Jump to content

Talk:Email spam/Archive 1

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
Archive 1

Blast Email

Blast email is not necessarily spam. It can refer to communities or companies sending out a single mail or message to a large group of people. As such, I would like to recommend removing the forward from “Email Blasting” to this entry and begin an entry of its own. Creatox 17:01, 9 February 2007 (UTC)

is correct to insert email send blaster inside this category? —Preceding unsigned comment added by 84.223.15.91 (talk) 15:50, 18 April 2008 (UTC)

UBE?

'UBE'? Who came up with this one? Is there some desire to 'embrace and extend' at Wiki? It's UCE - unsolicited commercial email - period. The official address of the US Federal Trade Commission for years now has been uce [at] ftc [dot] gov. Stick with the standards; don't make yourself the ass.

First off, you are forbidden from posting personal attacks on Wikipedia. Do not call people "the ass" here.
Second, well, you're wrong. The term "UBE" or "Unsolicited Bulk Email" is widely recognized and used, e.g.:
The distinction is worth making. Noncommercial spam has been a part of the spam problem as long as there has been a spam problem. Some of the first widespread email spammers were religious missionaries. The spam case that brought the "Korean school open proxies" problem to international attention was a political spam case. Neither of these are commercial, but they are spam, and were dealt with by both spamfighters, system administrators, email users, and the media as cases of spamming. --FOo 05:35, 12 January 2007 (UTC)
In addition to the points that Fubar Obfusco made, I think it is important to note that the Federal Trade Commission can only regulate commercial activity and that is why they restrict the types of spam they collect to just the UCE subset of UBE. Also note that the three definitions of spam that Fubar gave above are all different than the five already referenced in the article. Wrs1864 02:16, 13 January 2007 (UTC)
And thirdly, the FTC replaced uce@ftc.gov with spam@uce.gov in July 2004. See http://www.ftc.gov/opa/2004/07/newspamemail.shtm 199.125.109.11 21:27, 13 June 2007 (UTC)

Harvesting Addresses

I didn't see anything about services that are designed around collecting addresses for spam, but claim to offer some other service. For example, "free" services for maintaining contacts or that send "free" greeting cards or that send invitations to events. Basically, services that dupe people into giving up the contact information of others for spam. I have personally been added to spam lists by well-meaning friends and family in this way. If there is something about these techniques in the article it may need to be more prominent or re-worded. Ognolman 20:34, 10 January 2007 (UTC)

NPOV?

This caption for an image doesnt seem to follow the NPOV: "Today, spammers use infected Windows PCs to deliver spam. Many still rely on Web-hosting services on spam-friendly ISPs to make money.". Are Windows PCs the only computers infected? Inklein 06:38, 9 August 2006 (UTC)

I agree that this is decidedly not NPOV. It doesn't matter if Windows systems are providing most of the infected systems spammers use. If there are *any* other non-Windows operating systems being used then the caption is non-NPOV and should be changed. The fact that the statement can be rephrased to say "...spammers use infected computers to deliver spam..." and still convey the required meaning is enough to show that the current caption is not NPOV. Ognolman 20:25, 10 January 2007 (UTC)
By and large, yes. A great deal of email spam is sent through backdoors opened by Windows-only worms designed for that specific purpose. The Mydoom and Sobig worm families are infamous for this, but there are plenty of others. (See the discussion and citations on those articles.) Spammers and other criminals either commission the writing of these worms, or create a market by being willing to pay worm-writers for access to compromised systems.
Why target Windows? Windows worm-writing is evidently very well understood by the people who do it: worms can be mass-produced in long sequences of variants to extend their success; some worm families have seen hundreds of variants. In contrast, worm-writing for other platforms appears to be still in its infancy, with most worms being one-off pranks (like the Ramen worm for Linux) rather than organized criminal endeavors. Worms for Windows are effectively a professional criminal endeavor, as opposed to an amateur criminal endeavor like the vandalism-oriented worms that occasionally plague other systems. This is as much a sociological and economic fact as a technical one.
In any event, regardless of the cause, it is true that compromised Windows systems -- and often home PCs rather than servers -- are an major conduit of spam.
Not the only one, of course! Some spammers send spam directly from their own systems, operating on rogue ISPs. But the FTC estimates that 30% of spam is sent from worm-infected home (and home-office) PCs alone, and that's aside from that sent from worm-infected workplace desktops or servers. [1] --FOo 08:27, 9 August 2006 (UTC)

Another reference: [2] discusses tracking a botnet being used to send spam from infected Windows machines. A quote:

The file is a spam proxy Trojan named Win32.Ranky.fv.
"The entire scheme of mass infection is simply to facilitate the sending of spam. The proxy Trojan is also a bot of sorts; reporting in to a master controller to report its IP address and the socks port for use in the spam operation," Stewart said.

The point is not only that Windows PCs are being infected to send spam ... but also that the needs and wants of spammers are a major motivation of Windows users' current problems with worms and trojans. If it weren't for the spammers (who are willing to pay a lot for infected systems) there would be no financial motivation for most of the worm-writers. --FOo 22:49, 19 August 2006 (UTC)

Is this image really needed?

Is this image needed:

An inbox filled with spam

I know that wikipedia is not censored, but this seems to unnecessicarily add mature content to an article that does not really need it. The majority of spam (at least the stuff I get) seems to be appropriate. It also seems odd because it is a highly customized screenshot (not really windows), and there is not a license. Comments? Inklein 06:38, 9 August 2006 (UTC)

Huh? Wikipedia policy does not deal with "mature content" whatsoever. It is literally a non-issue for us here. The image appears to correctly represent a flood of spam. It's simply true that much of spam advertises pornography and "adult" products, as is depicted here.
As for a "highly customized screenshot", what does that have to do with anything? The depicted application is Mozilla Firefox, displaying Google Mail (the name of Google's Gmail in markets where another company owned "Gmail" as a trademark). Both are reasonably common, and Gmail looks like Gmail no matter what browser (or OS) you use it in.
The image is accurate and relevant. Of course, if you have a better one, feel free to propose it. --FOo 08:34, 9 August 2006 (UTC)
The skin used is Watercolor Blue, on Windows XP. Will (Take me down to the Paradise City) 12:08, 9 August 2006 (UTC)
It's not Firefox, it's Thunderbird. —Preceding unsigned comment added by 163.41.138.2 (talk) 22:26, 31 December 2007 (UTC)

No History section

Hi if anyone knows, please write a *history* section and talk about the origin of the word and the phenomenon.— Preceding unsigned comment added by 80.202.173.204 (talk) 18:39, 14 June 2006 (UTC)

Hey, I think the name comes from the Monty Python sketch. (http://youtube.com/watch?v=cFrtpT1mKy8) As far I know it's because the word "spam" is used so often, similar to the amount of spam-mail you get. Also the lady (graham chaman) doesnt like it. But I haven't checked this up, sounds sensible though.
Another theory might be that spam is simply bad ham? —Preceding unsigned comment added by 77.6.116.248 (talk) 11:32, 26 March 2008 (UTC)

--

Im going to atempt at writing the section here and then somone who knows how to place it in the articale properly can.
There are many different theories of the origin of the word spam (meaning abuse) it is most commonly linked to the Monty Python's Flying Circus sketch televised in 1970. [Link to: http://en.wikipedia.org/wiki/Spam_(Monty_Python)] Many believe the first uses of spam as a synonym for abuse were in early chat rooms and MUDs; then later it was used to refer to junk email.
The first believed spam took place in 1978, sent by Gary Thuerk a marketer for DEC (DIGITAL EQUIPMENT CORPORATION). This Unsolicited commercial e-mail was carried out through Arpanet who in 1978 listed all of their clients in a printed directory. This email was mainly targeted to Arpanet users on the west coast and on May 1 1978 at 12:33-EDT the message was sent to 320 email addresses.

