What exactly is SPAM and how can I avoid it?The term 'spam' was originally applied to the practice of posting the same message to multiple Usenet newsgroups, and is thought to have arisen from a well-known 'Monty Python' sketch in a café where everything on the menu included Spam.
These days, 'spam' usually refers to Unsolicited Commercial Email, or UCE for short. Unsolicited, because normally the mail is unwanted, and not asked for. Commercial is a broad term, but usually boils down to advertising goods or services, legal or not, with the spammer usually benefiting from your interest. This is the electronic equivalent of junk mail that arrives through your letterbox, with email being the preferred delivery method.
Why is it such a problem now?Spam mails are used for everything from advertising financial services and get-rich quick schemes, to wonder pills and miracle cures. Why? Because sending email is an incredibly cheap method of getting a message across. It costs next to nothing to send out millions of emails. Even if 70% or more of them don't reach a target, there's still a lot to be gained for very little outlay.
With more and more people discovering email and the Internet, the volume of spam mail has risen dramatically in the past few years. This increase in volume is becoming more of a threat - bandwidth is wasted in receiving it, storage space and processing power is wasted in delivering it, and time is wasted reading and deleting it.
Some of the spam received may contain adult-oriented, or even offensive material, and some of it will be designed to fool you into revealing your personal details, passwords, or bank details (which is also called ‘phishing’). Other spam, containing viruses, is designed to gain access to your computer, so that more spam can be sent through your computer, or flood a network/mailbox with so much junk mail that legitimate mail cannot get through.
How is it sent?Generally, spammers send out their messages through a collection of 'open relays' and 'open proxies'. They use many relays and proxies so that one source cannot be blocked, and it makes them more difficult to trace.
An 'open relay' is usually an insecure mail server that the spammer has gained access to (illegally) and is capable of relaying mail from any address to any address. Open proxies are generally insecure home PCs that the spammers have been able to install 'back-door' or 'Trojan horse' software onto, to enable them to send mail from that PC, usually without the owner's knowledge.
Such back-door programs are often installed by viruses that the PC owner contracts through email, or they can be installed through operating system vulnerabilities exploited by the spammer.
Why is it not blocked?Spammers are using increasingly sophisticated methods to disguise their mails. As previously mentioned, the mail can be sent from almost anywhere - dialup connection or legitimate mail servers.
Attempts have been made in the past to identify the open-relays and open-proxies, and deny all mail from them, but this is increasingly less effective. Spam mail is now often sent to you from addresses you may recognise. Basically the 'from:' addresses are 'spoofed' or forged to look like someone you may know, or a company you trust, such as eBay or PayPal.
Also, subject lines will include commonly used expressions and greetings, such as "Re: Why haven't you replied?", "Hey, what's up", or "Re: Hi there". Because of this, scanning mail for commonly used spam addresses, or subject lines, has become redundant. Scanning the message body for suspect content has also become difficult, due to increasing tendency to obscure popular spam words like "Viagra", "money!!", or "porn" with punctuation, HTML code, and even non-printing characters or foreign language.
How did they get my email address?There are lots of ways that spammers can get hold of your address. By far the most common method of getting hold of valid email addresses is to scan web pages, and then 'harvest' the email addresses found there. If you have your email address on a home page, then you're particularly vulnerable. Other popular web-based sources are discussion forums and guest books. Some spammers use viruses to infect your machine, and then scan your address books, and temporary internet files for email addresses, all of which are sent back to the virus writer or spammer.
An increasingly popular method recently is 'dictionary harvesting', where spammers will try common usernames @ a domain name, like sales@, john@, mike@ and info@ - but there could be thousands of these that the spammer will try. Those that don't generate an error are considered valid addresses, and generally targeted for more spam.
Some spam mail comes with 'hidden links', which send data to websites, confirming your address and providing valuable statistics to the spammers. This will usually be concealed in HTML, or behind an image.
A really good way to give your address to spammers is to reply to their mails, or click on one of the bogus 'unsubscribe' links at the bottom of spam mails. Although the link may look valid, generally all this will achieve is alerting the spammers to the fact that someone is reading the email at that particular address.
How do I avoid getting Spam?
|Never reply to spam, or click on the 'unsubscribe' links at the bottom of the mails. Simply delete them.|
|Banks and financial institutions *never* ask you for your details over email. Be careful who you send your private and bank details to.|
|Disguise email addresses that you use on public WebPages. For example, instead of using firstname.lastname@example.org, consider using "joe at bloggs dot com", or "email@example.com" (with a note telling legitimate users to remove the 'nospam' part.|
|Avoid using 'obvious' email addresses, like 'sales@', 'john@' or 'info@'. Try more complicated varieties, or using your surname in your email address - that way a dictionary attack will not succeed.|
|For the same reasons above, don't use an email 'catch-all' address unless it's absolutely necessary.|
|If someone you don't know sends you an offer out of the blue that sounds too good to be true, then it probably is. Don't send any money to people who promise you a share of a 'fortune', and never give out bank details.|
|There's no such thing as a free lunch - if a website offers to install a 'cool web search' program, or thousands of smileys, etc. for free, beware that these programs may contain 'spyware', which can search your computer for your address (and those in your address book), and send them to the spammers.|