Information Technology Reference
In-Depth Information
company can make money even if only one in 100,000 recipients of the spam actually
buys the product or service [10].
Where do spammers get email lists with millions of addresses? The Internet provides
a variety of sources of email addresses that can be harvested and sold to spammers. For
example, email addresses often appear in Web sites, in chat-room conversations, and
newsgroups. Some computer viruses gather email addresses stored in the address books
of PCs and transmit these addresses to spammers.
Another way to garner email addresses is through dictionary attacks (also called
directory harvest attacks). Spammers bombard Internet service providers with millions
of emails containing made-up addresses, such as AdamA@isprovider.com, AdamB@
isprovider.com, AdamC@isprovider.com, and so on. Of course, most of these emails will
bounce back, because the addresses are no good. However, if an email doesn't bounce,
the spammer knows there is a user with that email address and adds it to its mailing list.
Sometimes people voluntarily reveal their email address. Have you ever entered
a contest on the Web? There is a good chance the fine print on the entry form said
you agree to receive “occasional offers of products you might find valuable” from the
company's marketing partners; in other words, spam [10]. Sign-ups for email lists often
contain this fine print, too.
How can spammers send out so many email messages? About 90 percent of spam
is sent out by bot herders: people who are able to take control of huge networks of
computers. Bot herders create these networks by launching programs that search the
Internet for computers with inadequate security and install software robot programs,
called bots, on these vulnerable systems. A computer with the bot program installed
on it is called a zombie because it can be directed by a remote computer to perform
certain tasks. Bot herders can send out billions of email messages every day by dividing
the address lists among hundreds of thousands of zombies they control [11].
To deal with this deluge, ISPs install spam filters to block spam from reaching users'
mailboxes. These filters look for a large number of messages coming from the same email
address, messages with suspicious subject lines, or messages with spamlike content.
As we saw in Chapter 1, new technologies sometimes cause new social situations to
emerge. The spam epidemic is an example of this phenomenon. The Internet allows
people to send email messages for virtually no cost. Because a spammer's profits increase
as the number of sent messages increases, every spammer has an incentive to send as
many messages as possible.
The spam problem arose because the Internet and email technology developed
without taking social expectations into account. The design of the Internet allows so-
phisticated users to disguise their own email addresses. Spammers take advantage of this
loophole to send out millions of messages, knowing that unhappy recipients will not be
able to respond. This is contrary to a fundamental social expectation: fairness. In order
to be fair, communications should be two-way, not one-way [12].
