Thursday, March 26, 2009

What is SPAM Email

What is SPAM Email

E-mail spamming, also known as "bulk e-mail" or "junk e-mail," is a subset of spam that involves nearly identical messages sent to numerous recipients by e-mail. A common synonym for spam is unsolicited bulk e-mail (UBE). Definitions of spam usually include the aspects that email is unsolicited and sent in bulk "UCE" refers specifically to "unsolicited commercial e-mail."

E-mail spam has existed since the beginning of the Internet, and has grown to about 90 billion messages a day, although about 80% is sent by fewer than 200 spammers. Botnets, virus infected computers, account for about 80% of spam. Laws against spam have been sporadically implemented, with some being opt-out laws and others being opt-in. The total amount of spam has leveled off slightly in recent years. The cost of spam is borne mostly by the recipient, so it is a form of postage due advertising.

E-mail addresses are collected from chat rooms, websites, newsgroups, and viruses which harvest users address books, and are sold to other spammers. Much of the traffic is sent to invalid e-mail addresses. ISPs have attempted to recover the cost of spam through lawsuits against spammers, although they have been mostly unsuccessful in collecting damages despite winning in court.

Types Of Spam

Spam has several definitions, varying by the source.

• Unsolicited bulk e-mail (UBE)—unsolicited e-mail, sent in large quantities.

• Unsolicited commercial e-mail (UCE)—this more restrictive definition is used by regulators whose mandate is to regulate commerce, such as the U.S. Federal Trade Commission.

• Any email message that is fraudulent.

• Any email message where the sender’s identity is forged, or messages sent though unprotected SMTP servers, unauthorized proxies, or botnets

Anti-spam techniques

Some popular methods for filtering and refusing spam include e-mail filtering based on the content of the e-mail, DNS-based blackhole lists (DNSBL), greylisting, spamtraps, Enforcing technical requirements of e-mail (SMTP), checksumming systems to detect bulk email, and by putting some sort of cost on the sender via a Proof-of-work system or a micropayment. Some of the registry cleaner tools even give you spam monitors in a package when you buy from them. Each method has strengths and weaknesses and each is controversial due to its weaknesses.

Detecting spam based on the content of the e-mail, either by detecting keywords such as "viagra" or by statistical means, is very popular. Such methods can be very accurate when they are correctly tuned to the types of legitimate email that an individual gets, but they can also make mistakes such as detecting the keyword "cialis" in the word "specialist". The content also doesn't determine whether the email was either unsolicited or bulk, the two key features of spam. So, if a friend sends you a joke that mentions "viagra", content filters can easily mark it as being spam even though it is neither unsolicited nor sent in bulk.
The most popular DNSBLs are lists of IP addresses of known spammers, open relays, zombie spammers etc.

Spamtraps are often email addresses that were never valid or have been invalid for a long time that are used to collect spam. An effective spamtrap is not announced and is only found by dictionary attacks or by pulling addresses off hidden webpages. For a spamtrap to remain effective the address must never be given to anyone. Some black lists, such as spamcop, use spamtraps to catch spammers and blacklist them.

Enforcing technical requirements of the Simple Mail Transfer Protocol (SMTP) can be used to block mail coming from systems that are not compliant with the RFC standards. A lot of spammers use poorly written software or are unable to comply with the standards because they do not have legitimate control of the computer sending spam (zombie computer).

So by setting restrictions on the mail transfer agent (MTA) a mail administrator can reduce spam significantly. In many situations, simply requiring a valid fully qualified domain name (FQDN) in the SMTP's EHLO (extended hello) statement is enough to block 25% of incoming spam.

Similarly, enforcing the correct fall back of Mail eXchange (MX) records in the Domain Name System, or the correct handling of delays (Teergrube) can be effective.

No comments: