What is SPAM?

Spam is unsolicited, unwanted e-mail sent by someone with whom the recipient has no personal or business relationship.


Surveys of businesses and other organizations that rely on the Internet for their communications show that around 70 per cent of inbound email traffic is either spam, or other types of illegitimate messages. Most conventional spam, is purely commercial in its intent, setting out to encourage Internet users to buy goods or services. Others are so-called
“blended threats”, messages that use social engineering techniques to persuade recipients to open the message and, typically, activate a Trojan, virus or other malware.

But a growing percentage of spam aims to cause damage or disruption to a company or to its IT assets.Denial of service attacks delivered over email, for example, could take down a company’s mail servers, rendering it unable to do business on line. More sinister still, cyber criminals can use a combination of hacking and spam techniques to “harvest” email addresses and user identities, opening the door to further attacks. Email-based denial of service attacks could also be directed at network providers, with the knock-on effect of damaging the communications of dozens of businesses that outsource their email hosting.

The threat to corporate IT systems is by no means static. As the quantity of spam grows, legitimate email traffic on the Internet is being drowned out by it. Industry estimates suggest that just 30 per cent of email traffic is technically valid. Of that valid traffic, two thirds consists of spam or other unsolicited mails. Just one in 10 emails is both legitimate and genuine.

The vast majority of email security systems in production today scan only for the content of the messages, relying on techniques such as keyword scanning. This means they will accept the vast majority of malformed messages as legitimate.

These messages move through a company’s perimeter defenses unchecked and pass on intact to email systems and often, the desktop. This places an enormous and unnecessary burden on networks and server resources, as well as wasting staff time.

Spam is forcing businesses to invest in additional bandwidth, storage space and CPU capacity just to collect, store and forward enormous quantities of unwanted email traffic.

The very high ratio of illegitimate messages to legitimate mail forces companies to invest more and more resources in building spam detection and filtering systems. For some businesses, the need to scan the content of a vast amount of email, just to find the relatively small proportion of real messages, creates serious bottlenecks within the IT infrastructure.

There are no authentication standards built in to the SMTP email protocol. And as there is no real cost involved in sending email, there are few economic incentives to prevent spammers from continuing to ply their trade. Legal restrictions on spammers have been increased, in particular in the USA. But these measures will do little to deter the authors of other illegal traffic types. Their actions are already unlawful in much of the world, but enforcement remains extremely difficult. The responsibility remains on businesses to protect themselves.


Innovative spam-filtering technology, called SmartScreen, developed at Microsoft Research is being deployed across all Microsoft e-mail platforms as part of the company's multi-pronged effort to chase unsolicited e-mail and practitioners of illegal spamming out of consumers' inboxes.

SmartScreen Technology is a machine-learning-based filtering technology. It uses a probability-based algorithm to essentially "learn" what is and what isn't spam based on characteristics of both types of mail. The source material for educating SmartScreen Technology has come from hundreds of thousands of e-mail users who contribute to Microsoft's feedback loop program. Gates called SmartScreen Technology a major advance in the battle to help secure consumers' inboxes and return greater productivity to people's e-mail experience.


The spam-filtering SmartScreen Technology is built on machine learning, meaning that your computer uses a series of probability-based algorithms to distinguish between legitimate e-mail and spam. It basically "learns" what is and what isn't spam. The SmartScreen Technology filter has to be trained to recognize the different characteristics of both legitimate e-mail and spam. To get enough training data, Microsoft has instituted a feedback program in which customers voluntarily review messages to make a determination as to whether they believe a given message is spam. Based on that information, those messages get placed in a training database for SmartScreen Technology. The machine learning algorithm extracts specific words or characteristics from each e-mail message and weights them, based on their likelihood to indicate that a message is spam or legitimate mail.

As new e-mail messages arrive at a Microsoft e-mail server or client machine running SmartScreen Technology, the filter analyzes it for the weighted characteristics and generates an overall probability that the message could be spam. If the message hits a specific threshold of probability, it gets marked either for deletion or placement in the user's junk e-mail folder. The key advantage of SmartScreen Technology is that it is always adapting and learning more about what is and isn't spam. It learns the latest characteristics that distinguish spam from good mail based on data that the filtering technology collects over time, both from the e-mails that individual users deem as spam and the data collected centrally through Microsoft's feedback loop program. SmartScreen Technology already searches for more than 500,000 characteristics of spam that are based on feedback from e-mail users, which enables the filter to be highly effective. And Microsoft will also issue periodic updates to the filtering technology to augment the machine learning process.

Microsoft is currently heavily investing in research and development to bring more effective anti-spam innovations to light. They have announced that they we'll continue to dedicate resources toward fighting spam from all angles of technology, enforcement, education, legislation and industry self-regulation.

SOURCES: Microsoft , Computer Crime Research Center

Examples of Emails Spams

note: green letters are our comments

Email Spam 1:

FROM: Mr. COLIN ELMER SUBJECT: Business Proposal (maybe different)
I am Mr.Colin Elmer the Executive Director and Chief FinancialOfficer of the Kleinwort Benson Private Bank Ltd.I have urgent and very confidential business proposition involving transfer of (12,500,000GBP) that will be of great benefit for both of us.Contact me on my private emai address( more information.
Colin Elmer

After any answer to that email you will probably get this:


Dear Friend,

Thank you very much for your response.I received your mail.Being a next of kin does not necessary mean you must come from the same country or be related to the deceased,what matter most is that you having the necessary documents backing you up as the next of kin which my attorney will provide on your behalf if i am assured of your interest in assisting in transfering the funds.I can not apply for it or be the next of kin because my bank will know is from me that is why i need you. Like I said before, due to this issue on my hands now, it became necessary for me to seek your assistance I appreciate the fact that you are ready to assist me in executing this project. I intend to resign immediately this project is concluded and invest my part of the money in a lucrative business. You should not have anything to worry about, I will do everything legally required with the help of my attorney to ensure that the project goes smoothly and i will make sure it passes through all Laws of International Banking, you have my word.

Having resolved to entrust this transaction into your hands, I want to remind you that, it needs your commitment and diligent follow up. If you work seriously, the entire transaction should be over in a couple of days.


Firstly, I will want to know precisely the type of occupation that you do and how old you are, you should note that this project is capital intensive, I need your total devotion and trust to see this through. I know we have not met before, but I am very confident that we will be able to establish the necessary trust that we need to execute this project. I am now in contact with a foreign online bank; I now intend that you open an account in your name in this foreign bank. The money would be transferred to your account which you will open in this bank for both of us, this is the best way, I have found, it will protect us from my bank.So you should listen to my instructions and follow them carefully for a successful conclusion of the transfer. Also you have to know that I cannot transfer this money in my name as my bank will be aware that it is from me, this is where I need you. As a result of this, you will have to open an account in your name in this corresponding bank. I will obtain a certificate of deposit from this my bank,this will make you the bonafide owner of the funds. After this, the money will be banked online for both of us. We can then instruct the bank to transfer our various shares into our respective home bank accounts. I will also perfect the documentations with the assistance of my attorney to give the transaction the legal right it requires.

Before I commence, I will need you to send me a copy of any form of your identification (Driver's licence, Work ID or International passport). I want to be sure that I am transacting with the correct person or I want to know who I intend to work with very well before entrusting this transaction to him or her considering the money involved. As soon as I get these from you, I will commence the paper work with the help of my attorney.

I hope you will understand why I need all these, the money in question is big and I want to be sure that I know you well before I proceed to give you all the details to commence the project, I will send the name and the bank website to you immediately I receive any form of your identification so that you can commence communication with them. I will also send you my Work Identification for you to know who you are working with. Ensure that you keep this project confidential; do not discuss it with anybody because of its confidential nature and my job.You can call me on my mobile number:+447031902928 for better discussion.
Please reply soonest


Mr.Colin Elmer

Types of E-mail Spams


Today spam is a household word, since 70-80% of all email traffic is spam. Although spam written in English is the most common, it comes in all languages including Chinese, Korean and other Asian languages. In most cases spam is advertising, and experience shows that spammers have targeted specific goods and services to promote. Some goods are chosen because a computer user is likely to be interested, but most are grey or black market goods. In other words, spam is usually illegal not only because of the means used to advertise the goods, but also because the goods and services being offered are illegal in themselves.

