fbpx
Wikipedia

Email spam

March 28, 2023

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive.[1] Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.[2][3]

An email box folder filled with spam messages.

Since the expense of the spam is borne mostly by the recipient,[4] it is effectively postage due advertising. Thus, it is an example of a negative externality.[5]

The legal definition and status of spam varies from one jurisdiction to another, but nowhere have laws and lawsuits been particularly successful in stemming spam.

Most email spam messages are commercial in nature. Whether commercial or not, many are not only annoying as a form of attention theft, but also dangerous because they may contain links that lead to phishing web sites or sites that are hosting malware or include malware as file attachments.

Spammers collect email addresses from chat rooms, websites, customer lists, newsgroups, and viruses that harvest users' address books. These collected email addresses are sometimes also sold to other spammers.

Overview

At the beginning of the Internet (the ARPANET), sending of commercial email was prohibited.[6] Gary Thuerk sent the first email spam message in 1978 to 600 people. He was reprimanded and told not to do it again.[7] Now the ban on spam is enforced by the Terms of Service/Acceptable Use Policy (ToS/AUP) of internet service providers (ISPs) and peer pressure.

Spam is sent by both otherwise reputable organizations and lesser companies. When spam is sent by otherwise reputable companies it is sometimes referred to as Mainsleaze.[8][9] Mainsleaze makes up approximately 3% of the spam sent over the internet.[10]

Spamvertised sites

Many spam emails contain URLs to a website or websites. According to a Cyberoam report in 2014, there are an average of 54 billion spam messages sent every day. "Pharmaceutical products (Viagra and the like) jumped up 45% from last quarter’s analysis, leading this quarter’s spam pack. Emails purporting to offer jobs with fast, easy cash come in at number two, accounting for approximately 15% of all spam email. And, rounding off at number three are spam emails about diet products (such as Garcinia gummi-gutta or Garcinia Cambogia), accounting for approximately 1%."[11]

Main article: Phishing

Spam is also a medium for fraudsters to scam users into entering personal information on fake Web sites using emails forged to look like they are from banks or other organizations, such as PayPal. This is known as phishing. Targeted phishing, where known information about the recipient is used to create forged emails, is known as spear-phishing.[12]

Spam techniques

Appending

Main article: Email appending

If a marketer has one database containing names, addresses, and telephone numbers of customers, they can pay to have their database matched against an external database containing email addresses. The company then has the means to send email to people who have not requested email, which may include people who have deliberately withheld their email address.[13]

Image spam

Main article: Image spam

Image spam, or image-based spam,[14][15] is an obfuscation method by which text of the message is stored as a GIF or JPEG image and displayed in the email. This prevents text-based spam filters from detecting and blocking spam messages. Image spam was reportedly used in the mid-2000s to advertise "pump and dump" stocks.[16]

Often, image spam contains nonsensical, computer-generated text which simply annoys the reader. However, new technology in some programs tries to read the images by attempting to find text in these images. These programs are not very accurate, and sometimes filter out innocent images of products, such as a box that has words on it.

A newer technique, however, is to use an animated GIF image that does not contain clear text in its initial frame, or to contort the shapes of letters in the image (as in CAPTCHA) to avoid detection by optical character recognition tools.

Blank spam

Blank spam is spam lacking a payload advertisement. Often the message body is missing altogether, as well as the subject line. Still, it fits the definition of spam because of its nature as bulk and unsolicited email.[17]

Blank spam may be originated in different ways, either intentional or unintentionally:

  1. Blank spam can have been sent in a directory harvest attack, a form of dictionary attack for gathering valid addresses from an email service provider. Since the goal in such an attack is to use the bounces to separate invalid addresses from the valid ones, spammers may dispense with most elements of the header and the entire message body, and still accomplish their goals.
  2. Blank spam may also occur when a spammer forgets or otherwise fails to add the payload when they set up the spam run.
  3. Often blank spam headers appear truncated, suggesting that computer glitches, such as software bugs or other may have contributed to this problem—from poorly written spam software to malfunctioning relay servers, or any problems that may truncate header lines from the message body.
  4. Some spam may appear to be blank when in fact it is not. An example of this is the VBS.Davinia.B email worm[18] which propagates through messages that have no subject line and appears blank, when in fact it uses HTML code to download other files.

Backscatter spam

Main article: Backscatter (email)

Backscatter is a side-effect of email spam, viruses, and worms. It happens when email servers are misconfigured to send a bogus bounce message to the envelope sender when rejecting or quarantining email (rather than simply rejecting the attempt to send the message).

If the sender's address was forged, then the bounce may go to an innocent party. Since these messages were not solicited by the recipients, are substantially similar to each other, and are delivered in bulk quantities, they qualify as unsolicited bulk email or spam. As such, systems that generate email backscatter can end up being listed on various DNSBLs and be in violation of internet service providers' Terms of Service.

Legal countermeasures

See also: Email spam legislation by country

If an individual or organisation can identify harm done to them by spam, and identify who sent it; then they may be able to sue for a legal remedy, e.g. on the basis of trespass to chattels. A number of large civil settlements have been won in this way,[19] although others have been mostly unsuccessful in collecting damages.[20][21]

Criminal prosecution of spammers under fraud or computer crime statutes is also common, particularly if they illegally accessed other computers to create botnets, or the emails were phishing or other forms of criminal fraud.[22][23][24][25]

Finally, in most countries specific legislation is in place to make certain forms of spamming a criminal offence, as outlined below:

European Union

Article 13 of the European Union Directive on Privacy and Electronic Communications (2002/58/EC) provides that the EU member states shall take appropriate measures to ensure that unsolicited communications for the purposes of direct marketing are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications, the choice between these options to be determined by national legislation.

United Kingdom

In the United Kingdom, for example, unsolicited emails cannot be sent to an individual subscriber unless prior permission has been obtained or unless there is a pre-existing commercial relationship between the parties.[26][27]

Canada

The 2010 Fighting Internet and Wireless Spam Act (which took effect in 2014)[28] is Canadian legislation meant to fight spam.[29]

Australia

The Spam Act 2003, which covers some types of email and phone spam.[30] Penalties are up to 10,000 penalty units, or 2,000 penalty units for a person other than a body corporate.

United States

In the United States, many states enacted anti-spam laws during the late 1990s and early 2000s. All of these were subsequently superseded by the CAN-SPAM Act of 2003,[31] which was in many cases less restrictive. CAN-SPAM also preempted any further state legislation, but it left related laws not specific to e-mail intact.[32] Courts have ruled that spam can constitute, for example, trespass to chattels.[33]

Bulk commercial email does not violate CAN-SPAM, provided that it meets certain criteria, such as a truthful subject line, no forged information in the headers. If it fails to comply with any of these requirements it is illegal. Those opposing spam greeted the new law with dismay and disappointment, almost immediately dubbing it the "You Can Spam" Act.[34][35]

In practice, it had a little positive impact. In 2004, less than one percent of spam complied with CAN-SPAM,[36] although a 2005 review by the Federal Trade Commission claimed that the amount of sexually explicit spam had significantly decreased since 2003 and the total volume had begun to level off.[37] Many other observers viewed it as having failed,[38][39] although there have been several high-profile prosecutions.[40][41]

Deception and fraud

Spammers may engage in deliberate fraud to send out their messages. Spammers often use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. They also often use falsified or stolen credit card numbers to pay for these accounts. This allows them to move quickly from one account to the next as the host ISPs discover and shut down each one.

Senders may go to great lengths to conceal the origin of their messages. Large companies may hire another firm to send their messages so that complaints or blocking of email falls on a third party. Others engage in spoofing of email addresses (much easier than IP address spoofing). The email protocol (SMTP) has no authentication by default, so the spammer can pretend to originate a message apparently from any email address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an email originates.

Senders cannot completely spoof email delivery chains (the 'Received' header), since the receiving mailserver records the actual connection from the last mailserver's IP address. To counter this, some spammers forge additional delivery headers to make it appear as if the email had previously traversed many legitimate servers.

Spoofing can have serious consequences for legitimate email users. Not only can their email inboxes get clogged up with "undeliverable" emails in addition to volumes of spam, but they can mistakenly be identified as a spammer. Not only may they receive irate email from spam victims, but (if spam victims report the email address owner to the ISP, for example) a naïve ISP may terminate their service for spamming.

Theft of service

Spammers frequently seek out and make use of vulnerable third-party systems such as open mail relays and open proxy servers. SMTP forwards mail from one server to another—mail servers that ISPs run commonly require some form of authentication to ensure that the user is a customer of that ISP.

Increasingly, spammers use networks of malware-infected PCs (zombies) to send their spam. Zombie networks are also known as botnets (such zombifying malware is known as a bot, short for robot). In June 2006, an estimated 80 percent of email spam was sent by zombie PCs, an increase of 30 percent from the prior year. An estimated 55 billion email spam were sent each day in June 2006, an increase of 25 billion per day from June 2005.[42]

For the first quarter of 2010, an estimated 305,000 newly activated zombie PCs were brought online each day for malicious activity. This number is slightly lower than the 312,000 of the fourth quarter of 2009.[43]

Brazil produced the most zombies in the first quarter of 2010. Brazil was the source of 20 percent of all zombies, which is down from 14 percent from the fourth quarter of 2009. India had 10 percent, with Vietnam at 8 percent, and the Russian Federation at 7 percent.[43]

Side effects

To combat the problems posed by botnets, open relays, and proxy servers, many email server administrators pre-emptively block dynamic IP ranges and impose stringent requirements on other servers wishing to deliver mail. Forward-confirmed reverse DNS must be correctly set for the outgoing mail server and large swaths of IP addresses are blocked, sometimes pre-emptively, to prevent spam. These measures can pose problems for those wanting to run a small email server off an inexpensive domestic connection. Blacklisting of IP ranges due to spam emanating from them also causes problems for legitimate email servers in the same IP range.

Statistics and estimates

The total volume of email spam has been consistently growing, but in 2011 the trend seemed to reverse.[44][45] The amount of spam that users see in their mailboxes is only a portion of total spam sent, since spammers' lists often contain a large percentage of invalid addresses and many spam filters simply delete or reject "obvious spam".

The first known spam email, advertising a DEC product presentation, was sent in 1978 by Gary Thuerk to 600 addresses, the total number of users on ARPANET was 2600 at the time though software limitations meant only slightly more than half of the intended recipients actually received it.[46] As of August 2010, the number of spam messages sent per day was estimated to be around 200 billion.[47] More than 97% of all emails sent over the Internet in 2008 were unwanted, according to a Microsoft security report.[48] MAAWG estimates that 85% of incoming mail is "abusive email", as of the second half of 2007. The sample size for the MAAWG's study was over 100 million mailboxes.[49][50][51] In 2018 with growing affiliation networks & email frauds worldwide about 90% of global email traffic is spam as per IPwarmup.com study, which also effects legitimate email senders to achieve inbox delivery.[52]

A 2010 survey of US and European email users showed that 46% of the respondents had opened spam messages, although only 11% had clicked on a link.[53]

Highest amount of spam received

According to Steve Ballmer in 2004, Microsoft founder Bill Gates receives four million emails per year, most of them spam.[54] This was originally incorrectly reported as "per day".[55]

At the same time Jef Poskanzer, owner of the domain name acme.com, was receiving over one million spam emails per day.[56]

Cost of spam

A 2004 survey estimated that lost productivity costs Internet users in the United States $21.58 billion annually, while another reported the cost at $17 billion, up from $11 billion in 2003. In 2004, the worldwide productivity cost of spam has been estimated to be $50 billion in 2005.[57]

Origin of spam

E-mail spam relayed by country in Q2 2007 (% of total)[58]
Country Percentage
United States
19.6
EU (Top 5)
17.9
China (+ Hong Kong)
8.4
South Korea
6.5
Poland
4.8
Germany
4.2
Brazil
4.1
France
3.3
Russia
3.1
Turkey
2.9
United Kingdom
2.8
Italy
2.8
India
2.5

Because of the international nature of spam, the spammer, the hijacked spam-sending computer, the spamvertised server, and the user target of the spam are all often located in different countries. As much as 80% of spam received by Internet users in North America and Europe can be traced to fewer than 200 spammers.[59]

In terms of volume of spam: According to Sophos, the major sources of spam in the fourth quarter of 2008 (October to December) were:[unreliable source?][12][60][61][62][63][64][65][66][67][68]

  • The United States (the origin of 19.8% of spam messages, up from 18.9% in Q3)
  • China (9.9%, up from 5.4%)
  • Russia (6.4%, down from 8.3%)
  • Brazil (6.3%, up from 4.5%)
  • Turkey (4.4%, down from 8.2%)

When grouped by continents, spam comes mostly from:

  • Asia (37.8%, down from 39.8%)
  • North America (23.6%, up from 21.8%)
  • Europe (23.4%, down from 23.9%)
  • South America (12.9%, down from 13.2%)

In terms of number of IP addresses: the Spamhaus Project ranks the top three as the United States, China, and Russia,[69] followed by Japan, Canada, and South Korea.

In terms of networks: As of 13 December 2021, the three networks hosting the most spammers are ChinaNet, Amazon, and Airtel India.[70]

Anti-spam techniques

Main article: Anti-spam techniques

The U.S. Department of Energy Computer Incident Advisory Capability (CIAC) has provided specific countermeasures against email spamming.[71]

Some popular methods for filtering and refusing spam include email filtering based on the content of the email, DNS-based blackhole lists (DNSBL), greylisting, spamtraps, enforcing technical requirements of email (SMTP), checksumming systems to detect bulk email, and by putting some sort of cost on the sender via a proof-of-work system or a micropayment. Each method has strengths and weaknesses and each is controversial because of its weaknesses. For example, one company's offer to "[remove] some spamtrap and honeypot addresses" from email lists defeats the ability for those methods to identify spammers.

Outbound spam protection combines many of the techniques to scan messages exiting out of a service provider's network, identify spam, and taking action such as blocking the message or shutting off the source of the message.

Email authentication to prevent "From:" address spoofing became popular in the 2010s.

Collateral damage

Measures to protect against spam can cause collateral damage. This includes:

  • The measures may consume resources, both in the server and on the network.
  • When legitimate messages are rejected, the sender needs to contact the recipient out of channel.
  • When legitimate messages are relegated to a spam folder, the sender is not notified of this.
  • If a recipient periodically checks his spam folder, that will cost him time and if there is a lot of spam it is easy to overlook the few legitimate messages.

Methods of spammers

Gathering of addresses

Main article: Email address harvesting

In order to send spam, spammers need to obtain the email addresses of the intended recipients. To this end, both spammers themselves and list merchants gather huge lists of potential email addresses. Since spam is, by definition, unsolicited, this address harvesting is done without the consent (and sometimes against the expressed will) of the address owners. A single spam run may target tens of millions of possible addresses – many of which are invalid, malformed, or undeliverable.

Obfuscating message content

Many spam-filtering techniques work by searching for patterns in the headers or bodies of messages. For instance, a user may decide that all email they receive with the word "Viagra" in the subject line is spam, and instruct their mail program to automatically delete all such messages. To defeat such filters, the spammer may intentionally misspell commonly filtered words or insert other characters, often in a style similar to leetspeak, as in the following examples: V1agra, Via'gra, Vi@graa, vi*gra, \/iagra. This also allows for many different ways to express a given word, making identifying them all more difficult for filter software.

The principle of this method is to leave the word readable to humans (who can easily recognize the intended word for such misspellings), but not likely to be recognized by a computer program. This is only somewhat effective, because modern filter patterns have been designed to recognize blacklisted terms in the various iterations of misspelling. Other filters target the actual obfuscation methods, such as the non-standard use of punctuation or numerals into unusual places. Similarly, HTML-based email gives the spammer more tools to obfuscate text. Inserting HTML comments between letters can foil some filters. Another common ploy involves presenting the text as an image, which is either sent along or loaded from a remote server.

Defeating Bayesian filters

As Bayesian filtering has become popular as a spam-filtering technique, spammers have started using methods to weaken it. To a rough approximation, Bayesian filters rely on word probabilities. If a message contains many words that are used only in spam, and few that are never used in spam, it is likely to be spam. To weaken Bayesian filters, some spammers, alongside the sales pitch, now include lines of irrelevant, random words, in a technique known as Bayesian poisoning.

Spam-support services

A number of other online activities and business practices are considered by anti-spam activists to be connected to spamming. These are sometimes termed spam-support services: business services, other than the actual sending of spam itself, which permit the spammer to continue operating. Spam-support services can include processing orders for goods advertised in spam, hosting Web sites or DNS records referenced in spam messages, or a number of specific services as follows:

Some Internet hosting firms advertise bulk-friendly or bulletproof hosting. This means that, unlike most ISPs, they will not terminate a customer for spamming. These hosting firms operate as clients of larger ISPs, and many have eventually been taken offline by these larger ISPs as a result of complaints regarding spam activity. Thus, while a firm may advertise bulletproof hosting, it is ultimately unable to deliver without the connivance of its upstream ISP. However, some spammers have managed to get what is called a pink contract (see below) – a contract with the ISP that allows them to spam without being disconnected.

A few companies produce spamware, or software designed for spammers. Spamware varies widely, but may include the ability to import thousands of addresses, to generate random addresses, to insert fraudulent headers into messages, to use dozens or hundreds of mail servers simultaneously, and to make use of open relays. The sale of spamware is illegal in eight U.S. states.[72][73][74]

So-called millions CDs are commonly advertised in spam. These are CD-ROMs purportedly containing lists of email addresses, for use in sending spam to these addresses. Such lists are also sold directly online, frequently with the false claim that the owners of the listed addresses have requested (or "opted in") to be included. Such lists often contain invalid addresses. In recent years, these have fallen almost entirely out of use due to the low quality email addresses available on them, and because some email lists exceed 20GB in size. The amount you can fit on a CD is no longer substantial.

A number of DNS blacklists (DNSBLs), including the MAPS RBL, Spamhaus SBL, SORBS and SPEWS, target the providers of spam-support services as well as spammers. DNSBLs blacklist IPs or ranges of IPs to persuade ISPs to terminate services with known customers who are spammers or resell to spammers.

Related vocabulary

Unsolicited bulk email (UBE)
A synonym for email spam.
Unsolicited commercial email (UCE)
Spam promoting a commercial service or product. This is the most common type of spam, but it excludes spams that are hoaxes (e.g. virus warnings), political advocacy, religious messages, and chain letters sent by a person to many other people. The term UCE may be most common in the USA.[75]
Pink contract
A pink contract is a service contract offered by an ISP which offers bulk email service to spamming clients, in violation of that ISP's publicly posted acceptable use policy.
Spamvertising
Spamvertising is advertising through the medium of spam.
Opt-in, confirmed opt-in, double opt-in, opt-out
Opt-in, confirmed opt-in, double opt-in, opt-out refers to whether the people on a mailing list are given the option to be put in, or taken out, of the list. Confirmation (and "double", in marketing speak) refers to an email address transmitted e.g. through a web form being confirmed to actually request joining a mailing list, instead of being added to the list without verification.
Final, Ultimate Solution for the Spam Problem (FUSSP)
An ironic reference to naïve developers who believe they have invented the perfect spam filter, which will stop all spam from reaching users' inboxes while deleting no legitimate email accidentally.[76][77]

