Help      |      Chebucto Home      |      News      |      Contact Us     

146. Spam Basics

By Andrew D. Wright

By now almost everyone is familiar with the idea of spam - unsolicited commercial email. For those who are less sure what's what, here's a basic guide to one of the Internet's greatest annoyances.

Spam gets its name from a classic 1970 Monty Python sketch where a restaurant serves spam with everything. The email version is much worse: junk mail makes up 97-99% of the daily mail stream. Legitimate email is a trace impurity in the spam flow.

All mail servers have had to aggressively implement a number of different strategies to combat this tidal wave of rubbish. Spammers quickly adapt or simply overwhelm anti-spam measures by sheer numbers of junk messages. Spam amounts have been doubling or tripling each year for the past decade.

One method used by mail servers to catch spam is to check the sender address is valid before accepting a message. Spammers get around this by using real addresses they've drawn from their lists as the supposed spam senders.

You see, you can put in anyone's address as the sender of an email. If the address isn't yours, you'll never see a reply but that doesn't matter if all you want is the message to be received and read by someone.

Everything in a spam is a lie. It doesn't matter what the spam says in the To: and From: headers, these are always addresses from some innocent third party. You got the spam because your email address was on the email envelope, discarded when the email was delivered to your inbox for you to read.

If you're the innocent third party, you'll sometimes see returned mail bounces for some message you never sent out. Many people at this point think that their email accounts have been hacked. What's really happened is their address was used as the From: or Reply-To: header for a run of spam.

Spammers will generally only use any one particular address for a small amount of spam so as not to get easily filtered, though there can be (thankfully rare) exceptions generating hundreds or thousands of message bounces. Most mail server administrators are clever enough not to bounce incoming spam as this "backscatter spam" just punishes some innocent person for the sins of the spammer.

Spammers have giant lists of email addresses gathered many ways - from web pages where an address has been posted, from postings to online forums, from applications people have completed where the information has been sold to third parties, and from virus- or trojan-infected computers where every email address on the computer is sent back to the criminals responsible for the infection.

Spam is sent out from these infected home and work computers. They form botnets where thousands or millions of them work together to send out billions of junk emails while betraying their unaware users' personal information to criminals. Every day as dawn breaks across North America, a flood of spam is sent out as millions of home and office computers are turned on. Twelve hours later Asia comes online and their compromised computers send out a new tsunami of rubbish.

Products advertised by spammers are not what is claimed. Typically the online store will be hosted in one country, the transactions processed in another, the money sent to a third and finally when any product is sent at all, it comes from yet another country where there is no guarantee of quality or protection from fraud. People have died from receiving bad medication purchased through spam ads.

The best approach to spam is to simply delete it. Do not believe anything the message says, they won't remove your address from their lists.


The Mousepad runs every two weeks. It's a service of Chebucto Community Net, a community-owned Internet provider. If you have a question about computing, email or click here. If we use your question in a column, we'll send you a free mousepad.


The Mousepad Index


Originally published 16 January 2009


Our community is online here!


This column is provided as a community service by