History

Wi-Fi uses both single-carrier direct-sequence spread spectrum radio technology (part of the larger family of spread spectrum systems) and multi-carrier orthogonal frequency-division multiplexing (OFDM) radio technology. The deregulation of certain radio-frequencies[by whom?] for unlicensed spread spectrum deployment enabled the development of Wi-Fi products, Wi-Fi's onetime competitor HomeRF, Bluetooth, and many other products such as some types of cordless telephones.

In the US, the FCC first made unlicensed spread spectrum available in rules adopted on May 9, 1985.[3]

Many other countries later adapted these FCC regulations, enabling use of this technology in all major countries.[citation needed] The FCC action was proposed by Michael Marcus of the FCC staff in 1980 and the subsequent regulatory action took 5 more years. It was part of a broader proposal to allow civil use of spread spectrum technology and was opposed at the time by mainstream equipment manufacturers and many radio system operators.[4]

Wi-Fi technology has its origins in a 1985 ruling by the U.S. Federal Communications Commission that released several bands of the radio spectrum for unlicensed use.[5] In 1991 NCR Corporation/AT&T (later Lucent Technologies and Agere Systems) invented the precursor to 802.11 / Wi-Fi in Nieuwegein, The Netherlands. The inventors initially intended to use the technology for cashier systems; the first wireless products were brought on the market under the name WaveLAN with raw data rates of 1 Mbit/s and 2 Mbit/s. Vic Hayes, who held the chair of IEEE 802.11 for 10 years and has been called the "father of Wi-Fi" was involved in designing the initial 802.11b and 802.11a standards within the IEEE.

In 1992, the CSIRO obtained a patent in Australia for their wireless data transfer technology. In 1996, they obtained a patent for the same technology in the US.WiFi uses the mathematical formula in the patents. In 2000, CSIRO demonstrated the world's first wireless local area network internet connection.

In April 2009, 14 tech companies including Intel, Microsoft, HP, Dell, agreed to pay CSIRO $250 million for their Wi-Fi patent infringements.

Europe leads overall in uptake of wireless-phone technology,[citation needed] but the US leads in Wi-Fi systems partly because it leads in laptop computer usage. As of July 2005, there were at least 68,643 Wi-Fi locations worldwide, a majority in the US, followed by the UK and Germany. The US and Western Europe have about 80% of the worldwide Wi-Fi users. Plans are underway in metropolitan areas of the US to provide free public Wi-Fi coverage. Even with these large numbers and more expansion, the extent of actual Wi-Fi usage is lower than expected. Jupiter Research found that only 15% of people have used Wi-Fi and only 6% in a public place.

WiFi

Wi-Fi (pronounced /ˈwaɪfaɪ/) is a trademark of the Wi-Fi Alliance that manufacturers may use to brand certified products that belong to a class of wireless local area network (WLAN) devices based on the IEEE 802.11 standards, which is by far the most widespread WLAN class today. Because of the close relationship with its underlying standard, the term Wi-Fi is often used as a synonym for IEEE 802.11 technology.

The Wi-Fi Alliance, a global association of companies, promotes WLAN technology and certifies products if they conform to certain standards of interoperability. Not every IEEE 802.11-compliant device is submitted for certification to the Wi-Fi Alliance, sometimes because of costs associated with the certification process. The lack of the Wi-Fi logo does not necessarily imply a device is incompatible with Wi-Fi devices.

As of 2010, IEEE 802.11 devices are installed in many personal computers, video game consoles, smartphones, printers, and other peripherals, and virtually all laptop or palm-sized computers.

Cutting off IP connectivity to spam sources

Cutting off IP connectivity to spam sources

BGP

Router ACLs (under Linux or BPF)

TCP Wrappers

Host Routing Tables

Host Firewalls

There are at least three ways to block IP connections from spam sites. The first two block connectivity at a fairly low level. You can also block spam sites from accessing your TCP/IP services such as SMTP, FTP and HTTP.

BGP

The first method involves dropping routes received via BGP, so is typically best suited to ISPs than to individual users. See MAPS for more information.

Router ACLs

The second method is useful if you don't run BGP, for example if your site is an end node on the Internet. You probably already use router access lists to implement packet filtering for security purposes. Simply add the IP range of the spam sites to your packet filters, and no spam packets will reach your site.

On a Cisco router, the ACL is defined by:

access-list 100 deny ip ppp.qqq.rrr.0 0.0.0.255 any

where ppp.qqq.rrr.0 is the address used by the spamming site. If "ip" is replaced by "tcp" and "any" is prefix by "eq smtp", only SMTP will be block, as per "port blocking selected outgoing calls"

Note that with more complex ACLs that the ORDER IS SIGNIFICANT

The interface to filter also needs:

ip access-group 100 in

Linux routing

Linux boxes with IP filtering enabled can use a command such as

ipfwadm -I -a deny -S ppp.qqq.rrr.000/255.255.255.0

or (depending on the release version ?)

ipfwadm -I -a deny -S ppp.qqq.rrr.000/24 -D 0.0.0.0/0

"-I" means "incoming firewall rule".

"-a deny" means "add the policy to deny this".

"-S ppp.qqq.rrr.000/255.255.255.0" means the traffic has a source and netmask as specified.

"-D 0.0.0.0/0" means to any destination.

You can also use "-a reject" instead of "-a deny". When you use a "reject", the remote site gets "connection refuesd". When you use a "deny", the remote site just thinks the connection times out.

Conversely, ISPs can be good net citizens by port blocking selected outgoing calls.

Using the LBL BPF kernel filter

The LBL BFP kernel filter can be used to reject packets from SPAM sites with `port unreachable' with a filter such as

dst port 25 and (src net 205.199.212 or src net 204.250.46/27)

The author warns `Installing BPF kernel filters is not for everyone. But it's not too difficult to install the current version of bpf on a SunOS 4 kernel and I will soon include the necessary patches for FreeBSD.'

Update 14 June 2002: BPF is now a standard part of FreeBSD.

TCP Wrappers

The third method makes use of the TCP wrappers package. (The latest version is available in ftp://ftp.porcupine.org/pub/security/index.html and is 7.6 as of this writing.) The TCP wrapper allows a site administrator to wrap services so that they can only be used by authorized hosts. By enabling "-DPROCESS_OPTIONS" when compiling tcpd, finer control can be achieved over which sites can call. A single /etc/hosts.allow can say which host can, and which cannot, call services. In this form, to block calls for `service' from badsite.com, have the line

service : badsite.com .badsite.com : DENY

If PROCESS_OPTIONS is not set, then nothing need be added to hosts.allow, but /etc/hosts.deny should have

service : badsite.com .badsite.com

Note that the ORDER in which the rules are given IS SIGNIFICANT. Take care to ensure that there isn't an ALL entry before the line which denies access.

See the section on mail blocking for an example of how to use the TCP Wrapper in conjunction with the TIS Firewall Toolkit to block spam sites from using your SMTP server.

Host Routing Tables

On a per host basis, it is possible to create dummy route entries which cause all reply packets for the relevant hosts or networks not to get to the sender, ensuring that TCP connections cannot be established. This may have an adverse effect on the listen queue, as most network code does not expect the initial handshakes to fail. As such, it may be necessary to increase the listen queue of the MTA, and/or raise the default system listen queue (e.g. for sendmail, use the undocumented "OOL=20" in sendmail.cf to double the queue length from the default setting of 10).

The exact format of the command to achieve this varies between systems, but it may be of the form:

route add -host 1.2.3.4 gw 127.0.0.1

route add -net 2.3.4.0 gw 127.0.0.1 netmask 255.255.255.0

Some systems (e.g. FreeBSD) have a "-reject" flag.

Ross Wheeler, from an Australian ISP, has written a script that dynamically blocks IP routing to addresses of hosts that have recently attempted any number of invalid probes, such as sending to nonexistent users, attempting to relay e-mail, or hitting "bait" addresses..

Host Firewalls

PacketBL is a tool that uses DNSBLs to configure network filtering to drop packets (Linux).