History

Main article: History of email spam

See also

References

  1. ^ "Merriam Webster Dictionary". Merriam-Webster.
  2. ^ Email metrics report, M3AAWG, Nov 2014
  3. ^ Fu, JuiHsi; Lin, PoChing; Lee, SingLing (2014-08-01). "Detecting spamming activities in a campus network using incremental learning". Journal of Network and Computer Applications. 43: 56–65. doi:10.1016/j.jnca.2014.03.010. ISSN 1084-8045.
  4. ^ Rebecca Lieb (July 26, 2002). . The ClickZ Network. Archived from the original on 2007-08-07. Retrieved 2010-09-23.
  5. ^ Rao, Justin M.; Reiley, David H. (2012), "Economics of Spam", Journal of Economic Perspectives, 26 (3): 87–110, doi:10.1257/jep.26.3.87
  6. ^ Stacy, Christopher. "Getting Started Computing at the AI Lab" (PDF). MIT. Retrieved 2018-10-15.
  7. ^ .
  8. ^ Levine, John (October 18, 2011). "The Mainsleaze Blog". Internet and e-mail policy and practice. Retrieved April 1, 2019.
  9. ^ Jefferson, Catherine. "What is Mainsleaze Spam?". The Mainsleaze Blog. Retrieved April 1, 2019.
  10. ^ Jefferson, Catherine. "Companies that spam, and ESPs that help them". The Mainsleaze Blog. Retrieved April 1, 2019.
  11. ^ "Q1 2014 Internet Threats Trend Report" (PDF) (Press release). Sophos Cyberoam. Retrieved 2015-11-01.
  12. ^ a b "Only one in 28 emails legitimate, Sophos report reveals rising tide of spam in April–June 2008" (Press release). Sophos. 2008-07-15. Retrieved 2008-10-12.
  13. ^ Bob West (January 19, 2008). "Getting it Wrong: Corporate America Spams the Afterlife". Clueless Mailers. Archived from the original on April 14, 2013. Retrieved 2010-09-23.
  14. ^ Giorgio Fumera, Ignazio Pillai, Fabio Roli,Fumera, Giorgio (2006). "Spam filtering based on the analysis of text information embedded into images". Journal of Machine Learning Research. 7 (98): 2699–2720. Journal of Machine Learning Research (special issue on Machine Learning in Computer Security), vol. 7, pp. 2699-2720, 12/2006.
  15. ^ Battista Biggio, Giorgio Fumera, Ignazio Pillai, Fabio Roli,Biggio, Battista; Fumera, Giorgio; Pillai, Ignazio; Roli, Fabio (2011). "A survey and experimental evaluation of image spam filtering techniques". Pattern Recognition Letters. 32 (10): 1436–1446. Bibcode:2011PaReL..32.1436B. doi:10.1016/j.patrec.2011.03.022. Volume 32, Issue 10, 15 July 2011, Pages 1436-1446, ISSN 0167-8655.
  16. ^ Eric B. Parizo (2006-07-26). "Image spam paints a troubling picture". Search Security. Retrieved 2007-01-06.
  17. ^ "Dealing with blank spam". CNET. September 2, 2009. Retrieved August 17, 2015.
  18. ^ "symantec.com". symantec.com. Retrieved 2012-12-10.
  19. ^ e.g. CompuServe Inc. v. Cyber Promotions, Inc., School of Visual Arts v. Kuprewicz
  20. ^ Clinton Internet provider wins $11B suit against spammer, QC Times
  21. ^ AOL gives up treasure hunt, Boston Herald
  22. ^ e.g. Sanford Wallace
  23. ^ "Bronx man, 'leader' of bank-fraud scam, convicted". Iohud. 26 February 2016. Retrieved 11 January 2019.
  24. ^ "'Spam King' pleads guilty in Detroit". UPI. 2009-06-23. Retrieved 2009-06-23.
  25. ^ "Top Spammer Sentenced to Nearly Four Years". PC World. 2008-07-22. Retrieved 2010-10-24.
  26. ^ Privacy and Electronic Communications (EC Directive) Regulations 2003
  27. ^ Enforcement, ICO
  28. ^ Fighting Internet and Wireless Spam Act, CA: GC
  29. ^ Canada's Anti-spam Bill C-28 is the Law of the Land, Circle ID, 2010-12-15
  30. ^ "Commonwealth Consolidated Acts: Spam Act 2003 – Schedule 2". Sydney, AU: AustLII, Faculty of Law, University of Technology. Retrieved 2010-09-23.
  31. ^ But see, e.g., Hypertouch v. ValueClick, Inc. et al., Cal.App.4th (Google Scholar: January 18, 2011)
  32. ^ "SEC. 8. EFFECT ON OTHER LAWS", PUBLIC LAW 108-187--DEC. 16, 2003 117 STAT. 2699 (PDF), FTC, (2) STATE LAW NOT SPECIFIC TO ELECTRONIC ~ZL.--This Act shall not be construed to preempt the applicability of(A) State laws that are not specific to electronic mail, including State trespass, contract, or tot~ law; or (B) other State laws to the extent that those laws relate to acts of fraud or computer crime.
  33. ^ Daniel J. Schwartz; Joseph F. Marinelli (September 2004), "Trespass to Chattels" Finds New Life In Battle Against Spam (PDF), Association of Corporate Counsel
  34. ^ Foster, Ed (November 24, 2003). . The Gripe Line Weblog. Archived from the original on 2007-04-06. Retrieved 2007-03-09.
  35. ^ "United States set to Legalize Spamming on January 1, 2004". Spamhaus.org. Retrieved 7 January 2015.
  36. ^ Is the CAN-SPAM Law Working?, PC World
  37. ^ (PDF), USA: FTC, archived from the original (PDF) on January 10, 2006
  38. ^ Ken Fisher (December 2005), US FTC says CAN-SPAM works, Ars Technica
  39. ^ , USA: SC Magazine, archived from the original on 2010-09-03
  40. ^ e.g. Oleg Nikolaenko
  41. ^ "Los Angeles Man, First American Convicted Under Anti-Spam Law, Faces Years in Prison". AP. 17 January 2007. Retrieved 9 January 2019.
  42. ^ "Spammers Continue Innovation: IronPort Study Shows Image-based Spam, Hit & Run, and Increased Volumes Latest Threat to Your Inbox" (Press release). IronPort Systems. 2006-06-28. Retrieved 2007-01-05.
  43. ^ a b "Q1 2010 Internet Threats Trend Report" (PDF) (Press release). Commtouch Software Ltd. Retrieved 2010-09-23.
  44. ^ Charlie White (2011-07-04). "Spam Decreased 82.22% Over The Past Year". Mashable.com. Retrieved 2012-12-10.
  45. ^ "Spam" (in Dutch). Symantec.cloud. Retrieved 2012-12-10.
  46. ^ Brad Templeton (8 March 2005). "Reaction to the DEC Spam of 1978". Brad Templeton. Retrieved 2007-01-21.
  47. ^ Josh Halliday (10 January 2011). "Email spam level bounces back after record low". guardian.co.uk. Retrieved 2011-01-11.
  48. ^ Waters, Darren (2009-04-08). "Spam overwhelms email messages". BBC News. Retrieved 2012-12-10.
  49. ^ (PDF). Report No. 7 – Third and Fourth quarters 2007. Messaging Anti-Abuse Working Group. April 2008. Archived from the original (PDF) on 2008-07-24. Retrieved 2008-05-08. {{cite journal}}: Cite journal requires |journal= (help)
  50. ^ (PDF). Report No. 1 – 4th quarter 2005 Report. Messaging Anti-Abuse Working Group. March 2006. Archived from the original (PDF) on December 8, 2006. Retrieved 2007-01-06. {{cite journal}}: Cite journal requires |journal= (help)
  51. ^ (PDF). Report No. 2 – 1st quarter 2006. Messaging Anti-Abuse Working Group. June 2006. Archived from the original (PDF) on 2006-09-24. Retrieved 2007-01-06. {{cite journal}}: Cite journal requires |journal= (help)
  52. ^ "IPWarmup.com - Study".
  53. ^ "2010 MAAWG Email Security Awareness and Usage Report, Messing Anti-Abuse Working Group/Ipsos Public Affairs" (PDF). Retrieved 2012-12-10.
  54. ^ Staff (18 November 2004). "Bill Gates 'most spammed person'". BBC News. Retrieved 2010-09-23.
  55. ^ Mike Wendland (December 2, 2004). "Ballmer checks out my spam problem". ACME Laboratories republication of article appearing in Detroit Free Press. Retrieved 2010-09-23. the date provided is for the original article; the date of revision for the republication is 8 June 2005; verification that content of the republication is the same as the original article is pending.
  56. ^ Jef Poskanzer (2006-05-15). "Mail Filtering". ACME Laboratories. Retrieved 2010-09-23.
  57. ^ Spam Costs Billions
  58. ^ Sophos. "Sophos reveals "dirty dozen" spam-relaying countries" (Press release). Retrieved 2020-04-13.
  59. ^ Register of Known Spam Operations (ROKSO).
  60. ^ "Sophos reveals 'Dirty Dozen' spam producing countries, August 2004" (Press release). Sophos. 2004-08-24. Retrieved 2007-01-06.
  61. ^ "Sophos reveals 'dirty dozen' spam relaying countries" (Press release). Sophos. 2006-07-24. Retrieved 2007-01-06.
  62. ^ "Sophos research reveals dirty dozen spam-relaying nations" (Press release). Sophos. 2007-04-11. Retrieved 2007-06-15.
  63. ^ "Sophos reveals 'Dirty Dozen' spam producing countries, July 2007" (Press release). Sophos. 2007-07-18. Retrieved 2007-07-24.
  64. ^ "Sophos reveals 'Dirty Dozen' spam producing countries for Q3 2007" (Press release). Sophos. 2007-10-24. Retrieved 2007-11-09.
  65. ^ "Sophos details dirty dozen spam-relaying countries for Q4 2007" (Press release). Sophos. 2008-02-11. Retrieved 2008-02-12.
  66. ^ "Sophos details dirty dozen spam-relaying countries for Q1 2008" (Press release). Sophos. 2008-04-14. Retrieved 2008-06-07.
  67. ^ "Eight times more malicious email attachments spammed out in Q3 2008" (Press release). Sophos. 2008-10-27. Retrieved 2008-11-02.
  68. ^ "Spammers defy Bill Gates's death-of-spam prophecy" (Press release). Sophos. 2009-01-22. Retrieved 2009-01-22.
  69. ^ "Spamhaus Statistics: The Top 10". Spamhaus Blocklist (SBL) database. dynamic report. The Spamhaus Project Ltd. Retrieved 2007-01-06.{{cite web}}: CS1 maint: others (link)
  70. ^ . Archived from the original on 2021-10-22. Retrieved 2021-12-13.
  71. ^ Shawn Hernan; James R. Cutler; David Harris (1997-11-25). . Computer Incident Advisory Capability Information Bulletins. United States Department of Energy. Archived from the original on 2007-01-04. Retrieved 2007-01-06.
  72. ^ Sapient Fridge (2005-07-08). "Spamware vendor list". Spam Sights. Retrieved 2007-01-06.
  73. ^ "SBL Policy & Listing Criteria". The Spamhaus Project. 2006-12-22. Retrieved 2007-01-06. original location was at SBL rationale; the referenced page is an auto-redirect target from the original location
  74. ^ "Spamware – Email Address Harvesting Tools and Anonymous Bulk Emailing Software". MX Logic (abstract hosted by Bit Pipe). 2004-10-01. Retrieved 2007-01-06. {{cite journal}}: Cite journal requires |journal= (help) the link here is to an abstract of a white paper; registration with the authoring organization is required to obtain the full white paper.
  75. ^ . Coalition Against Unsolicited Bulk Email, Australia. Archived from the original on 2007-01-06. Retrieved 2007-01-06.
  76. ^ "Vernon Schryver: You Might Be An Anti-Spam Kook If". Rhyolite.com. Retrieved 2012-12-10.
  77. ^ "Richi'Blog". richi.co.uk.

Further reading

  • Dow, K; Serenko, A; Turel, O; Wong, J (2006), "Antecedents and consequences of user satisfaction with email systems", International Journal of e-Collaboration (PDF), vol. 2, pp. 46–64.
  • Sjouwerman, Stu; Posluns, Jeffrey, Inside the spam cartel: trade secrets from the dark side, Elsevier/Syngress; 1st edition, November 27, 2004. ISBN 978-1-932266-86-3.

External links

Spam info

  • "Can the Spam: How Spam is Bad for the Environment", The Economist, June 15, 2009.

Spam reports

  • Worldwide Email Threat Activity, Barracuda Central.

Government reports and industry white papers

  • (PDF), United States: FTC, archived from the original (PDF) on 2007-11-28, retrieved 13 Oct 2007.
  • which contains legislation, analysis, and litigation histories
  • Why Am I Getting All This Spam? Unsolicited Commercial Email Research Six Month Report by Center for Democracy & Technology from the author of Pegasus Mail and Mercury Mail Transport SystemDavid Harris
  • (PDF), Pegasus Mail, archived from the original (PDF) on 2007-11-28.

March 28, 2023
email, spam, also, referred, junk, email, spam, mail, simply, spam, unsolicited, messages, sent, bulk, email, spamming, name, comes, from, monty, python, sketch, which, name, canned, pork, product, spam, ubiquitous, unavoidable, repetitive, steadily, grown, si. Email spam also referred to as junk email spam mail or simply spam is unsolicited messages sent in bulk by email spamming The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous unavoidable and repetitive 1 Email spam has steadily grown since the early 1990s and by 2014 was estimated to account for around 90 of total email traffic 2 3 An email box folder filled with spam messages Since the expense of the spam is borne mostly by the recipient 4 it is effectively postage due advertising Thus it is an example of a negative externality 5 The legal definition and status of spam varies from one jurisdiction to another but nowhere have laws and lawsuits been particularly successful in stemming spam Most email spam messages are commercial in nature Whether commercial or not many are not only annoying as a form of attention theft but also dangerous because they may contain links that lead to phishing web sites or sites that are hosting malware or include malware as file attachments Spammers collect email addresses from chat rooms websites customer lists newsgroups and viruses that harvest users address books These collected email addresses are sometimes also sold to other spammers Contents 1 Overview 1 1 Spamvertised sites 2 Spam techniques 2 1 Appending 2 2 Image spam 2 3 Blank spam 2 4 Backscatter spam 3 Legal countermeasures 3 1 European Union 3 2 United Kingdom 3 3 Canada 3 4 Australia 3 5 United States 4 Deception and fraud 5 Theft of service 5 1 Side effects 6 Statistics and estimates 6 1 Highest amount of spam received 6 2 Cost of spam 6 3 Origin of spam 7 Anti spam techniques 7 1 Collateral damage 8 Methods of spammers 8 1 Gathering of addresses 8 2 Obfuscating message content 8 3 Defeating Bayesian filters 8 4 Spam support services 9 Related vocabulary 10 History 11 See also 12 References 13 Further reading 14 External linksOverview EditAt the beginning of the Internet the ARPANET sending of commercial email was prohibited 6 Gary Thuerk sent the first email spam message in 1978 to 600 people He was reprimanded and told not to do it again 7 Now the ban on spam is enforced by the Terms of Service Acceptable Use Policy ToS AUP of internet service providers ISPs and peer pressure Spam is sent by both otherwise reputable organizations and lesser companies When spam is sent by otherwise reputable companies it is sometimes referred to as Mainsleaze 8 9 Mainsleaze makes up approximately 3 of the spam sent over the internet 10 Spamvertised sites Edit Many spam emails contain URLs to a website or websites According to a Cyberoam report in 2014 there are an average of 54 billion spam messages sent every day Pharmaceutical products Viagra and the like jumped up 45 from last quarter s analysis leading this quarter s spam pack Emails purporting to offer jobs with fast easy cash come in at number two accounting for approximately 15 of all spam email And rounding off at number three are spam emails about diet products such as Garcinia gummi gutta or Garcinia Cambogia accounting for approximately 1 11 Main article Phishing Spam is also a medium for fraudsters to scam users into entering personal information on fake Web sites using emails forged to look like they are from banks or other organizations such as PayPal This is known as phishing Targeted phishing where known information about the recipient is used to create forged emails is known as spear phishing 12 Spam techniques EditAppending Edit Main article Email appending If a marketer has one database containing names addresses and telephone numbers of customers they can pay to have their database matched against an external database containing email addresses The company then has the means to send email to people who have not requested email which may include people who have deliberately withheld their email address 13 Image spam Edit Main article Image spam Image spam or image based spam 14 15 is an obfuscation method by which text of the message is stored as a GIF or JPEG image and displayed in the email This prevents text based spam filters from detecting and blocking spam messages Image spam was reportedly used in the mid 2000s to advertise pump and dump stocks 16 Often image spam contains nonsensical computer generated text which simply annoys the reader However new technology in some programs tries to read the images by attempting to find text in these images These programs are not very accurate and sometimes filter out innocent images of products such as a box that has words on it A newer technique however is to use an animated GIF image that does not contain clear text in its initial frame or to contort the shapes of letters in the image as in CAPTCHA to avoid detection by optical character recognition tools Blank spam Edit Blank spam is spam lacking a payload advertisement Often the message body is missing altogether as well as the subject line Still it fits the definition of spam because of its nature as bulk and unsolicited email 17 Blank spam may be originated in different ways either intentional or unintentionally Blank spam can have been sent in a directory harvest attack a form of dictionary attack for gathering valid addresses from an email service provider Since the goal in such an attack is to use the bounces to separate invalid addresses from the valid ones spammers may dispense with most elements of the header and the entire message body and still accomplish their goals Blank spam may also occur when a spammer forgets or otherwise fails to add the payload when they set up the spam run Often blank spam headers appear truncated suggesting that computer glitches such as software bugs or other may have contributed to this problem from poorly written spam software to malfunctioning relay servers or any problems that may truncate header lines from the message body Some spam may appear to be blank when in fact it is not An example of this is the VBS Davinia B email worm 18 which propagates through messages that have no subject line and appears blank when in fact it uses HTML code to download other files Backscatter spam Edit Main article Backscatter email Backscatter is a side effect of email spam viruses and worms It happens when email servers are misconfigured to send a bogus bounce message to the envelope sender when rejecting or quarantining email rather than simply rejecting the attempt to send the message If the sender s address was forged then the bounce may go to an innocent party Since these messages were not solicited by the recipients are substantially similar to each other and are delivered in bulk quantities they qualify as unsolicited bulk email or spam As such systems that generate email backscatter can end up being listed on various DNSBLs and be in violation of internet service providers Terms of Service Legal countermeasures EditSee also Email spam legislation by country If an individual or organisation can identify harm done to them by spam and identify who sent it then they may be able to sue for a legal remedy e g on the basis of trespass to chattels A number of large civil settlements have been won in this way 19 although others have been mostly unsuccessful in collecting damages 20 21 Criminal prosecution of spammers under fraud or computer crime statutes is also common particularly if they illegally accessed other computers to create botnets or the emails were phishing or other forms of criminal fraud 22 23 24 25 Finally in most countries specific legislation is in place to make certain forms of spamming a criminal offence as outlined below European Union Edit Article 13 of the European Union Directive on Privacy and Electronic Communications 2002 58 EC provides that the EU member states shall take appropriate measures to ensure that unsolicited communications for the purposes of direct marketing are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications the choice between these options to be determined by national legislation United Kingdom Edit In the United Kingdom for example unsolicited emails cannot be sent to an individual subscriber unless prior permission has been obtained or unless there is a pre existing commercial relationship between the parties 26 27 Canada Edit The 2010 Fighting Internet and Wireless Spam Act which took effect in 2014 28 is