| |
|
This article provides a general overview of the spamming phenomenon; a separate article suggests ways of stopping e-mail abuse.
Spamming involves sending identical or nearly identical messages to thousands (or millions) of recipients. Addresses of recipients are often harvested from Usenet postings or web pages, obtained from databases, or simply guessed by using common names and domains. By definition, spam is sent without the permission of the recipients.
Spamming is broadly considered unacceptable behavior by Internet service providers; they object to the unrecoupable cost of processing other people's advertisements. Most Internet users find spam annoying and its contents frequently offensive. Surveys have indicated that spam is one of most users' greatest annoyances about the Internet today.
Sending spam is a violation of the Acceptable Use Policy (AUP) of most ISPs, and can lead to the termination of the sender's account. In many jurisdictions, spamming is a crime or an actionable tort, such as in the United States, where the act is regulated by the Can Spam Act of 2003.
Spammers engage in deliberate fraud to send out their messages. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. They also often use falsified or stolen credit card numbers to pay for these accounts. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs.
Email spam is by far the most common form of spamming on the internet. It involves sending identical or nearly identical messages to thousands (or millions) of recipients. Addresses of recipients are often harvested from Usenet postings or web pages, obtained from databases, or simply guessed by using common names and domains. By definition, spam is sent without the permission of the recipients.
E-mail spammers go to great lengths to try and hide where the messages originate. They do this by spoofing email addresses (similar to Internet protocol spoofing). The spammer hacks the email message so it looks like it is coming from another email address.
Messaging spam is a type of spamming where the target of the spamming is instant messaging (IM). Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages.
A similar sort of spam can be sent with the "NET SEND" command in Microsoft Windows, a function intended for remotely alerting a system administrator. This causes a pop-up window to appear on the targeted system's screen. This kind of spam is very easy to switch off, just follow these steps
Newsgroup spam is a type of spamming where the target of the spamming are Usenet newsgroups. Spamming of Usenet newsgroups actually pre-dates email spam. Old Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). Since posting to newsgroups is nearly as easy as sending e-mails, newsgroups are a popular target of spammers.
Spamdexing (a combination of spamming and indexing) refers to the practice on the World Wide Web of deliberately modifying HTML pages to increase the chance of them being placed high on search engine relevancy lists. People who do this are called search engine spammers.
In blog spam the targets are weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site. These link would in theory enhance the ranking of the target page in search engine indexes. [1]
Mobile phone spam is a form of spamming directed at the text messaging service of a mobile phone. This can be especially irritating to consumers not only for the inconvenience but also because they sometimes have to pay to receive the text message.
The most common purpose for spamming is advertising. Goods commonly advertised in spam include pornography, computer software, medical products such as Viagra, credit card accounts, and fad products. Spam is also used to promote scams such as pyramid schemes, stock pump-and-dump schemes, and the Nigerian money transfer fraud (419 fraud).
AOL documented [1] an "unscientific" list of the subjects of the spam most widely sent to its members during 2003. In alphabetical order, they are:
There are a number of differences between spam and junk mail:
E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political in nature. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and email media with preaching messages.
Spamming has also been used as a denial of service tactic, particularly on Usenet. By overwhelming the readers of a newsgroup with an inordinate number of nonsense messages, legitimate messages can be lost and computing resources are consumed. Since these messages are usually forged (that is, sent falsely under regular posters' names) this tactic has come to be known as sporgery (from spam + forgery). This tactic has for instance been used by partisans of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology vs. the Internet) and by spammers against news.admin.net-abuse.email, a forum for mail administrators to discuss spam problems. Applied to email, this is termed mailbombing.
In a handful of cases, forged email spam has been used as a tool of harassment. The spammer collects a list of addresses as usual, then sends a spam to them signed with the name of the person he wishes to harass. Some recipients, angry that they received spam and seeing an obvious "source", will respond angrily or try to take various sorts of revenge upon the apparent spammer, the forgery victim. A widely known victim of this sort of harassment was Joe's CyberPost, which has lent its name to the offense: it is known as a joe job. Such joe jobs have been most often used against anti-spammers: in more recent examples, Steve Linford of spamhaus.org and Timothy Walton, a California attorney, have been targeted.
Spammers have also abused resources set up for purposes of anonymous speech online, such as anonymous remailers. As a result, many of these resources have been shut down, denying their utility to legitimate users.
The term spam is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM® luncheon meat. While a customer plaintively asks for some kind of food without SPAM in it, the server reiterates the SPAM-filled menu. Soon, a chorus of Vikings join in with a song: "SPAM, SPAM, wonderful SPAM, glorious SPAM," over and over again, drowning out all conversation.
Although the first known instance of unsolicited commercial email occurred in 1978, the term "spam" for this practice had not yet been applied. The Monty Python reference was applied to disruptive activity on MUD games. It later came to be used on Usenet to mean excessive multiple posting -- the repeated posting of the same message. The first evident usage of this sense was by Joel Furr in the aftermath of the ARMM incident of March 31 1993, in which a piece of experimental software released dozens of recursive messages onto the news.admin.policy newsgroup.
Soon, it came to refer also to the flooding of Usenet newsgroups with junk messages. After a pair of lawyers, Laurence Canter and Martha Siegel, started using bulk Usenet posting as a means of advertisement, the term came to include unauthorized commercial use of the noncommercial Usenet. Email spamming, and the use of the term, followed shortly. [1]
There are two popular (and incorrect) folk etymologies of the word "spam". The first, promulgated by spammers Canter & Siegel, is that "spamming" is what happens when one dumps a can of SPAM into a fan blade. The second is the acronym "shit posing as mail."
Hormel Foods, the makers of SPAM® luncheon meat, do not object to the Internet use of the term "spamming." However, they do ask that the capitalized word "SPAM" be reserved to refer to their product and trademark. [1].
The terms unsolicited commercial email (UCE) and unsolicited bulk email (UBE) are sometimes used as more precise or less slang-like expressions for email spam. Many email users regard all UBE as spam, regardless of its content -- but most legislative efforts against spam are tailored to address UCE. A small but noticeable proportion of unsolicited bulk email is not, in fact, also commercial; examples include political advocacy spam and chain letters.
A number of other online activities and business practices are considered by anti-spam activists to be connected to spamming. These are sometimes termed spam-support services. A number of DNSBLs, including the MAPS RBL, Spamhaus SBL, and SPEWS, target the providers of spam-support services as well as spammers.
Some Internet hosting firms advertise bulk-friendly or bulletproof hosting. This means that, unlike most ISPs, they will not terminate a customer for spamming. [1] These hosting firms are clients of larger ISPs, and many have eventually been taken offline by these larger ISPs as a result of complaints regarding spam activity. Thus, while a firm may advertise bulletproof hosting, it is ultimately unable to deliver without the connivance of its upstream ISP.
Related is the anti-spam term pink contract, which refers to a spammer's hosting contract with an ISP which exempts the spammer from normal acceptable-use policies.
A few companies produce spamware, or software designed for spammers. Spamware varies widely, but may include the ability to import thousands of addresses, to generate random addresses, to insert fraudulent headers into messages, to use dozens or hundreds of mail servers simultaneously, and to make use of open relays. The sale of spamware is illegal in eight U.S. states. [1]
So-called millions CDs are commonly advertised in spam. These are CD-ROMs purportedly containing lists of email addresses, for use in sending spam to these addresses. Such lists are also sold directly online, frequently with the false claim that the owners of the listed addresses have requested (or "opted in") to be included. Such lists often contain invalid addresses. [1]
In the high-tech battle between spammers and anti-spammers, spammers have now started employing what has been dubbed spackers, crackers who work for the spammers. These spackers works with things such as writing computer viruses to open up the victims computer to use it to send spam, host spamvertised websites or launch denial of service attacks on sites run by anti-spammers.
On Usenet in the early 1990s there was a significant controversy among netnews administrators and users over ways to handle different types of Usenet abuse. A culture of neutrality towards content precluded defining spam on the basis of advertisement or commercial solicitations. The word "spam" was usually taken to mean excessive multiple posting, and other neologisms were coined for other abuses -- such as "velveeta" (from the processed cheese product) for excessive cross-posting. [1] A subset of spam was deemed "cancellable spam", for which it is considered justified to issue third-party cancel messages. [1]
Since the problem of spam has expanded to other media and email spam has become the most prevalent, these other terms have declined in use.
The term "spamming" is also used in the older sense of something repetitious and disruptive by players of first-person shooter computer games. In this sense it refers to "area denial" tactics—repeatedly firing rockets or other explosive shells into an area.
MUD, MUSH, and MUCK players happily continue using the word in its original sense. When a player returns to the terminal after a brief break to find her screen filled with pages of random chat, that's still called "spam". [1]
Neither of these senses of the word imply that the "spamming" is abusive.
Many users are bothered by spam because it impinges upon the amount of time they spend reading their email. Many also find the content of spam frequently offensive, in that pornography is one of the most frequently advertised products. Spammers send their spam largely indiscriminately, so pornographic ads may show up in a work place email inbox -- or a child's, the latter of which is illegal in many jurisdictions.
Some spammers argue that most of these costs could potentially be alleviated by having spammers reimburse ISPs and individuals for their material. There are two problems with this logic: first, the rate of reimbursement they could credibly budget is unlikely to be nearly high enough to pay the cost; and second, the human cost (lost mail, lost time, and lost opportunities) is basically unrecoverable.
E-mail spam is a true tragedy of the commons, where a small number of non-cooperators force costs in a system which would have extremely low costs in a community of co-operators.
Since E-mail is so cheap to send, a tiny number of spammers can saturate the Internet with junk mail. Although only a tiny number of their targets are motivated to purchase their products (or fall victim to their scams), this is a sufficient conversion rate to keep spamming alive. Furthermore, even though spam appears not to be economically viable as a way for a reputable company to do business, it suffices for professional spammers to convince a tiny proportion of gullible advertisers that it is for them to stay in business.
One of the chief values favored by many long-time Internet users and experts, as well as by many members of the public, is the free exchange of ideas. Many have valued the relative anarchy of the Internet, and bridle at the idea of restrictions placed upon it. Some see spam-blocking tools as a threat to free expression -- and laws against spamming as an untoward precedent for regulation or taxation of email and the Internet at large.
Two common refrains from spam-fighters address these concerns:
First, spamming itself abridges the historical freedom of the Internet, by attempting to force users to carry the costs of material which they would not choose. Second, to treat spam as unlawful requires no new incursion of law into the online world, merely the application of existing laws against trespass and conversion.
An ongoing concern expressed by parties such as the Electronic Frontier Foundation and the ACLU has to do with so-called "stealth blocking", a term for ISPs employing aggressive spam blocking without their users' knowledge. These groups' concern is that ISPs or technicians seeking to reduce spam-related costs may select tools which (either through error or design) also block non-spam email from sites seen as "spam-friendly". SPEWS is a common target of these criticisms. Few object to the existence of these tools; it is their use in filtering the mail of users who are not informed of their use which draws fire.
IETF views on spamming can be found in RFC 2635.
Overview
Types of spam
E-mail spam
Messaging spam
Newsgroup spam
Spamdexing (search engine spam)
Blog spam
Mobile phone spam
Commercial uses
Comparison to postal "junk" mail
Non-commercial use
Etymology
Related vocabulary
Alternate meanings
Costs of spam
Political issues
See also
Newsgroups
External links
simple:Spamming