Talk:E-mail spam

From Wikipedia, the free encyclopedia

This article is a former featured article candidate. Please view its sub-page to see why the nomination failed. For older candidates, please check the archive.

Contents 1 NPOV? 2 Is this image really needed? 3 No History section 4 Appropriate to Insert a "How Spam Operates" Segment Without Strong Supporting Evidence? 5 Pruning in progress 6 adding resource 7 Links 8 Kushnir murder 9 Bad picture 10 Motives? 11 Open proxies 12 First paragraph suggestion, please 13 Spam can only come from advertisers? 14 spam news 15 disagree with the advice to bypass valid e-mail forum registration 16 Category of spam 17 Spam without any ostensible purpose whatsoever 18 Inconsistent Statistics 19 External link section 20 Identifying spam

[edit] NPOV?

This caption for an image doesnt seem to follow the NPOV: "Today, spammers use infected Windows PCs to deliver spam. Many still rely on Web-hosting services on spam-friendly ISPs to make money.". Are Windows PCs the only computers infected? Inklein 06:38, 9 August 2006 (UTC)

By and large, yes. A great deal of email spam is sent through backdoors opened by Windows-only worms designed for that specific purpose. The Mydoom and Sobig worm families are infamous for this, but there are plenty of others. (See the discussion and citations on those articles.) Spammers and other criminals either commission the writing of these worms, or create a market by being willing to pay worm-writers for access to compromised systems.

Why target Windows? Windows worm-writing is evidently very well understood by the people who do it: worms can be mass-produced in long sequences of variants to extend their success; some worm families have seen hundreds of variants. In contrast, worm-writing for other platforms appears to be still in its infancy, with most worms being one-off pranks (like the Ramen worm for Linux) rather than organized criminal endeavors. Worms for Windows are effectively a professional criminal endeavor, as opposed to an amateur criminal endeavor like the vandalism-oriented worms that occasionally plague other systems. This is as much a sociological and economic fact as a technical one.

In any event, regardless of the cause, it is true that compromised Windows systems -- and often home PCs rather than servers -- are an major conduit of spam.

Not the only one, of course! Some spammers send spam directly from their own systems, operating on rogue ISPs. But the FTC estimates that 30% of spam is sent from worm-infected home (and home-office) PCs alone, and that's aside from that sent from worm-infected workplace desktops or servers. [1] --FOo 08:27, 9 August 2006 (UTC)

Another reference: [2] discusses tracking a botnet being used to send spam from infected Windows machines. A quote:

The file is a spam proxy Trojan named Win32.Ranky.fv.

"The entire scheme of mass infection is simply to facilitate the sending of spam. The proxy Trojan is also a bot of sorts; reporting in to a master controller to report its IP address and the socks port for use in the spam operation," Stewart said.

The point is not only that Windows PCs are being infected to send spam ... but also that the needs and wants of spammers are a major motivation of Windows users' current problems with worms and trojans. If it weren't for the spammers (who are willing to pay a lot for infected systems) there would be no financial motivation for most of the worm-writers. --FOo 22:49, 19 August 2006 (UTC)

[edit] Is this image really needed?

Is this image needed:

I know that wikipedia is not censored, but this seems to unnecessicarily add mature content to an article that does not really need it. The majority of spam (at least the stuff I get) seems to be appropriate. It also seems odd because it is a highly customized screenshot (not really windows), and there is not a license. Comments? Inklein 06:38, 9 August 2006 (UTC)

Huh? Wikipedia policy does not deal with "mature content" whatsoever. It is literally a non-issue for us here. The image appears to correctly represent a flood of spam. It's simply true that much of spam advertises pornography and "adult" products, as is depicted here.

As for a "highly customized screenshot", what does that have to do with anything? The depicted application is Mozilla Firefox, displaying Google Mail (the name of Google's Gmail in markets where another company owned "Gmail" as a trademark). Both are reasonably common, and Gmail looks like Gmail no matter what browser (or OS) you use it in.

The image is accurate and relevant. Of course, if you have a better one, feel free to propose it. --FOo 08:34, 9 August 2006 (UTC)

The skin used is Watercolor Blue, on Windows XP. Will ^{(Take me down to the Paradise City)} 12:08, 9 August 2006 (UTC)

[edit] No History section

Hi if anyone knows, please write a *history* section and talk about the origin of the word and the phenomenon.

[edit] Appropriate to Insert a "How Spam Operates" Segment Without Strong Supporting Evidence?

I'd like to insert a social engineering + Cracker (computing) (malicious hacking) hypothesis I have been unable to prove, or refute, since 2000, namely that spammers harvest e-mail addresses by intercepting popular (frequently forwarded and re-forwarded) messages and gathering the attached e-mail addresses. It's quite clear that these attacks are possible in transit (the "in-flight attack"; TO: CC: & BCC:) and after receipt (the "post-flight attack"; TO: & CC:) using the known text of the message as a search key. Once the message is found the e-mail addresses the forwarder has attached may be siphoned off.

