Encyclopedia > E-mail spam

  Article Content

Spamming

Redirected from E-mail spam

Spamming is the act of sending unsolicited, bulk (and usually commercial) electronic messages. Though this can be done through any number of media, the most common is email.

The most common purpose for spamming is advertising. Goods commonly advertised in spam include pornography, computer software, medical products such as Viagra, credit card accounts, and fad products. Spam is also used to promote scams such as pyramid schemes, stock pump-and-dump schemes, and the Nigerian money transfer fraud (419 fraud).

A spammer sends identical or nearly identical messages to thousands of email addresses. These addresses are often harvested from Usenet postings or web pages, obtained from databases, or simply guessed by using common names and domains. By definition, spam is sent without the permission of the recipients.

Spamming is broadly considered unacceptable behavior by Internet service providers and indeed most Internet users. Users find spam annoying and its contents frequently offensive; Internet service providers object to the unrecoupable cost of processing other people's advertisements. Surveys have indicated that spam is one of most users' greatest annoyances about the Internet today. Sending spam is a violation of the Acceptable Use Policy (AUP) of most ISPs, and can lead to the termination of the sender's account. In addition, in many jurisdictions it is a crime or tort.

A large number of spammers engage in deliberate fraud to send out their spam. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. Fake or stolen credit card numbers are frequently used to set up these accounts, so as to further reduce their costs. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs. Spammers also use software programs designed to look for Internet connections with weak security that can easily be hijacked, so that the spammer can "inject" his spam messages into the target ISP's connection. This makes it harder for the spammer's actual location to be identified, and the target ISP is often the subject of harsh feedback and retaliation from activists trying to stop the actual spammer. Both of these forms of "stealth" spamming are illegal, though spammers are rarely prosecuted for engaging in these tactics.

By and large, senders of email advertisements each assert that what they do is not spamming. Precisely what sorts of activity constitute spamming is a matter of debate, and definitions differ based on the purpose for which "spamming" is being defined.

Table of contents

Etymology The term spam is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM™ luncheon meat. While a customer plaintively asks for some kind of food without SPAM in it, the server reiterates the SPAM-filled menu. Soon, a chorus of Vikings join in with a song: "SPAM, SPAM, wonderful SPAM, glorious SPAM," over and over again, drowning out all conversation.

The term "spamming" was first used on the Internet to refer to disruptive, repetitious messages on MUD games. Soon, it came to refer also to the flooding of Usenet newsgroups with junk messages. After a pair of lawyers, Laurence Canter and Martha Siegel, started using bulk Usenet posting as a means of advertisement, the term came to include unauthorized commercial use of the noncommercial Usenet medium. Email spamming, and the use of the term, followed shortly. [1] (http://www.templetons.com/brad/spamterm)

There are two popular (and incorrect) folk etymologies of the word "spam". The first, promulgated by spammers Canter & Siegel[?], is that "spamming" is what happens when one dumps a can of SPAM into a fan blade. The second is the acronym "shit posing as mail."

Hormel Foods, the makers of SPAM™ luncheon meat, do not object to the Internet use of the term "spamming." However, they do ask that the capitalized word "SPAM" be reserved to refer to their product and trademark. [2] (http://www.spam.com/ci/ci_in.htm).

Other words for spam

The terms unsolicited commercial email (UCE) and unsolicited bulk email (UBE) are sometimes used as more precise or less slangy expressions for email spam. Many email users regard all UBE as spam, regardless of its content -- but most legislative efforts against spam are tailored to address UCE. A small but noticeable proportion of unsolicited bulk email is not, in fact, also commercial; examples include political advocacy spam and chain letters.

Email spamming Larger ISPs such as America Online report that anywhere from one-third to two-thirds of their email server capacity is consumed by spam. Because this cost is imposed without the consent of either the site owners or the authorized users, many argue that email spamming is a form of theft of services.

Many email spammers send their UBE through open mail relays. The SMTP system, used to send email across the Internet, forwards mail from one server to another; mail servers that ISPs run commonly require some form of authentication that the user is a customer of that ISP. Open relays, however, do not properly check who is using the mail server and pass all mail to the destination address, making it quite a bit harder to track down spammers.

In May 2003, it was reported more than half of all emails sent were spam. Steve Linford[?] of the spam-fighting project Spamhaus[?] warned that at current rates of increase, the entire email system could "melt down" within six months.

"Official" views on spamming can be found in RFC 2635 (http://www.faqs.org/rfcs/rfc2635).

