| Legal Information |
|
If you have an e-mail address, the odds are massively in the spammers' favour that they've found you. The most basic definition of spam is unsolicited e-mail -- any e-mail sent to you that you did not request. This is deliberately a very broad definition, especially because spam is now a legal term!
A huge percentage of spam is badly written junk that most people would never consider opening. The usual reason for the poor quality of the e-mail text is because the spammers rely on specially composed e-mails to evade the first defence of antispam mechanisms.
If the e-mails do make it through, they're usually in a difficult to read format, meaning that most spammers rely on either greed or human error to get their e-mails opened and read.
Spammers send huge amounts of identical e-mails to as many e-mail addresses as they can. The reason for this is economies of scale. A spammer can usually expect less than 0.5 per cent of the e-mails they send to be opened, regardless of whether they're read or acted on. If an e-mail is simply opened, it's considered a positive response. Therefore, the more they send, the higher the amount of positive responses the spammers can generate.
Spam is such a growth industry that several companies have started to provide bulk e-mailing services. Normally, spam isn't quite as cut-and-dried as this. Some spam is explicitly malicious, such as e-mail borne viruses or malware. Some spam is annoying but harmless, such as the e-mails sent out by Amazon.com to let you know about their offers. Finally, some spam is malicious not for technical reasons but because of its aims,
Because of the huge amount of bandwidth required to send out millions of e-mails, spammers have taken to using hacker techniques. By accessing hacked machines connected to the Internet, spammers can illegally use the bandwidth allocated to those machines for their own use.
Basic spam, the type that simply offers you products and services from a usually reputable retailer, is little more than annoying. Spam has implications far beyond being annoying. The managed e-mail service company Brightmail released a study in January, 2004 that showed more than 60 per cent of Internet traffic was spam e-mail. The Internet as a whole would be noticeably faster if spam was eradicated right now.
One of the cleverest ideas someone had to make e-mail user friendly was to allow HTML code in the e-mail body. By adding functionality to e-mail clients to render HTML pages, flat text e-mails were suddenly brought alive with fonts, styles, formatting, and images.
Like most new ideas there was a downside, and the downside to HTML e-mail is significant. To understand why, it's important to understand how programmers write software for Microsoft Windows.
When Microsoft developed Windows 95, it created a system of reusable software components called COM objects. With COM objects, instead of every developer having to code their own engines to perform simple tasks, they could simply reuse Microsoft's COM objects (and their own). One of the available COM objects is the Microsoft Internet Explorer HTML rendering engine -- the piece of code that Internet Explorer uses to display Web pages.
Because all of the code to download and display Web pages was already contained in the Internet Explorer COM objects, nearly every software developer simply reused those objects when they needed that functionality.
It's no surprise then that Microsoft reused its own objects when it added HTML e-mail support to Microsoft Outlook. This is where the problem begins.
Internet Explorer suffers from a lot of security flaws. To be more specific, the underlying code in the COM objects used to create Internet Explorer's functionality has a lot of security flaws. Because those same COM objects are reused in other applications, such as Outlook, those applications suffer from the same flaws, too. This results in some nasty possibilities malicious spammers can take advantage of.
This reuse of COM objects is precisely why it's essential to keep all of your applications and your operating system up-to-date with security patches. Because you can't tell whether one application is using the COM objects of another without specialist developer tools, it's far too easy to lull yourself into a false sense of security after applying security patches to the operating system alone. Make sure you check for security patches regularly!
| Search Knowledge Base | Feedback |