Spamming Techniques and
By Neha Gupta
Research Assistant, MINDLAB
University of Maryland-College Park
What is Spamming?
Cost, history and types of spam
Insight into Spammers minds
Spamming tricks and techniques
Spam Control Methods and Feasibility
What is Spamming?
Spamming is the abuse of electronic
messaging systems send unsolicited bulk
messages or to promote products or services.
Most widely recognized abuse is email spam.
instant messaging spam
usenet newsgroup spam
web search engine spam-’Spamdexing’
spam in blogs
mobile phone messaging spams.
Costs of Spams
Consumption of computer and network
Race between spammers and those who
try to control them.
Lost mail and lost time.
Cost United States organizations alone
more than $10 billion in 2004.
History of Spam
Internet was first established as for educational
and military purpose.
Probably the first spam was sent by an
employee of Digital Equipment Corporation on
the APRANET- March 1978.
Cantor and Siegel posted an advertisement for
"Green Card Lottery“ to 6000 newsgroups -1994.
Global Spam Categories
Product Email Attacks
Financial Email Attacks
Adult Email Attacks
Scams Email Attacks
Health Email Attacks
Leisure Email Attacks
Internet Email Attacks
Refer themselves as ‘bulk marketers’,
’online e-mail marketers’ ,’mail bombers’.
One of the main reasons people started
spamming was it had an extremely low
start-up cost ~ 1500 K.
Sending spam to sell their products
Examples : pirated software-easily distributable
Harvesting email addresses
Builds lists of spams and sells to other spammers.
Affiliate Programs: ‘Most common types’
Click through rate
Can make -150-2000$ per campaign
Top-to-bottom HTML encoding
Code words as individual letters
Zero Font Size
Text messages are embedded in images
Adding spaces or characters
B*U*Y or B-U-Y
Replace ‘l’ by 1 ,’O’ by ‘0’
Legitimate message attached with short spam
Ways to Send spams/bulk mails
Spoofing Email addresses
Using Multiple ISPs
Example: spammers send short bursts of
messages every 20 seconds from 6
different computers using different ISPs
and in 12 hour time span can average
over 1.3 million messages.
Spoofing email addresses
Emails use SMTP – simple mail transfer
protocol, documented in RFC 821.
Was designed to be simple and easily usable.
Open Relay SMTP servers
No need to verify your identity
Operates on port 25
>telnet mail.abc.com 25
220 ss71.shared.server-system.net ESMTP Sendmail 8.12.11/8.12.11;
Fri, 8 March 2007 10:17:19 -0800
250 ss71.shared.server-system.net Hello [18.104.22.168], pleased to
receipt to :email@example.com
Blah blah blah ..
Phishers attempt to fraudulently acquire
sensitive information, such as usernames,
passwords and credit card details, by
masquerading as a trustworthy entity in
an electronic communication.
Ebay and Paypal are two of the most
targeted companies, and online banks are
also common targets
More than 80 percent of all spam
worldwide comes from zombie PCs owned
by businesses, universities, and average
computer owners, says MessageLabs, an
e-mail security service provider.
Zombie PCs are computers that have been
infected by malicious code that allows
spammers to use them to send e-mail.
Spam Control Ideas
Content or Point Based Spam
Postage/Stamp Based Spam
Content/Point Based Spam
Rule Based Approach
Distributed adaptive blacklists
Rule Based Approach
•Email is compared with a set of rules to
determine if it’s a spam or not with various
weights given to each rule. E.g. Spam Assassin
Very effective with a No self-learning
given set of
for the filter.
Accuracy 90-95% knowledge of rules
No need of training can design spam
to deceive the
Rules can be updated method.
Detected spammers/open relays that are
found to be sources of spam are black
Blacklist can be maintained both at
personal and server level.
Useful in the scenario As soon as the
when servers are spammer learns that
compromised and the computer is being
used for sending spam detected he can use a
to hundreds of different computer.
thousands of users.
Can be a better option
when used at ISP
Tools like Razor and
Pyzor can be used for
Aggressive technique for spam filtering .
Used in mailing lists.example users
subscribed to the mailing list can only send
message to the list.
Any mail from an unknown email address will
will require a confirmation message the first
time posting from that mail address. A
confirmation reply adds that address to the
Bayesian Spam Filters
Use probabilistic approach
Have to be trained, not self learning.
Can customize according to users
No need of a centralized mechanism
Everyone relies on them
Based on words.
Pro-active measures against spams.
Based on economics.
“When sending an email to someone, the
sender attaches a stamp to his message ,a
token that is costly to the sender but
demonstrates his good faith”
Types of Postage Payment Methods
Monetary Payment Method
First time a sender sends a message he sends
some cheque redeemable as money from
recipient’s stamp processing software.
Postage can be returned in reply.
After that both are in each others whitelist.
Security problems related to e-cash.
Postage ~ computing resources
The sender’s software makes some kind of
computationally expensive computation
which is relatively easy for the receiver to
E.g calculation of a hash message digest
used in CAMRAM project.
Payment ~Human Time
Automated reply from a recipients
Sender would connect to a webpage and
answer itself as a human spending time
answering a simple test which till date
only humans can pass.
Turing Test to tell Computers and
Implementation of Stamp Payment
Standardize an Email Postage Payment
MUA (Mail User Agent) modification is
Stamps will be attached with emails in
envelopes and headers ,care should be
taken to pick the encoding convention .
Business Models for Spreading
Sale of services to IT departments.
Sale of ready-to-use software.
Investment of deposits on postage
Sale of marketing services
Spams costs time and resources
The design of any information centric
system should be such that it can prevent
the misuse of resources by malicious
An Essay on Spam-Paul Graham
Norman Report-Why spammers spam.
Prof. Ashok Agrawala
Mudit Agrawal- proof reading
THANKS & QUESTIONS