well be putting yourself back on multiple telemarketing lists.

We suspect we're going to see a number of smooth moves over the next few months as firms that engage in telemarketing of their products work to find ways to lure consumers back onto their call lists. Along with surveys and sweepstakes, we're expecting to see a number of "Free stuff!" offers hit the table as businesses attempt re-establish their telemarketing lists by giving away free product and claiming the recipients have "purchased" goods from them. We also expect this is going to go on until the government puts its foot down and clarifies what constitutes a "request for information" or a "purchase."

For the time being, those desirous of staying out of the clutches of telemarketers might do well to remember that "Something for nothing" never is.

Many spammers are ignoring laws forbidding them to insert covert tracking codes in their messages, according to a survey by out-law.com, the IT and ecommerce legal service arm of law firm Masons, and network security outfit iomart.

The survey highlights how spam messages often contain covert tracking codes which enable senders to record and log recipients' email addresses as soon as they open a message.

Such spamming techniques, often used by spammers to identify active accounts, are well known. Although iomart's investigation yields a little more insight into this (more anon), we'll draw your attention first to Masons' assessment of the effectiveness of laws on unsolicited commercial email.

The Law and Spam

There's certainly no shortage of UK legislation applicable to spam. Depending on how the email addresses were obtained and the manner in which spam is sent, there may be a breach of the Data Protection Act.

Also relevant is the E-mail Preference Service, a list to which people can add their email addresses to say that they do not want to receive email marketing - although it lacks any legal weight, Masons' reckons.

Then there are the UK's recent ecommerce regulations, which mandate that all unsolicited commercial email must be clearly and unambiguously identifiable as such.

A European Directive on the protection of privacy in the electronic communications goes further than this. It requires that the UK to ban all forms of unsolicited commercial communications (emails, text messages, faxes or telephone calls) aside from those sent through opt-in lists. The UK is obliged to introduce laws to this effect by November.

419 fraudster taken to court for spamming? Don't make us laugh

Plenty of legal bullets to fire against spammers then, we may think? But these laws are nearly unenforceable, Masons believes.

"The problem with the type of spam that clogs up our inboxes is that the people sending it could not care less about the law," says Shelagh Gaskill, a partner at Masons.

"Much of what they're promoting is illegal anyway, so they're not going to take much notice of laws from the UK, EU or anywhere else. Occasionally, a spammer will be caught and successfully sued. But this is not a viable option for most people."

"It's important that there are laws against pure spam - it must be deterred; but it's also vital to protect the right of companies to market their products legitimately. The best way to deal with spam is not in court; it has to be found in technology," she adds.

In recent days, pop-up spam has begun appearing, by way of Windows Messenger, on the home computer of a Reg staffer. Mostly, the messages promote porn sites.

Last October, we revealed that a firm called DirectAdvertiser had worked out a way of using the Windows RPC (Remote Procedure Call) function to send spam messages which pose as system alerts.

The company has developed a means to leverage Windows' inbuilt Messenger service to blast crap at million of IP addresses.

Now DirectAdvertiser has found a reseller, in the shape of 3032.com, to ramp up the assault. The new pop-ups are grey boxes which take up perhaps a third of the computer screen. They don't pose as system ads - they are bloody great big ads.

According to reader reports, there was a forum at 3032.com where punters could vent their spleen at its intrusive behaviour. That's now been pulled.

So we're left with the hard sell: Send 22 million Pop-ups a day! Practically untraceable! Bulk email is regulated by different laws in different states, instant popups are not! etc etc ad nauseum.

The issue arises out of a feature, not a bug as such, within versions of Windows from Win NT onwards involving Windows in-built "net send" Messenger Service. MSN Instant Messenger is not affected.

So how to prevent this assault?

Microsoft's advice to personal user is to use a firewall to block NetBIOS and RPC traffic. If you are running Windows XP, turn on the Internet Connection Firewall (ICF) feature for your Internet connection. But the Beast warns against simply disabling Windows Messenger because a back-door is still open for attackers to insert, say, a trojan on your PC.

Here is the horror show in full:

In addition to transmitting net send messages to your computer over the Internet, a malicious user may also be able to use the NetBIOS connection to your computer to perform the following tasks:

• Access your private information.
• Initiate denial of service (DoS) attacks against a high profile Web site.
• Distribute software illegally by appropriating space on your hard disk.

But if you decide to ignore Microsoft's advice, you may still wish to consider manual disabling.

Instructions can be found here.