Citation: http://www.templetons.com/brad/spamreact.html (76.235.240.62 (talk) 06:22, 4 August 2008 (UTC)) --

Appropriate to Insert a "How Spam Operates" Segment Without Strong Supporting Evidence?

I'd like to insert a social engineering + Cracker (computing) (malicious hacking) hypothesis I have been unable to prove, or refute, since 2000, namely that spammers harvest e-mail addresses by intercepting popular (frequently forwarded and re-forwarded) messages and gathering the attached e-mail addresses. It's quite clear that these attacks are possible in transit (the "in-flight attack"; TO: CC: & BCC:) and after receipt (the "post-flight attack"; TO: & CC:) using the known text of the message as a search key. Once the message is found the e-mail addresses the forwarder has attached may be siphoned off.

This approach offers several advantages to the identity thief/spammer:

  • The forwarder unknowingly vouches that e-mail addresses are valid and attended.
  • More security conscious individuals have their e-mail addresses exposed when less-security conscious users aggregate them in a list, frequently an entire address book, and forward them on.
  • Traffic can be increased by generating fraudulent content (i.e. hoaxes) designed encourage forwarding and re-forwarding.

By talking with a small number (> 10) of security experts at a few open source and security conferences and individually, I have validated this approach in principle (call this a Delphi_method). I've also found cautions against forwarding popular material on security related web pages. I have one example of a mailing designed to encourage re-forwarding that is linked to a spammer's web site. I must also say that I strongly intuit that this approach is a significant component of Spam and Identity Theft risk. However, none of that is a well controlled, statistically significant, Double blind, etc., study. While one might replicate these attacks, to be realistic, one must violate the privacy of the victims in such a study and compromise the security of computer and network systems not owned by the investigators. This presents immediate ethical issues, which is one reason I regard this issue as a Wicked_problem.

From the perspective of the Wikipedia, is it acceptable to write about this hypothesis, which is far from well established? Does it deserve its own article, linked to the main article here?

You can read more about me at my web page, and you will find a somewhat spam-protected e-mail box there: http://mysite.verizon.net/frautsch/ . I also have some unorganized notes about the details of each attack and about how might request others to cease including one's e-mail address in their broadcast lists. (Making these requests presents its own issues, since often the forwarder is not concerned about their own security, much less that of another person.) http://mysite.verizon.net/frautsch/conundrum.txt

Thank you for reading this.

Sincerely,

Mark Frautschi, Ph.D.


Reply from a spammer: Ok,I'm a spammer. I'm currently running through a proxy, so yeah. Do whatever to this IP. I've been inside of the scene for 2-3 years now, and I'm going to tell you right now not only have I not heard of anyone doing this, but I dont think I know anyone that wouldnt make fun of someone who offered this up as an idea. It's simply not worth our time. Even if there's upwards of 200 email addresses on at a time, it's just not worth it. It's $30/million random e-mails from a crawler. $80/million SMTP verified. And $1000-5000 for a "hacked base"(database dump) of a website with about 500k members. That last one requires full data(first name,last name, e-mail), and also is generally targeted data. So someone who would pay for that if it was from, say, a porn site, would be a porn mailer. In addition to that, "co-reg" or purchased registration data, is plentiful and cheap. This idea is just ridiculous.

Pruning in progress

The article is long (>44k) and copies redundant material from other places. I'm going to make some (hopefully good) edits.

But, there will be a lot of those edits, so apologies in advance. Let me know here if you think I trimmed too much... thanks LordMac 10:03, 12 December 2005 (UTC)

adding resource

Hello all,

my name is Branislav Gerzo, and I'd like to add link resource to Avoiding Spam section. I coded, with my brother about 2 months www.2pu.net page, and I think nothing cool like this is on the web for now. Is there any criterion, how can be my webpage added? Please tell me. Thanks a lot.

I suppose trusting you, and letting dozens of people contact me through your service, is better than trusting those dozens of people directly. But why should I trust you not to sell my email address to a bunch of spammers? --DavidCary 00:28, 4 January 2006 (UTC)

I see your point of view, we can't trust on Internet to anybody. I am just ordinal man, who hate spam, so I coded this project to help people out here. But it is OK, if you don’t add this resource, I'm smart enough. Thanks anyway. --2ge 23:12, 3 February 2006 (UTC)

Your program looks interesting, and it may or may not be useful in combating spam, but your project is about hiding an email address, displayed on a website, from spammers' web spiders. It may be a useful tool in fighting spam, but it's not really about spam itself. Furthermore, yours is one tool out of hundreds online (if not thousands). You will notice that the article doesn't link to Spamhaus, or SPEWS, or Ironport, or Brightmail, or any of a long list of anti-spam websites. Wikipedia is not a collection of links. Your project would certainly be a good addition to the Open Directory Project, however. eaolson 00:51, 4 February 2006 (UTC)

Why does this page have so many links to commercial spam-combating software? I thought this was a page about spam, not anti-spam (there is an article stopping e-mail abuse). I ask because while I was on RC patrol I removed one link added by anonymous user 81.17.107.146, thinking it was a one-off link-spam, but now I see there all the external links "Anti-spam organizations and prominent figures" and "Anti-spam tools and resources" are of this type. Should they all be reconsidered, or moved elsewhere? Should we reinstate the link added by 81.17.107.146? --RobertGtalk 10:56, 23 Jun 2005 (UTC)

Many of these links are themselves spam. Please feel free to prune the lists. --FOo 12:59, 23 Jun 2005 (UTC)

Kushnir murder

I'll watch the news and press agencies, and make sure that this article will reflect what has really happened.

  • If it turns out the entire story or just details are made up or merely rumours, I'll remove the offending material.
  • I'll expand the article if more information becomes available.

Help is appreciated, but note that Wikipedia is not a discussion forum, so messages like "it's good/bad that this happened" don't belong here. Shinobu 19:29, 25 July 2005 (UTC)

The term "lynching" is utterly, massively inappropriate here, as it makes completely unsupported implications about the killers' motivations. Especially considering the influence of the Russian Mafia on Russian spamming and computer crime, there is no reason to suggest that anything like lynching happened. --FOo 23:20, 25 July 2005 (UTC)

Correct. I copied the phrasing from the original contributor without thinking about it. Sorry. Shinobu 05:49, 8 August 2005 (UTC)

Bad picture

While I know a large proportion of spam these days simply consists of an inline image, the current picture evokes popup advertising more than spam.

Here at random is the latest spam (at least in English) from my inbox:

Date: Wed, 17 Aug 2005 19:42:36 -0500
From: "Lenore Hogan" <ymark@didamail.com>
To: dmacks@chem.upenn.edu
Subject: Lowest rates in 45 years

Hello,

 We tried contacting you awhile ago about your low interest morta(ge rate.

 You have been selected for our lowest rate in years...

 You could get over $420,000 for as little as $400 a month!

 Ba(d credit, Bank*ruptcy? Doesn't matter, low rates are fixed no matter what!

 
 To get a free, no obli,gation consultation click below:

 http://www.p8refi.net/?id=a67

 Best Regards,

 Josef Hartley
 
 to be remov(ed:	http://www.p8refi.net/book

 this process takes one week, so please be patient. we do our 
 best to take your email/s off but you have to fill out a rem/ove
 or else you will continue to recieve email/s.

