A Simple Every Day Explanation of Spam

How do we stop it?

Well, the reasons are actually simpler than you may think. Most Spam can be stopped by your ISP or Email administrator, if they understand how it works.

Lets see how simple we can be in explaining this for you.

There really are ONLY 4 types of Spam..

  • App. 50-75% Comes from Trojans, and Bots on ordinary computers
  • App. 10-15% Comes from Email Marketing Companies
  • App. 5-10% Comes from Compromised/Hacked Servers or Accounts
  • App. 2-5% Comes from Free Email Providers

Together this accounts for over 99% of all email attempts. Let’s give a brief explanation of these.

Trojans, and Bots on ordinary computers

This is the major form of Spam that is running rampant over the internet. Often called ‘BotNets’ or ‘SpamBots’, hackers and spammers exploit vulnerable operating systems with viruses or programs, often hidden in images or web pages on the internet, and if your computer is vulnerable, the program then basically takes over your computer and it can do anything that it wants with the power of your computer and your internet connection. (Often the only thing you notice is that your computer runs a little slower) Usually these programs sit and wait for instructions from the hackers, and often a hacker may have hundreds of thousands of computers that he ‘owns’. One profitable way for him is to use his ‘BotNet’ is to get the computers to pretend to be email servers, and send millions of spam out.

This is good for him, as using lots of computers makes them a lot less likely to trigger alarms, and harder to block.

So, how do we deal with this? Well, there are some differences between your computer and a real email server, and that helps. For instance, the hacker cannot change the name of the IP you use. As well, anti-spam companies and ISP’s use spamtraps to detect compromised home computers and provide the IP’s they use for home style connections. This information is used to create databases of IP addresses that can be compromised to send spam. Some ISP’s can block over 95% of inbound attacks using one or more of these lists.

One such database at SpamRats for instance has over 25 million such IP’s listed and blocks over 50% of Spam alone. If your ISP is using such lists, this is the single best way block ‘BotNet’ spam.

Email Marketing Companies

Although sometimes not classed as true ‘Spam’, this unwanted bulk email (UBE) has become a lot worse over the last 18 months. You may have seen this type of email offering lower mortgages, cheaper airline tickets, even advertising for very legitimate companies. They usually contain a message ‘You are receiving this because you have opted in to 3rd party offerings’. Normally the main reason you get these is that you signed up for something online or bought something, and the small fine print said that they are allowed to send you such flyers. The problem is once they get that ‘permission’ from you, very often the flyers get out of hand; now you are getting 30-40 flyers a day.

Wouldn’t it be nice if the same way you call the post office, and ask them not to deliver any more flyers to your door, you could do the same thing with your inbox? Well you can. There are databases of such companies available, that engages in such practices, and networks that allow such behavior. Often these companies are so big, they have thousands of email servers sending out advertising. And this is the fastest growing form of UBE out there.

One such database, MIPSpace tracks this activity at hundreds of ISP’s across North America (BTW, contrary to popular belief, most of these companies are located in North America and NOT overseas). If your ISP uses, or allows you to use such a database it can block over 15% of inbound connections, but more importantly, since other forms of Spam Protection do not stop them, for people who accidentally got on such lists, this protection can reduce the amount of flyers in your inbox more than any other tool.

Compromised/Hacked Servers or Accounts

This used to be a more common problem, but as server security has increased hackers and spammers do look for easier targets. There are still web servers and online forms that hackers can compromise, and use to send out their spam, (often the more vicious types, like viruses and porn) but usually this type of activity is easier to detect, and they get shut down very fast, or blocked by IP reputation lists like SpamRats.

However, recently hackers are using easier targets such as email accounts hijacked from people just like you. Using a real email account is a lot better for hackers as ISP’s who need to process millions of emails for their customers have a harder time noticing one account that is sending more than it’s normal share. The hackers may only send a few thousand from each account, but if they have thousands of such accounts, it makes for a profitable way to send spam. Usually using a real email account from a reputable ISP means they have less chances of their messages being blocked.

How do they get those accounts? Simple. Too many people using easy to guess passwords. If your email is “john@isp.com” and your password is “john”, or “john123” or “test”, then they are going to get your email account. With the ‘BotNets’ mentioned early it doesn’t take long when 100,000 computers all try to ‘guess’ your password. They also run dictionary attacks for commonly used words as passwords.

So how do we stop this? Well, the ISP’s have to stop it before it gets out. If they use rate limiters on outbound email, and password policies, they should not have these problems. And the ISP’s that don’t, well they usually end up on blacklists until they rectify the problem. (Actually, some of the bigger ISP’s are often the worst problems, as they are too big to blacklist, and without that pressure they have little motivation to deal with this issue) But using better email technologies like the LinuxMagic’s own ‘MagicMail’ email server, more companies get this capability out of the box, and this type of Spam could be a thing of the past.

Free Email Providers

Yes, a problem. But you have to have a little sympathy on how hard it is. Basically, the hacker use the ‘BotNets’ described earlier to try to sign up to for thousands of email accounts.. Or some individual signs up for a throwaway account. Often this is the nastier form, sending emails to try to get your bank account information, or to tell you you have won a lottery, or that they want you to help them get millions of dollars out of a foreign company.

They can do some things, like limiting how much email a person can send at a time, but when thousands of accounts all send just a few messages, it is harder detect the spammers. And you can’t really point a finger at a single email provider, as all of them have suffered from this at one time or another. They try to stop automated signups, but the hackers keep finding new ways around this. For most people, it is impossible to just block free email providers such as Yahoo, Gmail, or Hotmail (although some people do) therefore there is only one way to stop spam from bad free email accounts. Thankfully this is the lowest percentage of all the types of Spam, but in this case the ISP has to use ‘filters’. Not the best way to deal with this as it adds load to the servers, and as soon as one filter stops a message, the spammers change the way they write the emails to get around the filters.

Until the free email companies solve this problem, your ISP is forced to use some spam filtering techniques along with the normal virus and other filters. Luckily, most modern email servers have, or keep up with the latest filtering technologies. If you get this kind of spam, report it to your ISP. It will be up to the ISP to put pressure on the free email providers to make sure they stop it before it leaks out of their servers.