- E-mail spam
E-mail spam, also known as "bulk e-mail" or "junk e-mail," is a subset of spam that involves nearly identical messages sent to numerous recipients by
url = http://web.archive.org/web/20040212175535/http://www.spamfaq.net/terminology.shtml#specific_spams
title = 3.4 Specific Types of Spam
author = James John Farmer| accessdate = 2008-08-19| date = 2003-12-27
format = FAQ| work = An FAQ for news.admin.net-abuse.email; Part 3: Understanding NANAE| publisher = spamfaq.net] cite web
url = http://www.rhyolite.com/anti-spam/you-might-be.html#spam-fighter-4
title = You Might Be An Anti-Spam Kook If...
accessdate = 2007-01-05| date = 2006-11-25| publisher = Rhyolite Software, LLC] cite web
url = http://www.spamcop.net/fom-serve/cache/14.html
title = On what type of email should I (not) use SpamCop?
accessdate = 2007-01-05| format = FAQ| work = SpamCop FAQ| publisher = IronPort Systems, Inc.] cite web
url = http://spam.abuse.net/overview/whatisspam.shtml
title = What is spam?| accessdate = 2007-01-05
author = Scott Hazen Mueller| work = Information about spam| publisher = spam.abuse.net] cite web
url = http://www.monkeys.com/spam-defined/
title = Spam Defined| accessdate = 2007-01-05| date = 2002-12-22| publisher = Infinite Monkeys & Co. LLC] "UCE" refers specifically to "unsolicited commercial e-mail."
E-mail spam slowly but exponentially grew for several decades to several billion messages a day. Spam has frustrated, confused, and annoyed e-mail users. Laws against spam have been sporadically implemented, with some being
opt-outand others requiring opt in e-mail. The total volume of spam (over 100 billion emails per day as of April 2008) has leveled off slightly in recent years, and is no longer growing exponentially. The amount received by most e-mail users has decreased, mostly because of better filtering. About 80% of all spam is sent by fewer than 200 spammers. Botnets, networks of virus-infected computers, are used to send about 80% of spam. The cost of spam is borne mostly by the recipient, so it is a form of postage dueadvertising.
E-mail addresses are collected from chatrooms, websites, newsgroups, and viruses which harvest users' address books, and are sold to other spammers. Much of spam is sent to invalid e-mail addresses. ISPs have attempted to recover the cost of spam through lawsuits against spammers, although they have been mostly unsuccessful in collecting damages despite winning in court. [ [http://www.qctimes.com/articles/2006/01/04/news/local/doc43bb692ac9e86281138542.txt Clinton Internet provider wins $11B suit against spammer] ] [ [http://www.bostonherald.com/business/general/view.bg?articleid=1013094&srvc=biz AOL gives up treasure hunt] ]
(ToS/AUP) of internet service providers (ISPs) and peer pressure. Even with a thousand users junk e-mail for advertising is not tenable, and with a million users it is not only impractical, [ [http://gandalf.home.digital.net/spamfaq.html alt.spam FAQ] ] but also expensive. [ [http://spam.abuse.net/overview/spambad.shtml Why is spam bad?] ] It is estimated that spam cost businesses on the order of $100 billion in 2007. [ [http://www.ferris.com/research-library/industry-statistics/ Ferris Research: Cost of Spam] ] As the scale of the spam problem has grown, ISPs and the public have turned to government for relief from spam, which has failed to materialize. [ [http://www.washingtonpost.com/ac2/wp-dyn/A17754-2003Mar12 Spam's Cost To Business Escalates] ]
Types of spam
Spam has several definitions, varying by the source.
*"Unsolicited bulk e-mail" (UBE)—unsolicited e-mail, sent in large quantities.
*"Unsolicited commercial e-mail" (UCE)—this more restrictive definition is used by regulators whose mandate is to regulate commerce, such as the U.S.
Federal Trade Commission.
*Any email message that is fraudulent.fact|date=July 2008
*Any email message where the sender’s identity is forged, or messages sent though unprotected SMTP servers, unauthorized proxies, or botnets (see Theft of service below).fact|date=July 2008
Many spam e-mails contain URLs to a website or websites. According to a Commtouch report in June 2004, "only five countries are hosting 99.68% of the global spammer websites", of which the foremost is China, hosting 73.58% of all web sites referred to within spam.cite press release |title=Commtouch Reports Spam Trends For First Half of 2004 |publisher=Commtouch Software Ltd. |date=2004-06-30 |url=http://www.commtouch.com/Site/News_Events/pr_content.asp?news_id=45&cat_id=1 |accessdate=2007-01-06 ]
Most common products advertised
According to information compiled by Spam-Filter-Review.com, E-mail spam for 2006 can be broken down as follows.cite web
title=Spam Statistics 2006
Rolexwatches and Viagra-type drugs are two common products advertised in spam e-mail. ["Say good bye to viagra, rolex and other unwanted bogus emails..." - http://www.spamsafemail.com/index.html] ["avalanche of Viagra ads and Rolex pitches" http://dir.salon.com/story/tech/feature/2005/01/19/microsoft_spam/index.html] ["recent upsurge in Rolex spam"http://www.well.com/conf/inkwell.vue/topics/236/Brian-McWilliams-Spam-Kings-page02.html] ["VIAGRA AND ROLEX WATCHES JUNK E-MAILS!" http://www.combat-diaries.co.uk/diary30/spam%20viagra,%20rolex.htm] .
Advance fee fraud spam such as the Nigerian "419" scam may be sent by a single individual from a cyber cafe in a developing country. Organized "spam gangs" operating from Russia or eastern Europe share many features in common with other forms of organized crime, including turf battles and revenge killings.cite news | author = Brett Forrest
title = The Sleazy Life and Nasty Death of Russia’s Spam King
url = http://www.wired.com/wired/archive/14.08/spamking_pr.html
work = Issue 14.08 | publisher = Wired Magazine
date = August 2006 | accessdate = 2007-01-05]
Spam is also a medium for fraudsters to scam users to enter personal information on fake Web sites using e-mail forged to look like it is from a bank or other organization such as
PayPal. This is known as "phishing".
