Home > Articles > Home & Office Computing

Email Basics

This chapter is from the book

This chapter is from the book


No discussion of email would be complete without a discussion of spam. Spam's official names are UCE (Unsolicited Commercial Email) or UBE (Unsolicited Bulk Email). Spam is known to most of us as junk mail. It is flooding the Internet with millions of messages that you don't care about and don't want. If you have an email address, it's inevitable that you'll eventually end up on a spammer's list.

The problem with spam is that there are so many people on the Internet that marketers discovered it was an effective way to target their advertisements. Pop-ups, pop-unders, banners, and cookies have surrounded our every Web move, like locusts on a grain field. These were just mere annoyances until spam started to flood our email boxes. The legitimate email advertisements from real companies were one thing—you could get off their lists. The illegitimate spammers are the ones who have created the monster.

These senders lie and cheat, and you can't even respond to them. The email headers are forged, and the ISPs do not really exist. Therein lies the problem. Without controls, chaos ensues. Spam is chaos on the Internet. SMTP, the email protocol, was never designed with the idea of cheats and liars. It was designed with the assumption that people would be honest. It was never foreseen as a problem; therefore, there was never a need to verify the sender's identity or location. Always remember that many of these solicitations are cons and scams.

Combating Spam

The Coalition Against Unsolicited Commercial Email Web site (http://www.cauce.org) puts the problem of spam in perspective:

The great economist Ronald Coase won a Nobel Prize talking about exactly this kind of situation. He said that it is particularly dangerous for the free market when an inefficient business (one that can't bear the cost of its own activities) distributes its costs across a greater and greater number of victims. What makes this situation so dangerous is when millions of people only suffer a small amount of damage, it is often more costly for the victims to go out and hire lawyers to recover the few bucks in damages they suffer. That population will likely continue to bear those unnecessary and detrimental costs unless and until their individual damage becomes so great that those costs outweigh the transaction costs of uniting and fighting back. And the spammers are counting on that: they hope that if they steal only a tiny bit from millions of people, very few people will bother to fight back.

In economic terms, this is a prescription for disaster. Because when inefficiencies are allowed to continue, the free market no longer functions at peak efficiency. As you learn in college Microeconomics, the "invisible hands" normally balance the market and keep it efficient, but inefficiencies tip everything out of balance. And in the context of the Internet, these invisible market place forces aren't invisible anymore. The inefficiencies can be seen every time you have trouble accessing a Web site, or whenever your email takes 3 hours to travel from AOL to Prodigy, or when your ISP's server is crashed by a flood of spam.

You can read more on the subject of spam at http://www.cauce.org/about/ problem.shtml.

Is the Internet Full Yet?

The biggest problem with spam is that it clogs up the Internet. From small ISPs to large companies, the strain is felt. It makes mail servers work harder than they need to, server owners need more server space than is really necessary, and the end users spend at least 5 minutes a day (and often as long as 20 minutes) sorting and deleting unwanted spam to find their real email.

Just to get a basic idea of the volume, let's take the example of a high-profile company such as AOL, for instance. It has around 26 million users, and if each of those users receives an average of 35 spam email messages a day, the total is 910 million spam messages systemwide. AOL stores messages on mail servers. If each of those 910 million spam messages are a nominal 5 K each, that would be almost 5,000 GB of information that AOL must store and manipulate each day. If this number continues to escalate, you have to wonder at what point does the system break down? How much can the Internet, even with its vastness, really hold?

At the "Block All Spam" Web site, Dick Lipton, a Georgia Institute of Technology computer professor, commented on this subject. He said, "If you plot the growth of spam on any reasonable chart, clearly at some point it will exceed the capacity of the entire Internet."

In a report released to the media, Ferris Research claimed that, in 2002, spam accounted for $8.9 billion in cost to U.S. corporations. Spam is growing. It is expected that this cost will rise. It's been estimated by various sources that spam growth in the last year has been over 100%, which seems to be a conservative number.

How Did the Term Spam Become Associated with Junk Email?

There is debate as to where the term spam originated. Two of the most likely places are:

An early Monty Python song, phrased as follows:

"Spam spam spam spam, spam spam spam spam, lovely spam, wonderful spam..."

This song is seen by many as an infinite recurrence of insignificant words.

