Jump to content

Spamming

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 148.87.1.170 (talk) at 18:12, 23 June 2004 (External links). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Spamming is the act of sending unsolicited electronic messages in bulk.

In the popular eye, the most common form of spam is that delivered in e-mail as a form of commercial advertising. However, over the short history of electronic media, people have done things comparable to spamming for many purposes other than the commercial, and in many media other than e-mail. In this article and those related, the term spamming is used broadly to refer to all of these behaviors, regardless of medium and commercial intent.

This article provides a general overview of the spamming phenomenon. Separate articles discuss the techniques of spammers on particular media: Internet e-mail, instant messaging, Usenet newsgroups, Web search engines, weblogs, and mobile phone messaging. Another article suggests ways of stopping e-mail abuse.

Overview

One of the strengths of electronic communications media is that it costs virtually nothing to send a message. These media are not free of charge: setting up a cellular telephone network or an Internet e-mail service has substantial overhead costs in equipment and connectivity. However, once these costs are paid for, the cost to transmit a message to a single recipient is minuscule when compared with older media such as postal mail. Electronic messaging is cheap and fast. It is also easy to automate: computer programs can send out millions of messages via e-mail, instant message (IM), or Usenet netnews in minutes or hours at nearly no labor cost.

From these economic realities, a sort of tragedy of the commons emerges. Any communications mechanism which is cheap and easy to automate is easy to flood with bulk messages. To send instant messages to millions of users on most IM services, all one needs is a piece of scriptable software and those users' IM usernames. The ability to send e-mail from a computer program is built in to popular operating systems such as Microsoft Windows and Unix -- the only added ingredient needed is the list of addresses to target.

Sending bulk messages in this fashion, to recipients who have not solicited them, has come to be known as spamming, and the messages themselves as spam. The etymology of the term is discussed below.

Spamming has been considered by various commercial, government, and independent entities to be one of the foremost social problems facing electronic media today. All manner of attempts have been made to curb this problem: technical measures such as e-mail filtering and the automated cancellation of netnews spam; contractual measures such as Internet Service Providers' acceptable-use policies; laws such as the Can Spam Act of 2003; and market pressures such as boycotts of those who use or support spam.

The costs of spam

Spam's direct effects include the consumption of computer and network resources, and the cost in human time and attention of dismissing unwanted messages. In addition, spam has costs stemming from the kinds of spam messages sent, from the ways spammers send them, and from the arms race between spammers and those who try to stop or control spam.

In part because of the bad reputation (and dubious legal status) which spamming carries, it is chiefly used to carry offers of an ill-reputed or questionably legal nature. Many of the products advertised in spam are fraudulent in nature, such as quack medications and get-rich-quick schemes. Spam is frequently used to advertise scams, such as the well-known advance fee fraud and password phishing. It is also often used to advertise pornography indiscriminately, even in jurisdictions where it is illegal to transmit pornographic solicitations to minor children.

The methods of spammers are likewise costly -- to ISPs and the rest of the network, not to the spammers themselves. Because spamming contravenes ISP acceptable-use policies, spammers have for many years gone to some trouble to conceal the origins of their spam. E-mail, Usenet, and instant-message spam are often sent through insecure proxy servers belonging to unwilling third parties. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. In some cases, they have used falsified or stolen credit card numbers to pay for these accounts. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs.

Finally, the costs of spam must include the collateral costs of the struggle between spammers and the administrators and users of the media threatened by spamming. [1]

Spamming in different media

E-mail spam

E-mail spam is by far the most common form of spamming on the internet. It involves sending identical or nearly identical messages to thousands (or millions) of recipients. Unlike legitimate commercial e-mail, spam is sent without the permission of the recipients, and frequently contains various tricks to bypass e-mail filters.

Spammers obtain e-mail addresses by a number of means: harvesting addresses from Usenet postings, DNS listings, or Web pages; guessing common names at known domains (known as a dictionary attack); and "e-pending" or searching for e-mail addresses corresponding to specific persons, such as residents in an area.

E-mail spammers go to great lengths to conceal the origin of their messages. They do this by spoofing e-mail addresses (similar to Internet protocol spoofing). The spammer modifies the e-mail message so it looks like it is coming from another e-mail address.

