Spamming is the use of any electronic communications medium to send unsolicited messages in bulk. In the popular eye, the most common form of spam is that delivered in e-mail as a form of commercial advertising. However, over the short history of electronic media, people have done things comparable to spamming for many purposes other than the commercial, and in many media other than e-mail. In this article and those related, the term spamming is used broadly to refer to all of these behaviors, regardless of medium and commercial intent.

This article provides a general overview of the spamming phenomenon. Separate articles discuss the techniques of spammers on particular media: Internet e-mail, instant messaging, Usenet newsgroups, Web search engines, weblogs, and mobile phone messaging. Another article describes ways of stopping e-mail abuse

Contents

1 Overview 1.1 Historical background 1.2 Economic realities 1.3 E-mail 1.4 New forms of spam 2 Spamming in different media 2.1 E-mail spam 2.2 Messaging spam 2.3 Newsgroup spam 2.4 Mobile phone spam 2.5 Internet telephony spam 3 Spam targeting search engines 3.1 Spamdexing 3.2 Blog spam 3.3 Wiki spam 3.4 Guestbook spam 3.5 Referer spam 4 Commercial uses 4.1 Comparison to postal "junk" mail 5 Non-commercial spam 6 Etymology 6.1 Alternate meanings 7 Costs of spam 8 Political issues 9 Newsgroups 10 See also 10.1 Background 11 External links 11.1 Anti-spam organizations 11.2 More writing on the subject 11.3 Humor

Overview

Historical background

The terms "spam" and "spamming" have developed a negative connotation to mean abusive use of electronic communications. However, in their historical context the same complaint has been made of every mode of mass delivery of communication. Door-to-door salespeople have used the direct approach to solicit response for both commercial and non-commercial services in an attempt to reach every person in a given geographical area, regardless of how the recipient of the solicitation regarded this intrusion.

During the 20th century, with the development of the General Post Office, this has become especially true of all mass postings (regardless of whether they have been for commercial or non-commercial senders), because the receivers of these unsolicited deliveries have often referred to them as mere "junk mail".

With the advent of electronic communications each development has become used for unsolicited contacts. The telephone system was used for "telemarketing" and broadcasting was used for mass advertising, whether the receiver of the broadcast wanted to hear the advertising (both commercial and non-commercial solicitations) or not.

With the advent of the fax machine, Internet e-mail, and the cellular telephone, the same approach has been used to reach mass recipients, except that the cost of reaching larger audiences has gradually diminished to the point that more solicitations are being made.

In the past, households posted notices on their gates which stated "no solicitors". Radio listeners and television viewers of commercial station programs were told to either turn to another station or turn their sets off if they did not want to hear or see the unwanted messages. The United States public supported radio and television grew up on the theory that unwanted solicitations would not be made, only to find "pledge drives" bombarding the ears and eyes, and eventually, notices of corporate underwriting which are virtually indistinguishable from the advertisements on commercial networks. Paid programming without solicitations was then offered by cable and satellite vendors. However, cinema theatres offering paid programming are now incorporating unsolicited advertising into their programming, and videotapes and DVDs available for sale and rental often start with "previews" of other videos. Efforts have been made in the United States to remove billboard advertising, but this has not been entirely successful.

Economic realities

From these economic realities, a sort of tragedy of the commons emerges: there is no escape from unsolicited communications. Public transport carries advertising; NASCAR racing cars carry advertising; supermarkets are wrapped in advertising; the Post Office advertises and so does government. In fact elections in a democratic society depend upon advertising to succeed as democratic societies. Unsolicited communications are a fact of life that cannot be avoided. Any communications mechanism that can be delivered inexpensively is ideal as the carrier of unsolicited advertising.

E-mail

To send instant messages to millions of users on most IM services merely requires scriptable software and the receipients IM usernames. The ability to send e-mail from a computer program is built in to popular operating systems such as Microsoft Windows and Unix. The only added ingredient is the list of addresses to target.

