email spam

Email spam, also known as junk email, is unsolicited bulk messages sent through email. The use of spam has been growing in popularity since the early 1990s and is a problem faced by most email users. Recipients of spam often have had their email addresses obtained by spambots, which are automated programs that crawl the internet looking for email addresses. Spammers use spambots to create email distribution lists. A spammer typically sends an email to millions of email addresses, with the expectation that only a small number will respond or interact with the message.

The term spam is derived from a famous Monty Python sketch in which there are many repetitive iterations of the Hormel canned meat product. While the term spam was reportedly first used to refer to unwanted email as early as 1978, it gained more widespread currency in the early 1990s, as internet access became more common outside of academic and research circles.

Types of spam

Email spam comes in various forms, the most popular being to promote outright scams or marginally legitimate business schemes. Spam typically is used to promote access to inexpensive pharmaceutical drugs, weight loss programs, online degrees, job opportunities and online gambling.

Spam is commonly used to conduct email fraud. The advance-fee scam is a well-known example -- a user receives an email with an offer that purportedly results in a reward. The fraudster presents a story where upfront monetary assistance is needed from the victim in order for the fraudster to acquire a much larger sum of money, which they would then share. Once the victim makes the payment, the fraudster will invent further fees, or stop responding.

Fraudulent spam also comes in the form of phishing emails, which are emails disguised as official communication from banks, online payment processors or any other organizations a user may trust. Phishing emails typically direct recipients to a fake version of the organization's website, where the user is prompted to enter personal information, such as login and credit card details.

Users should avoid opening spam emails and never respond to them or click on links in the messages. Spam email may also deliver other types of malware through file attachments or scripts, or contain links to websites hosting malware.

Spamming techniques

Botnets allows spammers to use command-and-control servers, or C&C servers, to both harvest email addresses and distribute spam.

Snowshoe spam is the technique of using a wide range of IP addresses and email addresses with neutral reputations to distribute spam widely.

Another method spammers use is blank email spam. This involves sending email with an empty message body and subject line. The technique could be used in a directory harvest, an attack against an email server that seeks to validate email addresses for a distribution list by identifying invalid bounced addresses. In this type of attack, the spammer does not need to enter text into the email. In other instances, seemingly blank emails may hide certain viruses and worms that can be spread through HTML code embedded in the email.

Spammers have developed methods to obfuscate the nature of their unsolicited email or find a way to bypass spam filters. Because spam-filtering programs often search for certain patterns or words in the subject lines and message bodies of email, spam emails often contain misspelled words or extra characters.

With image spam, the text of a message is stored as a JPEG or GIF file and placed into the email body. The text is often computer-generated and unintelligible to human readers. This method attempts to avoid detection from text-based spam filters. Some newer filters have the ability to read images and locate text in them; however, this can inadvertently filter out nonspam emails that happen to contain images featuring text.

How to stop spam emails

While receiving some spam may be unavoidable, users can reduce the amount that makes it into their inbox. Most email clients already have spam filtering in place, which will move suspicious email to a separate junk folder. By reporting, blocking and deleting instances of spam email that do make it into their inboxes, users can train the client to prevent further messages from those particular spam addresses or messages displaying similar content.

email spam filtered by firewall
Block email spam using a firewall to filter out unwanted emails.

For extra protection, users can also add a third-party antispam filter on local email clients or create an email whitelist, which includes all of the specific email addresses, IP addresses or domains the user trusts and is willing to receive email from. The whitelist must be thoroughly and continuously updated, and it can be a time-consuming and difficult process.

Users who need to publish their email addresses on the internet, such as in online forums or comments sections, should use a disposable email account or masked email address.

Legality of sending junk emails

Most internet service providers (ISP) have acceptable use policies that prohibit sending spam. However, ISPs may be reluctant to or face difficulties actually enforcing these terms.

In the United States, Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, or the CAN-SPAM Act, permits unsolicited commercial email to be sent if it meets certain criteria, including having an accurate subject line, header and sender address, containing clear information for users on how to opt out of future emails and including a valid physical postal address. The act is enforced by the U.S. Federal Trade Commission. Critics of CAN-SPAM deride it for pre-empting other more restrictive antispam laws and being ineffectual at reducing the amount of spam users receive.

Many countries, including Canada, Australia and the European Union, have passed laws that target the act of sending spam. The EU has a set of guidelines member countries can adapt their electronic communications laws from, but most member countries stipulate that either prior explicit consent or an existing transactional relationship is required before a commercial email is sent, and it should be made easy for the recipient to opt out of any further messages. Offenders may receive fines and other penalties.

This was last updated in January 2017

Continue Reading About email spam

Dig Deeper on Email and messaging threats