The costs of spam

Spamming is sometimes called the electronic equivalent of junk postal mail[?]. However, the printing and postage costs of junk mail are paid for by the sender -- in the case of spam, the recipient's mail site pays most of the costs, in terms of bandwidth, CPU processing time, and storage space. Spammers frequently use free dial-up accounts, so their costs may be quite minimal indeed. Because of this offloading of costs onto the recipient, many consider spamming to be theft or criminal conversion.

Because spamming is forbidden by ISPs, spammers frequently seek out and make use of vulnerable third-party systems such as open mail relays and open proxy servers. Spammers have also abused resources set up for purposes of anonymous speech online, such as anonymous remailers. As a result, many of these resources have been shut down, denying their utility to legitimate users.

Many users are bothered by spam because it impinges upon the amount of time they spend reading their email. Many also find the content of spam frequently offensive, in that pornography is one of the most frequently advertised products. Spammers send their spam largely indiscriminately, so pornographic ads may show up in a workplace email inbox -- or a child's. (The sending of pornography to children is illegal in many jurisdictions.)

Some spammers argue that most of these costs could potentially be alleviated by having spammers reimburse ISPs and individuals for their material. There are two problems with this logic: first, the rate of reimbursement they could credibly budget is unlikely to be nearly high enough to pay the cost; and second, the human cost (lost mail, lost time, and lost opportunities) is basically unrecoverable.

Economics of spam

E-mail spam is a true tragedy of the commons, where a small number of non-cooperators force costs in a system which would have extremely low costs in a community of co-operators.

Since E-mail is so cheap to send, a tiny number of spammers can saturate the Internet with junk mail. Although only a tiny number of their targets are motivated to purchase their products (or fall victim to their scams), this is a sufficient conversion rate to keep spamming alive. Furthermore, even though spam appears not to economically viable as a way for a reputable company to do business, it suffices for professional spammers to convince a tiny proportion of gullible advertisers that it is for them to stay in business.

Statistics

(source: James Gleick[?]'s article in The Observer, 2 March 2003)

  • 10 billion spam emails sent every day
  • 30 billion expected by 2005
  • 150 spammers send 90% of all email
  • A new email account set up to experiment received spam after 540 seconds
  • 37% of US email is spam. 1 in 12 of UK emails.
  • EU businesses spend 10 billion euros each year to deal with spam

Comparison to postal "junk" mail

Email spam is sometimes compared to so-called "junk mail" sent via the postal service, particularly by advertisers. Those who oppose spamming point out that a firm which sends advertisements in the post has to pay for the printing and the postage. In contrast, spammers do not cover the costs of transit, delivery, and storage of their messages: the recipient site or ISP absorbs these costs.

In the case of the United States Postal Service, for instance, bulk mail[?] senders may pay a lower rate than first-class mail -- but they are required to pre-sort their mailings and apply bar codes. This makes their mail much cheaper for the post office to process. Though the economics of the USPS vary from year to year, much of the time bulk mail ends up subsidizing the delivery of manually sorted first-class mail.

Another distinction is that the cost of sending bulk mail scales with the number of copies sent, whereas the cost to the spammer of sending spam does not. An advertiser who sends one million pieces of bulk postal mail may expect to spend ten times as much as one who sends one hundred thousand pieces. However, for a spammer to send one million spam messages doesn't cost much more than to send fewer. Thus, spammers do not have the bulk mailer's incentive to prune their lists of invalid addresses or those unlikely to buy.

Finally, bulk mail is by and large used by businesses who are traceable and can be held responsible for what they send. Laws restrict the sending of pornographic materials in the post, and governmental agencies (postal inspectors) exist to enforce these laws. Spammers frequently operate on a fly-by-night basis, using the so-called "anarchy" of the Internet, and its unfamiliarity to law enforcement, as a cover.

Defense against spam

There are a number of services and software systems that mail sites and users can use to reduce the load of spam on their systems and mailboxes. Some of these depend upon rejecting email from Internet sites known or likely to send spam. Others rely on automatically analyzing the content of email messages and weeding out those which resemble spam. These two approaches are sometimes termed blocking and filtering.

Blocking and filtering each have their advocates and advantages. While both reduce the amount of spam delivered to users' mailboxes, blocking does much more to alleviate the bandwidth cost of spam, since spam can be rejected before the message is transmitted to the recipient's mail server. Filtering tends to be more thorough, since it can examine all the details of a message. Many modern spam filtering systems take advantage of machine learning techniques, which vastly improve their accuracy over manual methods. However, some people find filtering intrusive to privacy, and many mail administrators prefer blocking to deny access to their systems from sites tolerant of spammers.

