Spam

by Cornelis Robat, editor THOCP

• timeline of spam
• what is spam
• what can we do against it

1937

The original Spam was coined in 1937 by the Hormel corporation as a name for its potted meat product. This brand name is a blend of spiced ham.

From there, the transition from meat product to internet term has a stop with Monty Python's Flying Circus. In 1970, that BBC comedy show aired a sketch that featured a cafe that had a menu that featured items like "egg, bacon, and spam;" "egg, bacon, sausage, and spam;" " spam, bacon, sausage, and spam;" "spam, egg, spam, spam, bacon, and spam;" and finally "lobster thermidor aux crevettes with a mornay sauce garnished with truffle pate, brandy, and a fried egg on top and spam." To make matters sillier, the cafe was filled with Vikings who periodically break out into song praising Spam: "Spam, spam, spam, spam ... lovely spam, wonderful spam ..."

Computer people adopted the term from the Python sketch to mean overrunning a fixed-sized buffer with too much data, in other words the data was like the Spam in the sketch, something excessive and undesirable.

With the commercialization of the Internet, the term Spam expanded to include the unwanted commercial messages and that became the primary meaning.

There are two common alternative explanations that are certainly false.

• The first is that it refers to a quality of the meat product such that when you throw it at a wall, most of it bounces off, but a little sticks--much like commercial spam, most of which is deleted but some is answered. While this is no more silly than the Monty Python explanation, it does not jibe with the original computer sense of overloading a buffer.
• The second false explanation is that the computer spam is an acronym of some sort. Various phrases are suggested as the source, such as "stupid pointless annoying mail." All are obviously created after the fact.(1)

1978

The first commercial spam sent intentionally was that of a DEC representative to every Arpanet address on the west coast, or at least an attempt at that.
The sender is identified as Gary Thuerk, an aggressive DEC marketer who thought Arpanet users would find it cool that DEC had integrated Arpanet protocol support directly into the new DEC-20 and TOPS-20 OS.(11)

Here is an extract of that message:

The complete header and content can be found at: templetons.com (pages are saved for reference)(11)

In my own naive days doing a little research in 1992 for my wife, through the internet. She wanted to know if all computer freaks, like she was thinking I was one, lived on Cola and Chips, When the web was not yet there, e-mail addressed to "all@somedomainname.nl" worked miracles too, but I got checked by the numerous users sending back some form of hate-mail. This header is of course no longer valid.(ed.)
By the way the users that answered did not to live on Cola and chips but drank tea and sometimes coffee and spent less than 1 hour a day on the internet and less than 5 hours in front of a computer.

 

1982

February, Earliest known email chain letter (quickly stamped out)(12)

1989

Some other form of Spam probably began around 1989 or 1990 in MUD's (multi-user interactive environments) this is to refer to flooding the MUD, its chat or its database with stuff.(10)

1991

February, mass message: Craig Shergold wants cards(12)

1993

March 31 - Usenet administrator Richard Depew inadvertently posted the same message 200 times to a discussion group. this one was coined spam by Joel Furr, a Mudder(10). Adopting a term previously used in online text games, outraged Usenet users branded the excessive message posting "spam". (2)

First Giant Spam

The first major USENET spam came on January 18 of 1994. Every single newsgroup found it it a religious screed declaring: Global Alert for All: Jesus is Coming Soon.

This one caused a ton of debate and controversy. The Andrews University sysadmin (Clarence Thomas) who sent it generated a flurry of complaints against his institution and some press, though reportedly he never got more than a mild punishment at the time. He did however eventually leave the University, but was also known to have done some more minor religious spams at later dates.(10)

1994

March 4 - Many companies are starting to use the net as a cheap way to advertise. Other companies are using the net to keep in touch with their clients and give support via the internet. Every year the Internet doubles in usage and users. Not all countries do have access to the net.
The Net approaches more or less the Super Information Highway as was meant by Vice President Al Gore and his advisors.

A well publicized case of net pollution, later this use of the internet will be called SPAM, is the case "Canter and Siegel", a law firm in the USA which used the net to advertise practically to all users of all active BBS's of the net. In their advertisement they tried to obtain customers for the application of a Green Card" (a permit for foreigners to stay in the USA). The reaction varied from flames to uncalled subscriptions on tens of magazines, meters of blank faxes and a program of a Norwegian programmer who developed the mechanism of Cancelbot. Cancelbot is a program which erases all e-mail of this firm on any computer before it can reach the user.

CancelMoose: An individual who wages a war against spamming.(12) Anonymous individual who fires off the cancelbot. The CancelMoose (usually written as 'CancelMoose [TM]' on the Net) monitors newsgroups such as alt.current-events.net-abuse and news.admin.net-abuse for complaints about spamming (advertising), usually defined as messages posted to more than 25 newsgroups of widely varying content. The CancelMoose's identity is kept secret for reasons of personal safety.

December, The "good times" email virus hoax.(12)

1995

June,"spamware" (spamming software)(12)

August, List of 2 million email addresses offered for sale(12)

October, abuse@ addresses(12)

November,"remove list" (the first (?) of many that were intended to be universal)(12)

1996

March, Spamblocks (e.g. REMOVE.TO.REPLY) added to addesses to foil spammers(12)

1997

March,"open relay", servers that can be used to send millions of mail anonymously, mostly the admin's of these servers are not aware of this misuse.(12)

1998

April, ISOC (Internet Society) meeting on spam. Organizations like ISOC are beginning to realize how serious a problem spam is becoming.

2000

Nigerian scam spam started around this year. People received an e-mail containing text that promised you to make a quick million just by borrowing your checking account for transferring funds. Even the Nigerian government, annoyed as they were with this very negative publicity, started to check on the originators, opening a special e-mail address, created pages on their embassy sites, and tried to capture them.
In some cases people were even invited to Nigeria by the scammer's gang and got ransacked of every penney they had. Often these criminals left their victims half naked on the street after they had finished their scam. If they were lucky. One of the worst cases registered so far in scamming. Even Time magazine mentioned this Nigerian connection.

November, Taiwan (.tw) becomes the spam capital of the world.(12)

2003

At least 2 billion spam messages are sent each day.

2004

Nearly 35% of all e-mail consists of Spam

March 28, A new form of spam gains momentum: Add Spim. Spim, or instant-messenger spam, is appearing on computer screens with increasing frequency. And the problem may get worse as e-mail marketers look for new ways to reach consumers as most governments start to prepare anti-spam laws.(5)

This form manifests itself primarily for users of MSN. According to Radicati, a marketing research company the number of spim messages rise from 400 million to 1,2 billion. The same source states that this is because of the increase of use in IM (instant messaging - a from of chatting)(6)

As if the flow of spam isn't problematic enough, here comes another wave. Spammers Get Ready For April Fool's Day Barracuda Networks, a maker of spam firewalls, says E-mail users should prepare for a spike in spam activity leading up to April Fool's Day. Spammers are expected to use subject lines such as "great joke," "free jokes," "prank," or "April fools" to entice users into opening attachments that carry viruses or objectionable content, potentially putting company networks at risk. Spammers increasingly have used holidays such as Christmas or Valentine's Day to take advantage of consumers looking to get good deals on holiday-related purchases. But in the absence of a commercial hook for April Fool's Day, they're likely to use the appeal of jokes to deliver malicious content. Barracuda warns that bogus April Fool's messages may come in large-enough quantities to flood company networks that don't have up-to-date spam and virus filters.(4)

What is Spam

Simply put: spam is commercial e-mail, mostly.

Spam is in several way's not harmless. The least it does is taking away bandwidth from the internet users. And this get worse and worse. Polluting one's mailbox and sometimes snow under messages you do want to receive. In volume spam can take from 1 or 5 messages a day up to almost 99% of you mail box. That of course is depending on how visible you are on the internet.

The original purpose of spam is selling or promoting an article. In the past several years Viagra, penis enlargers, libido enhancers, are the most popular items. Another list can be made of mortgage offerings, lending, offers to alleviate your loans or credit card burden. And lately spam offers nothing in particular but to visit some specific site mostly with content as the above.

