What is Spam?


1. A brand of ham based canned meat product.
2. Unsolicited and bulk messages sent on any digital form of media, generally referring to email.

We touched on spam briefly in our introduction to email security, but at this point it will help to inform you why and how it is so critical in the fight against cybercrime and for more secure use of email. Knowing that email is often the preferred entry point for criminals, we can dissect spam and see it for what it is.

Spam, junk mail, unsolicited commercial email (UCE) is something that every mailbox receives. On a daily basis your inbox will be targeted by some of the roughly 100 billion spam emails sent per day the world over. While technically spam must be bulk and unsolicited, the term is often used to refer to all unsolicited emails.

How You Get On Spam Lists

Your address can get on spam lists in so many ways. Take it as a given that it already is.

Your data can be scraped, stolen hacked, guessed, sold, resold, and more. You might have a Yahoo email address – those were ALL breached between 2013-2016. Your business email is possibly public on your corporate website or Linkedin profile, or can be easily inferred from various common combinations of first names, last names and so on. Maybe a friend got hacked and their address book was downloaded.

Spam Goes Malicious

If you remember, we said at the beginning of this email security awareness guide that spam was originally pretty harmless. Aside from being a real drain on productivity, processing power and overwhelming internet connections, it wasn’t going to do that much damage, outside from a romance scam or bad pills. The large payoff was always a transfer of funds, or the classic Nigerian Prince fraud, for which very few people fall. It was these unwanted emails that precipitated the development of basic spam filters, simply to try and help keep inboxes clean.

In the 2000’s spam became more sinister with ILOVEYOU and other large scale viruses began to spread via email. Spam became a treacherous minefield, with a wide variety of threats waiting to unleash havoc on the un-cyber-aware. If that sounds dramatic, it’s because it is – each threat evolves into more complicated, more sophisticated and more targeted email risks, leaving all email users more vulnerable as a result.

When Bill Gates said in 2004 that spam would be eradicated by 2006, he was at least pointing in the right direction. With regards to spam being eradicated – he was really wrong. It still makes up a huge percent of all email sent and presents a significant threat. Where he wasn’t that far off was that greater than 99.9% of spam email is caught by filters, and only a very small number of unsolicited emails will ever be seen by the end user. In the grand scheme of things we’ve nearly eradicated spam from ever reaching those who are protected, but the small amount that gets through is very sinister. The reason less than 1/1000 spam emails get through (to the protected) is thanks to the continued evolution of the spam filter.

How Spam Filters Work

Your spam filter takes care of over 99.9% of unsolicited emails.

Spam filters look at all the elements of an email and will assess the risk each holds based on data points of billions of messages. Criteria can include:

  • Servers or email hosts that have been previously flagged, which filters out a majority of spam in a “Usual Suspects” kind of way
  • Sender sending out a huge volume of messages simultaneously or has been flagged previously
  • Keywords, whether in subject line or body that are strongly linked to spam
  • Links to malicious websites
  • Sending of attachments that contain malware
  • Customized blocked lists or other tactical measures that specify emails to be filtered or blocked

Purpose-built artificial intelligence has made it possible to sort through billions of data points in real time and rapidly classify messages that are likely to be spam. These algorithms are remarkably accurate, very rarely creating false positives where an email that is not spam is quarantined.

Why Can’t Spam Be Completely Eradicated?

To eradicate spam completely we would need to address the incentives.

Simply put, there is too great of a payoff for bad actors, and it is incredibly inexpensive to send email on a large scale. Think of other situations where pirates, criminals or miscreants can otherwise take a small amount of resources and loot outsized gains while the cost of protecting every single one of their targets is simply prohibitive. On top of this, there is no clear legal framework in place that enables regular international cooperation to address this sort of incremental “micro-crime”.

Thus, criminals find a life of spam inordinately attractive, in part because it carries far less risk than being a pirate, street criminal or hold-up artist. This is so attractive that even whole “rogue states” get in on the act, with North Korea often rumored to be one of the major distributors of ransomware throughout the world. In the case where rogue states don’t apply, inconsistency and misapplication of the law continues to allow spam to run riot the world over.

The Other Unsolicited Emails

The reason email security requires more than a spam filter is because there is one other category of unsolicited email that is much harder to prevent. These can be phishing emails and cyber-assisted fraud, where the attacker will research the subject and be emailing the target individually. These attacks require protection against advanced threats to be stopped and solutions designed to specifically fill this purpose.

Before we get into other tools at your disposal, it is worth introducing the types of email attacks you need to be looking out for, to then help you understand what the tools are protecting you from and what role your email security awareness will play.

Prefer to take our email security
program by email? Subscribe here: