Email spam

src: alssl.askleomedia.com

Spam email , also known as junk email , is a type of electronic spam where unsolicited messages are sent via email.

Many email spam messages are commercial but may also contain visible disguised links to known websites but actually lead to phishing websites or sites hosting malware. Spam emails can also include malware as scripts or other executable file attachments (trojan). Spam is named after Spam lunch meat through a Monty Python sketch where Spam is ubiquitous, inevitable, and repetitive.

Spam emails have grown steadily since the early 1990s. Botnet, a virus-infected computer network, is used to send about 80% of spam. Since the cost of spam is borne largely by recipients, it is a very effective advertising. This makes it an outstanding example of negative externalities.

The legal status of spam varies from one jurisdiction to another. In the United States, the SPAM-SPAM Act of 2003 precedes state-specific laws for e-mail, making compensation more difficult; it is required that the messages comply with the rules laid down by the Act and by the FTC, but not vice versa unsolicited Bulk E-mail addresses (UBE). ISPs have sought to recover the cost of spam through lawsuits against spammers, although they are largely unsuccessful in collecting indemnities despite winning in court.

Spammers collect email addresses from chatrooms, websites, customer lists, newsgroups, and viruses that harvest the user's address book. These collected email addresses are sometimes also sold to other spammers. The proportion of spam emails is about 90% of email messages sent, by the end of 2014.

Video Email spam

Ikhtisar

From the beginning of the internet (ARPANET), junk email delivery has been banned. Gary Thuerk sent the first email spam messages in 1978 to 600 people. He was rebuked and told not to do it again. The spam bans are imposed by the Acceptable Use Policy/Terms of Use Policy/ToS/AUP from internet service providers (ISPs) and peer pressure.

It is estimated in 2009 that business spam costs about US $ 130 billion. Because the scale of the spam problem has grown, ISPs and the public have turned to the government for help from spam, which has failed to materialize.

Maps Email spam

Type

Spam has several definitions that vary by source.

• Unsolicited bulk email
• unsolicited commercial email (UCE) - this stricter definition is used by regulators whose mandate is to regulate trafficking, such as the U.S. Federal Trade Commission.

Spammered sites

Many spam emails contain URLs to websites or websites. According to Cyberoam reports in 2014, there are an average of 54 billion spam messages sent every day. "Pharmaceutical products (Viagra and the like) jumped 45% from the last quarter's analysis, leading the packet of spam this quarter.Exercising emails offering quick jobs, easy money coming in at number two, accounting for about 15% of all spam emails. number three is spam emails about diet products (such as Garcinia gummi-gutta or Garcinia Cambogia), accounting for about 1%. "

Most products advertised

According to information collected by Commtouch Software Ltd., email spam for the first quarter of 2010 can be described as follows.

419 fraud

Fraudulent down payment fees, such as Nigerian "419" scams, can be sent by an individual from cybercafà ©  in developing countries. Organized "organized gangs" operate from sites founded by the Russian mafia, with grass battles and revenge killings occasionally occurring.

Phishing

Spam is also a fraudulent medium to trick users into entering personal information on fraudulent websites using fake emails to look like they come from banks or other organizations, such as PayPal. This is known as phishing . Target phishing, where known information about the recipient is used to create a fake email, known as spear-phishing .

src: www.informationsecuritybuzz.com

Spam Techniques

Add

If a marketer has a database containing customer names, addresses, and phone numbers, they can pay for their databases to match an external database containing an email address. The company then has the means to send emails to people who have not requested an email, which may include people who deliberately hold their email addresses.

Image spam

Image spam, or image-based spam, is an obfuscation method in which message text is stored as GIF or JPEG images and is displayed in an email. This prevents text-based spam filters from detecting and blocking spam messages. Image spam was reportedly used in mid-2000 to advertise "pump and exhaust" stocks.

Often, image spam contains unreasonable and computer-generated text that only annoys the reader. However, new technologies in some programs try to read images by trying to find the text in these images. These programs are not very accurate, and sometimes filter out innocent product images, like boxes containing words.

However, the newer technique is to use animated GIF images that do not contain clear text in the initial frame, or to distort the lettering in the image (as in CAPTCHA) to avoid detection by optical character recognition tools.

