Spam, spam everywhere -- How can we control it?

May 26, 2005

According to Phillip Laplante, associate professor of software engineering at Penn State Great Valley, the answer as to why spam is omnipresent is two-fold: it's easy to create and distribute, and it's economically advantageous for those who send it.

Spammers get e-mail addresses from a variety of sources, Laplante says. "Robot" harvesters traverse the Web and collect e-mail addresses posted on Web sites. Spammers share email lists with each other and obtain legitimate lists under false pretenses. They can randomly generate e-mail addresses too -- all they need to know is the domain name (e.g. "anywhere.com") and they can create random combinations of user IDs until they hit real users.

"Anytime you give your e-mail address in exchange for free information posted to the Web it becomes fair game for the spammers," says Laplante. "Finally, even when you give your e-mail address to a legitimate correspondent or business partner, it might inadvertently end up in the hands of a spammer."

Even though spammers know that most recipients delete the e-mail without reading it, and that spam filters and bad addresses keep many of their e-mails from reaching their intended targets, spamming can still be very profitable. Sending spam isn't free -- there are costs involved in obtaining the addresses, preparing the lists, sending the e-mails, supporting the spam site, etc. -- but the cost of doing so is quite low, probably around 1/100 of a cent per e-mail sent. If only one e-mail in 100,000 yields a successful business transaction, depending on the product, the profit can be significant.

So, how do you stop getting so much spam? Well, there is no way to prevent spam completely, says Laplante. This is an "arms race" and the spammers develop counter-measures for every new technique developed to stop them. But you can reduce spam by taking a number of precautions.

First, use and aggressively maintain whatever spam-blocking feature your mail client provides. Microsoft Outlook has a pretty good spam filter if you maintain the rules database faithfully. There are commercial spam-blocking products, too, and some freebies, but this is not the place for an analysis of these. Also, stop giving away your e-mail address so freely. If you don't have to give your e-mail address in exchange for "product updates," don't do it.

Be careful how you post your e-mail address to your Web site. If it is posted in text format, a harvester will eventually grab it. You can embed your e-mail address in an image -- this makes it nearly impossible for a harvester to find it.

Finally don't ever buy a product introduced to you via spam. If the economics didn't work out for the spammer, they would stop doing it. Unfortunately, there are always suckers out there who can't resist a "bargain."

Source: Penn State

Explore further: Security CTO to detail Android Fake ID flaw at Black Hat

add to favorites email to friend print save as pdf

Related Stories

Media shock stories about GameOver Zeus are not helpful

Jun 06, 2014

We need to watch out for headlines like the ones earlier this week warning that people had two weeks to protect themselves from a "powerful computer attack". It can end up scaring people who have little idea ...

Attackers use Network Time Protocol for denial exploit

Feb 12, 2014

(Phys.org) —Reports are calling it the world's most massive distributed denial-of-service (DDoS) attack ever, referring to this week's report about a massive exploit making use of the Network Time Protocol ...

Recommended for you

US spy agency patents car seat for kids

2 hours ago

Electronic eavesdropping is the National Security Agency's forte, but it seems it also has a special interest in children's car seats, Foreign Policy magazine reported Wednesday.

Students' autonomous robot project could be a lifesaver

4 hours ago

The building is on fire but the firefighters are unsure about what's fueling it or how hazardous the situation is. They place a robot at the entrance and program in a rudimentary set of directions using a ...

Country Web domains can't be seized: regulator

4 hours ago

The Internet's regulatory authority said Wednesday that country-specific Web domains cannot be seized in court proceedings, as it sought to quash an effort to recover assets in terrorism-related lawsuits.

User comments : 0