Techs-on-Call Computer Blog Keeping you informed about the world of computer issues

One of the biggest annoyances today is SPAM, unsolicited bulk electronic messages sent by various means. The most common spam is, by far, spam e-mail. A distant second is usenet spam. The usenet is also called newsgroups and is like an older message board. A select few usenet servers are regulated and moderated but most allow blind posting. There is also message board spam and comment spam where spam is posted in places which allow people to write and leave a message. There is also instant messaging spam, mobile phone spam, online gaming spam, wiki spam (spam which updates entries in online wikis), and other types of spam. Because the internet allows great anonymity, cybercriminals are unafraid of trying to create illegal unsolicited messages.

According to Spamhaus, 90% of the e-mail sent today from North America, Europe, Asia, and Australia is spam. That is to say 9 out of every 10 e-mails sent is spam. Microsoft estimates 97% of the e-mail sent is spam. This is a serious problem. It is estimated that hundreds of billions of spam e-mails are sent every year. That is more than 100,000,000,000 unwanted e-mails sent every year. And these numbers are rising. Spam messages are sent to sell prescription drugs and other products, to swindle people, to send viruses, to overload and thus takedown e-mail server, and other reasons. Most are sent by what are called spambots, which are discussed below. Very few are sent by a real live human beings.

Spam is still around because it works, it is cheap, and it cannot be regulated as thoroughly. When the internet was designed, abuse was not even considered. The internet as it works today was created in the early 1970's. It was not commercialized, so the designers never considered abuse of it. The methods of sending and receiving e-mail were very basic. The most common method of sending e-mail is called SMTP - Simple Mail Transport Protocol. A password was not required to send e-mail using this method, and therein lies the problem. All you need is access to the internet to send e-mail. You can get free software included with most operating systems to send your e-mail. Of course, most spammers did not do that, they used their internet provider's e-mail server which early on probably did not require a password. When this started to be noticed by authorities and governments, then spammers started covering their tracks. Then planted spambots on other people's computers and started a botnet.

A spambot is program that is designed to help send out spam messages. Some harvest e-mails while others send e-mails. Most are really simple. But a few of the really good ones delete all other viruses and malware off your computer so you are less likely to know you are being used. A spambot is part of a botnet. Bot is short for robot. A botnet is a collection of various bots, such as spambots, used to carry out the bidding of the owner of the botnet. What makes this so insidious is that this makes it much more difficult to track down who really is causing all the mischief because spam is sent indirectly. The owner of the botnet has full control over the bots. This allows the spammer to quickly adapt and exploit current events.

A natural question arises is why do spammers send so much spam e-mail? Because it works and it only costs their time. One response out of a million is all that is needed to be profitable. The spammers do not pay for the software to filter spam. The spammers do not care about the lost time spent filtering spam from real e-mails. The spammers do not pay for the electricity used to send spam through the internet. The more load a server has, the more energy is required. The more energy is used, the more heat is generated. Computers cannot get too hot, so there is extra costs to cool the equipment. These extra costs for electricity are documented and real. But the spammer never see those costs. Telemarketers must pay for the fees for the call. Mass mailers must pay for a stamp. None of that applies to spammers. The extra costs are passed on to those who run the internet which eventually pass the cost to the end-user. There are enough internet subscribers that this cost is not huge, but it is real.

Sometimes spammers obtain a bulk list of e-mail addresses from spammers or other cybercriminals. Another method used is to have their spambots roam websites and collect any and all e-mail addresses they find. And sometimes spammers use brute-force guessing. This is when spammers try a sequential combination of e-mail address. For example, they can start with aaa@... aab@... aac@... aad@... and so on. Whichever addresses do not bounce are saved for the list.

Spammers also use a number of tactics to try and bypass spam filters. The most common now is to purposefully misspell words or replace letters with something similar. For example, the message will use "P0RN" instead of "PORN". The letter O (oh) was replaced by the number 0 (zero). Or they will put something in between the keywords in attempt to bypass spam filters. For example, it is often to see something "va!gra" or "v.aigra". Then there is image spam, where the spam is contained in an image. By default, most current e-mail browsers do not view images from unknown sources, so this method is not as popular as it used to be. But this gained some popularity because spam filters could not read images. Another tactic is to hijack a real e-mail address and use it to send spam. Another tactic is to have the spambot purposefully send to a bad e-mail address so the message will bounce back to the receipiant desired. One of the most recent tactics is to mark spam e-mails as sent from the person receiving the e-mail. Cybercriminals are always a few steps ahead of everyone else.

What can you do? You can always have a public and private e-mail address. There are plenty of free e-mail addresses you can get. Under no circumstances should you respond to spam messages. As has been stated, people do reply to spam messages. So most spammers make money. Spammers do not do this to annoy you. They either want to make money or to control your computer for other purposes or both. And they are successful at both. If this was not successful, then it will fade away. Another thing you can do is have a temporary e-mail address and get rid of it when spammers find out about it. There are plenty of services that offer one-time addresses you can use. So long as spam works, it will not go away. The best thing you can do is make sure it does not work.