![]() |
![]() |
![]() |
||||||||||||
|
Navigation: Home > Publications > Spam Final Report - What is Spam? |
![]() |
![]() |
![]() |
SpamApril 2003 |
What is Spam? |
Spam is the term now generally used to refer to unsolicited electronic messages, usually transmitted to a large number of recipients. They usually, but not necessarily, have a commercial focus, promoting or selling products or services; and they share one or more of the following characteristics:
Not all bulk email is spam. Bulk email would probably not be generally regarded as spam if it:
While spam has increased in prominence in recent years, growing from a minor nuisance to a significant problem, its existence actually predates the Internet. It has been the subject of discussion since at least 1975[1], with one of the first recorded instances of spam dating back to 1978, when the Digital Equipment Corporation (DEC) spammed ARPAnet[2] users about new DEC products. Probably the first major commercial spamming occurred in 1994, when two lawyers posted a message advertising their services to several thousand newsgroups (message boards) on USENET, the world's largest online conferencing system. Then, as now, the reaction to spam was overwhelmingly negative, although it was seen as an occasional nuisance and did not pose any real threat. There were even then, though, some instances where spamming was used to maliciously interrupt services by overloading email servers.
Today, the problem of spam has reached a point where it is having a significantly negative effect on users’ confidence in using email, and there are clear signs of a deleterious impact on the performance of the global email network. Some commentators are even predicting that the continuing proliferation of spam could mean the end of email as an effective form of communication. The United States Direct Marketing Association, long-term advocates of using legitimate bulk email as a form of direct marketing, acknowledge that email is being threatened by spam and have recently expressed their support for legislative efforts to control the growth of spam[3].
An agreed definition is important in making any anti-spam provisions effective. Internet service providers (ISPs) and regulatory authorities need to be reasonably confident of this definition before they enforce their terms and conditions or any regulations or laws against spammers, as do legitimate direct marketers who want to ensure their activities remain both legal and ethical.
For the purposes of this report, spam is defined as unsolicited electronic messaging, regardless of its content. This definition takes into account the characteristics of bulk email discussed above, and has regard to the opinions expressed in submissions to NOIE’s interim report.
Arriving at an agreed definition of spam is a potentially contentious issue, as the direct marketing industry, ISPs, spammers, blacklisters and privacy and consumer groups have their own interests and views.
The chart below is taken from the AC Nielsen.consult survey commissioned by NOIE, and suggests that pornography and ‘get rich quick’ schemes are the most dominant categories of spam.
Spam poses several challenges to both Internet users and regulatory agencies. It is typically anonymous, indiscriminate and global. With these characteristics spam has become a popular vehicle for promotions that may be illegal, unscrupulous or use tactics that would not be commercially or legally viable outside the virtual environment. A report to the US Federal Trade Commission (FTC) estimates that roughly half of all unsolicited commercial email contains fraudulent or deceptive content[4]. Some of the key issues raised by spam include privacy, illegal/offensive content, misleading and deceptive trade practices and burdensome financial and resource costs.
There are significant privacy issues surrounding the manner in which email addresses and personal information are collected and handled. It is not uncommon for address collectors to covertly harvest email addresses from the Internet, as users visit certain sites, and buy and sell them in bulk without the knowledge or consent of the owner.
There are obvious community and regulatory agency concerns with the illicit content of a considerable amount of spam - including those that promote pornography, illegal online gambling services, pyramid selling, get rich quick schemes or misleading and deceptive business practices. The indiscriminate method of distribution is of particular concern as it is common for minors to receive spam that is pornographic, illegal or offensive.
Spoofing is the forgery of an email header so that the message appears to have originated from an entity or location other than the actual source. Spammers may use spoofing to route spam through a reputable organisation in an attempt to entice recipients to open and respond to their messages. There are significant costs to the victims in terms of damage to commercial reputation as well as time and resource costs in rectifying this damage.
The dollar cost of spam is inherently difficult to estimate, but the following provides some appreciation of the orders of magnitude involved.
A European Union study in 2001 estimates that the worldwide cost of spam to Internet subscribers could be in the vicinity of €10 billion (A$18.4bn) per year[5]. A recent study from Ferris Research estimates that US companies alone lost US$8.9 billion (A$15.2bn) in 2002 and estimate that the cost of spam in Europe was US$2.5 billion (A$4.3bn)[6]. According to figures from Star Internet, a large Internet service provider in the UK, the cost to business in lost productivity is estimated at £326 (A$915) per employee each year[7]. Erado’s 2002 white paper on spam, viruses and other unwanted content estimates that annual cost of spam per employee is around US$1000 (A$1709)[8].
