Modern Spam

The economy is in the toilet. This should be no news to anybody. What this means for the spammers is there are huge amounts of technically skilled people, willing to work for them.

As I said in my previous article, A Brief History Of Spam, modern spammers spend as much time hiding their activities as actually sending out the spam. But now they have skilled technicians to help them hide their activites.

One of the things the technicians do is develop and maintain the botnets, or thousands of compromised computers around the globe that are running software for the spammers, without the consent of the owners.

When you get spam, it most likely originated with an American firm. But it may have been delivered to you thru a computer in Brazil, China, or Russia (or of course the USA). And without the owners knowledge.

As I said in my earlier article, in the early days of spam, when someone did not want to receive any more, he could reply to the spam saying "No more, please", and that would be the end of the spam.

These days, anybody foolish enough to reply to spam with "Stop" (and yes, we're all tired of it, so "Please" is not a word you'll hear any more) will get one of three results.


  1. The spammer sent his spam, signed with a non-existent email address. Your complaint will go nowhere.
  2. The spammer sent his spam, signed with his actual email address. Since he knows that your address is real, and that you read your email (both facts you just told him), he can now charge more for sending you spam. And he can sell your address as confirmed, to other spammers. And you will get even more spam.
  3. The spammer sent his spam, signed with the address of an innocent third party, maybe someone who knows about the spammer and has been making trouble for him. This third party will be the target of email from other angry spam victims like you.

What this all means is that, without question, complaining to a spammer will not help you in the slightest.

There's another twist to this story though.

Nowadays, with the onslaught of spam, there is a major industry in filtering software that will read your incoming email, identify the spam, and put the spam in a separate folder. You can peruse the contents of the Bulk folder at your convenience, and look for the occasional good email placed in there.

Some filtering software, apparently created by folks who think that they are still living in the 1990's, can be configured to bounce, or send the spam, back to the person who supposedly sent it. Being of the previous decade, the creators of this software will have it create a bounce to look like a statement from your email system, saying that the email is undeliverable, as in addressee unknown. This is known in email language as a Non-Delivery Report or NDR.

One would hope that the creators of email filtering software would surely know that every step that any piece of email takes thru the email system is diligently recorded in the headers of the email. An NDR created immediately by the email server owned by your ISP (who legitimately can say that an address does not exist) will only slightly resemble a bounce from your email software attempting to fake an NDR.

Also perplexing is the idea that these folks still think that spammers would actually prune their address databases based upon receiving an actual NDR.

Still more perplexing is the idea that the creators of the email filtering software don't seem to know that the spammers know the difference between an actual NDR, and a faked one. So, when you send a fake NDR (your filter bounces the spam), what do you think will happen? See the above list of three results, please.

Every anti spam activist knows that bouncing spam is not ever going to help you in the slightest.

If spam filtering software needs to protect you from spam, but the creators are so far out of touch with reality that they design their software with features that will not help you at all if used, should you trust that software?

So as time moved on, and people got smarter, and are not using email so predictably, spammers have had to adapt too.

0 comments: