What Is Spam?

In the vast realm of digital communication, few things are as universally recognised and dismissed as spam. Often considered the junk mail of the cyber world, spam emails have evolved into a persistent issue for internet users, businesses, and online platforms alike.

The meaning of spam, in the context of cybersecurity, refers to any unsolicited and often irrelevant or inappropriate messages sent over the internet, typically to a large number of users, primarily for advertising, phishing, spreading malware, or other similar purposes. The term is most commonly associated with unsolicited email messages, but it also applies to messages sent via other electronic means, such as instant messaging, social media platforms, or mobile apps.

The fundamental characteristic of spam is that it’s unwanted, meaning the recipient did not grant permission to receive the content. As technology and communication channels have evolved, so has the nature of spam, making it an evolving challenge in the digital age.

Spam’s historical timeline runs parallel with the evolution of digital communication. As technology advanced and provided more communication channels, spam consistently found its way into those channels. Here’s a brief look at its history:

The term “spam” originates from an iconic Monty Python skit from the 1970s where a group of Vikings in a restaurant sings about SPAM, a canned meat product. The relentless and unavoidable repetition of the word “SPAM” served as a metaphor for the pervasive nature of unwanted electronic messages. This comparison took root in the early days of the Internet and soon became the go-to term for describing unsolicited electronic messages.

It wasn’t until 1978 that one of the earliest and most pronounced instances of spam was released. A marketer named Gary Thuerk emailed 393 recipients on the ARPANET (Advanced Research Projects Agency Network, the precursor to the modern internet) advertising a presentation for a new line of computers. This move was met with significant backlash, as it violated ARPANET’s acceptable use policy.

In the 1980s, as Usenet newsgroups became popular, they also became a target for spam. One infamous instance from 1994 involved lawyers Canter and Siegel, who mass-posted a message advertising their immigration law services. The action was widely criticised and is often cited as one of the major incidents that brought spam to the forefront of internet issues.

With the popularisation of email in the 1990s, spam found its most notorious outlet. By the late 1990s and early 2000s, spam emails became a significant problem, prompting the creation of software and filters specifically designed to combat them.

Due to the growing menace of spam email, several countries introduced legislation to curb it. In the U.S., the CAN-SPAM Act of 2003 established national standards for sending commercial emails. Despite these regulations, spam emails remained a challenge, but it also led to the evolution of sophisticated spam filters and other countermeasures.

While email remains a common medium for spam, the phenomenon has spread to other platforms, including instant messaging, social media, blogs, and mobile apps. Today, spam takes various forms, from unwanted SMS messages to unsolicited social media posts.

Over the years, as the internet landscape has expanded and diversified, so has spam. From a simple unsolicited email on ARPANET to sophisticated phishing campaigns on social media, spam remains a persistent challenge, reflecting both the opportunism and adaptability of its perpetrators.

As digital communication platforms have evolved and multiplied, the nature and variety of spam emails have expanded. While all spam is unsolicited and unwanted, the intent behind these messages can vary widely. Here’s a closer look at some of the most common types:

Spam Email

Perhaps the most widely recognised form of spam, spam emails involve unsolicited messages sent en masse to numerous recipients. These emails range from benign but unsolicited advertisements to malicious email scams containing malware or phishing schemes.

Instant Messaging Spam (SpIM)

Short for “Spam over Instant Messaging”, SpIM is the equivalent of spam email but on instant messaging platforms. Users receive unwanted and unsolicited messages, often from bots or compromised accounts. These can include promotions, advertisements, or links to malicious websites.

Social Media Spam

With the rise of platforms like Facebook, Twitter, and Instagram, spammers have found new avenues to distribute their content. This type of spam can be fake accounts, unsolicited direct messages, or spammy post comments.

Search Engine Spam

Spammers manipulate search engines to display particular content, usually of a promotional or deceptive nature. They use techniques like keyword stuffing, cloaking, or doorway pages to game the search algorithms and achieve higher rankings for spammy content.

Blog Comment Spam

Spammers often flood blogs with irrelevant or promotional comments to generate backlinks or lure unsuspecting users to malicious sites. These comments typically have little to do with the actual content of the blog and may contain links to unrelated sites.

SMS (Text Message) Spam

Like spam email but sent via text message, SMS spam often promotes dubious products, fake contests, or phishing attempts. With the prevalence of smartphones, this type of spam has seen a significant increase in recent years.

