Practically every day, people ask me the question - "why do I get so much spam and so many viruses". When I ask people how much spam they are receiving on a daily basis, it's usually around 10 - 20. How I wish I only got that much ;). The bad news is, if you're only receiving this level of spam now, I can practically guarantee that it's only going to get much, much worse; especially if you have a web site.
Currently I get thousands of spam items and email viruses a day. My filters catch most of it, but it's still highly annoying and cuts down on productivity. Globally, the fallout from spam and viruses costs online business many billions of dollars a year.
Spammers have given email marketing a very bad reputation; but the problem continues to grow as email promotions are very effective. People's curiosity leads them to click on links. Our tendency towards greed blinds us to the fact that what is being offered in some of these spam campaigns is illegal or impossible.
Yet I digress...
This article explains the 7 main methods that spammers and virus writers use to deliver the products of their greedy and twisted minds to you.
Drive by mailings
Many spammers engage in "drive by" tactics. Armed with a huge list of commonly used names such as webmaster@, admin@, john@, susan@, or other combinations of letters and numbers; they will send out millions of emails indiscriminately to any domain they can find. A great example of this happened to me the other day. I opened an email account with a free service and although I didn't reveal the email address to anyone, within a few hours I had received my first spam email.
A trick used by spammers is to offer a fake unsubscribe links. This is usually used in conjunction with "drive by" mailings. When you use the unsubscribe link, it actually confirms to the spammer that your email address is active. Your name is then added to another list for further mailings, or worse still, resold to others.
If you receive an email relating to get rich quick schemes, loans and finance or pharmaceuticals it's probably wise not to use the unsubscribe link. If you have the time, report it to the originating ISP.
Most of today's viruses are programmed to scan the documents and address books on the hard drive of an infected machine for email addresses. The virus has an inbuilt mail server that it then uses to send itself out to every email address it has found, using email addresses it finds for the "from" details; making it difficult to track - plus it may also relay the list to the virus writer.
Even if you have only ever given out your email address to one person, if that person gets infected - it's likely you'll start receiving virus emails too. From there, it's like a snowballing effect, the email virus sends itself out to someone else using your email address for the "from" details (spoofing). The person it's sent to may also have a computer infected by a *different* virus - that virus picks up on your email address - and so on. The email address you've tried to keep private for so long is suddenly being zapped around to thousands other people whom you've never met or know - all because of the ignorance or irresponsible nature of one person.
It's important to be aware that virus writers and spammers would appear to be establishing closer relationships in the last couple of years and it's suspected that many viruses are currently being created for the sole purpose of gathering email addresses.
When you sign up for an online newsletter, often you'll see a box stating something like "would you like to receive offers from our partners?". Be very wary of these as their "partners" could be anyone, but more often than not, spammers won't even give you this option - they'll pass your name onto anyone who wants it for a price.
It's wise to read the conditions attached to any subscription service and to establish the credibility of the site owner before providing them with your email address.
Spam lists and CD's
Once a spammer has gotten hold of your email address, it's not unusual for them to resell it. You can buy spam mailing lists containing millions of addresses quite easily on the Internet for under $100.
In many instances, these spam cd's are advertised as "double opt in" lists. Double opt-in means the subscriber has confirmed they wish to receive offers.
Ethical, experienced marketers know that it is impossible to acquire quality double opt- in lists at those kinds of prices, but people who are ignorant of this, or who just don't care, buy these cd's thinking they'll make a fortune. All they wind up doing is adding to the junk already floating around the Internet.
Email address harvesting
Have you every published your email address on a forum or web site? If so, it can probably be lifted from the site via email harvesting software. Email harvesters are automated software packages that "crawl" over web pages looking for strings containing "@" or "mailto" - the common elements found in the coding of email addresses.
The harvesting robot then sends the information back to the operator. The whole process is automated - the operator only has to point the robot to a home page and then sit back and wait for the results.
When I started my own site many years ago, I didn't foresee this occurring - and I'm paying the price now.
but confuses some spam bots.
Simply replace the values "youremail" and "yourdomain.com".
Please note that this only works with less sophisticated harvesting software. The whole problem is that if a browser can decode this to display it as a regular email link, then so can spam harvesting software if it's programmed to.
A more effective solution is a script that doesn't show any element of an email address. You can pick up a free SpamBuster CGI script for this purpose from Willmaster.
Domain name owners should also be aware that their email addresses are more often than not viewable in public WHOIS records. WHOIS is a searchable database kept by registrars that contains information about domain name registrations. Spammers are able to scan these records and lift email details. Many registrars now offer spam protection on WHOIS records, but it will usually cost a small fee for this extra protection.
Spammers have been known to employ hackers to compromise the systems of large businesses in order to retrieve lists of clients. The aim isn't to retrieve credit card information, just email addresses. Web site owners who have mailing lists of hundreds of thousands of subscribers and advertise this fact make themselves targets for this kind of hacking.
Things aren't looking too bright at present, there's no end in sight in the battle against spam and viruses - in fact, it's only going to get worse. Using filters is not really a solution, as it doesn't address the root cause.
The concept that spam and virus email could actually choke the Internet, rendering it virtually useless, is no longer a paranoid fantasy - it's a possible reality. If the trend continues without new solutions found, the gains made by the availability of broadband will be negated by the time spent filtering junk. The amount of junk floating around the Internet will create the equivalent of a traffic jam for many users.
Technology may provide some new answers, but it's also just as much the responsibility of individual users to play their part. Don't expect government to come up with the answers. The CAN SPAM Act has overall been a dismal failure, as will the other laws introduced by various countries.
The reason for this is simple - The Internet has no real borders. It exists in an environment with many borders - our society. If even one country turns a blind eye to spam issues, the spam gangs will move operations to there (without physically leaving their current country) and the problem will continue. The only hope for government to make a difference is if all countries have a *totally* unified approach. Human history demonstrates that this will never happen.
Until the elusive "magic bullet" solution can be found, run an up to date virus scanner at all times, ensure your systems are secure, check out mailing lists before you subscribe to them, cloak email addresses on your site and importantly, don't click on links or purchase items from spam emails. Starving the spammers will help discourage them. These strategies may buy us all a little more time while a real solution is being developed.
Further learning resources
paid cash taking online surveys - free to join online
In Loving Memory - Mignon Ann Bloch
copyright (c) 1999-2011 Taming the Beast Adelaide - South Australia