Talk:Email spam
Template:FACfailed is deprecated, and is preserved only for historical reasons. Please see Template:Article history instead. |
This article (or a previous version) is a former featured article candidate. Please view its sub-page to see why the nomination did not succeed. For older candidates, please check the Wikipedia:Featured article candidates/Archived nominations. |
Blast Email
Blast email is not necessarily spam. It can refer to communities or companies sending out a single mail or message to a large group of people. As such, I would like to recommend removing the forward from “Email Blasting” to this entry and begin an entry of its own. Creatox 17:01, 9 February 2007 (UTC)
UBE?
'UBE'? Who came up with this one? Is there some desire to 'embrace and extend' at Wiki? It's UCE - unsolicited commercial email - period. The official address of the US Federal Trade Commission for years now has been uce [at] ftc [dot] gov. Stick with the standards; don't make yourself the ass.
- First off, you are forbidden from posting personal attacks on Wikipedia. Do not call people "the ass" here.
- Second, well, you're wrong. The term "UBE" or "Unsolicited Bulk Email" is widely recognized and used, e.g.:
- The distinction is worth making. Noncommercial spam has been a part of the spam problem as long as there has been a spam problem. Some of the first widespread email spammers were religious missionaries. The spam case that brought the "Korean school open proxies" problem to international attention was a political spam case. Neither of these are commercial, but they are spam, and were dealt with by both spamfighters, system administrators, email users, and the media as cases of spamming. --FOo 05:35, 12 January 2007 (UTC)
- In addition to the points that Fubar Obfusco made, I think it is important to note that the Federal Trade Commission can only regulate commercial activity and that is why they restrict the types of spam they collect to just the UCE subset of UBE. Also note that the three definitions of spam that Fubar gave above are all different than the five already referenced in the article. Wrs1864 02:16, 13 January 2007 (UTC)
- And thirdly, the FTC replaced uce@ftc.gov with spam@uce.gov in July 2004. See http://www.ftc.gov/opa/2004/07/newspamemail.shtm 199.125.109.11 21:27, 13 June 2007 (UTC)
Harvesting Addresses
I didn't see anything about services that are designed around collecting addresses for spam, but claim to offer some other service. For example, "free" services for maintaining contacts or that send "free" greeting cards or that send invitations to events. Basically, services that dupe people into giving up the contact information of others for spam. I have personally been added to spam lists by well-meaning friends and family in this way. If there is something about these techniques in the article it may need to be more prominent or re-worded. Ognolman 20:34, 10 January 2007 (UTC)
NPOV?
This caption for an image doesnt seem to follow the NPOV: "Today, spammers use infected Windows PCs to deliver spam. Many still rely on Web-hosting services on spam-friendly ISPs to make money.". Are Windows PCs the only computers infected? Inklein 06:38, 9 August 2006 (UTC)
- I agree that this is decidedly not NPOV. It doesn't matter if Windows systems are providing most of the infected systems spammers use. If there are *any* other non-Windows operating systems being used then the caption is non-NPOV and should be changed. The fact that the statement can be rephrased to say "...spammers use infected computers to deliver spam..." and still convey the required meaning is enough to show that the current caption is not NPOV. Ognolman 20:25, 10 January 2007 (UTC)
- By and large, yes. A great deal of email spam is sent through backdoors opened by Windows-only worms designed for that specific purpose. The Mydoom and Sobig worm families are infamous for this, but there are plenty of others. (See the discussion and citations on those articles.) Spammers and other criminals either commission the writing of these worms, or create a market by being willing to pay worm-writers for access to compromised systems.
- Why target Windows? Windows worm-writing is evidently very well understood by the people who do it: worms can be mass-produced in long sequences of variants to extend their success; some worm families have seen hundreds of variants. In contrast, worm-writing for other platforms appears to be still in its infancy, with most worms being one-off pranks (like the Ramen worm for Linux) rather than organized criminal endeavors. Worms for Windows are effectively a professional criminal endeavor, as opposed to an amateur criminal endeavor like the vandalism-oriented worms that occasionally plague other systems. This is as much a sociological and economic fact as a technical one.
- In any event, regardless of the cause, it is true that compromised Windows systems -- and often home PCs rather than servers -- are an major conduit of spam.
- Not the only one, of course! Some spammers send spam directly from their own systems, operating on rogue ISPs. But the FTC estimates that 30% of spam is sent from worm-infected home (and home-office) PCs alone, and that's aside from that sent from worm-infected workplace desktops or servers. [1] --FOo 08:27, 9 August 2006 (UTC)
Another reference: [2] discusses tracking a botnet being used to send spam from infected Windows machines. A quote:
- The file is a spam proxy Trojan named Win32.Ranky.fv.
- "The entire scheme of mass infection is simply to facilitate the sending of spam. The proxy Trojan is also a bot of sorts; reporting in to a master controller to report its IP address and the socks port for use in the spam operation," Stewart said.
