The Evolution of the Common Spammer
(suidae commercialii)

Spammers, or "direct marketers" as they fancy themselves, are abusers of the internet that send mass quantities of unsolicited commercial email for profit. As you may (or may not) be aware, spammers are well on their way to making email as a method of communication completely unusable; as of this writing, spam makes up approximately 78% of all internet-borne email traffic. Many pundits hypothesize that email will be nothing but spam within the next few years if nothing is done to stop spammers from operating.

ARPAnet

On May 3, 1978, an advertising executive named Gary Thuerk, then employed by the Digital Equipment Corporation, gathered a list of every ARPAnet email address he could find (which admittedly weren't all that plentiful in the late 70s), entered them into his email program, and fired away a message in support of DEC's support for ARPAnet. Of course, being an ad man, he made it read like a sales pitch. This angered just about everyone who received it, and rules against commercial use of email were quickly enacted for use on ARPAnet. This mostly ended commercial email on ARPAnet until the late 80s when ARPAnet gave birth to the modern internet. However, the damage had been done and Thuerk is generally considered the world's first spammer.

No one really followed in Thuerk's footsteps until the early 90s, at which time the internet was becoming much larger and much more unregulated, at least more unregulated than ARPAnet had been.

Internet Advertising

Spammers as we know them today first came into being on April 12, 1994, when the head of a Phoenix, Arizona-based law firm called Canter & Siegel named Laurence Canter wrote a short Perl script that would manipulate message boards on what few websites back then had them to post ads for the firm. The users of those message boards responded loudly and angrily. One of them suggested sending cans of opened, expired Spam to Msrs Canter & Siegel, thus giving spammers the name of their trade.

After 1994, spam took off like an ICBM. Thousands (at first) of money-hungry, unemployed email users now had something that would (in theory) bring them some money; advertising and marketing via email. To establish a "customer" base, these early spammers bought lists of email addresses from companies that were doing business on the web at that time, though most of their addresses came from harvesting them from Usenet newsgroups and websites using hastily-assembled Perl scripts.

Recipients didn't much care for having their inboxes filled with the electronic equivalent of paper coupon circulars that filled the mailboxes outside their dwellings, and they took to dissecting the headers of the spams they received and reporting the spammers who had sent it to the network or networks they had used to send the spam. For the first few years, this was a good tactic for shutting spammers down. The fact that so few people, if any, showed an interest in what the spammer was trying to get people to buy made it hard for them to have to jump from ISP to ISP as their accounts were cancelled for spamming.

However, complaining to ISPs eventually became a futile gesture as every ISP was inundated with complaints about spammers. Also, as the spammers increased in number and increased the number of spams they sent per spam run (typically anywhere from 10,000 to over 10,000,000, depending on the spammer and the resources available to him (spammers are almost exclusively male)), the more "customers" they gained. Since the internet has become ingrained in popular culture, it has been a haven for a large number of truly naïve people; these became the spammers' most saught-after email targets, and they still make up the demographic that keeps spammers in business. Spammers realise that probably 99.99% of their targets do not want their spam, but since email is so inexpensive and easy to send, they consider a spam run successful if the other 00.01% of targets actually gives them money for something (or, more commonly, for nothing or something that isn't what was advertised).

Modern Spammers

There are a number of recognisable types of spammers operating today. Here is a brief summary of them:

  • Professional
    These are the types that operate a spamhaus, which is a business that runs solely to send spam, usually as a contractor for another business that doesn't want to or doesn't know how to send spam themselves. Most of them are based in the USA, but use networks in China to send their junk because Chinese networks are interested only in the economics of receiving money from spammers and generally don't care if they're annoying people by the million. Famous names include Alan Ralsky, Scott Richter, Eddy Marin, and Bernard Balan, all of whom have either sued people for reporting them or been sued for spamming and/or a host of other charges ranging from fraud to tax evasion.

  • Spam gangs
    Spam gangs are generally groups of script kiddies that can't hack credit card fraud, so they take to small-to-medium scale spamming for profit. Most are based in eastern Europe and Russia. Generally harder to get booted off an ISP than a professional spammer due to multiple send points. These are the groups of people that release viruses that turn broadband-connected computers into spambot proxy servers.

  • Nigerian 419ers
    419ers take their name from the Nigerian Penal Code, section 419, which deals with the definition of fraud. Typically, a 419er will be based in an African or eastern European country (though not always, and seldom are they actually in Nigeria), and will send a formal-looking email purporting to be from some high-level government official, often in all capital letters, detailing an investment opportunity which will help to embezzle millions of dollars out of some corrupt dictator's coffers. It asks the receiver to hand over a bank account number to transfer it into. A very surprisingly large number of people fall for it and are subsequently scammed out of the contents of their bank accounts, or end up flying to some far-off place to meet their "connection" (the 419er himself), who predictably never shows up. Sometimes international authorities are there to meet the scammee instead. Reportedly, the 419er will sometimes show up to pick up the victim, only to take them somewhere to beat and rob them or even kill them.

  • Chickenboners
    Small-scale spammers that are often extremely easy to bust and are often very belligerent when confronted. A frightening majority of them don't realise that spamming is bad, and have to be punched in the nose, so to speak, before figuring it out. "Chickenboner" is caricature of the average spammer in the experience of most anti-spammers -- sitting in a darkened room in a trailer home at a computer desk, surrounded by empty beer cans and KFC buckets full of rotting chicken bones.

