Where Does Spam Come From?

Posted 06/15/2011 at 12:38pm | by Rachel Swaby, Gizmodo

3

Comments

Print

Typically our electronic exchanges flow from person to person, one real email address to another. But the sad fact is, the vast majority of messages sent don't have anything to do with managing relationships, workloads, or weekend plans. Spaaaaaaam!

According to Dave Marcus at McAfee Labs, 80-90 percent of email floating between servers is spam. Luckily, much of what's aimed for us is deflected. Email programs employ filters to direct messages with suspicious links and attachments away from our inboxes, which is good because these messages have the potential to infect our computers or dupe us into coughing up personal information.

We know all this.

But there's another flavor of suspicious email that doesn't betray its malicious intent as openly: the single line of gibberish. Is it an email verification technique? Is there something coded into the message that could harm my computer? Did someone let their two year old loose on the Internet? So we decided to look into it. What are those nonsensical emails trying to do to us anyway?

In order for spammers to even attempt something nefarious, they need to reach an actual human. No brilliant Facebook imitation email will do any good without a real person with a Facebook account entering in their information. So step one in any would-be scam is to verify that an address leads to a pair of eyes.

Sure, an email that bounces back to the spammer didn't make it to a real recipient. But spam folders hide a lot of email from our eyes that don't get bounced back either. So a non-ricocheted message doesn't guarantee a human either. Man, spammin' is so hard!

The sender also doesn't get any information if you just open an email—thankfully, reading a note doesn't ping the spammer with a "verified account" message. In fact, the only way for a sender to get a receipt is to request one. Some mail programs allow senders to add a receipt request to a message, which—only if you decide to play along—will notify the sender that you got their mail. That would be the most obvious set up, um, ever. Hey, can you click this box if you opened this message because I'd like to steal your identity. Yes? Rad!

What the nonsense message is likely fishing for is a reply—something like, Hey, your message came through garbled. Is there something I can help you with? At least that's what Dave Marcus from McAfee Labs thinks is up. "They could be testing out the company's spam filters, but I think they're just looking to get you to respond to it." A response means a real person. Most likely, spammers are hoping for a holler back from the uninitiated—the ones that worry an important message was damaged in the mail. Hey, it happens in real life...

Spam Bustin'

If you're getting emails that contain nothing but gibberish, feel free to ignore them. The message will remain benign unless you play along. But for taking on spam as a whole, here are a few tips to keep you safe and your inbox clean:

1. The email program you use matters. "Gmail is really good at filtering spam email out," says McAfee's Dave Marcus. Hotmail, not so much. It's all about the algorithm.

2. Recognize that current events are used as lures. "When there's a high interest news event, spammers will pretend to have videos with bin Laden getting shot," says Marcus. "When you click through, malware will be installed or the site will drop a bot on your machine." The aim is identity theft.

3. Don't open unsolicited emails. If you abstain completely, you wont be tempted to click on some awesome-sounding-but-evil link or attachment.

4. Type links directly into your browser instead of clicking them in-email. If an unknown sender floats you a link for Japan relief aid, you're better off just searching the same thing in your web browser. At least then you're in the driver's seat.

Gizmodo is the world’s most fun technology website, focused on gadgets and how they make our lives better, worse, and more absurd.