Industry analysts say that an increasing number of marketers are resorting to mass instant messaging as a new means of spreading unsolicited and often vulgar sales pitches.
Genelle Hung, a messaging analyst with Palo Alto, Calif.-based research firm Radicati Group, predicts that the onslaught of spam via instant messages, or "spim," will triple in 2004 -- to about 1.2 billion worldwide messages, from 400 million in 2003.
Hung attributes the rise in instant message spam to major advancements over the past year in IM clients' ability to run computer scripts, play online games and initiate Web conferences. She said that this added functionality opened security holes, which left companies vulnerable to spam. Another factor has been the sharp increase in the number of published IM names, she said.
Users interviewed said that spam via IM is nothing more than a minor annoyance. They agree that the real concerns are the worms and Trojan horses that people could unleash by unwittingly clicking a link in an unexpected instant message. That is exactly what happened to MSN Messenger users in December when the Jitux-A linked users to a Web site that exploited vulnerabilities in Microsoft's Internet Explorer.
B.J. Culpepper, manager of global networking for a systems integrator company, said that he very rarely gets spam via IM. He said that IM spam is easy to thwart and that it is important for users not to advertise their instant messaging handles.
"If you advertise your AOL ID, expect to get spam," Culpepper said. "If you use a common ID, expect to get spam."
Teach users about IM tools
He also said that it's important to take advantage of the IM client's functionality for avoiding spam. Many IM products provide the option to refuse messages from people not on their buddy list, Culpepper said.
"Spam is a security threat, but not because of viruses," he said, adding that the real threat is the human tendency to open links and attachments from unknown senders. "People are the weakest link of any technology solution."
Michael Osterman, principal analyst of Black Diamond, Wash.-based Osterman Research, said that he doesn't believe the IM spam problem can ever reach the proportions of e-mail spam because of the way IM works.
"You can approve or disapprove of new senders of IM in most cases," he said. "Also, IM is not used to nearly the same extent as e-mail and probably won't be for quite some time."
Vendors step up antispam efforts
Even with these safeguards already in place, IM providers have been implementing new measures to combat spam. AOL recently introduced IM Catcher, a proprietary IM spam solution that automatically quarantines IMs from unknown senders. Yahoo Instant Messenger has implemented a new "invisible" mode that enables customers to start an IM session without being visible on any buddy list.
Daniel V. Klein, an independent consultant and longtime antispam crusader, said that he hasn't had much of a problem with IM spam. He was, however, bothered by a few unwanted IM messages from his Internet service provider. "Well," he said, mocking the ISP, "you're one of my customers, so we can send you crap."
As with spam e-mail, Klein said, tracking down IM spammers is a nearly impossible task. "What if I send an e-mail which happens to send you an instant message on your phone?" he asked. "How would you track me? The telephone does not report complete headers."