69.86.80.141 18:32, 17 September 2005 (UTC)

Motives?

We ought to get together some decent information on why spammers bother. I was involved in a discussion on this a while back.... -- Smjg 12:46, 3 October 2005 (UTC)

Why did Hillary climb Mount Everest? Because it was there. People send junk e-mail because no one stops them. People vandalize wikipedia because they can. I would stick to factual information. 199.125.109.11 21:46, 13 June 2007 (UTC)

Open proxies

This secton starts: "Within a few years, open relays became rare ..."

That's not really accurate. When spammers switched to open proxies there were still plenty open relay MTA systems available to them. They more likely switched for other reasons, one of which may be the upsurge in open relay honeypots. Even in the small numbers in which they were deployed open relay honeypots (and later, open proxy honeypots) had a major effect on spammers. The existing text amounts to a claim that open relay blocklists and the campaign to eliminate open relays had a signifciant effect in limiting spam. Any evidence for that being a major effect is slight - blocklists in general had only a local effect for those who used them, and the number of email addresses protected by blocklists was never large enough for the use of blocklists to cause the end of spam. In additon most blocklists, as used, are spammer-friendly: they tell the spammer when an abused system used to deliver spam has been listed, making it trivial for the spammer to stop abusing that system in favor of other, as-yet undiscovered, systrems.

Minasbeede 19:48, 21 December 2005 (UTC)

I guess I can agree that open relays have not become "rare", but I do think they have become rarer and that DNSBLs had a significant impact on their use.

For example, take a look at the statistics from the ordb open-relay DNSBL (http://ordb.org/statistics/relaycount/). Around Feb 2002, the growth of discovered open relays slowed dramatically, and for the last couple of years, it has been almost stagnant. Every spam source detected by spamcop is automatically submitted to ordb checking, so if an open relay has been used for spamming, it will likely show up on the ordb DNSBL. There was another open-relay DNSBL that had statistics that showed similar trends, but I last checked it a couple of years ago and I haven't bothered to find it.

Now, a great deal of the closing of open-relays is likely due to the fact that MTAs, such as sendmail, no longer come configured as open-relays by default. So, when people install new software or upgrade from older software, they won't be open relays. Most new open relays now a days are due to configuration errors and such. Whether open-relay DNSBLs caused MTA authors to change their software to no longer be open-relays by default may be debatable. I think it played a part though.

Wrs1864 17:21, 22 December 2005 (UTC)

First paragraph suggestion, please

"Perpetrators of such spam ("spammers") often harvest addresses of prospective recipients from Usenet postings or from web pages, obtain them from databases, or simply guess them by using common names and domains."

Why is there no mention in this paragraph of the fact that almost all spam today is addressed to emails that have been harvested by internet worms? It's pretty sad that people are still treating the internet like it's 1998. I'd consider this important enough to put right in the first paragraph.

Spam is unsolicited commercial email. Is there a worm that uses propagation tricks to harvest emails for commercial purposes? The only ones I know of (like Sircam) only harvest for the purposes of self-propagation, which is a different activity entirely from spam. - Keith D. Tyler 22:22, 17 January 2006 (UTC)
Spam is promotional, but not necessarily commercial. There is also political spam and religious spam. The name for unsolicited commercial email is UCE.

Spam can only come from advertisers?

That's news to me. In a common usage of the term spam, anyone who sends unwanted email to a list such as a newsgroup qualifies as a spammer. He or she may just be "advertising" him/herself, seeking attention, trying to disrupt a conversation, spewing out foul language, or whatever. I think it's strange that such a lengthy article could be written on spam which fails to acknowledge that spam can come from individuals with no commercial interest whatsoever.

The writer(s) of this article should have begun with a dictionary definition of spam such as this one:

Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail.

tr.v. spammed, spam·ming, spams

  1. To send unsolicited e-mail to.
  2. To send (a message) indiscriminately to multiple mailing lists, individuals, or newsgroups.

Maybe it's just me, but I don't see the words "commercial" or "advertising" there at all!!

Someone insert this image, it looks cool: http://www-128.ibm.com/developerworks/library/lol/spamato/spam-c07.jpg

The distinction of spam as advertising primarily comes from the usage in legal definitions, the reason for the legal definitions to focus almost exclusively on advertising is that it is an attempt to skirt first ammendment concerns (at least in the US). 207.71.25.113 16:22, 1 August 2006 (UTC)

spam news

http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNStory/Technology/home

disagree with the advice to bypass valid e-mail forum registration

"If a web site requests registration in order to allow useful operations, such as posting in Internet forums, a user may give a temporary disposable address—set up and used only for such a purpose—periodically deleting such temporary e-mail accounts from their e-mail servers. (Users should notify such forums of the new replacement addresses if they wish to continue interaction for valid purposes.) For example, free services such as spamgourmet.com and spamhole.com allow a user to create a temporary e-mail address which forwards e-mail to you for a set period of time, and then becomes invalid."

I have been webforum administrator for quite some time and this addresses at spamgourmet and others are ways for spammers to register and post spam on the forums. When possible I always ban this addresses. If I see a registration from one disposable e-mail address I ban and the IPs of the users. Maybe giving the advice to use a different e-mail from the production/work e-mail but never to use the temporary e-mail addresses. User_talk:Vtrain 14:59, 18 September 2006 (GMT+1)

Category of spam

Recently in my "bulk and spam folder" there have been a number of spam messages with what look like bits of stories/ongoing commentry on sports fixtures etc, some of it veering towards Finnegans Wake obscurity. Is this a new category of spam, does it have a name and who creates it?

Probably just crunk they chuck in to try and pass spam filters better. I've had quotes from The Hobbit and poor erotic fiction turn up as well. Nimmo 09:29, 31 October 2006 (UTC)

Spam without any ostensible purpose whatsoever

The traditional idea of "spam" is becoming almost irrelevant to the nuisance mail that I am receiving. Usually any offers made of products or services seem poorly designed to promote a sale, and much of the nuisance mail is not even nominally intended to sell a product or service. For example, consider this message, titled "centennial transitory":

Other benefits include shifting the political influence on politicians from the parties to the people of their local constituencies as well as giving the voter a greater choice of candidates. We are all stronger in having a united front. As it is for now a ground swell of interest in the referendum is trying to put the right pressure on the Government to bring this to the people now rather than later. They come here because we still have the most accessible and richest natural areas with the greatest biodiversity and beauty on the planet. It is something that should be cherished and guarded and ranked well ahead of Gordon Campbell balancing his budget or pushing oil drilling in Hecate Strait. Sprachprobleme gebe es laut dieser Studie in Frankreich nicht. The recent explosion of blogs on the internet has fragmented the information distribution process by creating far too many options for online pundits. ... (The message goes on to address, in disjointed fashion, everything from Canadian logging to the war in Iraq, but with no underlying sentience. This portion is reproduced per "fair use", but I would be happy to replace it with a credit to the true copyright holder, if known)

Fortunately, this message was still flagged by a university spam filter from a blocked IP, but it is clearly intended to be troublesome to weed out by eye - and for no other obvious purpose. The only parties that I can imagine would benefit from such spam are those who offer for-profit spam filter or "certified e-mail" services. This Wikipedia entry would benefit greatly if experts would contribute their insight into the origins of this type of nuisance e-mail.

Is there a name for such "creative writing" spam (as there seems to be rather a lot of it) - though some of the text appears to have been used to set up the pages for placement of faked adverts (what is the publishing page infil text - lorem something?).