A computer lab at USC (University of Southern California) in Los Angeles that coined the term from the meat by the same name, claiming they shared several of the same characteristics:

Nobody wants it or ever asks for it.

No one ever eats it; it is the first item to be pushed to the side when eating the entree.

Sometimes it is actually tasty, like 1% of junk mail that is really useful to some people.

Spammers' Tools

Spammers are an ingenious group. They have created a number of tools to track down email addresses. It's akin to cancer. The tools either creep along the Internet searching, bombarding email servers to try and figure out new email addresses or sending out spy messages to get some idea what you are interested in viewing and verifying your email address. New schemes will come, but the most tried and true are harvesting, dictionary attacks, and HTML mail.

Harvesting and Dictionary Attacks

There are various tools to harvest email addresses to use for more spam generation. The most common of the tools are Web-crawling bots (short for robot). These are also called spiders. They go from Web site to Web site, looking only for email addresses. They find them in Internet mailing list addresses in Web sites, on forum posts, in chat rooms, and elsewhere. Another spam tool are programs called dictionary attacks, which use various combinations of letters to compose and send emails to see what gets bounced back or what seems to be deliverable.

The Direct Marketing Associations Stance on Spam

The DMA (Direct Marketing Association), founded in 1917, is the largest business trade association interested in direct, database, and interactive global marketing. Its members include catalog companies, direct mailers, teleservices firms, Internet marketers, and other at-distance marketers.

In an April 30, 2003 press release, the DMA announced that commercial messages should not be sent when email addresses have been captured surreptitiously—a practice often called harvesting. In addition, the DMA announced its position against the practice of automatic algorithmic email addressing, also known as dictionary attacks, that spammers use in mass untargeted mailing campaigns or in order to ascertain live addresses.

According to The DMA, both practices constitute abuses to the right to send email legitimately and could ultimately undercut email as a valuable business and communications tool. The DMA's announcement was the latest move in its antispam campaign. In addition, the DMA is calling for bolstered law enforcement of current consumer antifraud laws, as well as federal legislation, among other things, to combat unscrupulous spam.

Legitimate Marketers Do Not Spam

The spam problem is caused by hucksters. "Even other vocal antispam advocates agree that legitimate marketers are NOT the problem," said H. Robert Wientzen, President and CEO of the DMA.

The DMA requires its members' email solicitations to represent the four pillars of reputable email:

Honest subject lines

Accurate header information that has not been forged

A physical street address for consumer redress

An opt out that works (opt is short for option, meaning, to give one the option not to be included in the mass mailings)

For more information on the DMA, go to http://www.the-dma.org.

HTML (Spy) Mail

Advertisers and spammers have come up with better ways to track the exact receipt and time a message was "viewed" (even if you simply opened it by mistake). When you download and open one of its emails, it in turn opens an image that it grabs from its host Web page. At the same time, it sends information about your actions and your machine. In effect, that email sends out information that can be cross-referenced by the sender to track who received the message, when they read it, how many times, and from what IP address. It's used by advertisers to intrude a bit more on your privacy. The spammers verify an email address as active, so they can make money by selling their email lists, which means even more spam will be sent your way.

SPAM Mail versus Opt-in Email

A user can broadcast or multicast an email message to users. These are legitimate and convenient ways to target messages to several people at once. There is a downside, too. It can also be used to illegally send unsolicited advertising junk email to millions of users without permission from the service-provider host.


Email broadcasts are when a single individual sends an email to all users on a network. It can be the best way for companies to send bulletins to all their employees. However, to simply blast out a broadcast to the entire subscriber base of a global ISP (such as AOL), it's both an amazing annoyance for everyone and explicitly forbidden by the service. It's illegal because it breached usability policies. (Unfortunately, this is rarely enforced because of the nebulous nature of spam-mongers.) Broadcasting complicates network traffic and, in some cases, has caused total network meltdowns. In the case of broadcast storms, when a broadcast message receives several responses and those, in turn, receive yet more responses, a snowball syndrome ensues, the effects of which can be catastrophic for a network mail server.

Multicasts (Narrowcasts)

Multicasts, also known as narrowcasts, are when users send email to a select group of recipients. Email lists are a terrific example of multicasting. An email list is a list of people who subscribe and look forward to receiving missives. Most email client applications support mailing lists and give you the ability to forward a single message to every recipient on the list. Sometimes, though, lists containing hundreds to thousands of email addresses are spammed with unauthorized advertisements that take up tons of network bandwidth.

