Basic spam, the type that simply offers you products and services from a usually reputable retailer, is little more than annoying. Although larger companies (and those with common sense) have realized that sending spam can quickly alienate potential customers, a significant proportion of companies continue to do so. A fair number of the culprits are those advertising free services, such as free online dating, free classified advertisement listings, and free small business directory entries. Because these companies are little more than legal shells, they have little to lose and lots to gain by spamming their wares.

Spam has implications far beyond being annoying. The managed e-mail service company Brightmail released a study in January, 2004 that showed more than 60 percent of Internet traffic was spam e-mail. That's an astonishing volume; spam on its own accounted for more data than all of the Web browsing, FTP file downloading, P2P file sharing, and all other Internet services combined. This huge volume of data clogs the available bandwidth on which the Internet runs, making everything else run much slower. The Internet as a whole would be noticeably faster if spam was eradicated right now.

Spam Costs You

Spam also costs you money, as the recipient. It lands in your e-mail inbox, and you have to spend time on your broadband, dial-up, or GPRS (General Packet Radio Service) connection to download it. All of these cost time, bandwidth, and money.

Networking systems are quickly moving to wireless technologies, allowing you to access the Internet from PDAs (personal digital assistants) and mobile phones. Wireless Internet access systems all have one thing in common; they are very, very expensive to use compared to fixed line costs. Wireless e-mail (as well as regular e-mail) is an extremely useful technology, and it would be a severe setback if the cost of using it increased beyond reasonable levels because of spam.

HTML E-Mail

One of the cleverest ideas someone had to make e-mail user friendly was to allow HTML code in the e-mail body. By adding functionality to e-mail clients to render HTML pages, flat text e-mails were suddenly brought alive with fonts, styles, formatting, and images. This was great for the majority of e-mail users, who suddenly found it was much more convenient and understandable to write their message in six-inch bright red, bold Arial type. Like most new ideas there was a downside, and the downside to HTML e-mail is significant. To understand why, it's time to take a detour into how programmers write software for Microsoft Windows.

When Microsoft developed Windows 95, it created a system of reusable software components called COM objects. With COM objects, instead of every developer having to code their own engines to perform simple tasks, they could simply reuse Microsoft's COM objects (and their own). One of the available COM objects is the Microsoft Internet Explorer HTML rendering engine -- the piece of code that Internet Explorer uses to display Web pages.

Because all of the code to download and display Web pages was already contained in the Internet Explorer COM objects, nearly every software developer simply reused those objects when they needed that functionality. It's no surprise then that Microsoft reused its own objects when it added HTML e-mail support to Microsoft Outlook. And here's where the problem begins.

As you learned in Lessons 1 and 2, Internet Explorer suffers from a lot of security flaws. To be more specific, the underlying code in the COM objects used to create Internet Explorer's functionality has a lot of security flaws. And because those same COM objects are reused in other applications, such as Outlook, those applications suffer from the same flaws, too. This results in some nasty possibilities malicious spammers can take advantage of.