  • Phishers
    Phishers send spam that tries to look like it's from a well-known bank, eBay, PayPal, or any number of other places that deal with personal finance. The spams they send are forged to look like they come from (for example) Citibank, and contain a URL for the phishee to visit and enter their bank account number and PIN. Idiots often don't realise that these are spam and willingly give away their personal banking info, which are collected by the phishers and used to purchase a wide variety of goods and services. Phishers get their name because they're effectively "fishing" for credit card/banking info. The name is a product of convenience and doesn't actually involve the band Phish in any way.

  • Usenet spammers
    Mostly indistinguishable from any other type of spammer because they deal in the same type of spam, only they post it to newsgroups. Often email spammers post the same spam to any and all newsgroups their spamware can find.

  • Blog spammers
    The newest breed of spammers, who troll around search engines looking for weblogs, and then post spam in the blog's comments area. The problem has become so visible lately that there are a few plugins for the most popular blogging softwares (Movable Type and Greymatter) that goes through the comments and deletes any that match specific criteria, such as the words "enlargement" or "casino," or about 500 other matches commonly found in spam. From blog spamming came black hat SEO, which, as of this writing, is the latest form of evil marketing.

  • Others
    There are various other types of spammers, such as those that deal in SMS spam, IM spam, and résumé spamming. SMS spammers generally end up as such by sending spam to email address-formatted cell phone numbers (such as those offered by Sprint PCS), though there are some specialists out there that deal only in SMS spam because it's impossible to trace. IM spam is widespread for some people, though I personally have never received any. Bernard Shifman is the man who made spamming one's résumé popular.

Spammers use uniformly poor spelling and grammar, possibly due to their largely lower class ecomonic standing (at least for the non-professionals, many of whom have become quite rich, sadly enough), possibly because they just don't care about proper use of language. In either case, it makes dealing with spam that much more irritating. The majority of spammers use incorrect spelling to evade anti-spam filtering software, frequently inserting random punctuation marks into the middle of words, or adding strings of random letters to the end of every sentence.

Spammers like to form little clubs, too, such as The Bulk Club, or on a larger scale, the Direct Marketing Association, which dabbles in spam but claims legitimacy whenever confronted. In either case, spammers gather at these clubs (usually web-based message boards or email lists) and buy/sell lists of email addresses and spamware amongst themselves. Most of the smaller clubs are frequently infiltrated by anti-spammers posing as spammers to find out what the "next big thing" in spamming will be so they and their colleagues can formulate preventative measures.

Above all else, spammers have a penchant for advertising the most ridiculous things imaginable. This comes from their target demographic -- idiots -- so they tend to sell various genital/breast enlargement pills or schemes (though "clitoral enlargement" drugs haven't quite hit the spam market yet), "make money fast" schemes, "claim your free prize" scams, prescription medications without the prescription (which are reportedly the most illegitimate of all spam schemes), pirated software, porn, "premium imitation" Swiss watches, mortgages (would you get a mortgage from a total stranger who can't spell?), bogus weightloss schemes, pump and dumps, and all sorts of other really banal, stupid crap that no real person would possibly want or need. Members of the idiot demographic often become spammers themselves (after all, "effective marketing," as they are lead to believe, requires little skill), which is why the rate of spam has been rising so steadily over the past few years.

Because spammers are often very litigious, passing laws to prevent them from spamming is very difficult. There is a healthy pro-spam lobby pestering lawmakers at any given time, and so thus far very few anti-spam laws have been enacted. There are anti-spam laws in effect in the UK and the European Union, though based on this morning's sample of spam, they aren't doing much to stem the flow of spam originating from either of those places. The USA enacted the CAN-SPAM act, which really has no purpose other than making it harder for people to sue spammers for sending spam. Anti-spam activists refer to this law as the YOU-CAN-SPAM act, although most disregard it because any internet service provider worth its salt prohibits spamming and related activities in its acceptable use policy and/or terms of service.

Some spammers can be reformed and taught the error of their ways, but they are an extreme minority. As such, spammers will continue to evolve to defend against technological and legislative measures taken to prevent spam from clogging every network on earth. The worst part is that spammers will never understand how hated or unwanted they are -- they will maintain that they're just marketers trying to make a living, even on the rare occasions where they get busted and fined or sent to prison.

They will not stop even after they've filled the inbox of every email address with their sales pitches and scams. To a spammer, every single person that has ever used the internet is a potential customer (read: victim).

A set of rules to remember when dealing with spammers was gradually drawn up on Usenet over the course of the 1990s, which pretty much says it all:

  1. Spammers lie.
  2. If you think a spammer is telling the truth, see rule 1.
  3. Spammers are stupid.

 

Sources:

Personal experience fighting spam and spammers
http://news.com.com/2100-1024_3-5189340.html
http://cma.zdnet.com/texis/techinfobase/techinfobase/+jwo_qzWWsWWK_s+/cdisplay.html
http://online.wsj.com/article_email/0,,SB107930537384354969-IhjgINplaR3n5ypaX2HcKqDm4,00.html