I haven't received any kind of sensible spam for over two years. All I get is phrases randomly collected from the web. Yes, there's usually image attached, but that too is full of rainbow colours and it's hard to make out if it's even advertising anything. I really would love to know what the purpose of a mail like that is? Does it actually earn money for someone and if it does, how!? I almost long for the days when spam used to be sensible. —The preceding unsigned comment was added by 88.112.21.183 (talk) 14:49, 8 January 2007 (UTC).

Inconsistent Statistics

The statistics in this article aren't in agreement. If these are estimates from different sources, it should be clear about that rather than stating them as facts.

In the overview, the article states:

An estimated 55 billion e-mail spam were sent each day in June 2006, an increase of 20 billion per day from June 2005.

Under statistics, it says:

2005 - (June) 30 billion per day

Under news, it says:

The report also found 55 billion daily spam emails in June 2006, a large increase from 35 billion daily spam emails in June 2005.

IMHO, the external link section for this page could be loads smaller, and most of the links there don't add any info... What do others think of this? --Jdevalk 23:39, 19 November 2006 (UTC)

I agree, the external link section could be cleaned up. Sadly, this article is not alone with the problem of spam links and I have pretty much given up on trying to remove them from the wikipedia. Wrs1864 05:49, 25 November 2006 (UTC)

Identifying spam

Perhaps there could be an article on identifying spam.

Categories would include:

Variants on Spanish Prisoner scam
"Bank update"
Weird-story-fragments
Bizarre products of a mostly adult nature.
"Strange spelllin gs" and "grammar as it is not wrote"

etc. (Add comment about Wikipedia limitations). Jackiespeel 18:17, 4 December 2006 (UTC)

New Percentage Statistics

Information Week Article. Does anyone have access to the study they talk about? Would that be very reputable, considering it is an email security firm after all?TomTwerk 19:08, 21 February 2007 (UTC)

Hiding the true sender

I just got a spam where the fictional 'from' field was actually MY e-mail address, which had the added effect of making it impossible to block. Does anyone know how you find out the true sender address, and/or shouldn't something about this fraud be in the article? Also, isn't there someplace you can forward spam e-mails to and the organization will track down the sender and prosecute them? I know 419 scams have that.

You can trace the Received: headers back to the source. Spammers often add fake headers to throw off the scent but they can't eliminate the real ones. It's easy enough to sort out with a little care and patience. For details, Google is your friend. Raymond Arritt 23:50, 22 February 2007 (UTC)
"someplace you can forward ... and the organization will track down the sender and prosecute them"? Ah now that would be a dream come true. It may exist in Australia, and in the USA you can send your junk e-mail to spam@uce.gov, but dream on if you think the FTC will do anything, other than in very limited situations. 199.125.109.11 21:55, 13 June 2007 (UTC)

Future Spam

I often think it funny that in 30 years I will be the beneficiary of whatever the spam claims I can win, get, or have. Clearly the trick of using future dates is to put the message at the top of the inbox in the case where the user sorts mail by date.

I notice a fair few of the future dated spams are the day before the potential Year 2038 Problem rollover in Unix time.

I find this amusing, but considering that not only are these January 18, 2038 mails in there, on a typical day I receive over 50 in my bulk folder from the future. R H Pearson 15:41, 22 March 2007 (UTC)

There had been an image here. It apparently was incorrect to show my inbox with all the 2038 dated emails. Suffice it to say, these are frequent.

I just checked my spam mailbox, out of 16,460 junk messages received in 2007, 247 were pre-dated, 3 to 1970, and 32 were post-dated, 11 to 2038. 199.125.109.11 22:15, 13 June 2007 (UTC)

No MX - less spam

While this method runs the risk of losing some legitimate e-mail from being received, some claim that it results in a 75% reduction in spam.

Is it true? I want sources. L.R.N 13:27, 23 May 2007 (UTC)

Well, some may claim it, but it can not lose legitimate e-mail. Legitimate e-mail will be sent to the A resource record if there isn't a MX resource record, but some remote parts of the internet may mostly be targetted by spammers who don't even get that right. Erik Warmelink 09:01, 25 May 2007 (UTC)

I can attest to the reduction in spam by not having an MX record.

In late 2005 our company changed locations which resulted in a change in ISP as well as our IP address. Our SMTP server had been operating at the same IP for the previous 6 or 7 years. During the change-over, our MX record was cleared and not updated, but our A-record was properly changed. This was not discovered for several months, because we noticed no problems receiving "legit" e-mail. However, the various role and "spamified" e-mail accounts I monitor showed an abrupt reduction in zombie-spam. If I recall correctly, the spam load dropped by more than 50%, possibly 75%.

It is plausible (and widely speculated) that zombies run bare-bones versions of SMTP messaging engines that largely are not equipped to handle SMTP errors, which is probably why grey-listing is an effective way to block them. Presumably, they are also not able to handle MX-lookup failures correctly.

Another theory is that the MX-lookup is sent to the zombie by the spammer along with the recipient address and message body, thereby eliminating the need for the zombie to perform time-consuming (and conspicuous) MX lookups.

In any case, perhaps address lists are being refined by list-masters by removing addresses belonging to domains that do not have MX records. Presumably, over time, many domains come and go, and it's plausible that many non-existant addresses can be effectively weeded out of spam lists simply by checking for the existance of a working MX record. The theory being that all working e-mail domains *must surely* have a properly configured MX record.


New picture needed?

I think so. --Allen649 13:52, 15 June 2007 (UTC)

Postcard Services

Can someone re-write this? It makes absolutely no sense.--Lidocaineus 04:29, 30 June 2007 (UTC)

Agreed. It's also inaccurate. Deleted. richi 19:58, 26 July 2007 (UTC)

I have seen a large jump in received e-mail in the last week. I normally get 120 junk messages a day, but that has gone as high as over 500 recently. Some of them are postcard e-mail messages, all with a code which I assume identifies my e-mail address as valid were I to click on the message. My e-mail reader does not open imbedded images or other web tricks that would identify the message as being received. 199.125.109.130 17:20, 26 July 2007 (UTC)

How about re-writing it instead of deleting it. What part is inaccurate? 199.125.109.71 06:42, 27 July 2007 (UTC)

A more recent controversal tactic, should be called "triggered spam", so called "Postcard Services", e.g., are catching online consumers to have them send so called "Postcards" with more or less commercial content to redirect the recipients back to the sites of these "Postcard Services", mostly full of commercial advertisements and marketing data harvesting systems, which are received by the "Postcard" recipients in most cases unsolicitedly and without their consent, who are not subscribers of such a "Postcard Service".

sounds like someone's confusing this with email Trojans in the vein of, "You're received a postcard from an admirer." Also, the flow of the language makes pretty inaccessible for the average reader, IMHO ... richi 13:49, 27 July 2007 (UTC)
Are they really all trojans? While one of the recent viruses spread uses the file name postcard.exe (haven't seen any of these since late January, early February), I have been getting a lot that say:

From: "123greetings.com" (deleted)

To: (deleted)

Subject: You've received a greeting card from a Neighbour!

Hi. Neighbour has sent you a postcard. See your card as often as you wish during the next 15 days.

SEEING YOUR CARD

If your email software creates links to Web pages, click on your card's direct www address below while you are connected to the Internet:

http:// (deleted)

Or copy and paste it into your browser's "Location" box (where Internet addresses go).

We hope you enjoy your awesome card.

Wishing you the best, Webmaster, americangreetings.com

14:43, 27 July 2007 (UTC)

Yes, these use browser vulnerabilities to install a downloader Trojan. The sender is forged ... richi 15:04, 27 July 2007 (UTC)

Primary Source seems to be cited inaccurately re: "Career Criminals and Malicious Hackers"

While my intuition agrees with the following claim, it does not appear to be well grounded. "Today, much of the spam volume is sent by career criminals and malicious hackers who won't stop until they're all rounded up and put in jail. [9]" It is true that http://www.cauce.org/archives/30-Spam-has-changed,-and-so-must-CAUCE.html is quoted correctly. However, the CAUCE cites an information week article (through a link to http://www.informationweek.com/research/showArticle.jhtml?articleID=190600156&pgno=1&queryText=) that does not really support this claim. On the information week page, I didn't see any description of career criminals being behind spam. Please let me know if I've misread the information week article. -David J., Austin, TX

It looks ok to me. I read the article and there is abundant evidence of malicious hackers, and as to career criminals, it mentions Can Spam being violated with impunity. If it had said hardened criminals I would have changed the word hardened, because that would have implications of other types of crimes, but career, yes, they are definitely making a career out of crime. I can actually see from reading it that the spam filtering is doing too good a job, leaving the ISPs and people like me with no filtering to bear the brunt of the attacks. So the public has not been complaining, and the law hasn't been changed, or enforced, and we keep on paying billions of dollars in costs. It always astonishes me that you can get 15 years in prison for robbing a grocery store of $27 and nothing when you rob internet users billions. 199.125.109.130 06:10, 31 July 2007 (UTC)

Spam vs Junk-mail, importance of "unsolicited" aspect as part of definition

Organizations like spamhaus define spam not in terms of the content (of the spam) but on the fact that the spam message is (1) unsolicited, (2) the message is equally applicable to many other potential recipients, and (3) the message campaign gives a disproportionate benefit to the sender.

While all of those are true, they go out of their way to avoid labelling a given message as spam based on the content of the message, or the sending history of the source IP, obfuscation or header forgery, filter avoidance techniques within the message body, etc.

So there are two camps: One believes that the context of the message is what defines it as spam, the other says that the content is more important or useful. Those in the context camp (ie - the RBL's) may define spam in that manner for legal protective reasons (to appear as content agnostic?).

That issue aside (and I think it should be better expressed on the main article page) there is also the issue of what is spam vs UBE, UCE, and junk mail.

I would propose that spam be defined as:

Any e-mail message that passed through an MTA without the consent or knowledge of the MTA's owner, or was emitted direct-to-MX by a machine with a dynamically-assigned internet IP address (regardless if it was emitted with or without the knowledge of the machine's owner).

That would cover a typical zombie proxy or trojanized host but would also cover "work-from-home" or other schemes.

Any other bulk transmission of messages who's content is largely identical but does not conform to the above definition could simply be known as "junk mail" and perhaps is better known technically as UBE or UCE.

So I'm proposing that spam be better defined, with a reference to both it's context and content, as well as to explain the differences between spam and junk mail. —The preceding unsigned comment was added by 69.156.116.228 (talkcontribs).

Spam is UBE, UCE which is not also bulk would not be sent to you or me.
I don't care whether UBE was sent from "direct-to-MX by a machine with a dynamically-assigned internet IP address", a "bullet-proof" server hired by a spammer, or a mail server which is backscattering or challenging. Erik Warmelink 19:10, 15 August 2007 (UTC)

title change

The title of this article is currently E-mail spam; however, spam is sending messages though unprotected SMTP servers. This article seems to be talking about unsolicited email.--71.221.198.74 07:35, 19 September 2007 (UTC)

Wherever did you get that idea? Spam is unsolicited bulk email, whether you send it from your own mail server or someone else's. Has been for years. --FOo 07:50, 19 September 2007 (UTC)
not true.--168.156.174.42 19:46, 19 September 2007 (UTC)
In FOo's defense, I find after some research that he is partially right, and partially wrong. If you look here and scroll down the the section titled "What is spam?" you will see that one defintion is UCE; however, ther are several definitions people use, including "...the practice of concealing the identity of the sender and routing data." such as though using an unprotected SMTP server, I brought this up because this is the definition I was taught be my college instructor, so maybe a name change isn't quite in order, but some clairification of these other common definitions is a must.--71.221.198.74 00:23, 20 September 2007 (UTC)
What makes you think your college instructor is an expert on the subject? "Good Times Virus" warnings (look it up) have been handed out by college instructors. If you consult reliable sources such as the actual operators of systems that defend against spam, such as Postini or Spamhaus, you will find that spam is unsolicited bulk email . --FOo 06:50, 20 September 2007 (UTC)
He has been working with computers probably since before you were born. Plus I provided you a link confirming that that is a legitamte definition for spam, granted there are other definitions, just because everyone has their own opinion on what constitutes spam, no one definition is either more right or wrong, so i mentioned all of them as possible definitions in the article.--71.221.198.74 08:16, 20 September 2007 (UTC)
Your link is not to a reputable source on the subject of spam; it's to some consultant for insurance agencies. And even it describes spam as being unsolicited rather than as being based on whether it was sent through a hijacked relay.
And yes, some definitions are more right than others. Some are used by people who actually work in the field, and some are made up by business consultants. --FOo 09:15, 20 September 2007 (UTC)
It sounds more like you dont like that you were proven wrong so you are trying to attack the validity of the site.--168.156.174.74 19:54, 20 September 2007 (UTC)
By common consensus, spam is UBE. The usual mantra among those of us[3] in the field is, "It's about consent, not content." ... richi 22:29, 21 September 2007 (UTC)
Anonymous dude -- the page you cited doesn't agree with you. That was my point. It's also not a reliable source, since we have no reason to believe that columnists writing for insurance agents are a reliable source about email security ... just as email sysadmins would not be a reliable source about insurance. --FOo 08:45, 22 September 2007 (UTC)

Not true

It isn't true that the reason spammers switched to using open proxies is that open relays became rare. Open relays did not become rare. The campaign to get all open relays secured had no particular useful effect: it was always misguided. Securing an open relay was a good thing to do for the operator of the open relay and the organization that owned/controlled the open relay. It was not an effective measure to eliminate spam, and it didn't eliminate spam at all. Worse, the standard way that open relays were secured was such that the former open relay would inform the spammer that relay mail was no longer accepted. That aided the spammers.

Reference: RFC 2505: "But, please note:

The Non-Relay rules are not in themselves enough to stop spam.
Even if 99% of the SMTP MTAs implemented them from Day 1,
spammers would still find the remaining 1% and use them. ..."

The RFC explained why the "secure your open relay" campaign and approach would fail before it began. There were plenty of open relays, as could be seen by consulting the open relay block lists (such as the ORBS list and its successors.)

Spammers rather quickly dropped open proxy abuse (that is, they changed to other abuse, principally the use of spam zombies) after Ron Guilmette and a few others began running small groups of open proxy honeypots. The crude way in which spammers detected and then abused open proxies made them extremely vulnerable to open proxy honeypots (and to open relay honeypots.) --Minasbeede 23:45, 21 September 2007 (UTC)

Mainsleaze

Can someone find a source about how many companies use mainsleaze? My experience is that it is very few. In fact I can only recall getting one, and when I contacted the relatively small company they were horrified with the negative response they had received. They had been sold a bill of goods and talked into paying someone to send UCE for them. [4] The reference does say, in its poor spelling, that the damage to their reputation can take years to repair. I would call that "quickly regretted". 199.125.109.71 02:21, 24 September 2007 (UTC)

Effect of convictions on level of spam

Has anyone noticed any change in spam because of the two recent convictions? I saw my spam levels sky rocket in the weeks before the conviction, from an average of 120 a day to an average of over 300 a day, and since the convictions they have dropped to about 80 a day. 199.125.109.48 03:03, 18 October 2007 (UTC)

Citations

Really nice article. Congratulations to the editors. I added a couple of "citations missing" tags to sections that seem to be lacking a source. But the source might already be in the references, just not cited. It is fine with me to remove or change this tag. I am not a mail scientist, only a user, but I hope this helps. -Susanlesch 20:59, 11 November 2007 (UTC)

Bulk Email

Bulk email is not necessarily spam. Bulk email merely means that the email is sent to a large number of people. If the email is opt-in, it is NOT spam. There are many bulk email providers and the point is that they are NOT sending spam. —Preceding unsigned comment added by 62.90.16.242 (talk) 12:08, 3 January 2008 (UTC)

Spam from Sophos?

