By Doug Lowe

The most basic definition of spam is any email that arrives in your inbox that you didn’t ask for. Spam is unsolicited email. It’s email that isn’t welcome, email that you aren’t expecting. It’s email from people you don’t know or haven’t heard of, usually trying to sell you something you aren’t interested in or can’t possibly need, and often trying to trick you into parting with either your money or your valuable personal information, or both.

One of the defining characteristics of spam is that it’s sent out in bulk, often to thousands or even millions of recipients all at once. Most spam is not particularly well targeted. Instead of taking the time to figure out who might be interested in a particular product, spammers find it easier and cheaper to pitch their products to every email address they can get their hands on.

Spam is often compared to junk mail of the physical kind — the brochures, catalogs, and other solicitations that show up in your mailbox every day. In fact, spam is often called “junk email.”

However, there is a crucial difference between physical junk mail and junk email. With physical junk mail, the sender must pay the cost of postage. As a result, even though junk mail can be annoying, most junk mail is carefully targeted. Junk mailers don’t want to waste their money on postage to send mail to people who aren’t interested in what they have to sell. They carefully measure response rates to ensure that their mailings are profitable.

In contrast, it costs very little money to send huge numbers of emails. To be sure, spam is expensive. But the bulk of the cost of spam is borne by the recipients, who must spend time and money to receive, store, and manage the unwelcome email, and by the network providers, who must build out their networks with ever greater capacity and speed to accommodate the huge volumes of spam emails that their networks must carry.

Estimates vary, but most studies indicate that as much as three-quarters of all the email sent via the Internet is spam. At the time that I wrote this, there were indications that spam was actually becoming less common, accounting for closer to half of all the emails sent. But some organizations report that 80 percent or 90 percent of the email that they receive is actually spam.

One thing is sure: Spam is not just annoying; it’s dangerous. Besides filling up your users’ inboxes with unwanted email, spam emails often carry attachments that harbor viruses or other malware, or entice your users into clicking links that take them to websites that can infect your network. If your network is ever taken down by a virus, there’s a very good chance that the virus entered your network by way of spam.

So, understanding spam and taking precautions to block it are an important part of any network administrator’s job.

Spam is unsolicited and/or unwanted email. That’s a pretty broad definition, but there are several distinct categories of spam:

  • Advertisements: Most spam is advertising from companies you’ve never heard of, trying to sell you products you aren’t interested in. The most common type of product pitched by spam emails are pharmaceuticals, but spam also commonly promotes food supplements, knock-offs of expensive products such as watches or purses, weight-loss products, and so on.
  • Phishing emails: Among the most annoying and dangerous types of spam are phishing emails, which try to get you to divulge private information such as credit card account numbers or passwords. Phishing email masquerades as legitimate email from a bank or other well-known institution and often includes a link to a phony website that resembles the institution’s actual website. For example, you might get an email informing you that there was a suspicious charge on your credit card, with a link you can click to log in to verify that the charge is legitimate. When you click the link, you’re taken to a page that looks exactly like your credit card company’s actual page. However, the phony page exists solely to harvest your username and password.

Another type of phishing email includes an attachment that claims to be an unpaid invoice or a failed parcel delivery notice. The attachment contains a Trojan that attempts to infect your computer with malware.

  • Scams: The most common type of email scam is called an advance-fee scam, in which you’re promised a large reward or prize in the future for advancing a relatively small amount of money now in the form of a wire transfer or money order. You may have heard of or actually received the classic scam known as the Nigerian prince scam, in which a person claiming to be a Nigerian prince needs your help to transfer a huge amount of money (for example, $40 million) but can’t use an African bank account. The prince needs to use your personal bank account, and will pay you a percentage — perhaps $1 million — for your help. But you must first open a Nigerian account with a minimum balance — of perhaps $1,000 or $10,000 — to facilitate the transfer. All you have to do is wire the money, and they’ll take care of the rest.

There are many variations of this story, but they all have one thing in common: They’re too good to be true. They offer you a huge amount of money later, in exchange for a relatively small amount of money now.

  • Ads for pornographic websites: Such websites are notorious for being top sources of viruses and other malware.
  • Get-rich-quick schemes: Pyramid schemes, multilevel marketing schemes, phony real-estate schemes, you name it — they’re all in a category of spam that promises to make you rich.
  • Backscatter: Backscatter is a particularly annoying phenomenon in which your inbox becomes flooded with dozens or perhaps hundreds of nondelivery reports (NDRs), indicating that an email that you allegedly sent didn’t arrive. When you examine the NDRs, you can easily determine that you never sent an email to the intended recipient. What’s actually going on here is that your email address has been used as the From address in a spam campaign, and you’re receiving the NDRs from the mail servers of those spam emails that were not deliverable.

Though technically not spam, many users consider advertisements and newsletters from companies they have dealt with in the past to be a form of spam. An important element of the definition of spam is the word unsolicited. When you register at a company’s website, you’re effectively inviting that company to send you email.