This approach offers several advantages to the identity thief/spammer:

• The forwarder unknowingly vouches that e-mail addresses are valid and attended.
• More security conscious individuals have their e-mail addresses exposed when less-security conscious users aggregate them in a list, frequently an entire address book, and forward them on.
• Traffic can be increased by generating fraudulent content (i.e. hoaxes) designed encourage forwarding and re-forwarding.

By talking with a small number (> 10) of security experts at a few open source and security conferences and individually, I have validated this approach in principle (call this a Delphi_method). I've also found cautions against forwarding popular material on security related web pages. I have one example of a mailing designed to encourage re-forwarding that is linked to a spammer's web site. I must also say that I strongly intuit that this approach is a significant component of Spam and Identity Theft risk. However, none of that is a well controlled, statistically significant, Double blind, etc., study. While one might replicate these attacks, to be realistic, one must violate the privacy of the victims in such a study and compromise the security of computer and network systems not owned by the investigators. This presents immediate ethical issues, which is one reason I regard this issue as a Wicked_problem.

From the perspective of the Wikipedia, is it acceptable to write about this hypothesis, which is far from well established? Does it deserve its own article, linked to the main article here?

You can read more about me at my web page, and you will find a somewhat spam-protected e-mail box there: http://mysite.verizon.net/frautsch/ . I also have some unorganized notes about the details of each attack and about how might request others to cease including one's e-mail address in their broadcast lists. (Making these requests presents its own issues, since often the forwarder is not concerned about their own security, much less that of another person.) http://mysite.verizon.net/frautsch/conundrum.txt

Thank you for reading this.

Sincerely,

Mark Frautschi, Ph.D.

[edit] Pruning in progress

The article is long (>44k) and copies redundant material from other places. I'm going to make some (hopefully good) edits.

But, there will be a lot of those edits, so apologies in advance. Let me know here if you think I trimmed too much... thanks LordMac 10:03, 12 December 2005 (UTC)

[edit] adding resource

Hello all,

my name is Branislav Gerzo, and I'd like to add link resource to Avoiding Spam section. I coded, with my brother about 2 months www.2pu.net page, and I think nothing cool like this is on the web for now. Is there any criterion, how can be my webpage added? Please tell me. Thanks a lot.

I suppose trusting you, and letting dozens of people contact me through your service, is better than trusting those dozens of people directly. But why should I trust you not to sell my email address to a bunch of spammers? --DavidCary 00:28, 4 January 2006 (UTC)

I see your point of view, we can't trust on Internet to anybody. I am just ordinal man, who hate spam, so I coded this project to help people out here. But it is OK, if you don’t add this resource, I'm smart enough. Thanks anyway. --2ge 23:12, 3 February 2006 (UTC)

Your program looks interesting, and it may or may not be useful in combating spam, but your project is about hiding an email address, displayed on a website, from spammers' web spiders. It may be a useful tool in fighting spam, but it's not really about spam itself. Furthermore, yours is one tool out of hundreds online (if not thousands). You will notice that the article doesn't link to Spamhaus, or SPEWS, or Ironport, or Brightmail, or any of a long list of anti-spam websites. Wikipedia is not a collection of links. Your project would certainly be a good addition to the Open Directory Project, however. eaolson 00:51, 4 February 2006 (UTC)

[edit] Links

Why does this page have so many links to commercial spam-combating software? I thought this was a page about spam, not anti-spam (there is an article stopping e-mail abuse). I ask because while I was on RC patrol I removed one link added by anonymous user 81.17.107.146, thinking it was a one-off link-spam, but now I see there all the external links "Anti-spam organizations and prominent figures" and "Anti-spam tools and resources" are of this type. Should they all be reconsidered, or moved elsewhere? Should we reinstate the link added by 81.17.107.146? --RobertG ♬ talk 10:56, 23 Jun 2005 (UTC)

Many of these links are themselves spam. Please feel free to prune the lists. --FOo 12:59, 23 Jun 2005 (UTC)

[edit] Kushnir murder

I'll watch the news and press agencies, and make sure that this article will reflect what has really happened.

• If it turns out the entire story or just details are made up or merely rumours, I'll remove the offending material.
• I'll expand the article if more information becomes available.

Help is appreciated, but note that Wikipedia is not a discussion forum, so messages like "it's good/bad that this happened" don't belong here. Shinobu 19:29, 25 July 2005 (UTC)

The term "lynching" is utterly, massively inappropriate here, as it makes completely unsupported implications about the killers' motivations. Especially considering the influence of the Russian Mafia on Russian spamming and computer crime, there is no reason to suggest that anything like lynching happened. --FOo 23:20, 25 July 2005 (UTC)

Correct. I copied the phrasing from the original contributor without thinking about it. Sorry. Shinobu 05:49, 8 August 2005 (UTC)

[edit] Bad picture

While I know a large proportion of spam these days simply consists of an inline image, the current picture evokes popup advertising more than spam.

