What

 

 SPAM

 
Why

 

 Unsolicitated email

 
How

 

 Email addresses are harvested and collected and sold to marketers to use to send spam

 
Detailed Information

Spam: Email that is sent unsolicited to individuals, mailing lists, or news groups. Also commonly referred to as junk email. Often it is commercial sales pitches to buy something, use a service or an invitation to visit a web site. Becoming more common is phishing emails that look like they are from a legitimate web site but is actually someone else trying to get information from you such as credit card numbers.

Spammer: Person, group of people or program that sends this unsolicited bulk email.

Spammed: You have been spammed when you receive unsolicited email.

How Unsolicited Email Was Named Spam

Monty Python can be "blamed" for calling it spam because early Internet users were familiar with his famous skit set at a restaurant that served Spam luncheon meat dishes.

In that skit a group of Vikings sang loudly "Spam, Spam, Spam, lovely Spam. Wonderful Spam!" every time the word Spam was spoken.

The Early History

The first famous piece of spam was the Green Card spam sent in 1994 to Usenet groups by a group of lawyers trying to drum up business. The Lunch Meat vs. Junk Email

There is a difference between Spam (the lunch meat) and spam (unsolicited email). Spam (the lunch meat) is capitalized and spam (unsolicited email) is lower case.

Why Spam is Undesirable

Spam is rampant on the Internet and costly. It is very cheap for spammers to send spam and unfortunately it costs the receiver of the spam more than the spammer to send the solicitation. Here are surprising statistics.

According to Information Week in an article dated 12/2/04, spam out numbers legitimate messages almost 9 to 1. That means that for every 10 emails sent, 9 are spam. Even more alarming is that 1.3% of messages processed in November 2004 contained viruses.

Postini, a popular email filtering company posts shows there current stats on spam.

On Dec. 3, 2004, there stats showed that 10 out of 13 emails were spam.

This is why spam is bad for everyone online.

Use of Bandwidth

Although these emails aren't printed out and can be deleted, they do cost everyone money by using valuable bandwidth. Bandwidth is the amount of data that can transmitted over a fixed amount of time. When valuable bandwidth is being used up by spam, important or wanted information takes longer to reach you. ISPs (who you pay to connect to the Internet) must increase bandwidth in order to serve you when the amount of spam increases, which is costly for them and they must pass on the cost to you.

Viruses

Often spam contains viruses that when installed on a computer, it will send spam from the infected computer. This increase in the amount of spam can literally cripple the Internet by consuming all available bandwidth. These viruses can also harm your computer and cost time and energy to remove.

Undesirable Offensive Messages

Often spam contains offensive information such as pornography and foul language that children see.

Costly

As an individual home user, spam is frustrating and takes time to delete. If you don't delete it eventually it will fill up your hard drive. For businesses though, it is very costly (which ends up costing you). Businesses end up paying for each employee to delete the offending messages or they need to pay for a program to automatically delete the messages before the employee gets them. Businesses end up having to acquire more bandwidth for their networks so that legitimate messages and information can be received in a timely manner. They also have to increase their information storage to accommodate these messages until they are dealt with. Instead of one information specialist, the company may have to have two information specialists on their payroll to deal with these problems. Business costs such as these are passed on to consumers.

Often Spam Contains Fraudulent Material

Most spam are solicitation to buy something that isn't legitimate. Advertising is done by spamming because it is hard to trace, otherwise the company or person would advertise legitimately where you could trace them if there was a problem with the product or service provided. Lately, phishing is becoming rampant. Phishing is a technique where a spammer sends you an email that looks like it is from a legitimate company, such as Ebay or a credit card company, that asks you to confirm your information that you have on file or you will lose the service. These emails look very official and include company graphics. The information that you send though, ends up in the spammers hands, and often that information is credit card numbers, bank account information and pin numbers.

Important Messages Are Lost

As spam increases it becomes harder and harder to spot legitimate messages for filtering programs and people looking through their email headers. More and more people are installing filters for their email messages and these filters can often filter legitimate messages. Also from personal experience, as I scan email headers, it is easy to miss that one legitimate email subject among the other 10 junk emails. 

How Spammers Operate - How They Get Your Email Address

Companies you do business with and their partners.

Often when you sign up for an online account or just have to enter your email address to get information, you are agreeing to their terms of service which may include agreeing to them sharing your email address with their partners.

Harvesting programs that scour Web pages including forums and blogs.

Spammers have programs that will scour Web pages for email addresses.

 

  • They buy email lists.
  • Lists of valid email addresses are available for sale.
  • Usenet and news groups.
  • When you post to Usenet and news groups, your email address is also posted which is ripe for harvesting since they know it is a valid email address.
  • Browsers
  • Early versions of Netscape and Internet Explorer would send your email address to anonymous FTP servers.
  • Also older browsers would automatically send an email (with your email address) when your mouse ran over a certain part of the page.
  • Chat Rooms and IRC
  • Some chat rooms and IRC (Internet Relay Chat) make your email address available for harvesting.
  • Guessing
  • They pick an ISP and then send email to guessed names at that ISP. It doesn't take too much time to come up with a list of asmith@isp.com, anna@isp.com, etc, they can send, wait for the bounces to come back and remove those address and end up with a list of addresses that work.
  • Profiles
  • If you have an AOL or other profile online, spammers can go through them and collect the email addresses.
  • Hacking
  • Spammers have been known to hack into computer networks to access information including email addresses.
  • Viruses
  • Some viruses will ultimately allow spammers to use your address book and the addresses included in that.
  • Forwarded Emails
  • Have you gotten a forwarded email that shows tons of email addresses that received the email before? Spammers get those too but they copy the addresses and use them.
  • How They Send Without Getting Caught
  • Some SMTP servers do not require authentication with user name and password, so they are freely available to use and it is hard to track them down when they hide their IP (Internet Protocol - a unique number assigned to you when you go online).

 

How They Make Money

Advertisers will pay them to send email or they get a cut of the sales. Spam may also be a plea for money and they directly receive your money because you are so good-hearted or it may be an offer for you to make money if you help them out. A newer method of spammers making money is the phishing technique, where spam is sent to look like legitimate email from companies that you already do business with such as credit card companies and Ebay. These emails ask you to verify your information. The catch is that you are sending your credit card number, bank information, mother's maiden name and pin numbers to the scammers. Once they get the information they can take your identity or drain your bank account. Learn how to detect email scams so you don't get ripped off.

Tips for Detecting Spam Email

You can detect email scams yourself. Here are some things to look for:

  • Email Scam Detection Tip - Asking For Too Much Information
  • No one will ever ask you for your password, social security number or credit card information in an email. It is not safe to send this kind of information in an email because it is not secure. They would know that information anyway. If they are asking for this information you should be wary.
  • Email Scam Detection Tip - The Return Email Address
  • Carefully check the return email address. Remember that the displayed return address can be different than the email address you are actually sending to. To verify the address that you are actually sending to, click "Reply" then highlight the email address in the "To" area.
  • Right click on the highlighted area and select "Properties". This will tell you the address it is being sent to. If they don't match, don't reply.
  • Email Scam Detection Tip - Links to Web Sites in the Email
  • Check to make sure the link to a Web site is the same as what is displayed. For example I have coded this link http://familyinternet.about.com to display a link to the Family Internet Site but when you click it, it goes to About.com. In a scam, a site could look similar to the official site and you might not notice that you aren't at the official site. To verify the link, click the link, then copy and paste the displayed text in the link into your browser and go there. If they are different, bells and whistles should be going off that indicate this is a scam.
  • Email Scam Detection Tip - Not Giving You Enough Information
  • Is the email addressed to you in the body of the email? Do they give dates and other information that verifies it is not a random email? If it doesn't, the same email has been sent to thousands of people.
  • Email Scam Detection Tip - Verify Organizations They Mention
  • In the Best Buy scam, they mention the National Credit Bureau. There is no such organization. Double check that the official sounding organization does exist by doing a Google search and verifying that they are aware of this situation by looking at their Web site.
  • Email Scam Detection Tip - Check with Government Agencies for Known Scams
  • Check with the Federal Trade Commission and Better Business Bureau to see if the scams are listed there.
  • Email Scam Detection Tip - You Get Multiple Copies of the Email
  • If you got more than one copy of the email, it should send up red flags that this is spam and it is not legitimate.
  • Email Scam Detection Tip - Ask You to Call A Number
  • Some scaWindows Defenderk you to call a telephone number. This is designed to make you feel better because you are talking to a person. Remember that the telephone number can lead to any place (anyone can get an 800 number and answer it in any way they want and claim to be an official organization). In one scam to protect your identity they asked you to call and they asked for your name and social security number, then hung up. Never give out this kind of information unless you are absolutely sure you know who you are dealing with.
  • Email Scam Detection Tip - Time Stamps
  • Check the time stamp on the email that was sent to you to determine if it came from within the United States.
  • Email Scam Detection Tip - Act Paranoid
  • Be very wary of email you get. Chances are they are trying to get information from you to rip you off. Besides, if you really are being defrauded, they wouldn't email you, the authorities would contact you via telephone or regular mail.
  • Email Scam Detection Tip - If It Sounds Too Good To Be True
  • It probably is!

Did you know that there are tons of emails going around that aren't true? Find out the real scoop at About.com's Urban Legends site: http://urbanlegends.about.com/

Email Scams You Should Avoid - Email Scams That Could Cost You Money

Email scams abound. Every time I open my inbox they are there. Most of these scams sound believable and tempting but if you aren't careful it could cost you. Here are some common scams that you should be aware of. You can also learn how to detect a scam by using these email scam detection tips.

Email Scam - Please Verify Information

I got one the other day and it looked quite believable. It said that I need to verify my paypal account information. It even included official looking graphics from Paypal and if I was in a hurry, I might have believed it. It asked me to verify my email address, password, credit card number and bank pin number. Click here to see the email. If I had entered this information my bank account could have been drained once they logged into paypal to get the account number (I would have given them my pin number) and they could have charged anything on my credit card. This is commonly called phishing, where scammers are "fishing" for information. Common phishing scams also shish for Ebay customers.

Companies will never ask you to verify your password or ask for credit card information on an email. Always make sure that you are using a secure Website before entering credit card information. To verify if you are using a secure connection look for a locked padlock on the bottom of your status bar and https in the url instead of http (https://www.paypal.com instead of http://www.paypal.com).

Email Scam - Someone is Using Your Credit Card

You receive an email that your credit card was used for a fraudulent purchase and they need to verify information. Recently, a massive amount of emails were sent that said that someone was using your credit card for a purchase at Best Buy. The email sounded very believable but when you clicked on the link that displayed "BestBuy.com/fraud_department.html" it went to "http://www.your-instant-credit-reporter.org/fraud.html".

Email Scam - Share In the Wealth

These emails start off with someone desperately needing your help. They have money that is stuck in a country and need your help to get it out of that country to the United States and they will share a portion with you if you help them. This is commonly called the Nigerian email scam that has suckered in many people. The outcome is always the same - you spend thousands of dollars for bribes and other expenses and you don't see a dime. For a sample email of this scam, click here.

Don't be taken in on this email scam because you won't ever see a dime and because it is an overseas scam, there is nothing you can do to get your money back.

Email Scam - Work From Home

There are legitimate work-from-home opportunities but chances are they will not email you to get you to apply unless they are scams. Our Stay-At-Home Parent's site has a list of legitimate work-from-home businesses and a list of known scams.

Email Scam - Your Credit, Credit Card Offers and Quick Loans

When you get an offer to repair your credit, delete it. There is not a magic way to repair it, instead look up "credit counselors" in your yellow pages and contact them. Also be very leery of credit card offers and quick loans. Many of them are designed to get your financial information or to make money from exorbitant fees. Stick with a reputable bank for financing.

How to Avoid Spam

Complete diligence is required to decrease the amount of spam that you receive. Here are some common ways to limit the amount of spam that you get.

Be Careful Where You Share Your Email Address

You need to avoid sharing your email address, especially in places where it will be posted online and it can be spidered by spammers. Many people use an alternative email address to post to places like forums and blogs, such as a Hotmail or Yahoo free email address. You can also use this email address when you order things online so that if you end up getting ads from these companies they will go to that email address and keep your real email address spam free. Another thing to be careful of is when you sign up to check your car insurance and other accounts online. When you do this, be sure to read the terms of service agreement. Often they contain small print that you agree to have your email address shared (sold) with their partners (paid advertisers). I personally will never forget signing up at Geico.com (my insurance company that I have had for 9 years) and getting tons of advertisements from their partners that was very difficult to stop.

Be Careful What Email You Open

Many emails come to you in html form and when you open those emails, it will call the images from their server. What spammers do is encode the email address that email was sent to and when the image is called from the server it will verify that your email address is a "live" one. A "live" email address is worth a premium and ripe for selling. To avoid this don't open email where you don't know the sender and be sure to turn off the preview pane on your email program so you don't accidentally read the email. This is also good advice to avoid viruses.

Don't Try To Unsubscribe

If you get an email that you didn't sign up for then don't try to unsubscribe even if there is an unsubscribe link. This will only verify that they have a "live" email address.

Don't Buy

It's pretty simple. If people didn't buy stuff from spam, the business of spamming would stop. Of course this isn't an immediate solution but if everyone online stopped buying from these kinds of emails, it wouldn't be advantageous for them to advertise in this manner.

Use Filtering

Many ISPs now offer spam filtering on the email address that they provide you with. Check with your ISP to see if they do. If they don't or you want more protection you can get programs to delete spam. Another option is to manually set up filtering in your email program such as Outlook Express.

Sending Email That Won't Get Caught in People's Filters

With all the filtering of spam going on you should keep filtering in your mind when you send email. Remember that when you send an email it first must not be marked as spam that the intended receiver won't get and then if it does go to their inbox, it must be identified by the intended receiver among all the spam that they receive.

Some spam filters work by scanning the contents of the email for keywords associated with spam like "free" "credit repair" or "mortgage rates". It rates how many instances of these keywords and if it scores high, it is marked as spam. If you send an email with many of these related keywords it may end up being marked as spam and it won't be delivered to the recipient's inbox. Also remember that many spam filters will also delete email that contains objectionable words.

Also remember that the recipient of the email has to scan through many emails they receive and try to pick out legitimate ones from the spam. Writing an informative subject for the email will help. For instance if you just make the subject "Hi", they may not open the email because it didn't draw their attention. It may be better to write "Hi Sue, From John" to catch their attention. Also be sure that the "from" name that your email program substitutes for the email address is informative. You can easily change the name that is substituted in your email program, such as Outlook Express.

 

Don't Put Up With Spam - Report It!

You've got mail! Only thing is, it isn't from someone you know, it is from a stranger trying to sell you something, or worse yet, trying to get you to view pornography. How frustrating! Sometimes, hitting the delete key just isn't enough. Take action and get them to stop!

First of all, don't reply to them, even if they offer you a way to unsubscribe. This will verify that the address is a good one. There are other ways to deal with them.

One step you can take is to block that sender. If you are using Outlook Express 5.0, you can just select Messages, then block sender. To see if you can block senders from your email program, go to the help sections and search for block sender. Don't be surprised though if you receive the same email again, only from a different address.

 

Report them to your Internet Service Provider (ISP)

ISP's don't like spam as much as you do! Spam will bog down their servers and they may even have to spend more money to keep their service up to par because of a lot of spam. Most ISP's offer a place to report spam. Check with your ISP to find out how to report the spam to them. 