Spam sent by well-known companies is sometimes called "mainsleaze". [cite web|url=http://www.catb.org/~esr/jargon/html/M/mainsleaze.html|title=mainsleaze|publisher=
Jargon File|accessdate=2007-06-04] A widely-known instance of spamming by a large corporation was Kraft Foods' marketing of its Gevaliacoffee brand. [cite web|url=http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/04-18-2005/0003433021&EDATE|title=Trouble Brewing for Kraft and Gevalia Over Coffee Spam|publisher= PR Newswire|date= 2005-04-18|accessdate=2007-06-02] Another more recent offender was the company iDate, which used e-mail harvesting directed at subscribers to the Quechupwebsite to spam their friends and contacts. [ [http://www.e-consultancy.com/news-blog/364182/social-network-launches-worldwide-spam-campaign.html Social network launches worldwide spam campaign] "E-consultancy.com", Accessed 10 September 2007]
Mainsleaze is all but non-existent, as well-known companies do not wish to be associated with spam. [ [http://www.twowriters.net/spam.htm When Spam Burns You: Why Unsolicited Bulk E-mail is Bad Business] (Also appears as a case study in Brown, Bruce C., "The Complete Guide to E-mail Marketing", 2007, ISBN 1601380429 pg. 58)]
If a marketer has one database containing names, addresses, and telephone numbers of prospective customers, they can pay to have their database matched against a database containing email addresses. If the database contains erroneous information, companies will send out unsolicited commercial email. To protect against this, e-mail should only be sent to users known to have subscribed, and should be verified through a double opt in procedure. Purchasing a list of e-mail addresses that match a list of names is almost guaranteed to create unhappy recipients. [ [http://www.cluelessmailers.org/articles/2008-01-19-gettingitwrong.html Getting it Wrong] ]
Sending spam violates the Acceptable Use Policy (AUP) of almost all Internet Service Providers. Providers vary in their willingness or ability to enforce their AUP. Some actively enforce their terms and terminate spammers' accounts without warning. Some ISPs lack adequate personnel or technical skills for enforcement, while others may be reluctant to enforce restrictive terms against profitable customers.
As the recipient directly bears the cost of delivery, storage, and processing, one could regard spam as the electronic equivalent of "postage-due" junk mail. Due to the low cost of sending unsolicited e-mail and the potential profit entailed, some believe that only strict legal enforcement can stop junk e-mail. The Coalition Against Unsolicited Commercial Email (CAUCE) argues "Today, much of the spam volume is sent by career criminals and malicious hackers who won't stop until they're all rounded up and put in jail." [ [http://cauce.org/archives/30-Spam-has-changed,-and-so-must-CAUCE.html CAUCE accessed July 13, 2007] ]
In the United States, most states enacted anti-spam laws, which have since been pre-empted by the
CAN-SPAM Act of 2003.
Spam is legally permissible according to the CAN-SPAM Act of 2003 provided it follows certain criteria: a truthful subject line; no false information in the technical headers or sender address; "conspicuous" display of the postal address of the sender; and other minor requirements. If the spam fails to comply with any of these requirements, then it is illegal. Aggravated or accelerated penalties apply if the spammer harvested the email addresses using methods described earlier.
A review of the effectiveness of CAN-SPAM in 2005 showed that the amount of sexually explicit spam had significantly decreased since 2003 and the total volume had begun to level off. [ [http://www.ftc.gov/reports/canspam05/051220canspamrpt.pdf Effectiveness and Enforcement of the CAN-SPAM Act] ] Senator Conrad Burns, a principle sponsor, noted that "Enforcement is key regarding the CAN-SPAM legislation." In 2004 less than 1% of spam complied with the CAN-SPAM Act of 2003. [ [http://www.pcworld.com/article/id,114287-page,1/article.html Is the CAN-SPAM Law Working?] ]
Several countries have passed laws that specifically target spam, notably
Australiaand all the countries of the European Union.
Article 13 of the
European Union Directive on Privacy and Electronic Communications(2002/58/EC) provides that the EUmember states shall take appropriate measures to ensure that unsolicited communications for the purposes of direct marketing are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications, the choice between these options to be determined by national legislation.
Australia, the relevant legislation is the Spam Act 2003which covers some types of e-mail and phone spam, which took effect on 11 April 2004. The Spam Act provides that "Unsolicited commercial electronic messages must not be sent," which is an "opt-in" requirement. This contrasts with the U.S. CAN-SPAM act, which is "opt-out" (i.e., companies are free to send spam until the recipient directs the sender not to). Penalties are up to 10,000 penalty units, or 2,000 penalty units for a person other than a body corporate.
Legislative efforts to curb spam have been ineffective or counter-productive. For example, the CAN-SPAM Act of 2003 requires that each message include a means to "opt out" (i.e., decline future e-mail from the same source). It is widely believed that responding to opt-out requests is unwise, as this merely confirms to the spammer that they have reached an active e-mail account. To the extent this is true, the CAN-SPAM Act's opt-out provisions are counter-productive in two ways: first, recipients who are aware of the potential risks of opting out will decline to do so; second, attempts to opt-out will provide spammers with useful information on their targets. A 2002 study by the Center for Democracy and Technology found that about 16% of web sites tested with opt-out requests continued to spam. [cite web|url=http://www.cdt.org/speech/spam/030319spamreport.shtml|title= Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report|publisher=
Center for Democracy and Technology|year=2003|month=March|accessdate=2007-06-05 (Only 31 sites were sampled, and the testing was done before CAN-SPAM was enacted.)]
Accessing privately owned computer resources without the owner's permission counts as illegal under
computer crimestatutes in most nations. Deliberate spreading of computer viruses is also illegal in the United Statesand elsewhere. Thus, some common behaviors of spammers are criminal regardless of the legality of spamming "per se". Even before the advent of laws specifically banning or regulating spamming, spammers were successfully prosecuted under computer fraud and abuse laws for wrongfully using others' computers.
The use of botnets can be perceived as theft. The spammer consumes a zombie owner's bandwidth and resources without any cost. In addition, spam is perceived as theft of services. The receiving SMTP servers consume significant amounts of system resources dealing with this unwanted traffic. As a result, service providers have to spend large amounts of money to make their systems capable of handling these amounts of email. Such costs are inevitably passed on to the service providers' customers. [ [http://public.findlaw.com/internet/internet-spam.html You've Got Spam] ]
Other laws, not only those related to spam, have been used to prosecute alleged spammers. For example,
Alan Ralskywas indicted on stock fraud charges in January 2008, and Robert Solowayplead guilty to charges of mail fraud, fraud in connection with electronic mail, and failing to file a tax return in March 2008. [ [http://seattletimes.nwsource.com/html/localnews/2004283998_spamking15m.html Seattle Times: "Spam king" pleads guilty to felony fraud] ]
Deception and fraud
Spammers may engage in deliberate
fraudto send out their messages. Spammers often use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. They also often use falsified or stolen credit cardnumbers to pay for these accounts. This allows them to move quickly from one account to the next as the host ISPs discover and shut down each one.
Senders may go to great lengths to conceal the origin of their messages. Large companies may hire another firm to send their messages so that complaints or blocking of email falls on a third party. Others engage in spoofing of e-mail addresses (much easier than
IP address spoofing). The e-mail protocol ( SMTP) has no authentication by default, so the spammer can pretend to originate a message apparently from any e-mail address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an e-mail originates.
Senders cannot completely spoof e-mail delivery chains (the 'Received' header), since the receiving mailserver records the actual connection from the last mailserver's IP address. To counter this, some spammers forge additional delivery headers to make it appear as if the e-mail had previously traversed many legitimate servers.
Spoofing can have serious consequences for legitimate e-mail users. Not only can their e-mail inboxes get clogged up with "undeliverable" e-mails in addition to volumes of spam, they can mistakenly be identified as a spammer. Not only may they receive irate e-mail from spam victims, but (if spam victims report the e-mail address owner to the ISP, for example) a naive ISP may terminate their service for spamming.