Here at random is the latest spam (at least in English) from my inbox:

Date: Wed, 17 Aug 2005 19:42:36 -0500
From: "Lenore Hogan" <ymark@didamail.com>
To: dmacks@chem.upenn.edu
Subject: Lowest rates in 45 years

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have been selected for our lowest rate in years...

 You could get over $420,000 for as little as $400 a month!

 Ba(d credit, Bank*ruptcy? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.p8refi.net/?id=a67



 Best Regards,

 Josef Hartley
 
 to be remov(ed:        http://www.p8refi.net/book

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.

69.86.80.141 18:32, 17 September 2005 (UTC)

[edit] Motives?

We ought to get together some decent information on why spammers bother. I was involved in a discussion on this a while back.... -- Smjg 12:46, 3 October 2005 (UTC)

[edit] Open proxies

This secton starts: "Within a few years, open relays became rare ..."

That's not really accurate. When spammers switched to open proxies there were still plenty open relay MTA systems available to them. They more likely switched for other reasons, one of which may be the upsurge in open relay honeypots. Even in the small numbers in which they were deployed open relay honeypots (and later, open proxy honeypots) had a major effect on spammers. The existing text amounts to a claim that open relay blocklists and the campaign to eliminate open relays had a signifciant effect in limiting spam. Any evidence for that being a major effect is slight - blocklists in general had only a local effect for those who used them, and the number of email addresses protected by blocklists was never large enough for the use of blocklists to cause the end of spam. In additon most blocklists, as used, are spammer-friendly: they tell the spammer when an abused system used to deliver spam has been listed, making it trivial for the spammer to stop abusing that system in favor of other, as-yet undiscovered, systrems.

Minasbeede 19:48, 21 December 2005 (UTC)

I guess I can agree that open relays have not become "rare", but I do think they have become rarer and that DNSBLs had a significant impact on their use.

For example, take a look at the statistics from the ordb open-relay DNSBL (http://ordb.org/statistics/relaycount/). Around Feb 2002, the growth of discovered open relays slowed dramatically, and for the last couple of years, it has been almost stagnant. Every spam source detected by spamcop is automatically submitted to ordb checking, so if an open relay has been used for spamming, it will likely show up on the ordb DNSBL. There was another open-relay DNSBL that had statistics that showed similar trends, but I last checked it a couple of years ago and I haven't bothered to find it.

Now, a great deal of the closing of open-relays is likely due to the fact that MTAs, such as sendmail, no longer come configured as open-relays by default. So, when people install new software or upgrade from older software, they won't be open relays. Most new open relays now a days are due to configuration errors and such. Whether open-relay DNSBLs caused MTA authors to change their software to no longer be open-relays by default may be debatable. I think it played a part though.

Wrs1864 17:21, 22 December 2005 (UTC)

[edit] First paragraph suggestion, please

"Perpetrators of such spam ("spammers") often harvest addresses of prospective recipients from Usenet postings or from web pages, obtain them from databases, or simply guess them by using common names and domains."

Why is there no mention in this paragraph of the fact that almost all spam today is addressed to emails that have been harvested by internet worms? It's pretty sad that people are still treating the internet like it's 1998. I'd consider this important enough to put right in the first paragraph.

Spam is unsolicited commercial email. Is there a worm that uses propagation tricks to harvest emails for commercial purposes? The only ones I know of (like Sircam) only harvest for the purposes of self-propagation, which is a different activity entirely from spam. - Keith D. Tyler ¶ 22:22, 17 January 2006 (UTC)

[edit] Spam can only come from advertisers?

That's news to me. In a common usage of the term spam, anyone who sends unwanted email to a list such as a newsgroup qualifies as a spammer. He or she may just be "advertising" him/herself, seeking attention, trying to disrupt a conversation, spewing out foul language, or whatever. I think it's strange that such a lengthy article could be written on spam which fails to acknowledge that spam can come from individuals with no commercial interest whatsoever.

The writer(s) of this article should have begun with a dictionary definition of spam such as this one:

Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail.

tr.v. spammed, spam·ming, spams

  1. To send unsolicited e-mail to.
  2. To send (a message) indiscriminately to multiple mailing lists, individuals, or newsgroups.

Maybe it's just me, but I don't see the words "commercial" or "advertising" there at all!!

