Spamming is the act of sending unsolicited, bulk (and usually commercial) electronic messages. Though this can be done in a number of ways, the most common use among the general public is when it is e-mail-based. Other Internet technologies targeted by spam include messaging, newsgroups, search engines, and blogs. Spam in the form of text messagess can also target mobile phones.

This article provides a general overview of the spamming phenomenon; a separate article suggests ways of stopping E-mail abuse.

Table of contents
1 Overview
2 Types of spam
3 Commercial uses
4 Non-commercial use
5 Etymology
6 Costs of spam
7 Avoiding Spam
8 Statistics
9 Political issues
10 Current events
11 See also
12 External links


Spamming involves sending identical or nearly identical messages to thousands (or millions) of recipients. Addresses of recipients are often harvested from Usenet postings or web pages, obtained from databases, or simply guessed by using common names and domains. By definition, spam is sent without the permission of the recipients.

Spamming is broadly considered unacceptable behavior by Internet service providers; they object to the unrecoupable cost of processing other people's advertisements. Most Internet users find spam annoying and its contents frequently offensive. Surveys have indicated that spam is one of most users' greatest annoyances about the Internet today.

Sending spam is a violation of the Acceptable Use Policy (AUP) of most ISPs, and can lead to the termination of the sender's account. In many jurisdictions, spamming is a crime or an actionable tort, such as in the United States, where the act is regulated by the Can Spam Act of 2003.

Spammers engage in deliberate fraud to send out their messages. Spammers frequently use false names, addresses, phone numbers, and other contact information to set up "disposable" accounts at various Internet service providers. They also often use falsified or stolen credit card numbers to pay for these accounts. This allows them to quickly move from one account to the next as each one is discovered and shut down by the host ISPs.

Spammers go to great lengths to try and hide where the messages originate. They do this by spoofing email addresses (similar to Internet protocol spoofing). The spammer hacks the email message so it looks like it is coming from another email address.

It is not possible to completely spoof an email since the actual connection from the last mailserver's IP address is recorded by your own mailserver; however, the rest of the history of the mailservers the E-mail was sent through can be forged by spammers. But tracing an email messages route is usually fruitless since many ISPs have thousands of customers and identifying just one spammer is tedious.

Spammers frequently seek out and make use of vulnerable third-party systems such as open mail relays and open proxy servers. The SMTP system, used to send email across the Internet, forwards mail from one server to another; mail servers that ISPs run commonly require some form of authentication that the user is a customer of that ISP. Open relays, however, do not properly check who is using the mail server and pass all mail to the destination address, making it quite a bit harder to track down spammers.

Spoofing can have serious consequences for legitimate email users. Not only can their email inboxes get clogged up with "undeliverable" emails in addition to volumes of spam, they can mistakenly be indentified as a spammer. Not only may they receive irate email from spam victims, but (if spam victims report the email address owner to the ISP, for example) their ISP may terminate their service for spamming.

Types of spam

Commercial uses

The most common purpose for spamming is advertising. Goods commonly advertised in spam include pornography, computer software, medical products such as Viagra, credit card accounts, and fad products. Spam is also used to promote scams such as pyramid schemes, stock pump-and-dump schemes, and the Nigerian money transfer fraud (419 fraud).

AOL documented [1] an "unscientific" list of the subjects of the spam most widely sent to its members during 2003. In alphabetical order, they are:

Comparison to postal "junk" mail

There are a number of differences between spam and junk mail:

  • Unlike junk postal mail, the costs of spam are paid for by the recipient's mail site, in terms of bandwidth, CPU processing time, and storage space. Spammers frequently use free dial-up accounts, so their costs may be quite minimal indeed. Because of this offloading of costs onto the recipient, many consider spamming to be theft or criminal conversion.
  • Junk mail often subsidizes the delivery of mail customers want to receive. For example, the United States Postal Service allows bulk mail senders to pay a lower rate than for first-class mail, because they are required to sort their mailings and apply bar codes, which makes their mail much cheaper to process.
  • Another distinction is that the costs of sending junk mail provide incentives to be somewhat selective about recipients, whereas the spammer has no such incentives. Once a certain volume is reached, doubling the number of recipients often doubles the costs. For a spammer the cost of sending a single message is often no different than sending a million. Spammers do not have the bulk mailer's incentive to prune their lists of invalid addresses or those unlikely to buy.
  • Finally, bulk mail is by and large used by businesses who are traceable and can be held responsible for what they send. Laws restrict the sending of pornographic materials in the post, and governmental agencies (postal inspectors) exist to enforce these laws. Spammers frequently operate on a fly-by-night basis, using the so-called "anarchy" of the Internet, and its unfamiliarity to law enforcement, as a cover.

Non-commercial use

E-mail and other forms of spamming have been used for purposes other than advertisements. Many early Usenet spams were religious or political in nature. Serdar Argic, for instance, spammed Usenet with historical revisionist screeds. A number of evangelists have spammed Usenet and email media with preaching messages.

Spamming has also been used as a denial of service tactic, particularly on Usenet. By overwhelming the readers of a newsgroup with an inordinate number of nonsense messages, legitimate messages can be lost and computing resources are consumed. Since these messages are usually forged (that is, sent falsely under regular posters' names) this tactic has come to be known as sporgery (from spam + forgery). This tactic has for instance been used by partisans of the Church of Scientology against the alt.religion.scientology newsgroup (see Scientology vs. the Internet) and by spammers against, a forum for mail administrators to discuss spam problems. Applied to email, this is termed mailbombing.

In a handful of cases, forged email spam has been used as a tool of harassment. The spammer collects a list of addresses as usual, then sends a spam to them signed with the name of the person he wishes to harass. Some recipients, angry that they received spam and seeing an obvious "source", will respond angrily or try to take various sorts of revenge upon the apparent spammer, the forgery victim. A widely known victim of this sort of harassment was Joe's CyberPost, which has lent its name to the offense: it is known as a joe job. Such joe jobs have been most often used against anti-spammers: in more recent examples, Steve Linford of and Timothy Walton, a California attorney, have been targeted.

Spammers have also abused resources set up for purposes of anonymous speech online, such as anonymous remailers. As a result, many of these resources have been shut down, denying their utility to legitimate users.


The term spam is derived from the Monty Python SPAM sketch, set in a cafe where everything on the menu includes SPAM™ luncheon meat. While a customer plaintively asks for some kind of food without SPAM in it, the server reiterates the SPAM-filled menu. Soon, a chorus of Vikings join in with a song: "SPAM, SPAM, wonderful SPAM, glorious SPAM," over and over again, drowning out all conversation.

Although the first known instance of unsolicited commercial email occurred in 1978, the term "spam" for this practice had not yet been applied. The Monty Python reference was applied to disruptive activity on MUD games. It later came to be used on Usenet to mean excessive multiple posting -- the repeated posting of the same message. The first evident usage of this sense was by Joel Furr in the aftermath of the ARMM incident of March 31 1993, in which a piece of experimental software released dozens of recursive messages onto the news.admin.policy newsgroup.

Soon, it came to refer also to the flooding of Usenet newsgroups with junk messages. After a pair of lawyers, Laurence Canter and Martha Siegel, started using bulk Usenet posting as a means of advertisement, the term came to include unauthorized commercial use of the noncommercial Usenet. Email spamming, and the use of the term, followed shortly. [1]

There are two popular (and incorrect) folk etymologies of the word "spam". The first, promulgated by spammers Canter & Siegel, is that "spamming" is what happens when one dumps a can of SPAM into a fan blade. The second is the acronym "shit posing as mail."

Hormel Foods, the makers of SPAM™ luncheon meat, do not object to the Internet use of the term "spamming." However, they do ask that the capitalized word "SPAM" be reserved to refer to their product and trademark. [1].

Related vocabulary

The terms unsolicited commercial email (UCE) and unsolicited bulk email (UBE) are sometimes used as more precise or less slang-like expressions for email spam. Many email users regard all UBE as spam, regardless of its content -- but most legislative efforts against spam are tailored to address UCE. A small but noticeable proportion of unsolicited bulk email is not, in fact, also commercial; examples include political advocacy spam and chain letters.