Theft of service
Spammers frequently seek out and make use of vulnerable third-party systems such as
open mail relays and open proxy servers. SMTP forwards mail from one server to another—mail servers that ISPs run commonly require some form of authenticationto ensure that the user is a customer of that ISP. Open relays, however, do not properly check who is using the mail server and pass all mail to the destination address, making it harder to track down spammers.
Increasingly, spammers use networks of malware-infected PCs (zombies) to send their spam. Zombie networks are also known as
Botnets (such zombifying malware is known as a "bot", short for robot). In June 2006, an estimated 80% of e-mail spam was sent by zombie PCs, an increase of 30% from the prior year. An estimated 55 billion e-mail spam were sent each day in June 2006, an increase of 25 billion per day from June 2005.cite press release |title=Spammers Continue Innovation: IronPort Study Shows Image-based Spam, Hit & Run, and Increased Volumes Latest Threat to Your Inbox |publisher=IronPort Systems, Inc. |date=2006-06-28 |url=http://www.ironport.com/company/ironport_pr_2006-06-28.html |accessdate=2007-01-05 ]
Statistics and estimates
The growth of e-mail spam
Spam is growing, with no signs of abating. The amount of spam users see in their mailboxes is just the tip of the iceberg, since spammers' lists often contain a large percentage of invalid addresses and many spam filters simply delete or reject "obvious spam".
In absolute numbers
*1978 - An e-mail spam advertising a DEC product presentation is sent by
Gary Thuerkto 600 addresses, which was all the users of that time's ARPANET, though software limitations meant only slightly more than half of the intended recipients actually received it.cite web
url = http://www.templetons.com/brad/spamreact.html
title = Reaction to the DEC Spam of 1978
author = Brad Templeton| authorlink=Brad Templeton
accessdate = 2007-01-21| date = Tue, 08 March 2005 08:30:08 GMT| publisher = Brad Templeton]
*2005 - (June) 30 billion per day
*2006 - (June) 55 billion per day
*2007 - (February) 90 billion per day
*2007 - (June) 100 billion per day [ [http://www.spamunit.com/spam-statistics/ Spam Statistics] ]
As a percentage of the total volume of e-mail
MAAWGestimates that 85% of incoming mail is "abusive email", as of the second half of 2007. The sample size for the MAAWG's study was over 100 million mailboxes.cite paper
title = Email Metrics Program: The Network Operators' Perspective
version = Report #7 – Third and Fourth Quarters 2007
publisher = Messaging Anti-Abuse Working Group
date = April 2008 | accessdate = 2008-05-08
url = http://www.maawg.org/about/MAAWG_2007-Q3-4_Metrics_Report.pdf | format = PDF] cite paper
title = Email Metrics Program: The Network Operators' Perspective
version = Report #1 — 4th Quarter 2005 Report
publisher = Messaging Anti-Abuse Working Group
date = March 2006 | accessdate = 2007-01-06
url = http://www.maawg.org/about/FINAL_4Q2005_Metrics_Report.pdf | format = PDF] cite paper
title = Email Metrics Program: The Network Operators' Perspective
version = Report #2 — 1st Quarter 2006
publisher = Messaging Anti-Abuse Working Group
date = June 2006 | accessdate = 2007-01-06
url = http://www.maawg.org/about/FINAL_1Q2006_Metrics_Report.pdf | format = PDF]
Spamhaus estimates that 90% of incoming email traffic is spam in
North America, Europeor Australasia. [ [http://www.spamhaus.org/effective_filtering.html Effective Spam Filtering (Spamhaus)] ]
Highest amount of spam received
Steve Ballmer, Microsoft founder Bill Gatesreceives four million e-mails per year, most of them spam.cite news
author = Staff | title = Bill Gates 'most spammed person'
url = http://news.bbc.co.uk/2/hi/business/4023667.stm | publisher = BBC News (bbc.co.uk)
date = 2004-11-18 | accessdate = 2007-01-06] (This was originally incorrectly reported as "per day".cite news
author = Mike Wendland
title = Ballmer checks out my spam problem
url = http://www.acme.com/mail_filtering/article_2.html
publisher = ACME Laboratories republication of article appearing in Detroit Free Press
date = 2004-12-02 | accessdate = 2007-01-06 "the date provided is for the original article; the date of revision for the republication is 8 June 2005; verification that content of the republication is the same as the original article is pending"] )
At the same time
Jef Poskanzer, owner of the domain name [http://acme.com/ acme.com] , was receiving over one million spam emails per day.cite web
url = http://www.acme.com/mail_filtering/
title = Mail Filtering
accessdate = 2007-01-06| author = Jef Poskanzer| date = 2006-05-15| publisher = ACME Laboratories]
Cost of spam
A 2004 survey estimated that lost productivity costs Internet users in the United States $21.58 billion annually, while another reported the cost at $17 billion, up from $11 billion in 2003. The worldwide productivity cost of spam is estimated to be $50 billion. [ [http://www.informationweek.com/story/showArticle.jhtml?articleID=59300834 Spam Costs Billions] ] On a worldwide basis, the IT cost of dealing with spam was estimated to rise from $20.5 billion in 2003, to $198 billion by 2007. [ [http://www.greencomputer.com/solutions/cost-of-spam.shtml The High Cost of Spam] ] An estimate of the percentage cost borne by the sender of marketing junk mail (snail mail) is 88%, whereas in 2001 (data may have changed) one spam was estimated to cost 0.10$ for the receiver and 0.00001$ (0.01% of the cost) for the sender. [ [http://www.clickz.com/showPage.html?page=1432751 Make Spammers Pay Before You Do] ]
Origin of spam
Origin or source of spam refers to the geographical location of the computer from which the spam is sent; it is not the country where the spammer resides, nor the country that hosts the spamvertised site.Due to the international nature of spam, the spammer, the hijacked spam-sending computer, the spamvertised server, and the user target of the spam are all often located in different countries. As much as 80% of spam received by Internet users in North America and Europe can be traced to fewer than 200 spammers. [ [http://www.spamhaus.org/rokso/index.lasso Register of Known Spam Operations (ROKSO)] ]
In terms of volume of spam: According to
Sophos, the major sources of spam in the first quarter of 2008 (January to March) were:cite press release
title=Sophos reveals 'Dirty Dozen' spam producing countries, August 2004
publisher=Sophos Plc |date=2004-08-24 |accessdate=2007-01-06
url=http://www.sophos.com/pressoffice/news/articles/2004/08/sa_dirtydozenaug04.html ] cite press release
title=Sophos reveals 'dirty dozen' spam relaying countries
publisher=Sophos Plc |date=2006-07-24 |accessdate=2007-01-06
url=http://www.sophos.com/pressoffice/news/articles/2006/07/dirtydozjul06.html] cite press release
title=Sophos research reveals dirty dozen spam-relaying nations
publisher=Sophos Plc |date=2007-04-11 |accessdate=2007-06-15
url=http://www.sophos.com/pressoffice/news/articles/2007/04/dirtydozapr07.html] cite press release
title=Sophos reveals 'Dirty Dozen' spam producing countries, July 2007
publisher=Sophos Plc |date=2007-07-18 |accessdate=2007-07-24
url=http://www.sophos.com/pressoffice/news/articles/2007/07/dirtydozjul07.html ] cite press release
title=Sophos reveals 'Dirty Dozen' spam producing countries for Q3 2007
publisher=Sophos Plc |date=2007-10-24 |accessdate=2007-11-09
url=http://www.sophos.com/pressoffice/news/articles/2007/10/dirtydozoct07.html ] cite press release
title=Sophos details dirty dozen spam-relaying countries for Q4 2007
publisher=Sophos Plc |date=2008-02-11 |accessdate=2008-02-12
url=http://www.sophos.com/pressoffice/news/articles/2008/02/dirtydozfeb08.html ] cite press release
title=Sophos details dirty dozen spam-relaying countries for Q1 2008
publisher=Sophos Plc |date=2008-04-14 |accessdate=2008-06-07
*The United States (the origin of 15.4% of spam messages, down from 21.3% in Q4)
*Russia (7.4%, down from 8.3%)
*Turkey (5.9%, up from 3.8%)
*China (5.5%, up from 4.2%)
*Brazil (4.3%, up from 4.0%)
When grouped by continents, spam comes mostly from:
*Asia (34.3%, up from 32.1%)
*Europe (30.7%, up from 27.1%)
*North America (18.9%, down from 26.5%)
*South America (14.2%, up from 12.5%)
In terms of number of IP addresses: The
Spamhaus Project(which measures spam sources in terms of number of IP addresses used for spamming, rather than volume of spam sent) ranks the top three as the United States, China, and Russia,cite web
url = http://www.spamhaus.org/statistics/countries.lasso
title = Spamhaus Statistics : The Top 10
accessdate = 2007-01-06| date = dynamic report
work = Spamhaus Blocklist (SBL) database| publisher = The Spamhaus Project Ltd.] followed by Japan, Canada, and South Korea.
In terms of networks: As of 5 June 2007, the three networks hosting the most spammers are
Verizon, AT&T, and VSNL International. Verizon inherited many of these spam sources from its acquisition of MCI, specifically through the UUNet subsidiary of MCI, which Verizon subsequently renamed Verizon Business.
Spam in culture
The often rambling and incomprehensible nature of spam has led to an underground culture, with video tribute on the Web site
You Tube, cartoons based on spam titles ( Spamusement!) as well as spam blogs such as [http://mypetspam.blogspot.com My Pet Spam] , [http://delightfulspam.blog.com Delightful Spam] and [http://www.spam-hunter.org The Spam Hunter Diaries] .
The U.S. Department of Energy
Computer Incident Advisory Capability(CIAC) has provided specific countermeasures against electronic mail spamming.cite web
url = http://www.ciac.org/ciac/bulletins/i-005c.shtml
title = I-005c: E-Mail Spamming countermeasures: Detection and prevention of E-Mail spamming
accessdate = 2007-01-06
author = Shawn Hernan
coauthors = James R. Cutler; David Harris
date = 1997-11-25
work = Computer Incident Advisory Capability Information Bulletins
publisher = United States Department of Energy]
Some popular methods for filtering and refusing spam include
e-mail filteringbased on the content of the e-mail, DNS-based blackhole lists ( DNSBL), greylisting, spamtraps, Enforcing technical requirements of e-mail (SMTP), checksumming systems to detect bulk email, and by putting some sort of cost on the sender via a Proof-of-work systemor a micropayment. Each method has strengths and weaknesses and each is controversial due to its weaknesses.
One method employed involves using a white list of email addresses. For example, the owner of the email account can set the server to only allow emails from senders that are in the owner's addressbook. This is often used in combination with methods to give new senders an opportunity to request inclusion in the owner's addressbook. For example:1. All email originating from senders not in the addressbook are sent an automatic response stating that their email has not reached the recipient (ie. the email account owner).2. The sender is given the option of sending the recipient an addressbook inclusion request via an online form.3. The online form includes a
captchato only allow requests from human (non-computer-automated) sources.4. If the recipient (account owner) approves the request, current and future email from the sender reaches the recipient with no further filtering.Yahoo dropped a similar feature from their webmail service in 2005.
Anti-spam techniques should not be employed on abuse@ email addresses, as is commonly the case. The result of this is that when people attempt to report spam to a host, the spam message is caught in the spam filter and the host remains unaware that their network is being exploited by spammers.
How spammers operate
Gathering of addresses
In order to send spam, spammers need to obtain the e-mail addresses of the intended recipients. To this end, both spammers themselves and "list merchants" gather huge lists of potential e-mail addresses. Since spam is, by definition, unsolicited, this "address harvesting" is done without the consent (and sometimes against the expressed will) of the address owners. As a consequence, spammers' address lists are inaccurate. A single spam run may target tens of millions of possible addresses — many of which are invalid, malformed, or undeliverable.
Sometimes, if the sent spam is "bounced" or sent back to the sender by various programs that eliminate spam, or if the recipient clicks on an unsubscribe link, that may cause that email address to be marked as "valid", which is interpreted by the spammer as "send me more".
Delivering spam messages
Internet users and
system administrators have deployed a vast array of techniques to block, filter, or otherwise banish spam from users' mailboxes. Almost all Internet service providers forbid the use of their services to send spam or to operate spam-support services. Both commercial firms and volunteers run subscriber services dedicated to blocking or filtering spam. [ [http://weis2006.econinfosec.org/docs/50.pdf Proof of Work can Work] ]
Using Webmail services
A common practice of spammers is to create accounts on free webmail services, such as
Hotmail, to send spam or to receive e-mailed responses from potential customers. Because of the amount of mail sent by spammers, they require several e-mail accounts, and use web bots to automate the creation of these accounts.
In an effort to cut down on this abuse, many of these services have adopted a system called the
captcha: users attempting to create a new account are presented with a graphic of a word, which uses a strange font, on a difficult to read background. Humans are able to read these graphics, and are required to enter the word to complete the application for a new account, while computers are unable to get accurate readings of the words using standard OCR techniques. Blind users of captchas typically get an audio sample.
Spammers have, however, found a means of circumventing this measure. Reportedly, they have set up sites offering free pornography: to get access to the site, a user displays a graphic from one of these webmail sites, and must enter the word. Once the bot has successfully created the account, the user gains access to the pornographic material. [ [http://www.silicon.com/research/specialreports/thespamreport/0,39025001,39120541,00.htm Spammers turn to free porn to beat Hotmail security] ] Furthermore, standard image processing techniques work well against many captchas. [ [http://books.nips.cc/papers/files/nips17/NIPS2004_0843.pdf Using Machine Learning to Break Visual Human Interaction Proofs (HIPs)] ]
Using other people's computers
Early on, spammers discovered that if they sent large quantities of spam directly from their ISP accounts, recipients would complain and ISPs would shut their accounts down. Thus, one of the basic techniques of sending spam has become to send it from someone else's computer and network connection. By doing this, spammers protect themselves in several ways: they hide their tracks, get others' systems to do most of the work of delivering messages, and direct the efforts of investigators towards the other systems rather than the spammers themselves. The increasing broadband usage gave rise to a great number of computers that are online as long as they are turned on, and whose owners do not always take steps to protect them from
malware. A botnetconsisting of several hundred compromised machines can effortlessly churn out millions of messages per day. This also complicates the tracing of spammers.
