SpamAssassin: A practical guide to integration and configuration

By Alistair McDonald
  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Introducing Spam

About this book

As a busy administrator, you know Spam is a major distraction in todays network. The effects range from inappropriate content arriving in the mailboxes up to contact email addresses placed on a website being deluged with unsolicited mail, causing valid enquiries and sales leads to be lost and wasting employee time. The perception of the problem of spam is as big as the reality. In response to the growing problem of spam, a number of free and commercial applications and services have been developed to help network administrators and email users combat spam. Its up to you to choose and then get the most out of an antispam solution. Free to use, flexible, and effective, SpamAssassin has become the most popular open source antispam application. Its unique combination of power and flexibility make it the right choice. This book will now help you set up and optimize SpamAssassin for your network.

Publication date:
September 2004
Publisher
Packt
Pages
216
ISBN
9781904811121

 

Chapter 1. Introducing Spam

Spam is an often-used term, but as with many terms, it means different things to different people. This chapter defines the term 'spam' as used in this book and reviews its history. By examining the economics and costs involved with spam, we will explain why spam has become so invasive to modern computing. Finally, we will describe the current legal position against spam.

Defining Spam

Spam, in computing terms, means something unwanted. It has normally been used to refer to unwanted email or Usenet messages, and it is now also being used to refer to unwanted Instant Messenger (IM) and telephone Short Message Service (SMS) messages. Spam email is unwanted, uninvited, and inevitably promotes something for sale. Often the terms junk email, Unsolicited Bulk Email (UBE), or Unsolicited Commercial Email (UCE) are used to refer to spam email. Spam generally promotes Internet-based sales, but it also occasionally promotes telephone-based or other methods of sales too.

People who specialize in sending spam are called spammers. Companies pay spammers to send emails on their behalf, and the spammers have developed a range of computerized tools and techniques to send these messages. Spammers also run their own online businesses and market them using spam email.

The term 'spam email' generally precludes email from known sources, regardless of however unwanted the content is. One example of this would be an endless list of jokes sent from acquaintances. Email viruses, trojan horses, and other malware (short for malicious software) are not normally categorized as spam either, although they share some common traits with spam. Emails that are not spam are often referred to as ham, particularly in the anti-spam community. Spam is subjective, and a message considered spam by one recipient may be welcomed by another.

Anti-spam tools can be partially effective in blocking malware, however, they are best at blocking spam. Special anti-virus software can and should be used to protect your inbox from other undesirable emails.

Definitions

The following definitions will be used throughout this book:

  • Spam: Unsolicited Commercial Email or UCE. It is any email that has not been requested and contains an advertisement of some kind.

  • Ham: The opposite of spam—email that is wanted.

  • False negative: A spam email message that was not detected successfully.

  • False positive: A ham email message that was wrongly detected as spam.

The History of Spam

Here are some important dates in the development of the Internet:

  • 1969: Two computers networked via a router

  • 1971: First email sent using a rudimentary system

  • 1979: Usenet (newsgroups) established

  • 1990: The World Wide Web concept born

  • 2004: The Internet is a major global network annually responsible for billions of dollars of commerce.

There is one omission from this time line:

  • 1978: The first spam email was sent.

Spam has been part of the Internet from a relatively early stage in its development. The first spam email was sent on May 3rd, 1978, when the U.S. Government funded Arpanet, as it was called then. The first spammer was a DEC engineer called Gary Thuerk who invited recipients of his email to attend a product presentation. This email was sent using the Arpanet, and caused an immediate response from the chief of the Arpanet, Major Raymond Czahor, at the violation of the non-commercial policy of the Arpanet.

Spam really took off in 1994 when an Arizona attorney, Laurence Carter, automated the posting of messages to many internet newsgroups (Usenet) to advertise his firm's services. The resultant outcry from Usenet users included the coining of the term 'spam', when one respondent wrote "Send coconuts and cans of Spam to Cantor & Co.". This sparked the beginning of spam as it is now experienced.

