Home Discussion Topics Dictionary Almanac

Signup Login

E-mail spam

Overview

Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of spam

Spam (electronic)

Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...

that involves nearly identical messages sent to numerous recipients by email

Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...

. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE (unsolicited commercial email). The opposite of "spam", email which one wants, is called "ham", usually when referring to a message's automated analysis (such as Bayesian filtering).

Discussion

Ask a question about 'E-mail spam'

Start a new discussion about 'E-mail spam'

Answer questions from other users

Full Discussion Forum

Unanswered Questions

WHEN WILL I HEAR FROM YOU RE: THE QUESTION I JUST TYPED & SAVED ON THIS SITE SINCE I'LL BE SAVING THIS LITTLE NOTE AS INSTRUCTED TO DO SO BELOW JUST A...

Spam is legally permissible according to the CAN-SPAM Act of 2003 provided it follows certain criteria: a truthful subject line; no false information ...

Encyclopedia

Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of spam

Spam (electronic)

Spam is the use of electronic messaging systems to send unsolicited bulk messages indiscriminately...

that involves nearly identical messages sent to numerous recipients by email

Botnet

A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...

s, networks of virus

Computer virus

A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...

-infected computers, are used to send about 80% of spam. Since the expense of the spam is borne mostly by the recipient, it is effectively postage due

Postage due

Postage due is the term used for mail sent with insufficient postage. A postage due stamp is a stamp added to an underpaid piece of mail to indicate the extra postage due.- Background :...

advertising.

The legal status of spam varies from one jurisdiction to another. In the United States, spam was declared to be legal by the CAN-SPAM Act of 2003

CAN-SPAM Act of 2003

The CAN-SPAM Act of 2003 , signed into law by President George W. Bush on December 16, 2003, establishes the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission to enforce its provisions...

provided the message adheres to certain specifications. ISP

Internet service provider

An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...

s have attempted to recover the cost of spam through lawsuits against spammers, although they have been mostly unsuccessful in collecting damages despite winning in court.

Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. They also use a practice known as "email appending" or "epending" in which they use known information about their target (such as a postal address) to search for the target's email address. Much of spam is sent to invalid email addresses. Spam averages 78% of all email sent. According to the Message Anti-Abuse Working Group, the amount of spam email was between 88–92% of email messages sent in the first half of 2010.

Overview

From the beginning of the Internet (the ARPANET

ARPANET

The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...

), sending of junk email has been prohibited, enforced by the Terms of Service

Terms of service are rules which one must agree to abide by in order to use a service. Unless in violation of consumer protection laws, such terms are usually legally binding...

/Acceptable Use Policy

Acceptable use policy

An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system that restrict the ways in which the network site or system may be used...

(ToS/AUP) of internet service providers (ISPs) and peer pressure. Even with a thousand users junk email for advertising is not tenable, and with a million users it is not only impractical, but also expensive. It is estimated that spam cost businesses on the order of $100 billion in 2007. As the scale of the spam problem has grown, ISPs and the public have turned to government for relief from spam, which has failed to materialize.

Types

Spam has several definitions varying by source.

Unsolicited bulk email (UBE)—unsolicited email, sent in large quantities.
Unsolicited commercial email (UCE)—this more restrictive definition is used by regulators whose mandate is to regulate commerce, such as the U.S. Federal Trade Commission
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...

.

Spamvertised sites

Many spam emails contain URLs to a website or websites. According to a Commtouch

Commtouch

Commtouch is an Internet security technology company founded in 1991. The company is headquartered in Netanya, Israel, with a subsidiary in Sunnyvale, California....

report in the first quarter of 2010, there are "...183 billion spam messages" sent every day. The most popular spam topic is "pharmacy ads" which make up 81% of email spam messages.

Most common products advertised

According to information compiled by Commtouch Software Ltd., email spam for the first quarter of 2010 can be broken down as follows.

EMail Spam by Topic
Pharmacy	81%
Replica	5.40%
Enhancers	2.30%
Phishing	2.30%
Degrees	1.30%
Casino	1%
Weight Loss	0.40%
Other	6.30%

419 scams

Advance fee fraud spam such as the Nigerian "419" scam may be sent by a single individual from a cyber cafe in a developing country. Organized "spam gangs

Gang

A gang is a group of people who, through the organization, formation, and establishment of an assemblage, share a common identity. In current usage it typically denotes a criminal organization or else a criminal affiliation. In early usage, the word gang referred to a group of workmen...

" operating from Russia

Russia

Russia or , officially known as both Russia and the Russian Federation , is a country in northern Eurasia. It is a federal semi-presidential republic, comprising 83 federal subjects...

or eastern Europe

Eastern Europe

Eastern Europe is the eastern part of Europe. The term has widely disparate geopolitical, geographical, cultural and socioeconomic readings, which makes it highly context-dependent and even volatile, and there are "almost as many definitions of Eastern Europe as there are scholars of the region"...

share many features in common with other forms of organized crime

Organized crime

Organized crime or criminal organizations are transnational, national, or local groupings of highly centralized enterprises run by criminals for the purpose of engaging in illegal activity, most commonly for monetary profit. Some criminal organizations, such as terrorist organizations, are...

, including turf battles and revenge killings.

Phishing

Spam is also a medium for fraudsters to scam users into entering personal information on fake Web sites using emails forged to look like they are from banks or other organizations, such as PayPal

PayPal

PayPal is an American-based global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders....

. This is known as phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...

. Targeted phishing, where known information about the recipient is used to created forged emails, is known as spear-phishing.

Appending

If a marketer has one database containing names, addresses, and telephone numbers of prospective customers, they can pay to have their database matched against an external database containing email addresses. The company then has the means to send email to persons who have not requested email, which may include persons who have deliberately withheld their email address.

Image spam

Image spam is a kind of E-mail spam where the message text of the spam is presented as a picture in an image file. When introduced by spammers most graphical E-mail client software would render the image file by default, presenting the message image directly to the user, it was a highly effective...

is an obfuscating method in which the text of the message is stored as a GIF

GIF

The Graphics Interchange Format is a bitmap image format that was introduced by CompuServe in 1987 and has since come into widespread usage on the World Wide Web due to its wide support and portability....

or JPEG

JPEG

In computing, JPEG . The degree of compression can be adjusted, allowing a selectable tradeoff between storage size and image quality. JPEG typically achieves 10:1 compression with little perceptible loss in image quality....

image and displayed in the email. This prevents text based spam filters from detecting and blocking spam messages. Image spam was reportedly used in the mid 2000s to advertise "pump and dump

Pump and dump

"Pump and dump" is a form of microcap stock fraud that involves artificially inflating the price of an owned stock through false and misleading positive statements, in order to sell the cheaply purchased stock at a higher price....

" stocks.

Often, image spam contains nonsensical, computer-generated text which simply annoys the reader. However, new technology in some programs try to read the images by attempting to find text in these images. They are not very accurate, and sometimes filter out innocent images of products like a box that has words on it.

A newer technique, however, is to use an animated GIF

GIF

image that does not contain clear text in its initial frame, or to contort the shapes of letters in the image (as in CAPTCHA

CAPTCHA

A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...

) to avoid detection by OCR

OCR

OCR may refer to:* Optical character recognition, conversion of images of text into characters** The OCR-A font, designed to simplify character recognition** The similar OCR-B font* Transvaginal oocyte retrieval, a technique used in in vitro fertilization...

tools.

Blank spam

Blank spam is spam lacking a payload advertisement. Often the message body is missing altogether, as well as the subject line. Still, it fits the definition of spam because of its nature as bulk and unsolicited email.

Blank spam may be originated in different ways, either intentional or unintentionally:

Blank spam can have been sent in a directory harvest attack
Directory Harvest Attack
A Directory Harvest Attack or DHA is a technique used by spammers in an attempt to find valid/existent e-mail addresses at a domain by using brute force. The attack is usually carried out by way of a standard dictionary attack, where valid e-mail addresses are found by brute force guessing valid...

, a form of dictionary attack
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...

for gathering valid addresses from an email service provider. Since the goal in such an attack is to use the bounces to separate invalid addresses from the valid ones, spammers may dispense with most elements of the header and the entire message body, and still accomplish their goals.
Blank spam may also occur when a spammer forgets or otherwise fails to add the payload when he or she sets up the spam run.
Often blank spam headers appear truncated, suggesting that computer glitches may have contributed to this problem—from poorly-written spam software to shoddy relay servers, or any problems that may truncate header lines from the message body.
Some spam may appear to be blank when in fact it is not. An example of this is the VBS.Davinia.B email worm which propagates through messages that have no subject line and appears blank, when in fact it uses HTML code to download other files.

Backscatter spam

Backscatter is a side-effect of email spam, viruses and worms

Computer worm

A computer worm is a self-replicating malware computer program, which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need to attach...

, where email servers receiving spam and other mail send bounce message

Bounce message

In the Internet's standard e-mail protocol SMTP, a bounce message, also called a Non-Delivery Report/Receipt , a Delivery Status Notification message, a Non-Delivery Notification or simply a bounce, is an automated electronic mail message from a mail system informing the sender of another...

s to an innocent party. This occurs because the original message's envelope sender is forged to contain the email address of the victim. A very large proportion of such email is sent with a forged From: header, matching the envelope sender.

Since these messages were not solicited by the recipients, are substantially similar to each other, and are delivered in bulk quantities, they qualify as unsolicited bulk email or spam. As such, systems that generate email backscatter can end up being listed on various DNSBL

DNSBL

A DNSBL is a list of IP addresses published through the Internet Domain Name Service either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time...

s and be in violation of internet service provider

Internet service provider

s' Terms of Service

Terms of service are rules which one must agree to abide by in order to use a service. Unless in violation of consumer protection laws, such terms are usually legally binding...