In the 1990s, the most common way spammers did this was to use
open mail relays. An open relay is an MTA, or mail server, which is configured to pass along messages sent to it from "any" location, to "any" recipient. In the original SMTPmail architecture, this was the default behavior: a user could send mail to practically any mail server, which would pass it along towards the intended recipient's mail server.
The standard was written in an era before spamming when there were few hosts on the internet, and those on the internet abided by a certain level of conduct. While this cooperative, open approach was useful in ensuring that mail was delivered, it was vulnerable to abuse by spammers. Spammers could forward batches of spam through open relays, leaving the job of delivering the messages up to the relays.
In response, mail system administrators concerned about spam began to demand that other mail operators configure MTAs to cease being open relays. The first
DNSBLs, such as [http://www.mail-abuse.org/rbl/ MAPS RBL] and the now-defunct ORBS, aimed chiefly at allowing mail sites to refuse mail from known open relays. By 2003 less than 1% of corporate mail servers were available as open relays, down from 91% in 1997. [ [http://www.theregister.co.uk/2003/06/12/open_relay_spam_is_dying/ Open relay spam is ‘dying out’] ]
Within a few years, open relays became rare and spammers resorted to other tactics, most prominently the use of open proxies. A proxy is a network service for making indirect connections to other network services. The client connects to the proxy and instructs it to connect to a server. The server perceives an incoming connection from the proxy, not the original client. Proxies have many purposes, including Web-page caching, protection of privacy, filtering of Web content, and selectively bypassing firewalls. [ [http://www.ftc.gov/bcp/conline/pubs/buspubs/secureyourserver.shtm Securing Your Server: Shut the Door on Spam] ]
An "open" proxy is one which will create connections for "any" client to "any" server, without authentication. Like open relays, open proxies were once relatively common, as many administrators did not see a need to restrict access to them.
A spammer can direct an open proxy to connect to a mail server, and send spam through it. The mail server logs a connection from the proxy -- not the spammer's own computer. This provides an even greater degree of concealment for the spammer than an open relay, since most relays log the client address in the headers of messages they pass. Open proxies have also been used to conceal the sources of attacks against other services besides mail, such as Web sites or IRC servers.
Besides relays and proxies, spammers have used other insecure services to send spam. One example is FormMail.pl, a CGI script to allow Web-site users to send e-mail feedback from an HTML form. [cite web|url=http://www.scriptarchive.com/formmail.html|title=Matt's Script Archive: FormMail|date=
2002-04-19|author=Wright, Matt|accessdate=2007-06-07] Several versions of this program, and others like it, allowed the user to redirect e-mail to arbitrary addresses. Spam sent through open FormMail scripts is frequently marked by the program's characteristic opening line: "Below is the result of your feedback form."
As spam from proxies and other "spammable" resources grew, DNSBL operators started listing their IP addresses, as well as open relays.
In 2003, spam investigators saw a radical change in the way spammers sent spam. Rather than searching the global network for exploitable services such as open relays and proxies, spammers began creating "services" of their own. By commissioning
computer viruses designed to deploy proxies and other spam-sending tools, spammers could harness hundreds of thousands of end-user computers. The widespread change from Windows 9xto Windows XPfor many home computers, which started in early 2002 and was well under way by 2003, greatly accelerated the use of home computers to act as remotely-controlled spam proxies. The original version of Windows XP as well as XP-SP1 had several major vulnerabilities that allowed the machines to be compromised over a network connection without requiring actions on the part of the user or owner. [ [http://www.techweb.com/wire/security/170101847 Another Windows Bug Open To Zotob-Like Attacks] ] While Windows 2000had similar vulnerabilities, that operating system was never widely used on home computers.
Most of the major Windows e-mail viruses of 2003, including the
Sobigand Mimailvirus families, functioned as spammer viruses: viruses designed expressly to make infected computers available as spamming tools.cite news
author = Staff | title = Spammer blamed for SoBig.F virus
url = http://www.cnn.com/2003/TECH/internet/08/22/sobig.culprit/
publisher = CNN | date = 2003-08-22 | accessdate = 2007-01-06] cite news
author = Paul Roberts | title = New trojan peddles porn while you work
url = http://www.infoworld.com/article/03/07/11/HNtorjanpeddle_1.html
publisher = InfoWorld | date = 2003-07-11 | accessdate = 2007-01-06]
Besides sending spam, spammer viruses serve spammers in other ways. Beginning in July 2003, spammers started using some of these same viruses to perpetrate
distributed denial-of-service(DDoS) attacks upon DNSBLs and other anti-spam resources.cite press release |title=Spammers Release Virus to Attack |publisher=The Spamhaus Project Ltd. |date=2003-11-02 |url=http://www.spamhaus.org/news.lasso?article=13 |accessdate=2007-01-06 ] Although this was by no means the first time that illegal attacks have been used against anti-spam sites, it was perhaps the first wave of "effective" attacks.
In August of that year, engineering company Osirusoft ceased providing DNSBL mirrors of the
SPEWSand other blocklists, after several days of unceasing attack from virus-infected hosts.cite news
author = Patrick Gray
title = Osirusoft 'closes doors' after crippling DDoS attacks
url = http://www.zdnet.com.au/news/communications/soa/Osirusoft_closes_doors_after_crippling_DDoS_attacks/0,130061791,120277794,00.htm
publisher = ZDNet Australia | date = 2003-08-27 | accessdate = 2007-01-06] The very next month, DNSBL operator Monkeys.com succumbed to the attacks as well.cite press release |title=MONKEYS.COM: Now retired from spam fighting |publisher=DNSbl |date=2003-09-22 |url=http://www.dnsbl.info/forums/topic.asp?TOPIC_ID=12 |format=Blog |accessdate=2007-01-06 ] Other DNSBL operators, such as Spamhaus, have deployed global mirroring and other anti-DDoS methods to resist these attacks.
Zombie networks are particularly active in North America where about half of the Internet users are on a broadband connection and many leave their computers on all the time. In January, 2008, 8% of all e-mail spam was sent by the
Storm botnet, created by the Storm Worm, first released in January, 2007. [ [http://www.sophos.com/pressoffice/news/articles/2008/01/love-storm.html Don't fall in love with the Storm Trojan horse, advises Sophos] retrieved 18 January 2008] It is estimated that as many as 1 million or more computers have been infected and their owners are unwilling and unknowing participants.
Obfuscating message content
Many spam-filtering techniques work by searching for patterns in the headers or bodies of messages. For instance, a user may decide that all e-mail they receive with the word "
Viagra" in the subject line is spam, and instruct their mail program to automatically delete all such messages. To defeat such filters, the spammer may intentionally misspell commonly-filtered words or insert other characters, as in the following examples:
The principle of this method is to leave the word readable to humans (who can easily recognize the intended word for such misspellings), but not likely to be recognized by a literal computer program. This is only somewhat effective, because modern filter patterns have been designed to recognize blacklisted terms in the various iterations of misspelling. Other filters target the actual obfuscation methods; such as the non-standard use of punctuation or numerals into unusual places, for example: within in a word.
(Note: Using most common variations, it is possible to spell "Viagra" in over 1.3 * 1021 ways.cite web
url = http://cockeyed.com/lessons/viagra/viagra.html
title = There are 600,426,974,379,824,381,952 ways to spell Viagra
accessdate = 2007-01-06| date = 2004-04-07| publisher = cockeyed.com] )
HTML-based e-mail gives the spammer more tools to obfuscate text. Inserting HTML comments b etwe en letters can foil some filters, as can including text made invisible by setting the font color to white on a white background, or shrinking the font size to the smallest fine print.
Another common ploy involves presenting the text as an image, which is either sent along or loaded from a remote server. This can be foiled by not permitting an e-mail-program to load images.
As Bayesian filtering has become popular as a spam-filtering technique, spammers have started using methods to weaken it. To a rough approximation, Bayesian filters rely on word probabilities. If a message contains many words which are only used in spam, and few which are never used in spam, it is likely to be spam. To weaken Bayesian filters, some spammers, alongside the sales pitch, now include lines of irrelevant, random words, in a technique known as
Bayesian poisoning. A variant on this tactic may be borrowed from the Usenet abuser known as "Hipcrime" -- to include passages from books taken from Project Gutenberg, or nonsense sentences generated with " dissociated press" algorithms. Randomly generated phrases can create spoetry(spam poetry) or spam art.
After these nonsense subject lines were recognized as spam, the next trend in spam subjects started:
Biblicalpassages. A program much like Mark V Shaneyis fed Biblepassages and chops them up into segments. The reasoning is that this text, often very different from the writing style of today such as the King James Version, will confuse both humans and spam filters.
However, as many or most Bayesian filtering programs only use the most spam-like and least spam-like words for deciding whether an email is spam or not; injecting extra non-spam related words means that these extra words do not correlate well with spam, and so do not usually affect the result. However, they do decrease the effectiveness "slightly", which, for spammers can make a significant percentage difference in the number of users actually seeing their spam.
Another method used to masquerade spam as legitimate messages is the use of autogenerated sender names in the From: field, ranging from realistic ones such as "Jackie F. Bird" to (either by mistake or intentionally) bizarre attention-grabbing names such as "Sloppiest U. Epiglottis" or "Attentively E. Behavioral". Return addresses are also routinely auto-generated, often using unsuspecting domain owners' legitimate domain names, leading some users to blame the innocent domain owners. Blocking lists use ip addresses rather than sender domain names, as these are more accurate. A mail purporting to be from example.com can be seen to be faked by looking for the originating ip address in the mails header, and
Sender Policy Frameworkfor example helps by stating that example.com will only send email from xx.xx.xx.xx ip.
Spam can also be hidden inside a fake "Undelivered mail notification" which looks like the failure notices sent by a
mail transfer agent(a "MAILER-DAEMON") when it encounters an error.
A number of other online activities and business practices are considered by anti-spam activists to be connected to spamming. These are sometimes termed spam-support services: business services, other than the actual sending of spam itself, which permit the spammer to continue operating. Spam-support services can include processing orders for goods advertised in spam, hosting Web sites or DNS records referenced in spam messages, or a number of specific services as follows:
Some Internet hosting firms advertise bulk-friendly or bulletproof hosting. This means that, unlike most ISPs, they will not terminate a customer for spamming. These hosting firms operate as clients of larger ISPs, and many have eventually been taken offline by these larger ISPs as a result of complaints regarding spam activity. Thus, while a firm may advertise bulletproof hosting, it is ultimately unable to deliver without the connivance of its upstream ISP. However, some spammers have managed to get what is called a
pink contract(see below) — a contract with the ISP that allows them to spam without being disconnected.
A few companies produce
spamware, or software designed for spammers. Spamware varies widely, but may include the ability to import thousands of addresses, to generate random addresses, to insert fraudulent headers into messages, to use dozens or hundreds of mail servers simultaneously, and to make use of open relays. The sale of spamware is illegal in eight U.S. states.cite web
url = http://www.spamsites.org/
title = Spamware vendor list | publisher=spamsites.org
accessdate = 2007-01-06| date = 2005-07-08| author = Sapient Fridge] cite web
url = http://www.spamhaus.org/sbl/policy.html
title = SBL Policy & Listing Criteria
accessdate = 2007-01-06| date = 2006-12-22| publisher = The Spamhaus Project Ltd. "original location was http://www.spamhaus.org/sbl/sbl-rationale.html; the referenced page is an auto-redirect target from the original location"] cite paper
title = Spamware - Email Address Harvesting Tools and Anonymous Bulk Emailing Software
publisher = MX Logic (abstract hosted by bitpipe.com)
date = 2004-10-01
url = http://www.bitpipe.com/detail/RES/1097086148_134.html
accessdate = 2007-01-06 "the link here is to an abstract of a white paper; registration with the authoring organization is required to obtain the full white paper"]
So-called millions CDs are commonly advertised in spam. These are
CD-ROMs purportedly containing lists of e-mail addresses, for use in sending spam to these addresses. Such lists are also sold directly online, frequently with the false claim that the owners of the listed addresses have requested (or "opted in") to be included. Such lists often contain invalid addresses. In recent years, these have fallen almost entirely out of use due to the low quality e-mail addresses available on them, and because some e-mail lists exceed 20GB in size. The amount you can fit on a CD is no longer substantial.
A number of
DNSBLs, including the MAPS RBL, Spamhaus SBL, SORBS and SPEWS, target the providers of spam-support services as well as spammers. DNSBLs blacklist IPs or ranges of IPs to persuade ISPs to terminate services with known customers who are spammers or resell to spammers.
;Unsolicited bulk e-mail (UBE):A synonym for e-mail spam.;Unsolicited commercial e-mail (UCE):Spam promoting a commercial service or product. This is the most common type of spam, but it excludes spam which are hoaxes (e.g. virus warnings), political advocacy, religious messages and
chain letters sent by a person to many other people. The term UCE may be most common in the USA. cite web
url = http://www.caube.org.au/whatis.htm| title = Definitions of Words We Use| accessdate = 2007-01-06
publisher = Coalition Against Unsolicited Bulk Email, Australia] ;Pink contract:A
pink contractis a service contract offered by an ISP which offers bulk e-mail service to spamming clients, in violation of that ISP's publicly posted acceptable use policy.;Spamvertising: Spamvertisingis advertising through the medium of spam.;Opt-in, confirmed opt-in, double opt-in, opt-out:Opt-in, confirmed opt-in, double opt-in, opt-out refers to whether the people on a mailing list are given the option to be put in, or taken out, of the list.;Final, Ultimate Solution for the Spam Problem (FUSSP):An ironic reference to naïvedevelopers who believe they have invented the perfect spam filter, which will stop all spam from reaching users' inboxes while accidentally deleting no legitimate email. [ [http://www.rhyolite.com/anti-spam/you-might-be.html Vernon Schryver: You Might Be An Anti-Spam Kook If...] ] [ [http://richi.co.uk/blog/2006/04/tips-for-your-new-anti-spam-idea.html Tips for your new anti-spam idea] ] ;Bacn:Bacn is a rarely used term to refer to e-mail sent to a user who at one time subscribed to a mailing list - not unsolicited, but also not personal.
