Spam refers to unsolicited bulk messaging, which is generally of a commercial nature, distributed through electronic communication mediums. A message can be classified as spam if:
The term is derived from the canned meat product of the same name, SPAM, and was placed in its Internet context by British comedy team Monty Python. The particular skit involved a woman in a restaurant being confronted with a menu full of dishes containing SPAM. Each time the waitress mentioned SPAM, this was followed by repetition of the word ad nauseum by Viking warriors, creating an increasing source of annoyance for the woman (Levine, Young and Everett-Church 2004).
While the earliest and most recognised form of spam is email spam, new forms of spam have now emerged, including mobile phone spam, and weblog spam.
Common spam content includes money making schemes, hoaxes involving weight loss and lotteries, and pornography (Sylvan, 2005). Spamming can be seen as an attractive activity as it involves no distribution expenses for the sender and spammers can potentially recieve considerable financial reward from even a small number of responses (Feinstein, 2004: 6). Spam has become a widespread problem across all jurisdictions, with nations such as the United States of America and Australia enacting specific laws to combat spam.
Contents |
Unsolicited bulk email, or spam email, has been present almost since the beginning of electronic mail on the United States’ ARPANET, an early form of the Internet that began in the 1960s for the purpose of military and scientific networking (Bruns, 2005). Although the term ‘spam’ was not applied at the time, it has since been applied to describe early electronic junk messages. The first recognised unsolicited bulk email was sent by an employee of the Digital Equipment Corporation (DEC) in 1978 inviting ARPANET users to attend a conference promoting their new machine, the DEC-20 (Templeton, 2003). The message generated an enormous, mixed response and DEC was found to be in breach of the ARPANET’s official 'acceptable use policy', which intended the service to be used specifically for research and educational purposes (Templeton, 2003).
In the 1980s, spam was present on USENET newsgroup forums as unwanted messages posted in bulk across all of the forums, of which there were several thousand. In 1986, a message entitled “MAKE.MONEY.FAST!!�?, advertising a pyramid scheme, was posted to USENET forums by Dave Rhodes, which triggered other users to re-post the message (Lowe, 2002).
In relation to unwanted and unsolicited email, the term ‘spam’ was first applied in 1993 when Richard Depew created a program for the purpose of moderating USENET postings that violated USENET's terms of use. The program contained a bug and mistakenly sent 200 messages to a newsgroup, news.admin.policy, which focussed on the operation of the Internet. Many people were irritated by this mass posting, and called the postings ‘spam’, deriving the term from the Monty Python sketch involving SPAM to signify something repeated continuously to the chagrin of users (Lowe, 2002; Templeton, 2003).
Following this, two major mass emails were sent in 1994, which are heralded as being the first major spam messages that Internet users are familiar with today. The first was a religious announcement sent by Clarence L. Thomas IV, an employee at an Adventist college in Michigan (Reed, 2004). It was sent to almost 5000 USENET newsgroups, declaring “Global Alert for All: Jesus is Coming Soon�? (Templeton, 2003).
The second early spam was an advertisement for a “Green Card Lottery – Final One?�?, sent by two American solicitors, Laurence Canter and Martha Siegel, to promote their law firm (Reed, 2004). The message was posted on 6000 USENET newsgroups at the same time, and was posted continually. The duo received financial reward for their efforts, and went on to promote a book on spamming as a profitable exercise (Lowe, 2002; Templeton 2003).
From these beginnings, spam has grown incredibly. Approximately four billion unsolicited junk electronic emails are sent everyday and spam is estimated to account for 76 percent of all emails around the world (Thom, 2005; Spamhaus, 2005b).
Email spam is the most commonly used and well recognised form of spamming. The term refers to the sending of unsolicited bulk emails (UBE) to recipients, which contain similar or identical messages that are often commercial in nature. Email spam differs from traditional direct marketing or, ‘junk mail’, due to the costs involved. While senders of direct marketing material incur distribution costs, senders of email spam incur little to no cost.
Perpetrators of email spam can obtain email addresses using a number of methods that violate privacy regulations, including harvesting Usenet postings, scanning webpages and databases, stealing mailing lists, searching the Internet for names and addresses, and matching common names with domain names (Mueller, 2005; http://en.wikipedia.org.wiki/Spamming).