DNSBLs

DNS-based Blackhole Lists, or DNSBLs, are a blocking technique, whereby a site publishes lists of IP addresses via the DNS, in such a way that mail servers can easily be set to reject mail from those addresses. There are literally scores of DNSBLs, each of which reflects different policies: some list sites known to emit spam; others list open mail relays or proxies; others, such as SPEWS, list ISPs known to support spam.

For history and details on DNSBLs, see DNSBL.

Heuristic and statistical filtering

Until recently, content filtering techniques relied on mail administrators specifying lists of words or regular expressions disallowed in mail messages. Thus, if a site receives spam advertising "herbal Viagra", the administrator might place these words in the filter configuration. The mail server would thence reject any message containing the phrase. The disadvantage of this static filtering is that it is difficult to maintain, and prone to false positives: it is always possible, even for an unlikely phrase, that non-spam mail will contain it.

Heuristic filtering, such as is implemented in the program SpamAssassin[?], relies on assigning numerical scores to various phrases and patterns which may occur in messages. Scores may be positive numbers, indicating likeliness that patterns indicate spam; or negative, indicating legitimate mail. Each message is scanned for these patterns, and the applicable scores tallied up. If the total is above a fixed value, the message is rejected or flagged as spam. [3] (http://www.spamassassin.org/)

However, heuristic filtering still relies on an administrator or maintainer to generate the list of scores. Statistical filtering was first proposed in 1998 by Mehran Sahami[?],et al., at the AAAI-98 Workshop on Learning for Text Categorization. A statistical filter is basically a kind of text classification[?] system, and a number of machine learning researchers have turned their attention to the problem. Statistical filtering was popularized by Paul Graham's influential 2002 article, which used Naive Bayesian classification to predict whether messages are spam or not -- based on collections of spam and nonspam ("ham") email submitted by users. [4] (http://www.paulgraham.com/antispam) [5] (http://research.microsoft.com/~horvitz/junkfilter.htm)

Filtering software is available both for mail servers and for mail client programs; apart from SpamAssassin[?], Bogofilter is one of today's more advanced spam fighting tools.

(links here please)

Tarpits and Honeypots

A tarpit is any server software which intentionally responds pathologically slowly to client commands. A honeypot is a server which attempts to attract attacks. Some mail administrators operate tarpits to impede spammers' attempts at sending messages,and honeypots to detect the activity of spammers. By running a tarpit which appears to be an open mail relay, or which treats acceptable mail normally and known spam slowly, a site can slow down the rate at which spammers can inject messages into the mail facility.

One tarpit design is the teergrube, whose name is simply German for "tarpit". This is an ordinary SMTP server which intentionally responds very slowly to commands. Such a system will bog down SMTP client software, as further commands cannot be sent until the server acknowledges the earlier ones. Several SMTP MTAs, including Postfix[?], have a teergrube capacity built in: when confronted with a client session which causes errors such as spam rejections, they will slow down their responding. [6] (http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en) [7] (http://www.postfix.org/rate)

Another design for tarpits directly controls the TCP/IP protocol stack, holding the spammer's network socket open without allowing any traffic over it. By reducing the TCP window size to zero, but continuing to acknowledge packets, the spammer's process may be tied up indefinitely. This design is more difficult to implement than the former. Aside from anti-spam purposes, it has also been used to absorb attacks from network worms. [8] (http://www.hackbusters.net/)

A third design is simply an imitation MTA which gives the appearance of being an open mail relay. Spammers who probe systems for open relay will find such a host and attempt to send mail through it, wasting their time. Such a system may simply discard the spam attempts, submit them to DNSBLs, or store them for analysis. It may also selectively deliver relay test messages to give a stronger appearance of open relay. SMTP honeypots of this sort have been suggested as a way that end-users can interfere with spammers' activities. [9] (http://jackpot.uk.net/) [10] (http://llama.whoi.edu/smtpot.py)

Captchas

Another method which may be used by internet service providers (or by specialized services) to combat spam is to require unknown senders to pass captcha tests before their messages are delivered, effectively blocking bot-generated spam.

Spam tips for users

Aside from installing client-side filtering software, end users can protect themselves from the brunt of of spam's impact in numerous other ways.