Messaging spam

Messaging spam is a type of spamming where the target of the spamming is instant messaging (IM). Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages.

A similar sort of spam can be sent with the "NET SEND" command in Microsoft Windows, a function intended for remotely alerting a system administrator. This causes a pop-up window to appear on the targeted system's screen. This kind of spam is very easy to switch off, just follow these steps

  1. Click on the Start button
  2. Click on "Run ..."
  3. Type Services.msc
  4. Locate Messenger in the Name column
  5. Right click on it and click on "Stop"
  6. Double click on it
  7. Change Startup type to "disable"
  8. Click on OK

Newsgroup spam

Newsgroup spam is a type of spamming where the target of the spamming are Usenet newsgroups. Spamming of Usenet newsgroups actually pre-dates e-mail spam. Old Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). Since posting to newsgroups is nearly as easy as sending e-mails, newsgroups are a popular target of spammers.

Spamdexing (search engine spam)

Spamdexing (a combination of spamming and indexing) refers to the practice on the World Wide Web of deliberately modifying HTML pages to increase the chance of them being placed high on search engine relevancy lists. People who do this are called search engine spammers.

Blog spam

In blog spam the targets are weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site. These link would in theory enhance the ranking of the target page in search engine indexes. [2]

Mobile phone spam

Mobile phone spam is a form of spamming directed at the text messaging service of a mobile phone. This can be especially irritating to consumers not only for the inconvenience but also because they sometimes have to pay to receive the text message.

Commercial uses

The most common purpose for spamming is advertising. Goods commonly advertised in spam include pornography, computer software, medical products such as Viagra, credit card accounts, and fad products. Spam is also used to promote scams such as pyramid schemes, stock pump-and-dump schemes, and the Nigerian money transfer fraud (419 fraud).

The use of spamming in other countries may be different. For example, in Russia spamming is commonly used by many mainstream legitimate businesses, such as travel agencies, printing shops, training centres, real estate agencies, seminar and conference organisers and even self-employed electricians and garbage collection companies. In fact, the most prominent Russian spammer that sparked a powerful anti-spam movement, enraged the deputy minister of communications Andrey Korotkov and provoked a wave of meat-space counter-strikes, including a massive telephone DDOS attack, was American English Center, a language school in Moscow.

Comparison to postal "junk" mail

There are a number of differences between spam and junk mail:

  • Unlike junk postal mail, the costs of spam are paid for by the recipient's mail site, in terms of bandwidth, CPU processing time, and storage space. Spammers frequently use free dial-up accounts, so their costs may be quite minimal indeed. Because of this offloading of costs onto the recipient, many consider spamming to be theft or criminal conversion.
  • Junk mail often subsidizes the delivery of mail customers want to receive. For example, the United States Postal Service allows bulk mail senders to pay a lower rate than for first-class mail, because they are required to sort their mailings and apply bar codes, which makes their mail much cheaper to process.
  • Another distinction is that the costs of sending junk mail provide incentives to be somewhat selective about recipients, whereas the spammer has no such incentives. Once a certain volume is reached, doubling the number of recipients often doubles the costs. For a spammer the cost of sending a single message is often no different than sending a million. Spammers do not have the bulk mailer's incentive to prune their lists of invalid addresses or those unlikely to buy.
  • Finally, bulk mail is by and large used by businesses who are traceable and can be held responsible for what they send. Laws restrict the sending of pornographic materials in the post, and governmental agencies (postal inspectors) exist to enforce these laws. Spammers frequently operate on a fly-by-night basis, using the so-called "anarchy" of the Internet, and its unfamiliarity to law enforcement, as a cover.

Non-commercial spam

E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political in nature. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and e-mail media with preaching messages.

Spamming has also been used as a denial of service tactic, particularly on Usenet. By overwhelming the readers of a newsgroup with an inordinate number of nonsense messages, legitimate messages can be lost and computing resources are consumed. Since these messages are usually forged (that is, sent falsely under regular posters' names) this tactic has come to be known as sporgery (from spam + forgery). This tactic has for instance been used by partisans of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology vs. the Internet) and by spammers against news.admin.net-abuse.e-mail, a forum for mail administrators to discuss spam problems. Applied to e-mail, this is termed mailbombing.