The "Origin of spam" section appears to be shameless PR spam? I don't think the data in this section is at all meaningful as it changes drastically from month to month a spammers adopt to get around anti-spam technologies and filters.

This section, along with a similar section on the Spam (electronic) page, only seem to exist to promote Sophos and I think it should be removed? —Preceding unsigned comment added by Ihouston08 (talkcontribs) 16:59, 20 February 2008 (UTC)

No. 199.125.109.130 (talk) 01:56, 17 March 2008 (UTC)

Good article

If someone would propose that this be rated a GA article, I would be happy to help with anything that needs to be fixed. Unfortunately I think that taking the lead is one of the few things that IPusers can not do, but I think the article should pass easily. 199.125.109.76 (talk) 14:48, 8 March 2008 (UTC)

How bulk e-mailers operate

Could this be spun off into a separate article? Or should it just be trashed because WP is not a "how-to" reference? My goal is to reduce the size of the article by 50% in the next few months. Another target is the rather lengthy list of convictions, which appear on WP in at least three articles. Any spammer with their own article can just be canned and replaced with a dated list of arrested and convicted spammers. 199.125.109.69 (talk) 00:13, 23 March 2008 (UTC)

What does this sentence mean?

Even with a thousand users junk e-mail for advertising is not tenable, and with a million users it is not only impractical but also expensive, costing businesses in the order of $100 billion in 2007...

"not tenable" = ??

Whose perspective is this written about? —Preceding unsigned comment added by 71.122.146.252 (talk) 00:31, 3 May 2008 (UTC)

Not tenable means that it is "not capable of being maintained". There are too many people competing for your attention. When you have a dozen people it is realistic to post a notice to them. If each chooses to post a notice once a week you get a notice or two a day. When there are a hundred it becomes unworkable. A notice posted once a week means you have to sort through a dozen a day. A thousand and it becomes ludicrous. 199.125.109.74 (talk) 20:51, 4 May 2008 (UTC)

Response rates

Prospect (magazine) suggests that there are only 15 responses to every 1 million spams.

Given that much spam presently appears to be either "buy these (brand name) pills" or "give us your bank account details" with a few "acquire masteers/docteer's/batcheelors degrees" (typos included) what response do the spammers expect to get? (Apart from variants on "go away you timewaster"?) and why can't they think up some new topics? Jackiespeel (talk) 16:58, 23 June 2008 (UTC)

Oh the topics change over the years, but the motive remains the same - $$$$. 199.125.109.76 (talk) 19:19, 27 June 2008 (UTC)

One "new" topic appears to be "news headlines" (eg "US Senator found guilty of treason"), the text having nothing to do with the heading with a link to a website. (Observing, rather than OR) Jackiespeel (talk) 15:09, 14 July 2008 (UTC)

Postage-due

I disagree with the "postage-due mail" comparison in the introduction. I don't think that spam is more postage-due than any other form of email. There isn't any supplementary cost. And email is known to be greatly free to receive (you have only to connect to Internet, which is not a cost caused by the mail but by the global fact to connect to the internet). And if you consider webmail, you may even see that the email doesn't even need to be downloaded if you don't need it.Almeo —Preceding unsigned comment added by 133.5.16.31 (talk) 10:26, 28 July 2008 (UTC)

Listen closely, so I can whisper one word: bandwidth
When you plunk down your 10 shillings a fortnight for internet access you are buying bandwidth, and 8 of those shillings go to subsidize spammy sending upwards of a billion messages a day. Under the "cost of spam" section the article states: "An estimate of the percentage cost borne by the sender of marketing junk mail (snail mail) is 88%, whereas in 2001 (data may have changed) one spam was estimated to cost 0.10$ for the receiver and 0.00001$ (0.01% of the cost) for the sender." That's about as postage due as you can get. 199.125.109.17 (talk) 16:40, 17 August 2008 (UTC)

Yes, but data does have changed. You don't pay at all your connection like you did in 2001. And moreover, you can have all the spamming-filtering job done by online intermediates like gmail, that in this particular case reduces the cost to zero.Almeo (talk) 20:49, 8 December 2008 (UTC)

Just because you don't (directly) pay for something, doesn't make it free. The bandwidth still cost money and most of the costs are placed on the receiver. There are, indeed, companies out there that will pay for the bandwidth through advertising (e.g. gmail) or on hopes that you will upgrade to a paid service, or provide it as part of a larger package, but that doesn't change the fundamentals. Wrs1864 (talk) 21:54, 8 December 2008 (UTC)

I agree. Then, it is not the definition of postage-due advertising, but another thing -- yet a bad thing, ok, but we cannot call it postage-due advertising. It is more like the cost was assumed by the post company, that is quite different. The only thing I disagree is the use of the term postage-due, that is very specific. The fact that spam generates huge calculuses to treat it, wasting GW of energy, I agree on that. By still I can't bring myself to call it postage-due advertising, because I don't pay at all directly the cost of any substantial fare when I receive a spam.

Now, a simple calculus. Assume that in average one day of normal use represents a reception of around 200Mo of data. In France at least, an unlimited subscription for the internet (with ADSL) costs around 30$/month. So we pay around 1$/day. Take a spam (I took a quite huge one, indeed, with the picture of a lovely Russian girl ^^), it weights 52Ko. So for a spam I pay 0.00026$. So I would better erase the results of the 2001 study reported in this article, as it returned to be utterly obsolete. Moreover, to fetch this spam I had to pick it into the spam folder of my gmail account. So really for me the cost is 0$. Result : as a user, like many users, I don't feel at all postage-dued. If some transmission webmail company (equivalent in post company, in the comparison with snail mail) as to filter it, the user doesn't see the effect, because other sources of money are used for the webmail company to compensate the treatment costs.