Canadian legislation meant to fight spam 29 Australia Edit The Spam Act 2003 which covers some types of email and phone spam 30 Penalties are up to 10 000 penalty units or 2 000 penalty units for a person other than a body corporate United States Edit In the United States many states enacted anti spam laws during the late 1990s and early 2000s All of these were subsequently superseded by the CAN SPAM Act of 2003 31 which was in many cases less restrictive CAN SPAM also preempted any further state legislation but it left related laws not specific to e mail intact 32 Courts have ruled that spam can constitute for example trespass to chattels 33 Bulk commercial email does not violate CAN SPAM provided that it meets certain criteria such as a truthful subject line no forged information in the headers If it fails to comply with any of these requirements it is illegal Those opposing spam greeted the new law with dismay and disappointment almost immediately dubbing it the You Can Spam Act 34 35 In practice it had a little positive impact In 2004 less than one percent of spam complied with CAN SPAM 36 although a 2005 review by the Federal Trade Commission claimed that the amount of sexually explicit spam had significantly decreased since 2003 and the total volume had begun to level off 37 Many other observers viewed it as having failed 38 39 although there have been several high profile prosecutions 40 41 Deception and fraud EditSpammers may engage in deliberate fraud to send out their messages Spammers often use false names addresses phone numbers and other contact information to set up disposable accounts at various Internet service providers They also often use falsified or stolen credit card numbers to pay for these accounts This allows them to move quickly from one account to the next as the host ISPs discover and shut down each one Senders may go to great lengths to conceal the origin of their messages Large companies may hire another firm to send their messages so that complaints or blocking of email falls on a third party Others engage in spoofing of email addresses much easier than IP address spoofing The email protocol SMTP has no authentication by default so the spammer can pretend to originate a message apparently from any email address To prevent this some ISPs and domains require the use of SMTP AUTH allowing positive identification of the specific account from which an email originates Senders cannot completely spoof email delivery chains the Received header since the receiving mailserver records the actual connection from the last mailserver s IP address To counter this some spammers forge additional delivery headers to make it appear as if the email had previously traversed many legitimate servers Spoofing can have serious consequences for legitimate email users Not only can their email inboxes get clogged up with undeliverable emails in addition to volumes of spam but they can mistakenly be identified as a spammer Not only may they receive irate email from spam victims but if spam victims report the email address owner to the ISP for example a naive ISP may terminate their service for spamming Theft of service EditSpammers frequently seek out and make use of vulnerable third party systems such as open mail relays and open proxy servers SMTP forwards mail from one server to another mail servers that ISPs run commonly require some form of authentication to ensure that the user is a customer of that ISP Increasingly spammers use networks of malware infected PCs zombies to send their spam Zombie networks are also known as botnets such zombifying malware is known as a bot short for robot In June 2006 an estimated 80 percent of email spam was sent by zombie PCs an increase of 30 percent from the prior year An estimated 55 billion email spam were sent each day in June 2006 an increase of 25 billion per day from June 2005 42 For the first quarter of 2010 an estimated 305 000 newly activated zombie PCs were brought online each day for malicious activity This number is slightly lower than the 312 000 of the fourth quarter of 2009 43 Brazil produced the most zombies in the first quarter of 2010 Brazil was the source of 20 percent of all zombies which is down from 14 percent from the fourth quarter of 2009 India had 10 percent with Vietnam at 8 percent and the Russian Federation at 7 percent 43 Side effects Edit This article possibly contains original research Please improve it by verifying the claims made and adding inline citations Statements consisting only of original research should be removed October 2015 Learn how and when to remove this template message To combat the problems posed by botnets open relays and proxy servers many email server administrators pre emptively block dynamic IP ranges and impose stringent requirements on other servers wishing to deliver mail Forward confirmed reverse DNS must be correctly set for the outgoing mail server and large swaths of IP addresses are blocked sometimes pre emptively to prevent spam These measures can pose problems for those wanting to run a small email server off an inexpensive domestic connection Blacklisting of IP ranges due to spam emanating from them also causes problems for legitimate email servers in the same IP range Statistics and estimates EditThe total volume of email spam has been consistently growing but in 2011 the trend seemed to reverse 44 45 The amount of spam that users see in their mailboxes is only a portion of total spam sent since spammers lists often contain a large percentage of invalid addresses and many spam filters simply delete or reject obvious spam The first known spam email advertising a DEC product presentation was sent in 1978 by Gary Thuerk to 600 addresses the total number of users on ARPANET was 2600 at the time though software limitations meant only slightly more than half of the intended recipients actually received it 46 As of August 2010 the number of spam messages sent per day was estimated to be around 200 billion 47 More than 97 of all emails sent over the Internet in 2008 were unwanted according to a Microsoft security report 48 MAAWG estimates that 85 of incoming mail is abusive email as of the second half of 2007 The sample size for the MAAWG s study was over 100 million mailboxes 49 50 51 In 2018 with growing affiliation networks amp email frauds worldwide about 90 of global email traffic is spam as per IPwarmup com study which also effects legitimate email senders to achieve inbox delivery 52 A 2010 survey of US and European email users showed that 46 of the respondents had opened spam messages although only 11 had clicked on a link 53 Highest amount of spam received Edit According to Steve Ballmer in 2004 Microsoft founder Bill Gates receives four million emails per year most of them spam 54 This was originally incorrectly reported as per day 55 At the same time Jef Poskanzer owner of the domain name acme com was receiving over one million spam emails per day 56 Cost of spam Edit A 2004 survey estimated that lost productivity costs Internet users in the United States 21 58 billion annually while another reported the cost at 17 billion up from 11 billion in 2003 In 2004 the worldwide productivity cost of spam has been estimated to be 50 billion in 2005 57 Origin of spam Edit E mail spam relayed by country in Q2 2007 of total 58 Country PercentageUnited States 19 6EU Top 5 17 9China Hong Kong 8 4South Korea 6 5Poland 4 8Germany 4 2Brazil 4 1France 3 3Russia 3 1Turkey 2 9United Kingdom 2 8Italy 2 8India 2 5Because of the international nature of spam the spammer the hijacked spam sending computer the spamvertised server and the user target of the spam are all often located in different countries As much as 80 of spam received by Internet users in North America and Europe can be traced to fewer than 200 spammers 59 In terms of volume of spam According to Sophos the major sources of spam in the fourth quarter of 2008 October to December were unreliable source 12 60 61 62 63 64 65 66 67 68 The United States the origin of 19 8 of spam messages up from 18 9 in Q3 China 9 9 up from 5 4 Russia 6 4 down from 8 3 Brazil 6 3 up from 4 5 Turkey 4 4 down from 8 2 When grouped by continents spam comes mostly from Asia 37 8 down from 39 8 North America 23 6 up from 21 8 Europe 23 4 down from 23 9 South America 12 9 down from 13 2 In terms of number of IP addresses the Spamhaus Project ranks the top three as the United States China and Russia 69 followed by Japan Canada and South Korea In terms of networks As of 13 December 2021 update the three networks hosting the most spammers are ChinaNet Amazon and Airtel India 70 Anti spam techniques EditMain article Anti spam techniques The U S Department of Energy Computer Incident Advisory Capability CIAC has provided specific countermeasures against email spamming 71 Some popular methods for filtering and refusing spam include email filtering based on the content of the email DNS based blackhole lists DNSBL greylisting spamtraps enforcing technical requirements of email SMTP checksumming systems to detect bulk email and by putting some sort of cost on the sender via a proof of work system or a micropayment Each method has strengths and weaknesses and each is