E-mail spam

E-mail spam is by far the most common form of spamming on the internet. It involves sending identical or nearly identical unsolicited messages to a large number of recipients. Unlike legitimate commercial e-mail, spam is generally sent without the explicit permission of the recipients, and frequently contains various tricks to bypass e-mail filters. Modern computers generally come with some ability to send spam. The only necessary added ingredient is the list of addresses to target.

Spammers obtain e-mail addresses by a number of means: harvesting addresses from Usenet postings, DNS listings, or Web pages; guessing common names at known domains (known as a dictionary attack); and "e-pending" or searching for e-mail addresses corresponding to specific persons, such as residents in an area. Many spammers utilize programs called web spiders to find e-mail addresses on web pages, although it is possible to fool the web spider by substituting the "@" symbol with another symbol, for example "#", while posting an e-mail address.

Many e-mail spammers go to great lengths to conceal the origin of their messages. They might do this by spoofing e-mail addresses (similar to Internet protocol spoofing). In this technique, the spammer modifies the e-mail message so it looks like it is coming from another e-mail address. However, many spammers also make it easy for recipients to identify their messages as spam by placing an ad phrase in the From field—very few people have names like "GetMyCigs" or "Giving away playstation3s"!

Among the tricks used by spammers to try to circumvent the filters is to intentionally misspell common spam filter trigger words. For example, "viagra" might become "vaigra", or other symbols may be inserted into the word as in "v/i/a/g./r/a". The human mind can handle a surprising degree of corruption, but sometimes this tactic can backfire, rendering a message illegible. ISPs have begun to use the misspellings themselves as a filtering test.

The most dedicated spammers—often those making a great deal of money or engaged in illegal activities, such as the pornography, casinos and Nigerian scammers—are often one step ahead of the ISPs. Reporting them to your ISP may help block less sophisticated spammers in the future.

So-called "spambots" are a major producer of e-mail spam. The worst spammers create e-mail viruses that will render an unprotected PC a "zombie computer"; the zombie will inform a central unit of its existence, and the central unit will command the "zombie" to send a low volume of spam. This allows spammers to send high volumes of e-mail without being caught by their ISPs or being tracked down by antispammers; a low volume of spam is instead sent from many locations simultaneously. Many consumer-level ISPs (Earthlink, for example) stop spambots by blocking the SMTP port (port 25), although there are some users who make legitimate use of it.

Messaging spam

Messaging spam, sometimes termed spim (a portmanteau of spam and IM, short for instant messenger), makes use of instant messaging systems, such as AOL Instant Messenger or ICQ. Many IM systems offer a directory of users, including demographic information such as age and sex. Advertisers can gather this information, sign on to the system, and send unsolicited messages. To send instant messages to millions of users on most IM services merely requires scriptable software and the recipients' IM usernames. Spammers have similarly targeted Internet Relay Chat channels, using IRC bots that join channels and bombard them with advertising messages. Because most IM protocols are proprietary, it is easier to enact unilateral changes to make spamming more difficult.

A similar sort of spam can be sent with the Messenger Service in Microsoft Windows. The Messenger Service is an SMB facility intended to allow servers to send pop-up alerts to a Windows workstation. When Windows systems are connected to the Internet with this service running and without an adequate firewall, it can be used to send spam. The Messenger Service can, however, be easily disabled. [1]

Messenger service spam, in particular, has lent itself to spammer use in a particularly circular scheme. In many cases, messenger spammers send messages to vulnerable Windows machines consisting of text like "Annoyed by these messages? Visit this site." The link leads to a Web site where, for a fee, users are told how to disable the Windows messenger service. Though the messenger service is easily disabled for free by the user, this scam works because it creates a perceived need and then offers an immediate solution. Oftentimes, the only "annoying messages" the user is receiving through Messenger are advertisements to disable Messenger itself.

Newsgroup spam and Forum spam

Newsgroup spam predates e-mail spam, and targets Usenet newsgroups. Old Usenet convention defines spamming as excessive multiple posting, that is, the repeated posting of a message (or substantially similar messages). Since posting to newsgroups is nearly as easy as sending e-mails, newsgroups are a popular target of spammers. The Breidbart Index was developed to provide an objective measure of the "spamminess" of a multi-posted or cross-posted message on Usenet.

Spamming an internet forum in general, is when a user posts something which is off-topic or doesn’t have anything to do with the current subject. Also, a post that doesn’t contribute to the thread whatsoever is also considered spam in some cases. A third form of Forum Spamming is where a person repeatedly posts about a certain subject in a manner that is unwanted by (and possibly annoying to) the general population of the forum. Lastly there is also the case where a person posts messages solely for the purpose of increasing his or her ranking on the forum. In a broader sense, advertising on forums where it is not wanted is known as spamming and is generally seen as an annoyance.

Mobile phone spam

Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to consumers not only for the inconvenience but also because they sometimes have to pay to receive the text message.

Internet telephony spam

It has been predicted that voice over IP (VoIP) communications will be vulnerable to being spammed by prerecorded messages. Although there have been few reported incidents, some companies have already tried to sell defenses against it. [2]

Online game messaging spam

Many online games allow players to contact each other via player-to-player messaging, or chatrooms or public discussion areas.

What qualifies as spam varies from game to game, but usually this term is applied to all forms of flooding the game with messages; in case of MUDs, the problem is usually the same as with other chat services.

Many games have strict rules on what kind of communication is acceptable in the games. Frequently, the terms of service don't allow promotion of external websites except on very strict terms (for example, URLs may be allowed on player profiles, but not anywhere else), and promotion of websites in-game is usually very much frowned on in any case.

Spam targeting search engines (Spamdexing)

Spamdexing (a portmanteau of spamming and indexing) refers to the practice on the World Wide Web of deliberately modifying HTML pages to increase the chance of them being placed high on search engine relevancy lists. People who do this are called search engine spammers. In layman's terms, spamdexing is using unethical means known as "black hat seo techniques" to unfairly increase the rank of sites in search engines. When a website is optimized to be indexable by a search engine, without trying to deceive its web crawler, this is called search engine optimization. To be sure, there is much gray area between white-hat search engine optimization and black-hat spamdexing.

Blog, wiki, guestbook, and referrer spam

Google's PageRank system uses the number of links to a page as an index of its "importance". Ordinarily, very few pages will link to a spammer's commercial site, because it is of no interest to anyone else, and hence it will have a very low PageRank score. To counter this effect, spammers attempt to create links to their sites on other people's pages.

The most common targets for this kind of spam are weblogs, the spamming then being known as blog spam, or "blam" for short. In 2003, this type of spam took advantage of the open nature of comments in the blogging software Movable Type by repeatedly placing comments to various blog posts that provided nothing more than a link to the spammer's commercial web site. [3]

Similar attacks are often performed against wikis and guestbooks, both of which accept user contributions; something that consistantly impresses and confounds critics of Wikipedia is its remarkable lack of spam, in spite of having nearly one million articles and over two million pages.

On January 18, 2005, Google proposed a rel="nofollow" attribute that could be placed on a link; doing so instructs most major search engines to ignore the link, rendering it useless to spammers. Software is then rewritten to add this attribute to any link embedded in a comment. As of April 2005, nofollow has seen expanding usage, but is not yet universal. [4]

As well as comment forms, editable pages and guestbooks, some sites publish a list of the most common referrers to their site in order to show how readers have found it. These lists have also been exploited by spammers with so-called referer spam, in which the spammer makes repeated web site requests using a fake referer URL pointing to a spam-advertised site. That URL will later appear as a link on the site, boosting the PageRank of its target.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.