Address munging

One way that spammers obtain email addresses to target is to trawl the Web and Usenet for strings which look like addresses. Thus, if one's address is never listed on these fora, they cannot find it. Posting anonymously, or with an entirely faked name and address, is one way to avoid this "address harvesting". Users who want to receive legitimate email regarding their posts or Web sites can alter their addresses in some way that humans can figure out but spammers haven't (yet). For instance, joe@example.net might post as joeNOS@PAM.example.net. This is called address munging, from the jargon word "munge" meaning to break.

Address munging does not, however, evade so-called "dictionary attacks" in which the spammer generates a number of likely-to-exist addresses out of names and common words. For instance, if there is someone with the address adam@aol.com it is likely that he gets a lot of spam ....

Defeating Web bugs and JavaScript

Many modern mail programs incorporate Web browser functionality, such as the display of HTML and images. This can easily expose the user to pornographic or otherwise offensive images in spam. In addition, spam written in HTML can contain JavaScript programs to direct the user's Web browser to an advertised page, or to make the spam message difficult or impossible to close or delete. In some cases, spam messages have contained attacks upon security vulnerabilities in the HTML renderer, using these holes to install spyware. (Some computer viruses are borne by the same mechanisms.)

Users can defend against these methods by using mail clients which do not display HTML or attachments, or by configuring their clients not to display these by default.

Avoiding responding to spam

It is well established that some spammers regard responses to their messages -- even responses which say "Don't spam me" -- as confirmation that an email address refers validly to a reader. Likewise, many spam messages contain Web links or addresses which the user is directed to follow to be removed from the spammer's mailing list. In several cases, spam-fighters have tested these links and addresses and confirmed that they do not lead to the recipient address's removal -- if anything, they lead to more spam.

In Usenet, it is widely considered even more important to avoid responding to spam. Many ISP have software that seeks out and destroys duplicate messages. Often someone sees a spam and responds to it before it's cancelled by their server. This can have the effect of reposting the spammer's spam for them... and since it's not just a duplicate, this reposted copy will actually last longer.

Reporting spam

The majority of ISPs explicitly forbid their users from spamming, and eject from their service users who are found to have spammed. Tracking down a spammer's ISP and reporting the offense often leads to the spammer's service being terminated. Unfortunately, it can be difficult to track down the spammer -- and while there are some online tools to assist, they are not always accurate.

Two such online tools are SpamCop (http://spamcop.net) and Network Abuse Clearinghouse (http://www.abuse.net/). Both provide automated or semi-automated means to report spam to ISPs. Some spam-fighters regard them as inaccurate compared to what an expert in the email system can do; however, most email users are not experts.

Spam-related political issues

One of the chief values favored by many long-time Internet users and experts, as well as by many members of the public, is the free exchange of ideas. Many have valued the relative anarchy of the Internet, and bridle at the idea of restrictions placed upon it. Some see spam-blocking tools as a threat to free expression -- and laws against spamming as an untoward precedent for regulation or taxation of email and the Internet at large.

Two common refrains from spam-fighters address these concerns: First, spamming itself abridges the historical freedom of the Internet, by attempting to force users to carry the costs of material which they would not choose.
Second, to treat spam as unlawful requires no new incursion of law into the online world, merely the application of existing laws against trespass and conversion.

An ongoing concern expressed by parties such as the Electronic Frontier Foundation and the ACLU has to do with so-called "stealth blocking", a term for ISPs employing aggressive spam blocking without their users' knowledge. These groups' concern is that ISPs or technicians seeking to reduce spam-related costs may select tools which (either through error or design) also block non-spam email from sites seen as "spam-friendly". SPEWS is a common target of these criticisms. Few object to the existence of these tools; it is their use in filtering the mail of users who are not informed of their use which draws fire.

Other forms of spam Since the late 1990s, mail system administrators have taken many steps to crack down on spamming. Some of these have even been successful. As a result, those who want to send unsolicited advertisements over the Internet at others' expense have turned to a number of other media.

Messaging spam

Instant messaging (IM) systems are a popular target for spammers. Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages. To combat this, some users choose to receive IMs only from people they already know.

In 2002, a number of spammers have begun using the Microsoft Windows Messaging service to get their message across. This isn't the same as the IM system "MSN Messenger"; rather, it is a function of Windows designed to allow servers to send alerts to administrator workstations. Windows Messaging spam appears as normal dialog boxes containing the spammer's message. Windows Messaging spam can be delivered using any NetBIOS port, so to block it at a firewall entails closing down ports 135 through 139, and 445.

Usenet spam

Spamming of Usenet newsgroups actually pre-dates email spam. Today, it is primarily used to advertise pornography; however, the first widely recognized Usenet spam was an advertisement for legal services. It was posted in April 1994 by lawyers Laurence Canter and Martha Siegel, and hawked legal representation for United States immigrants seeking papers ("green cards").

Old Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). During the early 1990s there was substantial controversy among Usenet system administrators (news admins) over the use of cancel messages to control spam. A cancel message is a directive to news servers to delete a posting, causing it to be inaccessible to those who might read it. Some regarded this as a bad precedent, leaning towards censorship, while others considered it a proper use of the available tools to control the growing spam problem.

Throughout that period, the term "spam" on Usenet was used to refer specifically to excessive multiple posting. Other terms were coined for similar behaviors such as excessive cross-posting or the posting of off-topic advertisements. More recently, however, these have also been termed spam, by analogy to the more widely known email spam.

Spamdexing

Spamdexing is a manipulation used by search engine spammers to influence search engine rankings, often for pages which contain little or no relevant content.

Non-commercial spam

Both email and other forms of spamming have been used for purposes other than advertisement. Many early Usenet spams were religious or political in nature. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and email media with preaching messages.

Particularly on Usenet, spamming has also been used as a denial of service tactic, specifically by overwhelming the readers of a newsgroup with an inordinate number of nonsense messages. Since these messages are usually forged (that is, sent falsely under regular posters' names) this tactic has come to be known as "sporgery" (from spam + forgery). This tactic has for instance been used by partisans of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology vs. the Internet) and by spammers against news.admin.net-abuse.email, a forum for mail administrators to discuss spam problems. Applied to email, this is termed mailbombing.

In a handful of cases, forged email spam has been used as a tool of harassment[?]. The spammer collects a list of addresses as usual, then sends a spam to them signed with the name of the person he wishes to harass. Some recipients, angry that they received spam and seeing an obvious "source", will respond angrily or try to take various sorts of revenge upon the apparent spammer, the forgery victim. The first widely known victim of this sort of harassment was an administrator at the domain joes.com, which has lent its name to the offense: it is known as a "joe job". Such joe jobs have been most often used against anti-spammers: in recent examples, Steve Linford[?] of spamhaus.org has been a frequent target.

Alternate meanings The term "spamming" is also used in the older sense of something repetitious and disruptive by players of first-person shooter computer games. In this sense it refers to "area denial" tactics -- repeatedly firing rockets or other explosive shells into an area.

MUD, MUSH, and MUCK[?] players happily continue using the word in its original sense. When a player returns to the terminal after a brief break to find her screen filled with pages of random chat, that's still called "spam". [11] (http://www.graphxpress.com/cgi-bin/wcotp.cgi?date=19980407)

Neither of these senses of the word imply that the "spamming" is abusive.

Recent developments

As at 11 July 2003, the US Federal Trade Commission ("FTC") was expected to ask the US Congress for new powers that would let it cooperate closely with other governments and more easily prosecute American and overseas spammers. A 13-page proposal drafted by the FTC to implement legislation entitled the International Consumer Protection Enforcement Act (ICPEA) would render the agency's investigators "spam cops", granting them the power to serve secret requests for subscriber information on Internet service providers, peruse FBI criminal databases and swap sensitive information with foreign law enforcement agencies. The proposed legislation is a result of a push by American legislators to enact strong laws targeting the most extreme spammers. Civil libertarians[?] are alarmed at the ICPEA draft bill, on the basis that it does not contain sufficient checks and balances, and would adversely impact the Freedom of Information Act.

See also: electronic mailing list, netiquette, Serdar Argic, make money fast, Spamhaus Project[?], marketing, advertising, e-marketing[?], Alan Ralsky[?].

List of Marketing TopicsList of Management Topics
List of Economics TopicsList of Accounting Topics
List of Finance TopicsList of Economists

External links

Newsgroups: news.admin.net-abuse.email, news.admin.net-abuse.usenet, others in news.admin.net-abuse.* hierarchy; alt.spam



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
Westhampton Beach, New York

... Beach, New York Westhampton Beach is a village located in Suffolk County, New York. As of the 2000 census, the village had a total population of 1,902. Geography ...

 
 
 
This page was created in 31.4 ms