In the news
In May, 2004,
Howard Carmackof Buffalo, New Yorkwas sentenced to 3 1/2 to 7 years for sending 800 million messages, using stolen identities. In May 2003 he also lost a $16 million civil lawsuit to Earthlink. [ [http://www.pcworld.com/article/id,116307-page,1/article.html Buffalo Spammer Sentenced to Prison] ]
September 27, 2004, Nicholas Tombros plead guilty to charges and became the first spammer to be convicted under the CAN-SPAM Act of 2003. [ [http://news.zdnet.co.uk/security/0,1000000189,39168660,00.htm 'Wardriver' first to be convicted under US anti-spam law] , Richard Shim, CNETNews.com, October 1, 2004] He was sentenced in July 2007 to three years probation, six months house arrest, and fined $10,000. [ [http://www.informationweek.com/story/showArticle.jhtml?articleID=201202305 War-Driving Pornographic Spammer Escapes Jail Time] ]
November 4, 2004, Jeremy Jaynes, rated the 8th most prolific spammer in the world according to Spamhaus, was convicted of three felony charges of using servers in Virginiato send thousands of fraudulent e-mails. The court recommended a sentence of nine years' imprisonment, which was imposed in April 2005 although the start of the sentence was deferred pending appeals. Jaynes claimed to have an income of $750,000 a month from his spamming activities. On February 29, 2008the Supreme Court of Virginiaaffirmed his conviction. [ [http://www.courts.state.va.us/opinions/opnscvwp/1062388.pdf Court Opinion] ]
November 8, 2004, Nick Marinellis of Sydney, Australia, was sentenced to 4 1/3 to 5 1/4 years for sending Nigerian 419 e-mails. [ [http://www.theregister.co.uk/2004/11/08/aussie_419er_jailed/ Nigerian 419 Scam Spammer Sentenced to Five Years in Prison] ]
December 31, 2004, British authorities arrested Christopher Pierson in Lincolnshire, UK and charged him with malicious communication and causing a public nuisance. On January 3, 2005, he pleaded guilty to sending hoax e-mails to relatives of people missing following the Asian tsunamidisaster.
July 25, 2005, Russian spammer Vardan Kushnir, who is believed to have spammed every single Russian internet user, was found dead in his Moscow apartment, having suffered numerous blunt-force blows to the head. It is believed that Kushnir's murder was unrelated to his spamming activities.cite news
title = Russia’s Biggest Spammer Brutally Murdered in Apartment
url = http://mosnews.com/news/2005/07/25/spammerdead.shtml
publisher = MOSNEWS.com | date = 2005-07-25 | accessdate = 2007-01-06]
November 1, 2005, David Levi, 29, of Lytham, England was sentenced to four years for conspiracy to defraud by sending e-mails pretending to be from eBay, his brother Guy Levi, 22, was sentenced to 21 months after pleading guilty to conspiracy to defraud, and four others were each sentenced to six months for money laundering. [ [http://www.eastvalleytribune.com/story/52076 Man is sentenced in phishing fraud] accessed 17 October 2007]
November 16, 2005, Peter Francis-Macraeof Cambridgeshire, described as Britain's most prolific spammer, was sentenced to six years in prison. [ [http://news.zdnet.com/2100-1009_22-5958081.html U.K. spammer sentenced to 6 years] ]
In January, 2006, James McCalla was ordered to pay $11.2 Billion to an ISP in Iowa and barred from using the Internet for 3 years for sending 280 million e-mail messages. [ [http://www.browardpalmbeach.com/2006-05-11/news/the-11-billion-man/ The $11 Billion Man] ]
June 28, 2006, IronPort released a study which found 80% of spam emails originating from zombie computers. The report also found 55 billion daily spam emails in June 2006, a large increase from 35 billion daily spam emails in June 2005. The study used SenderData which represents 25% of global email traffic and data from over 100,000 ISP's, universities, and corporations.
August 8, 2006, AOLannounced the intention of digging up the garden of the parents of spammer Davis Wolfgang Hawkein search of buried gold and platinum. [cite news
author = Colin Barker
title = AOL goes digging for spammer's gold
url = http://news.com.com/AOL+goes+digging+for+spammers+gold/2100-1030_3-6106230.html
publisher = CNET Networks | date = 2006-08-16 | accessdate = 2007-01-06] AOL had been awarded a US$ 12.8 million judgment in May 2005 against Hawke, who had gone into hiding. The permission for the search was granted by a judge after AOL proved that the spammer had bought large amounts of gold and platinum.cite news
author = Associated Press
title = AOL to dig for gold at home of spammer’s folks
url = http://www.msnbc.msn.com/id/14365934/
publisher = MSNBC | date = 2006-08-15 | accessdate = 2007-01-06 "the original link, http://www.businessweek.com/ap/tech/D8JH5OI80.htm, has expired" ] In July, 2007 AOL decided not to proceed. [ [http://www.bostonherald.com/business/general/view.bg?articleid=1013094&srvc=biz AOL gives up treasure hunt] ]
October 12, 2006, Brian Michael McMullen, 22, of East Pittsburgh, Pennsylvaniawas sentenced to three years supervised release, five months home detention and ordered to pay restitution in the amount of $11,848.55 for violating the CAN-SPAM Act of 2003. [ [http://www.usdoj.gov/usao/paw/pr/2006_october/2006_10_12_4.html SPAMMER SENTENCED TO FIVE MONTHS AT CONFINEMENT CENTER] ]
October 27, 2006, the Federal Court of Australiafined Clarity1 A$4.5 million (US$3.4 million; euro2.7 million) and its director Wayne MansfieldA$1 million (US$760,000; euro600,000) for sending unsolicited e-mails in the first conviction under Australia's Spam Act of 2003. [ [http://www.theage.com.au/news/Technology/Australian-business-fined-over-spam-emails/2006/10/27/1161749298339.html Australian business fined over spam e-mails] ]
In November, 2006
Christopher William Smith(aka Chris "Rizler" Smith) was convicted on 9 counts for offenses related to Smith's spamming.
