How many times has your email inbox been flooded with unsolicited email messages? How many times do you have to say that you do not want Viagra, nor interested in any sort of pharmaceutical drugs offered on these messages? Do you catch yourself sometimes thinking how good it would be if you could get rid of all that spam? The bottom line is that all of us get spammed every day.
What is spam?
You may have heard of spam, and might fight with it daily, but have you ever questioned yourself what is Spam? According to Wikipedia Spamming is “the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages to multiple recipients”.
Many say that unsolicited messages are codenamed “Spam” due their similarity to the actual product SPAM which is know to contain suspicious ingredients such as pig shoulders and lips. Others may state the name “spam” originated from a Monty Python Skit where the only thing offered on a menu was SPAM, SPAM, and SPAM!
Independent of its origins, spam has become a corporate nightmare for messaging administrator and users. According to the Messaging Anti-Abuse Working Group, MAWG, 85% of incoming corporate email is "Spam”. The total volume of spam has been calculated at over 100 billion emails per day just in the US. Spam has become such an issue that The California legislature found that spam cost United States organizations alone more than $13 billion in 2007. The costs entail the lost productivity, the need to purchase appropriate anti-spam equipment and software, and the extra manpower needed to combat the problem.
Internet-based communication technologies grow rapidly each day, but unfortunately so do the methods individuals use to send you these unwanted messages. According to recent studies, the numbers of spam-related messages being distributed are increasing every day.
Who is sending me this?
Have you ever asked yourself who could be sending these unwanted messages? How did they get your email address, and how in the world do they know your name? Rescent studies show that only 20% of all spam that is sent out worldwide can be traced back to the actual spammers. The whole problem is that humans are not the only ones which send out spam. Botnets, which are software “robots” send out automatically most of the bulk unsolicited messages.
Spam is also sent out by multiple networks of virus-infected computers scattered all over the world often reffered to as “infected clusters”, which when triggered send usnsolicited mail to multiple targets worldwide. Together these agents are responsible for sending out 80% of the spam worldwide. Spamming is a very cost effective advertisement method, and prefered mainly by underground communities. The first spam incident was reported way before the dawn of the internet. Back in 1978 Gary Thuerk “spammed” information of a new digital equipment model to 393 recipients on ARPANET.
What are the types of Spam?
Though you may think that all junk email might look the same, spam continues to mutate daily, varying from innocent informational emails to lethal attacks. 
These messages can arrive in the following “ flavors” :
§ Advertising: Spam is used to promote a wide variety of products and services, from the latest gadgets to questionable pharmaceutical offerings.
§ Malware Delivery: Spam is currently one of the main distribution channels for delivering viruses and other types of malware and spywares. Users believe they have received an important document or media file, which turns out to be a link to a malicious code.
§ Scams: sometimes spam messages disguise themselves as institutions for poor and needy children, ridiculously cheap paradise vacations and other fictitious institutions, these scammers often prey on the recipients' sympathy and greed.
§ Phishing: Hiding behind the names of respected financial institutions, businesses, and government bodies, spammers attempt to lure recipients to fake Web sites where they steal personal financial or identity information.
How did I end up there?
You may be asking yourself how in the world your email ended up in the wrong hands. A single spam agent may target tens of millions of possible addresses, many of which are invalid, malformed, or undeliverable. Sometimes, if the sent spam is "bounced" or sent back to the sender by various programs that eliminate spam, or if the recipient clicks on an unsubscribe link, that may cause that mail address to be marked as "valid", which is interpreted by the spammer as "send me more". Today’s spammers use a variety of techniques to discover and harvest your personal or corporate email address.
The most common tactics are:
Dictionary Attack: Most of the free email providers like Hotmail or Yahoo are a spammer's paradise, when it comes to finding spammable addresses. In these scenarios, millions of users share one common domain name, spammers send messages to variety common names such as mike@hotmail.com, where “mike” is a fairly common name. Spammers will select a domain and send spam messages to common guessable email addresses.
Brute Searching Force: Another common tactic used by spammers to harvest emails, is to scan multiple websites for valid email addresses. Spammers use “Search Robots”, which scans the target websites contents, searching for anything with the “@” character. Spammers will usually target web forums, chat rooms, blogs and corporate websites.
Spam Zombies: To avoid being detected, spammers send their emails from a distributed network of infected computers. These infected computers are often called “Spam Zombies”, these computers are infected by computer viruses, which load small undetectable programs used to send out the unwanted messages. These unauthorized and covert applications also scan the user's email address book and files, searching for valid email addresses.
What to do?
Although spamming will never stop, there are some ways in which you can reduce the amount of spam you receive. These are the main tools that can keep spam under control:
Spam Filters: A growing number of technology vendors are targeting spam with products that are designed to block and quarantine suspected messages. They often use complex algorithms, which scans each incoming message for spam “red flags”. These filter search for tags such as “Viagra” or if the message comes from an open relay etc. Spam Filters can also work against your company; they can sometimes block important messages, especially if the nature of your organization deals with some of the products offered by spam.
Anti-Malware Filters: Anti-malware filters can block dangerous message attachments from reaching your employee’s inbox. It is important to constantly check if your computer is properly patched with the latest security patches and that you have some sort of anti virus and firewall in place.
Client Control: Leading email clients, such as Microsoft Outlook and Outlook Express, offer built-in controls that are designed to minimize inbox spam.
White Lists/Black Lists: This feature is found and used by many spam filters. White lists of trusted email addresses allow messages to proceed to the user's inbox. Black lists work in the opposite way, routinely blocking incoming email from known offenders. Some institutions sometimes use a Real Time Block Lists (RBL), a dynamically updated list used to filter out known offenders.
Legal Action: While it's rare for an individual business to sue a junk-mail sender, a growing number of law-enforcement bodies are targeting spammers, particularly organized crime rings that use the technology for financial and identity theft.
Policies: All businesses need a comprehensive anti-spam policy. Besides mandating the use of filtering and other good spam-fighting technologies, employees need to be trained with security best practices. Business Web sites, for example, should never publish visible email addresses that can be "harvested" by spammer software. Employees should also be encouraged not to post business email addresses on message boards, social-network sites and personal Web pages.
Reporting: There are a number of sites which monitor spam activity. All users which receive spam are encouraged to report them to anti spam enforcement agencies such as Spam Cop. These institutions help identify offenders and maintain multiple blacklists.
Education: The simple task of training employees not to open unknown attachments and messages can help any business minimize spam's impact. Remember it only takes one internal email to tell spammers that you domain is valid.
For more information on spam:
http://www.ftc.gov/bcp/conline/edcams/spam/index.html
http://www.spamcop.net/