Obviously this is spam, yet it made it through the spam filters and I
opened it because the subject line made it unknowable whether it was spam
Spam is incredibly annoying, especially in large quantities. If you have a
public e-mail address you can receive hundreds of spam messages for every
legitimate message that arrives. Even with good filters, some of the spam
makes it through. And filters can sometimes delete messages that you
really do want to receive. Spam is free speech run amok.
Where does all of this spam e-mail (also known as "unsolicited commercial
e-mail") come from? Why is there so much of it? Is there any way to stop
it? In this article, we will answer these questions and many others as we
take a dive into the sea of spam.
Spam is a huge problem for anyone who gets e-mail. According to Business
In a single day in May , No. 1 Internet service provider AOL Time
Warner (AOL ) blocked 2 billion spam messages -- 88 per subscriber -- from
hitting its customers' e-mail accounts. Microsoft (MSFT), which operates
No. 2 Internet service provider MSN plus e-mail service Hotmail, says it
blocks an average of 2.4 billion spams per day. According to research firm
Radicati Group in Palo Alto, Calif., spam is expected to account for 45%
of the 10.9 trillion messages sent around the world in 2003.
One of the problems with spam, and the reason why there is so much of it,
is that it is so easy to create.
How Do They Get My Address?
Where does a company get millions of valid e-mail addresses to put on a CD
and sell to you? There are a number of primary sources.
The first is newsgroups and chat rooms, especially on big sites like AOL.
People (especially first-time users) often use their screen names, or
leave their actual e-mail addresses, in newsgroups. Spammers use pieces of
software to extract the screen names and e-mail addresses automatically.
The second source for e-mail addresses is the Web itself. There are tens
of millions of Web sites, and spammers can create search engines that
spider the Web specifically looking for the telltale "@" sign that
indicates an e-mail address. The programs that do the spidering are often
The third source is sites created specifically to attract e-mail
addresses. For example, a spammer creates a site that says, "Win $1
million!!! Just type your e-mail address here!" In the past, lots of large
sites also sold the e-mail addresses of their members. Or the sites
created "opt-in" e-mail lists by asking, "Would you like to receive e-mail
newsletters from our partners?" If you answered yes, your address was then
sold to a spammer.
Probably the most common source of e-mail addresses, however, is a
"dictionary" search of the e-mail servers of large e-mail hosting
companies like MSN, AOL or Hotmail. In the article Hotmail: A Spammer's
Paradise?, the author describes the process:
A dictionary attack utilizes software that opens a connection to the
target mail server and then rapidly submits millions of random e-mail
addresses. Many of these addresses have slight variations, such as
"email@example.com" and "firstname.lastname@example.org." The software then
records which addresses are "live," and adds those addresses to the
spammer's list. These lists are typically resold to many other spammers.
E-mail addresses generally are not private (just like your phone number is
not private if it is listed in the phone book). Once a spammer gets a hold
of your e-mail address and starts sharing it with other spammers, you are
likely to get a lot of spam.