Spam is Junk

A year ago, the estimate was that one in five spam "advertising" messages was from legitimate companies, but the other four fifths were pure junk or frauds. (This number has probably changed to something like one in ten.)

The legitimate companies offer a way to "opt out" of the mailing list. The spammers don't. Occasionally they have an opt out to try to look like a legitimate business. Their links either don't work or take you right to the site you are trying to avoid. As often as not, the addresses the email originated from are bogus, faked, or already closed accounts. The spam just wants you to go to a Web site. The Web site rarely has any information to contact anyone. More often than not, the Web site will, at the very least, plant a cookie on your machine and at the worst, a virus.

The Federal Trade Commission did a study that concluded that as many as two thirds of the email sent out are telling lies, and 96% of those offering ways for people to make money in business or investment are also frauds. Spam—including all those mail-order brides, miracle pills, and invitations to Web sites—totaled 6.7 million emails in the month of March 2003.

Spam Breakdown

On any given day, the typical Spam Junk mail breakdown can be as follows:

Chain letters, pyramid schemes, get rich quick—20%

Porn sites and sex-related solicitations—20%

Real product advertising—20%

Financial offers (refinance your home)—10%

Medicines, drugs, and quack remedies—10%

Figure 10.1 shows an example of an inbox filled with spam.

At least 20 states have passed laws outlawing spam. But how do you bring someone to justice if they are hiding behind spoofed IP addresses and forged email headers? Clearly, something needs to be done.

The Great Nigerian Scam Letter

The following is for those newcomers who have not received this infamous spam letter (or its newer variations) telling you that your name was purportedly given to someone in Nigeria and you were a "trusted person who can help." For some long-winded reason they have access to a large amount of money—usually around $20 million—that they need to get out of the country. You can help them. And to help them, they'll give you 10–20% of the money as a fee. Then the letter gets vague with off-the-wall and weird details. Anyway, one version of the scam works to convince you money will be transferred—by wire—into your bank account. You must get all sorts of wire transfer information, and soon your account is drained of whatever money you had. It's transferred out, not in.


What makes this interesting is that with spamming techniques, the con men do not have to spot a "mark" and target him or her anymore. Just try to scam everyone in the world and see what happens. This scam actually did begin in Nigeria and predates the Net. Apparently, real letters were sent out by hand with an elaborate package of documents. Care went into finding the right sucker. With spam broadcast mailing, this is no longer necessary. What this says to me is that quality con jobs are going to be a thing of the past, as Darwin takes over. The dumbest get ripped off instead of the richest marks.

This is urban folklore at its finest. The scam has moved from Nigeria to all over the place. (I actually doubt any Nigerians even do this scam anymore.) The last version I received was from a Mr. Nosa (no first name given). He is hiding out in the Benin Republic and has millions of dollars he needs me to help him get out of the country. Now the way this approach used to work is that you'd do a Google search of Benin and Nosa and find out there is some guy in Benin named Nosa who is famous, hiding out there, and loaded with dough. These days if you type this in, you get hit after hit regarding the Nigerian scam.

I'm impressed with the way the classic scam letter has morphed over time but still appreciate the original Nigerian scam where there is a crooked banker trying to move money out of Nigeria. I love the unique names of the supposed letter writers. My favorites include: Sandra SaviMBi and Joseph SaviMBi. SaviMBi is a popular name, apparently. Then there is Moses Mutolezi, Helen Khobi, Issa Gwazo (a personal favorite), Dan Ogaga, and Prince Tunji Abu, who apparently can type only in uppercase. Finally, I've received letters from Mahmud Daya, Prince Ahmadu A. Ahmadu (whose middle initial must stand for Ahmadu), and Dr. Francis Oputa. And a last mention goes to two identical letters from two different fakes; Dr. Thomas Okon and Dr. Raymond Okoro, both of whom were the "bank manager of Zenith Bank, Lagos, Nigeria."

Isn't the Net wonderful!

Dvorak Discusses Spam Killer/Blocker Software

The spam situation has worsened, and although people have advocated government intervention, this will just move the worst spammers offshore (where nothing can be done). This is an opportunity for some sharp operator to make money by doing real spam prevention with a good product.