It gets harder and harder to recognize spam because most messages appear to be quite normal with ordinary sender names and subjects. Even spam filters think the mail with a nonsensical (re: idiotic) contents are regular e-mail. But installing spam filters forces you to choose between speed over convenience. The tighter your screening is the more risk you have to filter out legitimate mail or slow down your email processing. The latter is the case with virus filtering. How most filters work can be abundantly found on the Internet.

When a spam filter does its job you receive the following message:

And SpamCop reports:

One other example appearing a normal looking e-mail, but one that got through, except from the subject (should give you a hint) and once you read this fine example of nonsensical contents you know for sure...

But you should not open spam mail just delete it as fast as possible.

As subjects in spam come down to a few, here is the mortgage example:

but this one got caught. Messing up the message with false HTML tag's apparently does not help anymore.

Below is the illustration how the HTML looks like (links have not been removed) even for the human eye difficult to read ;-)

This message directs you to another site where you are asked to fill out a form:

To trace the owner we just go to the nearest WHOIS provider:

How spammers work

Many spammers can buy a database from companies with millions of valid email addresses and use them to advertise. These email addressees are composed of addresses used on newsgroups and chat rooms. Many companies have special software that can extract these addresses and put them into a database to sell. Many companies also search the web, looking for web addresses with the symbol @ at the end. From these, they can find valid email addresses. Many of these types of companies work outside countries with legislation against spamming in order to avoid lawsuits. According to Marshall Brain quoting "Detroit Free Press: Spam king lives large off others' e-mail troubles".(8)

In "How Stuff Works", a typical spamming company often works like this:

The computers in Ralsky's basement control 190 e-mail servers -- 110 located in Southfield, 50 in Dallas and 30 more in Canada, China, Russia and India. Each computer, he said, is capable of sending out 650,000 messages every hour -- more than a billion a day -- routed through overseas Internet companies Ralsky said are eager to sell him bandwidth.(9)

Many spammers can make up to $700 per hour by simply using lists of email addresses and applying them to their advertisement. As spam celebrates it's 25th year of operation, we must remember that spam takes up about 40% of all email messages sent on the web. How can we prevent this even further? (8)

What can we do against spammers?

There are several pragmatic measures you can take, either from a server point of view or a user's point of view.

User side

• Use your commonsense, think before you open a message;
• Exercise vigilance with messages that may appear to be harmless, read the subject before opening;
• Delete messages received from E-mail addresses you do not recognize or which looks unfamiliar;
• Do not leave you e-mail address on forums, newsgroups or message boxes
• Use temporary mail addresses if you need to have a valid one to get some kind of service;
• Never ever leave your e-mail in chat sessions;
• Never ever react on "unsubscribe here", if you do you're done. It means you tell the spammer to have hit a valid address and please send me more!
• If you can make a picture that contains your e-mail and put that on your web site, email address scanners do not recognize this (yet);
• Install an anti-spam package on your system - as compared to anti-virus software

Server side:

• Install subject and body-text filters on servers or workstations;
• Verify that E-mails were sent from a valid domain via either spam checkers or domain checkers on your mail server;
• Block IP addresses of known spammers;
• Make sure spam and virus filters are updated with the latest definitions;

Legal side

• Because of failing legislation or different rules in different regions spam can not be stopped or brought back to a minimal nuisance;
• When there is no legislation that makes spamming illegal we will be continuously bombarded with spam taking away precious bandwidth;
• Actively prosecuting the spammer where there is no opt-out or opt-in mechanism is needed. Depending on the region where you reside it is either of the two mechanisms that should be present not making a difference if you're a business or not;

Politicians apparently do not want to impose legislation that bears effect. In terms of enforcing anti spam legislation or just forbidding spam. And if there are laws, some say the spammer may still spam businesses, ISP'S may not even refuse spam, even if it is technically possible to filter most of it out. Except in the Netherlands where an ISP won a case in the Supreme Court against a spam company. Thus is general we have a problem.

Footnotes & References