The point is not only that Windows PCs are being infected to send spam ... but also that the needs and wants of spammers are a major motivation of Windows users' current problems with worms and trojans. If it weren't for the spammers (who are willing to pay a lot for infected systems) there would be no financial motivation for most of the worm-writers. --FOo 22:49, 19 August 2006 (UTC)
Is this image really needed?
Is this image needed:
I know that wikipedia is not censored, but this seems to unnecessicarily add mature content to an article that does not really need it. The majority of spam (at least the stuff I get) seems to be appropriate. It also seems odd because it is a highly customized screenshot (not really windows), and there is not a license. Comments? Inklein 06:38, 9 August 2006 (UTC)
- Huh? Wikipedia policy does not deal with "mature content" whatsoever. It is literally a non-issue for us here. The image appears to correctly represent a flood of spam. It's simply true that much of spam advertises pornography and "adult" products, as is depicted here.
- As for a "highly customized screenshot", what does that have to do with anything? The depicted application is Mozilla Firefox, displaying Google Mail (the name of Google's Gmail in markets where another company owned "Gmail" as a trademark). Both are reasonably common, and Gmail looks like Gmail no matter what browser (or OS) you use it in.
- The image is accurate and relevant. Of course, if you have a better one, feel free to propose it. --FOo 08:34, 9 August 2006 (UTC)
- The skin used is Watercolor Blue, on Windows XP. Will (Take me down to the Paradise City) 12:08, 9 August 2006 (UTC)
- It's not Firefox, it's Thunderbird.
No History section
Hi if anyone knows, please write a *history* section and talk about the origin of the word and the phenomenon.
Appropriate to Insert a "How Spam Operates" Segment Without Strong Supporting Evidence?
I'd like to insert a social engineering + Cracker (computing) (malicious hacking) hypothesis I have been unable to prove, or refute, since 2000, namely that spammers harvest e-mail addresses by intercepting popular (frequently forwarded and re-forwarded) messages and gathering the attached e-mail addresses. It's quite clear that these attacks are possible in transit (the "in-flight attack"; TO: CC: & BCC:) and after receipt (the "post-flight attack"; TO: & CC:) using the known text of the message as a search key. Once the message is found the e-mail addresses the forwarder has attached may be siphoned off.
This approach offers several advantages to the identity thief/spammer:
- The forwarder unknowingly vouches that e-mail addresses are valid and attended.
- More security conscious individuals have their e-mail addresses exposed when less-security conscious users aggregate them in a list, frequently an entire address book, and forward them on.
- Traffic can be increased by generating fraudulent content (i.e. hoaxes) designed encourage forwarding and re-forwarding.
By talking with a small number (> 10) of security experts at a few open source and security conferences and individually, I have validated this approach in principle (call this a Delphi_method). I've also found cautions against forwarding popular material on security related web pages. I have one example of a mailing designed to encourage re-forwarding that is linked to a spammer's web site. I must also say that I strongly intuit that this approach is a significant component of Spam and Identity Theft risk. However, none of that is a well controlled, statistically significant, Double blind, etc., study. While one might replicate these attacks, to be realistic, one must violate the privacy of the victims in such a study and compromise the security of computer and network systems not owned by the investigators. This presents immediate ethical issues, which is one reason I regard this issue as a Wicked_problem.
From the perspective of the Wikipedia, is it acceptable to write about this hypothesis, which is far from well established? Does it deserve its own article, linked to the main article here?
You can read more about me at my web page, and you will find a somewhat spam-protected e-mail box there: http://mysite.verizon.net/frautsch/ . I also have some unorganized notes about the details of each attack and about how might request others to cease including one's e-mail address in their broadcast lists. (Making these requests presents its own issues, since often the forwarder is not concerned about their own security, much less that of another person.) http://mysite.verizon.net/frautsch/conundrum.txt
Thank you for reading this.
Sincerely,
Mark Frautschi, Ph.D.
Reply from a spammer: Ok,I'm a spammer. I'm currently running through a proxy, so yeah. Do whatever to this IP. I've been inside of the scene for 2-3 years now, and I'm going to tell you right now not only have I not heard of anyone doing this, but I dont think I know anyone that wouldnt make fun of someone who offered this up as an idea. It's simply not worth our time. Even if there's upwards of 200 email addresses on at a time, it's just not worth it. It's $30/million random e-mails from a crawler. $80/million SMTP verified. And $1000-5000 for a "hacked base"(database dump) of a website with about 500k members. That last one requires full data(first name,last name, e-mail), and also is generally targeted data. So someone who would pay for that if it was from, say, a porn site, would be a porn mailer. In addition to that, "co-reg" or purchased registration data, is plentiful and cheap. This idea is just ridiculous.
