Spam - What exactly is it?

In order to combat spam effectively it is necessary to define exactly what spam is.

Most people believe that spam is unsolicitied email. However, this definition is not entirely correct and confuses some types of legitimate business correspondence with true spam.

Spam is anonymous, unsolicited bulk email.

This is the descr i ption that is being used today in the USA and Europe as a basis for the creation of anti-spam legislation. Let's take a closer look at each component of the definition:

• Anonymous: real spam is sent with spoofed or harvested sender addresses to conceal the actual sender.
• Mass mailing: real spam is sent in mass quantities. Spammers make money from the small percentage of recipients that actually respond, so for spam to be cost-effective, the initial mails have to be high-volume.
• Unsolicited: mailing lists, newsletters and other advertising materials that end users have opted to receive may resemble spam but are actually legitimate mail. In other words, the same piece of mail can be classed as both spam and legitimate mail depending on whether or not the user elected to receive it.

It should be highlighted that the words 'advertising' and 'commercial' are not used to define spam.

Many spam messages are neither advertising nor any type of commercial proposition. In additon to offering goods and services, spam mailings can fall into the following categories:

• Political messages
• Quasi-charity appeals
• Financial scams
• Chain letters
• Fake spam being used to spread malware

Unsoliticited but legitimate messages

A legitimate commercial proposition, a charity appeal, an invitation addressed personally to an existing recipient or a newsletter can certainly be defined as unsolicited mail, but not as spam. Legitimate messages may also include delivery failure messages, misdirected messages, messages from system administrators or even messages from old friends who have previously not corresponded with the recipient by email. Unsolicited - yes. Unwanted - not necessarily.

How to deal with spam

Because unsolicited correspondence may be of interest to the recipient, a quality antispam solution should be able to distinguish between true spam (unsolicited, bulk mailing) and unsolicited correspondence. This kind of mail should be flagged as 'possible spam' so it can be reviewed or deleted at the recipient's convenience.

Companies should have a spam policy, with system administrators assessing the needs of different departments. Access to different unsolicited mail folders should be given to different user groups based on this assessment. For instance, the travel manager may well want to read travel ads, whereas the HR department may wish to see all invitations to seminars and training sessions.