Many email spam messages are commercial in nature but may also contain disguised links that appear to be for familiar websites but in fact lead to phishing web sites or sites that are hosting malware. Spam email may also include malware as scripts or other executable file email attachment (trojans). Spam is named after Spam luncheon meat by way of a Monty Python sketch in which Spam is ubiquitous, unavoidable and repetitive.
Email spam has steadily grown since the early 1990s. , networks of computer virus-infected computers, are used to send about 80% of spam. Since the expense of the spam is borne mostly by the recipient, it is effectively postage due advertising. This makes it an excellent example of a negative externality.
The legal status of spam varies from one jurisdiction to another. In the United States, the CAN-SPAM Act of 2003 preempted state laws specific to e-mail, making redress more difficult; it required that messages adheres to rules set by the Act and by the FTC, but did not otherwise address Unsolicited Bulk E-mail (UBE). ISPs have attempted to recover the cost of spam through lawsuits against spammers, although they have been mostly unsuccessful in collecting damages despite winning in court.
Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses that harvest users' address books. These collected email addresses are sometimes also sold to other spammers. The proportion of spam email was around 90% of email messages sent, in the end of 2014.
It was estimated in 2009 that spam cost businesses around US$130 billion. Ferris Research: Cost of Spam As the scale of the spam problem has grown, ISPs and the public have turned to government for relief from spam, which has failed to materialize. Spam's Cost To Business Escalates
Spam has several definitions varying by source.
|+ Email Spam by Topic|
Often, image spam contains nonsensical, computer-generated text which simply annoys the reader. However, new technology in some programs tries to read the images by attempting to find text in these images. These programs are not very accurate, and sometimes filter out innocent images of products, such as a box that has words on it.
A newer technique, however, is to use an animated GIF image that does not contain clear text in its initial frame, or to contort the shapes of letters in the image (as in CAPTCHA) to avoid detection by optical character recognition tools.
Blank spam may be originated in different ways, either intentional or unintentionally:
If the sender address was forged, then the bounce may go to an innocent party. Since these messages were not solicited by the recipients, are substantially similar to each other, and are delivered in bulk quantities, they qualify as unsolicited bulk email or spam. As such, systems that generate email backscatter can end up being listed on various and be in violation of internet service providers' Terms of Service.
As the recipient directly bears the cost of delivery, storage, and processing, one could regard spam as the electronic equivalent of "postage-due" junk mail. Due to the low cost of sending unsolicited email and the potential profit entailed, some believe that only strict legal enforcement can stop junk email. The Coalition Against Unsolicited Commercial Email (CAUCE) argues "Today, much of the spam volume is sent by career criminals and malicious hackers who won't stop until they're all rounded up and put in jail."
Article 13 of the European Union Directive on Privacy and Electronic Communications (2002/58/EC) provides that the European Union member states shall take appropriate measures to ensure that unsolicited communications for the purposes of direct marketing are not allowed either without the consent of the subscribers concerned or in respect of subscribers who do not wish to receive these communications, the choice between these options to be determined by national legislation.
In the United Kingdom, for example, unsolicited emails cannot be sent to an individual subscriber unless prior permission has been obtained or unless there is a previous relationship between the parties.Privacy and Electronic Communications (EC Directive) Regulations 2003 The regulations can be enforced against an offending company or individual anywhere in the European Union. The Information Commissioner's Office has responsibility for the enforcement of unsolicited emails and considers complaints about breaches. A breach of an enforcement notice is a criminal offence subject to a fine of up to £500,000.
Spam is legally permissible according to CAN-SPAM, provided it meets certain criteria: a "truthful" subject line, no forged information in the technical headers or sender address, and other minor requirements. If the spam fails to comply with any of these requirements it is illegal. Aggravated or accelerated penalties apply if the spammer harvested the email addresses using methods described earlier.
A review of the effectiveness of CAN-SPAM in 2005 by the Federal Trade Commission (the agency charged with CAN-SPAM enforcement) stated that the amount of sexually explicit spam had significantly decreased since 2003 and the total volume had begun to level off. Senator Conrad Burns, a principal sponsor, noted that "Enforcement is key regarding the CAN-SPAM legislation." In 2004, less than one percent of spam complied with CAN-SPAM. In contrast to the FTC evaluation, many observers view CAN-SPAM as having failed in its purpose of reducing spam.
The use of botnets can be perceived as theft. The spammer consumes a zombie owner's bandwidth and resources without any cost. In addition, spam is perceived as theft of services. The receiving SMTP servers consume significant amounts of system resources dealing with this unwanted traffic. As a result, service providers have to spend large amounts of money to make their systems capable of handling these amounts of email. Such costs are inevitably passed on to the service providers' customers.
Other laws, not only those related to spam, have been used to prosecute alleged spammers. For example, Alan Ralsky was indicted on stock fraud charges in January 2008, and Robert Soloway pleaded guilty in March 2008 to charges of mail fraud, fraud in connection with email, and failing to file a tax return.
Senders may go to great lengths to conceal the origin of their messages. Large companies may hire another firm to send their messages so that complaints or blocking of email falls on a third party. Others engage in Spoofing attack of email addresses (much easier than IP address spoofing). The email protocol (SMTP) has no authentication by default, so the spammer can pretend to originate a message apparently from any email address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing positive identification of the specific account from which an email originates.
Senders cannot completely spoof email delivery chains (the 'Received' header), since the receiving mailserver records the actual connection from the last mailserver's IP address. To counter this, some spammers forge additional delivery headers to make it appear as if the email had previously traversed many legitimate servers.
Spoofing can have serious consequences for legitimate email users. Not only can their email inboxes get clogged up with "undeliverable" emails in addition to volumes of spam, they can mistakenly be identified as a spammer. Not only may they receive irate email from spam victims, but (if spam victims report the email address owner to the ISP, for example) a naive ISP may terminate their service for spamming.
Increasingly, spammers use networks of malware-infected PCs (Zombie computer) to send their spam. Zombie computer networks are also known as (such zombifying malware is known as a bot, short for robot). In June 2006, an estimated 80 percent of email spam was sent by zombie PCs, an increase of 30 percent from the prior year. An estimated 55 billion email spam were sent each day in June 2006, an increase of 25 billion per day from June 2005.
For the first quarter of 2010, an estimated 305,000 newly activated zombie PCs were brought online each day for malicious activity. This number is slightly lower than the 312,000 of the fourth quarter of 2009.
Brazil produced the most zombies in the first quarter of 2010. Brazil was the source of 20 percent of all zombies, which is down from 14 percent from the fourth quarter of 2009. India had 10 percent, with Vietnam at 8 percent, and the Russian Federation at 7 percent.
The first known spam email, advertising a DEC product presentation, was sent in 1978 by Gary Thuerk to 600 addresses, which was all the users of ARPANET at the time, though software limitations meant only slightly more than half of the intended recipients actually received it. As of August 2010, the number of spam messages sent per day was estimated to be around 200 billion. More than 97% of all emails sent over the Internet are unwanted, according to a Microsoft security report. MAAWG estimates that 85% of incoming mail is "abusive email", as of the second half of 2007. The sample size for the MAAWG's study was over 100 million mailboxes.
In terms of volume of spam: According to Sophos, the major sources of spam in the fourth quarter of 2008 (October to December) were:
When grouped by continents, spam comes mostly from:
In terms of number of IP addresses: the Spamhaus Project (which measures spam sources in terms of number of IP addresses used for spamming, rather than volume of spam sent) ranks the top three as the United States, China, and Russia, followed by Japan, Canada, and South Korea.
In terms of networks: , the three networks hosting the most spammers are Verizon, AT&T, and VSNL International. Verizon inherited many of these spam sources from its acquisition of MCI, specifically through the UUNET subsidiary of MCI, which Verizon subsequently renamed Verizon Business.
Some popular methods for filtering and refusing spam include email filtering based on the content of the email, DNS-based blackhole lists (DNSBL), greylisting, , enforcing technical requirements of email (SMTP), checksumming systems to detect bulk email, and by putting some sort of cost on the sender via a proof-of-work system or a micropayment. Each method has strengths and weaknesses and each is controversial because of its weaknesses. For example, one company's offer to "remove some spamtrap and honeypot addresses" from email lists defeats the ability for those methods to identify spammers.
Outbound spam protection combines many of the techniques to scan messages exiting out of a service provider's network, identify spam, and taking action such as blocking the message or shutting off the source of the message.
