Spam email

What is it?

In its broadest sense, "spam" is any email you don't want to receive.  It's generally defined as email you didn't request, typically sent to you and a large number of other displeased recipients in a mass distribution.  In other words, it's electronic junk mail.

Spam is mostly an annoyance, when used to advertise products you don't want or to provide information you don't much care about.  But it can be dangerous.  Some spam can expose you to damaging software, either in attached files or in links to web sites.  Spam emails are sometimes part of a phishing scam.

Some even consider unwanted messages from persons they know to be spam.  While that may stretch the definition a bit too much, it's worth remembering that email courtesy requires being conservative about what you forward along to others.

How do they find you?

Spammers (the name for the persons who send spam) can obtain email addresses the same way that junk mailers do in the world of paper -- by buying lists from companies.  Sometimes they "harvest" email addresses directly from web sites or web services that have a published directory. 

Spammers may just generate random addresses, combining names, letters, or numbers into multiple permutations in the hopes of hitting an actual email address.  Since it is essentially costless to send spam -- except for the legal penalties discussed below -- the methods don't have to be very accurate.

What should you do with it?

The most important rules when you receive spam are:

Don't reply to it, even to try to opt out.   Legitimate emailers will honor opt-out requests -- indeed, it's legally required that they do so.  For most spammers, the only thing you will achieve by replying is confirming that your address is a real one.  That will produce more spam.

Don't open any files attached to the message.  We know you know better than that.  Attached files are the primary means by which malicious software infects computers.   Even if you have anti-virus and anti-spyware programs installed, you can still be at risk from an attachment's contents.

Don't click on any links in the message.  Clicking on links in the message will let spammers know they've found a "live" account. Worse, if your browser doesn't have appropriate security settings, clicking on a link can even risk damage to your computer from malicious software.

You can think of this as a battle of you vs. the spammers.  You are trying to keep your address hidden.  They are trying to discover your electronic location to begin the bombardment.

Many spammers send HTML mail -- the fancy email with images instead of just plain text -- with a linked graphic file that is used to track who has received the message.  When your email software downloads the graphic from the spammer's web server, they know you're a live one, even if you didn't click on any link.

For this reason, newer versions of e-mail programs disable the opening of graphic images by default, requiring you to say "yes" to see them.   Disabling HTML mail entirely and viewing messages in plain text also prevents this problem (though your email won 't be as pretty).

Don't ISPs and workplace IT departments filter out spam?

Most Internet Service Providers (ISPs) and corporate IT departments work hard to filter out spam entering their networks, and this does eliminate at least some of the offending correspondence.  Many email "client" programs also offer filtering capabilities that allow you to block certain addresses or only allow email from addresses on your contact list.

Unfortunately, filtering cannot be perfect.  If filters are too "strict," some email that you actually want to see will get filtered out.   Filters can only block the email with obvious spam-like content (certain kinds of words and phrases) or from recognized spammer locations.  (If you've wondered why spammers so often engage in creative spelling, it's because they are trying to out-smart the filters.)

Should I report what I receive?

Your workplace IT department probably has a reporting procedure. Most ISPs also have a spam reporting service.

You can also send spam to the Federal Trade Commission at spam@uce.gov.

Is there any way to avoid spam entirely?

If you are using email, spam is almost impossible to avoid.  But you can reduce the volume you receive by taking some of these preventive steps:

Don't give your email address out any more than necessary.  Email addresses have become so common that a space for them is often included on any form that asks for your postal address -- even comment cards at restaurants.  Sometimes you should just say no.

Companies often enter email addresses into databases so that they can keep track of customers and their preferences.  Too often these lists are sold to or shared with other companies, and suddenly you are receiving email that you didn't request.

Be aware of options selected by default.  When you fill out forms, both online and on paper, there is often a section that provides you with the option to receive email about products and services.  Read carefully.  Sometimes options are selected by default.  If you do not deselect them, you could begin to receive email for all sorts of things.

Check privacy policies on web sites and forms.  Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data.  You should read the policy before submitting your email address or any other personal information.

We know it can be tedious to read those long policies.  But just clicking on "accept" and moving on can have unfortunate consequences.

Consider opening an additional email account.   Many places now offer free email accounts -- Yahoo, Google Gmail, MSN Mail to name a few.   If you frequently submit your email address -- for online shopping, signing up for services, or including it on something like a comment card -- you may want to have a secondary email account to protect your primary email account from any spam that could be generated.

You should also use a secondary account when posting to online bulletin boards, chat rooms, public mailing lists, or USENET groups -- so that you can get rid of it when it starts filling up with spam.

Isn't it illegal to spam?

As a matter of fact it is.  The Federal CAN-SPAM Act, passed in 2003, establishes requirements for senders of commercial email, and specifies penalties both for spammers and companies whose products are advertised in spam.  It also gives consumers the right to ask emailers to stop spamming them. 

In case you were wondering, CAN-SPAM stands for Controlling the Assault of Non-Solicited Pornography and Marketing Act.  With respect to spam, it prohibits:

  • false or misleading header information ("from", "to", etc.),
  • deceptive subject lines,
  • failure to include an opt-out method,
  • failure to identify the email as an advertisement, and
  • failure to include a valid physical postal address for the sender.

Florida's Electronic Mail Communications Act, passed in 2004, provides penalties of up to $500 per message for unsolicited commercial email that contains deceptive header or subject information, misappropriates Internet addresses, or includes software designed to damage computers.

The law also prohibits an individual from sending software designed to damage computer systems (viruses, worms, spyware).  A fine of $500 may not seem like much, but given the volumes of spam it can add up.  In 2005, the first two persons prosecuted under Florida's law faced a penalty of $24 million.

Email content that is deceptive can violate federal and state Deceptive and Unfair Trade Practices acts.  Any email that aims at misappropriating identity information (phishing) is also a crime under the federal Identity Theft and Assumption Deterrence Act.

Why is it called spam?

There are various explanations for the origin of the term -- which may be used as both noun and verb   Here's one:

  • SPAM is a canned pork product, sold by the Hormel Corporation since the 1930s. 
  • SPAM was the subject of a popular skit by the Monty Python group, first broadcast in 1970, in which a restaurant's customers are offered more SPAM than desired.  
  • Early users of email and news groups in the 1980s adopted the term to refer to advertising messages and other unwanted content.

If you prefer an ahistorical explanation, you can think of SPAM is an acronym for Stupid Pointless Annoying Messages.  

If you prefer legal formalities, you can refer to spam as lawyers and legislators do: "unsolicited bulk email" (UBE), "unsolicited commercial email" (UCE) or "unsolicited bulk commercial email" (UBCE).

Learn more

Dealing with spam email (Microsoft: Security At Home)
Where it comes from, what types are dangerous, and what you can do to reduce the amount you receive. 

Reducing Spam (US-CERT Cyber Security Tips)
Concise tips on how to avoid spam

Last modified: 08-Sep-2005 [RC]
 

   © 2002-2006 Contributing authors and University of Miami School of Medicine