Spam (electronic)

From Wikipedia, the free encyclopedia

Spamming is the abuse of electronic messaging systems to send unsolicited bulk messages, which are generally undesired. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, mobile phone messaging spam, internet forum spam and junk fax transmissions. Spam can be also called junk mail at times. Because many people don't like spam, many emailing companies have created a bulk file in users' email addresses to sort out the spam. However, not all messages can be spam in the bulk folder. The bulk folder only sorts out what it suspects is spam.

Spamming is economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in many jurisdictions.

Contents 1 Spamming in different media 1.1 Messaging spam 1.2 Chat spam 1.3 Newsgroup spam and Forum spam 1.4 Mobile phone spam 1.5 Online game messaging spam 1.6 Spam targeting search engines (Spamdexing) 1.7 Blog, wiki, and guestbook spam 2 Noncommercial spam 2.1 Hobbit Spam 2.2 Spam as denial of service 2.3 In Gaming 3 History 4 Costs of spam 4.1 General Costs of Spam 5 In Crime 6 Political issues 7 Court cases 7.1 United States 7.2 United Kingdom 8 References 9 Newsgroups 10 See also 11 External links

[edit] Spamming in different media

[edit] Messaging spam

Main article: Messaging spam

Messaging spam, sometimes termed spim (a portmanteau of spam and IM, short for instant messenger), makes use of instant messaging systems, such as AOL Instant Messenger or ICQ. Many IM systems offer a user directory, including demographic information that allows an advertiser to gather the information, sign on to the system, and send unsolicited messages. To send instant messages to millions of users requires scriptable software and the recipients' IM usernames. Spammers have similarly targeted Internet Relay Chat channels, using IRC bots that join channels and bombard them with advertising.

Messenger service spam has lent itself to spammer use in a particularly circular scheme. In many cases, messenger spammers send messages to vulnerable Windows machines consisting of text like "Annoyed by these messages? Visit this site." The link leads to a Web site where, for a fee, users are told how to disable the Windows messenger service. Though the messenger service is easily disabled for free, the scam works because it creates a perceived need and offers a solution. Often the only "annoying messages" the user receives through Messenger are ads to disable Messenger itself. It is often using a false ID to get money or credit card numbers.

[edit] Chat spam

Main article: Chat spam

Chat spam can occur in any live chat environment like IRC and in-game multiplayer chat of online games. It consists of repeating the same word or sentence many times to get attention or to interfere with normal operations. It is generally considered very rude and may lead to swift exclusion of the user from the used chat service by the owners or moderators.

The application of the name "Spam" to unwanted communication originates in Chat-room spam. Specifically, it was developed in the chat-rooms of People-Link in the early 1980’s as a technique for getting rid of unwelcome newcomers. When someone would enter a chat-room full of friends who were in mid-conversation, and the newcomer tried to turn the conversation in an unwelcome direction (usually trolling for cybersex), two veteran members of the room would begin typing in the Monty Python “Spam” routine at high speed. They would fill the screen with “Spam Spam Spam eggs Spam Spam and Spam” etc, and make all other communication impossible. The other members of the room would just wait quietly until the newcomer got disgusted and moved on to a different room.

Chat Spamming is also against in the rules in some games as it interrupts people's activities.

[edit] Newsgroup spam and Forum spam

Main article: Newsgroup spam

Main article: Forum spam

[edit] Mobile phone spam

Main article: Mobile phone spam

Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to customers not only for the inconvenience but also because of the fee that they are charged per text message. The term "SpaSMS" was coined at the adnews website Adland in 2000 to describe spam SMS.

[edit] Online game messaging spam

Many online games allow players to contact each other via player-to-player messaging, chatrooms, or public discussion areas. What qualifies as spam varies from game to game, but usually this term applies to all forms of message flooding, violating the terms of service contract for the website.

[edit] Spam targeting search engines (Spamdexing)

Main article: Spamdexing

Spamdexing (a portmanteau of spamming and indexing) refers to the practice on the World Wide Web of modifying HTML pages to increase the chances of them being placed high on search engine relevancy lists. These sites use "black hat search engine optimization techniques" to unfairly increase their rank in search engines. Many modern search engines modified their search algorithms to try to exclude web pages utilizing spamdexing tactics.

[edit] Blog, wiki, and guestbook spam

Main article: Spam in blogs

Blog spam, or "blam" for short, is spamming on weblogs. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site.^[1] Similar attacks are often performed against wikis and guestbooks, both of which accept user contributions.

[edit] Noncommercial spam

E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and e-mail media with preaching messages. A growing number of criminals are also using spam to perpetrate various sorts of fraud,^[2] and in some cases have used it to lure people to locations where they have been kidnapped, held for ransom, and even murdered.^[3]

[edit] Hobbit Spam

In early July 2006 there has been an enormous increase in unsolicited messages from a spoofed address with approximately half a dozen random letter subjects, containing nothing but three lines from JRR Tolkien's The Hobbit. This follows fairly closely another similar form dubbed "discordian poetry" that appeared to used a random word generator of the same. The messages had no attempt to sell anything; it was theorised that this was a script kiddie ineptly running a spam suite. This was confirmed when shortly afterward the same format messages began appearing with image files overlaying the text (a common spam technique). It is suspected to be a variation from the same source and image overlays will begin appearing.^[4]

[edit] Spam as denial of service

Spamming has also been used as a denial of service ("DoS") tactic, particularly on Usenet. By overwhelming the readers of a newsgroup with an inordinate number of nonsense messages, legitimate messages and computing resources can be lost in the deluge. Since these messages are usually forged (that is, sent falsely under regular posters' names) this tactic has come to be known as sporgery (from spam + forgery). This tactic has for instance been used by members of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology versus the Internet) and by spammers against news.admin.net-abuse.email, a forum for mail administrators to discuss spam problems. Applied to e-mail, this is termed mailbombing. The Usenet Meow Wars (around 1996) were DoS attacks on various newsgroups aimed at specific posters that disrupted the newsgroups where they were active. The DoS attacks launched by Hipcrime, which continue today, are more crafted as DoS attacks on entire newsgroups. The alt.sex newsgroups were rendered uninhabitable by commercial porn site spammers, partially for advertising purposes and partially to destroy a perceived free competitor. (This spawned the creation of the moderated, unspammable soc.sexuality newsgroups.)

Forged e-mail spam has been used as a tool of harassment. The spammer collects a list of addresses, then sends a spam to them signed with the name of the person he or she wishes to harass. Some recipients, angry they received spam and seeing an obvious "source", will respond angrily or pursue revenge against the apparent spammer, the forgery victim. A widely known victim of this sort of harassment was Joe's CyberPost,^[5] which has lent its name to the offense: it is known as a joe job. "Joe jobs" have been used against antispammers: in recent examples, Steve Linford of Spamhaus Project and Timothy Walton, a California attorney, have been targeted. Sometimes victims (such as ROKSO-listed spammers) are subscribed to lists that don't practice verified opt-in, such as magazine subscriptions and e-mail newsletters, a practise known as subscriptionbombing.

Spammers have abused resources set up for the purposes of anonymous speech online, such as anonymous remailers. Many of these resources have been shut down, denying their services to legitimate users.

E-mail worms or viruses may be spammed to set up an initial pool of infected machines, which resend the virus to other machines in a spam-like manner. The infected machines can often be used as remote-controlled zombie computers, for more spamming or DDoS attacks. trojans are spammed to phish for bank account details, or to set up a pool of zombies without using a virus.

[edit] In Gaming

Main article: Spam (computer game)

In gaming, spamming is often used to describe repetitive and disruptive behavior.

In first person shooter type games, spamming refers to tactics where a player repeatedly and randomly fires into an area in the hope of scoring chance hits. Many games attempt to limit this by providing scenarios such as Capture the Flag.

Spamming also describes players who repeatedly use a particular move to gain benefits over other players. This is often seen in PvP combat as well as MMORPG games.

The term also refers to the flooding of the in-game chat with frequent messaging, this is similar to messaging spam mentioned above.

[edit] History

Main article: History of spamming

The term spam is derived from the Monty Python SPAM sketch (see video in External Links), set in a cafe where nearly every item on the menu includes SPAM luncheon meat. As the server recites the SPAM-filled menu, a chorus of Viking patrons drowns out all conversations with a song repeating "SPAM, SPAM, SPAM, SPAM... lovely SPAM, wonderful SPAM," hence "SPAMming" the dialogue. The excessive amount of SPAM mentioned in the sketch is a reference to British rationing during World War II. SPAM was one of the few foods that were widely available.