Blank spam

Empty spam is spam that has no charge ads. Often the body of the message disappears altogether, as does the subject line. However, that's consistent with the definition of spam because of its nature as a bulk and unsolicited email.

Empty spam can originate in different ways, either intentional or unintentional:

1. Empty spam can be sent in directory harvest attacks, a form of dictionary attack to collect valid addresses from email service providers. Since the target in the attack is to use bounces to separate invalid addresses from valid ones, the spam sender can get rid of most header elements and the entire message, and stay on target.
2. Empty spam can also occur when a spammer forgets or fails to add a payload when he or she prepares the run spam.
3. Often empty spam headers are truncated, indicating that computer breakdowns, such as software or other bugs may have contributed to this problem - from poorly written spam software to relay servers not working, or any issues that could bypass the path headings of body messages.
4. Some spam may seem empty when in fact it is not. An example is the VBS.Davinia.B email worm that spreads through messages that do not have a subject line and looks blank, when in fact it uses HTML code to download other files.

Spam backscatter

Backscatter is a side effect of email spam, viruses, and worms. This occurs when the mail server is incorrectly configured to send bounce messages to the envelope sender when refusing or quarantining an email (not just rejecting attempts to send a message).

If the sender's address is falsified, then the bounce can go to an innocent party. Because these messages are not requested by the recipient, are substantially similar to each other, and sent in bulk, they qualify as unsolicited bulk or spam email. Thus, systems that generate email backscatter may end up registered in various DNSBL and violate Internet Service Provider Terms of Service.

src: i.ytimg.com

Legality

Spamming violates the acceptable use policy (AUP) of most Internet service providers. Providers vary in their willingness or ability to enforce their AUP. Some actively enforce their provisions and terminate spammers accounts without warning. Some ISPs lack adequate personnel or technical skills for law enforcement, while others may be reluctant to enforce stricter provisions on profitable customers.

Because direct recipients bear the cost of shipping, storage, and processing, a person may deem spam as the electronic equivalent of "postpay" junk mail. Due to the low cost of sending unsolicited emails and the potential benefits gained, some believe that only strict enforcement can stop garbage emails. The Coalition Against Unsolicited Commercial Email (CAUCE) believes "Currently, most of the spam volume is sent by career criminals and malicious hackers who will not stop until they are all caught and put in jail."

European Union

All countries in the European Union have passed laws that specifically target spam.

Article 13 of the EU Directive on Privacy and Electronic Communications (2002/58/EC) states that EU Member States will take appropriate measures to ensure that unsolicited communications for direct marketing purposes are not allowed without the consent of the customer related or in connection with a customer who does not wish to receive this communication, the choice between this option will be determined by national law.

In the United Kingdom, for example, unsolicited emails can not be delivered to individual customers unless prior permission has been obtained or unless there is a prior relationship between the parties. Regulations may apply to companies or individuals who deviate anywhere in the EU. The Information Commission office has responsibility for enforcing unsolicited emails and considering complaints about violations. Violations of law enforcement notices are a criminal offense liable to a fine of up to £ 500,000.

Canada

The Canadian government has escaped anti-spam laws called the Fighting Internet and the Wireless Spam Act to combat spam.

Australia

In Australia, the relevant law is Spam Act 2003, which includes some types of email and phone spam and went into effect on April 11, 2004. The Spam Act states that "Unsolicited commercial electronic messages should not be shipped." Whether an unsolicited email depends on whether the sender has permission or not. Approval can be expressed or concluded. Express Agreement is when someone directly instructs the sender to send them an email, e.g. by participating. Consent may also be inferred from the business relationship between the sender and the recipient or if the recipient is prominently issuing their email address in a public place (such as on a website). Penalties of up to 10,000 penalty units, or 2,000 penalty units for persons other than bodies.

United States

In the United States, most countries enact anti-spam laws during the late 1990s and early 2000s. Much of this has since been prevented by the less restrictive CAN-SPAM Act of 2003 ("CAN-SPAM").

Spam is legally allowed by CAN-SPAM, provided it meets certain criteria: "honest" subject line, no false information in the technical header or sender address, and other minor requirements. If spam fails to comply with any of these requirements it is illegal. Increased or accelerated sanctions apply if spammers harvest email addresses using the methods described previously.

A review of the effectiveness of CAN-SPAM in 2005 by the Federal Trade Commission (agency charged with CAN-SPAM enforcement) states that the number of sexually explicit spam has dropped significantly since 2003 and total volume began to decline. Senator Conrad Burns, the main sponsor, noted that "Enforcement is the key to CAN-SPAM legislation." In 2004, less than one percent of spam meets CAN-SPAM. Unlike the FTC's evaluation, many observers see CAN-SPAM has failed in its goal of reducing spam.

Other laws

Accessing privately owned computer resources without owner permission is illegal under computer crime laws in most countries. The deliberate spread of computer viruses is also illegal in the United States and elsewhere. So, some common spammer behavior is criminal regardless of the legality of spamming per se . Even before the emergence of laws that specifically prohibit or regulate spam, spammers are successfully prosecuted under computer fraud and misuse of the law for falsely using someone else's computer.

The use of botnets can be considered a theft. Spammers consume bandwidth and zombie owner resources at no cost whatsoever. In addition, spam is considered a service theft. The recipient SMTP server consumes a large number of system resources that handle this unwanted traffic. As a result, service providers have to spend huge amounts of money to make their systems capable of handling this amount of email. These costs are inevitably passed on to the service provider's customers.

Other laws, not just those related to spam, have been used to adjudicate suspected spammers. For example, Alan Ralsky was charged for alleged fraudulent shares in January 2008, and Robert Soloway pleaded guilty in March 2008 on allegations of fraudulent mail, fraudulent email, and failed to file tax returns.

src: socialwebqanda.com

Scams and fraud

Spammers can engage in deliberate fraud to send their messages. Spammers often use fake names, addresses, phone numbers, and other contact information to set up "disposable" accounts on various Internet service providers. They also often use fraudulent or stolen credit card numbers to pay for these accounts. This allows them to move quickly from one account to the next when the host's ISP discovers and disables each.

The sender may try hard to hide the origin of their message. Large companies may hire other companies to send their messages so that complaints or blocking of emails fall on third parties. Others engage in spoofing email addresses (much easier than IP spoofing addresses). The email protocol (SMTP) does not have authentication by default, so spammers can pretend to be messages apparently from an email address. To prevent this, some ISPs and domains require the use of SMTP-AUTH, allowing a positive identification of the particular account from which the email originated.

The sender can not completely spoof the email delivery chain (the 'Received' header), because the recipient's mailserver records the actual connection of the last mailserver's IP address. To counter this, some spammers falsify additional shipping headers to make it appear as though previous emails have crossed many legitimate servers.

Spoofing can have serious consequences for legitimate email users. Not just their email inboxes are clogged up by "unsent" emails in addition to spam volumes, they can be misidentified as spammers. Not only can they receive annoying emails from spam victims, but (if the spam victim reports the owner of the email address to the ISP, for example) a naive ISP can stop their service for spamming.

src: i.ytimg.com

Service theft

Spammers often seek and use vulnerable third party systems such as open mail relays and open proxy servers. SMTP forwards email from one server to another - an ISP-run email server typically requires some form of authentication to ensure that the user is an ISP's customer. Open relays, however, do not properly check who is using the mail server and forward all mail to the destination address, making it more difficult to track down spammers.

Increasingly, spammers use malware-infected PC networks (zombies) to send their spam. Zombie networks are also known as botnets (such zombifying malware is known as bot , short for robots). As of June 2006, an estimated 80 percent of email spam was sent by zombie PCs, up 30 percent from a year earlier. An estimated 55 billion spam emails are sent daily in June 2006, an increase of 25 billion per day from June 2005.

For the first quarter of 2010, an estimated 305,000 new zombie enabled PCs are brought online every day for malicious activity. This amount is slightly lower than 312,000 in the fourth quarter of 2009.

Brazil earned the most zombies in the first quarter of 2010. Brazil is the source of 20 percent of all zombies, down from 14 percent from the fourth quarter of 2009. India has 10 percent, with Vietnam at 8 percent, and the Russian Federation at 7 percent.

Side effects

To address the problems posed by botnets, open relays, and proxy servers, many email server administrators are pre-emptively blocking dynamic IP ranges and enforcing stringent requirements on other servers that want to send mail. Confirmed forward reverse DNS must be set up correctly for the outgoing mail server and large blocks of blocked, sometimes pre-emptive IP addresses, to prevent spam. These steps can cause problems for those who want to run a small email server from cheap domestic connections. IP blacklist ranges because spam that radiates from them also causes problems for legit mail servers within the same IP range.

src: 3vowli249lp13hl4bz2ku62r-wpengine.netdna-ssl.com

Statistics and estimates

The total volume of email spam has grown consistently, but in 2011 the trend seemed to reverse. The amount of spam users see in their mailboxes is only part of the total spam sent, because the spammer list often contains a large percentage of invalid addresses and many spam filters simply delete or reject "obvious spam."

The first known spam email, advertised the presentation of a DEC product, was sent in 1978 by Gary Thuerk to 600 addresses, which were all ARPANET users at the time, although software limitations meant little more than half the intended recipients actually received them.. As of August 2010, the number of spam messages sent per day is estimated at around 200 billion. More than 97% of all emails sent over the Internet are undesirable, according to Microsoft security reports. MAAWG estimates that 85% of incoming mail is "rough email", in the second half of 2007. The sample size for the MAAWG study is over 100 million mailboxes.

A 2010 survey of US and European email users showed that 46% of respondents had opened spam messages, even though only 11% had clicked on links.

The highest amount of spam received

According to Steve Ballmer, Microsoft founder Bill Gates receives four million emails per year, most of them spam. This was originally reported incorrectly as "per day".

At the same time, Jef Poskanzer, the owner of the acme.com domain name, receives more than a million spam emails per day.

Spam charges

A 2004 survey estimated that loss of productivity burden Internet users in the United States $ 21.58 billion per year, while others reported a $ 17 billion cost, up from $ 11 billion in 2003. In 2004, the cost of worldwide spam productivity has been estimated to be $ 50 billion in 2005. The estimated percentage cost borne by the sender of junk mail marketing (snail mail) is 88 percent, whereas in 2001 one spam was estimated at $ 0.10 for the recipient and $ 0.001 (0.01 % of cost) for the sender.

The origin of spam

The origin or source of spam refers to the geographical location of the computer from which spam is sent; not the country where the spammer lives, or the country hosting the spamed site. Because of the international nature of spam, spammers, hijacked spammers, spammy servers, and targeted users from spam, they are often in different countries. As many as 80% of spam received by Internet users in North America and Europe can be traced to fewer than 200 spammers.

In terms of spam volume: According to Sophos, the main source of spam in the fourth quarter of 2008 (October to December) is:

• United States (originally 19.8% spam messages, up from 18.9% in Q3)
• China (9.9%, up from 5.4%)
• Russia (6.4%, down from 8.3%)
• Brazil (6.3%, up from 4.5%)
• Turkey (4.4%, down from 8.2%)

When grouped by continent, spam mostly comes from:

• Asia (37.8%, down from 39.8%)
• North America (23.6%, up from 21.8%)
• Europe (23.4%, down from 23.9%)
• South America (12.9%, down from 13.2%)

In the case of the number of IP addresses: The Spamhaus project (which measures spam sources in terms of the number of IP addresses used for spam, not the spam volume sent) is ranked as the top three as the United States, China and Russia, followed by Japan, Canada, and South Korea.

In the case of networks: As of June 5, 2007, the three networks that host the most spammers are Verizon, AT & amp; T, and VSNL International. Verizon inherited many of these spam sources from the acquisition of MCI, in particular through UUNet's subsidiary of MCI, which Verizon later renamed Verizon Business.

src: www.teachucomp.com

Anti-spam techniques

US Computer Information Incident Inventory Capability (CIAC) has provided a special response to email spam.

Some popular methods for filtering and refusing spam include email filtering based on email content, DNS-based black hole list (DNSBL), greylisting, spamtraps, enforcing email technical requirements (SMTP), checksumming system for bulk email detection, and by putting some sort of charge on the sender through a proof-of-work or micropayment system. Each method has its strengths and weaknesses and each is controversial because of its weakness. For example, one company's bid to "[remove] some spamtrap and honeypot addresses" from the email list defeats the ability for the method to identify spammers.

Outbound spam protection incorporates many techniques to scan outgoing messages from service provider networks, identify spam, and take actions such as blocking messages or turning off message sources.