This is a chapter on using spamd on OpenBSD to redirect SMTP connections from spammer hosts to a specialized mail daemon that rejects their mail

Controlling E-mail Spam

Email spam blocking techniques fall into one of two broad areas. The first area, common in small to midsize sites, is to add spam blocking technology into the Mail Transfer Agent (MTA) - Exchange, Sendmail, Postfix and Communigate are all examples of MTAs. The second technique is more commonly used by large sites and sites with dedicated mail administrators, and that is to put a mail-blocking appliance between the MTA and the Internet. Both techniques have in common some sort of automatic update mechanism so that the MTA or appliance is kept up-to-date against the latest spam sites, patterns and attacks. One of the more popular anti-spam software titles for these purposes is GFI MailEssentials. GFI MailEssentials can be installed directly on the mail server or be installed on a dedicated machine to create a low-cost appliance solution.

Blocking in the MTA has the advantage that no additional hardware is required. Also, the learning curve can be quite short, as the better packages just plug right into the mail server and need relatively little configuration. On the other hand, for the do-it-yourselfers running UNIX and sendmail, the learning curve can be just as long as you like.

Appliances are more commonly used by large and very large sites because they can handle extremely high volumes (millions of messages per day) and can be configured in redundant configurations so that no single failure will disable spam filtering. The appliances are basically high-quality PCs with custom mail software and special configuration front-ends. They are complex devices and generally require expert mail administrators to get the most out of them, although the vendors will configure and maintain them, for a fee. The very largest sites (AOL, Yahoo, Google and MSN Hotmail) essentially build their own custom appliances. Appliances will work in front of any MTA.

sendmail, exim, smail, qmail, postfix, PMDF MMDF, PP, Macintosh, Microsoft Exchange, Microsoft Windows, any (or many) MTA(s).

• [sendmail]: Sendmail, the most commonly found UNIX-based mailer, has information on spam blocking here.
• [sendmail]: sendmail MTAs which accept SMTP email from currently active POP clients should read details of POP before SMTP to avoid spurious relaying, or an alternative.
• [sendmail]: xmission.com have their own sendmail.cf rules to cause mail from named site to be returned to sender.
• [sendmail 8.8.2 and 8.8.3]: Wolfgang Rupprecht has supplied a routine using check_compat that can be used to block spam mail or prevent all third-party relaying.
• [sendmail]: Pete Ashdown has contributed a procedure for dropping spam mail. His procedure accepts the SMTP mail and then drops it during the delivery phase.
• [sendmail 8.8.2 and later]: Claus Aßmann has put together a very detailed write-up of using the check_* routines.
• [sendmail + compatibles]: Christian Alice Scarborough's perl5 package splam-2.0 [ Used to be called `ignore-spam' ]
• [sendmail + compatibles]: Ian Leicht's PERL5 package the NAGS Spam Filter can reject spam mail automatically, sending a rejection letter with details of how to get past the block.
• [sendmail]: another example of how to block spam
• [sendmail]: Dansie Spam Net is a commercial score-based filtering system for sendmail with perl. It is web-manageable and so suitable for hosted e-mail environments.
• [Sendmail]: ScanMail is a commercial general mail filter package, useful for spam and virii.
• [Sendmail]: E-mail Processing Agent is a mail server software add-in that controls incoming and outgoing, Internet and intranet e-mail to eliminate 100% of unwanted e-mails (including "spam").
• [sendmail/rbl]: MAPS is now Trend Micro Message Security.
• [Sendmail]: Milter-greylist is a sendmail milter that implements "greylisting" - refusing mail from never-before-seen hosts with a temporary failure. Legitimate mailers requeue and retry the message, while much spamware does not.
• [Sendmail]: The greylisting paper discusses greylisting in detail and provides a perl-based sample implementation of a sendmail milter.
• [exim/rbl]: If you can change your mailer from (e.g.) sendmail but need to keep the mailbox format (etc) unchanged, you may care to look at exim(overview) which is a ``drop in replacement'' for sendmail, a `next generation' smail, which can use the MAPS RBL to block spam domains from version 1.735.
• [smail]: Since 3.2.0.95, smail can restrict which addresses can relay email, e.g. `smtp_remote_allow = 194.64.4.*:194.163.56.*'
• [qmail/rbl]: If you can completely change the way email is processed, you may care to look at qmail. There is info on how to use rbl.
• [qmail]: Mikio Okawa's dynamail is a package for qmail that allows ordinary users to create temporary, access limited e-mail addresses.
• [qmail]: SPAMbaffle is spam filtering software which can be set up either by indiviaul users on a Qmail system, or by the system administrator. It filters based on email headers, the message body, and the MIME types or filenames of attachments, and can either drop or bounce messages that it catches, with customized bounce messages.
• [postfix]: Postfix, by Wietse Venema, installs with relaying and volume controls set to sane values by default; is under very active development to make controls for relaying easy to set correctly if the default values won't do, and difficult to set in such a way as to allow unauthorized relaying; and is supported by an extremely active users' mailing list (including active participation by Venema) that's extremely anti-spam.
[PMDF]: E.vanRhee@co.hvu.nl says that to block mail from hotmail.com, you need to edit the mapping file PMDF_TABLE:MAPPINGS (for VMS) or /pmdf/table/mapping (for Solaris and Digital Unix), e.g.

     SEND_ACCESS              *|*@hotmail.com|*|*    $N              *|*|*|*@hotmail.com    $N

• [PMDF]: As well as rejecting e-mail (at the SMTP or TCP level) from rogue sites, pmdf (from Process Software, available for VMS, Digital UNIX and Solaris) can be told only to allow a certain percentage of incoming calls from specified sites, providing some protection from mail floods.
• [MMDF]: Ed Hew's write-up on refusing email
• [PP AKA Isode Internet/X.400 Message Switch]: Details of how to block spam and relaying can be fond in IC-1103 Administrator's Guide: Message Handling Services
• [Macintosh]: It has been reported that CommuniGate and Stalker Internet Mail Server from Mill Valley, Calif.-based Stalker Software Inc. and the newly shipping Eudora Internet Mail Server 2.0 from San Diego-based Qualcomm Inc. can prevent spam relaying.
• [Microsoft Exchange]: GFI MailEssentials is a server-based anti-spam & email management solution for Microsoft Exchange Server and other mail servers.
• [Microsoft Exchange]: Open Relay Filter is a tool that prevents relaying through Microsoft Exchange servers.
• [Microsoft Exchange]: MSExchange.org is a site with anti-spam information for MS Exchange administrators.
• [Microsoft Windows]: Megaphat Philter is a Windows server-based product which uses DNSBL technology to block blacklisted spam.
• [Microsoft Windows]: Macallan Mail Solution is a Mail Server for Windows XP/2K that can determine the spam originator and send a mail to the organization that have been abused by the spammer.
• [Any]: The Spamhaus Project runs the SBL and ROKSO, a DNS-based blocklist that can be integrated into virtually any modern mailer, and a listing of repeat/unrepentant spammers.
• [Any]: BlackMail (old) can be used if your MTA cannot be made to filter -- it sits between your MTA and the outside world.
• [Any]: MailShield is a commercial program which blocks spam and relaying, and works with your current mail server.
• [Any]: Declude JunkMail offers spam control for mail servers, including heuristic spam detection, and can be configured separately for each domain or user.
• [Any]: Postini is an Application Service Provider (ASP) with a range of high-reliability e-mail services, including spam and virus filtering.
• [Any]: blq is a tool for querying DNS blocklists (BLs) from the UNIX command line, useful for figuring out why mail is bouncing.
• [Any]: Meridius Mail Relay is a dedicated mail server appliance with anti-relay and spam-blocking features.
• [Any]: SpamFilter is a proxy with simple DNS blocklist functionality that works with your existing mailserver.
• [Any]: Extensible Messaging Platform is a commercial SPAM filtering firewall server application. Protects SMTP mail servers from Internet SPAM, e-mail-borne viruses (including dangerous auto-launch viruses) and other objectionable content. Filters mail using complex contextual signatures (not simple keyword lists).
• [Any]: Mirapoint provides email security through intelligent anti-spam and anti-virus filtering with end user controls as to how to handle spam.
• [Any]: Symantec Brightmail Anti-Spam blocks spam for corporate customers and service providers, using accurate, effective and patented spam fighting technology.
• [Any]: CleanMessage can safely remove up to 98% of incoming spam so that it never reaches your inbox. Their SpamCheck Module protects against corporate productivity loss, infrastructure consumption, and liability resulting from unsolicited commercial email overload.
• [Any]: SpamRejection.com provides a comprehensive money back guaranteed spam filtering service for domains. With no hardware, software or maintenance required, this service is for organizations that prefer to outsource spam filtering for their domains.
• [Any]: Sender Policy Framework (SPF) is a mechanism for identifying authorized outgoing mailhosts for a domain. It doesn't really address spam directly; it is an attempt to stop domain forgery.
• [Any]: ITA Secure Messaging Server is a multi-pronged spam detection and filtering system for enterprises and ISPs.
• [Any]: ASSP is a mail proxy system for multiple mail servers on multiple platforms.
• [Any]: SublimeMail is a domain level spam filter preventing spam from reaching end-users mail boxes. There is no software or hardware to install. Simply point MX records to their server and their filters will eliminate up to 97% of all inbound spam.
• [Many]: SpamAssassin can be installed by administrators on a site wide basis; it works with SendMail, qmail, Postfix, MIMEDefang and other tools.
• [Many]: Hexamail Guard is a server side filtering tool that works with various Windows and Linux mail server packages.
• [Many]: CanIt is a UNIX mail server filtering tool which traps suspected spam for review.
• [Many]: Scanmail for UNIX is a program that blocks spam by keywords, phrases, addresses, IP addresses and networks.
• [Many]: Singlefin comprehensive message management is an external filtering solution.
• [Many]: Project UCEPROTECT is a spamtrap-driven blacklist and commercial (UNIX) blocking software.
• [Many]: Trimmail network appliance filters spam, dangerous content, and protects your e-mail server from being used as an open relay by junk mailers.
• [Many]: TMDA is an open source software application designed to significantly reduce the amount of spam (Internet junk-mail) you receive. It is a UNIX-based Message Delivery Agent; it does not work with Windows.
• [Many]: ClearMX filters, stops and eliminates 99.9% of unwanted email and viruses before before they reach your network. Free 15 Day Trial. Free Setup.
• [Many]: VircoM's Modus3 anti-spam solution catches 98.2% of spam and delivers 99.99% protection against false positives.
• [Many]: SpamCannibal is a perl-based tarpitting tool for Linux users.
• [Many]: OpenRBL is site to lookup IP addresses against multiple DNSBLs at once. It is not a DNSBL itself.
• [Many]: MailScanner is a spam and virus scanner for various UNIX mailers.

