The term spam is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM luncheon meat. As the server recites the SPAM-filled menu, presently a chorus of Viking patrons drowns out all normal conversation with a song, repeating “SPAM, SPAM, SPAM, SPAM” and singing “lovely SPAM, wonderful SPAM” over and over again, stopping all conversation, hence SPAMming the dialogue. The excessive amount of SPAM in the sketch comes from British rationing in World War II. SPAM was one of the few foods that was not restricted and widely available, so by the time of the sketch, the British were fed up with the luncheon meat. Another similarity is that everything on the menu comes with SPAM, therefore representing that you can’t order something without receiving something you don’t want, much like one can’t be active on the Internet and never have spam sent to your e-mail address(es).

Although the first known instance of unsolicited commercial e-mail occurred in 1978 (unsolicited electronic messaging had already taken place over other media, with the first recorded instance being via telegram on September 13, 1904), the term “spam” for this practice had not yet been applied. In the 1980s the term was adopted to describe certain abusive users who frequented BBSs and MUDs, who would repeat “SPAM” a huge number of times to scroll other users’ text off the screen. In the early Chat rooms in services like PeopleLink and the early days of AOL, they actually flooded the screen with sizeable quotes from the Monty Python routine. This was generally used as a tactic by insiders of a particular group who wanted to drive newcomers out of the room so the usual conversation could continue. This act, previously termed flooding or trashing, came to be called spamming as well. [1] By analogy, the term was soon applied to any large amount of text broadcast by one user, or sometimes by many users.

It later came to be used on Usenet to mean excessive multiple posting—the repeated posting of the same message. The first evident usage of this sense was by Joel Furr in the aftermath of the ARMM incident of March 31, 1993, in which a piece of experimental software released dozens of recursive messages onto the news.admin.policy newsgroup. Soon, this use had also become established—to spam Usenet was to flood newsgroups with junk messages.

Commercial spamming started in force on March 5, 1994, when a pair of lawyers, Laurence Canter and Martha Siegel, began using bulk Usenet posting to advertise immigration law services. The incident was commonly termed the “Green Card spam”, after the subject line of the postings. The two went on to widely promote spamming of both Usenet and e-mail as a new means of advertisement—over the objections of Internet users they labeled “anti-commerce radicals.” Within a few years, the focus of spamming (and antispam efforts) moved chiefly to e-mail, where it remains today. [2]

There are three popular fake etymologies of the word “spam”. The first, promulgated by Canter & Siegel themselves, is that “spamming” is what happens when one dumps a can of SPAM luncheon meat into a fan blade. The second is the backronym “shit posing as mail.” The third is similar, using “stupid pointless annoying messages.”

Hormel Foods Corporation, the makers of SPAM® luncheon meat, do not object to the Internet use of the term “spamming.” However, they do ask that the capitalized word “SPAM” be reserved to refer to their product and trademark. [3] By and large, this request is obeyed in forums which discuss spam—to the extent that to write “SPAM” for “spam” brands the writer as a newbie. However, Hormel has begun to press the trademark issue—first, when a firm registered the trademark “SpamArrest” in 2003, Hormel sued to invalidate the mark, [4], and more recently two failed attempts to revoke the mark “spambuster”.[5], [6]

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political in nature. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and e-mail media with preaching messages. A growing number of criminals are also using spam to perpetrate various sorts of fraud, and in some cases have used it to lure people to locations where they have been kidnapped, held for ransom and even murdered [1].

DoS spam

Spamming has also been used as a denial of service (”DoS”) tactic, particularly on Usenet. By overwhelming the readers of a newsgroup with an inordinate number of nonsense messages, legitimate messages can be lost and computing resources are consumed. Since these messages are usually forged (that is, sent falsely under regular posters’ names) this tactic has come to be known as sporgery (from spam + forgery). This tactic has for instance been used by partisans of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology vs. the Internet) and by spammers against news.admin.net-abuse.email, a forum for mail administrators to discuss spam problems. Applied to e-mail, this is termed mailbombing. The Usenet Meow Wars (circa 1996) were DoS attacks on various newsgroups aimed at specific posters, thus disrupting the newsgroups where they were active. The DoS attacks launched by Hipcrime, which continue today, are more specifically crafted as DoS attacks on entire newsgroups. The alt.sex newsgroups were rendered virtually uninhabitable by commercial porn site spammers, partially for advertising purposes and partially to destroy a perceived free competitor. (This spawned the creation of the moderated, unspammable soc.sexuality newsgroups.)

In a handful of cases, forged e-mail spam has been used as a tool of harassment. The spammer collects a list of addresses as usual, then sends a spam to them signed with the name of the person he wishes to harass. Some recipients, angry that they received spam and seeing an obvious “source”, will respond angrily or pursue various sorts of revenge against the apparent spammer, the forgery victim. A widely known victim of this sort of harassment was Joe’s CyberPost, which has lent its name to the offense: it is known as a joe job. Such joe jobs have been most often used against antispammers: in more recent examples, Steve Linford of Spamhaus Project and Timothy Walton, a California attorney, have been targeted. Sometimes victims (such as ROKSO-listed spammers) are subscribed to lists that don’t practice verified opt-in, such as magazine subscriptions and e-mail newsletters, a practise known as subscriptionbombing.

Spammers have also abused resources set up for purposes of anonymous speech online, such as anonymous remailers. As a result, many of these resources have been shut down, denying their utility to legitimate users.

E-mail worms or viruses may be spammed to set up an initial pool of infected machines, which then resend the virus to other machines in a spam-like manner. The infected machines can often be used as remote-controlled zombie computers, for more conventional spamming or DDoS attacks. Sometimes trojans are spammed to phish for bank account details, or to set up a pool of zombies without using a virus.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

The most common purpose for spamming is advertising. Goods commonly advertised in spam include pornography, unlicensed computer software, medical products such as Viagra, credit card accounts, and fad products. In part because of the bad reputation (and dubious legal status) which spamming carries, it is chiefly used to carry offers of an ill-reputed or legally questionable nature. Many of the products advertised in spam are fraudulent in nature, such as quack medications and get-rich-quick schemes. Spam is frequently used to advertise scams, such as diploma mills, advance fee fraud, pyramid schemes, stock pump-and-dump schemes, and phishing. It is also often used to advertise pornography without regard to the age of the recipient, or the legality of such material in the recipient’s location.

One of the most common ad spams is the computer software program GAIN. Also known as Gator or Claria or Dashbar, this insidious program hides itself within the active programs running on your computer and will collect information on internet habits. Based on the websites you visit, it will then send you “relevant” advertising at random intervals. Unfortunately, this program is often attached and automatically installed with popular “free” software, such as many P2P filesharing clients. Even removing GAIN from your computer can sometimes prove difficult, as it leaves traces of itself even after uninstallation or removal by third party spyware programs.

Spam has different levels of acceptability in different countries. For example, in Russia spamming is commonly used by many mainstream legitimate businesses, such as travel agencies, printing shops, training centers, real estate agencies, seminar and conference organizers, and even self-employed electricians and garbage collection companies. In fact, the most prominent Russian spammer was American English Center, a language school in Moscow. That spamming sparked a powerful antispam movement by enraging the Deputy Minister of Communications Andrey Korotkov and provoking a wave of counterattacks on the spammer through non-Internet channels, including a massive telephone DDOS (Distributed Denial of Service) attack.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Spamdexing (a portmanteau of spamming and indexing) refers to the practice on the World Wide Web of deliberately modifying HTML pages to increase the chance of them being placed high on search engine relevancy lists. People who do this are called search engine spammers. In layman’s terms, spamdexing is using unethical means known as “black hat seo techniques” to unfairly increase the rank of sites in search engines. When a website is optimized to be indexable by a search engine, without trying to deceive its web crawler, this is called search engine optimization. To be sure, there is much gray area between white-hat search engine optimization and black-hat spamdexing.

Blog, wiki, guestbook, and referrer spam

Google’s PageRank system uses the number of links to a page as an index of its “importance”. Ordinarily, very few pages will link to a spammer’s commercial site, because it is of no interest to anyone else, and hence it will have a very low PageRank score. To counter this effect, spammers attempt to create links to their sites on other people’s pages.

The most common targets for this kind of spam are weblogs, the spamming then being known as blog spam, or “blam” for short. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer’s commercial web site. [3]

Similar attacks are often performed against wikis and guestbooks, both of which accept user contributions; something that consistantly impresses and confounds critics of Wikipedia is its remarkable lack of spam, in spite of having nearly one million articles and over two million pages.

On January 18, 2005, Google proposed a rel="nofollow" attribute that could be placed on a link; doing so instructs most major search engines to ignore the link, rendering it useless to spammers. Software is then rewritten to add this attribute to any link embedded in a comment. As of April 2005, nofollow has seen expanding usage, but is not yet universal. [4]

As well as comment forms, editable pages and guestbooks, some sites publish a list of the most common referrers to their site in order to show how readers have found it. These lists have also been exploited by spammers with so-called referer spam, in which the spammer makes repeated web site requests using a fake referer URL pointing to a spam-advertised site. That URL will later appear as a link on the site, boosting the PageRank of its target.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Mobile phone spam

Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to consumers not only for the inconvenience but also because they sometimes have to pay to receive the text message.

Internet telephony spam

It has been predicted that voice over IP (VoIP) communications will be vulnerable to being spammed by prerecorded messages. Although there have been few reported incidents, some companies have already tried to sell defenses against it. [2]

Online game messaging spam

Many online games allow players to contact each other via player-to-player messaging, or chatrooms or public discussion areas.

What qualifies as spam varies from game to game, but usually this term is applied to all forms of flooding the game with messages; in case of MUDs, the problem is usually the same as with other chat services.

Many games have strict rules on what kind of communication is acceptable in the games. Frequently, the terms of service don’t allow promotion of external websites except on very strict terms (for example, URLs may be allowed on player profiles, but not anywhere else), and promotion of websites in-game is usually very much frowned on in any case.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Newsgroup spam predates e-mail spam, and targets Usenet newsgroups. Old Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). Since posting to newsgroups is nearly as easy as sending e-mails, newsgroups are a popular target of spammers. The Breidbart Index was developed to provide an objective measure of the “spamminess” of a multi-posted or cross-posted message on Usenet.

Spamming an internet forum in general, is when a user posts something which is off-topic or doesn’t have anything to do with the current subject. Also, a post that doesn’t contribute to the thread whatsoever is also considered spam in some cases. A third form of Forum Spamming is where a person repeatedly posts about a certain subject in a manner that is unwanted by (and possibly annoying to) the general population of the forum. Lastly there is also the case where a person posts messages solely for the purpose of increasing his or her ranking on the forum. In a broader sense, advertising on forums where it is not wanted is known as spamming and is generally seen as an annoyance.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Messaging spam, sometimes termed spim (a portmanteau of spam and IM, short for instant messenger), makes use of instant messaging systems, such as AOL Instant Messenger or ICQ. Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages. To send instant messages to millions of users on most IM services merely requires scriptable software and the recipients’ IM usernames. Spammers have similarly targeted Internet Relay Chat channels, using IRC bots that join channels and bombard them with advertising messages. Because most IM protocols are proprietary, it is easier to enact unilateral changes to make spamming more difficult.

