ARTICLES
Stop spam 
Configuring Outlook 
Web browser 

TOPICS
Auto responders 
Email addresses 

RETURN TO
Email 
New Page 1

How ISPs (can) block spam

ISPs can (and do) play a large role in limiting the amount of spam received by their clients - but keeping the junk out is a more difficult task than most people know.

Cozahost employs sophisticated software to protect our clients from spam.

This article explains why and how we do it.

(For practical tips and advice on how to avoid spam, please see the article "Seems like you volunteered to receive spam?")

What is spam?

If you don't know what spam is, then you are a very lucky internet user! 

On the other hand, you may already (or will soon) be receiving tens or even hundreds of emails with offers to enlarge a certain part of your anatomy, Viagra at discount, pornography and worse.

This is the work of spammers.

The "proper" name for these email advertisements is UCE - an abbreviation for Unsolicited Commercial Email. 

"Spam" is actually a trademark name for a canned meat product. :-) But I digress:  the point is that the word "Spam" is commonly used to refer to "advertisement" emails from people or companies you never heard of: in other words, it is unsolicited. 

Virtually no internet email user will escape this problem - unless you take the necessary precautions.

Spam is a HUGE problem - and growing

To give you an idea of the magnitude of the problem:  In 2003 approximately 1.5 trillion spam messages was sent.  In the first quarter of 2004, that number jumped to 1.6 trillion...in 3 months!

The economic damage caused by spam (lost productivity and network congestion) was estimated to be between US$58 billion and US$78 billion in the first quarter of 2004 alone.

At this time (January 2008), Cozahost is blocking on average of 45 000 spam emails per day!  If it takes just two seconds to download and delete an spam message: imagine the time that would have been wasted dealing with this junk. 

How do the spammers do it?

Spammers are in it for the money.  They know that less than 0.001% of the emails they send will result in a lead, and perhaps less than 0.01% of the leads will eventually result in a sale. 

Their answer:  send 10 million email messages to get 10 sales.  Tomorrow, send another 10 million emails and get another 10 sales...and so on, until some of the most notorious and largest spammers make more than US$ 1 million per year.  (Remember that sending a million emails costs just about nothing.)

Their profit margins are typically infinite, because a "sale" to them means getting money from the customer: in most cases they never deliver the product itself. 

Since there is a lot of money to be made by preying on the naiveté of internet users, these fraudsters can afford to spend time and money to hire programmers and technicians to make their operations difficult to trace.

All reputable Internet Service Providers (ISP) will terminate an user's account immediately if they are identified as a spammer, so the bad guys will typically get an internet access account from an ISP (using false information) and then push as much spam through that ISP as possible before their operation is detected and the account is closed.  By the time their account is terminated, the spammer has already set up one or more new accounts (using false information) with the same or several other ISPs, so the spammer just moves on to the next account.  In many cases this process of burn and run is automated by special software.

Of course spammers falsify sender email address and other details to make it more difficult for ISPs and law enforcement to find them, but the method most relied on to avoid identification is to abuse other (innocent) email servers in order to relay their junk mail.  They find unsecured mail servers (open relays) by constantly scanning large blocks of internet network addresses, looking for mail servers that have not been properly secured.

If you think that finding these open relays must be a lengthy and complicated process for spammers, you would be wrong. 

A typical user connecting to the internet with an ADSL or leased line will find that spammers locate their machines and probe for security holes within minutes after they connect.

Scanning for open relays and sending spam requires significant computing power and a thick network pipe, but the spammers found a simple way around that:  they use other peoples computers and network connections.  This dirty trick involves creating computer viruses that, once it penetrated a PC, will help the spammer to find open relays, or even send spam on behalf of the spammer.  (It is estimated that there are more than 14 million computers on the internet that has been compromised in this way - and the number is climbing.) 

The spammer controls his network of  "Zombies" (PCs with the virus) as if it is one huge computer with virtually infinite computing power and oodles of bandwidth - all geared to pump junk into your inbox. 

The final insult: imagine a spammer using your own virus infected PC to send you spam! :(

A perfect storm

The way email is transported on the internet is more than 30 years old.  It dates back to the days when the internet was mainly used by universities to share information, there were a few thousand machines on the network at most, and it was unimaginable that a person could have his very own personal computer.

Since then the internet changed drastically:  There are hundreds of millions of computers on the internet.  Just about anybody can afford to buy a personal computer and connect it to the internet. 

The internet is growing so fast that the network numbering scheme will have to be changed within a few years because we are on the point of running out of the 4 BILLION possible addresses.

Yet, amazingly, we are still using good old SMTP (Simple Mail Transfer Protocol) from the old, innocent days!

SMTP assumes that everyone on the network is trust worthy.  It mandates that any server on the network must be able to send email to any other server (or person) on the network - just like the physical postal system works.

The number one strength of SMTP (universal connectivity) is also it's greatest weakness, because it allows spammers to send email anonymously and virtually untraceably.  The very system that carries email on the internet, is the same system that is indirectly responsible for the huge amount of spam that threatens to destroy it.

At this point you may be wondering why the protocol is not simply replaced by a newer, more secure protocol?  The answer to this question is depressingly simple:  Installed base.  There is an old information technology joke that goes:

Article: 01CF6S388796
(c) Cozahost 2002, all rights reserved.