Spammers do more than spam

In addition to all of the bad things spammers do to your mailbox and Usenet, they are also dishonest and unethical. Spammers have been documented as stealing other site's domain names via forgery - both Reply.Net and Concentric Networks have been hit this way. Indeed, Outernet, Inc. was actually attacked by one such spammer.

12 Sep 2001 - Spammers are soliciting donations for relatives of the victims of the 9/11/2001 terrorist attacks on the USA. We at spam.abuse.net do not believe that any of these relatives will see any of that money.

The spammers have a new trick - they supply an offshore phone number that you are supposed to call to be removed. The call costs $2 per minute. Sometimes they play a tape directing people to CAUCE, in what appears to be an attempt to discredit us. See an example.

One trick the spammers tried is to set up fake anti-spam sites, or to forge e-mail from anti-spam organizations such as CAUCE. Neither CAUCE, as an organization, nor any anti-spammers, as individuals, are soliciting or accepting donations of money or any other valuable consideration. Another earmark of just such a forgery is use of a throw-away or invalid e-mail address. If you see a supposed anti-spam e-mail or a web site that is asking for money, it's a fake. Report it to your nearest anti-spammer and the National Fraud Information Center.

Spammers lie to their customers. For example, Quantum Communications claimed to Mass Music, an innocent customer, that they'd send a mailing to people who'd asked to receive info about new products and services, not to thousands of unwilling spam recipients. Now Mass Music's made thousands of new enemies who will never buy from them after to being spammed, due to Quantum's misrepresentations.

Another, similar, lie is to sell someone a mailing list and tell them that the people on it want advertising e-mail. Most of the time, the list is one of the same old spam lists that's been around five years. There are a very few lists of people who've signed up for ads, but they're small, targetted, anot not cheap. Any large list purporting to be of people who want any kind of advertising e-mail is a fraud.

Spammers also cheat their suppliers. A number of ISPs have admitted that many or most of their spammers never pay for their service. This is especially true with the spammers who use free trial accounts with a provider to send their spew. It's obvious in those cases that they never intended to pay.

Further, as the "Global Communications" 809 phone fraud shows, con-men and thieves are gravitating toward massive spams as a way to perpetrate their crimes. For more information on fraud and scams, see the National Fraud Information Center, Internet ScamBusters or the Commodity Futures Trading Commission.

Scamsters are spamming fake contest "entries" also. When one of them was called on it, they subscription-bombed the person who did it. See the whole story.

Another typical claim is to spam offers for "free" web pages. Peter da Silva has a list of legitimate offers of free Web space.

Recently, someone forwarded me a spammed web site registry offer. They claimed they had a list of high-profile customers, including The New York Times, Iams and Inc. I forwarded a copy to The Times and received a call early the next morning not only disclaiming a connection to the spammer, but letting me know that they were ordering the spammer to stop using The Times' name in their advertising. See The Times' follow-up e-mail to me. My correspondent contacted Iams - see their response - and Inc. - their response. In a final fillip, the spammer is now being investigated for fraud - false advertising.

