PC Magazine - February 25, 2003
Know Your Enemy: How Spammers Operate

By Sheryl Canter

Spammers gather e-mail addresses wherever they can—Web sites, Internet white and yellow pages, newsgroups, chat rooms, mailing lists, and domain registrations. They trick your browser into revealing your e-mail address without your knowledge, con you into giving it out via chain letters and bogus offers, and dupe you with e-mail containing scripts that send back not only your e-mail address but also your entire address book. Or they simply guess at addresses and eliminate any that bounce. If they're lazy, they just buy a mailing list from someone else who uses these techniques.

A spambot is a tool that starts with a Web search, scrapes all the e-mail addresses from the first page it finds, and then follows links to related sites, collecting more addresses as it goes. Site owners can protect themselves from spambots by redirecting them to a page that's free of e-mail addresses. For details, see www.turnstep.com/spambot.

Chat rooms are paradises for spammers, who use specialized harvester programs for AOL chat rooms and profile lists. AOL names are considered desirable, because the service appeals to Internet newcomers, who are more likely to respond to spam and less likely to have antispam solutions in place. For harvesting e-mail addresses of more sophisticated users, spammers scour public lists of domain registrations.

Browsers can also be tricked into revealing your e-mail address as you surf. JavaScripts can instruct your browser to send e-mail with your address to a specified location. Some browsers give your address to every site you visit. To see whether yours does, go to www.privacy.net/analyze.

Once a spammer has a list of addresses, the next challenge is to send lots of e-mail to all those addresses. The problem is twofold: The spammer has to find an SMTP server that can handle the mail and hide his identity to avoid repercussions. Spam is prohibited by virtually all ISPs, and spammers will lose their accounts if they're caught.

Hiding your identity by falsifying header information is illegal in many states, and several federal laws are being considered to make it illegal nationwide (see www.spamlaws.com for details). But identity hiding is nevertheless supported by many bulk e-mail programs. Using others' mail servers without permission will also be illegal if Congress passes the "Can Spam Act," but spammers can currently buy programs that search the Internet for open relays or buy lists of open-relay IP addresses. Open relays are unprotected servers that send out e-mail from any source. The sender doesn't have to identify himself either through his IP address or the newer authentication technique based on usernames and passwords.

One option is to set up a desktop mail server. There's even a company that offers an address harvester as a companion to its desktop mail server. An easier but more expensive approach is to use one of many bulk mail services with their own mail servers. These companies offer mailing lists for purchase and IP addresses that can't be traced back to a spammer.

With each customer blasting out millions of e-mail messages on a regular basis, how do bulk e-mail services handle the load? Some of them use special-purpose e-mail server appliances that can send out as many as a million e-mail messages an hour - the equivalent of ten traditional servers.

A mass e-mailing can be either perfectly benign or completely offensive. Unfortunately, the tools that are good for the first kind work just as well for the latter.

HomeWritingSpeakingWeb DesignGraphic DesignBioBlogContact