controversial because of its weaknesses For example one company s offer to remove some spamtrap and honeypot addresses from email lists defeats the ability for those methods to identify spammers Outbound spam protection combines many of the techniques to scan messages exiting out of a service provider s network identify spam and taking action such as blocking the message or shutting off the source of the message Email authentication to prevent From address spoofing became popular in the 2010s Collateral damage Edit Measures to protect against spam can cause collateral damage This includes The measures may consume resources both in the server and on the network When legitimate messages are rejected the sender needs to contact the recipient out of channel When legitimate messages are relegated to a spam folder the sender is not notified of this If a recipient periodically checks his spam folder that will cost him time and if there is a lot of spam it is easy to overlook the few legitimate messages Methods of spammers EditThis section does not cite any sources Please help improve this section by adding citations to reliable sources Unsourced material may be challenged and removed November 2011 Learn how and when to remove this template message Gathering of addresses Edit Main article Email address harvesting In order to send spam spammers need to obtain the email addresses of the intended recipients To this end both spammers themselves and list merchants gather huge lists of potential email addresses Since spam is by definition unsolicited this address harvesting is done without the consent and sometimes against the expressed will of the address owners A single spam run may target tens of millions of possible addresses many of which are invalid malformed or undeliverable Obfuscating message content Edit Many spam filtering techniques work by searching for patterns in the headers or bodies of messages For instance a user may decide that all email they receive with the word Viagra in the subject line is spam and instruct their mail program to automatically delete all such messages To defeat such filters the spammer may intentionally misspell commonly filtered words or insert other characters often in a style similar to leetspeak as in the following examples V1agra Via gra Vi graa vi gra iagra This also allows for many different ways to express a given word making identifying them all more difficult for filter software The principle of this method is to leave the word readable to humans who can easily recognize the intended word for such misspellings but not likely to be recognized by a computer program This is only somewhat effective because modern filter patterns have been designed to recognize blacklisted terms in the various iterations of misspelling Other filters target the actual obfuscation methods such as the non standard use of punctuation or numerals into unusual places Similarly HTML based email gives the spammer more tools to obfuscate text Inserting HTML comments between letters can foil some filters Another common ploy involves presenting the text as an image which is either sent along or loaded from a remote server Defeating Bayesian filters Edit As Bayesian filtering has become popular as a spam filtering technique spammers have started using methods to weaken it To a rough approximation Bayesian filters rely on word probabilities If a message contains many words that are used only in spam and few that are never used in spam it is likely to be spam To weaken Bayesian filters some spammers alongside the sales pitch now include lines of irrelevant random words in a technique known as Bayesian poisoning Spam support services Edit A number of other online activities and business practices are considered by anti spam activists to be connected to spamming These are sometimes termed spam support services business services other than the actual sending of spam itself which permit the spammer to continue operating Spam support services can include processing orders for goods advertised in spam hosting Web sites or DNS records referenced in spam messages or a number of specific services as follows Some Internet hosting firms advertise bulk friendly or bulletproof hosting This means that unlike most ISPs they will not terminate a customer for spamming These hosting firms operate as clients of larger ISPs and many have eventually been taken offline by these larger ISPs as a result of complaints regarding spam activity Thus while a firm may advertise bulletproof hosting it is ultimately unable to deliver without the connivance of its upstream ISP However some spammers have managed to get what is called a pink contract see below a contract with the ISP that allows them to spam without being disconnected A few companies produce spamware or software designed for spammers Spamware varies widely but may include the ability to import thousands of addresses to generate random addresses to insert fraudulent headers into messages to use dozens or hundreds of mail servers simultaneously and to make use of open relays The sale of spamware is illegal in eight U S states 72 73 74 So called millions CDs are commonly advertised in spam These are CD ROMs purportedly containing lists of email addresses for use in sending spam to these addresses Such lists are also sold directly online frequently with the false claim that the owners of the listed addresses have requested or opted in to be included Such lists often contain invalid addresses In recent years these have fallen almost entirely out of use due to the low quality email addresses available on them and because some email lists exceed 20GB in size The amount you can fit on a CD is no longer substantial A number of DNS blacklists DNSBLs including the MAPS RBL Spamhaus SBL SORBS and SPEWS target the providers of spam support services as well as spammers DNSBLs blacklist IPs or ranges of IPs to persuade ISPs to terminate services with known customers who are spammers or resell to spammers Related vocabulary EditUnsolicited bulk email UBE A synonym for email spam Unsolicited commercial email UCE Spam promoting a commercial service or product This is the most common type of spam but it excludes spams that are hoaxes e g virus warnings political advocacy religious messages and chain letters sent by a person to many other people The term UCE may be most common in the USA 75 Pink contract A pink contract is a service contract offered by an ISP which offers bulk email service to spamming clients in violation of that ISP s publicly posted acceptable use policy Spamvertising Spamvertising is advertising through the medium of spam Opt in confirmed opt in double opt in opt out Opt in confirmed opt in double opt in opt out refers to whether the people on a mailing list are given the option to be put in or taken out of the list Confirmation and double in marketing speak refers to an email address transmitted e g through a web form being confirmed to actually request joining a mailing list instead of being added to the list without verification Final Ultimate Solution for the Spam Problem FUSSP An ironic reference to naive developers who believe they have invented the perfect spam filter which will stop all spam from reaching users inboxes while deleting no legitimate email accidentally 76 77 History EditMain article History of email spamSee also EditAddress munging Anti spam techniques Botnet Boulder Pledge CAUCE CAN SPAM Act of 2003 Chain email Direct Marketing Associations Disposable email address Email address harvesting Gordon v Virtumundo Inc Happy99 Junk fax List poisoning Make money fast the infamous Dave Rhodes chain letter that jumped to email Netiquette news admin net abuse email newsgroup Nigerian spam Project Honey Pot Pump and dump stock fraud Shotgun email SPAMasterpiece Theater Spamusement Spambot SpamCop Spamhaus Spamtrap Spamware Spider trap SPIT SPam over Internet Telephony References Edit Merriam Webster Dictionary Merriam Webster Email metrics report M3AAWG Nov 2014 Fu JuiHsi Lin PoChing Lee SingLing 2014 08 01 Detecting spamming activities in a campus network using incremental learning Journal of Network and Computer Applications 43 56 65 doi 10 1016 j jnca 2014 03 010 ISSN 1084 8045 Rebecca Lieb July 26 2002 Make Spammers Pay Before You Do The ClickZ Network Archived from the original on 2007 08 07 Retrieved 2010 09 23 Rao Justin M Reiley David H 2012 Economics of Spam Journal of Economic Perspectives 26 3 87 110 doi 10 1257 jep 26 3 87 Stacy Christopher Getting Started Computing at the AI Lab PDF MIT Retrieved 2018 10 15 Opening Pandora s In Box Levine John October 18 2011 The Mainsleaze Blog Internet and e mail policy and practice Retrieved April 1 2019 Jefferson Catherine What is Mainsleaze Spam The Mainsleaze Blog Retrieved April 1 2019 Jefferson Catherine Companies that spam and ESPs that help them The Mainsleaze Blog Retrieved April 1 2019 Q1 2014 Internet Threats Trend Report PDF Press release Sophos Cyberoam Retrieved 2015 11 01 a b Only one in 28 emails legitimate Sophos report reveals rising tide of spam in April June 2008 Press release Sophos 2008 07 15 Retrieved 2008 10 12 Bob West January 19 2008 Getting it Wrong Corporate