Sending bulk messages to recipients who have not solicited them has come to be known as spamming, and the messages themselves as spam. The etymology of the term is discussed below.

Although spam is merely an extension of mass communications through the ages, it is argued by some that the costs of spam, unlike traditional methods, is in part borne by the recipient and not entirely by the sender. This example falls down with cinema advertising where a ticket has been purchased to see a performance but where the ticket holder becomes a paid captive audience for unsolicited advertising. The same example as falls with the telephone, radio and television which all require use of the recipients own equipment if unsolicited mass marketing is to be achieved. On a primitive level this even applies to a front door and a door bell or knocker, because if residents are not compacted then mass door-to-door marketing is not possible.

Regardless of its similarity to all forms of unsolicited mass communication, spamming is now regarded as a social problem. However, a search of statements concerning the development of commercial radio will reveal similar rhetoric by persons such as Herbert Hoover and John Reith as early in the 20th century as 1924.

All manner of attempts have been made to curb unsolicited mass communicatiions by e-mail. These include filtering and the automated cancellation of netnews spam. Contractual measures such as Internet Service Providers' acceptable-use policies have also been employed. Laws such as the Can Spam Act of 2003 have also been introduced, but whether in the long term such laws can be sustained, has yet to be determined.

New forms of spam

Every attempt to resist unsolicited mass marketing has been countered by more innovated ways of reaching mass markets. Today the growing importance of Search engine has led to a new form of spam called Spamdexing which aims at boosting a commercial site's PageRank.

Spamming in different media

E-mail spam

E-mail spam is by far the most common form of spamming on the internet. It involves sending identical or nearly identical messages to a large number of recipients. Unlike legitimate commercial e-mail, spam is generally sent without the explicit permission of the recipients, and frequently contains various tricks to bypass e-mail filters.

Spammers obtain e-mail addresses by a number of means: harvesting addresses from Usenet postings, DNS listings, or Web pages; guessing common names at known domains (known as a dictionary attack); and "e-pending" or searching for e-mail addresses corresponding to specific persons, such as residents in an area. Many spammers utilize programs called web spiders to find email addresses on web pages.

Many e-mail spammers go to great lengths to conceal the origin of their messages. They might do this by spoofing e-mail addresses (similar to Internet protocol spoofing). In this technique, the spammer modifies the e-mail message so it looks like it is coming from another e-mail address. However, many spammers also make it easy for recipients to identify their messages as spam by placing an ad phrase in the FROM field (i.e. chances are, very few people you know have names like "GetMyCigs" or "Giving away playstation2s").

Among the tricks used by spammers to try to circumvent the filters is to intentionally misspell common spam filter trigger words. For example, "viagra" might become "vaigra", or other symbols may be inserted into the word as in "v/i/a/g./r/a". Sometimes this intentional corruption backfires and leads to the advertiser's message becoming so obfuscated that it is illegible.

The weird thing is that the human mind can handle the misspellings (see Wrod Illusinos) and while one would think the misspellings make it harder for email ISPs to trap the spam, it actually makes it easier for them to recognize and stop the spam.

The most dedicated spammers are often one step ahead of the ISPs. The dedicated ones are those making a lot of money or engaged in illegal activities, such as the porn industry, casinos and Nigerian scammers. Report them early and often.

So-called "spambots" are a major producer of email spam. The worst spammers create email viruses that will render an unprotected PC a "zombie computer"; the zombie will inform a central unit of its existence, and the central unit will command the "zombie" to send a low volume of spam. This allows spammers to send high volumes of email without being caught by their ISPs or being tracked down by anti-spammers; a low volume of spam is instead sent from many locations simultaneously. Many consumer-level ISPs (Earthlink, for example) stop spambots by blocking the SMTP port (port 25), although are some users who make legitimate use of it.

Messaging spam

Messaging spam, sometimes termed spim, makes use of instant messaging systems, such as AOL Instant Messenger or ICQ. Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages. Spammers have similarly targeted Internet Relay Chat channels, using IRC bots that join channels and bombard them with advertising messages.

