THE WORLD OF SPAM

Admittedly, spam hardly needs an introduction. Even the most nontechnical person on the street will know exactly what you're referring to when you mention spam. If you have an e-mail address, the odds are massively in the spammers' favor that they've found you and unpleasantly surprised you with offers of drugs, women, and buried fortunes. The most basic definition of spam is unsolicited e-mail -- any e-mail sent to you that you did not request. This is deliberately a very broad definition, especially because spam is now a legal term!

A huge percentage of spam is badly written junk that most people would never consider opening. The usual reason for the poor quality of the e-mail text is because the spammers rely on specially composed e-mails to evade the first defense of antispam mechanisms. If the e-mails do make it through, they're usually in a difficult to read format, meaning that most spammers rely on either greed or human error to get their e-mails opened and read.

The mechanisms used by spammers to evade antispam systems are covered later in this course.

As you've probably experienced, spammers send huge amounts of identical e-mails to as many e-mail addresses as they can. The reason for this is economies of scale. A spammer can usually expect less than 0.5 percent of the e-mails they send to be opened, regardless of whether they're read or acted on. For reasons covered later in this lesson, if an e-mail is simply opened, it's considered a positive response. Therefore, the more they send, the higher the amount of positive responses the spammers can generate. Here's an example using Bob, our fictional spammer who includes syndicated advertisements in his e-mails:

• Bob receives $0.01 for every syndicated advert viewed.
• Bob can expect 0.5 percent positive responses from the spam he sends.
• Bob sends out one million e-mails.
• He will receive 5,000 positive responses.
• He earns $50 for his efforts.

That amount of money for all that trouble doesn't seem like much, but it is. The problem for the rest of us is that it's hardly any work at all for Bob to spam one million e-mail addresses, and it's very easy to keep doing it. All Bob needs to do is generate ten or so e-mail shots a month, and he's earning himself up to $1,000. And that's before greed gets the better of any of the recipients and they sign up for whatever he's selling. It's a good scheme for Bob, especially because his only expense is the Internet connection from which to send the spam.

Spam is such a growth industry that several companies have started to provide bulk e-mailing services. The ethic and morality of these companies is so ambiguous they aren't given free publicity by being named in this course; but they do exist and, unfortunately, seem to do quite well.

Normally, spam isn't quite as cut-and-dried as this. Some spam is explicitly malicious, such as e-mail borne viruses or malware. Some spam is annoying but harmless, such as the e-mails sent out by Amazon.com to let you know about their offers. Finally, some spam is malicious not for technical reasons but because of social engineering, a topic covered later in this course.