January 16, 2007, an Azusa, Californiaman was convicted by a jury in United StatesDistrict Court in Los Angelesin "United States v. Goodin, U.S. District Court, Central District of California, 06-110", under the CAN-SPAM Act of 2003(the first conviction under that Act). [cite news
author = Edvard Pettersson
title = California Man Guilty of Defrauding AOL Subscribers, U.S. Says
url = http://www.bloomberg.com/apps/news?pid=newsarchive&sid=a3ukhOXubw3Y
publisher = Bloomberg.com | date =
2006-01-16| accessdate = 2007-01-22] He was sentenced to and began serving a 70 month sentence on June 11, 2007. [ [http://www.informationweek.com/management/showArticle.jhtml?articleID=199903450&cid=RSSfeed_TechWeb California Man Gets 6-Year Sentence For Phishing] ]
May 30, 2007, notorious spammer , Robert Soloway reached an agreement with federal prosecutors, two weeks before his scheduled trial on 40 charges. Soloway pleaded guilty to three charges — felony mail fraud, fraud in connection with e-mail, and failing to file a 2005 tax return. [cite web
title='Spam king' pleads guilty to felony fraud
Seattle Times] In exchange, federal prosecutors dropped all other charges. Soloway faced up to 26 years in prison on the most serious charge, and up to $625,000 total in fines. On 22 July 2008Robert Soloway was sentenced four years in federal prison, a ruling that sends a message to other spammers and online criminals. [cite web
title=Top Spammer Sentenced to Nearly Four Years
June 25, 2007two men were each convicted on eight counts including conspiracy, fraud, money laundering, and transportation of obscene materials in U.S. District Courtin Phoenix, Arizona. The prosecution is the first of its kind under the CAN-SPAM Act of 2003, according to a release from the Department of Justice. [ [http://www.usdoj.gov/opa/pr/2007/June/07_crm_453.html Jury Convicts Two Men for Running International Pornographic Spamming Business] ] One count for each under the act was for falsifying headers, the other was for using domain names registered with false information. The two had been sending millions of hard-core pornography spam e-mails. [ [http://www.informationweek.com/news/showArticle.jhtml?articleID=200000756 Two Men Convicted Of Spamming Pornography] Accessed on 26 June 2007] The two men were sentenced to five years in prison and ordered to forfeit US$ 1.3 million. [cite news|author=Tracy McVeigh|title=Porn spammers jailed for five years|publisher= Guardian Unlimited|url=http://www.guardian.co.uk/technology/2007/oct/14/internet.crime|date= 2007-10-14|accessdate=2007-10-14]
July 24: Eddie Davidsonwalked away from a federal prison camp in Florence, Coloradoon July 20 2008. He was subsequently found dead in Arapahoe County, Colorado, after reportedly killing his wife and three-year-old daughter, in an apparent murder-suicide. [ [http://abcnews.go.com/TheLaw/wireStory?id=5445883 Prosecutor: Escaped Colorado convict, wife and daughter found dead in apparent murder-suicide] ] August 19: A survey on Marshall Limited's website showed that 29.1% of the 622 respondents had bought something from a spam email. [http://www.marshal.com/pages/newsitem.asp?article=748] Other studies, one by Forrester Research in 2004, which surveyed 6,000 active Web users, reported 20 percent had bought something from spam, while a 2005 study by Mirapoint and the Radicati Group showed 11%, and 57% indicated that clicking on a link in spam caused them to receive more spam than before. [ [http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=165701785 Spam Prompts 11% Of Computer Users To Buy] ] A 2007 study by Endai Worldwide (an e-mail marketing company) showed 16% had bought something from spam. [ [http://blogs.wsj.com/biztech/2007/12/12/blame-spam-fans-for-junk-email/ Blame Spam Fans for Junk Email] ] In response to the Marshall study, the Download Squad started their own study. With 289 respondents, only 2.1% indicated they had ever bought something from a spam e-mail. [ [http://www.downloadsquad.com/2008/08/20/survey-people-buy-from-spam-email/ Survey] ]
Image spam is an obfuscating method in which the text of the message is stored as a
GIFor JPEGimage and displayed in the email. This prevents text based spam filters from detecting and blocking spam messages. Image spam is currently used largely to advertise " pump and dump" stocks.cite news
author = Eric B. Parizo
title = Image spam paints a troubling picture
url = http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1204126,00.html
publisher = SearchSecurity.com | date = 2006-07-26 | accessdate = 2007-01-06]
Often, image spam contains nonsensical, computer-generated text which simply annoys the reader. However, new technology in some programs try to read the images by attempting to find text in these images. They are not very accurate, and sometimes filter out innocent images of products like a box that has words on it.
A newer technique, however, is to use an animated GIF image that does not contain clear text in its initial frame, or to contort the shapes of letters in the image (as in
CAPTCHA) to avoid detection by OCR tools.
Blank spam is spam lacking a payload advertisement. Often the message body is missing altogether, as well as the subject line. Still, it fits the definition of spam because of its nature as bulk and unsolicited email.
Blank spam may be originated in different ways, either intentional or unintentionally:
# Blank spam can have been sent in a
directory harvest attack, a form of dictionary attackfor gathering valid addresses from an email service provider. Since the goal in such an attack is to use the bounces to separate invalid addresses from the valid ones, the spammer may dispense with most elements of the header and the entire message body, and still accomplish his or her goals.
# Blank spam may also occur when a spammer forgets or otherwise fails to add the payload when he or she sets up the spam run.
# Often blank spam headers appear truncated, suggesting that computer glitches may have contributed to this problem—from poorly-written spam software to shoddy relay servers, or any problems that may truncate header lines from the message body.
# Some spam may appear to be blank when in fact it is not. An example of this is the [http://www.symantec.com/security_response/writeup.jsp?docid=2001-020713-3220-99 VBS.Davinia.B email worm] which propagates through messages that have no subject line and appears blank, when in fact it uses HTML code to download other files.
Make money fast, the infamous Dave Rhodes chain letter that jumped to e-mail.
Disposable e-mail address
Anti-spam techniques (e-mail)
Integration of anti-spam techniques into MTAs
*Pump and dump stock fraud
Direct Marketing Associations
E-mail address harvesting
Stopping e-mail abuse
Web data extractor
* Spam info
** [http://www.spamhelp.org SpamHelp.org]
** [http://spam.abuse.net Spam.Abuse.Net]
** [http://www.online-spamsolutions.com Online Spam Solutions outlined]
* Spam reports
** [http://www.barracudacentral.com/index.cgi?p=spam Worldwide Email Threat Activity]
* Media sites, with current news on Spam e-mail
** [http://www.ftc.gov/bcp/edu/multimedia/ecards/phishing/index.html What is spam Interesting animation]
** [http://spamlinks.net/filter-bl.htm Spam Links Blacklist]
** [http://www.spamhelp.org/spamnews.php SpamHelp Spam news]
* Government reports and industry white papers
** [http://www.cdt.org/speech/spam/030319spamreport.shtml "Unsolicited Commercial E-mail Research Six Month Report"] by Center for Democracy & Technology
** [http://www.ftc.gov/opa/2005/11/spamharvest.pdf "Email Address Harvesting and the Effectiveness of Anti-SPAM Filters"] by US FTC, Retrieved on 13-Oct-2007.
** [http://library.findlaw.com/2003/Aug/8/132973.pdf "Email Address Harvesting: How Spammers Reap What You Sow"] by the US FTC. Retrieved on 13-Oct-2007
** [http://www.eff.org/spam/ The Electronic Frontier Foundation's spam page] which contains legislation, analysis and litigation histories
* from the author of
Pegasus Mail& Mercury Mail Transport System- David Harris
** [http://www.pegasusmail.tk/upload/SPAM_white_paper.pdf "Spam White Paper - Drowning in Sewage"]
Wikimedia Foundation. 2010.