1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

Spam – unwanted emails

In brief

This term first appeared on the Internet in what was known as Usenet, where it was used to mean news articles sent in bulk to different newsgroups. They were often advertising messages that had nothing to do with the newsgroups in question.

This type of advertising was often sent by email. The term spam also ended up encompassing unsolicited bulk emails. Technically, it would be fairer to refer to UBE (Unsolicited Bulk email) or UCE (Unsolicited Commercial email).

There is no official definition of the word “spam”. Originally this word referred to a brand of tinned meat product. It was Monty Python who constantly repeated the word in one of their famous comedy sketches, introducing a concept of unpleasantness to spam.

Today, the word “spam” is commonly used to mean unsolicited emails sent in bulk to many recipients. People find this type of email annoying.

Such emails cost practically nothing to send. However, they can be very expensive for the recipients, in terms of connection costs and the volume of data transferred. This is a real waste of bandwidth and storage space for network administrators and email servers, and a huge waste of time for the recipients of spam (individuals and companies) in downloading, sorting and deleting spam received, with the added risk of mistakenly deleting an email that is not spam.

Who does this spamming?

Spamming is carried out by criminals and it is an illegal activity. It amounts to sending out advertising for illegal products, fraud, phishing and the distribution of malware.

Spam should not be confused with advertising emails which are, contrary to spam, regulated through:

  • opting in: you agree to receive this type of emails and you sign up to a mailing list or you accept the special conditions on a website;
  • opting out: the sender must provide a way to unsubscribe from the email service.

How can I be a victim of spam?

The only thing you need to become a potential victim of spam is your email address.

Methods of collecting email addresses

Spammers have numerous ways to collect your email address on the Internet (in forums, on websites, in discussion groups, etc.), using software (known as “robots”) crawling different pages and storing any email addresses they find as they go along.

Bill Gates receives 4 million emails a day, most of which are spam, but only 10 make their way into his inbox. The rest are filtered by anti-spam solutions. (source: BBC News – 18 Nov. 2004)

  • Your email address was sold

By selling on subscriber lists to a third party, which itself sells it on again, etc, your Internet service provider enables the distribution of multiple copies of your address over the Internet. Please note: it is legal for it to do so if you agreed for your email address to be distributed.

  • You published it on the Internet

Do you display your email address on your personal website? Did you enter your address on web discussion forums or in newsgroups? Be aware that software can be used to automatically harvest published email addresses. In all these cases, your email address is likely to be targeted.

  • You communicated your email address on a website

By placing an order on an electronic commerce website, by subscribing to services over a website; if the web service used is not secure, it risks having its entire database stolen – not just email addresses, but potentially also VISA card numbers.

  • Your address was generated by chance

If you make a list of the commonest surnames and first names and another list of ISPs, using all possible combinations (firstname.surname, surname.firstname, firstname, etc..), you can generate hundreds of thousands of email addresses with a strong chance that they exist! And this is what some spammers do.

Example of spam


How can we protect ourselves?

First and foremost, do not reply to a spam email.

Spammers generally use false sending email addresses. It is therefore completely pointless to respond. Also, if the sender address is correct, all you will be doing is confirming the validity of your email address and you will only end up receiving more spam.

The best solution remains prevention.

  • Never publicly use the email address given to you by your ISP or your company. Keep it for a limited circle of friends or colleagues that you can trust.
  • Check that your email address will not be distributed without your explicit agreement. Some service providers may automatically register you in a web directory.
  • If at all possible, avoid having your email address published on forums or websites.
  • Create one or more “dustbin addresses” that you only use to register on things or identify yourself on websites which are not necessarily to be trusted in terms of privacy.
  • If you have any doubts, enter a false address or mask your address using Spam Safe Notation, for example.

Use antispam software

There are three antispam tools capable of identifying and, where necessary, deleting unwanted messages based on changing rules. We can generally distinguish between two families of antispam software:

  • Client side antispam tools, placed on the email client. These are usually systems with filters which identify spam mails based on predefined or learnt rules. (Junk email in Outlook 2003)
  • Server side antispam tools enable email filtering before delivering it to recipients. This type of tool is far superior, as it stops unsolicited mails upstream and avoids networks and mailboxes getting clogged up with spam messages.

Table of Contents