Glossary of Terms
Related to Spam
A program that searches web pages and
filters newsgroup postings looking for valid
email addresses to be used for spam
purposes. (See also
A statistical approach to determining
whether an email is spam, based on
probability inference techniques pioneered
by English mathematician Thomas Bayes.
Same as RBL (see
A feature of anti-spam software that allows
users to designate IP addresses, domain
names, and individual email addresses from
which no mail will be accepted. This is
sometimes called a "Static Black List"
because the user defines the list.
feature of anti-spam software that screens
text for rude words and isn't fooled by
various spam tricks, such as the replacement
of letters with look-alike numerals or
characters (such as "[email protected]").
Cascading Style Sheets (CSS), which are used
to control the display of web pages, in
order to conceal messages in spam. Spammers
can also use CSS to recycle old HTML-based
tricks that fool spam filters who don't
Denial of Service (DoS) Attack:
Where a hacker sends attachments or other
unusual or excessive traffic in an attempt
to bring down email systems.
A program that bombards a mail server with
millions of alphabetically generated email
addresses in the hope that some addresses
will be guessed correctly. This technique is
also used to crack passwords.
Directory Harvest Attack (DHA):
When a spammer bombards a domain with
thousands of generated email addresses in an
attempt to collect valid email addresses
from an organization. (See
also harvesting.) In order for this to
be a harvest, there must be a way to trick
the system into telling the spammer which
email addresses are valid and which are not.
This exploits flaws in the mail systems to
tell the spammer this information.
When anti-spam software fails to identify a
spam message as spam.
When anti-spam software wrongly identifies a
legitimate message as spam.
Senders who are not blacklisted (excluded)
(accepted) can be placed on a greylist. Some
anti-spam software can send greylisted
addresses an automated response, challenging
the sender to confirm their legitimacy.
...or items that are greylisted might be
dealt with more cautiously.
All email that a recipient does not consider
to be spam. (See also spam.)
The process of scanning the internet to
identify email addresses in order to create
lists for spamming.
A computer system on the internet set up to
attract and trap spammers and hackers.
Sometimes this is a mailserver set up to
appear to be an open relay. We use honeypots
in the form of email addresses that don't
belong to real people, and then spammers are
encouraged to spam these boxes.
Circa 1996, a Joe Job is spam run forged to
appear as though it came from an innocent
party, who is then generally flooded by the
bounces; or, the act of performing such a
run. Modern Joe Jobs involve forged email
headers and other nasty tricks to make it
really convincing. And with the advent of
dnsBLs like SPEWS (The Spam Prevention Early
Warning System) and peoples' personal lists,
a successful Joe Job can really hurt the
The process of removing email addresses from
a mailing list at the request of the
An email address set up to receive email
resulting from spam sent from a different
ISP. The spammer will cancel the account
from which the spam originated in an attempt
to avoid detection.
A technique to protect email addresses from
harvesting by changing them and rendering
them invalid. Recipients of an email from a
'munged' address are told how to decode it,
so that they can then reply to a valid
address. (See also
A method that a spammer uses to avoid
detection by anti spam software that
involves modifying an email header.
A technique that page-jackers use that trick
the user into visiting an illegitimate site,
and after doing so, when trying to leave,
they encounter only additional, unwanted
Spam: Uses a
faked standard email non-delivery report (NDR)
that a recipient will think is genuine,
tricking them into opening an attachment
that is spam. Spammers can send such an NDR
directly or make a legitimate server send it
for them, adding to its credibility.
Network Check (also known
as reverse DNS check):
When an anti-spam engine uses a Domain Name
System to check an email's IP address to
ensure that it originated from a valid
domain name or web address.
An electronic forum where readers post
articles and follow-up messages on specified
topics. Newsgroups are often targeted by
spammers seeking to harvest email addresses.
When spammers attempt to hide data to
prevent its detection. This also occurs when
obscure mailto links and email addresses so
that addresses remain readable and
clickable, but cannot be harvested. (See
An SMTP email server that allows the
third-party relay of email messages. The
relay feature is a part of all SMTP-based
servers and it has legitimate uses, but
spammers have learned how to locate
unprotected servers and hijack them to send
The process of agreeing to receive email
from a business source. Double opt-in refers
to a double-check procedure in which a
decision to be included on a mailing list is
The process of declining to receive email
from a business source or unsubscribing if
the recipient is already on a mailing list.
This involves stealing the contents of a
website by copying some of its pages,
placing them on a site that appears to be
legitimate, and having the contents indexed
by major search engines, so that
unsuspecting users can be tricked into
linking to the illegitimate site. (See
Pronounced "fishing," this involves creating
a replica of a legitimate web page to hook
users and trick them into submitting
personal or financial information or
This involves illegally breaking into the
telephone network to make free long-distance
phone calls or to tap phone lines. This term
is also used to include the act of breaching
the security of any network.
Software that spammers use to automate spam
campaigns, coordinate spam services, and
generate, send and track spam messages.
Real-time Black List (RBL):
A publicized list of IP addresses known to
be sources of spam, which can be used to
create a network blacklist to filter out
mail originating from these addresses. (See
All unsolicited commercial email (UCE) and
unsolicited bulk email (UBE) that a
recipient does not want to receive. (See
also CSS spam,
NDR spam and
A program that spammers use to harvest email
addresses from the internet.
An option in an online form that is
pre-selected by default, so that unwary
users opt-in to receive spam. It can also be
used to refer to a software filter that
blocks email addresses known to send spam.
When spammers forge an email address to hide
the origin of a spam message. Email scammers
and virus writers also use this trick.
Scammers spoof address lines to fool people
into thinking an email has arrived from a
legitimate source, such as an online bank.
Similarly, virus writers have passed off
viruses as security patches by spoofing
their origin as being, for example, from
Microsoft technical support.
The use of traffic monitoring to identify
remote IP addresses sending a suspiciously
large volume of email. Access to the mail
system from suspected spam addresses can
then be slowed or temporarily suspended.
Teergrube (or tarpit):
An intentionally slow server that aims to
trap spammers using harvesting programs.
A Web Bug is small graphic that is inserted
in an email or web page that alerts a
spammer when a message is read or previewed.
list of external email addresses, IP
addresses, and domains trusted by the entire
organization or individual users. All mail
from these addresses is delivered, bypassing
the spam filters.
Note: Just like blacklists,
there are four terms that map to analogous
black list terms:
RWL ? Real-time white
list. These are lists of IP addresses
that have somehow been verified to be
from a known good host. Often to be on a
RWL, companies will pay to be listed and
there may be a penalty if they do send
DNSWL ? same as RWL
Whitelist ? a
user-defined list of email addresses,
hosts, domains, subjects, etc.
Static Whitelist ? same
An insecure web server or computer that is
hijacked and used in an DoS Attack or to