Spammers are also not above inventing their own testimonials. The Cybertize E-mail home page includes a bunch of quotes. The first one, allegedly from The Internet for Dummies is, according the the book's author, a complete fabrication and utterly opposed to his actual opinion about spam, and we have our doubts about the rest of the purported quotes.

E-mail spammers are even damaging Usenet. See Peter da Silva's story about getting e-mail spams after posting to Usenet for a short while. The sort of activity he describes scares people away from participating in Usenet.

Lastly, chain letter spams are not just rude, annoying, and spam. If there is money exchanged, they're illegal in the United States according to the United States Postal Service. For the definitive word on "Make Money Fast" chain letters, see the MMF Hall of Humiliation. See also what other users are saying about MMF, and take a look at some information on Pyramid schemes on Usenet. Additionally, you can now report apparent tax fraud and schemes to make unreported income to the IRS. net-abuse@nocs.insp.irs.gov should be used to report them. Use hotline@nocs.insp.irs.gov to report threats against the IRS or its employees, attempted bribery, or any other attacks on the integrity of the tax system. Do not use it for general spam complaints, and especially do not use an automatic filter to send mail there.

Why is spam bad?

Q. Why do we get soooo upset when we receive E-mail which was not requested?

There are several reasons:

The free ride. E-mail spam is unique in that the receiver pays so much more for it than the sender does. For example, AOL has said that they were receiving 1.8 million spams from Cyber Promotions per day until they got a court injunction to stop it. Assuming that it takes the typical AOL user only 10 seconds to identify and discard a message, that's still 5,000 hours per day of connect time per day spent discarding their spam, just on AOL. By contrast, the spammer probably has a T1 line that costs him about $100/day. No other kind of advertising costs the advertiser so little, and the recipient so much. The closest analogy I can think of would be auto-dialing junk phone calls to cellular users (in the US, cell phone users pay to receive as well as originate calls); you can imagine how favorably that might be received.

The ``oceans of spam'' problem. Many spam messages say ``please send a REMOVE message to get off our list.'' Even disregarding the question of why you should have to do anything to get off a list you never asked to join, this becomes completely impossible if the volume grows. At the moment, most of us only get a few spams per day. But imagine if only 1/10 of 1 % of the users on the Internet decided to send out spam at a moderate rate of 100,000 per day, a rate easily achievable with a dial-up account and a PC. Then everyone would be receiving 100 spams every day. If 1% of users were spamming at that rate, we'd all be getting 1,000 spams per day. Is it reasonable to ask people to send out 100 ``remove'' messages per day? Hardly. If spam grows, it will crowd our mailboxes to the point that they're not useful for real mail. Users on AOL, which has a lot of trouble with internal spammers, report that they're already nearing this point.