Pruning in progress
The article is long (>44k) and copies redundant material from other places. I'm going to make some (hopefully good) edits.
But, there will be a lot of those edits, so apologies in advance. Let me know here if you think I trimmed too much... thanks LordMac 10:03, 12 December 2005 (UTC)
adding resource
Hello all,
my name is Branislav Gerzo, and I'd like to add link resource to Avoiding Spam section. I coded, with my brother about 2 months www.2pu.net page, and I think nothing cool like this is on the web for now. Is there any criterion, how can be my webpage added? Please tell me. Thanks a lot.
I suppose trusting you, and letting dozens of people contact me through your service, is better than trusting those dozens of people directly. But why should I trust you not to sell my email address to a bunch of spammers? --DavidCary 00:28, 4 January 2006 (UTC)
I see your point of view, we can't trust on Internet to anybody. I am just ordinal man, who hate spam, so I coded this project to help people out here. But it is OK, if you don’t add this resource, I'm smart enough. Thanks anyway. --2ge 23:12, 3 February 2006 (UTC)
- Your program looks interesting, and it may or may not be useful in combating spam, but your project is about hiding an email address, displayed on a website, from spammers' web spiders. It may be a useful tool in fighting spam, but it's not really about spam itself. Furthermore, yours is one tool out of hundreds online (if not thousands). You will notice that the article doesn't link to Spamhaus, or SPEWS, or Ironport, or Brightmail, or any of a long list of anti-spam websites. Wikipedia is not a collection of links. Your project would certainly be a good addition to the Open Directory Project, however. eaolson 00:51, 4 February 2006 (UTC)
Links
Why does this page have so many links to commercial spam-combating software? I thought this was a page about spam, not anti-spam (there is an article stopping e-mail abuse). I ask because while I was on RC patrol I removed one link added by anonymous user 81.17.107.146, thinking it was a one-off link-spam, but now I see there all the external links "Anti-spam organizations and prominent figures" and "Anti-spam tools and resources" are of this type. Should they all be reconsidered, or moved elsewhere? Should we reinstate the link added by 81.17.107.146? --RobertG ♬ talk 10:56, 23 Jun 2005 (UTC)
- Many of these links are themselves spam. Please feel free to prune the lists. --FOo 12:59, 23 Jun 2005 (UTC)
Kushnir murder
I'll watch the news and press agencies, and make sure that this article will reflect what has really happened.
- If it turns out the entire story or just details are made up or merely rumours, I'll remove the offending material.
- I'll expand the article if more information becomes available.
Help is appreciated, but note that Wikipedia is not a discussion forum, so messages like "it's good/bad that this happened" don't belong here. Shinobu 19:29, 25 July 2005 (UTC)
- The term "lynching" is utterly, massively inappropriate here, as it makes completely unsupported implications about the killers' motivations. Especially considering the influence of the Russian Mafia on Russian spamming and computer crime, there is no reason to suggest that anything like lynching happened. --FOo 23:20, 25 July 2005 (UTC)
Correct. I copied the phrasing from the original contributor without thinking about it. Sorry. Shinobu 05:49, 8 August 2005 (UTC)
Bad picture
While I know a large proportion of spam these days simply consists of an inline image, the current picture evokes popup advertising more than spam.
Here at random is the latest spam (at least in English) from my inbox:
Date: Wed, 17 Aug 2005 19:42:36 -0500 From: "Lenore Hogan" <ymark@didamail.com> To: dmacks@chem.upenn.edu Subject: Lowest rates in 45 years Hello, We tried contacting you awhile ago about your low interest morta(ge rate. You have been selected for our lowest rate in years... You could get over $420,000 for as little as $400 a month! Ba(d credit, Bank*ruptcy? Doesn't matter, low rates are fixed no matter what! To get a free, no obli,gation consultation click below: http://www.p8refi.net/?id=a67 Best Regards, Josef Hartley to be remov(ed: http://www.p8refi.net/book this process takes one week, so please be patient. we do our best to take your email/s off but you have to fill out a rem/ove or else you will continue to recieve email/s.
69.86.80.141 18:32, 17 September 2005 (UTC)
Motives?
We ought to get together some decent information on why spammers bother. I was involved in a discussion on this a while back.... -- Smjg 12:46, 3 October 2005 (UTC)
- Why did Hillary climb Mount Everest? Because it was there. People send junk e-mail because no one stops them. People vandalize wikipedia because they can. I would stick to factual information. 199.125.109.11 21:46, 13 June 2007 (UTC)
Open proxies
This secton starts: "Within a few years, open relays became rare ..."