Sometimes, if the sent spam is "bounced" or sent back to the sender by various programs that eliminate spam, or if the recipient clicks on an unsubscribe link, that may cause that email address to be marked as "valid", which is interpreted by the spammer as "send me more". This is illegal under most anti-spam legislation. However, a recipient should not automatically assume that an unsubscribe link is an invitation to be sent more messages: if the originating company is legitimate and the content of the message is legitimate, then individuals should unsubscribe to messages or threads or mailing lists they no longer wish to receive.
The principle of this method is to leave the word readable to humans (who can easily recognize the intended word for such misspellings), but not likely to be recognized by a literal computer program. This is only somewhat effective, because modern filter patterns have been designed to recognize blacklisted terms in the various iterations of misspelling. Other filters target the actual obfuscation methods, such as the non-standard use of punctuation or numerals into unusual places. Similarly, HTML-based email gives the spammer more tools to obfuscate text. Inserting HTML comments between letters can foil some filters, as can including text made invisible by setting the font color to white on a white background, or shrinking the font size to the smallest fine print. Another common ploy involves presenting the text as an image, which is either sent along or loaded from a remote server. This can be foiled by not permitting an email-program to load images.
As Bayesian filtering has become popular as a spam-filtering technique, spammers have started using methods to weaken it. To a rough approximation, Bayesian filters rely on word probabilities. If a message contains many words that are used only in spam, and few that are never used in spam, it is likely to be spam. To weaken Bayesian filters, some spammers, alongside the sales pitch, now include lines of irrelevant, random words, in a technique known as Bayesian poisoning. A variant on this tactic may be borrowed from the Usenet abuser known as "Hipcrime"—to include passages from books taken from Project Gutenberg, or nonsense sentences generated with "dissociated press" algorithms. Randomly generated phrases can create spoetry (spam poetry) or spam art. The perceived credibility of spam messages by users differs across cultures; for example, Korean unsolicited email frequently uses apologies, likely to be based on Koreans’ modeling behavior and a greater tendency to follow social norms.
Another method used to masquerade spam as legitimate messages is the use of autogenerated sender names in the From: field, ranging from realistic ones such as "Jackie F. Bird" to (either by mistake or intentionally) bizarre attention-grabbing names such as "Sloppiest U. Epiglottis" or "Attentively E. Behavioral". Return addresses are also routinely auto-generated, often using unsuspecting domain owners' legitimate domain names, leading some users to blame the innocent domain owners. Blocking lists use IP addresses rather than sender domain names, as these are more accurate. A mail purporting to be from example.com can be seen to be faked by looking for the originating IP address in the email's headers; also Sender Policy Framework, for example, helps by stating that a certain domain will send email only from certain IP addresses.
Spam can also be hidden inside a fake "Undelivered mail notification" which looks like the failure notices sent by a mail transfer agent (a "Bounce message") when it encounters an error.
Some Internet hosting firms advertise bulk-friendly or bulletproof hosting. This means that, unlike most ISPs, they will not terminate a customer for spamming. These hosting firms operate as clients of larger ISPs, and many have eventually been taken offline by these larger ISPs as a result of complaints regarding spam activity. Thus, while a firm may advertise bulletproof hosting, it is ultimately unable to deliver without the connivance of its upstream ISP. However, some spammers have managed to get what is called a pink contract (see below) – a contract with the ISP that allows them to spam without being disconnected.
A few companies produce spamware, or software designed for spammers. Spamware varies widely, but may include the ability to import thousands of addresses, to generate random addresses, to insert fraudulent headers into messages, to use dozens or hundreds of mail servers simultaneously, and to make use of open relays. The sale of spamware is illegal in eight U.S. states. original location was at ; the referenced page is an auto-redirect target from the original location the link here is to an abstract of a white paper; registration with the authoring organization is required to obtain the full white paper.
So-called millions CDs are commonly advertised in spam. These are purportedly containing lists of email addresses, for use in sending spam to these addresses. Such lists are also sold directly online, frequently with the false claim that the owners of the listed addresses have requested (or "opted in") to be included. Such lists often contain invalid addresses. In recent years, these have fallen almost entirely out of use due to the low quality email addresses available on them, and because some email lists exceed 20GB in size. The amount you can fit on a CD is no longer substantial.
A number of DNSBL (DNSBLs), including the MAPS RBL, Spamhaus SBL, SORBS and SPEWS, target the providers of spam-support services as well as spammers. DNSBLs blacklist IPs or ranges of IPs to persuade ISPs to terminate services with known customers who are spammers or resell to spammers.
Government reports and industry white papers