Legality

Sending spam violates the Acceptable use policy

Acceptable use policy

An acceptable use policy is a set of rules applied by the owner/manager of a network, website or large computer system that restrict the ways in which the network site or system may be used...

(AUP) of almost all Internet service provider

Internet service provider

s. Providers vary in their willingness or ability to enforce their AUP. Some actively enforce their terms and terminate spammers' accounts without warning. Some ISPs lack adequate personnel or technical skills for enforcement, while others may be reluctant to enforce restrictive terms against profitable customers.

As the recipient directly bears the cost of delivery, storage, and processing, one could regard spam as the electronic equivalent of "postage-due" junk mail. Due to the low cost of sending unsolicited email and the potential profit entailed, some believe that only strict legal enforcement can stop junk email. The Coalition Against Unsolicited Commercial Email (CAUCE) argues "Today, much of the spam volume is sent by career criminals and malicious hackers who won't stop until they're all rounded up and put in jail."

European Union

All the countries of the European Union

European Union

The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...

have passed laws that specifically target spam.

Article 13 of the European Union

European Union

Directive on Privacy and Electronic Communications

Directive 2002/58 on Privacy and Electronic Communications, otherwise known as E-Privacy Directive, is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive...

(2002/58/EC) provides that the EU member states shall take appropriate measures to ensure that unsolicited communications for the purposes of direct marketing are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications, the choice between these options to be determined by national legislation.

In the United Kingdom

United Kingdom

The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...

, for example, unsolicited emails cannot be sent to an individual subscriber unless prior permission has been obtained or unless there is a previous relationship between the parties. The regulations can be enforced against an offending company or individual anywhere in the European Union

European Union

. The Information Commissioner

Information Commissioner

The role of Information Commissioner differs from nation to nation. Most commonly it is a title given to a government regulator in the fields of freedom of information and the protection of personal data in the widest sense.-Canada:...

's Office has responsibility for the enforcement of unsolicited emails and considers complaints about breaches. A breach of an enforcement notice is a criminal offence subject to a fine of up to £5000.

Canada

The Government of Canada

Government of Canada

The Government of Canada, formally Her Majesty's Government, is the system whereby the federation of Canada is administered by a common authority; in Canadian English, the term can mean either the collective set of institutions or specifically the Queen-in-Council...

has passed anti-spam legislation called the Fighting Internet and Wireless Spam Act to fight spam.

Australia

In Australia

Australia

Australia , officially the Commonwealth of Australia, is a country in the Southern Hemisphere comprising the mainland of the Australian continent, the island of Tasmania, and numerous smaller islands in the Indian and Pacific Oceans. It is the world's sixth-largest country by total area...

, the relevant legislation is the Spam Act 2003

Spam Act 2003

The Spam Act 2003 was passed in 2003 as federal legislation by the Parliament of the Commonwealth of Australia. The first portions of the act came into effect on 12 December 2003, the day the act received Royal Assent, with all remaining sections of the act coming into force on 10 April 2004.Its...

which covers some types of email and phone spam, which took effect on 11 April 2004. The Spam Act provides that "Unsolicited commercial electronic messages must not be sent." Whether an email is unsolicited depends on whether you have consent. Consent can be express or inferred. Express consent is when someone directly instructs you to send them emails, e.g. if they opt-in. Consent can also be inferred from the business relationship between the sender and recipient or if the recipient conspicuously publishes their email address in a public place (such as on a website). Penalties are up to 10,000 penalty units

Penalty units

Breaches of statute law in Australia are usually prescribed in terms of penalty units or PUs. To establish a fine, multiply the number of penalty units by the amount....

, or 2,000 penalty units for a person other than a body corporate.

United States

In the United States

United States

The United States of America is a federal constitutional republic comprising fifty states and a federal district...

, most states enacted anti-spam laws during the late 1990s and early 2000s. Many of these have since been pre-empted

Federal preemption

Federal preemption refers to the invalidation of US state law when it conflicts with Federal law.-Constitutional basis:According to the Supremacy Clause of the United States Constitution,...

by the less restrictive CAN-SPAM Act of 2003

CAN-SPAM Act of 2003

.

Spam is legally permissible according to the CAN-SPAM Act of 2003 provided it follows certain criteria: a "truthful" subject line, no forged information in the technical headers or sender address, and other minor requirements. If the spam fails to comply with any of these requirements it is illegal. Aggravated or accelerated penalties apply if the spammer harvested the email addresses using methods described earlier.

A review of the effectiveness of CAN-SPAM in 2005 by the Federal Trade Commission (the agency charged with CAN-SPAM enforcement) stated that the amount of sexually explicit spam had significantly decreased since 2003 and the total volume had begun to level off. Senator Conrad Burns

Conrad Burns

Conrad Ray Burns is a former United States Senator from Montana. He is only the second Republican to represent Montana in the Senate since the passage in 1913 of the Seventeenth Amendment to the United States Constitution and is the longest-serving Republican senator in Montana history.While in...

, a principal sponsor, noted that "Enforcement is key regarding the CAN-SPAM legislation." In 2004, less than 1% of spam complied with the CAN-SPAM Act of 2003. In contrast to the FTC evaluation, many observers view the CAN-SPAM act as having failed in its purpose of reducing spam.

Other laws

Accessing privately owned computer resources without the owner's permission counts as illegal under computer crime

Computer crime

Computer crime, or cybercrime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers to criminal exploitation of the Internet. Such crimes may threaten a nation’s security and financial health...

statutes in most nations. Deliberate spreading of computer viruses is also illegal in the United States

United States

The United States of America is a federal constitutional republic comprising fifty states and a federal district...

and elsewhere. Thus, some common behaviors of spammers are criminal regardless of the legality of spamming per se. Even before the advent of laws specifically banning or regulating spamming, spammers were successfully prosecuted under computer fraud and abuse laws for wrongfully using others' computers.

The use of botnets can be perceived as theft. The spammer consumes a zombie owner's bandwidth and resources without any cost. In addition, spam is perceived as theft of services. The receiving SMTP servers consume significant amounts of system resources dealing with this unwanted traffic. As a result, service providers have to spend large amounts of money to make their systems capable of handling these amounts of email. Such costs are inevitably passed on to the service providers' customers.

Other laws, not only those related to spam, have been used to prosecute alleged spammers. For example, Alan Ralsky

Alan Ralsky

Alan Ralsky is a convicted American fraudster, best known for his activities as a spammer.-Spamming:According to experts in the field, Ralsky is one of the most prolific sources of junk e-mail worldwide. Unlike most spammers, he has provided interviews to various newspapers, although he claimed to...

was indicted on stock fraud charges in January 2008, and Robert Soloway

Robert Soloway

Robert Alan Soloway is the founder of the so-called "Strategic Partnership Against Microsoft Illegal Spam," or SPAMIS, but is said to be one of the Internet's biggest spammers through his company, Newport Internet Marketing . He was arrested on May 30, 2007, after a grand jury indicted him on...

plead guilty to charges of mail fraud, fraud in connection with email, and failing to file a tax return in March 2008.

Deception and fraud

Spammers may engage in deliberate fraud

Fraud

In criminal law, a fraud is an intentional deception made for personal gain or to damage another individual; the related adjective is fraudulent. The specific legal definition varies by legal jurisdiction. Fraud is a crime, and also a civil law violation...

to send out their messages. Spammers often use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. They also often use falsified or stolen credit card

Credit card

A credit card is a small plastic card issued to users as a system of payment. It allows its holder to buy goods and services based on the holder's promise to pay for these goods and services...

numbers to pay for these accounts. This allows them to move quickly from one account to the next as the host ISPs discover and shut down each one.

Senders may go to great lengths to conceal the origin of their messages. Large companies may hire another firm to send their messages so that complaints or blocking of email falls on a third party. Others engage in spoof

Spoofing attack

In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...

ing of email addresses (much easier than IP address spoofing

IP address spoofing

In computer networking, the term IP address spoofing or IP spoofing refers to the creation of Internet Protocol packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.-Background:The basic...

). The email protocol (SMTP) has no authentication by default, so the spammer can pretend to originate a message apparently from any email address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an email originates.

Senders cannot completely spoof email delivery chains (the 'Received' header), since the receiving mailserver records the actual connection from the last mailserver's IP address. To counter this, some spammers forge additional delivery headers to make it appear as if the email had previously traversed many legitimate servers.

Spoofing can have serious consequences for legitimate email users. Not only can their email inboxes get clogged up with "undeliverable" emails in addition to volumes of spam, they can mistakenly be identified as a spammer. Not only may they receive irate email from spam victims, but (if spam victims report the email address owner to the ISP, for example) a naive ISP may terminate their service for spamming.

Theft of service

Spammers frequently seek out and make use of vulnerable third-party systems such as open mail relay

Open mail relay

An open mail relay is an SMTP server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users...

s and open proxy server

Proxy server

In computer networks, a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server...

s. SMTP forwards mail from one server to another—mail servers that ISPs run commonly require some form of authentication

Authentication

Authentication is the act of confirming the truth of an attribute of a datum or entity...

to ensure that the user is a customer of that ISP. Open relays, however, do not properly check who is using the mail server and pass all mail to the destination address, making it harder to track down spammers.

Increasingly, spammers use networks of malware-infected PCs (zombies

Zombie computer

In computer science, a zombie is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam...

) to send their spam. Zombie

Zombie computer

networks are also known as Botnet

Botnet

s (such zombifying malware is known as a bot, short for robot

Robot

A robot is a mechanical or virtual intelligent agent that can perform tasks automatically or with guidance, typically by remote control. In practice a robot is usually an electro-mechanical machine that is guided by computer and electronic programming. Robots can be autonomous, semi-autonomous or...

). In June 2006, an estimated 80% of email spam was sent by zombie PCs, an increase of 30% from the prior year. An estimated 55 billion email spam were sent each day in June 2006, an increase of 25 billion per day from June 2005.

For Q1 2010, an estimated 305,000 newly activated zombie PCs were brought online each day for malicious activity. This number is slightly lower than the 312,000 of Q4 2009.

Brazil produced the most zombies in the first quarter of 2010. Brazil was the source of 20% of all zombies, which is down from 14% from the fourth quarter 2009. India had 10%, with Vietnam at 8%, and the Russian Federation at 7%.

Side effects

To combat the problems posed by botnets, open relays and proxy servers many email server administrators pre-emptively block dynamic IP ranges and impose stringent requirements on other servers wishing to deliver mail. Forward-confirmed reverse DNS must be correctly set for the outgoing mail server and large swaths of IP addresses are blocked sometimes pre-emptively to prevent spam. These measures can pose problems for people wanting to run a small email server off an inexpensive domestic connection. Blacklisting of IP ranges due to spam eminating from them also causes problems for legitimate email servers in the same IP range.

Statistics and estimates

The total volume of email spam has been consistently growing, but in 2011 the trend seems to have reversed.http://mashable.com/2011/07/04/spam-decreased-82percent/http://www.symanteccloud.com/globalthreats/charts/spam_monthly The amount of spam users see in their mailboxes is only a portion of total spam sent, since spammers' lists often contain a large percentage of invalid addresses and many spam filters simply delete or reject "obvious spam."

The first known spam email, advertising a DEC product presentation, was sent in 1978 by Gary Thuerk to 600 addresses, which was all the users of ARPANET

ARPANET

The Advanced Research Projects Agency Network , was the world's first operational packet switching network and the core network of a set that came to compose the global Internet...

at the time, though software limitations meant only slightly more than half of the intended recipients actually received it. As of August 2010, the amount of spam was estimated to be around 200 billion spam messages sent per day. More than 97% of all emails sent over the net are unwanted, according to a Microsoft security report.. MAAWG

MAAWG

The Messaging Anti-Abuse Working Group started as a group of internet service providers, mobile network operators, telecommunications companies and infrastructure vendors and anti-spam technology vendors in early 2004. It has since expanded to include e-mail service providers and other forms of...

estimates that 85% of incoming mail is "abusive email", as of the second half of 2007. The sample size for the MAAWG's study was over 100 million mailboxes.

A 2010 survey of US and European email users showed that 46% of the respondents had opened spam messages, although only 11% had clicked on a link.

Highest amount of spam received

According to Steve Ballmer

Steve Ballmer

Steven Anthony "Steve" Ballmer is an American business magnate. He is the chief executive officer of Microsoft, having held that post since January 2000. , his personal wealth is estimated at US$13.9 billion, ranking number 19 on the Forbes 400.-Early life:Ballmer was born in Detroit, Michigan to...

, Microsoft founder Bill Gates

Bill Gates

William Henry "Bill" Gates III is an American business magnate, investor, philanthropist, and author. Gates is the former CEO and current chairman of Microsoft, the software company he founded with Paul Allen...

receives four million emails per year, most of them spam. This was originally incorrectly reported as "per day".

At the same time Jef Poskanzer

Jef Poskanzer

Jeffrey A. Poskanzer is a computer programmer. He was the first person to post a weekly FAQ to Usenet. He developed the portable pixmap file format and Pbmplus to manipulate it. He owns the internet address acme.com , and worked on the team that ported A/UX...

, owner of the domain name acme.com, was receiving over one million spam emails per day.

Cost of spam

A 2004 survey estimated that lost productivity costs Internet users in the United States $21.58 billion annually, while another reported the cost at $17 billion, up from $11 billion in 2003. In 2004, the worldwide productivity cost of spam has been estimated to be $50 billion in 2005. An estimate of the percentage cost borne by the sender of marketing junk mail (snail mail

Snail mail

Snail mail or smail is a dysphemistic retronym—named after the snail with its slow speed—used to refer to letters and missives carried by conventional postal delivery services. The phrase refers to the lag-time between dispatch of a letter and its receipt, versus the virtually instantaneous...

) is 88%, whereas in 2001 one spam was estimated to cost $0.10 for the receiver and $0.00001 (0.01% of the cost) for the sender.

Origin of spam

Origin or source of spam refers to the geographical location of the computer from which the spam is sent; it is not the country where the spammer resides, nor the country that hosts the spamvertised site. Because of the international nature of spam, the spammer, the hijacked spam-sending computer, the spamvertised server, and the user target of the spam are all often located in different countries. As much as 80% of spam received by Internet users in North America

North America

North America is a continent wholly within the Northern Hemisphere and almost wholly within the Western Hemisphere. It is also considered a northern subcontinent of the Americas...

and Europe

Europe

Europe is, by convention, one of the world's seven continents. Comprising the westernmost peninsula of Eurasia, Europe is generally 'divided' from Asia to its east by the watershed divides of the Ural and Caucasus Mountains, the Ural River, the Caspian and Black Seas, and the waterways connecting...

can be traced to fewer than 200 spammers.