That's not really accurate. When spammers switched to open proxies there were still plenty open relay MTA systems available to them. They more likely switched for other reasons, one of which may be the upsurge in open relay honeypots. Even in the small numbers in which they were deployed open relay honeypots (and later, open proxy honeypots) had a major effect on spammers. The existing text amounts to a claim that open relay blocklists and the campaign to eliminate open relays had a signifciant effect in limiting spam. Any evidence for that being a major effect is slight - blocklists in general had only a local effect for those who used them, and the number of email addresses protected by blocklists was never large enough for the use of blocklists to cause the end of spam. In additon most blocklists, as used, are spammer-friendly: they tell the spammer when an abused system used to deliver spam has been listed, making it trivial for the spammer to stop abusing that system in favor of other, as-yet undiscovered, systrems.
Minasbeede 19:48, 21 December 2005 (UTC)
I guess I can agree that open relays have not become "rare", but I do think they have become rarer and that DNSBLs had a significant impact on their use.
For example, take a look at the statistics from the ordb open-relay DNSBL (http://ordb.org/statistics/relaycount/). Around Feb 2002, the growth of discovered open relays slowed dramatically, and for the last couple of years, it has been almost stagnant. Every spam source detected by spamcop is automatically submitted to ordb checking, so if an open relay has been used for spamming, it will likely show up on the ordb DNSBL. There was another open-relay DNSBL that had statistics that showed similar trends, but I last checked it a couple of years ago and I haven't bothered to find it.
Now, a great deal of the closing of open-relays is likely due to the fact that MTAs, such as sendmail, no longer come configured as open-relays by default. So, when people install new software or upgrade from older software, they won't be open relays. Most new open relays now a days are due to configuration errors and such. Whether open-relay DNSBLs caused MTA authors to change their software to no longer be open-relays by default may be debatable. I think it played a part though.
Wrs1864 17:21, 22 December 2005 (UTC)
First paragraph suggestion, please
"Perpetrators of such spam ("spammers") often harvest addresses of prospective recipients from Usenet postings or from web pages, obtain them from databases, or simply guess them by using common names and domains."
Why is there no mention in this paragraph of the fact that almost all spam today is addressed to emails that have been harvested by internet worms? It's pretty sad that people are still treating the internet like it's 1998. I'd consider this important enough to put right in the first paragraph.
- Spam is unsolicited commercial email. Is there a worm that uses propagation tricks to harvest emails for commercial purposes? The only ones I know of (like Sircam) only harvest for the purposes of self-propagation, which is a different activity entirely from spam. - Keith D. Tyler ¶ 22:22, 17 January 2006 (UTC)
- Spam is promotional, but not necessarily commercial. There is also political spam and religious spam. The name for unsolicited commercial email is UCE.
Spam can only come from advertisers?
That's news to me. In a common usage of the term spam, anyone who sends unwanted email to a list such as a newsgroup qualifies as a spammer. He or she may just be "advertising" him/herself, seeking attention, trying to disrupt a conversation, spewing out foul language, or whatever. I think it's strange that such a lengthy article could be written on spam which fails to acknowledge that spam can come from individuals with no commercial interest whatsoever.
The writer(s) of this article should have begun with a dictionary definition of spam such as this one:
Unsolicited e-mail, often of a commercial nature, sent indiscriminately to multiple mailing lists, individuals, or newsgroups; junk e-mail.
tr.v. spammed, spam·ming, spams
1. To send unsolicited e-mail to. 2. To send (a message) indiscriminately to multiple mailing lists, individuals, or newsgroups.
Maybe it's just me, but I don't see the words "commercial" or "advertising" there at all!!
Someone insert this image, it looks cool: http://www-128.ibm.com/developerworks/library/lol/spamato/spam-c07.jpg
- The distinction of spam as advertising primarily comes from the usage in legal definitions, the reason for the legal definitions to focus almost exclusively on advertising is that it is an attempt to skirt first ammendment concerns (at least in the US). 207.71.25.113 16:22, 1 August 2006 (UTC)
spam news
http://www.theglobeandmail.com/servlet/story/RTGAM.20060428.wxspam28/BNStory/Technology/home
disagree with the advice to bypass valid e-mail forum registration
"If a web site requests registration in order to allow useful operations, such as posting in Internet forums, a user may give a temporary disposable address—set up and used only for such a purpose—periodically deleting such temporary e-mail accounts from their e-mail servers. (Users should notify such forums of the new replacement addresses if they wish to continue interaction for valid purposes.) For example, free services such as spamgourmet.com and spamhole.com allow a user to create a temporary e-mail address which forwards e-mail to you for a set period of time, and then becomes invalid."
I have been webforum administrator for quite some time and this addresses at spamgourmet and others are ways for spammers to register and post spam on the forums. When possible I always ban this addresses. If I see a registration from one disposable e-mail address I ban and the IPs of the users. Maybe giving the advice to use a different e-mail from the production/work e-mail but never to use the temporary e-mail addresses. User_talk:Vtrain 14:59, 18 September 2006 (GMT+1)
Category of spam
Recently in my "bulk and spam folder" there have been a number of spam messages with what look like bits of stories/ongoing commentry on sports fixtures etc, some of it veering towards Finnegans Wake obscurity. Is this a new category of spam, does it have a name and who creates it?
- Probably just crunk they chuck in to try and pass spam filters better. I've had quotes from The Hobbit and poor erotic fiction turn up as well. Nimmo 09:29, 31 October 2006 (UTC)
Spam without any ostensible purpose whatsoever
The traditional idea of "spam" is becoming almost irrelevant to the nuisance mail that I am receiving. Usually any offers made of products or services seem poorly designed to promote a sale, and much of the nuisance mail is not even nominally intended to sell a product or service. For example, consider this message, titled "centennial transitory":
- Other benefits include shifting the political influence on politicians from the parties to the people of their local constituencies as well as giving the voter a greater choice of candidates. We are all stronger in having a united front. As it is for now a ground swell of interest in the referendum is trying to put the right pressure on the Government to bring this to the people now rather than later. They come here because we still have the most accessible and richest natural areas with the greatest biodiversity and beauty on the planet. It is something that should be cherished and guarded and ranked well ahead of Gordon Campbell balancing his budget or pushing oil drilling in Hecate Strait. Sprachprobleme gebe es laut dieser Studie in Frankreich nicht. The recent explosion of blogs on the internet has fragmented the information distribution process by creating far too many options for online pundits. ... (The message goes on to address, in disjointed fashion, everything from Canadian logging to the war in Iraq, but with no underlying sentience. This portion is reproduced per "fair use", but I would be happy to replace it with a credit to the true copyright holder, if known)
Fortunately, this message was still flagged by a university spam filter from a blocked IP, but it is clearly intended to be troublesome to weed out by eye - and for no other obvious purpose. The only parties that I can imagine would benefit from such spam are those who offer for-profit spam filter or "certified e-mail" services. This Wikipedia entry would benefit greatly if experts would contribute their insight into the origins of this type of nuisance e-mail.
- Usually when I get crap like that, there's an image attached to the email with the actual advertisement; the text stuff is just to get past filters. --jpgordon∇∆∇∆ 16:57, 23 October 2006 (UTC)
Is there a name for such "creative writing" spam (as there seems to be rather a lot of it) - though some of the text appears to have been used to set up the pages for placement of faked adverts (what is the publishing page infil text - lorem something?).
- I haven't received any kind of sensible spam for over two years. All I get is phrases randomly collected from the web. Yes, there's usually image attached, but that too is full of rainbow colours and it's hard to make out if it's even advertising anything. I really would love to know what the purpose of a mail like that is? Does it actually earn money for someone and if it does, how!? I almost long for the days when spam used to be sensible. —The preceding unsigned comment was added by 88.112.21.183 (talk) 14:49, 8 January 2007 (UTC).
Inconsistent Statistics
The statistics in this article aren't in agreement. If these are estimates from different sources, it should be clear about that rather than stating them as facts.
In the overview, the article states:
An estimated 55 billion e-mail spam were sent each day in June 2006, an increase of 20 billion per day from June 2005.
Under statistics, it says:
2005 - (June) 30 billion per day
Under news, it says:
The report also found 55 billion daily spam emails in June 2006, a large increase from 35 billion daily spam emails in June 2005.
External link section
IMHO, the external link section for this page could be loads smaller, and most of the links there don't add any info... What do others think of this? --Jdevalk 23:39, 19 November 2006 (UTC)
- I agree, the external link section could be cleaned up. Sadly, this article is not alone with the problem of spam links and I have pretty much given up on trying to remove them from the wikipedia. Wrs1864 05:49, 25 November 2006 (UTC)
Identifying spam
Perhaps there could be an article on identifying spam.
Categories would include:
- Variants on Spanish Prisoner scam
- "Bank update"
- Weird-story-fragments
- Bizarre products of a mostly adult nature.
- "Strange spelllin gs" and "grammar as it is not wrote"
etc. (Add comment about Wikipedia limitations). Jackiespeel 18:17, 4 December 2006 (UTC)
New Percentage Statistics
Information Week Article. Does anyone have access to the study they talk about? Would that be very reputable, considering it is an email security firm after all?TomTwerk 19:08, 21 February 2007 (UTC)
Hiding the true sender
I just got a spam where the fictional 'from' field was actually MY e-mail address, which had the added effect of making it impossible to block. Does anyone know how you find out the true sender address, and/or shouldn't something about this fraud be in the article? Also, isn't there someplace you can forward spam e-mails to and the organization will track down the sender and prosecute them? I know 419 scams have that.