In one study, 95 percent of income (in research) was cleared through only three banks.

src: image.shutterstock.com

Spammer method

Collecting addresses

To send spam, spammers need to get an email address from the intended recipient. For this purpose, both spammers and merchant lists compile a large list of potential email addresses. Because spam is, by definition, not requested, this address change is done without the (and sometimes contrary to desires) consent of the address holder. As a result, the spammer's address list is not accurate. One spam process can target tens of millions of possible addresses - many of them invalid, misformed, or undeliverable.

Sometimes, if spam sent "bounced" or sent back to the sender by programs that remove spam, or if the recipient clicks the unsubscribe link, which may cause the email address to be marked "valid", which the spammers interpret as "send me more". This is illegal under anti-spam laws. However, the recipient may not automatically assume that the unsubscribe link is an invitation to send more messages: if the originating company is legitimate and the message content is valid, then the individual must unsubscribe to messages or threads or mailings they no longer want to receive.

Obscure message content

Many spam filtering techniques work by looking for patterns in the header or message body. For example, a user can decide that all emails they receive with the word "Viagra" in the subject line are spam, and instruct their email program to automatically delete all messages. To defeat such filters, spammers may have deliberately misspelled commonly filtered words or inserted other characters, often in a style similar to leetspeak, as in the following example: V1agra , Via'gra , Vi @ graa , vi * gra , \/iagra . It also allows different ways to express certain words, making identifying them all more difficult for filter software.

The principle of this method is to leave a human readable word (which can easily recognize the word meant for the misspelling), but it is impossible to recognize by a literal computer program. This is only effective, since modern filter patterns have been designed to recognize blacklisting terms in various misspelled iterations. Other filters target actual blurring methods, such as the use of punctuation or non-standard numbers to unusual places. Similarly, HTML-based email gives more spammers tools to blur the text. Incorporating an email comment between letters can thwart multiple filters, as it may include invisible text by setting the font color to white on a white background, or shrinking the font size to the smallest print. Another common way involves presenting text as an image, which is sent together or retrieved from a remote server. This can be thwarted by not allowing the email program to load images.

Because Bayesian filtering has become popular as a spam filtering technique, spammers have begun to use methods to weaken it. For a rough approximation, the Bayesian filter depends on the probability of the word. If a message contains many words that are used only in spam, and some that are never used in spam, it is probably spam. To undermine Bayesian filters, some spammers, in addition to sales promotions, now include irrelevant and random word lines, in a technique known as Bayesian poisoning. Variants on this tactic can be borrowed from users of Usenet known as "Hipcrime" - to include sections of books taken from Project Gutenberg, or unreasonable phrases generated with "a dispute press". Randomly generated phrases can create spoetry (spam poetry) or spam art. The credibility of spam messages perceived by users differs across cultures; for example, unsolicited Korean emails often use apologies, possibly based on Korean modeling behavior and a greater tendency to follow social norms.

Another method used to disguise spam as a legitimate message is the use of automatic sender names in the From: field, ranging from realistic ones like "Jackie F. Bird" to (oddly, by mistake or deliberately). names of interest such as "Sloppiest U. Epiglottis" or "Attentively E. Behavioral". Return addresses are also automatically generated automatically, often using the unauthorized domain owner's domain name, causing some users to blame innocent domain owners. Blocking lists use IP addresses rather than sender domain names, because this is more accurate. A letter claiming to be from example.com can be seen forged by finding the original IP address in the email header; as well as Sender Policy Framework, for example, helps by stating that a particular domain will only send mail from a specific IP address.

Spam can also be hidden in a fake "Notification Letter" that looks like a notification of failure sent by a mail transfer agent ("MAILER-DAEMON") when it encounters an error.

Spam support services

A number of online activities and other business practices are considered by anti-spam activists to connect to spam. This is sometimes called spam service support : business services, in addition to spamming itself, which allows spammers to continue operating. Spam support services may include order processing for items advertised in spam, website hosting or DNS records referenced in spam messages, or certain services as follows:

Some internet hosting companies advertise bulk-friendly or bulletproof hosting . This means that, unlike most ISPs, they will not stop customers from spamming. These hosting companies operate as larger ISP clients, and many are eventually taken offline by this larger ISP as a result of complaints related to spam activity. So, while a company can advertise bulletproof hosting, it can eventually not be delivered without a connection from the upstream ISP. However, some spammers have managed to get the so-called pink contracts (see below) - contracts with ISPs that allow them to spam uninterruptedly.