Other mass mailings are outright fraud, such as the notorious 419 messages which offer the recipients a share of funds which allegedly cannot be accessed by the sender for political reasons, in return for the recipient's help in legalizing these funds. The recipient is asked to provide bank account details; of course, if the recipient provides these details, the bank account will be emptied without their consent. This type of spam is usually called a 'scam'.

The commonest types of spam:

Spam worldwide tends to advertise a certain range of goods and services irrespective of language and geography. Additionally, spam reflects seasonal changes, with advertisements for Christmas items and car heaters being replaced by air conditioner advertising in summer.

However, when averaged out over the course of the year, 50% of spam falls into the following categories:

  • Adult content
  • Health
  • IT
  • Personal finance
  • Education/training

Adult content:

This category of spam includes offers for products designed to increase or exhance sexual potency, links to porn sites or advertisments for pornorgraphy etc. Examples


Subject 1: very cheap erection tool :-)

Good day!

We would like to offer cheapest Viagra in the world!

You can get it at: {LINK}

Sincerely, Liza Stokes

Subject 2: i think you're gonna like watching me get off :-) Brooke..and I just got a webcam...lets have a little chat.. while you watch me get dirty .. haha;-) {LINK}

Health and Medicine:

This category includes advertisements for weight loss, skin care, posture improvement, cures for baldness, dietary supplements, non-traditional medication etc. which can all be bought on-line.


Subject: Lose up to 19% weight. A new weightloss is here.

Hello, I have a special offer for you...


The most powerful weightloss is now availablewithout prescription. All natural Adipren720100% Money Back Guarantée!

- Lose up to 19% Total Body Weight.

- Up to 300% more Weight Loss while dieting.

- Loss of 20-35% abdominal Fat.

- Reduction of 40-70% overall Fat under skin.

- Increase metabolic rate by 76.9% without Exercise.

- Burns calorized fat.

- Suppresses appetite for sugar.

- Boost your Confidence level and Self Esteem.

Get the facts about all-natural Adipren720: {LINK}

Subject: Legal Low prices for Valium (Diazepam) (Caffeine FREE)

Rx Shopping Service Brings You our Newest Product:

Your personal shopping service that legally providesOver the Counter (OTC) approved drugs from Canada andaround the world.
Order Valium (Diazepam) and it will beguaranteed Delivery within 7 DAYS!
Do not miss out *Limited Quantity!
Visit Here: {LINK}


This category includes offers for low-priced hardware and software as well as services for web site owners such as hosting, domain registration, web site optimization and so forth.


Subject: Huge savings on OEM Software. All brand names available now stewardess

Looking for not expensive high-quality software?

We might have just what you need.

Windows XP Professional 2002 ............. $50Adobe Photoshop 7.0 ...................... $60Microsoft Office XP Professional 2002 .... $60Corel Draw Graphics Suite 11 ............. $60 and lots more...

Personal finance:

Spam which falls into this category offers insurance, debt reduction services, loans with low interest rates etc.


Subject: Lenders Compete--You Win

Reduce your mortgage payments
Interest Rates are Going Up!Give Your Family The Financial Freedom They Deserve

Refinance Today & SAVE *Quick & EASY *CONFIDENTIAL *100's Of Lenders *100% FREE *Get The Lowest Rate
Apply Today! {LINK}

All credit will be accepted

To clear your name from our database please {LINK} or use one of the optins below. Thank You

Call 1-800-279-7310Or please mail us at:1700 E. Elliot Rd. STE3-C4Tempe, AZ. 85283


This category includes offers for seminars, training, and on-line degrees.


Subject: get a degree from home, Mas#ters, Bachelors or PHD

Call {Phone Num.} to inquire about our degree programs.

Whether you are seeking a Bachelors, Masters, Ph.D. or MBA

We can provide you with the fully verifiable credentials to get your career BACK ON TRACK!

No testing or coursework required Call: {Phone Num.}

we are sorry if you did not want to receive this mail.

To be removed from our list please call {Phone Num.}

Some new trends in spam content:

Spammers are constantly seeking to enter new markets and develop new techniques. Some areas are evolving rapidly and should be monitored closely.

Political spam

This category includes mudslinging or political threats from extremists and possible terrorists. Though these are merely nuisance messages to end users, security and law enforcement officials need to be aware of such mailings, since they can provide clues to genuine potential threats, or be actual communication between terrorists.

Antispam solutions

Spammers advertise supposed antispam solutions in an effort to cash in on the negative publicity generated by spam itself. However, such offers often lead the user to sites where a Trojan will be downloaded to the victim machine, which will then be used for future mass mailings.


Subject: Join the thousands who are now sp@m-free


Get SMART Spam Control That Always Delivers The Email You Want!

Finally, we discovered the ultimate solution that is guaranteed to stop all spam without losing any of your important email! This revolutionary advanced technology also protects you 100% against ALL email-borne viruses - both known and unknown.

We didn't believe it either until we actually tried it. So you be the judge and see for yourself.


Spam, viruses and junk email:

Today, most people class all unsolicited email as spam, including automatic replies, emails containing viruses and unsolicited, but legitimate business propositions. Classifying all such emails as spam is broadly correct, but it must be highlighted that some categories of spam are more dangerous than others.

In particular, the alliance developing between virus writers and spammers is worrisome. The first half of 2004 brought several virus epidemics where viruses were circulated using spammer techniques. These outbreaks were classic examples of how botnets can be created by virus writers, and then sold to spammers for use in future mass mailings.

SOURCE: viruslist

What is HOAX?

What are Internet Hoaxes and Chain Letters?

Internet hoaxes and chain letters are e-mail messages written with one purpose; to be sent to everyone you know. The messages they contain are usually untrue. A few of the sympathy messages do describe a real situation but that situation was resolved years ago so the message is not valid and has not been valid for many years. Hoax messages try to get you to pass them on to everyone you know using several different methods of social engineering. Most of the hoax messages play on your need to help other people. Who wouldn't want to warn their friends about some terrible virus that is destroying people's systems? Or, how could you not want to help this poor little girl who is about to die from cancer? It is hard to say no to these messages when you first see them, though after a few thousand have passed through your mail box you (hopefully) delete them without even looking.

Chain letters are lumped in with the hoax messages because they have the same purpose as the hoax messages but use a slightly different method of coercing you into passing them on to everyone you know. Chain letters, like their printed ancestors, generally offer luck or money if you send them on. They play on your fear of bad luck and the realization that it is almost trivial for you to send them on. The chain letters that deal in money play on people's greed and are illegal no matter what they say in the letter.

The cost and risk associated with hoaxes may not seem to be that high, and isn't when you consider the cost of handling one hoax on one machine. However, if you consider everyone that receives a hoax, that small cost gets multiplied into some pretty significant costs. For example, if everyone on the Internet were to receive one hoax message and spend one minute reading and discarding it, the cost would be something like:

50,000,000 people * 1/60 hour * $50/hour = $41.7 million

Most people have seen far more than one hoax message and many people cost a business far more than $50 per hour when you add in benefits and overhead. The result is not a small number.

Probably the biggest risk for hoax messages is their ability to multiply. Most people send on the hoax messages to everyone in their address books but consider if they only sent them on to 10 people. The first person (the first generation) sends it to 10, each member of that group of 10 (the second generation) sends it to 10 others or 100 messages and so on.

