Email Spam: Fundamentals and Applications

By Fouad Sabry

What Is Email Spam

Email spam, also known as junk email, spam mail, or just spam, is the practice of sending unsolicited communications in large quantities via email (also known as spamming). The name originates from a sketch that was performed by Monty Python, in which the name of a canned pork product was parodied. Spam is widespread, unavoidable, and repeated. Since the early 1990s, spam in email has been gradually increasing, and by 2014, it was estimated that it accounted for approximately 90% of all overall email traffic.

How You Will Benefit

(I) Insights, and validations about the following topics:

Chapter 1: Email Spam

Chapter 2: Email

Chapter 3: Spamming

Chapter 4: Anti-spam Techniques

Chapter 5: Email Filtering

Chapter 6: Sender Policy Framework

Chapter 7: Domain Name System Blocklist

Chapter 8: The Spamhaus Project

Chapter 9: History of Email Spam

Chapter 10: Email-address Harvesting

(II) Answering the public top questions about email spam.

(III) Real world examples for the usage of email spam in many fields.

(IV) 17 appendices to explain, briefly, 266 emerging technologies in each industry to have 360-degree full understanding of email spam' technologies.

Who This Book Is For

Professionals, undergraduate and graduate students, enthusiasts, hobbyists, and those who want to go beyond basic knowledge or information for any kind of email spam.

• Language: English
• Publisher: One Billion Knowledgeable
• Release date: Jul 5, 2023

Book preview

Chapter 1: Email spam

Email spam, often known as junk email, spam mail, or just spam, refers to mass mailings of unwanted advertisements transmitted over email (spamming). Monty Python's Life of Brian comedy used the name of a canned pork product as a running joke. Spam is annoying because it constantly appears in your inbox.

Since the receiver usually has to pay for the spam,, Laws and litigation have not been especially effective in stopping spam anywhere, despite the fact that the definition and status of spam vary from jurisdiction to jurisdiction.

The vast majority of spam emails include advertisements. Many emails, commercial or otherwise, are not only bothersome because they steal valuable time and focus, but also hazardous since they may include links to malicious websites, such as phishing pages or sites that host malware or have malware attached to the email itself.

Spammers glean email addresses from several sources, including user-submitted forms on websites, customer lists, newsgroups, and malicious software that steals contact information. When spammers obtain email addresses, they often sell them on to other spammers.

Commercial email was banned at the inception of the Internet (the ARPANET). Internet service provider (ISP) ToS/AUPs and social pressure now do the heavy lifting of policing compliance with the spam prohibition.

Both large, well-known enterprises and small, unknown ones send out spam. Some spam is considered Mainsleaze since it comes from a respected company.

URLs to websites are often included in spam emails.

A 2014 study from Cyberoam said, Every day, an estimated 54 billion spam messages are sent.

"Pharmaceutical products (Viagra and the like) jumped up 45% from last quarter’s analysis, leading this quarter’s spam pack.

Emails that claim to provide high-paying employment in a hurry, A second place finisher is quick money, Approximately 15% of all spam messages may be attributed to these.

And, Third place goes to diet-related spam emails (such as Garcinia gummi-gutta or Garcinia Cambogia), It amounts to around 1 percent of the whole.

Emails purporting to come from legitimate companies like PayPal or banks are often spoofed in spam to trick consumers into divulging sensitive information. What you've just experienced is phishing. Spear-phishing refers to a sort of phishing in which the attacker uses personal information about the target to craft convincing but fraudulent emails.

A business may pay to have its client information (which includes names, addresses, and phone numbers) matched with another database (which includes email addresses). When the organization has this capability, it may send emails to individuals who haven't asked for them, which might include those who have purposefully withheld their email address.

Spam that makes use of images, Most picture spam is annoying because it includes meaningless, computer-generated text. However, modern technology in certain applications seeks for text in photos in an attempt to understand it. These systems aren't very reliable and may falsely exclude photos of perfectly legal things (such a box with writing on it) from consideration.

However, a more recent method involves using an animated GIF picture that does not include legible text in its first frame or distorting the forms of letters in the image (as in CAPTCHA) to thwart optical character recognition software.

Advertisements are absent from blank spam. The message content and subject line are often absent. The fact that it is unsolicited and sent in large quantities makes it a perfect example of spam.

There are a variety of purposeful and accidental processes that might give rise to blank spam:

Directory harvest attacks, a kind of dictionary attack used to collect valid addresses from an email service provider, are one possible source of blank spam. Since the aim of this kind of attack is to sort legitimate addresses out from invalid ones using the bounces, spammers don't need to include much of anything in the header or the body of the message.

If the spammer fails to include the payload in the spam run setup, the result will be blank spam.

Computer errors, such as software defects or others, may be to blame for the abbreviated appearance of blank spam headers. This includes anything from badly designed spam software to faulty relay servers.

It's possible that some spam will look blank when it isn't. VBS.Davinia.B is a worm that spreads by blank-looking emails that really include malicious HTML code that downloads other files.

Email spam, viruses, and worms all contribute to what's known as backscatter. When email servers are incorrectly set up, the sender of the email being rejected or quarantined receives a false bounce notification (rather than simply rejecting the attempt to send the message).

It's possible that a good person will get a bounce if the sender's address was faked. These emails qualify as spam since the receivers did not ask for them, they are very repetitive, and they were sent in large numbers. As a result, systems that produce email backscatter run the risk of being blacklisted by many DNS servers and violating the TOS of numerous ISPs.

There are legal remedies available to victims of spam if they can prove they were harmed by it and track down the sender, such as filing a trespass to chattels claim. In this manner, some substantial civil settlements have been achieved, Finally, as will be shown below, most nations have passed laws making some types of spamming illegal:

According to Article 13 of the European Union Directive on Privacy and Electronic Communications (2002/58/EC), each EU member state is responsible for enacting laws that prohibit sending unsolicited commercial electronic messages to anyone who have indicated they do not want to receive them.

In the United Kingdom, for instance, it is against the law to send an individual subscriber unsolicited emails unless express permission has been granted or there is an established business connection between the sender and recipient.

The Spam Prevention via Enhanced Enforcement Act of 2010 (which took effect in 2014)

The Spam Act of 2003, which regulates unwanted electronic mail and telephone calls. The maximum punishment for a body corporate is 10,000 penalty units, whereas the maximum penalty for an individual is 2,000 penalty units.

Many American states passed anti-spam legislation in the late '90s and early '00s. In 2003, however, the CAN-SPAM Act replaced all of these regulations, Spammers may knowingly commit fraud in order to spread their messages. Spammers often create disposable accounts at numerous ISPs with fake names, addresses, phone numbers, and other contact information. Furthermore, they often make use of stolen or fictitious credit card details to fund these accounts. As the host ISPs shut down each account, they may swiftly switch to a new one.

It's possible the sender went to considerable measures to hide their identity. If a large company receives a lot of complaints or has its email blocked, it may employ a separate company to send out its communications. Others fake their email addresses in order to commit fraud (much easier than IP address spoofing). Since the SMTP email protocol does not need any authentication to function, a spammer may make it seem as if the message was sent from any address. Some Internet service providers (ISPs) and domains employ SMTP-AUTH to avoid this by verifying the sender's email address.

Since the receiving mailserver logs the real connection from the previous mailserver's IP address in the 'Received' header, it is