The purpose of this bulletin is to give a brief overview of the
problem of “spam”. Spam is email that you may receive from a completely
unknown source, almost always unwanted, and very often potentially
dangerous. It is important to be aware of the dangers of spam, because
it is often used by individuals with criminal intent to perpetrate
Most spammers are legitimate, albeit obnoxious, business people who
are merely trying to make a profit selling goods and services. However,
there is also a significant sector of the spammer world that is composed
of criminal elements. Organized criminal elements from various parts of
the world are often involved in the spam business. For this reason, it
is important to understand that spam can be very dangerous.
Spammers’ Methods – Mailing List Builders and Sellers
Legitimate businesses exist worldwide which compile and sell mailing
lists of email addresses. Email mailing lists are very valuable because
for the cost of a few pennies, it is possible to email potential
customers or victims numbering in the millions located in all 200+
countries worldwide—something which would cost millions of dollars to
implement using conventional “snail” mail.
Emailing list companies harvest email addresses legitimately,
illegitimately, and also “methodically”. For example, emailing list
companies will take a known email address and run a computer program to
generate “educated guesses” about email addresses within the home
institution from which the email address originated.
The method works like this:
If the email address for John Smith at Wilson College or the SuperBizzie.com company is known to be:
The email list company will send out a blastogram that would span a range of addresses such as:
….. etc …. ….. etc ….
Addresses that generate “unknown address” messages are simply crossed off their list. Those that don’t are addedautomatically to their list.
PLEASE NOTE - For safety and security reasons, the Wilson
College email server DOES NOT respond AT ALL to messages sent to invalid
addresses. These messages are just deleted. More and more
administrators are adopting this policy to block these types of attacks.
As you can imagine, if it is your business to generate emails, and
you have the technical means, it is not hard to generate emailing lists
with literally millions of email addresses.
Email mailing list vendors also routinely troll websites to harvest email addresses. So, for example, we
must take for granted that any email address posted on the Wilson
College website will inevitably end up on emailing vendors’ lists. Then,
those vendors will generate “educated guesses”, as described above, to
add names to their lists.
Legitimate vendors are genuinely respectful of those wishing to be
crossed off of their lists. However, the illegitimate vendors merely use
“unsubscribe” messages to confirm vulnerable victims! Therefore, if you
receive spam from an unknown source, it is best NOT to follow the
“unsubscribe” process offered by the spammer. More about this later.
Such spammer emailing lists can be bought on the open market. Their price will depend on their size, quality, and reputability.
Spam Filters – How They Work, How They Fail
In a good year, the problem of spam can cost US businesses millions
of dollars per year. Spam clogs up circuits and storage space, both of
which cost money to make available for legitimate usage. Furthermore,
spam is often also the “infectious pathogen” for criminal schemes, and
computer viruses. Businesses keep their cases of victimization
confidential, because it does not make them look good. However, it
should be noted that some spam-propagated viruses in the past few years
have brought the Fortune 500’s email systems to their knees for periods
of up to 48 hours.
Spam filtering companies work on principles similar to those used by
email address list builders. Filtering companies harvest spam and build
databases that identify: (1) senders (originating email addresses) (2)
subject lines, and (3) message content. This database data is then
constantly fed to the customers of the spam filtering companies. Spam
filtering software scans incoming email messages for patterns matching
the spam filtering database records, and eliminates those that match the
Spammers try to get around filtering software by varying the
“patterns” of their spam. Spammers will constantly change their “sender”
email address, using legitimate and illegitimate methods. Then, they
will inject characters, digits, and text randomly into the subject lines
and message text fields to degrade the identifiable patterns used by
spam filtering software. This explains why much spam today contains
seemingly bizarre or nonsensical characters or strings of text (often
classical poetry) that seems completely unrelated to the purpose of the
Worldwide Spam Problem
A December 6, 2006 article in the New York Times noted that in 2003,
Bill Gates had predicted that the spam problem would be solved by 2006.
Spam received by businesses was significantly reduced in early 2006.
However, in the second half of 2006 there was a resurgence of spam
received by businesses even greater than before. Currently, the problem
of spam is seen in terms of crisis proportions, because spammers’
techniques for evading spam filtering technologies are in ascendancy.
The most successful current technique that spammers are using is to
transfer their messages to picture formats (jpg or gif files) and embed
them in emails containing random and meaningless text. This type of spam
is known as image spam. Spam filtering companies are working on
new ways to filter this type of spam, but have not yet developed a way
to filter out image spam.
Spam-filterers (the Good Guys) are constantly chasing a moving
target. Right now, the bad guys are winning. We’ll keep you posted.
You can view a recent chart of the global spam epidemic published by Commtouch Software by clicking
Bulletin Date: 10 April 2007