Call Spam

Often referred to as robocalls, these are unsolicited pre-recorded calls. They might be advertising a product, making false claims about prizes or lottery winnings, or even trying to scam the recipient.

Trackback/Pingback Spam

Spammers use trackbacks and pingbacks in blogging platforms to notify when one blog links to another. They abuse this feature to generate links to their sites, even if their content is unrelated.

Image Spam

To bypass text-based spam filters, spammers embed text (often advertisements or malicious links) into images. When a user receives a spam email, they might see an image that, when clicked on or viewed, conveys the spammer’s message or redirects to a malicious site.

In the face of this multitude of spam types, internet users must be vigilant, and businesses must deploy robust measures to guard against these threats. Each type of spam not only represents a potential annoyance but, in many cases, a cybersecurity risk as well.

Spam email, or Unsolicited Commercial Email (UCE), is unwanted and questionable mass-emailed advertisements. At its peak, spam email accounted for 92% of all email traffic, although most of the spam was non-malicious.

Spammers may purchase legitimate mailing lists, but more likely, they use web scraping to collect publicly posted email addresses across the web. Alternatively, they generate contact lists through permutations of names and domains, like firstnamea@gmail.com or firstnamea@gmail.com.

Since spam success relies on volume, spammers system-generate and email the same message to their entire contact list, expecting someone to click. Spammers sometimes add randomly generated phrases or words to the message to make each look different and fool automated email protection filters.

Spam email content usually promotes a product or service and provides contact details for recipients to place an order.

Spam and phishing emails both clutter our inboxes, but they differ fundamentally in purpose and risk. Spam emails are primarily promotional, often harmless, in showcasing products or services to a broad audience. Typically sent in bulk, spam’s main annoyance lies in its sheer volume, and the worst-case scenario might involve malware infections or minor financial losses.

On the other hand, phishing is a more conniving visitor. Phishing emails are crafted to trick recipients into revealing sensitive information. They may be finely tailored to mimic trusted entities, leveraging urgent calls to action to lure the unsuspecting. While spam email is primarily a nuisance, the consequences of falling for a phishing scam are more severe, ranging from identity theft to significant financial repercussions or even large-scale data breaches.

While spam and phishing are unsolicited emails that can pose threats, phishing is more targeted and often poses a greater threat, requiring heightened awareness and caution.

Recognising spam can be crucial in avoiding potential threats. Here’s a quick checklist to help you spot common characteristics of spam:

• Generic Greetings: Messages that use vague salutations like “Dear User” or “Dear Customer”.
• Unsolicited Attachments: Unexpected files or links from unknown senders.
• Misspellings and Poor Grammar: Errors in language, odd phrasing, or inconsistent formatting.
• Too Good to Be True: Offers that promise high rewards for little to no effort or investment.
• Urgent Action Required: Messages that pressure you with a sense of urgency, e.g., “Act Now!” or “Limited Time Offer!”.
• Mismatched URLs: Hover over any links without clicking. The displayed address should match the linked address.
• Requests for Personal Information: Unsolicited messages asking for personal or financial details.
• Unfamiliar Senders: Always be wary of messages from unfamiliar email addresses or phone numbers.
• No Unsubscribe Option: Legitimate newsletters or promotions should offer an easy way to opt-out.

Staying alert to these tell-tale signs can help you navigate your digital communications more safely and confidently.

Combating spam requires a multi-faceted approach tailored to the specific messaging channels. Here’s how you can fortify your defences against various types of spam:

How to Stop Spam Texts

• Enable Built-in Filters: Many smartphones now have built-in spam filters for messages. Ensure they are activated.
• Report Spam Messages: If you receive a suspicious message from an unknown number, report it to your service provider. Forwarding the message to the number “7726” (which spells SPAM) typically works in many regions.
• Be Cautious with Sharing: Avoid sharing your mobile number online when possible.

How to Stop Spam Emails

• Use Email Filters: Most email providers offer email filters that sort suspected spam into a separate folder, keeping your main inbox cleaner.
• Don’t Click on Suspicious Links: Even if an email bypasses filters, always be cautious. Avoid clicking on links or potential spam messages from unknown senders.
• Unsubscribe: If you’ve inadvertently signed up for a newsletter or promotion, use the “unsubscribe” link at the bottom of the email.
• Use a Separate Email: Consider using a separate email address for sign-ups or online purchases. This way, your primary email stays less cluttered.