Phishing refers to a security attack whereby a fraudster sends an email, masquerading as reputable, legitimate or trustworthy person or business, with the intent of acquiring personal information about the end user (Federal Trade Commission, 2005). The term was coined by hackers attempting to steal accounts from unsuspecting AOL members. The most common targets for phishing are banks and online payment services. Damage caused by phishing ranges from loss of access to email, financial loss and identity theft.
Between 40 to 80 percent of all spam worldwide “...comes from zombie PCs owned by businesses, universities, and average computer owners�? (Spring, 2005; http://en.wikipedia.org/wiki/E-mail_spam). Zombie PCs, also known as Botnets, are computers attached to the Internet that are infected with a malicious code or virus, such as a Trojan horse or open proxy virus, or Spyware, enabling hackers to gain complete control over the machine and use it to send unsolicited mail from a remote location.
This practice allows spammers to go undetected by anti-spam bodies and law enforcers, as the email address purportedly sending the spam is not recognised as a blacklisted email. In addition, the large number of attacking machines makes it difficult to identify the origins of a spam attack and take corrective action without causing massive disruption to network operations and legitimate users (Leyden, 2004).
The creation of zombie PC's is rapidly increasing, with an average of 30,000 created everyday in the first half of 2004, which increased to 75,000 in the latter half of 2004 (Knight, 2004).
Spoofing, also known as domain name hijacking or misappropriation, involves spammers altering email addresses to lead recipients to believe that the message is coming from a different, perhaps trusted email address, in order to conceal the true origin of the message (http://en.wikipedia.org/wiki/Spamming).
Other deceptive methods include the use of inserting alpha-numeric or incorrectly spelt text into subject lines or into the body of a message, so that the message will still be understood by recipients and also bypass spam filtering systems that detect common words in spam (http://en.wikipedia.org/wiki/Spamming).
Spam is also sent through third-party computers with the use of Open proxy servers, in order to send messages from different IP addresses (http://en.wikipedia.org/wiki/Proxy_server).
Similarly, messages can be routed through off-shore IPs in order to escape domestic anti-spam laws. The United States based anti-spam organisation, Brightmail, estimates that 30 to 50 percent of spam that they track originates from other countries (McCullagh, 2003).
Mobile phone spam - also known as mobile spamming, SMS spam and m-spam - refers to any unsolicited commercial message delivered to a mobile phone as a text message through a Short Message Service (SMS). On average, eight in ten mobile phone users have received unsolicited messages (Sturgen, 2003).
Commentators suggest mobile phone spamming will become an even greater problem in the future than email spam, with a large amount of mobile phone spam already being sent in Asia (http://www.cnn.com/2004/TECH/ptech/02/04/cellphone.spam.reut/; Leyden, 2005a). However, the costs associated with sending SMS messages are likely to deter mobile phone spammers and prevent it reaching the scale of email spam (Sturgen, 2003). Currently, no specific laws or regulations exist to combat SMS spam.
Spammers have increasingly begun targeting weblogs and wiki because they “offer large amounts of storage, rarely require any identity authentication to post information, and most blog hosting facilities do not provide antivirus protection for posted files�? (Leyden, 2005b).
Spamblog (also known as link spam, blog spam, or comment spam) is an automated weblog with the sole purpose of sending or facilitating the distribution of spam. In some cases, offenders create a blog on a legitimate site and post a viral code or malicious software to the page. It directs users to a "toxic blog" by sending a link through spam email or instant messaging (IM) to potential victims (ibid.).
Additionally, spammers may place comments and links to their own website on numerous blogs and wikis to increase the page ratings for their site on a search engine, thereby increasing the potential number of visitors to the their site.
Web search engine spam, also known as spamdexing, involves altering web (HTML) pages to increase the chance of them achieving a higher relevancy rate on search engine lists (http://en.wikipedia.org/wiki/Spamming).
Similarly to blog spam, this is another method for spammers to increase traffic to their web site.
The United States Congress passed the Federal CAN-SPAM Act of 2003 in early December 2003, coming into effect on 1 January 2004 (Wall, 2004: 319). Main features of the Act include:
Violations of the Act can be penalised with fines of up to $1.5 million and imprisonment for up to 5 years (Swartz, 2004).
Anti-spam organisations, such as Spamhaus, have strongly criticised the CAN-SPAM Act, which has been referred to as the 'YOU-CAN-SPAM' Act. Criticism has centred around the Act's apparent legalisation of spamming, which does not recognise junk messages as spam, providing that a prominent opt-out mechanism is provided (Spamhaus, 2005c).
While it is claimed that the Act will not deter, and will in fact encourage spammers, the CAN-SPAM Act has resulted in a number of prosecutions since its introduction. A recent case involves the jailing of a spam accomplice who stole and sold mailing addresses to a spammer (Leyden, 2005c).
The Australian Government has introduced the Australian Spam Act 2003. The legislation applies equally to single and bulk commercial email deliveries (Pierce, 2002). The Act stipulates three important steps when sending a commercial message:
This Act has been praised for its stricter requirement that recipients must firstly consent to messages, or opt-in, as opposed to the United States' more flexible opt-out requirement after receiving messages.
In April 2004, the Australian Communications and Media Authority (ACMA) took action against spammer Wayne Mansfield in the first case to be brought under the Spam Act (Spamhaus, 2005b).
The European Union (EU) has adopted digital privacy rules aimed at stemming the tide of e-mail spam. The new rules require companies to gain consent before sending e-mails and introduce a ban on spam throughout the EU (Morris, 2003). The rules also limit the ability of companies to use "cookie" files to gain information about people who visit their websites. The greatest challenge faced by the EU is the origin of spam - most spam that hits Europe originates abroad, particularly from the United States (Saits, 2004).
Spam has become a viable global venture, because of the low costs of sending millions of messages and high profits from those who reply. Spammers are in business, with the goal of making a profit, and often trade email lists and information with fellow spammers (Feinstein, 2004: 6).
Spam can directly threaten a user's personal privacy. A single spam email can be seen as a permanent violation of privacy, because the email address is immediately accessible to other spammers, via email lists. Spam is considered an invasion of a right categorized as communication privacy (Cannon 2004). The receipt of spam can also be considered a violation of the right to determine when, how, and to what extent personal information is used.
It is estimated that spam is now costing national economies US$25 billion each year (Spamhaus, 2005b).
The costs of spam affect both individuals and businesses, and involve costs of repairing damage to computer systems (such as viruses from spam), costs of participating in spammer's schemes, cost of the internet connection used to retrieve spam messages, and the time wasted in deleting and sorting out spam messages.
Bruns, A. (2005) Collaboration and Networking [Week 2 Lecture Notes, KCP336]. Brisbane: Queensland University of Technology.
Cannon, J. (2004) Managing Spam. http://www.awprofessional.com/articles/article.asp?p=339479&rl=1 (accessed September 1, 2005).
Federal Trade Commission (2005) How Not To Get Hooked By A 'Phishing' Scam. http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm (accessed September 5, 2005).
Federal Trade Commission (2004) The Can-Spam Act: Requirements for Commercial Emailers http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm (accessed September 3, 2005).
Feinstein, K. (2004) How to do everything to fight spam, viruses, pop-ups and spyware, New York: McGraw-Hill Osborne.
Knight, W. (2004) Thousands of zombie PCs created daily. New Scientist.com. http://www.newscientist.com/article.ns?id=dn6420 (accessed October 26, 2005).
Leyden, J. (2004) P-Cube goes hunting for zombie PCs. http://www.theregister.co.uk/2004/09/22/p-cube_zombie_buster/ (accessed September 4, 2005).
Leyden, J. (2005a) Users choke on mobile spam. http://www.theregister.co.uk/2005/02/10/mobile_spam/ (accessed September 4, 2005).
Leyden, J. (2005b) Beware of toxic blogs. http://www.theregister.co.uk/2005/04/14/toxic_blogs/ (accessed September 4, 2005).