Spamnix is rule-based filtering software (http://www.spamnix.com), and it works as a plug-in for Eudora. What makes Spamnix interesting is that it uses a set of open source governance rules to spot spam. These rules are based on a simple checklist that looks for features commonly found in the majority of spam. If you happen to get a newsletter that appears as spam because of forbidden features (e.g., ALL CAP headlines, unsubscribe comments, weird headers), you can simply put the newsletter in an exception file, and it comes through fine. From my experience, Spamnix manages to stop about 70% of incoming spam, although the company claims 95%. Still, 70% is quite good, and you can adjust the sensitivity levels of the system.

For more information, go to http://www.spamnix.com.

Spam Blockers, Spam Filters, Spam Killers

Filtering email is a hot topic because of spam. There are many different approaches to blocking spam. There is the strategy of filtering messages for specific content—email addresses or other types of data. There are whitelist or verification filters, where the sender of the email is checked. Another ploy is blacklists, which block known spam senders. Rule-based filtering evaluates a number of different patterns to try to "figure out" what is spam and what is not. Spam blocking is never 100% effective. Any type of strategy can also block a significant proportion of real email, as well.

Mail Bombs

Mail bombs are another example of email gone awry. A mail bomb is a massive amount of email sent to a specific person or system. The volumes of mail will fill up disk space on a server, or in the worst-case scenario, actually crash the server because it's too much for it to handle. Mail bombs have been used to punish Internet users who have angered someone for slights or wrongs—real or imagined. Most mail bombs are defused now with programs added to mail servers, such as Exim, an open source program.

Header and Text Analysis

Simple strings in headers, the subject line, or the body of the email text can be filtered. This is easy to do. Most email clients have at least this kind of filtering activated. The idea is good, but they often have a high false positive. (In other words, they identify real email as spam.)

Email Authentication

Email authentication is a method of blocking spam that requires senders of email to authenticate that they are the originators of the email. An email doesn't get delivered until the email server receives a confirmation from the sender. Once an email server has this information, it will deliver email from that sender as long as the sender continues to use the same email address. Should it change, the sender must reconfirm.

The problem is that this creates a barrier to communicating that some people really resent. The message, "reply to this to authenticate," that is required before your sent email will be received by the recipient has not been well accepted yet. Perhaps as the spam problem gets worse, this may become the only option.

Rule-Based Filtering

This is a type of filtering that looks at a large number of patterns and compares them with an incoming message. It ranks the email based on the number of patterns identified—so if there is too high a score, the email is deemed spam and disposed of.

Some scoring schemes are consistent—the use of forged headers and auto-executing JavaScript, for example, will instantly be deemed spam. Other rules are updated as the products change. As spam evolves, so must the rule-based filtering systems.



Spam-Smart Blocking

There are some proprietary spam-blocking techniques that have started to appear that use a combination of techniques blended together to make a dynamic smart-blocking option. This type of strategy was designed to block a polymorphic spam attack.

Polymorphic is a term that means a dynamic, rapidly changing variation. In a polymorphic spam attack, the spam can alter itself, making each version different from others that resemble it. This usually looks like a string of garbled letters. The polymorphic email will continually alter this string of letters with each email. The strategy to deal with these is to look at more information than conventional filtering—with dynamic features to change as the spam changes—combined with automatic rule updates, and other blocking filters.

Other Filtering Methods

One idea bandied about is the Bayesian probability models of spam. This is the idea that some words occur more often in spam, whereas other words are found in legitimate emails. (This is probably true, because none of my legitimate emails have ever arrived using the words "Russian bride" or "rock-hard all night" from any of my friends, business associates, or relatives.) A similar concept is Vipul's Razor, a collaborative spam-tracking database. It works on the theory that spam of a specific kind will come in at the same time in an avalanche. The filter will detect the duplicate messages. It will deliver the first but delete the rest.


This isn't very effective, given that most spammers use forged headers and email addresses, but it's a way to block known spam addresses. The idea here is to find consistent IP addresses, sites, or servers that are delivering a lot of spam and simply block all traffic.

Hand Filtering

Most people use hand filtering by reading each subject line and deleting the ones that appear rather spammish. Sometimes one may get opened in error, but for the most part, it works.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020