Spambot Beware

Glossary of Spam Related Terms

(This is a part of the Spambot Beware site)

Warning: this page was created a long time ago and parts may be very out of date!

Access logs
Acceptable Use Policy (AUP)
Common Gateway Interface (CGI)
Dialup/dialin connection
Headers
Internet
Internet Service Provider (ISP)
IMHO
LART
Multi-Level Marketing (MLM)
News.admin.net-abuse.email (NANAE)
Nuke
Opt-in and Opt-out lists
Realtime Blackhole List (RBL)
Robot, spider, webcrawler

robots.txt
Signal to noise ratio
Spam, bulk email
Spambot
Spamfighter, white-hat
Spamhaus
Spammer
Spammer hunting, spam hunter
Spamnest
Spamware
Whack-A-Mole
Unsolicited commercial Email (UCE)
Usenet
World Wide Web (WWW)

Access logs are files that are created by a web server whenever a page from a site is requested. Most follow a common format that lists the date and time of the request, who made the request, which page was requested, and the result of the request (usually "OK" or "File not found"). Some servers also add another very useful piece of information - the referring page: that is, which page the user "came from". A lot of ISPs will let their users look at the access logs. These logs are not only a useful tool for web site statistics and maintenance, but in tracking spambots as well. See the section on detecting spambots for more.

Acceptable Use Policy (AUP)

An AUP is a policy statement, made by an ISP, or any company that has customers, in which the company sets out it's "rules" for use of the account. A good AUP will clearly state that not only is spamming not allowed, but will spell out the punishment for doing so. Check out this list of Sample Acceptable Use Policies.

Common Gateway Interface (CGI)

Common gateway interfaces are what allows web pages to be truly interactive and dynamic. They allow programs to run on a machine, and usually produces some unique output back to the browser. This instills a great deal of intelligence to your web page, and is an important tool for fighting spambots. Not all users have access to cgi. Consider switching ISPs if you don't! Follow the link at the end of this sentence to learn more about The Common Gateway Interface

Dialup/dialin connection

Often referred to as simply a "dialup", a dialup connection is the main way that a spammer connects to the Internet, usually by using some unwitting ISP. It is called a dialup because the connection is made over the phone lines, and the spammer must dialup the ISP to make a connection.

Headers

Headers are the part of an email that most people do not see. Headers contain not only the "Subject:" line, but a complete list of the path that the email took along various machines on the Internet to reach it's destination. Learning to decipher headers is a major part of becoming a spam hunter, because the spammer will usually try to forge, conceal, and mislead with the headers.

Internet

The Internet is a collection of networked computers all over the world. A capital letter "I" at the beginning of the word is used to distinguish THE Internet from A internet. The World Wide Web (WWW) is a part of the Internet, but is not the Internet itself. The Internet has many parts besides the WWW, such as email, ftp, and usenet, although a lot of these are fuzzy and tend to mix together nowadays. Basically, anything that uses TCP/IP is probably a part of the Internet. This is a very rough definition. If you have a better one, let me know!

Internet Service Provider (ISP)

An ISP is a company that provides a connection to the Internet, usually by a dialup connection. ISPs range from the huge (AOL, Compuserve) to thousands of smaller, local ones. Good ISPs have an AUP to discourage abuse of their network and the Internet by spammers. Spammer hunting often results in a spammer losing their account with their ISP, forcing them to get another, or to see the light and stop spamming.

IMHO

Short for In My Humble Opinion

LART

Short for Luser Attitude Adjustment Tool, as in "The spammer was sharply LARTed right away and lost his account."

Multi-Level Marketing (MLM)

A scheme in which you sell products, and enroll people under you who sell products and enroll people under them, and so on is known as multi-level marketing. Although not illegal, and may in theory work, this common type of spam is always a bad opportunity at best and a fraud at work. Although there are a few successful multi-level marketing companies out there (Amway, Mary Kay), notice that they are not the ones sending you spam.

Nuke

Nuke refers to an ISP cancelling a user's account. A nuke is a victory - score one for the good guys.

News.admin.net-abuse.email (NANAE)

The news.admin.net-abuse.* newsgroup hierarchy is used to report net-abuse, of which spam is undoubtably the largest one. Spam hunters often post to the newsgroup news.admin.net-abuse.email. For learn more about these newsgroups, please see The Net Abuse FAQ.

Opt-in / Opt-out mailing lists

An opt-in mailing list is the one most people encounter on the list. You sign up, then start receiving mail from the list because you asked for it. Opt-out, on the other hand, sends the mail to you first, then gives you the option of not being on the list, usually by a so-called "remove" request. Some spam claims to be opt-in, but it never is. Opt out is like getting subscribed to a new CD club every day, unannounced, then having to take the time to unsubscribe to every one so that you do not get billed for CDs you did not order.

Realtime Blackhole List (RBL)

The Mail Abuse Protection System (MAPS) Realtime Blackhole List (see http://maps.vix.com/rbl/) is a "system for creating intentional network outages for the purpose of limiting the transport of known-to-be-unwanted mass e-mail." Basically, it's a means to persuade ISPs to change their systems to make them less easy to abuse by spammers.

Robot, spider, webcrawler

A robot, also known as a spider, crawler, or webcrawler, is a program that traverses the World Wide Web, and gathers information. Robots were originally used to gather information for search engines. Indeed, most robots are still of this variety, However, a new brand of "evil robots" has arrived on the scene - known as spambots. Spambots have taken the traditional, harmless ideas of robots and warped into something else. Information about robots can be found at The Web robots FAQ

robots.txt

Robots.txt is a file that is intended to be read by robots as they enter a site, and tells it "how to behave." It is beneficial for the robot, and for the site, for a robot to follow the rules given in the robots.txt file. Spambots in particular do not always use the robots.txt file, which can be used as an advantage in defending a site. For more information about the robots.txt, see the Robots Exclusion page.

Here is an extremely basic robots.txt that tells all robots to avoid everything in the cgi-bin directory:

User-agent: *
Disallow: /cgi-bin/

Signal to noise ratio

Signal to noise ratio refers to how much relevant content (signal) something has as opposed to non-relevant content (noise). The term is from radio, but can also be applied to newsgroups. The "signal" in a newsgroup is regular postings which are on-topic. The "noise" in a newsgroup is everything else that does not help contribute to the purpose for which the newsgroup was created (i.e. a mutually beneficial discussion about a certain specific topic). Note that spam postings are not the only noise: off topic-postings, flames, "posting tests" and other things can also be defined as noise. Generally, however, nothing has lowered the signal to noise ratio in all of usenet like spamming has. :(

Spam, bulk email

Spam originally meant to post many off-topic and inappropriate postings (mostly commercials) to a newsgroup(s), making it hard to read by lowering the signal to noise ratio. The term spam, of course, is the product manufactured by Hormel, Inc. It came to it's current meaning because of a skit by Monty Python's Flying Circus in which a group of Vikings begins singing "Spam, spam, spam, spam.." and drowning out anyone else who was trying to talk in the area.

Spam has also come to mean unsolicited commercial email (UCE) which is also known as bulk email. Spam has a much nicer ring to it, as well as being able to create nice words such as "spammer" and "spambot."

Side note: The name "spam" is actually a trademark of Hormel, Inc. but they seem to not mind others using it, as long as you keep it lowercase. See http://www.spam.com/ci/ci_in.htm for Hormel's official statement on the matter.

P.S. Spam is short for "spiced ham." :)

Spambot

A spambot is a robot that specializes in gathering email addresses for a spammer to use. It basically follows links and saves any email addresses it finds as it goes along. A spambot usually gathers emails from the web or from usenet, but may also gather it from other sources.

Spamfighter, white-hat

The good guys, i.e. those who are actively doing something about the spam problem, by spam hunting, legislative efforts, spreading good information, etc.

Spamhaus

Spamhaus is yet another play upon the word "spam": it is used to refer to a site (company) that is not just spam friendly, but actively produces spam. Usually the label is only applied to sites that not only know they are producing spam, but are not doing anything about it.

The plural of spamhaus is spamhäuser.

Spammer hunting, spam hunter

A favorite sport among many people is spammer hunting. It begins when you receive a piece of spam in the mail. Instead of deleting it, spam hunters track down who sent it, and take action, usually resulting in a loss of account for the spammer. Some have even won lawsuits against spammers. To learn more, please see this Stop Spam FAQ.

Spammer

One who spams. Usually some desperate yet misguided individual who has bought some spamware (probably from a spam) and is under the completely wrong impression that money can be made from spamming.

Spamnest

Yet another derivation of the word spam, indicating a place (e.g. company) that produces spam. Think of a really annoying nest of bees.

Spamware

Spamware is any kind of basically spammer software. Spambots are a type of spamware, as is the software the spammer uses to send the mail. Often these are integrated into one package.

Unsolicited commercial Email (UCE)

See spam

Usenet

Also known as "news", "newsgroups", or "discussion group." Usenet is a huge collection of newsgroups about every and any topic you can imagine. Once a person posts to a newsgroup, it is transmitted to news servers all over the world for other people to see. Spammers often extract email addresses from newsgroups, so many people have stop using usenet or hide their email when posting.

Whack-A-Mole

Whack-a-mole is an action where a spammer, having gotten nailed on one account by an ISP, goes and immediately gets another account from which to spam. The name refers to the arcade game where you hit little moles that keep popping up out of holes as you bash them with a large, soft mallet.

World Wide Web (WWW)

The World Wide Web is a part of the Internet. It started out as a small part, but has grown to be the largest. The World Wide Web generally refers to the collection of hyperlinked web pages. Like most internet definitions, this one is quite fuzzy and full of exceptions.

Spambot Beware: Main page <> Detection <> Avoidance <> Harassment <> Glossary

Written by Greg Sabino Mullane (greg "at" turnstep.com). Last update March 30, 2003.