A similar sort of spam can be sent with the Messenger Service in Microsoft Windows. The Messenger Service is an SMB facility intended to allow servers to send pop-up alerts to a Windows workstation. When Windows systems are connected to the Internet with this service running and without an adequate firewall, it can be used to send spam. The Messenger Service can, however, be easily disabled. [1]

Newsgroup spam

Newsgroup spam pre-dates e-mail spam, and targets Usenet newsgroups. Old Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). Since posting to newsgroups is nearly as easy as sending e-mails, newsgroups are a popular target of spammers. The Breidbart Index was developed to provide an objective measure of the "spamminess" of a multi-posted or cross-posted message on Usenet.

Mobile phone spam

Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to consumers not only for the inconvenience but also because they sometimes have to pay to receive the text message.

Internet telephony spam

It has been predicted that voice over IP (VoIP) communications will be vulnerable to being spammed by pre-recorded messages. Although there have been few reported incidents, some companies have already tried to sell defenses against it. [2]

Spam targeting search engines

Spamdexing

Spamdexing (a combination of spamming and indexing) refers to the practice on the World Wide Web of deliberately modifying HTML pages to increase the chance of them being placed high on search engine relevancy lists. People who do this are called search engine spammers. See also Google Bombing. In laymans terms, spamdexing is anything done to improve search engine ranking, this includes all forms of SEO, or search engine optimization.

Blog spam

In blog spam the targets are weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site. These link would in theory enhance the ranking of the target page in search engine indexes. [3]

Wiki spam

Wikis are also a target of search engine spam, quite similar to blog spam. If you notice spamming/vandalism on Wikipedia please report it at Vandalism in progress.

Guestbook spam

Though more "old-school" than blogs or wikis, guestbooks are still present on some sites, and are subject to the same sorts of spam.

Referer spam

A spammer makes repeated web site requests using a fake referer url pointing to a spam-advertised site. Sites that publicize their referer statistics will then also link to the spammer's site. Main article: Referer spam

Commercial uses

The most common purpose for spamming is advertising. Goods commonly advertised in spam include pornography, computer software, medical products such as Viagra, credit card accounts, and fad products. In part because of the bad reputation (and dubious legal status) which spamming carries, it is chiefly used to carry offers of an ill-reputed or questionably legal nature. Many of the products advertised in spam are fraudulent in nature, such as quack medications and get-rich-quick schemes. Spam is frequently used to advertise scams, such as diploma mills, advance fee fraud, pyramid schemes, stock pump-and-dump schemes and password phishing. It is also often used to advertise pornography indiscriminately, even in jurisdictions where it is illegal to transmit pornographic solicitations to minor children, or even for anyone to view it at all.

The use of spamming in other countries is often different. For example, in Russia spamming is commonly used by many mainstream legitimate businesses, such as travel agencies, printing shops, training centres, real estate agencies, seminar and conference organisers and even self-employed electricians and garbage collection companies. In fact, the most prominent Russian spammer was American English Center, a language school in Moscow. That spamming sparked a powerful anti-spam movement, including enraging the deputy minister of communications Andrey Korotkov and provoked a wave of counter attacks on the spammer through non-internet channels, including a massive telephone DDOS attack.

Comparison to postal "junk" mail

There are a number of differences between spam and junk mail:

• Unlike junk postal mail, the costs of spam paid for by the recipient's mail site commonly approach or even exceed those of the sender, in terms of bandwidth, CPU processing time, and storage space. Spammers frequently use free dial-up accounts, so their costs may be quite minimal indeed. Because of this offloading of costs onto the recipient, many consider spamming to be theft or criminal conversion.
• Junk mail can be said to subsidize the delivery of mail customers want to receive. For example, the United States Postal Service allows bulk mail senders to pay a lower rate than for first-class mail, because they are required to sort their mailings and apply bar codes, which makes their mail much cheaper to process. While some ISPs receive large fees from spammers, most do not — and most pay the costs of carrying or filtering unwanted spam.
• Another distinction is that the costs of sending junk mail provide incentives to be somewhat selective about recipients, whereas the spammer has much lower costs, and therefore much less incentive.
• Finally, bulk mail is by and large used by businesses who are traceable and can be held responsible for what they send. Spammers frequently operate on a fly-by-night basis, using the so-called "anarchy" of the Internet as a cover.