A similar sort of spam can be sent with the Messenger Service in Microsoft Windows. The Messenger Service is an SMB facility intended to allow servers to send pop-up alerts to a Windows workstation. When Windows systems are connected to the Internet with this service running and without an adequate firewall, it can be used to send spam. The Messenger Service can, however, be easily disabled. [1]

Messenger service spam, in particular, has lent itself to spammer use in a particularly circular scheme. In many cases, messenger spammers send messages to vulnerable Windows machines consisting of text like “Annoyed by these messages? Visit this site.” The link leads to a Web site where, for a fee, users are told how to disable the Windows messenger service. Though the messenger service is easily disabled for free by the user, this scam works because it creates a perceived need and then offers an immediate solution. Oftentimes, the only “annoying messages” the user is receiving through Messenger are advertisements to disable Messenger itself.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

E-mail spam is by far the most common form of spamming on the internet. It involves sending identical or nearly identical unsolicited messages to a large number of recipients. Unlike legitimate commercial e-mail, spam is generally sent without the explicit permission of the recipients, and frequently contains various tricks to bypass e-mail filters. Modern computers generally come with some ability to send spam. The only necessary added ingredient is the list of addresses to target.

Spammers obtain e-mail addresses by a number of means: harvesting addresses from Usenet postings, DNS listings, or Web pages; guessing common names at known domains (known as a dictionary attack); and “e-pending” or searching for e-mail addresses corresponding to specific persons, such as residents in an area. Many spammers utilize programs called web spiders to find e-mail addresses on web pages, although it is possible to fool the web spider by substituting the “@” symbol with another symbol, for example “#”, while posting an e-mail address.

Many e-mail spammers go to great lengths to conceal the origin of their messages. They might do this by spoofing e-mail addresses (similar to Internet protocol spoofing). In this technique, the spammer modifies the e-mail message so it looks like it is coming from another e-mail address. However, many spammers also make it easy for recipients to identify their messages as spam by placing an ad phrase in the From field—very few people have names like “GetMyCigs” or “Giving away playstation3s”!

Among the tricks used by spammers to try to circumvent the filters is to intentionally misspell common spam filter trigger words. For example, “viagra” might become “vaigra”, or other symbols may be inserted into the word as in “v/i/a/g./r/a”. The human mind can handle a surprising degree of corruption, but sometimes this tactic can backfire, rendering a message illegible. ISPs have begun to use the misspellings themselves as a filtering test.

The most dedicated spammers—often those making a great deal of money or engaged in illegal activities, such as the pornography, casinos and Nigerian scammers—are often one step ahead of the ISPs. Reporting them to your ISP may help block less sophisticated spammers in the future.

So-called “spambots” are a major producer of e-mail spam. The worst spammers create e-mail viruses that will render an unprotected PC a “zombie computer”; the zombie will inform a central unit of its existence, and the central unit will command the “zombie” to send a low volume of spam. This allows spammers to send high volumes of e-mail without being caught by their ISPs or being tracked down by antispammers; a low volume of spam is instead sent from many locations simultaneously. Many consumer-level ISPs (Earthlink, for example) stop spambots by blocking the SMTP port (port 25), although there are some users who make legitimate use of it.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Video: The Nigerian Email Spam Scam

A KMail folder full of spam e-mail messages collected over a few days.

Spamming is commonly defined as the sending of unsolicited bulk e-mail - that is, email that was not asked for (unsolicited) by multiple recipients (bulk). A further common definition of spam restricts it to unsolicited commercial e-mail, a definition that does not consider non-commercial solicitations such as political or religious pitches, even if unsolicited, as spam.

In the popular eye, the most common form of spam is that delivered in e-mail as a form of commercial advertising. However, over the short history of electronic media, people have spammed for many purposes other than the commercial, and in many media other than e-mail. Spammers have developed a variety of spamming techniques, which vary by media: e-mail spam, instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, and mobile phone messaging spam.

Spamming is economically viable because advertisers have effectively no operating costs beyond the management of their mailing lists. Because the barrier to entry is so low, the volume of unsolicited mail has produced other costs which are borne by the public (in terms of lost productivity and fraud) and by Internet service providers, which must add extra capacity to cope with the deluge. Spamming is widely reviled, and has been the subject of legislation in a number of jurisdictions.

Solutions to the spam problem

All manner of attempts have been made to curb unsolicited mass electronic communications. There are many solution categories in this constantly evolving field. Source-based blocking solutions prevent receipt of spam, while content filtering solutions identify spam after it’s been received. There are avoidance strategies, including disposable identities. Automated cancellation of netnews spam is ongoing. Contractual measures such as Internet Service Providers’ acceptable-use policies are also employed. Anti-spam laws such as the CAN-SPAM Act of 2003 have also been introduced to regulate or increase the legal penalties for spamming. Various vigilante and retaliatory tactics are also employed. Newer strategies include various cost-based and e-mail authentication and sender reputation solutions. The best means however is to be vigilant as to whom you give your email address. Constant distribution of your email address is bound to result in spam in some way. The best frame of mind is to decide whether the website can be trusted with your email address.

Newsgroups

• news.admin.net-abuse.email
• others in news.admin.net-abuse.* hierarchy
• alt.spam

Links

• IETF views on spamming can be found in RFC 2635.
• Ursine:Spam - Spam article in The Jargon Wiki.
• DMOZ Open Directory
  • Webmaster Forums at the Open Directory Project
• CircleID: Addressing Spam
• Spam Blocker Crawler Free public service for scanning guestbooks on link spam and send abuse in the Google and spammer’s hoster.

Anti-spam organizations

• Anti Spam Research Group
• CAUCE
  • APCAUCE - CAUCE Asia Pacific
• The Spamhaus Project
• Fight Spam on the Internet!
• Messaging Anti-Abuse Working Group
• OECD Antispam Toolkit

Anti-spam articles and publications

• Spam In Developing Countries - part of the OECD Antispam Toolkit
• AOL Postmaster Pages - What to do if AOL blocks you
• Outblaze Antispam Pages - Articles on spam filtering by the postmaster staff at Outblaze
• SpamKings Blog by Brian McWilliams
• SpamHelp Anti-Spam Articles
• Anti Spam Whitepapers and Software
• Anti-Spam Topics
• Antiphishing Crusade Daily News of phishing spam collected from around the net.
• Article by Andy Coote in SC Magazine June 2004
• California lawyer who sues spammers
• E-mail Address Harvesting: How Spammers Reap What You Sow by the Federal Trade Commission
• Email Battles Daily news about spam, security, privacy, spyware, phishing and viruses from the front lines of the e-mail wars.
• Getting Rid of Spam (summary)
• Library of E-mail Spam Reports and Articles
• Spam FAQs
• Spamfo.co.uk News on junk e-mail, scams, fraud, legal aspects and reviews of software and services.
• SpamNews.co.uk Delivering your daily slice of fresh Spam. All the spam news, all the time
• Suggestions on how to choose an e-mail address and how to disclose it with care
• The rules of spam, according to net.admin.net-abuse.email
• The War Against Spam — a collection of reading material on the subject
• Unsolicited Commercial E-mail Research Six Month Report by the Center for Democracy & Technology
• UPI article about the economic effects of spam
• White paper from e-mail client developers
• Yahoo Domain Keys: Another Ineffective Spam Solution — shumans.com article, Dec 6, 2003
• Spam Techniques Research — do.homeunix.org paper and wiki, Jul 7, 2005
• A tool that deals with referer spam
• How to deny access to spam bots
• Why I Hate Spam by Bill Gates, The Wall Street Journal, June 23, 2003.
• Artist turns mortgage loan and Viagra spam into art Vyuz.com

Humor

• Spamusement A collection of humorously drawn cartoons inspired by actual spam subject lines.
• The Incredible Spam Museum A search engine like site that collects and publish spam e-mails.
• Spamradio Turns spam e-mail into online music streams.
• Spam Eulogy A guy that lives in a world of spam.
• WhamBamSpam Website that wants you to spam it’s forums, essentially free advertising, and spam discussions.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Video: Spam, Phishing, and Online Scams: A View from the Network-Level