Although the first known instance of unsolicited commercial e-mail occurred in 1978^[6] (unsolicited electronic messaging had already taken place over other media, with the first recorded instance being via telegram on September 13, 1904^{[citation needed]}), the term "spam" for this practice had not yet been applied. In the 1980s the term was adopted to describe certain abusive users who frequented BBSs and MUDs, who would repeat "SPAM" a huge number of times to scroll other users' text off the screen.^[7] In early Chat rooms services like PeopleLink and the early days of AOL, they actually flooded the screen with quotes from the Monty Python Spam sketch. This was used as a tactic by insiders of a group that wanted to drive newcomers out of the room so the usual conversation could continue. It was also used to prevent members of rival groups from chatting -- for instance, Star Wars fans often invaded Star Trek chat rooms, filling the space with blocks of text until the Star Trek fans left.^[8] This act, previously called flooding or trashing, came to be known as spamming.^[9] The term was soon applied to a large amount of text broadcasted by many users.

It later came to be used on Usenet to mean excessive multiple posting—the repeated posting of the same message. The unwanted message would appear in many if not all newsgroups, just as SPAM appeared in all the menu items in the Monty Python sketch. The first usage of this sense was by Joel Furr in the aftermath of the ARMM incident of March 31, 1993, in which a piece of experimental software released dozens of recursive messages onto the news.admin.policy newsgroup. This use had also become established—to spam Usenet was flooding newsgroups with junk messages. As a portmanteau of "spew" and "scam", the word was also attributed to the flood of "Make Money Fast" messages that clogged many newsgroups during the 1990s.

Commercial spamming started in force on March 5, 1994, when a pair of lawyers, Laurence Canter and Martha Siegel, began using bulk Usenet posting to advertise immigration law services. The incident was commonly termed the "Green Card spam", after the subject line of the postings. The two went on to widely promote spamming of both Usenet and e-mail as a new means of advertisement—over the objections of Internet users they labeled "anti-commerce radicals." Within a few years, the focus of spamming (and antispam efforts) moved chiefly to e-mail, where it remains today.^[10]

There are three popular false etymologies of the word "spam". The first, promulgated by Canter & Siegel themselves, is that "spamming" is what happens when one dumps a can of SPAM luncheon meat into a fan blade. The second is the backronym "shit posing as mail." The third is similar, using "stupid pointless annoying messages."

Hormel Foods Corporation, the makers of SPAM luncheon meat, do not object to the Internet use of the term "spamming." However, they did ask (as recently as Jan 16, 2007 at 05:21:01 GMT^[11]) that the capitalized word "SPAM" be reserved to refer to their product and trademark.^[12] By and large, this request is obeyed in forums which discuss spam. In Hormel Foods v SpamArrest, Hormel attempted to assert its trademark rights against SpamArrest, a software company, from using the mark "spam," since Hormel owns the trademark. In a dilution claim, Hormel argued that Spam Arrest's use of the term "spam" had endangered and damaged "substantial goodwill and good reputation" in connection with its trademarked lunch meat and related products. Hormel also asserts that Spam Arrest's name so closely resembles its luncheon meat that the public might become confused, or might think that Hormel endorses Spam Arrest's products. Hormel did not prevail. Attorney Derek Newman responded on behalf of Spam Arrest: "Spam has become ubiquitous throughout the world to describe unsolicited commercial e-mail. No company can claim trademark rights on a generic term." Hormel stated on its website: "Ultimately, we are trying to avoid the day when the consuming public asks, 'Why would Hormel Foods name its product after junk email?'"^[13]

Hormel also made two attempts that were dismissed in 2005 to revoke the mark "SPAMBUSTER".^[14]

Hormel's Corporate Attorney Melanie J. Neumann also sent SpamCop's Julian Haight a letter on August 27, 1999 requesting that he delete an objectionable image (a can of Hormel's SPAM luncheon meat product in a trash can), change references to UCE spam to all lower case letters, and confirm his agreement to do so.^[15]

[edit] Costs of spam

The California legislature found that spam cost United States organizations alone more than $10 billion in 2004, including lost productivity and the additional equipment, software, and manpower needed to combat the problem.^{[citation needed]}

Spam's direct effects include the consumption of computer and network resources, and the cost in human time and attention of dismissing unwanted messages. In addition, spam has costs stemming from the kinds of spam messages sent, from the ways spammers send them, and from the arms race between spammers and those who try to stop or control spam. In addition, there are the opportunity cost of those who forgo the use of spam-afflicted systems. There are the direct costs, as well as the indirect costs borne by the victims - both those related to the spamming itself, and to other crimes that usually accompany it, such as financial theft, identity theft, data and intellectual property theft, virus and other malware infection, child pornography, fraud, and deceptive marketing.

The methods of spammers are likewise costly. Because spamming contravenes the vast majority of ISPs' acceptable-use policies, most spammers have for many years gone to some trouble to conceal the origins of their spam. E-mail, Usenet, and instant-message spam are often sent through insecure proxy servers belonging to unwilling third parties. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. In some cases, they have used falsified or stolen credit card numbers to pay for these accounts. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs.

The costs of spam also include the collateral costs of the struggle between spammers and the administrators and users of the media threatened by spamming. ^[16]

Many users are bothered by spam because it impinges upon the amount of time they spend reading their e-mail. Many also find the content of spam frequently offensive, in that pornography is one of the most frequently advertised products. Spammers send their spam largely indiscriminately, so pornographic ads may show up in a work place e-mail inbox—or a child's, the latter of which is illegal in many jurisdictions. Recently, there has been a noticeable increase in spam advertising websites that contain child pornography.

Some spammers argue that most of these costs could potentially be alleviated by having spammers reimburse ISPs and individuals for their material. There are two problems with this logic: first, the rate of reimbursement they could credibly budget is not nearly high enough to pay the direct costs; and second, the human cost (lost mail, lost time, and lost opportunities) is basically unrecoverable.

E-mail spam exemplifies a tragedy of the commons: spammers use resources (both physical and human), without bearing the entire cost of those resources. In fact, spammers commonly do not bear the cost at all. This raises the costs for everyone. In some ways spam is even a potential threat to the entire e-mail system, as operated in the past.

Since e-mail is so cheap to send, a tiny number of spammers can saturate the Internet with junk mail. Although only a tiny percentage of their targets are motivated to purchase their products (or fall victim to their scams), the low cost may provide a sufficient conversion rate to keep the spamming alive. Furthermore, even though spam appears not to be economically viable as a way for a reputable company to do business, it suffices for professional spammers to convince a tiny proportion of gullible advertisers that it is viable for those spammers to stay in business. Finally, new spammers go into business every day, and the low costs allow a single spammer to do a lot of harm before finally realizing that the business is not profitable.

Some companies and groups "rank" spammers; spammers who make the news are sometimes referred to by these rankings.^[17][18] The secretive nature of spamming operations makes it difficult to determine how proliferated an individual spammer is, thus making the spammer hard to track, block or avoid. Also, spammers may target different networks to different extents, depending on how successful they are at attacking the target. Thus considerable resources are employed to actually measure the amount of spam generated by a single person or group. For example, victims that use common antispam hardware, software or services provide opportunities for such tracking. Nevertheless, such rankings should be taken with a pinch of salt.

[edit] General Costs of Spam

In all cases listed above, including both commercial and non-commercial, "spam happens" due to a positive Cost-benefit analysis result.

Cost is the combination of

• Overhead: The costs and overhead of electronic spamming include bandwidth, developing or acquiring an email/wiki/blog spam tool, taking over or acquiring a host/zombie, etc.
• Transaction cost: The incremental cost of contacting each additional recipient once a method of spamming is constructed, multiplied by the number of recipients. (see CAPTCHA as a method of increasing transaction costs)
• Risks: Chance and severity of legal and/or public reactions, including damages and punitive damages
• Damage: Impact on the community and/or communication channels being spammed (see Newsgroup spam)

Benefit is the total expected profit from spam, which may include any combination of the commercial and non-commercial reasons listed above. It is normally linear, based on the incremental benefit of reaching each additional spam recipient, combined with the conversion rate.

Spam is prevalent on the Internet because the transaction cost of electronic communications is radically less than any alternate form of communication, far outweighing the current potential losses, as seen by the amount of spam currently in existence. Spam continues to spread to new forms of electronic communication as the gain (number of potential recipients) increases to levels where the cost/benefit becomes positive. Spam has most recently evolved to include wikispam and blogspam as the levels of readership increase to levels where the overhead is no longer the dominating factor. According to the above analysis, spam levels will continue to increase until the cost/benefit analysis is balanced^{[citation needed]}.

[edit] In Crime

Spam can be used to spread computer viruses, trojan horses or other malicious software. The objective may be identity theft, or worse (eg. advance fee fraud). Some spam attempts to capitalise on human greed whilst other attempts to use the victims inexperience with computers to trick them (eg. Phishing).

[edit] Political issues

Spamming remains a hot discussion topic. In 2004, the seized Porsche of an indicted spammer was advertised on the Internet;[1] this revealed the extent of the financial rewards available to those who are willing to commit duplicitous acts online. However, some of the possible means used to stop spamming may lead to other side effects, such as increased government control over the Internet, loss of privacy, barriers to free expression, and even the commercialization of e-mail.

One of the chief values favored by many long-time Internet users and experts, as well as by many members of the public, is the free exchange of ideas. Many have valued the relative anarchy of the Internet, and bridle at the idea of restrictions placed upon it.^{[citation needed]} A common refrain from spam-fighters is that spamming itself abridges the historical freedom of the Internet, by attempting to force users to carry the costs of material which they would not choose.

