Knowledge Base Article Archive
January 2004
Spam, Spam, Spam...
Part I: The Nature of Spam E-mail
Every day millions of people receive dozens of unsolicited commercial e-mails (UCE’s) or more popularly known as “spam”. Some recipients view spam as a nothing more than a minor irritation, while others are so deluged with spam that they are forced to switch e-mail addresses on a regular basis.
Spam is e-mail that is generally commercial in nature in that it advertises some product or service that is more often than not low quality and many times quite fraudulent. Many porn sites use spam to attract subscribers to their “product”. Above all spam is e-mail that that is unsolicited that you didn’t ask to receive, nor did you do any sort of business with them in the past. For example, an e-mail from someone you’ve never heard of proclaiming “A great Investment Opportunity” is spam, while a special offer from e-Bay where you have a legitimate account is probably not. Any legitimate online retailer will stop sending you promotional material if you request that they do not send you anything in the future, while spammers will use such requests to increase their mailing lists because you have just confirmed that they have a valid e-mail address.
Spammers add the ultimate insult to recipients because it is the recipient who foots the bill for receiving spams through fees paid to their service provider. Anyone who would use spam advertising to promote a business or product by making customers pay to receive the ad is not only unscrupulous, but also dishonest.
A study released in July of 2003 reported that spam costs businesses an average of $874 per employee in lost productivity due to time spent cleaning out their e-mail every day. For the average Internet user it means the ruin of a useful tool and convenient means of communication.
The sheer volumes of spam that is generated and received makes one wonder; how do these people get my e-mail address?
Firstly it is important to understand that spammers generally do not get your address from a distribution list of legitimate online businesses or publications. Currently, it’s a very rare mailing list that is completely unsecured. Most legitimate online businesses use high-quality distribution software that is very secure. Of course, the key word here is “legitimate”. If you’re not sure, check the company’s web site for a privacy policy. Most will clearly state that mailing lists and individual addresses are treated as confidential and will not be sold or distributed to anybody under any circumstances.
So that leads us to the question of the day, where do they get my address? The primary source used to be posts on Usenet newsgroups, online discussion groups or bulletin boards where one would post their message along with their e-mail address for anyone to respond to, and of course, for the whole world to see. These e-mail addresses would obviously be a great harvesting ground for spammers to build their databases. The most common method today is to get e-mail addresses from web sites. If your address is anywhere on a web site, you can bet at some point it will end up on a spammers mailing list. This is an especially efficient method if your site is listed on a search engine. Once this happens the floodgates will open and you will be deluged by their electronic junk mail. The sad part of it is, that it can happen rather quickly due to the sophistication of the software the spammers use for capturing e-mail addresses.
Spammers collect or “harvest” new addresses by going to web sites via specialized software and scanning for e-mail addresses located anywhere within the site. The spammer can ask to scan the Internet for any web page containing a particular keyword, and the software will grab any e-mail address it finds. It’s not uncommon for the process to collect thousands of addresses in a matter of minutes. The premise is that advertising will be directed to those that may have an interest in whatever the keyword denotes. The reality is that spammers really don’t care if there is an interest at all; their goal is to transmit their “advertising” to as many people as possible banking on the probability that someone out there will be foolish enough to respond and even more foolish to send money to them. The sad part is that they could care less how many people they offend or inconvenience in the process.
What if you’ve been careful never to use your e-mail address on a web page or never been part of a news group or any other public site and you still get spam? There are a couple of ways that your address may have found it way into a spammers distribution list:
- You have an e-mail account with Hotmail, Yahoo, Netscape or the like and it used to belong to someone else. At the time it may have seemed that you got this really neat address and username. Unfortunately the previous owner thought the same thing until the flood of spam started and the address had to be abandoned. Now you are getting spammed at the same address.
- Spammers often use the “dictionary approach”. They will log on to a server and send to a mailbox starting with the letter “A”. If this is successful, they move on to “AA’, or “B” and so on using any word or combination of letters that is in their “dictionary”. The scary part is that it’s all automated, and therefore very rapid. Even though the address has never been listed anywhere and isn’t in any web site, all of a sudden here comes the mail! Sites don’t have to be large ones such as Hotmail; even the small personal sites aren’t immune to such attacks.
A more invasive source for addresses is in messages that you send to well-meaning friends that have a propensity to forward your message on to large groups. This is particularly popular for those who love to share a good joke or story with others, and one of those others happens to be a spammer or collector for a spammer. E-mail addresses are quite easily culled from distribution lists in the header of such forwards. One of the most obvious pitfalls is a web page that requests that you enter your e-mail address in the appropriate box if you want to be put on a “do not mail” list”. While this may seem like an open invitation to get on someone’s mailing list, people do fall for this, and this list is compiled and sold to the very people you don’t want to get mail from. This is an obvious statement on the ethics of spammers. All they care about is getting your money and nothing else. This is yet another sad fact that as careful as you may be, you can still make it on to spam lists and once there you can never get off.
Spam distribution lists are often collected by companies called List Merchants (or spammers themselves) that specialize in harvesting e-mail addresses, who compile the lists and then sell them to other spammers. So even if you manage to get off one list, chances are that you will be on many others. The bottom line is that if you are getting spam now, you will get spam at that address as long as you have it.
In conclusion:
There are a number of things you can do when dealing with spammers, doing business with them is not an option. Legitimate businesses do not advertise their products or services via unsolicited e-mail, and any business that does should be regarded with suspicion. This is particularly true for any spam that advertises medication, especially prescription drugs at drastically reduced prices. These types of drugs are generally counterfeited or well past their expiration date. The consequences are generally unpleasant to the buyer. Never, never use opt-out links on the spam. Their real function is to verify that the recipient is a valid e-mail address and will virtually guarantee that you will go to the head of the list and your spam will increase ten-fold.
The big question is – Is there anything that can be done? We will explore the various options in future articles. As stated earlier in this article, at present, with the existing laws, you cannot get rid of it completely, but there are ways to manage and minimize the amount of spam you get.
Martin Simons, Wenex Technologies