Go BackindexGo to main page

Spam

by Cornelis Robat, editor THOCP

 

SPAM parasite and pestilence of the Internet

This word stands for off-topic commercial posts to usenet message boards or unsolicited commercial e-mail and is of uncertain origin, this is a commonly accepted explanation that is probably correct. ;=)

1937

The original Spam was coined in 1937 by the Hormel corporation as a name for its potted meat product. This brand name is a blend of spiced ham.

From there, the transition from meat product to internet term has a stop with Monty Python's Flying Circus. In 1970, that BBC comedy show aired a sketch that featured a cafe that had a menu that featured items like "egg, bacon, and spam;" "egg, bacon, sausage, and spam;" " spam, bacon, sausage, and spam;" "spam, egg, spam, spam, bacon, and spam;" and finally "lobster thermidor aux crevettes with a mornay sauce garnished with truffle pate, brandy, and a fried egg on top and spam." To make matters sillier, the cafe was filled with Vikings who periodically break out into song praising Spam: "Spam, spam, spam, spam ... lovely spam, wonderful spam ..."

Computer people adopted the term from the Python sketch to mean overrunning a fixed-sized buffer with too much data, in other words the data was like the Spam in the sketch, something excessive and undesirable.

With the commercialization of the Internet, the term Spam expanded to include the unwanted commercial messages and that became the primary meaning.

There are two common alternative explanations that are certainly false.

 

1978

The first commercial spam sent intentionally was that of a DEC representative to every Arpanet address on the west coast, or at least an attempt at that.
The sender is identified as Gary Thuerk, an aggressive DEC marketer who thought Arpanet users would find it cool that DEC had integrated Arpanet protocol support directly into the new DEC-20 and TOPS-20 OS.(11)

Here is an extract of that message:

 

Mail-from: DEC-MARLBORO rcvd at 3-May-78 0955-PDT
Date: 1 May 1978 1233-EDT
From: THUERK at DEC-MARLBORO
Subject: ADRIAN@SRI-KL
To: DDAY at SRI-KL, DAY at SRI-KL, DEBOER at UCLA-CCN,
To: WASHDC at SRI-KL, LOGICON at USC-ISI, SDAC at USC-ISI,
To: DELDO at USC-ISI, DELEOT at USC-ISI, DELFINO at USC-ISI,
To: DENICOFF at USC-ISI, DESPAIN at USC-ISI, DEUTSCH at SRI-KL,
To: DEUTSCH at PARC-MAXC, EMY at CCA-TENEX, DIETER at USC-ISIB,

...

this list continues, and overflowed the To: line. The addressees continued in the body:

...

MCKINLEY@USC-ISIB
MMCM@SRI-KL
OT-ITS@SRI-KA
BELL@SRI-KL
MEADE@SRI-KL
MARTIN@USC-ISI
MERRILL@BBN-TENEX
METCALFE@PARC-MAXC

...

the message was:

...

DIGITAL WILL BE GIVING A PRODUCT PRESENTATION OF THE NEWEST MEMBERS OF THE
DECSYSTEM-20 FAMILY; THE DECSYSTEM-2020, 2020T, 2060, AND 2060T. THE
DECSYSTEM-20 FAMILY OF

<cut>

PRESENTATIONS WE WILL BE GIVING IN CALIFORNIA THIS
MONTH. THE LOCATIONS WILL BE:

THURSDAY, MAY 11, 1978 - 2 PM
DUNFEY'S ROYAL COACH
SAN MATEO, CA
(4 MILES SOUTH OF S.F. AIRPORT AT BAYSHORE, RT 101 AND RT 92)

<sic>

and as the commentary goes: most of the recipients did not get the message because of the incorrect way of entering recipients.

Quickly an official protest sounded:

ON 2 MAY 78 DIGITAL EQUIPMENT CORPORATION (DEC) SENT OUT AN ARPANET MESSAGE ADVERTISING THEIR NEW COMPUTER SYSTEMS. THIS WAS A FLAGRANT VIOLATION OF THE USE OF ARPANET AS THE NETWORK IS TO BE USED FOR OFFICIAL U.S. GOVERNMENT BUSINESS ONLY. APPROPRIATE ACTION IS BEING TAKEN TO PRECLUDE ITS OCCURRENCE AGAIN.

IN ENFORCEMENT OF THIS POLICY DCA IS DEPENDENT ON THE ARPANET SPONSORS, AND HOST AND TIP LIAISONS. IT IS IMPERATIVE YOU INFORM YOUR USERS AND CONTRACTORS WHO ARE PROVIDED ARPANET ACCESS THE MEANING OF THIS POLICY.

THANK YOU FOR YOUR COOPERATION.

MAJOR RAYMOND CZAHOR

CHIEF, ARPANET MANAGEMENT BRANCH, DCA

 

The complete header and content can be found at: templetons.com (pages are saved for reference)(11)

 

In my own naive days doing a little research in 1992 for my wife, through the internet. She wanted to know if all computer freaks, like she was thinking I was one, lived on Cola and Chips, When the web was not yet there, e-mail addressed to "all@somedomainname.nl" worked miracles too, but I got checked by the numerous users sending back some form of hate-mail. This header is of course no longer valid.(ed.)
By the way the users that answered did not to live on Cola and chips but drank tea and sometimes coffee and spent less than 1 hour a day on the internet and less than 5 hours in front of a computer.

 

1982

February, Earliest known email chain letter (quickly stamped out)(12)

 

1989

Some other form of Spam probably began around 1989 or 1990 in MUD's (multi-user interactive environments) this is to refer to flooding the MUD, its chat or its database with stuff.(10)

 

1991

February, mass message: Craig Shergold wants cards(12)

 

1993

March 31 - Usenet administrator Richard Depew inadvertently posted the same message 200 times to a discussion group. this one was coined spam by Joel Furr, a Mudder(10). Adopting a term previously used in online text games, outraged Usenet users branded the excessive message posting "spam". (2)

First Giant Spam

The first major USENET spam came on January 18 of 1994. Every single newsgroup found it it a religious screed declaring: Global Alert for All: Jesus is Coming Soon.

This one caused a ton of debate and controversy. The Andrews University sysadmin (Clarence Thomas) who sent it generated a flurry of complaints against his institution and some press, though reportedly he never got more than a mild punishment at the time. He did however eventually leave the University, but was also known to have done some more minor religious spams at later dates.(10)

 

1994

March 4 - Many companies are starting to use the net as a cheap way to advertise. Other companies are using the net to keep in touch with their clients and give support via the internet. Every year the Internet doubles in usage and users. Not all countries do have access to the net.
The Net approaches more or less the Super Information Highway as was meant by Vice President Al Gore and his advisors.

A well publicized case of net pollution, later this use of the internet will be called SPAM, is the case "Canter and Siegel", a law firm in the USA which used the net to advertise practically to all users of all active BBS's of the net. In their advertisement they tried to obtain customers for the application of a Green Card" (a permit for foreigners to stay in the USA). The reaction varied from flames to uncalled subscriptions on tens of magazines, meters of blank faxes and a program of a Norwegian programmer who developed the mechanism of Cancelbot. Cancelbot is a program which erases all e-mail of this firm on any computer before it can reach the user.

CancelMoose: An individual who wages a war against spamming.(12) Anonymous individual who fires off the cancelbot. The CancelMoose (usually written as 'CancelMoose [TM]' on the Net) monitors newsgroups such as alt.current-events.net-abuse and news.admin.net-abuse for complaints about spamming (advertising), usually defined as messages posted to more than 25 newsgroups of widely varying content. The CancelMoose's identity is kept secret for reasons of personal safety.

December, The "good times" email virus hoax.(12)

 

1995

June,"spamware" (spamming software)(12)

August, List of 2 million email addresses offered for sale(12)

October, abuse@ addresses(12)

November,"remove list" (the first (?) of many that were intended to be universal)(12)

 

1996

March, Spamblocks (e.g. REMOVE.TO.REPLY) added to addesses to foil spammers(12)

 

1997

March,"open relay", servers that can be used to send millions of mail anonymously, mostly the admin's of these servers are not aware of this misuse.(12)

 

1998

April, ISOC (Internet Society) meeting on spam. Organizations like ISOC are beginning to realize how serious a problem spam is becoming.

 

2000

Nigerian scam spam started around this year. People received an e-mail containing text that promised you to make a quick million just by borrowing your checking account for transferring funds. Even the Nigerian government, annoyed as they were with this very negative publicity, started to check on the originators, opening a special e-mail address, created pages on their embassy sites, and tried to capture them.
In some cases people were even invited to Nigeria by the scammer's gang and got ransacked of every penney they had. Often these criminals left their victims half naked on the street after they had finished their scam. If they were lucky. One of the worst cases registered so far in scamming. Even Time magazine mentioned this Nigerian connection.

November, Taiwan (.tw) becomes the spam capital of the world.(12)

 

2003

At least 2 billion spam messages are sent each day.

 

2004

Nearly 35% of all e-mail consists of Spam

March 28, A new form of spam gains momentum: Add Spim. Spim, or instant-messenger spam, is appearing on computer screens with increasing frequency. And the problem may get worse as e-mail marketers look for new ways to reach consumers as most governments start to prepare anti-spam laws.(5)

This form manifests itself primarily for users of MSN. According to Radicati, a marketing research company the number of spim messages rise from 400 million to 1,2 billion. The same source states that this is because of the increase of use in IM (instant messaging - a from of chatting)(6)

As if the flow of spam isn't problematic enough, here comes another wave. Spammers Get Ready For April Fool's Day Barracuda Networks, a maker of spam firewalls, says E-mail users should prepare for a spike in spam activity leading up to April Fool's Day. Spammers are expected to use subject lines such as "great joke," "free jokes," "prank," or "April fools" to entice users into opening attachments that carry viruses or objectionable content, potentially putting company networks at risk. Spammers increasingly have used holidays such as Christmas or Valentine's Day to take advantage of consumers looking to get good deals on holiday-related purchases. But in the absence of a commercial hook for April Fool's Day, they're likely to use the appeal of jokes to deliver malicious content. Barracuda warns that bogus April Fool's messages may come in large-enough quantities to flood company networks that don't have up-to-date spam and virus filters.(4)

 

 

What is Spam

Simply put: spam is commercial e-mail, mostly.

Spam is in several way's not harmless. The least it does is taking away bandwidth from the internet users. And this get worse and worse. Polluting one's mailbox and sometimes snow under messages you do want to receive. In volume spam can take from 1 or 5 messages a day up to almost 99% of you mail box. That of course is depending on how visible you are on the internet.

The original purpose of spam is selling or promoting an article. In the past several years Viagra, penis enlargers, libido enhancers, are the most popular items. Another list can be made of mortgage offerings, lending, offers to alleviate your loans or credit card burden. And lately spam offers nothing in particular but to visit some specific site mostly with content as the above.

It gets harder and harder to recognize spam because most messages appear to be quite normal with ordinary sender names and subjects. Even spam filters think the mail with a nonsensical (re: idiotic) contents are regular e-mail. But installing spam filters forces you to choose between speed over convenience. The tighter your screening is the more risk you have to filter out legitimate mail or slow down your email processing. The latter is the case with virus filtering. How most filters work can be abundantly found on the Internet.

When a spam filter does its job you receive the following message:

 

-------------------- Start SpamAssassin results ----------------------
-------------- Detected by the Hosting mail server -------------
This mail is probably spam. The original message has been altered
so you can recognize or block similar unwanted mail in future.
See http://spamassassin.org/tag/ for more details.