In terms of volume of spam: According to Sophos

Sophos

Sophos is a developer and vendor of security software and hardware, including anti-virus, anti-spyware, anti-spam, network access control, encryption software and data loss prevention for desktops, servers, email systems and other network gateways....

, the major sources of spam in the fourth quarter of 2008 (October to December) were:

The United States (the origin of 19.8% of spam messages, up from 18.9% in Q3)
China (9.9%, up from 5.4%)
Russia (6.4%, down from 8.3%)
Brazil (6.3%, up from 4.5%)
Turkey (4.4%, down from 8.2%)

When grouped by continents, spam comes mostly from:

Asia (37.8%, down from 39.8%)
North America (23.6%, up from 21.8%)
Europe (23.4%, down from 23.9%)
South America (12.9%, down from 13.2%)

In terms of number of IP addresses: the Spamhaus Project (which measures spam sources in terms of number of IP addresses used for spamming, rather than volume of spam sent) ranks the top three as the United States, China, and Russia, followed by Japan, Canada, and South Korea.

In terms of networks: , the three networks hosting the most spammers are Verizon, AT&T

AT&T

AT&T Inc. is an American multinational telecommunications corporation headquartered in Whitacre Tower, Dallas, Texas, United States. It is the largest provider of mobile telephony and fixed telephony in the United States, and is also a provider of broadband and subscription television services...

, and VSNL International

Tata Communications

Tata Communications Limited ) is a telecommunications company located in Mumbai. They own a submarine cable network, a Tier-1 IP network, and also rent data center and colocation space. They operate India's largest data center in Pune...

. Verizon inherited many of these spam sources from its acquisition of MCI

MCI Inc.

MCI, Inc. is an American telecommunications subsidiary of Verizon Communications that is headquartered in Ashburn, Virginia...

, specifically through the UUNet

UUNET

UUNET founded in 1987, was one of the largest Internet service providers and one of the nine Tier 1 networks. It was based in Northern Virginia and was the first commercial Internet service provider...

subsidiary of MCI, which Verizon subsequently renamed Verizon Business.

Anti-spam techniques

The U.S. Department of Energy Computer Incident Advisory Capability

Computer Incident Advisory Capability

Computer Incident Advisory Capability was the original computer security incident response team at the Department of Energy. CIAC was formed in February 1989, jointly sponsored by the DOE Office of the CIO and the Air Force. The primary function of CIAC was, as the name implies, to advise people...

(CIAC) has provided specific countermeasures against email spamming.

Some popular methods for filtering and refusing spam include email filtering based on the content of the email, DNS-based blackhole lists (DNSBL

DNSBL

), greylisting

Greylisting

Greylisting is a method of defending e-mail users against spam. A mail transfer agent using greylisting will "temporarily reject" any email from a sender it does not recognize. If the mail is legitimate the originating server will, after a delay, try again and, if sufficient time has elapsed, the...

, spamtrap

Spamtrap

A spamtrap is a honeypot used to collect spam.Spamtraps are usually e-mail addresses that are created not for communication, but rather to lure spam...

s, Enforcing technical requirements of email (SMTP

Simple Mail Transfer Protocol

Simple Mail Transfer Protocol is an Internet standard for electronic mail transmission across Internet Protocol networks. SMTP was first defined by RFC 821 , and last updated by RFC 5321 which includes the extended SMTP additions, and is the protocol in widespread use today...

), checksumming systems to detect bulk email, and by putting some sort of cost on the sender via a Proof-of-work system

Proof-of-work system

A proof-of-work system is an economic measure to deter denial of service attacks and other service abuses such as spam on a network by requiring some work from the service requester, usually meaning processing time by a computer...

or a micropayment

Micropayment

A micropayment is a financial transaction involving a very small sum of money and usually one that occurs online. PayPal defines a micropayment as a transaction of less than 12 USD while Visa prefers transactions under 20 Australian dollars, and though micropayments were originally envisioned to...

. Each method has strengths and weaknesses and each is controversial because of its weaknesses. For example, one company's offer to "[remove] some spamtrap and honeypot addresses" from email lists, defeats the ability for those methods to identify spammers.

In one study, 95% of revenues (in the study) cleared through just three banks.

Gathering of addresses

In order to send spam, spammers need to obtain the email addresses of the intended recipients. To this end, both spammers themselves and list merchants gather huge lists of potential email addresses. Since spam is, by definition, unsolicited, this address harvesting is done without the consent (and sometimes against the expressed will) of the address owners. As a consequence, spammers' address lists are inaccurate. A single spam run may target tens of millions of possible addresses – many of which are invalid, malformed, or undeliverable.

Sometimes, if the sent spam is "bounced" or sent back to the sender by various programs that eliminate spam, or if the recipient clicks on an unsubscribe link, that may cause that email address to be marked as "valid", which is interpreted by the spammer as "send me more".

Obfuscating message content

Many spam-filtering techniques work by searching for patterns in the headers or bodies of messages. For instance, a user may decide that all email they receive with the word "Viagra" in the subject line is spam, and instruct their mail program to automatically delete all such messages. To defeat such filters, the spammer may intentionally misspell commonly filtered words or insert other characters, often in a style similar to leetspeak, as in the following examples: V1agra, Via'gra, Vi@graa, vi*gra, \/iagra. This also allows for many different ways to express a given word, making identifying them all more difficult for filter software.

The principle of this method is to leave the word readable to humans (who can easily recognize the intended word for such misspellings), but not likely to be recognized by a literal computer program. This is only somewhat effective, because modern filter patterns have been designed to recognize blacklisted terms in the various iterations of misspelling. Other filters target the actual obfuscation methods, such as the non-standard use of punctuation or numerals into unusual places. Similarly, HTML-based email gives the spammer more tools to obfuscate text. Inserting HTML comments between letters can foil some filters, as can including text made invisible by setting the font color to white on a white background, or shrinking the font size to the smallest fine print. Another common ploy involves presenting the text as an image, which is either sent along or loaded from a remote server. This can be foiled by not permitting an email-program to load images.

As Bayesian filtering

Bayesian spam filtering

Bayesian spam filtering is a statistical technique of e-mail filtering. It makes use of a naive Bayes classifier to identify spam e-mail.Bayesian classifiers work by correlating the use of tokens , with spam and non spam e-mails and then using Bayesian inference to calculate a probability that an...

has become popular as a spam-filtering technique, spammers have started using methods to weaken it. To a rough approximation, Bayesian filters rely on word probabilities. If a message contains many words which are only used in spam, and few which are never used in spam, it is likely to be spam. To weaken Bayesian filters, some spammers, alongside the sales pitch, now include lines of irrelevant, random words, in a technique known as Bayesian poisoning

Bayesian poisoning

Bayesian poisoning is a technique used by e-mail spammers to attempt to degrade the effectiveness of spam filters that rely on Bayesian spam filtering. Bayesian filtering relies on Bayesian probability to determine whether an incoming mail is spam or is not spam...

. A variant on this tactic may be borrowed from the Usenet abuser known as "Hipcrime

Hipcrime (Usenet)

HipCrime refers both to the screenname of a Usenet user and software application distributed by, and presumably written by, this individual. The name derives from a neologism in the John Brunner science fiction novel Stand on Zanzibar....

" -- to include passages from books taken from Project Gutenberg

Project Gutenberg

Project Gutenberg is a volunteer effort to digitize and archive cultural works, to "encourage the creation and distribution of eBooks". Founded in 1971 by Michael S. Hart, it is the oldest digital library. Most of the items in its collection are the full texts of public domain books...

, or nonsense sentences generated with "dissociated press

Dissociated press

Dissociated press is an algorithm for generating text based on another text. It is intended for transforming any text into potentially humorous garbage. The name is a play on "Associated Press".An implementation of the algorithm is available in Emacs....

" algorithms. Randomly generated phrases can create spoetry

Spoetry

Spoetry or spoems are poetic verses made primarily from the subject lines of spam e-mail messages.-What is spoetry?:It is unknown as to when the first spoem was started as several writers and bloggers have claimed to have created the form. However, it is estimated that the idea began in 1999 as...

(spam poetry) or spam art.

Another method used to masquerade spam as legitimate messages is the use of autogenerated sender names in the From: field, ranging from realistic ones such as "Jackie F. Bird" to (either by mistake or intentionally) bizarre attention-grabbing names such as "Sloppiest U. Epiglottis" or "Attentively E. Behavioral". Return addresses are also routinely auto-generated, often using unsuspecting domain owners' legitimate domain names, leading some users to blame the innocent domain owners. Blocking lists use IP addresses rather than sender domain names, as these are more accurate. A mail purporting to be from example.com can be seen to be faked by looking for the originating IP address in the email's headers; also Sender Policy Framework

Sender Policy Framework

Sender Policy Framework is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF...

, for example, helps by stating that a certain domain will only send email from certain IP addresses.

Spam can also be hidden inside a fake "Undelivered mail notification" which looks like the failure notices sent by a mail transfer agent

Mail transfer agent

Within Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...

(a "MAILER-DAEMON

Bounce message

") when it encounters an error.

Spam-support services

A number of other online activities and business practices are considered by anti-spam activists to be connected to spamming. These are sometimes termed spam-support services: business services, other than the actual sending of spam itself, which permit the spammer to continue operating. Spam-support services can include processing orders for goods advertised in spam, hosting Web sites or DNS

Domain name system

The Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...

records referenced in spam messages, or a number of specific services as follows:

Some Internet hosting firms advertise bulk-friendly or bulletproof hosting. This means that, unlike most ISPs, they will not terminate a customer for spamming. These hosting firms operate as clients of larger ISPs, and many have eventually been taken offline by these larger ISPs as a result of complaints regarding spam activity. Thus, while a firm may advertise bulletproof hosting, it is ultimately unable to deliver without the connivance of its upstream ISP. However, some spammers have managed to get what is called a pink contract

Pink contract

A pink contract is an agreement between an email spammer and the spammer's Internet service provider. The contract exempts the spammer from the provider's terms of service, which typically prohibit spamming...

(see below) – a contract with the ISP that allows them to spam without being disconnected.

A few companies produce spamware
Spamware
Spamware is software designed by or for spammers. Spamware varies widely, but may include the ability to import thousands of addresses, to generate random addresses, to insert fraudulent headers into messages, to use dozens or hundreds of mail servers simultaneously, and to make use of open relays....

, or software designed for spammers. Spamware varies widely, but may include the ability to import thousands of addresses, to generate random addresses, to insert fraudulent headers into messages, to use dozens or hundreds of mail servers simultaneously, and to make use of open relays. The sale of spamware is illegal in eight U.S. states.

So-called millions CDs are commonly advertised in spam. These are CD-ROM

CD-ROM

A CD-ROM is a pre-pressed compact disc that contains data accessible to, but not writable by, a computer for data storage and music playback. The 1985 “Yellow Book” standard developed by Sony and Philips adapted the format to hold any form of binary data....

s purportedly containing lists of email addresses, for use in sending spam to these addresses. Such lists are also sold directly online, frequently with the false claim that the owners of the listed addresses have requested (or "opted in") to be included. Such lists often contain invalid addresses. In recent years, these have fallen almost entirely out of use due to the low quality email addresses available on them, and because some email lists exceed 20GB in size. The amount you can fit on a CD is no longer substantial.

A number of DNS blacklists

DNSBL

(DNSBLs), including the MAPS RBL, Spamhaus SBL, SORBS and SPEWS, target the providers of spam-support services as well as spammers. DNSBLs blacklist IPs or ranges of IPs to persuade ISPs to terminate services with known customers who are spammers or resell to spammers.

Related vocabulary

Unsolicited bulk email (UBE)

A synonym for email spam.

Unsolicited commercial email (UCE)

Spam promoting a commercial service or product. This is the most common type of spam, but it excludes spam which are hoaxes (e.g. virus warnings), political advocacy, religious messages and chain letter

Chain letter

A typical chain letter consists of a message that attempts to the recipient to make a number of copies of the letter and then pass them on to as many recipients as possible...

s sent by a person to many other people. The term UCE may be most common in the USA.

Pink contract

A pink contract

Pink contract

is a service contract offered by an ISP which offers bulk email service to spamming clients, in violation of that ISP's publicly posted acceptable use policy.

Spamvertising

Spamvertising is the practice of sending E-mail spam, advertising a website. The word is a portmanteau of the words "spam" and "advertising".It also refers to vandalizing wikis, blogs and online forums with hyperlinks in order to get a higher search engine ranking for the vandal's website...

is advertising through the medium of spam.

Opt-in, confirmed opt-in, double opt-in, opt-out

Opt-in, confirmed opt-in, double opt-in, opt-out refers to whether the people on a mailing list are given the option to be put in, or taken out, of the list. Confirmation (and "double", in marketing speak) refers to an email address transmitted eg. through a web form being confirmed to actually request joining a mailing list, instead of being added to the list without verification.

Final, Ultimate Solution for the Spam Problem (FUSSP)

An ironic

Irony

Irony is a rhetorical device, literary technique, or situation in which there is a sharp incongruity or discordance that goes beyond the simple and evident intention of words or actions...

reference to naïve developers who believe they have invented the perfect spam filter, which will stop all spam from reaching users' inboxes while deleting no legitimate email accidentally.

Bacn

Bacn is an infrequently-used term to refer to email sent to a user who at one time subscribed to a mailing list - not unsolicited, but also not personal.

External links

Spam info

Spam reports
.

Government reports and industry white papers
.

The Electronic Frontier Foundation's spam page which contains legislation, analysis and litigation histories
Unsolicited Commercial Email Research Six Month Report by Center for Democracy & Technology from the author of Pegasus Mail
Pegasus Mail
Pegasus Mail is a donationware , proprietary, email client that is developed and maintained by David Harris and his team. It was originally released in 1990 for internal and external mail on Netware networks with MS-DOS clients, and was subsequently ported to Microsoft Windows...

& Mercury Mail Transport System
Mercury Mail Transport System
Mercury Mail Transport System is a standards-compliant donationware mail server developed by David Harris, who also develops the Pegasus Mail client....

– David Harris
David Harris (software developer)
David Harris is a software developer from Dunedin, New Zealand. He developed the Pegasus Mail client and the Mercury Mail Transport System, and is a former staff member of the University of Otago....

.

E-mail spam

Overview

Types

Spamvertised sites

Most common products advertised

419 scams

Phishing

Appending

Image spam

Blank spam

Backscatter spam

Legality

European Union

Canada

Australia

United States

Other laws

Deception and fraud

Theft of service

Side effects

Statistics and estimates

Highest amount of spam received

Cost of spam

Origin of spam

Anti-spam techniques

Gathering of addresses

Obfuscating message content

Spam-support services

Related vocabulary

See also

Further reading

External links