HOW DO SPAMMERS GET AWAY WITH
SENDING THEIR SPAM?
Being a spammer is not just a job,
it's an adventure. Everybody hates you, and nobody wants to let you send
your delicious spam. So what do you do?
You hide.
You hide behind fake email addresses. You hide behind
forged mail headers and other people's mail servers. You hide outside the
continental U.S. (which--for the most part--does not have many anti-spam
regulations) where it's harder to track you down. And all the while poor
netizens the world over are pulling their hair out in frustration or crying in
their beds at night over the sheer volume of your spam.
Spam is a major problem not only because of the annoying (and sometimes highly obscene) nature of the messages, but also because of the strain they put on mail servers the world over. Spammers account for up to 45-60% of the mail traffic that comes into our mail server here at ACD.net. That means that as many as 3 out of every 5 messages that comes into the server is junk, and wasting disk space, processor time, and bandwidth. Multiply this by the hundreds of thousands of messages we get each day, and that's a lot of spam!
So why doesn't anybody do anything
about it? Frankly, it's a very difficult task to undertake, as spammers go
to great lengths to hide their identity from both you and anybody trying to
track them down. They use fake email addresses (like
12581250125@hotmail.com), and recently have even begun using one of the
recipients as the sender (I've recently received mail that showed as being from
me!). Therefore any action
taken is both a network-wide operation as well as increases the stress on the
server.
To answer this question, one must understand what the spammer
is trying to do: send as much mail as possible while trying to remain as
discreet and anonymous as they can. In order to do this, they sign up for
free or very cheap internet accounts (quite often overseas) and dial into
them. Then they find mail servers that permit open relaying.
A relay is when a message originates from outside a network, and is given to a
mail server for delivery to an address that is also outside the network.
For instance, someone connected to AOL tries to send a message using Earthlink's
mail server to an email address at hotmail.com. That's a relay.
Many mail servers do not permit relaying by default, but a
large number of mail administrators (primarily for small offices and the like)
do not know much about anti-relaying, and do not protect their servers.
Service providers that service thousands or even millions of customers tend to
be more wary of it as it's a bigger problem for them.
When a server permits open relaying, that means anybody
anywhere can use that server to send mail to anyone they want. Most
Internet Service Providers (ACD.net included) require that a user be connected
directly to their network in order to use their server. This prevents,
say, a customer dialed into MSN being able to use ACD.net's mail server to send
mail. Unlike when you check for mail (which requires a username and
password), sending mail is anonymous by default, so your identity is determined
by the ISP you're coming from. If the network you're coming from is not in
the allowed list of senders, you cannot send mail. Most mail programs
support SMTP authentication, so if your ISP supports this feature (which ACD.net
does) you can configure your email software to send your username and password
to the server when you're sending mail just like you do when you check for
mail. This identifies yourself to the server as a user who can send mail,
even though you're not coming from an allowed network. Complicated, but
nifty.
"What happens when your server permits open
relaying?" you may ask. This is where the antispam authorities come
in.
Every time an email is sent, there is a log of what network
the message originated from, what the sender's email address is (this can
be--and is--faked easily), who the recipient is, and every server that processed
the message from beginning to end. This is called the Message
Header. Viewing the message headers varies by email software. For
instance, in Outlook Express, you right-click on the message in your Inbox,
select Properties, then click on the Details tab. In Microsoft Outlook,
you just right-click on the message and select Options. The headers are at
the bottom.