Some companies produce spamware , or software designed for spammers. Spamware varies greatly, but can include the ability to import thousands of addresses, to generate random addresses, to insert fake headers into messages, to use dozens or hundreds of email servers simultaneously, and to use open relays. The sale of spamware is illegal in eight US states.

Called millions of CDs are generally advertised in spam. This is a CD-ROM that supposedly contains a list of email addresses, for use in sending spam to this address. The list is also sold directly online, often with false claims requested by registered address holders (or "opt-in") for inclusion. Such lists often contain invalid addresses. In recent years, this has been almost completely unused due to the low quality email addresses that are available on them, and because multiple email lists exceed 20GB in size. The amount you can load on the CD is no longer large.

A number of DNS blacklists (DNSBLs), including RBL MAPS, Spamhaus SBL, SORBS and SPEWS, target spam and spammer support providers. DNSBLs blacklist IPs or IP ranges to persuade ISPs to stop services with known customers who are spammers or resold to spammers.

src: i.ytimg.com

Related vocabulary

Unsolicited bulk email (UBE)

Synonym for email spam.

Unsolicited commercial email (UCE)

Spam promotes commercial services or products. This is the most common type of spam, but it does not include spam that is a lie (such as a virus warning), political advocacy, religious messages, and chain letters sent by someone to many others. The term UCE may be most common in the United States.

Pink contract

Pink contracts are service contracts offered by ISPs that offer bulk email services to send spam to clients, in violation of the publicly-accepted usage policy of the ISP.

Spamvertising

Spamvertising is advertising through spamming media.

Opt-in, double opt-in, opt-out

opt-in

Opt-in, opt-in confirmed, double opt-in, opt-out refers to whether the people in the mailing list are given the option to put in, or taken out, from the list. Confirmation (and "double", in marketing language) refers to email addresses sent for example. via a web form that is authenticated to actually request joining the mailing list, instead of being added to the list without verification.

End, Primary Solution for Spam Problem (FUSSP)

An ironic reference for naïve developers who believe they have found the perfect spam filter, which will stop all spam from entering the user's inbox when deleting no legitimate emails by mistake.

Bacn

Bacn is an email that has been subscribed and is therefore requested. Bacn has been described as "the email you want but not now." Some common examples of bacn messages are news notifications, periodic messages from e-merchants from which a person has made a previous purchase, a message from a social networking site, and a wiki checklist. The name bacn is meant to convey the idea that such emails are "better than spam, but not as good as personal email". It was originally created in August 2007 in PodCamp Pittsburgh 2, and has since been used among the blogging community.

src: i.ytimg.com

History

src: previews.123rf.com

See also

src: tr1.cbsistatic.com

References

src: previews.123rf.com

Further reading

• Dow, K; Serenko, A; Turel, O; Wong, J (2006), "Antecedents and consequences of user satisfaction with email systems", International Journal of e-Collaboration (PDF) , 2 ( 2), pp.Ã,46-64 .
• Sjouwerman, Stu; Poslun, Jeffrey, Inside the spam cartel: trade secrets from the dark , Elsevier/Syngress; First edition, November 27, 2004. ISBN: 978-1-932266-86-3.

External links

Info Spam

• SpamHelp.org
• "Dapatkah Spam: Bagaimana Spam Buruk untuk Lingkungan", The Economist , 15 Juni 2009 .

Laporan spam

• Aktivitas Ancaman Email Seluruh Dunia , Barracuda Central .

Government reports and industry white papers

• Email List of Harvesting and Effectiveness of Anti-SPAM Filters (PDF) , United States: FTC, archived from the original (PDF) in 2007-11-28 , retrieved 13 Oct 2007 .
• Electronic Frontier Foundation spam page containing legislation, analysis, and litigation history
• Why Do I Get All This Spam? Unsolicited Commercial Email Research Report Six Months by the Center for Democracy & amp; Technology from author Pegasus Mail and Mercury Mail Transport System - David Harris
• Spam White Paper - Sink in Sewage (PDF) , Pegasus Mail, archived from the original (PDF) in 2007-11-28 .

Source of the article : Wikipedia