Anyone who uses the internet whether for business or for leisure has had first hand experience with spam at some point in time.  Spam is a problem that plagues the internet and affects us all in some way.  Like most problems the spam problem is a very complex one.  There is no single source or cause of spam, which means there is no single solution to the problem.  In this post I’ll explain some of the sources and causes of the spam that we see every day.

Botnets and Zombies

Bots or zombies are typically home computers that have been infected with some type of virus or malware, which puts the computer under remote control by a malicious person.  A group of these computers is referred to as a botnet, and is used by a spammer to send out millions of emails containing spam, phishing scams, and computer viruses.

Examples of botnets include the Cutwail and Rustock botnets that are responsible for massive spam attacks around the world.

Because botnets are made up of computers located within ISP customer IP subnets they can often be blocked by using connection filtering to block any SMTP connections from those IP address ranges.  When this fails you have to rely on content filtering to detect the spam content within the messages.

Open Relays

An open relay is a poorly configured email server that allows anyone to relay messages through it to any other destination email address.  Modern email server software is not configured to permit open relay by default, it usually takes human error to cause a server to be configured this way, and there are few genuine reasons to run an open relay especially not one that is open to the internet where it can be abused by spammers.Servers that are found to be open relays are often added to block lists.  This will prevent that server from sending legitimate email as well, so having an open relay in your own network can be detrimental to your own business.

Backscatter

Backscatter spam is caused by a combination of email address spoofing and poorly configured spam defenses on email servers.  When an email server detects spam it may generate a “Non Delivery Report” (NDR) to what it thinks is the originating email address.  Because most spam is from spoofed (or forged) email addresses this means that the person whose email address was spoofed receives the NDR, often containing the original spam content as well.

Backscatter or NDR spam can be difficult to detect and block and not all antispam systems do it very effectively.

Unsecured Wireless Networks and Business Premises

An often forgotten source of spam is poorly secured business networks.  People may assume that business computers would need to be part of a botnet, or that the email server has to be an open relay for spam to originate from business networks.

However some networks are compromised simply because attackers are able to gain physical access to data ports in unsecured sections of the office.  These risks highlight the importance of businesses filtering outgoing email from their networks.

Wireless networks are also a vulnerability for both businesses and homes.  In Australia one state’s police force is considering patrolling neighborhoods for unsecured wireless networks so that they can assist people in securing them and cutting off the opportunity for criminals to use them.

Email Marketers

Not all email marketers are spammers but there are definitely those out there that consider themselves to be genuine marketers as they engage in spam tactics.  This is a problem not only for the incoming spam it causes people to have to deal with, but also means that businesses must be careful when engaging in email marketing not to be labeled as spammers themselves.

There is also the perception that any unwanted commercial email must be spam, but often a person will forget they signed up for a mailing list or simply do not want to receive them anymore and will start treating it as spam instead of simply unsubscribing.

Instant Messaging

Instant messaging is a very useful and productive tool but like any internet communication is also subject to spam.  Malicious users will simply add as many contacts as they can and start sending out links to spam and phishing sites before the messaging service notices them and blocks them.

Instant messaging spam attacks are often successful because it is perceived as a more trusted platform by the end user and also commonly used by people to communicate with other people they have never met, causing them to be less suspicious of messages from unknown contacts.

Social networks

Social networking is one of the most popular online activities today and like instant messaging is used to connect with people all around the world, some of whom a person has never met or even knows very well.   This makes social networks a lucrative hunting ground for spammers who use the personal information people reveal about themselves on social networks to tailor their spam messages.

The personalized content in the spam and phishing messages causes unsuspecting victims to lower their guard and be more trusting, which leads to them falling for the scam that the attacker is using.

Most social network spam and phishing attacks cannot be effectively prevented in any other way than by increasing user awareness of the risks.