An ongoing concern expressed by parties such as the Electronic Frontier Foundation and the ACLU has to do with so-called "stealth blocking", a term for ISPs employing aggressive spam blocking without their users' knowledge. These groups' concern is that ISPs or technicians seeking to reduce spam-related costs may select tools which (either through error or design) also block non-spam e-mail from sites seen as "spam-friendly". SPEWS is a common target of these criticisms. Few object to the existence of these tools; it is their use in filtering the mail of users who are not informed of their use which draws fire.

Some see spam-blocking tools as a threat to free expression—and laws against spamming as an untoward precedent for regulation or taxation of e-mail and the Internet at large. Even though it is possible in some jurisdictions to treat some spam as unlawful merely by applying existing laws against trespass and conversion, some laws specifically targeting spam have been proposed. In 2004, United States passed the Can Spam Act of 2003 which provided ISPs with tools to combat spam. This act allowed Yahoo! to successfully sue Eric Head, reportedly one of the biggest spammers in the world, who settled the lawsuit for several thousand U.S. dollars in June 2004. But the law is criticized by many for not being effective enough. Indeed, the law was supported by some spammers and organizations which support spamming, and opposed by many in the antispam community. Examples of effective anti-abuse laws that respect free speech rights include those in the U.S. against unsolicited faxes and phone calls, and those in Australia and a few U.S. states against spam.

In November 2004, Lycos Europe released a screensaver called make LOVE not SPAM which made Distributed Denial of Service attacks on the spammers themselves. It met with a large amount of controversy and the initiative ended in December 2004.

[edit] Court cases

[edit] United States

Attorney Laurence Canter was disbarred by the Supreme Court of Tennessee in 1997 for sending prodigious amounts of spam advertising his immigration law practice.

Robert Soloway lost a case in a federal court against the operator of a small Oklahoma-based Internet service provider who accused him of spamming. U.S. Judge Ralph G. Thompson granted a motion by plaintiff Robert Braver for a default judgment and permanent injunction against him. The judgment includes a statutory damages award of $10,075,000 under Oklahoma law.^[19]

In 2005, Jason Smathers, a former America Online employee, plead guilty to charges of violating the CAN-SPAM ACT. In 2003, he sold a list of approximately 93 million AOL subscriber e-mails to Sean Dunaway who, in turn, sold the list to spammers.^[20][21]

[edit] United Kingdom

In the first successful case of its kind, Mr. Nigel Roberts from the Channel Islands won £270 against Media Logistics UK who sent junk e-mails to his personal account.^[22]

January 2007, the Sheriff Court in Scotland awarded Mr. Gordon Dick a £1368.66 against Transcom Internet Services Ltd.^[23] who allegedly breached anti-spam laws.^[24] It is the largest amount awarded in compensation in the United Kingdom since the Nigel Roberts case in 2005 above.

[edit] References

[edit] Newsgroups

• news.admin.net-abuse.email
• others in news.admin.net-abuse.* hierarchy
• alt.spam

[edit] See also

• SpamCop
• Network Abuse Clearinghouse
• Spam
• Nigerian spam
• Phishing
• E-mail fraud
• Make money fast
• Job Scams
• Internet Troll
• List of e-mail spammers
• Social networking spam
• Identity theft
• Virus (computer)
• Spamigation
• Defensive computing
• Address munging
• Junk mail

[edit] External links

• Federal Trade Comission page advising people to forward spam e-mail to them
• E-mail Address Harvesting: How Spammers Reap What You Sow by the Federal Trade Commission
• A list of the current top-25 IP addresses used for e-mail spamming, as identified by Project Honey Pot
• Slamming Spamming Resource on Spam
• Why am I getting all this spam? CDT
• Cybertelecom :: Federal SPAM law and policy

v • d • e This article is part of the Spamming series.
E-mail spam	DNSBL • Spamhaus • Anti-spam techniques • Spambot • Address munging • SORBS E-mail authentication • Directory Harvest Attack • SpamCop • Dictionary spamming
Spamdexing	Google bomb • Keyword stuffing • Cloaking • Link farm • Web ring Referer spam • Blog spam • Spam blogs
Telemarketing	Autodialer • Mobile phone spam • VoIP spam
Scams	Phishing • Advance fee fraud • Lottery scam • Make money fast • Pump and dump
Misc.	Messaging spam • Newsgroup spam • Flyposting History of spamming • Network Abuse Clearinghouse