E-mail spam

E-mail spam is by far the most common form of spamming on the internet. It involves sending identical or nearly identical unsolicited messages to a large number of recipients. Unlike legitimate commercial e-mail, spam is generally sent without the explicit permission of the recipients, and frequently contains various tricks to bypass e-mail filters. Modern computers generally come with some ability to send spam. The only necessary added ingredient is the list of addresses to target.

Spammers obtain e-mail addresses by a number of means: harvesting addresses from Usenet postings, DNS listings, or Web pages; guessing common names at known domains (known as a dictionary attack); and "e-pending" or searching for e-mail addresses corresponding to specific persons, such as residents in an area. Many spammers utilize programs called web spiders to find email addresses on web pages, although it is possible to fool the web spider by substituting the "@" symbol with another symbol, for example "#", while posting an email address.

Many e-mail spammers go to great lengths to conceal the origin of their messages. They might do this by spoofing e-mail addresses (similar to Internet protocol spoofing). In this technique, the spammer modifies the e-mail message so it looks like it is coming from another e-mail address. However, many spammers also make it easy for recipients to identify their messages as spam by placing an ad phrase in the From field—very few people have names like "GetMyCigs" or "Giving away playstation3s"!

Among the tricks used by spammers to try to circumvent the filters is to intentionally misspell common spam filter trigger words. For example, "viagra" might become "vaigra", or other symbols may be inserted into the word as in "v/i/a/g./r/a". The human mind can handle a surprising degree of corruption (see Wrod Illusinos), but sometimes this tactic can backfire, rendering a message illegible. ISPs have begun to use the misspellings themselves as a filtering test.

The most dedicated spammers—often those making a great deal of money or engaged in illegal activities, such as the pornography, casinos and Nigerian scammers—are often one step ahead of the ISPs. Reporting them to your ISP may help block less sophisticated spammers in the future.

So-called "spambots" are a major producer of email spam. The worst spammers create email viruses that will render an unprotected PC a "zombie computer"; the zombie will inform a central unit of its existence, and the central unit will command the "zombie" to send a low volume of spam. This allows spammers to send high volumes of email without being caught by their ISPs or being tracked down by antispammers; a low volume of spam is instead sent from many locations simultaneously. Many consumer-level ISPs (Earthlink, for example) stop spambots by blocking the SMTP port (port 25), although there are some users who make legitimate use of it.

back to the top

Messaging spam

Messaging spam, sometimes called SPIM, is a type of spam where the target is instant messaging services.
The increase in messaging spam may be motivated by its rise in popularity as well as the many steps to crack down on spamming since the late 1990s.

Instant Messaging applications

Instant messaging (IM) systems, such as Yahoo! Messenger, AIM, MSN Messenger and ICQ, are popular targets for spammers. Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages.

back to the top

Newsgroup Spam

Newsgroup spam is a type of spam where the targets are Usenet newsgroups.

Spamming of Usenet newsgroups actually pre-dates e-mail spam. The first widely recognized Usenet spam (though not the most famous) was posted on January 18, 1994 by Clarence L. Thomas IV, a sysadmin at Andrews University. Entitled "Global Alert for All: Jesus is Coming Soon", it was a fundamentalist religious tract claiming that "this world's history is coming to a climax." The newsgroup posting bot Serdar Argic also appeared in early 1994, posting tens of thousands of messages to various newsgroups, consisting of identical copies of a political screed relating to the Armenian Genocide.

The first commercial Usenet spam, and the one which is often (mistakenly) claimed to be the first Usenet spam of any sort, was an advertisement for legal services entitled "Green Card Lottery - Final One?". It was posted in April 1994 by Arizona lawyers Laurence Canter and Martha Siegel, and hawked legal representation for United States immigrants seeking papers ("green cards").

Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). During the early 1990s there was substantial controversy among Usenet system administrators (news admins) over the use of cancel messages to control spam. A cancel message is a directive to news servers to delete a posting, causing it to be inaccessible to those who might read it. Some regarded this as a bad precedent, leaning towards censorship, while others considered it a proper use of the available tools to control the growing spam problem.

back to the top

Spam over internet Telephony

SPIT (spam over Internet telephony), sometimes known as vam (voice or VoIP spam), is unsolicited bulk messages broadcast over VoIP (Voice over Internet Protocol) to phones connected to the Internet. Although marketers already use voice mail for commercial messages, IP telephony makes a more effective channel because the sender can send messages in bulk instead of dialing each number separately. Internet phones are often mapped to telephone numbers, in the interests of computer-telephony integration (CTI) but each has an IP address as well. Unscrupulous marketers can use spambots to harvest VoIP addresses or may hack into a computer used to route VoIP calls. Furthermore, because calls routed over IP are much moredifficult to trace, the potential for fraud is significantly greater.

back to the top

Mobile phone spam

Mobile phone spam is a form of spamming directed at the text messaging service of a mobile phone. It is described as mobile spamming, sms spam, but is most frequently referred to as m-spam.

In 2002 and 2003, frequent users of cell phone text messages began to see an increase in the number of unsolicited (and generally unwanted) commercial advertisements being sent to their cell phones through text messaging.

In the United States, this use is regulated by the Can Spam Act of 2003.

Often these messages consist of a simple request to call a number. Normal mobile phone etiquette often results in the call being returned by the user. When they then return the call, they are unaware that they have been fraudulently induced to call a premium-rate line. There is frequently an attempt to get them to hold on the line for as long as possible in order to maximise revenue from this fraud.

Another form of mobile phone fraud is the one-ring fraud, where an incoming call to a mobile phone is timed such that it will ring once (or without any sound at all), and then cut off before the user can answer. This leaves the missed call number on their phone, and the rest of the fraud is as above. In this case, it is the (real or apparent) calling number details which are being spammed to the phone, as these calls are made in their hundreds of thousands by autodialers at little or no cost to the originator, as there is no charge for calls which do not connect.

back to the top

Do you think you know everything about Spam? Click on the picture below!