By the 6-th generation there would be a million e-mail messages being processed by our mail servers. The capacity to handle these messages must be paid for by the users or, if it is not paid for, the mail servers slow down to a crawl or crash. Note that this example only forwards the message to 10 people at each generation while people who forward real hoax messages often send them to many times that number.

Recently, we have been hearing of spammers (bulk mailers of unsolicited mail) harvesting e-mail addresses from hoaxes and chain letters. After a few generations, many of these letters contain hundreds of good addresses, which is just what the spammers want. We have also heard rumors that spammers are deliberately starting hoaxes and chain letters to gather e-mail addresses (of course, that could be a hoax). So now, all those nice people who were so worried about the poor little girl dying of cancer find themselves not only laughed at for passing on a hoax but also the recipients of tons of spam mail.

Probably the first thing you should notice about a warning is the request to "send this to everyone you know" or some variant of that statement but not always necessary this, it maybe be for a good purpose like info people about something. This should raise a red flag that the warning is probably a hoax. No real warning message from a credible source will tell you to send this to everyone you know.

Next, look at what makes a successful hoax. There are two known factors that make a successful hoax, they are:

(1) Technical sounding language.
(2) Credibility by association.

If the warning uses the proper technical jargon, most individuals, including technologically savvy individuals, tend to believe the warning is real. For example, the Good Times hoax says that "...if the program is not stopped, the computer's processor will be placed in an nth-complexity infinite binary loop which can severely damage the processor...". The first time you read this, it sounds like it might be something real. With a little research, you find that there is no such thing as an nth-complexity infinite binary loop and that processors are designed to run loops for weeks at a time without damage.

When we say credibility by association we are referring to who sent the warning. If the janitor at a large technological organization sends a warning to someone outside of that organization, people on the outside tend to believe the warning because the company should know about those things. Even though the person sending the warning may not have a clue what he is talking about, the prestige of the company backs the warning, making it appear real. If a manager at the company sends the warning, the message is doubly backed by the company's and the manager's reputations.

Both of these items make it very difficult to claim a warning is a hoax so you must do your homework to see if the claims are real and if the person sending out the warning is a real person and is someone who would know what they are talking about. You do need to be a little careful verifying the person as the apparent author may be a real person who has nothing to do with the hoax. If thousands of people start sending them mail asking if the message is real, that essentially constitutes an unintentional denial of service attack on that person. Check the person's web site or the person's company web site to see if the hoax has been responded to there. Check these pages or the pages of other hoax sites to see if we have already declared the warning a hoax.
Hoax messages also follow the same pattern as a chain letter (see below).

Recognizing a Chain Letter

Chain letters and most hoax messages all have a similar pattern. From the older printed letters to the newer electronic kind, they all have three recognizable parts:

The Hook

First, there is a hook, to catch your interest and get you to read the rest of the letter. Hooks used to be "Make Money Fast" or "Get Rich" or similar statements related to making money for little or no work. Electronic chain letters also use the "free money" type of hooks, but have added hooks like "Danger!" and "Virus Alert" or "A Little Girl Is Dying". These tie into our fear for the survival of our computers or into our sympathy for some poor unfortunate person.

The Threat

When you are hooked, you read on to the threat. Most threats used to warn you about the terrible things that will happen if you do not maintain the chain. However, others play on greed or sympathy to get you to pass the letter on. The threat often contains official or technical sounding language to get you to believe it is real.

The Request

Finally, the request. Some older chain letters ask you to mail a dollar to the top ten names on the letter and then pass it on. The electronic ones simply admonish you to "Distribute this letter to as many people as possible." They never mention clogging the Internet or the fact that the message is a fake, they only want you to pass it on to others.

Chain letters usually do not have the name and contact information of the original sender so it is impossible to check on its authenticity. Legitimate warnings and solicitations will always have complete contact information from the person sending the message and will often be signed with a cryptographic signature, such as PGP to assure its authenticity. Many of the newer chain letters do have a person's name and contact information but that person either does not really exist or does exist but does not have anything to do with the hoax message. As mentioned in the previous section, try to use other means than contacting the person directly to find out if the message is a hoax. Try the person's web page, the person's company web page, or this and other hoax sites first to see if the message has already been declared a hoax.

