From Wikipedia, the free encyclopedia.
Spam by e-mail is one type of spamming that involves sending identical or nearly identical messages to thousands (or millions) of recipients. Addresses of recipients are often harvested from Usenet postings or web pages, obtained from databases, or simply guessed by using common names and domains. By definition, spam is sent without the permission of the recipients.
The terms unsolicited commercial email (UCE) and unsolicited bulk email (UBE) are sometimes used as more precise or less slang-like expressions for email spam. Many email users regard all UBE as spam, regardless of its content -- but most legislative efforts against spam are tailored to address UCE. A small but noticeable proportion of unsolicited bulk email is not, in fact, also commercial; examples include political advocacy spam and chain letters.
Sending spam is a violation of the Acceptable Use Policy (AUP) of most ISPs, and can lead to the termination of the sender's account. In many jurisdictions, spamming is a crime or an actionable tort, such as in the United States, where the act is regulated by the Can Spam Act of 2003.
Spammers engage in deliberate fraud to send out their messages. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. They also often use falsified or stolen credit card numbers to pay for these accounts. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs.
Spammers go to great lengths to try and hide where the messages originate. They do this by spoofing email addresses (similar to Internet protocol spoofing). The spammer hacks the email message so it looks like it is coming from another email address.
It is not possible to completely spoof an email since the actual connection from the last mailserver's IP address is recorded by your own mailserver; however, the rest of the history of the mailservers the E-mail was sent through can be forged by spammers. But tracing an email messages route is usually fruitless since many ISPs have thousands of customers and identifying just one spammer is tedious.
Spammers frequently seek out and make use of vulnerable third-party systems such as open mail relays and open proxy servers. The SMTP system, used to send email across the Internet, forwards mail from one server to another; mail servers that ISPs run commonly require some form of authentication that the user is a customer of that ISP. Open relays, however, do not properly check who is using the mail server and pass all mail to the destination address, making it quite a bit harder to track down spammers.
Spoofing can have serious consequences for legitimate email users. Not only can their email inboxes get clogged up with "undeliverable" emails in addition to volumes of spam, they can mistakenly be identified as a spammer. Not only may they receive irate email from spam victims, but (if spam victims report the email address owner to the ISP, for example) their ISP may terminate their service for spamming.
Several tools have been released, both for end users and systems administrators, which automate spam removal by scanning through all emails in search of traits typical of spam.
Tools for end users range in capabilities from tracing and reporting spam to hiding email addresses from spammers to removing and/or blocking spam. These tools include SpamCop, NoSpam, SpamGuard, and even mail clients, such as the one built in to Mozilla.
Tools for systems administrators allow them to block incoming email from particular spamming IPs, block Usenet spam, block formmail spam, and determine if mail is spam. One of the most popular amongst systems administrators is SpamAssassin. One of the statistically most accurate on the spam corpus is CRM114, which can be integrated into SpamAssassin.
Spamgourmet, quite unknown, but very powerful takes a completely different approach, and offers free disposable e-mail addresses. The project was "created by folks who've been driven rabid by spam since 1993 or so" (quote from their FAQ). All the code they've written is open source.
See also: stopping e-mail abuse
Larger ISPs such as America Online report that anywhere from one-third to two-thirds of their email server capacity is consumed by spam.
Because this cost is imposed without the consent of either the site owners or the authorized users, many argue that email spamming is a form of theft of services.
In May 2003, it was reported more than half of all emails sent were spam. Steve Linford of the spam-fighting project Spamhaus warned that at current rates of increase, the entire email system could "melt down" within six months.
According to an article by James Gleick in The Observer, 2 March 2003:
As at 11 July 2003, the U.S. Federal Trade Commission ("FTC") was expected to ask the U.S. Congress for new powers that would let it cooperate closely with other governments and more easily prosecute American and overseas spammers. A 13-page proposal drafted by the FTC to implement legislation entitled the International Consumer Protection Enforcement Act (ICPEA) would render the agency's investigators "spam cops", granting them the power to serve secret requests for subscriber information on Internet service providers, peruse FBI criminal databases and swap sensitive information with foreign law enforcement agencies. The proposed legislation is a result of a push by American legislators to enact strong laws targeting the most extreme spammers. Civil libertarians are alarmed at the ICPEA draft bill, on the basis that it does not contain sufficient checks and balances, and would adversely impact the Freedom of Information Act.
On June 29, 2003, The New York Times reported that Ferris Research estimated that for 2003, the cost of spam is $10 billion in the United States. The estimate factors in the waste in computing resources and work time.
On October 22, 2003, the U.S. Senate voted to outlaw spam e-mails and to set up a "do not spam" registry similar to the recently put in effect "do not call" one. Such a registry might actually cause more spam if it gives spammers a list of confirmed "live" addresses, though the final version of the Can Spam Act of 2003, which was sent to the President for his signature on December 8th, prohibits the sale or other transfer of an e-mail address obtained through an opt-out request.
On October 24, 2003, a Santa Clara, California Superior Court judge ordered two spammers to pay $2 million for illegally sending unsolicited e-mails.
On December 11, 2003, new UK legislation was passed making it an offence for UK organisations to send unsolicited e-mails. Many experts have expressed doubts over the effectiveness of the new law given that most spam originates outside the UK and the process to convict a spammer would take up to two years to complete.
On December 12, 2003, the state of Virginia arrested two men on felony spamming charges. [1]
On January 22, 2004 a court of law in Denmark fined an company 400.000 DK (€ 54.780) for illegally sending 1.500 unsolicited e-mails.
In January, 2004, Bill Gates proposes at World Economic Forum, Davos, Switzerland, to charge the sender instead of the recepient of the mail. But many protest that charging for mail is against the free spirit of Internet.
IETF views on spamming can be found in RFC 2635.
Overview
Avoiding Spam
Statistics
The U.S. Federal Trade Commission estimates that as much as 2/3 of all spam email contains fraudulent offers, forged headers, or other false claims suggestive of criminal activity. [1]Current events
Related topics
Notorious spammers
Newsgroups
External links