So, no, spam cannot be named "postage-due" advertising. "Energy wasting worldwide phenomena" would be more likely a good term. I plan to edit the introduction in order to correct the mistake. Almeo (talk) 22:48, 8 December 2008 (UTC) And if I take a normal spam mail (without picture) that weights 2.7ko, I find a cost of 0.0000135$ for me. It is roughly the same cost that calculated in 2001 for the spammer side (0.00001$). So I'd absolutely have to remove these obsolete results from a 2001 study. Almeo (talk) 23:08, 8 December 2008 (UTC)

I think you are at best, splitting hairs. Spam does *NOT* cost you zero. The webmail company is *NOT* equivalent to the post office, if anything that would be the ISP. All analogies break down when you split hairs, but a "postage due" letter or a "collect call" phone call is pretty similar. Bandwidth is *NOT* the only or even the most significant portion of the costs of sending/receiving email, even if you didn't have to include the huge costs of spam filtering. This is all very fundamental to the problem of spam. It costs spammers a fraction of the price to send spam as it does for others to receive it, even if spammers didn't use zombie computers to send the spam. If spam were to disappear, there would be a dramatic decrease in the need to show so many ads on webmail pages and the size of your mailboxes and such would be larger.
As far as the costs studies from previous years, yes they are dated, but the summary here is still accurate. The cost of bandwidth has gone down, but that effects both the sender and receiver, the ratio is unlikely to have significantly changed.
I will reserve judgment on any edits you make until I see them, but they sound, at best, controversial and likely to be reverted. Wrs1864 (talk) 23:23, 8 December 2008 (UTC)

Please go to see the page postage due. It is very, very different. Sorry, I can't leave on Wikipedia something so weird.Almeo (talk) 23:27, 8 December 2008 (UTC) If I use free software to filter spam, in the case I am doing my home filtering, it costs me a little electricity and time. I can't see it so huge as to be seen as a fare.Almeo (talk) 23:34, 8 December 2008 (UTC)

hmm - so you're saying that because your internet connection costs nothing, and your time is equally low-cost, then there's no cost to you. I suppose that is accurate, since that's the only point you've made so far. Tedickey (talk) 00:23, 9 December 2008 (UTC)
Yes, it is fairly true. So that I had some difficulty to see it as a fared mail, and then I thought of the introduction as not very objective. This brought me to search among the references and I saw them globally obsolete, that had the trend of enforcing my doubts. Thence the discussion and the edits I intented.Almeo (talk) 00:47, 9 December 2008 (UTC)
The links aren't that out of date, it is just that spam is no long as hot a topic as it was in the 1990s and early 2000s. Wrs1864 (talk) 01:00, 9 December 2008 (UTC)
Lots of things can be seen as "effectively free" when you are on a small enough scale. For example, "it costs nothing to throw away a piece of paper" is true if you don't include your time and if someone else pays to take out your garbage. In the US, radio is "free" because advertisers pay for it, but that doesn't mean that it is really free. Even a "free" spam filter requires you to regularly update it in order to adapt to new spamming techniques and the cpu power to do it at an individual level isn't enough to force you to buy more computers. However, once you scale up to even a small business, you can quickly start ot measure the costs and can't just brush them aside. The pricing on home connections is often quite distorted because the ISPs assume that most people will only use a small fraction of the available bandwidth. Once you start running larger email servers, the costs can change. Wrs1864 (talk) 00:55, 9 December 2008 (UTC)
Well, then, breathing the smoke of someone else's cigarette isn't free (there are well-enough known costs for health etc.), but you don't call it due-breathing. I see that spam isn't free at least for some elements of the society, if not the whole society, but yet it is not like due-postage. It would be more, say, "society-side-effect mass postage". The effect is not directly sensed by the receiver, for each spam.Almeo (talk) 04:38, 9 December 2008 (UTC)
I've pondered this a little bit more and maybe I can clear things up a little bit. It isn't like dirty air, where air is free, it is more like tap water where the spammers require you to flush the toilet a lot more, wasting a lot of water which you do have to pay for. The property of "the e-mail receiver has to pay the bulk of the costs" isn't something special for spam, *all* e-mail that uses SMTP forces the receiver to pay the bulk of the costs. Yes, spam really is like postage-due snail mail, but maybe the article needs to point out that unlike regular mail, everything is postage-due. Or, to use a telephone analogy, all calls are collect calls and you can not refuse the charges. The "can not refuse the charges" is a property not of SMTP, but the core TCP/IP protocol that runs the entire internet. There is no reasonable way of dropping a packet that you don't want (e.g. from spam) until that packet has already crossed your connection and used up your valuable resources.
For example, the small business owner of acme.com has so much spam being sent to it that even with a high speed link, his machines can not send the ICMP host-unreachable packets back to the spammers to try to refuse the connections. There are just so many spams sent his way that those short packets fill his connection. Worse, there is spamware out there that doesn't pay any attention to the TCP/IP and SMTP requirements, they just queue up all the packets and send them out all in one chunk, and by the time the first packet hits the victim, the spammer has moved on to another email address. There is no reasonable way of refusing the entire spam because the spam is already on the wire before the receive can tell that it is coming. Jef was eventually able to get some filtering done at the ISP level, but that still means that the ISP has to pay the entire cost of receiving those packets and it also means that Jef can't use his domain for regular email. Wrs1864 (talk) 18:24, 9 December 2008 (UTC)
Ok. Here, you consider the cost of the use of the wire, but then, aren't the costs more 50%/50% ? Whereas, due-postage is 0%/100%.Almeo (talk) 16:06, 11 December 2008 (UTC)
I'm trying hard to assume good faith, but I'm having a hard time understanding why, if you can't easily see these costs, why you would even be interested in changing this article. The reasons are pretty clear to any email sysadmin/computer programmer.
Sorry, saying that is not the point. We are not discussing obvious behaviour rules. I don't see what you mean. We have both legitimity to discuss that. Almeo (talk) 13:30, 16 December 2008 (UTC)
Anyway, here is more explanations. Several things about bandwidth. First, in theory, bandwidth costs can be split 50%/50%, in practice spam is very often sent via zombied computers and therefore, the spammer pays nothing. Second, even "legitimate" bulk email senders can buy bandwidth in large volumes and therefore cheaper, where as many home users or small business pay a premium for bandwidth usage.
While bandwidth is the easiest thing to see, as I mentioned above, it certainly isn't the only thing or even the most significant. Relatively cheap PCs can bring even a fairly large email server to its knees. Queuing network packets to be sent is much more easily controlled than receiving the packet. Spamware is often very simple and direct, just load up the packets and send at whatever rate the computer can send them. Where the packets are different between sending, the spamware knows exactly what needs to be changed and where, nothing is read from disk, it is all in-memory. The receiving network card has to recognize the address, generate an interrupt, have the OS find which program is connect to which port and send the packets off the the mail server software. Then the MTA has to do all sorts of parsing of the packets just to see if the packets are valid SMTP commands, and then write the email to disk. All that has to be done even if the MTA doesn't do any spam filtering. Of course, before the email is written to disk, there are usually very expensive spam filtering done, often this requires many other network packets to check DNSBLs, bulk email checksum checks, etc.
Even in the days before any spam filtering, receiving email could easily be ten times as expensive, CPU wise, as sending it. Add in the spam filtering, and you can easily have a factor of 100 to 1000. Again, spammers often use zombied computers, so they don't pay anything for their computers. A small, hobby system at home can often use a "spare" PC, but once your email volume grows beyond the trivial level, the costs start being very noticeable.
I am really surprised that the source quoted in this article found that it was only a 12%/88% split, I suspect they missed some costs on the receiver's side. Wrs1864 (talk) 18:24, 11 December 2008 (UTC)
All that is not specific to spam. I don't see why we wouldn't write the analogy with postage-due on the email article rater than on this email spam article.
No original research may have this analogy removed from the introduction.Almeo (talk) 13:16, 15 December 2008 (UTC)
the postage-due nature of email is much more important when you are forced to pay for something you do not want and can not stop. This is not original research, it is obvious facts to anyone skilled in the arts, WP:RS does not require a cite to back every obvious fact and reliable sources can easily be found for this. I did not add this text, I do not know who did or when it was added, your position seems to violate WP:Undue weight. Wrs1864 (talk) 14:10, 15 December 2008 (UTC)
Nobody complains about the cost of spam, neither very very few are aware it may have a significant cost. The ones who know are the societies at some important level of the web, or some particular cases that have became a strange target for spam. So I don't think that "spam is post-due advertising" is a common view. At all. For example because email, spam or not, is free for all of the guys I know. And then, because post-due mailing is something well known, very different from email spam. If there is any obviousness, explain it please. And if we manage good explainations, if we put it in the article, comments such mine may not occur.Almeo (talk) 15:26, 15 December 2008 (UTC)
Ok, I've found a way to conciliate all the arguments :

