146. Spam Basics
By Andrew D. Wright
By now almost everyone is familiar with the idea of spam - unsolicited
commercial email. For those who are less sure what's what, here's a basic
guide to one of the Internet's greatest annoyances.
Spam gets its name from a classic 1970 Monty Python
sketch where a restaurant serves spam with everything. The email
version is much worse: junk mail makes up 97-99% of the daily mail
stream. Legitimate email is a trace impurity in the spam flow.
All mail servers have had to aggressively implement a number of different
strategies to combat this tidal wave of rubbish. Spammers quickly adapt or
simply overwhelm anti-spam measures by sheer numbers of junk messages.
Spam amounts have been doubling or tripling each year for the past decade.
One method used by mail servers to catch spam is to check the sender
address is valid before accepting a message. Spammers get around this by
using real addresses they've drawn from their lists as the supposed spam
senders.
You see, you can put in anyone's address as the sender of an email.
If the address isn't yours, you'll never see a reply but that doesn't
matter if all you want is the message to be received and read by someone.
Everything in a spam is a lie. It doesn't matter what the spam says
in the To: and From: headers, these are always addresses from some
innocent third party. You got the spam because your email address was on
the email envelope, discarded when the email was delivered to your inbox
for you to read.
If you're the innocent third party, you'll sometimes see returned mail
bounces for some message you never sent out. Many people at this point
think that their email accounts have been hacked. What's really happened
is their address was used as the From: or Reply-To: header for a run of
spam.
Spammers will generally only use any one particular address for a small
amount of spam so as not to get easily filtered, though there can be
(thankfully rare) exceptions generating hundreds or thousands of message
bounces. Most mail server administrators are clever enough not to bounce
incoming spam as this "backscatter spam" just punishes some innocent
person for the sins of the spammer.
Spammers have giant lists of email addresses gathered many ways - from web
pages where an address has been posted, from postings to online forums,
from applications people have completed where the information has been
sold to third parties, and from virus- or trojan-infected computers where
every email address on the computer is sent back to the criminals
responsible for the infection.
Spam is sent out from these infected home and work computers. They form
botnets where thousands or millions of them work together to send out
billions of junk emails while betraying their unaware users' personal
information to criminals. Every day as dawn breaks across North America, a
flood of spam is sent out as millions of home and office computers are
turned on. Twelve hours later Asia comes online and their compromised
computers send out a new tsunami of rubbish.
Products advertised by spammers are not what is claimed. Typically the
online store will be hosted in one country, the transactions processed in
another, the money sent to a third and finally when any product is sent at
all, it comes from yet another country where there is no guarantee of
quality or protection from fraud. People have died from receiving bad
medication purchased through spam ads.
The best approach to spam is to simply delete it. Do not believe anything
the message says, they won't remove your address from their lists.
The Mousepad runs every two weeks. It's a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, email mousepad@chebucto.ns.ca or
click here. If we use your question
in a column, we'll send you a free mousepad.
Originally published 16 January 2009