In a handful of cases, forged e-mail spam has been used as a tool of harassment. The spammer collects a list of addresses as usual, then sends a spam to them signed with the name of the person he wishes to harass. Some recipients, angry that they received spam and seeing an obvious "source", will respond angrily or pursue various sorts of revenge against the apparent spammer, the forgery victim. A widely known victim of this sort of harassment was Joe's CyberPost, which has lent its name to the offense: it is known as a joe job. Such joe jobs have been most often used against anti-spammers: in more recent examples, Steve Linford of spamhaus.org and Timothy Walton, a California attorney, have been targeted.

Spammers have also abused resources set up for purposes of anonymous speech online, such as anonymous re-mailers. As a result, many of these resources have been shut down, denying their utility to legitimate users.

E-mail worms or viruses may be spammed to set up an initial pool of infected machines, which then re-send the virus to other machines in a spam-like manner. The infected machines can often be used as remote-controlled zombie computers, for more conventional spamming or DDoS attacks. Sometimes trojans are spammed to phish for bank account details, or to set up a pool of zombies without using a virus.

Etymology

The term spam is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM® luncheon meat. While a customer plaintively asks for some kind of food without SPAM in it, the server reiterates the SPAM-filled menu. Soon, a chorus of Vikings join in with a song: "SPAM, SPAM, wonderful SPAM, glorious SPAM," over and over again, drowning out all conversation.

Although the first known instance of unsolicited commercial e-mail occurred in 1978, the term "spam" for this practice had not yet been applied. In the 1980s the term was adopted to describe certain abusive users who frequented BBSs and MUDs, who would repeat "SPAM" a huge number of times to scroll other users' text off the screen. This act, previously termed flooding, came to be called spamming as well. By analogy, the term was soon applied to any large amount of text broadcasted by one user, or sometimes by many users.

It later came to be used on Usenet to mean excessive multiple posting -- the repeated posting of the same message. The first evident usage of this sense was by Joel Furr in the aftermath of the ARMM incident of March 31 1993, in which a piece of experimental software released dozens of recursive messages onto the news.admin.policy newsgroup. Soon, this use had also become established -- to spam Usenet was to flood newsgroups with junk messages.

Commercial spamming started in force when a pair of lawyers, Laurence Canter and Martha Siegel, began using bulk Usenet posting to advertise immigration law services. The two went on to widely promote spamming of both Usenet and e-mail as a new means of advertisement -- over the objections of Internet users they labeled "anti-commerce radicals". Within a few years, the focus of spamming (and anti-spam efforts) moved chiefly to e-mail, where it remains today. [3]

There are two popular (and incorrect) folk etymologies of the word "spam". The first, promulgated by Canter & Siegel themselves, is that "spamming" is what happens when one dumps a can of SPAM luncheon meat into a fan blade. The second is the acronym "shit posing as mail."

Hormel Foods Corporation, the makers of SPAM® luncheon meat, do not object to the Internet use of the term "spamming." However, they do ask that the capitalized word "SPAM" be reserved to refer to their product and trademark. [4].

See also: History of spamming

The terms unsolicited commercial e-mail (UCE) and unsolicited bulk e-mail (UBE) are sometimes used as more precise or less slang-like expressions for specific types of e-mail spam. Many e-mail users regard all UBE as spam, regardless of its content -- but most legislative efforts against spam are tailored to address UCE. A small but noticeable proportion of unsolicited bulk e-mail is not, in fact, also commercial; examples include political advocacy spam and chain letters.

An ISP which offers special terms of service to spammers is said to have signed a pink contract. Specifically, this refers to a contract which exempts the spammer from the ISP's normal acceptable-use policies -- or one in which the spammer's violation of same is deliberately overlooked.

A site which is friendly to spammers may also be called a black hat, with reference to Western movie cliché in which the villain wears a black cowboy hat. Similarly, an ISP which deals effectively with spammers may be called a white hat. To ask about an ISP's reputation on a public forum (such as news.admin.net-abuse.email) is to do a hat check; the subject line of such a request might be "Foo ISP hat check?" or "What color is Foo ISP's hat?" (The same hat-color metaphor is also used among crackers, albeit with thoroughly different values.)

In the battle between spammers and spam-fighters, spammers have now started employing what the trade press have dubbed spackers, crackers who work for the spammers. This term has not caught on outside the idiosyncratic vocabulary of trade magazines; system administrators concerned with fighting spam are likely to simply call these people spammers or crackers. Computer viruses such as the Sobig and Mimail strains, which allow spammers to send spam through exploited computers, are termed spammer viruses.

On Usenet in the early 1990s there was a significant controversy among netnews administrators and users over ways to handle different types of Usenet abuse. A culture of neutrality towards content precluded defining spam on the basis of advertisement or commercial solicitations. The word "spam" was usually taken to mean excessive multiple posting (EMP), and other neologisms were coined for other abuses -- such as "velveeta" (from the processed cheese product) for excessive cross-posting. [5] A subset of spam was deemed cancellable spam, for which it is considered justified to issue third-party cancel messages. [6]

A more complete list of spam-related vocabulary may be found in the Spam Glossary web page.

Alternate meanings

The term "spamming" is also used in the older sense of something repetitious and disruptive by players of first-person shooter computer games. In this sense it refers to "area denial" tactics—repeatedly firing rockets or other explosive shells into an area. Or to any tactic whereby a large volume of ammunition is expended in the hope of scoring a single hit.

MUD, MUSH, and MUCK players happily continue using the word in its original sense. When a player returns to the terminal after a brief break to find her screen filled with pages of random chat, that's still called "spam". [7]

Neither of these senses of the word imply that the "spamming" is abusive.

Costs of spam

Many users are bothered by spam because it impinges upon the amount of time they spend reading their e-mail. Many also find the content of spam frequently offensive, in that pornography is one of the most frequently advertised products. Spammers send their spam largely indiscriminately, so pornographic ads may show up in a work place e-mail inbox -- or a child's, the latter of which is illegal in many jurisdictions.

Some spammers argue that most of these costs could potentially be alleviated by having spammers reimburse ISPs and individuals for their material. There are two problems with this logic: first, the rate of reimbursement they could credibly budget is unlikely to be nearly high enough to pay the cost; and second, the human cost (lost mail, lost time, and lost opportunities) is basically unrecoverable.

E-mail spam is a true tragedy of the commons, where a small number of non-cooperators force costs in a system which would have extremely low costs in a community of co-operators.

Since E-mail is so cheap to send, a tiny number of spammers can saturate the Internet with junk mail. Although only a tiny number of their targets are motivated to purchase their products (or fall victim to their scams), this is a sufficient conversion rate to keep spamming alive. Furthermore, even though spam appears not to be economically viable as a way for a reputable company to do business, it suffices for professional spammers to convince a tiny proportion of gullible advertisers that it is for them to stay in business.

Political issues

One of the chief values favored by many long-time Internet users and experts, as well as by many members of the public, is the free exchange of ideas. Many have valued the relative anarchy of the Internet, and bridle at the idea of restrictions placed upon it. Some see spam-blocking tools as a threat to free expression -- and laws against spamming as an untoward precedent for regulation or taxation of e-mail and the Internet at large.

Two common refrains from spam-fighters address these concerns: First, spamming itself abridges the historical freedom of the Internet, by attempting to force users to carry the costs of material which they would not choose. Second, to treat spam as unlawful requires no new incursion of law into the online world, merely the application of existing laws against trespass and conversion.

An ongoing concern expressed by parties such as the Electronic Frontier Foundation and the ACLU has to do with so-called "stealth blocking", a term for ISPs employing aggressive spam blocking without their users' knowledge. These groups' concern is that ISPs or technicians seeking to reduce spam-related costs may select tools which (either through error or design) also block non-spam e-mail from sites seen as "spam-friendly". SPEWS is a common target of these criticisms. Few object to the existence of these tools; it is their use in filtering the mail of users who are not informed of their use which draws fire.

See also

Newsgroups

IETF views on spamming can be found in RFC 2635.