Inside the Spammers' Arsenal

Here's a look at the weapons junk e-mailers wield -- and a few tips on how you can avoid their attacks

Get-rich-quick schemes, miracle diets, hot sex! All available to you! Now!!!!! Just how does all that spam land in your in-box? Fact is, it's pretty easy to send spam without leaving a trace of where it originated. Here are some tools of the trade spammers employ to make sure you've got mail -- plus techniques to thwart them and what to stay below their radar.

Finding you. It's surprisingly easy to obtain hundreds of thousands of names and e-mail addresses. Spammers can buy direct-marketing lists with, say, a million names for as little as $19.95. They also blast messages to addresses they think may exist because they're a common name such as In addition, spammers play the alphabet game. They write programs to systematically fire off e-mails to,, and so on.

Finally, they often use e-mail "harvesting" software, which combs the Net much like a search engine does, looking for e-mail addresses that are posted on Web sites or in newsgroups and chat rooms. The programs are fairly simple to write, but spammers can also buy them or download them free from a variety of bulk e-mail Web sites. One program, called Atomic Harvester, advertises that it's so simple to use a "12-year-old could learn how to run it in 15 minutes."

Disguising themselves. A spammer's next step is to hide the message's origin. If it's easy to trace, ISPs will quickly shut down the e-mail account -- and possibly take the spammer to court. Spammers also don't want angry recipients to find them. Instead, they often put a phone number at the bottom of the message. All calls go into voicemail and they respond only to nonthreatening callers.

Spammers use two tricks to cloak their location: forging the return address and the message's headers, which indicate the path the mail takes across the Internet. Changing the return address is easy. Spammers simply click a button in the mail client, usually in the mail "properties" menu, to make it look like it's from, say, This option is available to accommodate users with odd e-mail addresses.

So someone whose e-mail address is can alter it to look like Dr. Tim Smith in a recipient's e-mail box. A good way to identify spam is to look for return addresses with the classic five-letter pattern of random characters that are automatically generated by bulk mailing programs.

To forge headers, spammers often exploit a key part of the Internet's architecture: third-party relay systems. An e-mail message doesn't always go directly from the sender's mail server to the recipient's. It often makes many stops at mail servers along the way, a feature that allows for reliable e-mail delivery by preventing bottlenecks if one server is congested or offline.

Most relay systems, including those at universities and large corporations, are cloaked to prevent anyone from processing mail through their servers. But others are open. Spammers roam the Net until they find an open relay, and with a few simple commands either use the relay to process their bulk mail or simply make it look like that's where the mail originates from.

The result: The innocent relay server is deluged with spam and often receives complaints from angry Netizens who want to get off the mailing list.

Sending spam. Ever wonder why most of the spam you receive is in your in-box in the morning? It's because many spammers send the bulk of their messages in the middle of the night -- from 2 a.m. to 6 a.m., when fewer network administrators are watching. Turns out that sending messages is the trickiest part of a spammer's job: It isn't easy to hide hundreds of thousands of messages from an ISP.

How do so many get through? Many spammers sign up for an e-mail account using a stolen credit card and within minutes fire off thousands of spams. Even if the ISP catches the spammer immediately, thousands of e-mails may have already made their way out of the system.

Spammers also use ploys to fool the recipients' network administrator. Usually, if an ISP or a corporation sees thousands or even hundreds of e-mails arriving from a single address, it will block that IP address. To counter this, many spammers write programs that automatically send only about 10 e-mails per minute. This makes it easier for the messages to slip through unnoticed. And much harder for all the folks trying to stop the spam.

How Your ISP Fights Spam

• Creates filters that search for common words and symbols found in spam, such as "!!!!!" or "Viagra"

• Scans its mail system for bulk mailings from a single or a series of IP addresses

• Scans its mail system for a series of messages addressed to a nonvalid e-mail addresses. Spammers often try multiple combinations of a name in search of a live account

• Monitors subscriber usage: A subscriber who sends out about five e-mails a week isn't likely to suddenly send 1,000 messages in one day

How You Can Fight Back

• Keep your e-mail address off Web sites and newsgroups

• If you want to chat, set up a separate e-mail account that can serve as a spam repository

• Choose an e-mail address that doesn't use common names or words. Something like is hard to remember, but it's also hard for spammers to find

• Never reply to spam. This confirms to spammers that they've reached a live person

By Jane Black

Before it's here, it's on the Bloomberg Terminal. LEARN MORE