How does spam mail work?

Spam mail is one of the most common cyber-attacks. Email services and users are conditioned to expect daily spam mail as most email services have a Spam Inbox that filters out spam.  Even its name comes from SPAM, the canned meat brand, for how ubiquitous it is. In fact, it takes up 90% of all email traffic. Although the sheer prevalence of spam mail may paint it as a merely annoying or mildly irritating, it has many more potentially damaging yet concealed effects.

            As it is partially legal in most countries, companies contract spammers to send billions of emails a day. Due to spam’s pervasiveness, many organizations have coordinated anti-spamming efforts. The most common anti-spamming technique is IP blacklisting. Spammer’s IP addresses are reported and then organizations like Spamhaus add these to a blacklist, allowing other services and companies to access the blacklist in order to prevent emails sent from these blacklisted IP addresses. To bypass this obstacle, spammers have implemented a malicious solution: botnets. A botnet is comprised of of many systems all controlled by one master system called the “botmaster.” A botnet on its own is legal; however, most spam botnets are composed of compromised systems and networks that other innocent and unrelated people own. In most cases, a botnet compromises a system through malware downloaded by the victim. Once a system is compromised, it will run stealthily in the background and most users do not even notice at all.

However, users may notice the side effects. The Internet will become extremely slow when the bot network is actively sending spam and the victim’s IP addresses may also be blacklisted on websites like Spamhaus, banning them or requiring them to pass a captcha (a “are you a robot test”) every time they enter popular websites such as Google. In addition, bot networks can also be used for more malicious attacks than spam mail, including DOS (denial of service) attacks which can shut down websites for extended periods of time. Even more maliciously, these botnets can even send victim’s personal data which range from email to banking details to the botmaster, leading to private information being leaked online either to publicly view or sold to hackers.

            While botnets and spam mail might sound intimidating, it is extremely easy to mitigate. As long as users do not download from websites that they do not trust and follow basic Internet safety protocols, it is impossible for a botnet to break into a system without individualized attacks, which are extremely rare. Taking steps to prevent these kinds of attacks is easy to do, but most people do not take these preventative measures. The prevalence of spam bots and botnets will only increase as more online users appear, but users can easily take preventative measures to stop any kind of botnet invasion and stay safe online.