Leyden, J. (2005c) AOL techie jailed for selling email database to spammers. http://www.theregister.co.uk/2005/08/18/aol_spam_man_jailed/print.html
Lowe, R. (2002) History of Spam. http://www.mailmsg.com/SPAM_history.htm (accessed August 29, 2005).
McCullagh, D. (2003). A modest proposal to end spam (or will there be a vacancy at Stanford :-) ). http://www.interesting-people.org/archives/interesting-people/200304/msg00315.html (accessed October 26, 2005).
Morris, C. (2003) New EU Laws Tackle Spam. http://news.bbc.co.uk/2/hi/europe/3231861.stm (acessed August 31, 2005).
Mueller, S. (2005) What is spam?. http://spam.abuse.net/overview/whatisspam.shtml (accessed September 5, 2005).
Pierce, J. (2002) Australian Spam Act 2003. http://www.internetguru.com.au/igblog-105.html (accessed September 2, 2005).
Postini. (2005) Postini – Email Stats. http://www.postini.com/stats/ (accessed September 4, 2005).
Reed, G. (2004) Spam: History, Perceptions, Solutions. http://www.option-consommateurs.org/dc_pdf/pdf/oc_pourriels04en.pdf (accessed September 4, 2005).
Saits.org (2004) Saits News 2004. http://www.sics.se/~olleo/SAITS/news-archive/2004.html (accessed September 4, 2005).
Spamhaus (2005a) The Definition of Spam. http://www.spamhaus.org/definition.html (accessed October 27, 2005).
Spamhaus (2005b) Australian Spam Act Nails First Spammer. http://www.spamhaus.org/news.lasso?article=161 (accessed September 4, 2005).
Spamhaus (2005c) United States set to Legalize Spamming on January 1, 2004. http://www.spamhaus.org.news.lasso?article=150 (accessed October 26, 2005).
Spring, Tom (2005). ‘Spam Slayer: Slaying Spam-Spewing Zombie PCs’, PC World.com, June 20, 2005, p. 1. [Online]. Available through Proquest database, Queensland University of Technology (accessed July 30, 2005).
Sturgen, W. (2005) Spam war settles into mobile phones. http://news.com/2102-1041_3-1015595.html (accessed August 31, 2005).
Sylvan, L. (2005) 'Australia leads global blitz against spam scams', AAP General News Wire. Available through Proquest database, Queensland University of Technology (accessed September 4, 2005).
Templeton, B. (2003) Origin of the term “spam�? to mean net abuse. http://www.templetons.com/brad/spamterm.html (accessed August 29, 2005).
Templeton, B. (2003) Reflections on the 25th Anniversary of Spam. [Online]. http://www.templetons.com/brad/spam25.html (accessed August 29, 2005).
Thom, D. (2005) 'Welcome move on unwelcome mail', The Courier Mail, July 5. EP Net [accessed August 8, 2005].
Wall, David S. (2004) 'Digitial Realism and the Governance of Spam "as CYbercrime"', European Journal on Criminal Policy and Research Available through Proquest database, Queensland University of Technology (accessed September 3, 2005].
Wikipedia (2005) ARPANET. http://en.wikipedia.org/wiki/ARPANET (accessed October 26, 2005).
Wikipedia (2005) Email Spam. http://en.wikipedia.org/wiki/E-mail_spam (accessed October 26, 2005).
Wikipedia (2005) Proxy server. http://en.wikipedia.org/wiki/Proxy_server (accessed October 26, 2005).
Wikipedia (2005) Spam (electronic). http://en.wikipedia.org/wiki/Spamming (accessed October 26, 2005).
http://www.cnn.com/2004/TECH/ptech/02/04/cellphone.spam.reut/ (2004) If you thought your spam problems couldn't get any worse, check your mobile phone. CNN.com, February 5.
Rienne De Mattia 08:47, 28 Oct 2005 (EST)
Dominique Chorazyczewski 10:07, 5 Sep 2005 (EST)
Sara Massingham 16:12, 5 Sep 2005 (EST)
Alex Goffey 16:53, 5 Sep 2005 (EST)
Alex Goffey 18:49, 5 Sep 2005 (EST)