A number of other online activities and business practices are considered by anti-spam activists to be connected to spamming. These are sometimes termed spam-support services. A number of DNSBLs, including the MAPS RBL, Spamhaus SBL, and SPEWS, target the providers of spam-support services as well as spammers.

Some Internet hosting firms advertise bulk-friendly or bulletproof hosting. This means that, unlike most ISPs, they will not terminate a customer for spamming. [1] These hosting firms are clients of larger ISPs, and many have eventually been taken offline by these larger ISPs as a result of complaints regarding spam activity. Thus, while a firm may advertise bulletproof hosting, it is ultimately unable to deliver without the connivance of its upstream ISP.

Related is the anti-spam term pink contract, which refers to a spammer's hosting contract with an ISP which exempts the spammer from normal acceptable-use policies.

A few companies produce spamware, or software designed for spammers. Spamware varies widely, but may include the ability to import thousands of addresses, to generate random addresses, to insert fraudulent headers into messages, to use dozens or hundreds of mail servers simultaneously, and to make use of open relays. The sale of spamware is illegal in eight U.S. states. [1]

So-called millions CDs are commonly advertised in spam. These are CD-ROMs purportedly containing lists of email addresses, for use in sending spam to these addresses. Such lists are also sold directly online, frequently with the false claim that the owners of the listed addresses have requested (or "opted in") to be included. Such lists often contain invalid addresses. [1]

In the high-tech battle between spammers and anti-spammers, spammers have now started employing what has been dubbed spackers, crackers who work for the spammers. These spackers works with things such as writing computer viruses to open up the victims computer to use it to send spam, host spamvertised websites or launch denial of service attacks on sites run by anti-spammers.

On Usenet in the early 1990s there was a significant controversy among netnews administrators and users over ways to handle different types of Usenet abuse. A culture of neutrality towards content precluded defining spam on the basis of advertisement or commercial solicitations. The word "spam" was usually taken to mean excessive multiple posting, and other neologisms were coined for other abuses -- such as "velveeta" (from the processed cheese product) for excessive cross-posting. [1] A subset of spam was deemed "cancellable spam", for which it is considered justified to issue third-party cancel messages. [1]

Since the problem of spam has expanded to other media and email spam has become the most prevalent, these other terms have declined in use.

Alternate meanings

The term "spamming" is also used in the older sense of something repetitious and disruptive by players of first-person shooter computer games. In this sense it refers to "area denial" tactics -- repeatedly firing rockets or other explosive shells into an area.

MUD, MUSH, and MUCK players happily continue using the word in its original sense. When a player returns to the terminal after a brief break to find her screen filled with pages of random chat, that's still called "spam". [1]

Neither of these senses of the word imply that the "spamming" is abusive.

Costs of spam

Many users are bothered by spam because it impinges upon the amount of time they spend reading their email. Many also find the content of spam frequently offensive, in that pornography is one of the most frequently advertised products. Spammers send their spam largely indiscriminately, so pornographic ads may show up in a work place email inbox -- or a child's, the latter of which is illegal in many jurisdictions.

Some spammers argue that most of these costs could potentially be alleviated by having spammers reimburse ISPs and individuals for their material. There are two problems with this logic: first, the rate of reimbursement they could credibly budget is unlikely to be nearly high enough to pay the cost; and second, the human cost (lost mail, lost time, and lost opportunities) is basically unrecoverable.

E-mail spam is a true tragedy of the commons, where a small number of non-cooperators force costs in a system which would have extremely low costs in a community of co-operators.

Since E-mail is so cheap to send, a tiny number of spammers can saturate the Internet with junk mail. Although only a tiny number of their targets are motivated to purchase their products (or fall victim to their scams), this is a sufficient conversion rate to keep spamming alive. Furthermore, even though spam appears not to be economically viable as a way for a reputable company to do business, it suffices for professional spammers to convince a tiny proportion of gullible advertisers that it is for them to stay in business.

Avoiding Spam

Several tools have been released, both for end users and systems administrators, which automate spam removal by scanning through all emails in search of traits typical of spam.

Tools for end users range in capabilities from tracing and reporting spam to hiding email addresses from spammers to removing and/or blocking spam. These tools include SpamCop, NoSpam, SpamGuard, and even mail clients, such as the one built in to Mozilla.

Tools for systems adminstrators allow them to block incoming email from particular spamming IPs, block Usenet spam, block formmail spam, and determine if mail is spam. One of the most popular amongst systems administrators is SpamAssassin.


Larger ISPs such as America Online report that anywhere from one-third to two-thirds of their email server capacity is consumed by spam. Because this cost is imposed without the consent of either the site owners or the authorized users, many argue that email spamming is a form of theft of services.

In May 2003, it was reported more than half of all emails sent were spam. Steve Linford of the spam-fighting project Spamhaus warned that at current rates of increase, the entire email system could "melt down" within six months.

According to an article by James Gleick in The Observer, 2 March 2003):

  • 10 billion spam emails are sent every day;
  • 30 billion are expected by 2005;
  • 150 spammers send 90% of all email;
  • a new email account set up to experiment received spam within 540 seconds;
  • 37% of US email is spam; 1 in 12 of UK emails;
  • EU businesses spend €10 billion euros each year to deal with spam.

The U.S. Federal Trade Commission estimates that as much as 2/3 of all spam email contains fraudulent offers, forged headers, or other false claims suggestive of criminal activity. [1]

Political issues

One of the chief values favored by many long-time Internet users and experts, as well as by many members of the public, is the free exchange of ideas. Many have valued the relative anarchy of the Internet, and bridle at the idea of restrictions placed upon it. Some see spam-blocking tools as a threat to free expression -- and laws against spamming as an untoward precedent for regulation or taxation of email and the Internet at large.

Two common refrains from spam-fighters address these concerns: First, spamming itself abridges the historical freedom of the Internet, by attempting to force users to carry the costs of material which they would not choose. Second, to treat spam as unlawful requires no new incursion of law into the online world, merely the application of existing laws against trespass and conversion.

An ongoing concern expressed by parties such as the Electronic Frontier Foundation and the ACLU has to do with so-called "stealth blocking", a term for ISPs employing aggressive spam blocking without their users' knowledge. These groups' concern is that ISPs or technicians seeking to reduce spam-related costs may select tools which (either through error or design) also block non-spam email from sites seen as "spam-friendly". SPEWS is a common target of these criticisms. Few object to the existence of these tools; it is their use in filtering the mail of users who are not informed of their use which draws fire.

Current events

As at 11 July 2003, the U.S. Federal Trade Commission ("FTC") was expected to ask the U.S. Congress for new powers that would let it cooperate closely with other governments and more easily prosecute American and overseas spammers. A 13-page proposal drafted by the FTC to implement legislation entitled the International Consumer Protection Enforcement Act (ICPEA) would render the agency's investigators "spam cops", granting them the power to serve secret requests for subscriber information on Internet service providers, peruse FBI criminal databases and swap sensitive information with foreign law enforcement agencies. The proposed legislation is a result of a push by American legislators to enact strong laws targeting the most extreme spammers. Civil libertarians are alarmed at the ICPEA draft bill, on the basis that it does not contain sufficient checks and balances, and would adversely impact the Freedom of Information Act.

On June 29, 2003, The New York Times reported that Ferris Research estimated that for 2003, the cost of spam is $10 billion in the United States. The estimate factors in the waste in computing resources and work time.

On October 22, 2003, the U.S. Senate voted to outlaw spam e-mails and to set up a "do not spam" registry similar to the recently put in effect "do not call" one. Such a registry might actually cause more spam if it gives spammers a list of confirmed "live" addresses, though the final version of the Can Spam Act of 2003, which was sent to the President for his signature on December 8th, prohibits the sale or other transfer of an e-mail address obtained through an opt-out request.

On October 24, 2003, a Santa Clara, California Superior Court judge ordered two spammers to pay $2 million for illegaly sending unsolicited e-mails.

On December 11, 2003, new UK legislation was passed making it an offence for UK organisations to send unsolicited e-mails. Many experts have expressed doubts over the effectiveness of the new law given that most spam originates outside the UK and the process to convict a spammer would take up to two years to complete.

On December 12, 2003, the state of Virginia arrested two men on felony spamming charges. [1]

See also


External links

IETF views on spamming can be found in RFC 2635.