Spam looks like a simple enough issue until you have to try to define it: after all, we all think we know it when we see it. Most people have a working definition along the lines of “email I don’t want.” While that’s perfectly understandable, it is difficult to implement technical solutions based on such a subjective definition. Read this paper to learn why SPAM is more than just unwanted email.
Spam-ish_Inquistion(Nov2007).indd 2 11/19/07 2:06:48 PMThe Spam-ish Inquisition
1
Table of Contents PageAbout the Authors 2Introduction 3Defining Spam 3Professional versus Amateur Spam 3Deceptive Elements 4Amateur Hour 5Why "Spam"? 7Spam and Pornography 7Spam Attacks 7Bombs Away 7Address Harvesting 8Spam Through the Ages 8First Sightings 9Newsgroup Spam 9Spreading Spam 10Spam Economics 11Other Spam Channels 11SPIM 11Text Messaging Spam 12Blog Spam 13Index Hijacking 14Junk Faxes 14Spam and Scams 14Make Money Fast 14Advance Fee Fraud 14Phishing Scams 16Mule Train 17Pump and Dump Scams 19Chain Letters and Hoaxes 19Spam and the Law 20CAN-SPAM 20European Directive 21Spam Countermeasures 22Blocklists 22Reputation Services 22Greylisting 22Whitelisting 23Text Filtering 23Heuristics 23Commercial Anti-Spam 24Conclusion: Living Spam-Free 25References 26Glossary 29
1-866-343-ESET (3738) www.eset.com
Spam-ish_Inquistion(Nov2007).indd 3 11/19/07 2:06:48 PMThe Spam-ish Inquisition
3
IntroductionSpam looks like a simple enough issue until you have to try to define it: after all, we all think we know it when we see it. Most people have a working definition along the lines of "email I don't want." While that's perfectly understandable, it is difficult to implement technical solutions based on such a subjective definition. (Actually, not all spam is email based, but we'll get back to that in a little while.) A fractionally less subjective definition is "email I didn't ask for." However, this doesn't really meet the case either. A percentage of most people's legitimate email is not only unsolicited but from people they don't know (or from whom they have had no pre-existing communications), which is by no means the same thing - for instance, business communications from a third-party, that directly relate to your business.Nevertheless, most spam falls into the categories of Unsolicited Bulk Email (UBE) and/or Unsolicited Commercial Email (UCE). That is, email which tries to sell you something, whether or not you want it and without any inquiry on your part. This paper will explain what spam is (and is not), provide a bit of the history behind the phenomenon and the responses, both technological and otherwise, that can be made to control it.
Defining SpamUCE is usually regarded as a subset of UBE, though it's a very considerable percentage of 'spammy' email, and many simply use the term UCE interchangeably with 'spam'. Bulk email, such as newsletters and mailing lists, don't usually count, since you "solicit" those communications by subscribing to the list. Of course, less scrupulous list masters may sign up harvested addresses, 'friends' may add you to lists that you didn't want, or an otherwise legitimate mailing list may be compromised or abused to carry spam, so there are cases where such communications could be considered spam. However, this is a minor exception rather than a general rule. Paul Vixie's [2] definition of email "spam", the one that's also used by the Spamhaus Project [3], is applied to mail that meets all three of the following conditions:. More or less the same message has been sent to multiple recipients (or potential recipients). That is, it doesn't take into account the "personal identity and context" of the individual recipient.. The recipient has not given "deliberate, explicit and still-revocable permission" to the spammer to send it to him or her.. The message is of value ("gives a disproportionate benefit") to the sender, not to the recipient.
Professional versus Amateur SpamWe sometimes find it useful to distinguish [4] between "professional" and "amateur" spam. By "professional" spam we mean what is sometimes referred to as "hardcore" spam, though this usage inevitably invites confusion with pornographic spam, which may well be "professional" in the sense in which we use it here, but constitutes a fairly small proportion of the spam totality. While there is no universally accepted definition for the term, we use it to refer to:
1-866-343-ESET (3738) www.eset.com
Spam-ish_Inquistion(Nov2007).indd 5 11/19/07 2:06:49 PMThe Spam-ish Inquisition
5
. Misspelling of keywords generally associated with spam (for example, using cial1s, cia_lis, rather than cialis) to confuse filters that use literal pattern-matches. More effective pattern matching algorithms use fuzzier matches: for instance, wildcards. To t... [download for more]