Someone insert this image, it looks cool: http://www-128.ibm.com/developerworks/library/lol/spamato/spam-c07.jpg

The distinction of spam as advertising primarily comes from the usage in legal definitions, the reason for the legal definitions to focus almost exclusively on advertising is that it is an attempt to skirt first ammendment concerns (at least in the US). 207.71.25.113 16:22, 1 August 2006 (UTC)

[edit] spam news

http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNStory/Technology/home

[edit] disagree with the advice to bypass valid e-mail forum registration

"If a web site requests registration in order to allow useful operations, such as posting in Internet forums, a user may give a temporary disposable address—set up and used only for such a purpose—periodically deleting such temporary e-mail accounts from their e-mail servers. (Users should notify such forums of the new replacement addresses if they wish to continue interaction for valid purposes.) For example, free services such as spamgourmet.com and spamhole.com allow a user to create a temporary e-mail address which forwards e-mail to you for a set period of time, and then becomes invalid."

I have been webforum administrator for quite some time and this addresses at spamgourmet and others are ways for spammers to register and post spam on the forums. When possible I always ban this addresses. If I see a registration from one disposable e-mail address I ban and the IPs of the users. Maybe giving the advice to use a different e-mail from the production/work e-mail but never to use the temporary e-mail addresses. User_talk:Vtrain 14:59, 18 September 2006 (GMT+1)

[edit] Category of spam

Recently in my "bulk and spam folder" there have been a number of spam messages with what look like bits of stories/ongoing commentry on sports fixtures etc, some of it veering towards Finnegans Wake obscurity. Is this a new category of spam, does it have a name and who creates it?

Probably just crunk they chuck in to try and pass spam filters better. I've had quotes from The Hobbit and poor erotic fiction turn up as well. Nimmo 09:29, 31 October 2006 (UTC)

[edit] Spam without any ostensible purpose whatsoever

The traditional idea of "spam" is becoming almost irrelevant to the nuisance mail that I am receiving. Usually any offers made of products or services seem poorly designed to promote a sale, and much of the nuisance mail is not even nominally intended to sell a product or service. For example, consider this message, titled "centennial transitory":

Other benefits include shifting the political influence on politicians from the parties to the people of their local constituencies as well as giving the voter a greater choice of candidates. We are all stronger in having a united front. As it is for now a ground swell of interest in the referendum is trying to put the right pressure on the Government to bring this to the people now rather than later. They come here because we still have the most accessible and richest natural areas with the greatest biodiversity and beauty on the planet. It is something that should be cherished and guarded and ranked well ahead of Gordon Campbell balancing his budget or pushing oil drilling in Hecate Strait. Sprachprobleme gebe es laut dieser Studie in Frankreich nicht. The recent explosion of blogs on the internet has fragmented the information distribution process by creating far too many options for online pundits. ... (The message goes on to address, in disjointed fashion, everything from Canadian logging to the war in Iraq, but with no underlying sentience. This portion is reproduced per "fair use", but I would be happy to replace it with a credit to the true copyright holder, if known)

Fortunately, this message was still flagged by a university spam filter from a blocked IP, but it is clearly intended to be troublesome to weed out by eye - and for no other obvious purpose. The only parties that I can imagine would benefit from such spam are those who offer for-profit spam filter or "certified e-mail" services. This Wikipedia entry would benefit greatly if experts would contribute their insight into the origins of this type of nuisance e-mail.

• Usually when I get crap like that, there's an image attached to the email with the actual advertisement; the text stuff is just to get past filters. --jpgordon^∇∆∇∆ 16:57, 23 October 2006 (UTC)

Is there a name for such "creative writing" spam (as there seems to be rather a lot of it) - though some of the text appears to have been used to set up the pages for placement of faked adverts (what is the publishing page infil text - lorem something?).

[edit] Inconsistent Statistics

The statistics in this article aren't in agreement. If these are estimates from different sources, it should be clear about that rather than stating them as facts.

In the overview, the article states:

An estimated 55 billion e-mail spam were sent each day in June 2006, an increase of 20 billion per day from June 2005.

Under statistics, it says:

2005 - (June) 30 billion per day

Under news, it says:

The report also found 55 billion daily spam emails in June 2006, a large increase from 35 billion daily spam emails in June 2005.

[edit] External link section

IMHO, the external link section for this page could be loads smaller, and most of the links there don't add any info... What do others think of this? --Jdevalk 23:39, 19 November 2006 (UTC)

I agree, the external link section could be cleaned up. Sadly, this article is not alone with the problem of spam links and I have pretty much given up on trying to remove them from the wikipedia. Wrs1864 05:49, 25 November 2006 (UTC)

[edit] Identifying spam

Perhaps there could be an article on identifying spam.

Categories would include:

Variants on Spanish Prisoner scam

"Bank update"

Weird-story-fragments

Bizarre products of a mostly adult nature.

"Strange spelllin gs" and "grammar as it is not wrote"

etc. (Add comment about Wikipedia limitations). Jackiespeel 18:17, 4 December 2006 (UTC)