Turn them into to the Federal Trade Commission by forwarding the email to spam@uce.gov. Spam is stored in a database to pursue law enforcement actions against people who send deceptive email.

Take matters in your own hands and call a cop, Spam Cop, that is. They can help you track down the actual sender by viewing the header information in the email. Even if the spammer, used a Web based email, like Hotmail, most of the time, you can still locate what ISP they were using by information in the header. ISPs do not like their servers being used by spammers to send spam, so they will cancel the account of a habitual offender.

You will have to get the complete header information before you can report it to Spam Cop. They offer easy to use directions for several different email clients.

Most of the time, hitting the delete key to a spam can be satisfying, but at least you can take action, if you are wearing out your delete key! To find out how to avoid getting on spammers lists, read Danger In Your Inbox, from your guide.

What Email Headers Can Tell You About the Origin of Spam

Spam will end when it is no longer profitable. Spammers will see their profits tumble if nobody buys from them (because you don't even see the junk emails). This is the easiest way to fight spam, and certainly one of the best.

Complaining About Spam

But you can affect the expenses side of a spammer's balance sheet, too. If you complain to the spammer's Internet Service Provider (ISP), they will lose their connection and maybe have to pay a fine (depending on the ISP's acceptable usage policy).

Since spammers know and fear such reports, they try to hide. That's why finding the right ISP is not always easy. Fortunately, there are tools like SpamCop (http://www.spamcop.net) that make reporting spam correctly to the right address easy.

 

Determining the Source of Spam

How does SpamCop find the right ISP to complain to? It takes a close look at the spam message's header lines.

These headers contain information about the path an email took.

SpamCop follows the path until the point where the email was sent from. From this point, also know as an IP address, it can derive the spammer's ISP and send the report to this ISP's abuse department. 

Let's take a closer look at how this works.

Email: Header and Body

Every email message consists of two parts, the body and the header. The header can be thought of as the envelope of the message, containing the address of the sender, the recipient, the subject and other information. The body contains the actual text and the attachments.

Some header information usually displayed by your email program includes:

From: - The sender's name and email address.

To: - The recipient's name and email address.

Date: - The date when the message was sent.

Subject: - The subject line.

Header Forging

The actual delivery of emails does not depend on any of these headers, they are just convenience.

Usually, the From: line, for example, will be set to the sender's address. This makes sure you know who the message is from and can reply easily.

Spammers want to make sure you cannot reply easily, and certainly don't want you to know who they are. That's why they insert fictitious email addresses in the From: lines of their junk messages.

Received: Lines

So the From: line is useless if we want to determine the real source of an email. Fortunately, we need not rely on it. The headers of every email message also contains Received: lines.

These are not usually displayed by email programs, but they can be very helpful in tracing spam.

Parsing Received: Header Lines

Just like a postal letter will go through a number of post offices on its way from sender to recipient, an email message is processed and forwarded by several mail servers.

Imagine every post office putting a special stamp on each letter. The stamp would say exactly when the letter was received, where it came from and where it was forwarded to by the post office. If you got the letter, you could determine the exact path taken by the letter.

This is exactly what happens with email.

Received: Lines for Tracing

As a mail server processes a message, it adds a special line, the Received: line to the message's header. The Received: line contains, most interestingly,

The server name and IP address of the machine the server received the message from and

the name of the mail server itself.

The Received: line is always inserted at the top of the message headers.

If we want to reconstruct an e-mail’s journey from sender to recipient we also start at the topmost Received: line (why we do this will become apparent in a moment) and walk our way down until we have arrived at the last one, which is where the email originated.

Received: Line Forging

Spammers know that we will apply exactly this procedure to uncover their whereabouts. To fool us, they may insert forged Received: lines that point to somebody else sending the message.

 Since every mail server will always put its Received: line at the top, the spammers' forged headers can only be at the bottom of the Received: line chain. This is why we start our analysis at the top and don't just derive the point where an email originated from the first Received: line (at the bottom).

 

How to Tell a Forged Received: Header Line

The forged Received: lines inserted by spammers to fool us will look like all the other Received: lines (unless they make an obvious mistake, of course). By itself, you can't tell a forged Received: line from a genuine one.

 This is where one distinct feature of Received: lines comes into play. As we've noted above, every server will not only note who it is but also where it got the message from (in IP address form).

 We simply compare who a server claims to be with what the server one notch up in the chain says it really is. If the two don't match, the earlier Received: line has been forged.

 In this case, the origin of the email is what the server immediately after the forged Received: line has to say about who it got the message from.

Example Spam Analyzed and Traced

Now that we know the theoretical underpinning, let's see how analyzing an junk email to identify its origin works in real life.

I've just received an exemplary piece of spam that we can use for exercise. Here are the header lines:

Received: from unknown (HELO 38.118.132.100) (62.105.106.207)

  by mail1.infinology.com with SMTP; 16 Nov 2003 19:50:37 -0000

Received: from [235.16.47.37] by 38.118.132.100 id <5416176-86323>; Sun, 16 Nov 2003 13:38:22 -0600

Message-ID: <o7-89089$t--2-370--h6b1@y07l72.olpvl>

From: "Reinaldo Gilliam" <27knxeppzk@yahoo.com>

Reply-To: "Reinaldo Gilliam" <27knxeppzk@yahoo.com>

To: ladedu@ladedu.com

Subject: Category A Get the meds u need lgvkalfnqnh bbk

Date: Sun, 16 Nov 2003 13:38:22 GMT

X-Mailer: Internet Mail Service (5.5.2650.21)

MIME-Version: 1.0

Content-Type: multipart/alternative;

  boundary="9B_9.._C_2EA.0DD_23"

X-Priority: 3

X-MSMail-Priority: Normal

 

Can you tell the IP address where the email originated?

Sender and Subject

First, take a look at the — forged — From: line.

The spammer wants to make it look as if the message was sent from a Yahoo! Mail account. Together with the Reply-To: line, this From: address is aimed at directing all bouncing messages and angry replies to a non-existing Yahoo! Mail account.

Next, the Subject: is a curious agglomeration of random characters. It is barely legible and obviously designed to fool spam filters (every message gets a slightly different set of random characters), but it is also quite skillfully crafted to get the message across in spite of this.

 

The Received: Lines

Finally, the Received: lines. Let's begin with the oldest, Received: from [235.16.47.37] by 38.118.132.100 id <5416176-86323>; Sun, 16 Nov 2003 13:38:22 -0600. There are no host names in it, but two IP addresses: 38.118.132.100 claims to have received the message from 235.16.47.37. If this is correct, 235.16.47.37 is where the email originated, and we'd find out which ISP this IP address belongs to, then send an abuse report to them.

Let's see if the next (and in this case last) server in the chain confirms the first Received: line's claims: Received: from unknown (HELO 38.118.142.100) (62.105.106.207) by mail1.infinology.com with SMTP; 16 Nov 2003 19:50:37 -0000.

Since mail1.infinology.com is the last server in the chain and indeed "my" server I know that I can trust it. It has received the message from an "unknown" host that claimed to have the IP address 38.118.132.100 (using the SMTP HELO command). So far, this is in line with what the previous Received: line said.

Now let's see where my mail server did get the message from. To find out, we take a look at the IP address in brackets immediately before by mail1.infinology.com. This is the IP address the connection was established from, and it is not 38.118.132.100. No, 62.105.106.207 is where this piece of junk mail was sent from.

With this information, you can now identify the spammer's ISP and report the unsolicited email to them so they can kick the spammer off the net.

Just like a postal letter will go through a number of post offices on its way from sender to recipient, an email message is processed and forwarded by several mail servers.

Imagine every post office putting a special stamp on each letter. The stamp would say exactly when the letter was received, where it came from and where it was forwarded to by the post office. If you got the letter, you could determine the exact path taken by the letter.

This is exactly what happens with email.

 
Resources

 

 

 

 

 

 

Contact me at NofinerWeb.com