- You can trace the Received: headers back to the source. Spammers often add fake headers to throw off the scent but they can't eliminate the real ones. It's easy enough to sort out with a little care and patience. For details, Google is your friend. Raymond Arritt 23:50, 22 February 2007 (UTC)
- "someplace you can forward ... and the organization will track down the sender and prosecute them"? Ah now that would be a dream come true. It may exist in Australia, and in the USA you can send your junk e-mail to spam@uce.gov, but dream on if you think the FTC will do anything, other than in very limited situations. 199.125.109.11 21:55, 13 June 2007 (UTC)
Future Spam
I often think it funny that in 30 years I will be the beneficiary of whatever the spam claims I can win, get, or have. Clearly the trick of using future dates is to put the message at the top of the inbox in the case where the user sorts mail by date.
I notice a fair few of the future dated spams are the day before the potential Year 2038 Problem rollover in Unix time.
I find this amusing, but considering that not only are these January 18, 2038 mails in there, on a typical day I receive over 50 in my bulk folder from the future. R H Pearson 15:41, 22 March 2007 (UTC)
There had been an image here. It apparently was incorrect to show my inbox with all the 2038 dated emails. Suffice it to say, these are frequent.
- I just checked my spam mailbox, out of 16,460 junk messages received in 2007, 247 were pre-dated, 3 to 1970, and 32 were post-dated, 11 to 2038. 199.125.109.11 22:15, 13 June 2007 (UTC)
No MX - less spam
While this method runs the risk of losing some legitimate e-mail from being received, some claim that it results in a 75% reduction in spam.
Is it true? I want sources. L.R.N 13:27, 23 May 2007 (UTC)
- Well, some may claim it, but it can not lose legitimate e-mail. Legitimate e-mail will be sent to the A resource record if there isn't a MX resource record, but some remote parts of the internet may mostly be targetted by spammers who don't even get that right. Erik Warmelink 09:01, 25 May 2007 (UTC)
I can attest to the reduction in spam by not having an MX record.
In late 2005 our company changed locations which resulted in a change in ISP as well as our IP address. Our SMTP server had been operating at the same IP for the previous 6 or 7 years. During the change-over, our MX record was cleared and not updated, but our A-record was properly changed. This was not discovered for several months, because we noticed no problems receiving "legit" e-mail. However, the various role and "spamified" e-mail accounts I monitor showed an abrupt reduction in zombie-spam. If I recall correctly, the spam load dropped by more than 50%, possibly 75%.
It is plausible (and widely speculated) that zombies run bare-bones versions of SMTP messaging engines that largely are not equipped to handle SMTP errors, which is probably why grey-listing is an effective way to block them. Presumably, they are also not able to handle MX-lookup failures correctly.
Another theory is that the MX-lookup is sent to the zombie by the spammer along with the recipient address and message body, thereby eliminating the need for the zombie to perform time-consuming (and conspicuous) MX lookups.
In any case, perhaps address lists are being refined by list-masters by removing addresses belonging to domains that do not have MX records. Presumably, over time, many domains come and go, and it's plausible that many non-existant addresses can be effectively weeded out of spam lists simply by checking for the existance of a working MX record. The theory being that all working e-mail domains *must surely* have a properly configured MX record.
New picture needed?
I think so. --Allen649 13:52, 15 June 2007 (UTC)
Postcard Services
Can someone re-write this? It makes absolutely no sense.--Lidocaineus 04:29, 30 June 2007 (UTC)
- Agreed. It's also inaccurate. Deleted. richi 19:58, 26 July 2007 (UTC)
I have seen a large jump in received e-mail in the last week. I normally get 120 junk messages a day, but that has gone as high as over 500 recently. Some of them are postcard e-mail messages, all with a code which I assume identifies my e-mail address as valid were I to click on the message. My e-mail reader does not open imbedded images or other web tricks that would identify the message as being received. 199.125.109.130 17:20, 26 July 2007 (UTC)
- How about re-writing it instead of deleting it. What part is inaccurate? 199.125.109.71 06:42, 27 July 2007 (UTC)
A more recent controversal tactic, should be called "triggered spam", so called "Postcard Services", e.g., are catching online consumers to have them send so called "Postcards" with more or less commercial content to redirect the recipients back to the sites of these "Postcard Services", mostly full of commercial advertisements and marketing data harvesting systems, which are received by the "Postcard" recipients in most cases unsolicitedly and without their consent, who are not subscribers of such a "Postcard Service".
- sounds like someone's confusing this with email Trojans in the vein of, "You're received a postcard from an admirer." Also, the flow of the language makes pretty inaccessible for the average reader, IMHO ... richi 13:49, 27 July 2007 (UTC)
- Are they really all trojans? While one of the recent viruses spread uses the file name postcard.exe (haven't seen any of these since late January, early February), I have been getting a lot that say:
- sounds like someone's confusing this with email Trojans in the vein of, "You're received a postcard from an admirer." Also, the flow of the language makes pretty inaccessible for the average reader, IMHO ... richi 13:49, 27 July 2007 (UTC)
From: "123greetings.com" (deleted)
To: (deleted)
Subject: You've received a greeting card from a Neighbour!
Hi. Neighbour has sent you a postcard. See your card as often as you wish during the next 15 days.
SEEING YOUR CARD
If your email software creates links to Web pages, click on your card's direct www address below while you are connected to the Internet:
http:// (deleted)
Or copy and paste it into your browser's "Location" box (where Internet addresses go).
We hope you enjoy your awesome card.
Wishing you the best, Webmaster, americangreetings.com
14:43, 27 July 2007 (UTC)
- Yes, these use browser vulnerabilities to install a downloader Trojan. The sender is forged ... richi 15:04, 27 July 2007 (UTC)
Primary Source seems to be cited inaccurately re: "Career Criminals and Malicious Hackers"
While my intuition agrees with the following claim, it does not appear to be well grounded. "Today, much of the spam volume is sent by career criminals and malicious hackers who won't stop until they're all rounded up and put in jail. [9]" It is true that http://www.cauce.org/archives/30-Spam-has-changed,-and-so-must-CAUCE.html is quoted correctly. However, the CAUCE cites an information week article (through a link to http://www.informationweek.com/research/showArticle.jhtml?articleID=190600156&pgno=1&queryText=) that does not really support this claim. On the information week page, I didn't see any description of career criminals being behind spam. Please let me know if I've misread the information week article. -David J., Austin, TX
- It looks ok to me. I read the article and there is abundant evidence of malicious hackers, and as to career criminals, it mentions Can Spam being violated with impunity. If it had said hardened criminals I would have changed the word hardened, because that would have implications of other types of crimes, but career, yes, they are definitely making a career out of crime. I can actually see from reading it that the spam filtering is doing too good a job, leaving the ISPs and people like me with no filtering to bear the brunt of the attacks. So the public has not been complaining, and the law hasn't been changed, or enforced, and we keep on paying billions of dollars in costs. It always astonishes me that you can get 15 years in prison for robbing a grocery store of $27 and nothing when you rob internet users billions. 199.125.109.130 06:10, 31 July 2007 (UTC)
Spam vs Junk-mail, importance of "unsolicited" aspect as part of definition
Organizations like spamhaus define spam not in terms of the content (of the spam) but on the fact that the spam message is (1) unsolicited, (2) the message is equally applicable to many other potential recipients, and (3) the message campaign gives a disproportionate benefit to the sender.
While all of those are true, they go out of their way to avoid labelling a given message as spam based on the content of the message, or the sending history of the source IP, obfuscation or header forgery, filter avoidance techniques within the message body, etc.
So there are two camps: One believes that the context of the message is what defines it as spam, the other says that the content is more important or useful. Those in the context camp (ie - the RBL's) may define spam in that manner for legal protective reasons (to appear as content agnostic?).
That issue aside (and I think it should be better expressed on the main article page) there is also the issue of what is spam vs UBE, UCE, and junk mail.
I would propose that spam be defined as:
Any e-mail message that passed through an MTA without the consent or knowledge of the MTA's owner, or was emitted direct-to-MX by a machine with a dynamically-assigned internet IP address (regardless if it was emitted with or without the knowledge of the machine's owner).
That would cover a typical zombie proxy or trojanized host but would also cover "work-from-home" or other schemes.
Any other bulk transmission of messages who's content is largely identical but does not conform to the above definition could simply be known as "junk mail" and perhaps is better known technically as UBE or UCE.
So I'm proposing that spam be better defined, with a reference to both it's context and content, as well as to explain the differences between spam and junk mail. —The preceding unsigned comment was added by 69.156.116.228 (talk • contribs).
- Spam is UBE, UCE which is not also bulk would not be sent to you or me.
