What said an InfoWeek article in September 2002? "36 percent spam in email." If that's true, it will be reason enough to have a closer look at spam. In the first part, I'm going to show you what spam is, why it is there and where it comes from. The second part will deal with how spam has changed over time and what you can do about it.
What the heck is spam? First of all we have to make sure we're all talking about the same. SPAM (all in capital letters) is a registered trademark of Hormel Foods Corporation and is used to refer to some kind of tinned meat. Spam (not in all caps), however, is no registered trademark and usually used to refer to unsolicited commercial email (UCE) or unsolicited bulk email (UBE). Capitalization of the word spam meaning UCE is not always correct, though, and you might also see references to UCE spelled as SPAM. Here we do make the distinction.
Why is spam called spam? Do you know about Monthy Python, the British comedians? In one of their films, there is a scene where a group of Vikings is shouting "SPAM, SPAM, SPAM", volume slowly rising and drowning out all other conversation. So the term spam is quite appropriate when referring to UCE, considering what these unrequested email messages do with our regular electronic correspondence.
Spam, however, is not the same for everybody. While Mr. Allen gets furious about the steady flow of unrequested emails offering cheap software utilities, Mr. Baker might be pleased about them, as he currently is on the hunt for such software. Miss Carter maybe enjoys those daily joke-mails, but for Mrs. Denver they could be annoying. Everybody feels different about spam.
The old Egyptians did not know spamming. The reason is rather self explanatory: it would have been much too time consuming and expensive to hammer commercials into a thousand stone plates and then hand out one to everyone. Compared to the return, the investment would have been far too big.
In 1990 you have still been spam free, right? Well, I wouldn't be so sure about that. Even if you didn't have email in 1990, most probably you have already been spammed at that time. Not by email, but by regular mail. Think about all those fliers etc. littering your letterbox. The cost/profit ratio for printing and mailing advertisements can be absolutely acceptable. Also telephone marketing or fax marketing could be seen as some form of spam. Of course, advertisements which find their way into our letterbox are not as annoying as advertisements by email. Fax commercials are already more disturbing.
While you might literally drown in spam emails, commercials in your paper mail probably only mildly affect you. Why this huge difference? The secret is, as already mentioned, the relation of cost and return. According to estimates in the April 2001 issue of SpamCon Foundation News, a mailing by normal mail costs about US$ 0.75 per addressee, compared to US$ 0.00001 when using email. If you also consider the average cost of US$ 0.10 which the addressee has to bear (time to sort and throw away, paper for received fax, communications and storage costs for email), then you can calculate some astounding numbers. With paper based mail, the sender bears 88% of the total cost, with email the sender only pays 0.01% of the total cost! Well, with such numbers, it doesn't matter for the spammer any more that the ratio of successful sales per advertisement sent is a thousand or ten thousand times worse than when using paper; after all, for those US$ 0.75 which you have to splash out for a letter, you can send 75'000 spam emails. And with numbers like these you don't think too much about your target audience either, most probably it is easier and possibly even cheaper to just let the whole world get your message.
I hope I didn't convince you to immediately stop any traditional advertisements and instead start spamming. Most of the recipients of spam will think better than to do business with spammers, will even try to avoid doing so by any means. No wonder spamming is mainly being practiced by businesses and individuals who are not too much concerned about customer relations and good reputation. Most of the spam sent consists of dubious offers anyway. Trying to lure the recipient to some porn site, make-money-fast schemes and sometimes outright illegal stuff. Sometimes such mails contain computer viruses and are sent in order to attack other computers or to search for password lists and such.
Reportedly, spam can even be fatal. There are mails going around which ask for help with money laundering. Most of the time the sender says he was some high ranking official from Nigeria or a descendent of some former dictatorship. The mail asks for confidentiality and for help to transfer the illegally accumulated huge amount of money out of the country. People who fall for this trick first of all are asked to send some money in order to cover the local costs of the transaction. These sums tend not to be too small. There will be requests for more money over and over. According to some reports, people, who did not realize at all or realize too late that everything was just a scam, have been murdered.
Where does a spammer find the email addresses of his victims? There are numerous ways to acquire lots of addresses. In the physical world you can buy address lists from specialized agencies. This also exists in the virtual world. How about 30 million addresses for US$ 95.--, including spamming software, everything conveniently on one CD-ROM? Not too expensive, is it? Of course, the addresses to put onto such CD's must be collected first as well. But there are quite a number of possibilities.
In a number of publicly accessible databases there are also email addresses registered. Take for example the Whois databases. If you register a domain name, you must also provide an email address. Depending on the registrar, these email addresses will be displayed openly when doing a query for your domain name. These addresses are especially appealing to spammers, as most of the time these will be valid, verified email addresses.
Another good source are mailing lists. Whoever sends a message to a mailing list, will automatically reveal his email address. Using some simple scripts, it is pretty easy to harvest a lot of addresses from a mailing list. Network news, also known as usenet, is comparable to mailing lists and most of these newsgroups are publicly available. Also here, a simple script will do. Using these two methods only, allows to compile a fairly large list of email addresses. Not all addresses will be valid, but what does a spammer care if a certain percentage is invalid? The sheer amount of collected info is a good enough guarantee that there will be enough valid targets. And usually a spammer will not care about the return mails and error messages he generates: he'll either use a fake sender address or one which he only uses once, for one particular spam attack.
Yet another popular way to get email addresses is to systematically search websites for anything which looks like an email address. Of course this is being done automatically, not much more needed than starting a program. So, if you have your email address on your personal or company homepage, chances are very high that particular address will end up in various spamming lists before long.
Many companies use email addressing schemes which involve first and last name. Recently it has become quite popular to just try to send spam to popular combinations of names. Even though a spammer might not be so very successful with this, trying to send is so cheap and such a quick process, it doesn't really matter if you have to try a hundred combinations to find a valid one.
Not taking legal aspects too seriously, one could also copy email addresses, which must be entered into some webforms, to a second, separate list used for spamming. How often were you already asked to provide your email address in some webform, without suspecting anything bad? Not all, but surely some sites actually do collect such addresses for spamming purposes. The same holds true for webmail services. Some of them offer the extremely convenient service to collect email from all your other email accounts and make it available at one place. What a feast for address hunters if they run such a service! You freely provide all your email addresses and these are even valid addresses for sure. But sometimes it is not even you who is responsible for giving your address away. Who hasn't received one of these nice online postcards yet? Be cautious! With such services usually the email addresses of the sender and the recipient need to be specified. So if the service provider is not trustworthy, somebody sending such a card could not only make his own address available to an address collector, but also the address of his or her friend, the recipient of the card.
And finally, there are also outright illegal ways to find addresses, such as hacking computers and searching them for address lists, for example the address book of your email software. This can also be achieved by having computer viruses do the work.
Sofar I have tried to show what spam is, why it is there and what the main reasons for spamming are. We haven't talked yet what you can do about spam. Knowing where spammers get email addresses from might already give you some hints on how to avoid ever being included in such address lists. In the second part I'll discuss exactly some of these techniques and also give you some overview of how spam has evolved over the last few years.
| SPAM vs. spam | http://www.spam.com/ci/ci_in.htm" |
| PINBOARD | http://www.pinboard.com/" |
| HighTechSamurai | http://kurt.www.pinboard.com/" |