Book Image

SpamAssassin: A practical guide to integration and configuration

Book Image

SpamAssassin: A practical guide to integration and configuration

Overview of this book

As a busy administrator, you know Spam is a major distraction in todays network. The effects range from inappropriate content arriving in the mailboxes up to contact email addresses placed on a website being deluged with unsolicited mail, causing valid enquiries and sales leads to be lost and wasting employee time. The perception of the problem of spam is as big as the reality. In response to the growing problem of spam, a number of free and commercial applications and services have been developed to help network administrators and email users combat spam. Its up to you to choose and then get the most out of an antispam solution. Free to use, flexible, and effective, SpamAssassin has become the most popular open source antispam application. Its unique combination of power and flexibility make it the right choice. This book will now help you set up and optimize SpamAssassin for your network.
Table of Contents (24 chapters)
SpamAssassin
Credits
About the Author
About the Reviewers
Introduction
Glossary

Chapter 1. Introducing Spam

Spam is an often-used term, but as with many terms, it means different things to different people. This chapter defines the term 'spam' as used in this book and reviews its history. By examining the economics and costs involved with spam, we will explain why spam has become so invasive to modern computing. Finally, we will describe the current legal position against spam.

Defining Spam

Spam, in computing terms, means something unwanted. It has normally been used to refer to unwanted email or Usenet messages, and it is now also being used to refer to unwanted Instant Messenger (IM) and telephone Short Message Service (SMS) messages. Spam email is unwanted, uninvited, and inevitably promotes something for sale. Often the terms junk email, Unsolicited Bulk Email (UBE), or Unsolicited Commercial Email (UCE) are used to refer to spam email. Spam generally promotes Internet-based sales, but it also occasionally promotes telephone-based or other methods of sales too.

People who specialize in sending spam are called spammers. Companies pay spammers to send emails on their behalf, and the spammers have developed a range of computerized tools and techniques to send these messages. Spammers also run their own online businesses and market them using spam email.

The term 'spam email' generally precludes email from known sources, regardless of however unwanted the content is. One example of this would be an endless list of jokes sent from acquaintances. Email viruses, trojan horses, and other malware (short for malicious software) are not normally categorized as spam either, although they share some common traits with spam. Emails that are not spam are often referred to as ham, particularly in the anti-spam community. Spam is subjective, and a message considered spam by one recipient may be welcomed by another.

Anti-spam tools can be partially effective in blocking malware, however, they are best at blocking spam. Special anti-virus software can and should be used to protect your inbox from other undesirable emails.

Definitions

The following definitions will be used throughout this book:

  • Spam: Unsolicited Commercial Email or UCE. It is any email that has not been requested and contains an advertisement of some kind.

  • Ham: The opposite of spam—email that is wanted.

  • False negative: A spam email message that was not detected successfully.

  • False positive: A ham email message that was wrongly detected as spam.

The History of Spam

Here are some important dates in the development of the Internet:

  • 1969: Two computers networked via a router

  • 1971: First email sent using a rudimentary system

  • 1979: Usenet (newsgroups) established

  • 1990: The World Wide Web concept born

  • 2004: The Internet is a major global network annually responsible for billions of dollars of commerce.

There is one omission from this time line:

  • 1978: The first spam email was sent.

Spam has been part of the Internet from a relatively early stage in its development. The first spam email was sent on May 3rd, 1978, when the U.S. Government funded Arpanet, as it was called then. The first spammer was a DEC engineer called Gary Thuerk who invited recipients of his email to attend a product presentation. This email was sent using the Arpanet, and caused an immediate response from the chief of the Arpanet, Major Raymond Czahor, at the violation of the non-commercial policy of the Arpanet.

Spam really took off in 1994 when an Arizona attorney, Laurence Carter, automated the posting of messages to many internet newsgroups (Usenet) to advertise his firm's services. The resultant outcry from Usenet users included the coining of the term 'spam', when one respondent wrote "Send coconuts and cans of Spam to Cantor & Co.". This sparked the beginning of spam as it is now experienced.

Spam email has increased in volume as the Internet has developed. In April 2004, PC Magazine reported that 67% of all email is spam.

Spammers

Typically, spammers are paid to advertise particular websites, products, and companies, and are specialists in sending spam emails. There are several well-known spammers who are responsible for a large proportion of spam and have evaded legal action.

Individual managers of websites can send their own spams, but spammers have extensive mailing lists and superior tools to bypass spam filters and avoid detection. Spammers have a niche in today's marketing industry, and their clients capitalize on this.

Most spam emails are now sent from 'Trojanned' computers, as reported in a press release by broadband specialist Sandvine. The owners or users of trojanned computers have been tricked into running software that allows a spammer to send spam email from the computer without the knowledge of the user. The Trojan software often exploits security holes in the operating system, browser, or email client of a user. When a malicious website is visited, the Trojan software is installed on the computer. Unknown to users, their computer may become the source of thousands of spam emails a day.

Another related risk is from phishing, which occurs when a website appears to represent a bank or other financial provider, but is actually a fake and is used to collect login details of a victim. These details can then be used to perpetuate fraud. Phishing is often initiated via an email, with a web link to the fake site that is disguised to look like the real web address.