For questions about this filter mail to: helpdesk@hosting.com

Content analysis details: (10.5 hits, 5.0 required)
0.1 HTML_MESSAGE BODY: HTML included in message
5.4 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
0.7 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
[<http://dsbl.org/listing?ip=67.172.160.14>]
1.5 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?216.65.3.237>]
[Blocked - see <http://www.spamcop.net/bl.shtml?67.172.160.14>]
2.6 RCVD_IN_DYNABLOCK RBL: Sent directly from dynamic IP address
[67.172.160.14 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_SORBS RBL: SORBS: sender is listed in SORBS
[67.172.160.14 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_RFCI RBL: Sent via a relay in ipwhois.rfc-ignorant.org
[Inaccurate or missing WHOIS data]

-------------------- End of SpamAssassin results ---------------------

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.

And SpamCop reports:

Since SpamCop started counting, this system has been reported about 6300 times by about 80 users. It has been sending mail consistently for at least 52.3 days. In the past 33.6 days, it has been listed 7 times for a total of 21.4 days

* In the past week, this system has: Been reported as a source of spam about 10 times
* Been detected sending mail to spam traps
* Been witnessed sending mail about 6390 times

 

One other example appearing a normal looking e-mail, but one that got through, except from the subject (should give you a hint) and once you read this fine example of nonsensical contents you know for sure...

from: Stereotype U. Mummified [bigal64@t-online.de] (mail relay!)

to

subject: Read:_Vi.a.gra chea.pest

Ida Marietta Terrie Clark Laurie Julio Helene <name>


>Cia.alisR, Suu.pper Viag.r.a - neverk have been that ch.appa
>please kindlyW spend0 few momentsy - and follow here for best offfer
>xa..nax, vaalliium, stop smoking, 7weight loooss and much more.
>OR.DERING IS TOtaLcY AnonymouPs and securem!!

http://Brittany.Weber.cx45rtd.com/buy/?Isabel (don't!)


Where there is joy there is creation. Where there is no joy there is no creation: know the nature of joy.
Liars need to have good memories.
Experience is a revelation in the light of which we renounce our errors of youth for those of age.
The need to be right is the sign of a vulgar mind.
What most people need to learn in life is how to love people and use things instead of using people and loving things.
Remember that a government big enough to give you everything you want is also big enough to take away everything you have.
Clothes and manners do not make the man but when he is made, they greatly improve his appearance
We often pretend to fear what we really despise, and more often despise what we really fear.
Personally, I'm always ready to learn, although I do not always like being taught.
One must verify or expel his doubts, and convert them into the certainty of Yes or NO.
In a democracy dissent is an act of faith. Like medicine, the test of its value is not in its taste, but its effects.
None are more unjust in their judgments of others than those who have a high opinion of themselves.
The first sign of corruption in a society that is still alive is that the end justifies the means.

But you should not open spam mail just delete it as fast as possible.

As subjects in spam come down to a few, here is the mortgage example:

 

RND_DATE_TIME
Sir or Madam:

Thank you for your mortgage application, which we received yesterday.
We are glad to confirm that your application is accepted and you can
get as low as 2.7RND_DIGIT% fixed rate.

We Ask That You Please take a moment to fill out our
Quick Online Application


We look forward to hearing from you.

Yours sincerely,
Kermit Hale
Mortgage Broker Association


To All The Winers Out There
Your Holy Grail Lies Here. (link removed)
(Removal Takes Between 10-20 Business Days)

 

but this one got caught. Messing up the message with false HTML tag's apparently does not help anymore.

Below is the illustration how the HTML looks like (links have not been removed) even for the human eye difficult to read ;-)

<html>
<head>
<title>RND_WORD</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#FFFFFF" text="#000000">
<font face="Verdana, Arial, Helvetica, sans-serif" size="2">RND_DATE_TIME </font>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Sir or Madam:</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Tha<incurred>nk you for yo<gotten>ur
mo<iniquitous>rtgage app<eric>lication, which we received yesterday.<br>
We a<gunther>re glad to con<dugout>firm that your applic<renoir>ation is ac<render>cepted and you can<br>
g<pandora>et as low as 2.7RND_DIGIT% fixed rate.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">We Ask That You
Pl<clyde>ease take a mom<epicyclic>ent to fi<aid>ll out our<br>
<a href="http://www.thebestplan.org/form.asp?sid=122" target=_blank>Qui<diagram>ck On<hamal>line Appli<dearborn>cation</a><br>
</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">We lo<elision>ok forward
to hea<debase>ring from you.</font></p>
<p><font face="Verdana, Arial, Helvetica, sans-serif" size="2">Yo<cumin>urs
sin<nurture>ce<pendulum>rely,<br>
Kermit Hale<br>
M<copperfield>ort<infuse>gage Bro<newspaperman>ker As<disembowel>soci<gerund>ation<br>
<br>
<br>
To All The Winers Out There<br>
<a href="http://sigloan.com/st.html" target="_blank">Your Holy Grail Lies Here</a>.<br>
(<font size="-7" face="Arial, Helvetica, sans-serif">Rem<distal>oval Takes Between 10-20
Busi<mystique>ness Day<difficult>s</font>)</font></p>
</body>
</html>

This message directs you to another site where you are asked to fill out a form:

To trace the owner we just go to the nearest WHOIS provider:

Domain ID:D103990211-LROR
Domain Name:THEBESTPLAN.ORG
Created On:16-Feb-2004 22:40:58 UTC
Last Updated On:24-Feb-2004 23:01:08 UTC
Expiration Date:16-Feb-2005 22:40:58 UTC
Sponsoring Registrar:R39-LROR
Status:TRANSFER PROHIBITED

Registrant ID:A5D0590AD26C7B63
Registrant Name:Zan Zilinski
Registrant Organization:none
Registrant Street1:62 Uata str.
Registrant City:Ganduras
Registrant State/Province:UR
Registrant Postal Code:375070
Registrant Country:UY
Registrant Phone:+1.265489984
Registrant Email:zanzilinski@hotmail.com

Name Server:NS1.WWW30.COM
Name Server:NS2.WWW30.COM

And as you can see here the organization sending the spam formally does not reside in the USA but in Uruguay and thus can not be punished for spamming by the US law for sending spam to whoever is in his database.

 

One should consider that this does not say anything about the trustworthiness of the organization that has ordered the spamming. It is like outsourcing your programming work oversees. And this example has just been used because analysis showed there was no malicious code in the spam. As there sometimes is.

 

Since this address seems to be relatively young you may expect it to hold another few months before disappearing for good. At least that is the normal way of operation in this year of spammers.

 

 

How spammers work

Many spammers can buy a database from companies with millions of valid email addresses and use them to advertise. These email addressees are composed of addresses used on newsgroups and chat rooms. Many companies have special software that can extract these addresses and put them into a database to sell. Many companies also search the web, looking for web addresses with the symbol @ at the end. From these, they can find valid email addresses. Many of these types of companies work outside countries with legislation against spamming in order to avoid lawsuits. According to Marshall Brain quoting "Detroit Free Press: Spam king lives large off others' e-mail troubles".(8)

In "How Stuff Works", a typical spamming company often works like this:

The computers in Ralsky's basement control 190 e-mail servers -- 110 located in Southfield, 50 in Dallas and 30 more in Canada, China, Russia and India. Each computer, he said, is capable of sending out 650,000 messages every hour -- more than a billion a day -- routed through overseas Internet companies Ralsky said are eager to sell him bandwidth.(9)

Many spammers can make up to $700 per hour by simply using lists of email addresses and applying them to their advertisement. As spam celebrates it's 25th year of operation, we must remember that spam takes up about 40% of all email messages sent on the web. How can we prevent this even further? (8)

 

What can we do against spammers?

There are several pragmatic measures you can take, either from a server point of view or a user's point of view.

User side

 

Server side:

 

Legal side

Politicians apparently do not want to impose legislation that bears effect. In terms of enforcing anti spam legislation or just forbidding spam. And if there are laws, some say the spammer may still spam businesses, ISP'S may not even refuse spam, even if it is technically possible to filter most of it out. Except in the Netherlands where an ISP won a case in the Supreme Court against a spam company. Thus is general we have a problem.

 

Go Backindex

Last Updated on April 7, 2004 For suggestions please mail the editor in chief 

 



Footnotes & References