- I don't care whether UBE was sent from "direct-to-MX by a machine with a dynamically-assigned internet IP address", a "bullet-proof" server hired by a spammer, or a mail server which is backscattering or challenging. Erik Warmelink 19:10, 15 August 2007 (UTC)
title change
The title of this article is currently E-mail spam; however, spam is sending messages though unprotected SMTP servers. This article seems to be talking about unsolicited email.--71.221.198.74 07:35, 19 September 2007 (UTC)
- Wherever did you get that idea? Spam is unsolicited bulk email, whether you send it from your own mail server or someone else's. Has been for years. --FOo 07:50, 19 September 2007 (UTC)
- not true.--168.156.174.42 19:46, 19 September 2007 (UTC)
- In FOo's defense, I find after some research that he is partially right, and partially wrong. If you look here and scroll down the the section titled "What is spam?" you will see that one defintion is UCE; however, ther are several definitions people use, including "...the practice of concealing the identity of the sender and routing data." such as though using an unprotected SMTP server, I brought this up because this is the definition I was taught be my college instructor, so maybe a name change isn't quite in order, but some clairification of these other common definitions is a must.--71.221.198.74 00:23, 20 September 2007 (UTC)
- not true.--168.156.174.42 19:46, 19 September 2007 (UTC)
- What makes you think your college instructor is an expert on the subject? "Good Times Virus" warnings (look it up) have been handed out by college instructors. If you consult reliable sources such as the actual operators of systems that defend against spam, such as Postini or Spamhaus, you will find that spam is unsolicited bulk email. --FOo 06:50, 20 September 2007 (UTC)
- He has been working with computers probably since before you were born. Plus I provided you a link confirming that that is a legitamte definition for spam, granted there are other definitions, just because everyone has their own opinion on what constitutes spam, no one definition is either more right or wrong, so i mentioned all of them as possible definitions in the article.--71.221.198.74 08:16, 20 September 2007 (UTC)
- What makes you think your college instructor is an expert on the subject? "Good Times Virus" warnings (look it up) have been handed out by college instructors. If you consult reliable sources such as the actual operators of systems that defend against spam, such as Postini or Spamhaus, you will find that spam is unsolicited bulk email. --FOo 06:50, 20 September 2007 (UTC)
- Your link is not to a reputable source on the subject of spam; it's to some consultant for insurance agencies. And even it describes spam as being unsolicited rather than as being based on whether it was sent through a hijacked relay.
- And yes, some definitions are more right than others. Some are used by people who actually work in the field, and some are made up by business consultants. --FOo 09:15, 20 September 2007 (UTC)
- It sounds more like you dont like that you were proven wrong so you are trying to attack the validity of the site.--168.156.174.74 19:54, 20 September 2007 (UTC)
- By common consensus, spam is UBE. The usual mantra among those of us[3] in the field is, "It's about consent, not content." ... richi 22:29, 21 September 2007 (UTC)
- It sounds more like you dont like that you were proven wrong so you are trying to attack the validity of the site.--168.156.174.74 19:54, 20 September 2007 (UTC)
- And yes, some definitions are more right than others. Some are used by people who actually work in the field, and some are made up by business consultants. --FOo 09:15, 20 September 2007 (UTC)
- Anonymous dude -- the page you cited doesn't agree with you. That was my point. It's also not a reliable source, since we have no reason to believe that columnists writing for insurance agents are a reliable source about email security ... just as email sysadmins would not be a reliable source about insurance. --FOo 08:45, 22 September 2007 (UTC)
Not true
It isn't true that the reason spammers switched to using open proxies is that open relays became rare. Open relays did not become rare. The campaign to get all open relays secured had no particular useful effect: it was always misguided. Securing an open relay was a good thing to do for the operator of the open relay and the organization that owned/controlled the open relay. It was not an effective measure to eliminate spam, and it didn't eliminate spam at all. Worse, the standard way that open relays were secured was such that the former open relay would inform the spammer that relay mail was no longer accepted. That aided the spammers.
Reference: RFC 2505: "But, please note:
The Non-Relay rules are not in themselves enough to stop spam. Even if 99% of the SMTP MTAs implemented them from Day 1, spammers would still find the remaining 1% and use them. ..."
The RFC explained why the "secure your open relay" campaign and approach would fail before it began. There were plenty of open relays, as could be seen by consulting the open relay block lists (such as the ORBS list and its successors.)
Spammers rather quickly dropped open proxy abuse (that is, they changed to other abuse, principally the use of spam zombies) after Ron Guilmette and a few others began running small groups of open proxy honeypots. The crude way in which spammers detected and then abused open proxies made them extremely vulnerable to open proxy honeypots (and to open relay honeypots.) --Minasbeede 23:45, 21 September 2007 (UTC)
Mainsleaze
Can someone find a source about how many companies use mainsleaze? My experience is that it is very few. In fact I can only recall getting one, and when I contacted the relatively small company they were horrified with the negative response they had received. They had been sold a bill of goods and talked into paying someone to send UCE for them. [4] The reference does say, in its poor spelling, that the damage to their reputation can take years to repair. I would call that "quickly regretted". 199.125.109.71 02:21, 24 September 2007 (UTC)
Effect of convictions on level of spam
Has anyone noticed any change in spam because of the two recent convictions? I saw my spam levels sky rocket in the weeks before the conviction, from an average of 120 a day to an average of over 300 a day, and since the convictions they have dropped to about 80 a day. 199.125.109.48 03:03, 18 October 2007 (UTC)
Citations
Really nice article. Congratulations to the editors. I added a couple of "citations missing" tags to sections that seem to be lacking a source. But the source might already be in the references, just not cited. It is fine with me to remove or change this tag. I am not a mail scientist, only a user, but I hope this helps. -Susanlesch 20:59, 11 November 2007 (UTC)