How Spam Messages Work

Spam2_2Spam is Internet slang for the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately.

It is an unwanted intrusion in the mailbox. Spam has also been linked with fraudulent business schemes, chain letters, and offensive sexual and political messages.

Not all bulk email is spam. Some is permission-based, meaning that the recipient has asked to receive it. This occurs when a user at a website voluntarily agrees.

For example, at the time of making a purchase — to receive a newsletter or other email (known as “opt-in email”). Unlike spam, opt-in email usually provides a benefit such as free information or sale prices. Sending unsolicited email to online customers who have not elected to receive information is considered spam.

[related-posts]

How Spam Works

Spam is rarely sent directly by a company advertising itself. It’s usually sent by a “spammer,” a company in the business of distributing unsolicited email. An advertiser enters into an agreement with a spammer, who generates email advertisements to a group of unsuspecting recipients. The cost of spam is far less than postal bulk mailings. An advertiser could spam 10,000 recipients for under $100 versus several thousand dollars for a postal mailing.

How do spammers find you? Sometimes they may buy your address — 15 million email addresses can be purchased for as little as $129 — or they obtain them by using software programs known as “harvesters” that pluck names from websites, newsgroups, or other services in which users identify themselves by email address.

To protect against harvesters of email addresses, some websites use software that “poisons” the harvester — for example, generating bogus email addresses or directing the harvester to a nonexistent site. The use of poisoners, filters, and blocking software can be costly and creates an escalating cat and mouse game as spammers attempt to circumvent each new round of anti-spam software.

The Problem With Spamming

Defenders of spam claim that it is little different from junk mail and can, in fact, be tossed more easily: simply hit the delete key. Although there is some truth to this position, receiving spam is actually more like receiving a junk fax or a sales call on a cellular phone because the cost of distributing the advertisement is borne by the recipient (or the recipient’s ISP), not the sender.

Every ISP pays for the right to operate on the Internet by purchasing bandwidth, the “space” it uses to transmit over the Internet. As the volume of spam directed through an ISP increases, the bandwidth becomes crowded, often slowing down the user’s Internet access.

To counter this, the ISP must pay for filtering software (which can also slow access) or pay to increase the amount of bandwidth. In both cases the expense is often passed along to subscribers. To get an idea of how much bandwidth is consumed by spam, America Online estimated that one-third of the 30 million daily email messages it transfers is spam.

You’ve probably noticed that much of the spam you receive involves deceptive practices. For example, spam for X-rated sites may be disguised with a personal subject header (“How come you didn’t write back?” or “Here’s my new email address”) or even as anti-spam (“We can help remove you from spam lists!”). And you’ve no doubt noticed that a lot of the spam that comes your way is attempting to perpetuate some sort of scam — pyramid schemes, bogus stock offerings, pirated software, and quack health remedies.

Some spam allows you to request that your email address be removed from the spammer’s list, but consumer groups caution that when you respond to a spam email, you verify to the sender that your email account is active. This may result in your receiving even more spam.

How to Stop Spam

The best technology that is currently available to stop spam is spam filtering software. The simplest filters use keywords such as “sex,”, “xxx,” “viagra,” etc., in the subject line to attempt to identify and delete spam. These simple filters are easy to sidestep by spelling “sex” as “s-e-x.”

There are, of course, thousands of ways to spell “sex” if you are willing to add extra characters like that, and it is difficult for the simple filters to keep up. Also, simple filters are most likely to block “real” e-mail that you do want to receive. For example, if your friend sends you her favorite recipe for baked chicken breasts, the filter blocks the e-mail because of the word “breasts.”

More advanced filters, known as heuristic filters and Bayesian filters, try to take this simple approach quite a bit further to statistically identify spam based on word patterns or word frequency. But there are still ways to get around them (mainly by using short messages).

Large ISPs tried blocking multiple e-mails with the same subject line or message body. This had the unwanted side-effect of blocking e-mail newsletters, so ISPs made “white lists” to identify legitimate newsletter senders. Then spammers sidestepped the issue by inserting different random characters into each subject line and message body. That’s why you get e-mail messages with subject lines like:

Women Wanted puklq

The word “puklq” is random, and it is different on every e-mail the spammer sends.

There are several organizations that publish lists of IP addresses that are used by spammers. Any large spammer will have an array of server machines blasting out spam messages, and each server machine has its own IP address. Once spam is detected from an IP address, that IP address is put in a list (Spamhaus.org is one of many organizations that maintain such lists).

Companies that host e-mail accounts can look at the sending IP address of every e-mail and filter out those that appear in the Spamhaus.org list.

Spammers get around this approach in two different ways. First, they change their IP addresses frequently. The unfortunate problem with this approach is that the old IP addresses that spammers discard get recycled, and the people who get these discarded IP addresses find them to be useless — they are tainted by their former association with spam, and cannot be used for sending legitimate e-mail.

Credit: How Stuff works and Nolo.com