Spam email has increased in volume as the Internet has developed. In April 2004, PC Magazine reported that 67% of all email is spam.

Spammers

Typically, spammers are paid to advertise particular websites, products, and companies, and are specialists in sending spam emails. There are several well-known spammers who are responsible for a large proportion of spam and have evaded legal action.

Individual managers of websites can send their own spams, but spammers have extensive mailing lists and superior tools to bypass spam filters and avoid detection. Spammers have a niche in today's marketing industry, and their clients capitalize on this.

Most spam emails are now sent from 'Trojanned' computers, as reported in a press release by broadband specialist Sandvine. The owners or users of trojanned computers have been tricked into running software that allows a spammer to send spam email from the computer without the knowledge of the user. The Trojan software often exploits security holes in the operating system, browser, or email client of a user. When a malicious website is visited, the Trojan software is installed on the computer. Unknown to users, their computer may become the source of thousands of spam emails a day.

Another related risk is from phishing, which occurs when a website appears to represent a bank or other financial provider, but is actually a fake and is used to collect login details of a victim. These details can then be used to perpetuate fraud. Phishing is often initiated via an email, with a web link to the fake site that is disguised to look like the real web address.

 

Defining Spam


Spam, in computing terms, means something unwanted. It has normally been used to refer to unwanted email or Usenet messages, and it is now also being used to refer to unwanted Instant Messenger (IM) and telephone Short Message Service (SMS) messages. Spam email is unwanted, uninvited, and inevitably promotes something for sale. Often the terms junk email, Unsolicited Bulk Email (UBE), or Unsolicited Commercial Email (UCE) are used to refer to spam email. Spam generally promotes Internet-based sales, but it also occasionally promotes telephone-based or other methods of sales too.

People who specialize in sending spam are called spammers. Companies pay spammers to send emails on their behalf, and the spammers have developed a range of computerized tools and techniques to send these messages. Spammers also run their own online businesses and market them using spam email.

The term 'spam email' generally precludes email from known sources, regardless of however unwanted the content is. One example of this would be an endless list of jokes sent from acquaintances. Email viruses, trojan horses, and other malware (short for malicious software) are not normally categorized as spam either, although they share some common traits with spam. Emails that are not spam are often referred to as ham, particularly in the anti-spam community. Spam is subjective, and a message considered spam by one recipient may be welcomed by another.

Anti-spam tools can be partially effective in blocking malware, however, they are best at blocking spam. Special anti-virus software can and should be used to protect your inbox from other undesirable emails.

Definitions

The following definitions will be used throughout this book:

  • Spam: Unsolicited Commercial Email or UCE. It is any email that has not been requested and contains an advertisement of some kind.

  • Ham: The opposite of spam—email that is wanted.

  • False negative: A spam email message that was not detected successfully.

  • False positive: A ham email message that was wrongly detected as spam.

The History of Spam

Here are some important dates in the development of the Internet:

  • 1969: Two computers networked via a router

  • 1971: First email sent using a rudimentary system

  • 1979: Usenet (newsgroups) established

  • 1990: The World Wide Web concept born

  • 2004: The Internet is a major global network annually responsible for billions of dollars of commerce.

There is one omission from this time line:

  • 1978: The first spam email was sent.

Spam has been part of the Internet from a relatively early stage in its development. The first spam email was sent on May 3rd, 1978, when the U.S. Government funded Arpanet, as it was called then. The first spammer was a DEC engineer called Gary Thuerk who invited recipients of his email to attend a product presentation. This email was sent using the Arpanet, and caused an immediate response from the chief of the Arpanet, Major Raymond Czahor, at the violation of the non-commercial policy of the Arpanet.

Spam really took off in 1994 when an Arizona attorney, Laurence Carter, automated the posting of messages to many internet newsgroups (Usenet) to advertise his firm's services. The resultant outcry from Usenet users included the coining of the term 'spam', when one respondent wrote "Send coconuts and cans of Spam to Cantor & Co.". This sparked the beginning of spam as it is now experienced.

Spam email has increased in volume as the Internet has developed. In April 2004, PC Magazine reported that 67% of all email is spam.

Spammers

Typically, spammers are paid to advertise particular websites, products, and companies, and are specialists in sending spam emails. There are several well-known spammers who are responsible for a large proportion of spam and have evaded legal action.

Individual managers of websites can send their own spams, but spammers have extensive mailing lists and superior tools to bypass spam filters and avoid detection. Spammers have a niche in today's marketing industry, and their clients capitalize on this.

Most spam emails are now sent from 'Trojanned' computers, as reported in a press release by broadband specialist Sandvine. The owners or users of trojanned computers have been tricked into running software that allows a spammer to send spam email from the computer without the knowledge of the user. The Trojan software often exploits security holes in the operating system, browser, or email client of a user. When a malicious website is visited, the Trojan software is installed on the computer. Unknown to users, their computer may become the source of thousands of spam emails a day.

Another related risk is from phishing, which occurs when a website appears to represent a bank or other financial provider, but is actually a fake and is used to collect login details of a victim. These details can then be used to perpetuate fraud. Phishing is often initiated via an email, with a web link to the fake site that is disguised to look like the real web address.

 

The Costs of Spam


Spam is very cheap to send. The costs are insignificant as compared to conventional marketing techniques, so marketing by spam is very cost-effective, despite very low rates of purchases in response. But it translates into major costs for the victim.

Costs to the Spammer

A report by Tom Geller, Executive Director of SpamCon Foundation, estimated that the cost to send a single spam email was as little as one thousandth of a cent, yet the cost to the recipient was around 10 cents.

The overheads in sending spam are low. The main costs are:

  • An Internet connection: There are lots of flat-rate Internet Service Providers (ISPs) offering packages at around $10/month. A spammer doesn't particularly need a Digital Subscriber Line (DSL) or cable modem service—a dial-up connection will also allow large quantities of spam to be sent. In fact, dial-up accounts are preferable, as spammer accounts are routinely shut down when complaints about spam are received. Dial-up accounts are easy to set up and can quickly be activated within minutes, but DSL typically has a lead time of days.

  • Software: Specialist spam software is essential. A normal email client will restrict the number of spam messages that can be sent, and require the spammer to spend more time in front of the computer. Spammers usually write their own software, steal someone else's, or buy one. A spammer with some technical knowledge and starting from scratch can have software ready after a week. To pay someone to develop that software would cost the spammer $1000.

  • A mailing list: Most spammers will build up their own list of email addresses. For beginners, it is possible to buy a CD with 6 million email addresses on it for around $50. Ironically, these CDs are marketed via spam email. Email addresses that are guaranteed to be currently active sell for larger sums.

  • A web server: This is an optional cost. It allows a spammer to deliver 'web bug' images to validate their mailing list. Web bugs are discussed further in later chapters. Basic web hosting packages cost less than $10 a month.

For less than $1100, plus monthly costs of less than $150, a spammer could have the software, Internet connection, and a supply of addresses required to be operational.

A single computer can send thousands of emails an hour using dial-up. Spam varies, but a typical message size might be around 6,000 bytes. On a fast dial-up of around 50Kbps, it would take one second to send this email to one recipient. It would take only a little longer to send it to 100 recipients. In other words, at least 3,600 emails can be sent in an hour. For smaller emails, the number sent per hour would be greater. Once the spammer has set up the software, they can leave the computer unattended and go and do something else; they need to invest 15 minutes of their time, and the software will continue to send spam for many hours. With three phone lines, they could work for a total of an hour, and send approximately 10,000 emails an hour or 200,000 a day.

Costs to the Recipient

The European Union performed a study into UCE in 2001. In the findings, it estimated the cost of receiving spam borne by consumers and businesses to be around $8 billion. These costs are partly incurred through lost productivity or time, partly in direct costs, and partly in indirect costs incurred by suppliers, and passed on.

