Spam now constitutes an overwhelming majority of email traffic. The never-ending onslaught of junk messages strains networks, erodes user productivity , propagates dangerous malware and costs business millions of dollars.
Types of Spam
Though all junk email might look the same, spam continues to arrive in a seemingly endless number of configurations, ranging from the innocuous to the lethal. The major spam types include:
- Advertising : Spam is used to promote an entire spectrum of products and services, from software to real estate to questionable medical and nutritional offerings.
- Malware Delivery : Spam is one of the main distribution channels for delivering viruses and other types of malware. Targeted individuals, believing they have received an important document or media file, are often tricked into opening a malware attachment.
- Scams : Posing as Nigerian princes, Swiss bankers, tragically ill children and other stock types, scammers prey on recipients' sympathy and greed.
- Phishing : Hiding behind the names of respected retailers, financial institutions, businesses, charities and government bodies, phishers attempt to lure unsuspecting recipients to bogus Web sites where they steal personal financial or identity information.
- Nonsense : A significant chunk of junk-mail text is pure gibberish. Some of this material is generated in an effort to trick spam-filtering technologies into passing an attached message onto recipients. Many nonsensical messages seem to exist for no purpose at all.
Spam is overwhelmingly an email problem. Yet as Internet technology advances, junk content is rapidly spilling over to many other types of IP media, including:
- IM (instant messaging) : Spam is a growing problem on IM networks, where the threats closely parallel those of email spam.
- VoIP : SPIT (Spam over Internet Telephony) is a rare but potentially dangerous form of spam that threatens to annoy users and jam voice-mail inboxes.
- Search Engines : Using techniques such as hidden text, doorway pages and mirror sites, a search-engine spammer attempts to boost a Web site's ranking by redirecting traffic to the site. This practice is also known as "spamdexing."
- Web Message Boards : Spammers like to use Web message boards and Usenet.com groups to promote products and services that are usually unrelated to the site's content focus.
- Blogs : Junk advertising is inserted into a blog's reader-comment area.
- Online Video : YouTube LLC and other video-sharing sites are plagued by video spam, which consists of thinly disguised commercials for products and services of dubious value.
It sometimes seems as if anti-spam technologies and methodologies are proliferating as rapidly as spam itself. These are the main tools that can keep spam under control:
- Spam Filters : A growing number of technology vendors are targeting spam with products that are designed to block and quarantine suspected spam. These offerings use sophisticated algorithms to scan each incoming message for signs that it may contain spam.
- Firewalls : Spam firewalls offload message filtering from the email server, freeing up network resources and bandwidth. Spam-firewall appliances usually come preconfigured and can be set up in minutes. Maintenance is usually minimal.
- Anti-Malware Technologies : Hardware- and software-based anti-malware products can block dangerous attachments from reaching employees' inboxes.
- Client Control : Leading email clients, such as Microsoft Outlook and Outlook Express, as well as Mozilla Foundation's Thunderbird , offer built-in controls that are designed to minimize inbox spam.
- White Lists/Black Lists : This feature is found in many spam filters and client controls. White lists of trusted email addresses allow messages to proceed to the user's inbox unimpeded by any filter or client settings. Black lists work in the opposite way, routinely blocking incoming email from known offenders.
- Disposable Email Addresses : Many businesses and individuals routinely distribute different email addresses to every external contact, then funnel all incoming messages into a single account. This way, if one address begins spamming, it can be safely eradicated without affecting the flow of messages originating from other contacts.
- Legal Action : While it's rare for an individual business to sue a junk-mail sender, a growing number of law-enforcement bodies are targeting spammers, particularly organized crime rings that use the technology for financial and identity theft.
- Policies : All businesses need a comprehensive anti-spam policy. Besides mandating the use of filtering and other good spam-fighting technologies, the policy should cover routine workplace practices. Business Web sites, for example, should never publish visible email addresses that can be "harvested" by spammer software. Employees should also be encouraged not to post business email addresses on message boards, social-network sites and personal Web pages.
- Education : The simple task of teaching employees to be wary of phishing messages, and not to open unknown attachments, can help any business minimize spam's impact.