These sorts of costs are usually borne by Internet users (and/or employers), through increased download times and lost productivity. Spammers themselves, on the other hand, bear relatively small costs in sending these messages. Email costs do not scale like sending surface mail or making telephone calls - the cost of sending out a million emails is not significantly more than the cost of sending out a hundred. IBM’s Almaden Research Centre in 1998 estimated that it cost between $0.000082 and $0.000030 to send a single email[9], and data from the Global Internet Project site suggests that that it only costs the sender of spam 0.00032 cents to obtain one email address[10]. The extremely low cost of sending spam, meaning that even a ‘hit rate’ of below 1% can be profitable, is the biggest single factor leading to its growth.
The chart above shows that spam being received by ISPs is using significant amounts of bandwidth.
Assuming that the average email size is 5 kilobytes[11], a gigabyte of spam represents over 200,000 individual messages. Based on these estimates, the table above indicates that even the small ISPs surveyed may be receiving more than 4 million spam messages a month, and that the medium-sized ISPs surveyed may be receiving up to six times as many.
Data released by Brightmail Inc, a business specialising in anti-spam software and managed anti-spam services, indicates that spam accounts for 20% of all email. Recently the Gartner Group has estimated that 35% of all inbound business messages are currently spam, and that this percentage will reach 50% by 2005[12]
The chart above suggests that the majority of spam received by Australian ISPs originates from the United States. However, the actual percentages shown may be misleading. Research from the University of Maryland presented at the INET conference in June 2002 suggests that the US may be over-represented as a spamming origin because Eastern European and Asian spammers may be taking advantage of ‘open relays’ in the United States. Open relays are essentially non-secure email servers through which large volumes of spam can be routed, typically without the owner’s knowledge.
A 1999/2000 survey by the Australian based Coalition Against Unsolicited Bulk Email (CAUBE) estimated that Australia accounted for about 16% of all spam sent globally,[13]. In recent discussions CAUBE has suggested this percentage (although not the total volume) may have decreased significantly in recent years as the volume of spam from other regions, such as Asia and Eastern Europe, has increased.
Western Europe was not regarded by any Australian ISP as being the primary source of spam, possibly because of relatively strong European privacy laws which are currently being reinforced through an EU directive requiring a qualified opt-in for commercial email.
Whilst users will receive different quantities of spam depending on the availability of their email addresses, Internet use and security awareness, there is evidence to suggest that the average incidence of spam received by Australian Internet users is growing rapidly. CAUBE tracked the amount of spam received at their survey email address and found that spam grew in volume by a factor of six in 2001[14]. Brightmail is reported to have detected a 300% increase in spam from 2001 to 2002[15].
Apart from indicating an increasing population of spammers, or more aggressive spamming, this growth may be partly attributable to increasing Internet penetration in Australia, as well as a possible increase in the duration and frequency of online sessions and consequently greater exposure of Internet users to spamming.
This is certainly reflected across Australia’s business sector. According to the Australian Bureau of Statistics (ABS) Business Use of Information Technology Survey, Internet connectivity levels reached 72 % of all businesses at June 2002. This was an increase of 167% since June 1998.
Data from the previous year’s ABS survey estimated that 26% of all online businesses in Australia reported using the Internet for marketing purposes. This was a 221% increase over the June 1998 estimate and indicates that the demand for the specialist services of direct marketers will also increase as more and more businesses seek assistance in maximising the benefits of the Internet as a relatively inexpensive mass-marketing tool.
[2] ARPA, the Advanced Research Projects Agency, was created in 1958 as part of the US Department of Defense. ARPAnet enabled scientists and the military to share computer resources and collaborate on research projects. It was the network that formed the basis for the Internet.
[4] Report to the Federal Trade Commission of the Ad-hoc Committee on Unsolicited Commercial Email. http://www.cdt.org/spam
[5] Commission of the European Communities Unsolicited Commercial Communications and Data Protection: Summary of Study Findings January 2001 page 9 (Note: all currency conversions undertaken on 31 January 2003).
[6] “Spam Control: Problems and Opportunities”: http://www.ferris.com/offer/spam.html#report1. See also http://www.internetnews.com/IAR/artcle.php/1564761.
[11] Estimates of the average size of an email vary but are commonly in the range of 2 to 10 kilobytes.
previous page | table of contents | next page
Hint: Did you find what you were looking for? You can also try the A-Z list, search, site map or send us feedback on how to make this a better website. |
About - Contact - Feedback - Home - Links - Projects - Publications - Search - Site Map - Subscribe
All material © Copyright Commonwealth of Australia, 2002. All Rights Reserved.
Please note the disclaimer that relates to use of this site, and our site privacy statement.
Comments, problems with the site? Please report them to: webmaster@noie.gov.au
.