The cost of spam in a commercial environment is estimated to be as high as $600 to $1000 per year, per employee. For a 50-person company, this cost could be as high as $50,000 per year. Spam emails distract or take employees time and use disk space, processing power, and network bandwidth. Removing spam by hand is time consuming and laborious when there is a large amount of spam. In addition, there is a business risk, as genuine messages may be removed along with unwanted ones. Spam can also contain unsavory topics that some employees won't tolerate.

 

Spam and the Law


In the USA, legislation proceedings on spam have been in progress since 1997. The latest legislation is the CAN-SPAM act (Bill number S.877) of 2003. This supersedes many state laws and is currently being used to prosecute persistent spammers. However, it is not proving a deterrent; the Coalition Against Unsolicited Commercial Email (CAUCE) reported in June 2004 that despite several high-profile lawsuits by the Federal Trade Commission (FTC) and ISPs, spam volumes were still increasing. The CAN-SPAM act is seen as weak on two counts: that consumers have to explicitly opt-out from commercial emails, and secondly, only ISPs can take action against spammers.

In Europe, legislation exists that makes spamming illegal. However, when Directive 2002/58/EC was passed in 2002, there were several problems with it. Business-to-business emails were excluded—a business could spam each and every account at any other business and stay within the law. Additionally, each individual member state has to pass its own laws and penalties for offenders. The law requires spammers to use opt-in emailing, where recipients have to explicitly request to receive commercial emails rather than the opt-out model proposed in the USA, where anyone can receive spam and has to request to be removed from mailing lists.

The Guardian, a UK newspaper, reported in June 2004 that gangs of spammers are moving their operations to the UK due to the leniency of the laws there. The maximum penalty they face in the UK is £5000, while in Italy spammers face up to three years of imprisonment. Until June 2004, no one had been convicted under this act in the UK.

In Australia, The Spam Act 2003 came into effect in April 2004. This makes spam illegal, using an opt-in model. Additionally, there have already been successful prosecutions for spamming in Australia using previous laws.

The Internet is a multinational network and domestic legislation cannot reach to another country. A U.S.-based spammer would be at risk of prosecution if it spammed U.S. citizens and advertised a product made and sold in the US. But a spammer from the Far East would be at very little risk of prosecution. Domestic legislation will not affect the volume of spam, but it may occasionally affect the types of products advertised via spam.

Spammers will often reroute spam via other nations, so spam is sent from the US to another country and then relayed back to the US again. This makes it more difficult to trace the source of the email and to prosecute them. Many countries have no anti-spam laws and there is little or even no risk to the spammer. The blurring of geographical boundaries by the Internet does little to aid in tracing spam email to its source. Anti-spam is now moving towards tracking spammers through other means. In May 2004, the New York Times reported that the Direct Marketing Association is using paper trails in the real world to trace spammers in the virtual world with success.

 

Summary


Apart from defining the term spam, this chapter has shown that there are true financial rewards for spammers, and that the costs to market via spam email are very low for the spammer. However, they affect the recipient of the email to a large extent.

Spam has been a part of the Internet for a long time, even before the World Wide Web took roots, and despite legislation, it will probably continue to be a problem in the future. Even if one country had a truly solid anti-spam law, the global nature of the Internet implies that spam could still arrive from an overseas source.

As the use of email increases, both for business and personal use, and as the ratio of spam increases still further, it is important for companies to filter out spam to preserve efficient operations. SpamAssassin is a spam-tagging tool that can provide very effective filtering capabilities when configured correctly. This book will describe how to install, configure, and maintain SpamAssassin to provide an effective anti-spam solution.

About the Author

  • Alistair McDonald

    Alistair McDonald is a freelance IT consultant based in the UK. He has worked in IT for over 15 years and specializes in C++ and Perl development and IT infrastructure management. He is a strong advocate of open source, and has strong cross-platform skills. He prefers vim over vi, emacs over Xemacs or vim, and bash over ksh or csh.

    He is very much a family man and spends as much time as possible with his family enjoying life.

    Browse publications by this author