The theft of resources. An increasing number of spammers, such as Quantum Communications, send most or all of their mail via innocent intermediate systems, to avoid blocks that many systems have placed against mail coming directly from the spammers' systems. (Due to a historical quirk, most mail systems on the Internet will deliver mail to anyone, not just their own users.) This fills the intermediate systems' networks and disks with unwanted spam messages, takes up their managers' time dealing with all the undeliverable spam messages, and subjects them to complaints from recipients who conclude that since the intermediate system delivered the mail, they must be in league with the spammers.

Many other spammers use ``hit and run'' spamming in which they get a trial dial-up account at an Internet provider for a few days, send tens of thousands of messages, then abandon the account (unless the provider notices what they're doing and cancels it first), leaving the unsuspecting provider to clean up the mess. Many spammers have done this tens or dozens of times, forcing the providers to waste staff time both on the cleanup and on monitoring their trial accounts for abuse.

It's all garbage. The spam messages I've seen have almost without exception advertised stuff that's worthless, deceptive, and partly or entirely fraudulent. (I include the many MLMs in here, even though the MLM-ers rarely understand why there's no such thing as a good MLM.) It's spam software, funky miracle cures, off-brand computer parts, vaguely described get rich quick schemes, dial-a-porn, and so on downhill from there. It's all stuff that's too cruddy to be worth advertising in any medium where they'd actually have to pay the cost of the ads. Also, since the cost of spamming is so low, there's no point in targeting your ads, when for the same low price you can send the ads to everyone, increasing the noise level the rest of us have to deal with.

They're crooks. Spam software invariably comes with a list of names falsely claimed to be of people who've said they want to receive ads, but actually consisting of unwilling victims culled at random from usenet or mailing lists. Spam software often promises to run on a provider's system in a way designed to be hard for the provider to detect so they can't tell what the spammer is doing. Spams invariably say they'll remove names on request, but they almost never do. Indeed, people report that when they send a test ``remove'' request from a newly created account, they usually start to receive spam at that address.

Spammers know that people don't want to hear from them, and generally put fake return addresses on their messages so that they don't have to bear the cost of receiving responses from people to whom they've send messages. Whenever possible, they use the ``disposable'' trial ISP accounts mentioned above so the ISP bears the cost of cleaning up after them. I could go on, but you get the idea. It's hard to think of another line of business where the general ethical level is so low.

It might be illegal. Some kinds of spam are illegal in some countries on the Internet. Especially with pornography, mere possession of such material can be enough to put the recipient in jail. In the United States, child pornography is highly illegal and we've already seen spammed child porn offers.

What is spam?

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send -- most of the costs are paid for by the recipient or the carriers rather than by the sender.

There are two main types of spam, and they have different effects on Internet users. Cancellable Usenet spam is a single message sent to 20 or more Usenet newsgroups. (Through long experience, Usenet users have found that any message posted to so many newsgroups is often not relevant to most or all of them.) Usenet spam is aimed at "lurkers", people who read newsgroups but rarely or never post and give their address away. Usenet spam robs users of the utility of the newsgroups by overwhelming them with a barrage of advertising or other irrelevant posts. Furthermore, Usenet spam subverts the ability of system administrators and owners to manage the topics they accept on their systems.

Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Email spams typically cost users money out-of-pocket to receive. Many people - anyone with measured phone service - read or receive their mail while the meter is running, so to speak. Spam costs them additional money. On top of that, it costs money for ISPs and online services to transmit spam, and these costs are transmitted directly to subscribers.

One particularly nasty variant of email spam is sending spam to mailing lists (public or private email discussion forums.) Because many mailing lists limit activity to their subscribers, spammers will use automated tools to subscribe to as many mailing lists as possible, so that they can grab the lists of addresses, or use the mailing list as a direct target for their attacks.