Often, the cost of the spam is borne mostly by the recipient, like in postage due mailing. How does it sound ? I would like to edit the introduction this way. Almeo (talk) 13:46, 16 December 2008 (UTC)

Third opinion: Seems like this issue has been worked out. Nevertheless, I'll give my opinion. I'm against the inclusion of the postage line in general, as it is currently original research. Without a reliable source to back up the claim, it really shouldn't be included here at all. But I guess if you've both come to a conclusion, that's okay. I've marked it with a fact tag so someone can put a reference there. I've also marked the page as having OR and being in need of references. Surely with all the coverage spam gets in the news, there are plenty of sources that can be used. Should you need my help further on this, feel free to send me a message. — HelloAnnyong (say whaaat?!) 18:18, 18 December 2008 (UTC)

The reference to the spam costs being placed on the receiver was already in the article, just not referenced in the lead. Wrs1864 (talk) 18:39, 18 December 2008 (UTC)
The reference referred was precisely the one I criticized (out of date (data dated from 2001) because of evolution of costs) like recalculating costs we obtain 50/50. So that the reference does not hold.Almeo (talk) 06:05, 19 December 2008 (UTC)
I see that the same very old study quoted in that polemical (and not scientific tone) href=http://www.clickz.com/1432751 article would state that fax and automated phone calls should also have to be compared to postage-due mail (laugh).Almeo (talk) 06:21, 19 December 2008 (UTC)
I see no reason why the ratios would have changed. Find a better cite. And, yes, part of the reason why it is illegal to send junk faxes is because the cost is placed mostly on the receiver. Wrs1864 (talk) 12:38, 19 December 2008 (UTC)

Trend: Second-degree spam

After catastrophe-announcing spams, since a few days me and many others get a new kind of spam which is really on a different level : newspaper-like headlines like "Switzerland To Be Devoured By Black Hole", most of them are so funny it makes you want to read more, even though you know it is spam. I call it "second-degree" because when spammers wrote these headlines they knew nobody would actually believe it is real news. All other spam want to make you believe in something, this category is fundamentally different, but it works: I actually dive into my junk email box to read them because they are so funny ! It is too early to add a paragraph on the article, let's see whether this trend gets confirmed Nicolas1981 (talk) 12:17, 8 August 2008 (UTC)

Legality

In the Legality section, I was looking at creating a list of spam legislation for various countries as shown below (Rows and columns to be expanded). I then realised the section was getting too big anyhow. Should we break the section out to another article and reduce the size of this one?

Country Legislation Option Date
 United States CAN-SPAM Act of 2003 opt-Out 16 December 2003
 Australia Spam Act 2003 opt-In 12 December 2003
 European Union Article 13 of the Directive on Privacy and Electronic Communications opt-In 31 October 2003
 United Kingdom Privacy and Electronic Communications (EC Directive) Regulations 2003
 New Zealand Unsolicited Electronic Messages Act
 Canada Personal Information Protection and Electronic Documents Act
 Singapore Spam Control Act
 Hong Kong Unsolicited Electronic Messaging Ordinance

- E! (talk) 13:00, 11 August 2008 (UTC)

The "In the news" section could be moved there as well as it is all offence related. - E! (talk) 13:50, 11 August 2008 (UTC)
I decided that even with a separate article, a further article would be required anyhow. See E-mail spam legislation by country - E! (talk) 00:28, 12 August 2008 (UTC)

Marshall's 30 %

Marshall Limited claim almost 30 per cent of internet users buy goods from spam emails.

This is an incredible claim, as in it's not credible. Following the press release back to the company putting this forward (and changing the cite to point there) we find the flawed method used--an open survey generated by a page. Derived from a small sample of 622 respondents--we'll take Marchall's implied word they're not the same person 622 times--makes this less factual. We also change this to Marshall's claim rather than a proven fact. I'd complain if this nonsense was quoted in the media, let alone repeated in an encyclopedia! Does anyone know why Marshall are doing this? MartinSFSA (talk) 16:00, 26 August 2008 (UTC)

You may have been thinking of the retailer, Marshalls. It was Marshal, an e-mail company that sells protection against spam, and it is in their interest to scare potential customers into thinking the problem is worse than it is. Heck their own marketing department could have entered 28% of the claims - it was such a small sample. 199.125.109.17 (talk) 13:36, 18 October 2008 (UTC)

Pointless Spam

I was just wondering about the huge volume of "pointless" spam, at work we get thousands of spam emails which seem to serve no purpose, they contain no attachments, no links, no company names, usually just a line of giberish, "He went for a walk, cabbage goes forward, chimpanzees went to war", now it might just be me, but I really can't see any point in an email like that, so why are they sent? Also with all the "online degree", "penis enlargement", "viagra", or "I'm from ***insert african hell hole** please give me all your personal information I would need to empty your bank account so I can send you one hundred trillion American dollars" are there still people out there stupid enough to click though, and enter their bank account, credit card and personal information? Do the spammers still get any response or do they just keep doing it to annoy us all? MattUK (talk) 07:49, 13 September 2008 (UTC)

Basically crime pays very well - until you get caught. The old adage crime doesn't pay assumes a functioning justice system. In the US at least, the wheels of justice are very rusty and turn extremely slowly. So far only a handful of spammers have been convicted, despite rampant non-compliance with even the pro-spam US law. 199.125.109.17 (talk) 13:43, 18 October 2008 (UTC)

What about this...

Just an idea of an anti-spam technique (to add in the Anti-spam techniques section): When people give their email addresses they should also give a random keyword that could be anything and then apply a filter to put apart all messages that don't contain that keyword. I noticed there are 2 ways for spammers to find your email address : 1 - you give your email to a commercial site or a company which will share your email with the spammers 2 - you put your email on a website and it is noticed by an email crawler

If each time you give your email to your friends you also tell them to put your personal keyword (that could be anything, similar to a password) you could tell your filter to let in only messages from your friends. Or if you have to give your email address to a company/website you give them another keyword to put in the emails. If you notice that after you gave the email to this company/website you start receiving spam it means they sold your email to spammers. So you filter out all messages with the keyword you gave to the company/website.

This keyword technique could be implemented directly into email agents. For example you create several inbox folders and you attach a keyword to each of them.

What do you think about this ? Could it be a perfect anti-spam solution ? —Preceding unsigned comment added by 84.98.192.26 (talk) 18:37, 9 October 2008 (UTC)

See Final, Ultimate Solution for the Spam Problem (FUSSP). 199.125.109.17 (talk) 13:52, 18 October 2008 (UTC)

Funny, also read http://www.ranum.com/security/computer_security/papers/a1-firewall/ (73. Tips for your new anti-spam idea) —Preceding unsigned comment added by 84.98.192.63 (talk) 14:37, 22 October 2008 (UTC)

Most common products advertised

Any reference available for the updated numbers? The numbers were changed, but not the reference, which shows 2006 numbers. I did find 1997 numbers, but that's no help.[5] 199.125.109.48 (talk) 19:18, 13 November 2008 (UTC)

Statistics per year or day?

I think that these statistics should be reviewed, because it's not a good idea to say

2002 - 860 billion per year;

2004 - 11 billion per day and so on.


The first time I read it, it seemed that from 2002 to 2004 spam decreased by 98%, when actually it increased by 368%. angelofwisdom (talk) 15:33, 20 December 2008 (UTC)