For example, the PENPAL GREETINGS! hoax shown below appears to be an attempt to kill an e-mail chain letter. This chain letter is a hoax because reading a text e-mail message does not execute a virus nor does it execute any attachments; therefore the Trojan horse must be self starting. Aside from the fact that a program cannot start itself, the Trojan horse would have to know about every different kind of e-mail program to be able to forward copies of itself to other people. We have had to modify this statement slightly for the newer html mail readers. If a mail message is formatted with html and contains scripts, those scripts will run when the e-mail message is read. Active scripting should always be turned off for a mail reader so that malicious code like the KAK worm cannot automatically run.

Notice the three parts of a chain letter, which are easy to identify in this example.

The Hook


Subject: Virus Alert
Importance: High

If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT reading it. Below is a little explanation of the message, and what it would do to your PC if you were to read the message. If you have any questions or concerns please contact SAF-IA Info Office on 697-5059.

The Threat

This is a warning for all Internet users - there is a dangerous virus propagating across the internet through an e-mail message entitled
This message appears to be a friendly letter asking you if you are interested in a penpal, but by the time you read this letter, it is too late. The "trojan horse" virus will have already infected the boot sector of your hard drive, destroying all of the data present. It is a self-replicating virus, and once the message is read, it will AUTOMATICALLY forward itself to anyone who's e-mail address is present in YOUR mailbox! This virus will DESTROY your hard drive, and holds the potential to DESTROY the hard drive of anyone whose mail is in your inbox, and who's mail is in their inbox, and so on. If this virus remains unchecked, it has the potential to do a great deal of DAMAGE to computer networks worldwide!!!! Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!

The Request

And pass this message along to all of your friends and relatives, and the other readers of the newsgroups and mailing lists which you are on, so that they are not hurt by this dangerous virus!!!!

CIAC recommends that you DO NOT circulate warnings without first checking with an authoritative source. Authoritative sources are your computer system security administrator, your computer incident handling team, or your antivirus vendor. Real warnings about viruses and other network problems are issued by computer security response teams (CIAC, CERT, ASSIST, NASIRC, etc.) and are digitally signed by the sending team using PGP. If you download a warning from a team's web site or validate the PGP signature, you can usually be assured that the warning is real. Warnings without the name of the person sending the original notice, or warnings with names, addresses and phone numbers that do not actually exist are probably hoaxes. Warnings about new malicious code are also available at the antivirus vendors sites and at the operating system's vendor site.

Upon receiving a warning, you should examine its PGP signature to see that it is from a real response team or antivirus organization. To do so, you will need a copy of the PGP software and the public signature of the team that sent the message. The CIAC signature is available at the CIAC home page: You can find the addresses of other response teams by connecting to the FIRST web page at: If there is no PGP signature, check at this and other hoax sites to see if the warning has already been declared as a hoax. If you do not find the warning at the hoax sites, it just may mean that we have not yet seen this particular hoax. See if the warning includes the name of the person submitting the original warning. If it does, see if you can determine if the person really exists. If they do, don't send them an e-mail message. It is likely that they have nothing to do with this hoax and thousands of people sending them questions will be just as damaging to them as sending around the hoax message. Instead, check their personal or company web site. Often if a person has been the brunt of a hoax, that hoax message will be debunked on the person's company web site. If you still cannot determine if a message is real or a hoax, send it to your computer security manager, your ISP, or your incident response team and let them validate it.

When in Doubt, Don't Send It Out.

In addition, most anti-virus companies have a web page containing information about most known viruses and hoaxes. You can also call or check the web site of the company that produces the product that is supposed to contain the virus. Checking the PKWARE site for the current releases of PKZip would stop the circulation of the warning about PKZ300 since there is no released version 3 of PKZip. In most cases, common sense would eliminate Internet hoaxes.

SOURCE: HoaxBusters

Unique Visitor Counter