America Spams the Afterlife Clueless Mailers Archived from the original on April 14 2013 Retrieved 2010 09 23 Giorgio Fumera Ignazio Pillai Fabio Roli Fumera Giorgio 2006 Spam filtering based on the analysis of text information embedded into images Journal of Machine Learning Research 7 98 2699 2720 Journal of Machine Learning Research special issue on Machine Learning in Computer Security vol 7 pp 2699 2720 12 2006 Battista Biggio Giorgio Fumera Ignazio Pillai Fabio Roli Biggio Battista Fumera Giorgio Pillai Ignazio Roli Fabio 2011 A survey and experimental evaluation of image spam filtering techniques Pattern Recognition Letters 32 10 1436 1446 Bibcode 2011PaReL 32 1436B doi 10 1016 j patrec 2011 03 022 Volume 32 Issue 10 15 July 2011 Pages 1436 1446 ISSN 0167 8655 Eric B Parizo 2006 07 26 Image spam paints a troubling picture Search Security Retrieved 2007 01 06 Dealing with blank spam CNET September 2 2009 Retrieved August 17 2015 symantec com symantec com Retrieved 2012 12 10 e g CompuServe Inc v Cyber Promotions Inc School of Visual Arts v Kuprewicz Clinton Internet provider wins 11B suit against spammer QC Times AOL gives up treasure hunt Boston Herald e g Sanford Wallace Bronx man leader of bank fraud scam convicted Iohud 26 February 2016 Retrieved 11 January 2019 Spam King pleads guilty in Detroit UPI 2009 06 23 Retrieved 2009 06 23 Top Spammer Sentenced to Nearly Four Years PC World 2008 07 22 Retrieved 2010 10 24 Privacy and Electronic Communications EC Directive Regulations 2003 Enforcement ICO Fighting Internet and Wireless Spam Act CA GC Canada s Anti spam Bill C 28 is the Law of the Land Circle ID 2010 12 15 Commonwealth Consolidated Acts Spam Act 2003 Schedule 2 Sydney AU AustLII Faculty of Law University of Technology Retrieved 2010 09 23 But see e g Hypertouch v ValueClick Inc et al Cal App 4th Google Scholar January 18 2011 SEC 8 EFFECT ON OTHER LAWS PUBLIC LAW 108 187 DEC 16 2003 117 STAT 2699 PDF FTC 2 STATE LAW NOT SPECIFIC TO ELECTRONIC ZL This Act shall not be construed to preempt the applicability of A State laws that are not specific to electronic mail including State trespass contract or tot law or B other State laws to the extent that those laws relate to acts of fraud or computer crime Daniel J Schwartz Joseph F Marinelli September 2004 Trespass to Chattels Finds New Life In Battle Against Spam PDF Association of Corporate Counsel Foster Ed November 24 2003 The Yes You Can Spam Act of 2003 The Gripe Line Weblog Archived from the original on 2007 04 06 Retrieved 2007 03 09 United States set to Legalize Spamming on January 1 2004 Spamhaus org Retrieved 7 January 2015 Is the CAN SPAM Law Working PC World Effectiveness and Enforcement of the CAN SPAM Act PDF USA FTC archived from the original PDF on January 10 2006 Ken Fisher December 2005 US FTC says CAN SPAM works Ars Technica Six years later Can Spam act leaves spam problem unresolved USA SC Magazine archived from the original on 2010 09 03 e g Oleg Nikolaenko Los Angeles Man First American Convicted Under Anti Spam Law Faces Years in Prison AP 17 January 2007 Retrieved 9 January 2019 Spammers Continue Innovation IronPort Study Shows Image based Spam Hit amp Run and Increased Volumes Latest Threat to Your Inbox Press release IronPort Systems 2006 06 28 Retrieved 2007 01 05 a b Q1 2010 Internet Threats Trend Report PDF Press release Commtouch Software Ltd Retrieved 2010 09 23 Charlie White 2011 07 04 Spam Decreased 82 22 Over The Past Year Mashable com Retrieved 2012 12 10 Spam in Dutch Symantec cloud Retrieved 2012 12 10 Brad Templeton 8 March 2005 Reaction to the DEC Spam of 1978 Brad Templeton Retrieved 2007 01 21 Josh Halliday 10 January 2011 Email spam level bounces back after record low guardian co uk Retrieved 2011 01 11 Waters Darren 2009 04 08 Spam overwhelms email messages BBC News Retrieved 2012 12 10 Email Metrics Program The Network Operators Perspective PDF Report No 7 Third and Fourth quarters 2007 Messaging Anti Abuse Working Group April 2008 Archived from the original PDF on 2008 07 24 Retrieved 2008 05 08 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help Email Metrics Program The Network Operators Perspective PDF Report No 1 4th quarter 2005 Report Messaging Anti Abuse Working Group March 2006 Archived from the original PDF on December 8 2006 Retrieved 2007 01 06 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help Email Metrics Program The Network Operators Perspective PDF Report No 2 1st quarter 2006 Messaging Anti Abuse Working Group June 2006 Archived from the original PDF on 2006 09 24 Retrieved 2007 01 06 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help IPWarmup com Study 2010 MAAWG Email Security Awareness and Usage Report Messing Anti Abuse Working Group Ipsos Public Affairs PDF Retrieved 2012 12 10 Staff 18 November 2004 Bill Gates most spammed person BBC News Retrieved 2010 09 23 Mike Wendland December 2 2004 Ballmer checks out my spam problem ACME Laboratories republication of article appearing in Detroit Free Press Retrieved 2010 09 23 the date provided is for the original article the date of revision for the republication is 8 June 2005 verification that content of the republication is the same as the original article is pending Jef Poskanzer 2006 05 15 Mail Filtering ACME Laboratories Retrieved 2010 09 23 Spam Costs Billions Sophos Sophos reveals dirty dozen spam relaying countries Press release Retrieved 2020 04 13 Register of Known Spam Operations ROKSO Sophos reveals Dirty Dozen spam producing countries August 2004 Press release Sophos 2004 08 24 Retrieved 2007 01 06 Sophos reveals dirty dozen spam relaying countries Press release Sophos 2006 07 24 Retrieved 2007 01 06 Sophos research reveals dirty dozen spam relaying nations Press release Sophos 2007 04 11 Retrieved 2007 06 15 Sophos reveals Dirty Dozen spam producing countries July 2007 Press release Sophos 2007 07 18 Retrieved 2007 07 24 Sophos reveals Dirty Dozen spam producing countries for Q3 2007 Press release Sophos 2007 10 24 Retrieved 2007 11 09 Sophos details dirty dozen spam relaying countries for Q4 2007 Press release Sophos 2008 02 11 Retrieved 2008 02 12 Sophos details dirty dozen spam relaying countries for Q1 2008 Press release Sophos 2008 04 14 Retrieved 2008 06 07 Eight times more malicious email attachments spammed out in Q3 2008 Press release Sophos 2008 10 27 Retrieved 2008 11 02 Spammers defy Bill Gates s death of spam prophecy Press release Sophos 2009 01 22 Retrieved 2009 01 22 Spamhaus Statistics The Top 10 Spamhaus Blocklist SBL database dynamic report The Spamhaus Project Ltd Retrieved 2007 01 06 a href Template Cite web html title Template Cite web cite web a CS1 maint others link The Spamhaus Project the Top 10 Worst Botnet Countries Archived from the original on 2021 10 22 Retrieved 2021 12 13 Shawn Hernan James R Cutler David Harris 1997 11 25 I 005c E Mail Spamming countermeasures Detection and prevention of E Mail spamming Computer Incident Advisory Capability Information Bulletins United States Department of Energy Archived from the original on 2007 01 04 Retrieved 2007 01 06 Sapient Fridge 2005 07 08 Spamware vendor list Spam Sights Retrieved 2007 01 06 SBL Policy amp Listing Criteria The Spamhaus Project 2006 12 22 Retrieved 2007 01 06 original location was atSBL rationale the referenced page is an auto redirect target from the original location Spamware Email Address Harvesting Tools and Anonymous Bulk Emailing Software MX Logic abstract hosted by Bit Pipe 2004 10 01 Retrieved 2007 01 06 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help the link here is to an abstract of a white paper registration with the authoring organization is required to obtain the full white paper Definitions of Words We Use Coalition Against Unsolicited Bulk Email Australia Archived from the original on 2007 01 06 Retrieved 2007 01 06 Vernon Schryver You Might Be An Anti Spam Kook If Rhyolite com Retrieved 2012 12 10 Richi Blog richi co uk Further reading EditDow K Serenko A Turel O Wong J 2006 Antecedents and consequences of user satisfaction with email systems International Journal of e Collaboration PDF vol 2 pp 46 64 Sjouwerman Stu Posluns Jeffrey Inside the spam cartel trade secrets from the dark side Elsevier Syngress 1st edition November 27 2004 ISBN 978 1 932266 86 3 External links EditSpam info Can the Spam How Spam is Bad for the Environment The Economist June 15 2009 Spam reports Worldwide Email Threat Activity Barracuda Central Government reports and industry white papers Email Address Harvesting and the Effectiveness of Anti SPAM Filters PDF United States FTC archived from the original PDF on 2007 11 28 retrieved 13 Oct 2007 The Electronic Frontier Foundation s spam page which contains legislation analysis and litigation histories Why Am I Getting All This Spam Unsolicited Commercial Email Research Six Month Report by Center for Democracy amp Technology from the author of Pegasus Mail and Mercury Mail Transport System David Harris Spam White Paper Drowning in Sewage PDF Pegasus Mail archived from the original PDF on 2007 11 28 Retrieved from https en wikipedia org w index php title Email spam amp oldid 1138444270, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.