Non-commercial spam

E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political in nature. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and e-mail media with preaching messages.

Spamming has also been used as a denial of service tactic, particularly on Usenet. By overwhelming the readers of a newsgroup with an inordinate number of nonsense messages, legitimate messages can be lost and computing resources are consumed. Since these messages are usually forged (that is, sent falsely under regular posters' names) this tactic has come to be known as sporgery (from spam + forgery). This tactic has for instance been used by partisans of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology vs. the Internet) and by spammers against news.admin.net-abuse.e-mail, a forum for mail administrators to discuss spam problems. Applied to e-mail, this is termed mailbombing. The Meow Wars was a case of some persons launching Usenet denial of service attacks on various newsgroups.

In a handful of cases, forged e-mail spam has been used as a tool of harassment. The spammer collects a list of addresses as usual, then sends a spam to them signed with the name of the person he wishes to harass. Some recipients, angry that they received spam and seeing an obvious "source", will respond angrily or pursue various sorts of revenge against the apparent spammer, the forgery victim. A widely known victim of this sort of harassment was Joe's CyberPost, which has lent its name to the offense: it is known as a joe job. Such joe jobs have been most often used against anti-spammers: in more recent examples, Steve Linford of Spamhaus Project and Timothy Walton, a California attorney, have been targeted.

Spammers have also abused resources set up for purposes of anonymous speech online, such as anonymous remailers. As a result, many of these resources have been shut down, denying their utility to legitimate users.

E-mail worms or viruses may be spammed to set up an initial pool of infected machines, which then re-send the virus to other machines in a spam-like manner. The infected machines can often be used as remote-controlled zombie computers, for more conventional spamming or DDoS attacks. Sometimes trojans are spammed to phish for bank account details, or to set up a pool of zombies without using a virus.

Etymology

The term spam is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM luncheon meat. While a customer plaintively asks for some kind of food without SPAM in it, the server reiterates the SPAM-filled menu. Soon, a chorus of Vikings join in with a song, repeating "SPAM, SPAM, SPAM, SPAM" and singing "lovely SPAM, wonderful SPAM" over and over again, drowning out all conversation.

Although the first known instance of unsolicited commercial e-mail occurred in 1978 (unsolicited electronic messaging had already taken place over other media, with the first recorded instance being on September 13th 1904 via telegram), the term "spam" for this practice had not yet been applied. In the 1980s the term was adopted to describe certain abusive users who frequented BBSs and MUDs, who would repeat "SPAM" a huge number of times to scroll other users' text off the screen. This act, previously termed flooding or trashing, came to be called spamming as well. [4] By analogy, the term was soon applied to any large amount of text broadcast by one user, or sometimes by many users.

It later came to be used on Usenet to mean excessive multiple posting — the repeated posting of the same message. The first evident usage of this sense was by Joel Furr in the aftermath of the ARMM incident of March 31 1993, in which a piece of experimental software released dozens of recursive messages onto the news.admin.policy newsgroup. Soon, this use had also become established — to spam Usenet was to flood newsgroups with junk messages.

Commercial spamming started in force on March 5, 1994 when a pair of lawyers, Laurence Canter and Martha Siegel, began using bulk Usenet posting to advertise immigration law services. The incident was commonly termed the "Green Card spam", after the subject line of the postings. The two went on to widely promote spamming of both Usenet and e-mail as a new means of advertisement — over the objections of Internet users they labeled "anti-commerce radicals." Within a few years, the focus of spamming (and anti-spam efforts) moved chiefly to e-mail, where it remains today. [5]

There are two popular fake etymologies of the word "spam". The first, promulgated by Canter & Siegel themselves, is that "spamming" is what happens when one dumps a can of SPAM luncheon meat into a fan blade. The second is the backronym "shit posing as mail."

Hormel Foods Corporation, the makers of SPAM® luncheon meat, do not object to the Internet use of the term "spamming." However, they do ask that the capitalized word "SPAM" be reserved to refer to their product and trademark. [6] By and large, this request is obeyed in forums which discuss spam -- to the extent that to write "SPAM" for "spam" brands the writer as a newbie. However, Hormel has begun to press the trademark issue -- first, when a firm registered the trademark "SpamArrest" in 2003, Hormel sued to invalidate the mark, [7], and more recently two failed attempts to revoke the mark "spambuster".[8], [9]

Alternate meanings

The term "spamming" is also used in the older sense of something repetitious and disruptive by players of first-person shooter computer games. In this sense it refers to "area denial" tactics—repeatedly firing rockets or other explosive shells into an area—or to any tactic whereby a large volume of ammunition is expended in the hope of scoring a single hit.

MUD, MUSH, and MUCK players happily continue using the word in its original sense. When a player returns to the terminal after a brief break to find her screen filled with pages of random chat, that's still called "spam". [10]

Neither of these senses of the word imply that the "spamming" is abusive.

Costs of spam

Spam's direct effects include the consumption of computer and network resources, and the cost in human time and attention of dismissing unwanted messages. In addition, spam has costs stemming from the kinds of spam messages sent, from the ways spammers send them, and from the arms race between spammers and those who try to stop or control spam.

The methods of spammers are likewise costly. Because spamming contravenes the vast majority of ISPs' acceptable-use policies, most spammers have for many years gone to some trouble to conceal the origins of their spam. E-mail, Usenet, and instant-message spam are often sent through insecure proxy servers belonging to unwilling third parties. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. In some cases, they have used falsified or stolen credit card numbers to pay for these accounts. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs.

The costs of spam also can be taken to include the collateral costs of the struggle between spammers and the administrators and users of the media threatened by spamming. [11]

Many users are bothered by spam because it impinges upon the amount of time they spend reading their e-mail. Many also find the content of spam frequently offensive, in that pornography is one of the most frequently advertised products. Spammers send their spam largely indiscriminately, so pornographic ads may show up in a work place e-mail inbox — or a child's, the latter of which is illegal in many jurisdictions. Recently, there has been a noticable increase in spam advertising websites that contain child pornography.

Some spammers argue that most of these costs could potentially be alleviated by having spammers reimburse ISPs and individuals for their material. There are two problems with this logic: first, the rate of reimbursement they could credibly budget is unlikely to be nearly high enough to pay the cost; and second, the human cost (lost mail, lost time, and lost opportunities) is basically unrecoverable.

E-mail spam exemplifies a tragedy of the commons: spammers use resources (both physical and human), without bearing the entire cost of those resources. In fact, spammers commonly do not bear the cost at all. This raises the costs for everyone. In some ways spam is even a potential threat to the entire email system, as operated in the past.

Since E-mail is so cheap to send, a tiny number of spammers can saturate the Internet with junk mail. Although only a tiny percentage of their targets are motivated to purchase their products (or fall victim to their scams), the low cost sometimes provides a sufficient conversion rate to keep spamming alive. Furthermore, even though spam appears not to be economically viable as a way for a reputable company to do business, it suffices for professional spammers to convince a tiny proportion of gullible advertisers that it is viable for those spammers to stay in business. Finally, new spammers go into business every day, and the low costs allow a single spammer to do a lot of harm before finally realizing that the business is not profitable.

Political issues

Spamming remains a hot discussion topic. In fact, many online users have even suggested (presumably jokingly) that cruel forms of capital punishment would be appropriate for spammers. In 2004, the seized Porsche of an indicted spammer was advertised on the internet, which revealed the extent of the financial rewards available to those who are willing to waste everybody's time and was a popular item because the car had been confiscated, which was seen as tough justice, but also sweet vengeance. However, some of the possible ways to stop spamming may lead to other side effects, such as increased government control over the Net, loss of privacy, barriers to free expression or commercialisation of e-mail.

One of the chief values favored by many long-time Internet users and experts, as well as by many members of the public, is the free exchange of ideas. Many have valued the relative anarchy of the Internet, and bridle at the idea of restrictions placed upon it. A common refrain from spam-fighters is that spamming itself abridges the historical freedom of the Internet, by attempting to force users to carry the costs of material which they would not choose.

An ongoing concern expressed by parties such as the Electronic Frontier Foundation and the ACLU has to do with so-called "stealth blocking", a term for ISPs employing aggressive spam blocking without their users' knowledge. These groups' concern is that ISPs or technicians seeking to reduce spam-related costs may select tools which (either through error or design) also block non-spam e-mail from sites seen as "spam-friendly". SPEWS is a common target of these criticisms. Few object to the existence of these tools; it is their use in filtering the mail of users who are not informed of their use which draws fire.

Some see spam-blocking tools as a threat to free expression — and laws against spamming as an untoward precedent for regulation or taxation of e-mail and the Internet at large. Even though it is possible in some jurisdictions to treat some spam as unlawful merely by applying existing laws against trespass and conversion, some laws specifically targeting spam have been proposed. In 2004 United States passed the Can Spam Act of 2003 which provided ISPs with tools to combat spam. This act allowed Yahoo! to successfully sue Eric Head , reportedly one of the biggest spammers in the world, who settled the lawsuit for several thousand US dollars in June 2004. But the law is criticised by many for not being effective enough, and was supported by some spammers and organizations which support spamming, and opposed by many in the anti-spam community. Examples of effective anti-abuse laws that respect free speech rights include those in the US against unsolicited faxes and phone calls, and those in Australia and a few US states against spam.

Newsgroups

• news.admin.net-abuse.email
• news.admin.net-abuse.usenet
• others in news.admin.net-abuse.* hierarchy
• alt.spam

See also

• List of e-mail spammers
• Email fraud
• Make money fast
• Nigerian spam
• Spam wars
• Phishing
• Joe job
• Hashcash
• Messaging Anti-Abuse Working Group

Background

• Electronic mailing list
• Netiquette
• Advertising
• E-marketing

External links

• IETF views on spamming can be found in RFC 2635.

Anti-spam organizations

• Anti Spam Research Group
• CAUCE
• The Spamhaus Project
• spam.abuse.net
• The Abusive Hosts Blocking List

More writing on the subject

• Spamfo.co.uk Latest news on junk email, scams, fraud, legal aspects and reviews of software and services]
• Anti Spam Whitepapers and Software
• Spam Protection
• Getting Rid of Spam (summary)
• Spam FAQs
• The rules of spam, according to net.admin.net-abuse.email
• SpamNews.co.uk Delivering your daily slice of fresh Spam. All the spam news, all the time
• A List Apart: Win The Spam Arms Race
• California lawyer who sues spammers
• Address Munging FAQ: Spam-Blocking Your E-mail Address
• Library of Email Spam Reports and Articles
• Unsolicited Commercial E-mail Research Six Month Report by the Center for Democracy & Technology
• E-mail Address Harvesting: How Spammers Reap What You Sow by the Federal Trade Commission
• The spammers are watching you by Masons, a London-based international law firm
• The War Against Spam — a collection of reading material on the subject
• Yahoo Domain Keys: Another Ineffective Spam Solution — shumans.com article, Dec 6, 2003
• White paper from e-mail client developers
• Antiphishing CrusadeDaily News of phishing spam collected from around the net.
• Article by Andy Coote in SC Magazine June 2004
• SurferBeware.com Spam Help — General information for spam prevention, restricting known spammer IP addresses and spambots, as well as unwanted ads. Articles and easy to follow tutorials are also available.

Humor

• Spamusement A collection of humorously drawn cartoons inspired by actual spam subject lines.