How to Stop Spam Calls

• Register on Do-Not-Call Lists: Many countries offer national do-not-call registries, which can reduce the number of unwanted sales calls.
• Screen Your Calls: If possible, set your phone to only allow calls from your contacts.
• Use Call-Blocking Apps: Several third-party apps can identify and block known spam callers.
• Report Unwanted Calls: After receiving a spam call, report the number to your local authorities or telecom provider.

How to Stop Social Media Spam

• Adjust Privacy Settings: Ensure your social media profiles are set to private and customise who can send you messages or friend requests.
• Be Selective with Accepting Requests: Only accept friend requests or messages from people you know.
• Report Spammers: Use the report feature on platforms like Facebook, Twitter, and Instagram to notify them of spam accounts.

How to Stop Search Engine Spam

• Use Reputable Search Engines: Stick to well-known search engines like Google, Bing, or DuckDuckGo, as they have better spam detection algorithms.
• Install Ad-Blockers: These can filter out many unwanted or potentially malicious links from your search results.

While no method guarantees the complete elimination of spam messages, combining these strategies can significantly reduce the number of unwanted messages and calls you receive, ensuring a safer and less cluttered digital experience.

Preventing spam is about adopting holistic online behaviours and strategies to curtail the amount of spam received. Follow these fundamental prevention tips to minimise your exposure and vulnerability.

• Educate and Train: Regularly update yourself and those around you on the latest spamming techniques. Knowledge is the first line of defence.
• Secure Your Personal Information: Limit public sharing of your email address, phone number, and other personal data. Avoid entering your information into dubious online forms or contests.
• Use Multiple Email Addresses: Reserve one email for personal communications and another for online sign-ups, shopping, or public forums.
• Regularly Update Software: Ensure your operating system, web browsers, and security software are updated. These often contain patches for known vulnerabilities spammers might exploit.
• Implement CAPTCHAs: If you manage a website or online form, use CAPTCHAs. This prevents automated bots from submitting forms or leaving comments.
• Choose Strong, Unique Passwords: Using password best practices can prevent spammers from gaining access to your accounts. Consider using a password manager to help.
• Avoid Posting Personal Information Publicly: Refrain from openly posting your email or contact details on websites, forums, or social media platforms.
• Double-Check Privacy Settings: Review and adjust privacy settings to control who can contact you on social networks and other online platforms.
• Avoid Responding to Spam: Replying to or engaging with spammers, even unsubscribing, can confirm that your address or number is active.
• Utilise Network Firewalls: If you run a business or network, implementing a good firewall can filter out malicious traffic and reduce spam.

Integrating these preventive measures into your daily digital routine will significantly reduce your exposure to potential spam, ensuring a cleaner and more secure online experience.

Proofpoint’s comprehensive suite of tools and solutions arm organisations and individuals with a proactive, multi-layered defence mechanism against spam and other advanced cyber threats. Proofpoint Email Protection is the backbone behind many organisations’ security posture that helps prevent spam threats through various features and techniques, including:

• Reputation-Based Email Filters: Proofpoint’s Email Protection uses reputation-based email filters to identify known spammers and approve trusted senders based on their reputation. This filters out spam messages and allows legitimate emails to pass through.
• Advanced Machine Learning Technology: Proofpoint’s Email Protection utilises advanced machine learning technology, such as NexusAI, to accurately classify various types of email threats, including spam email. This ML technology adapts to new spam attacks as they appear, improving the effectiveness of spam detection.
• Granular Email Filtering: Proofpoint’s Email Protection offers granular email filtering controls to block spam, bulk graymail, and other unwanted email. Organisations can customise their email filtering settings to effectively manage spam.
• User Reporting and Awareness: Proofpoint’s Email Protection allows users to report received spam messages directly from the email itself. This empowers users to contribute to spam detection and prevention. Additionally, suspicious emails can be automatically tagged to raise user awareness and help identify potential threats.
• Content Analysis Techniques: Proofpoint’s Email Protection product employs unique content analysis techniques to identify spam email based on its content. These techniques enable a high catch rate and low false positives, minimising the delivery of spam emails.

Combined with Proofpoint’s Advanced Threat Protection, Targeted Attack Protection, and Security Awareness Training, organisations are well-equipped to mitigate spam messages and other cyber threats. To learn more, contact Proofpoint.