SPAM is, of course, the brand name of a canned meat product manufactured by Hormel. However, in Internet parlance, spam is essentially an unsolicited e-mail of a commercial nature, or UCE. A message can be considered UCE or spam if it is not explicitly requested by the recipient.

There are many ways that spammers can get valid e-mail addresses. This list shows only a few of the most common ways a spammer may get your address:

• They buy your name from a list: Junk mail and targeted e-mail lists have been around almost as long as the Internet itself. For as cheap as $100, anyone can buy a list of over 11 million addresses. These lists are created by unscrupulous website owners and online stores that "share" their customer information for some money. As you can imagine, it is impossible for spammers to identify your personal taste or interests when sending messages to such a large group, so a "shotgun" mailing is sent out with product offers, get rich quick schemes, and adult porn sites mailings. The worst part about this? They are sent out to all 11 million names, including you!
• Opt-in Lists: These lists are developed by partnering with legitimate websites which make you check "Don't send me offers" as part of registration for their services. Sooner or later one of the boxes will escape your attention, and then you're added to an opt-in list. Many opt-in lists are legitimate and will honor your removal requests, but for every one legitimate list, there are three that are not, and it only takes being on one or two opt-in lists to eventually generate a mountain of spam in your inbox.
• E-mail Extractors: Spammers use these programs to scour the web including forums, alumni sites, and news posts, for e-mail addresses. These software bots can locate thousands of e-mail addresses an hour, and spammers run them day and night. To avoid having your address harvested in this way, don't put your main e-mail address on any website, forum, or newsgroup. Use a separate address that you don't mind getting spam to.
• MX Server Extractors: These programs exploit Internet mail server protocols. When an e-mail is sent to you it is handed over to your Mail Provider's server, which starts "communication" with the sender. The sender's server asks to deliver a message to a user on your server, but before the message is actually accepted by your server it wants to know who it the mail is addressed to. So your address is sent over, and your server replies whether the name is OK, or the address does not exist on the server (what happens when a message is "bounced" back to you). Basically the MX server extractors mimic the communication without actually trying to send the message. Think of it as someone ringing your doorbell and asking if "Joe" is home, no one named Joe may live at your house, however if the person at your door tries enough names sooner or later the may stumble upon yours, and you will say "Yes". Programs exist that can mine over 5000 e-mail addresses per minute, and believe it or not those programs can be purchased by unscrupulous spammers for less than $100.
• Viruses, Spyware, and Mailicous Code: Not to long ago viruses and spyware started to appear that transparently load themselves on your computer or are sent via e-mail to your mail client. As soon as you open books, contact lists, and distribution lists, they are scanned and then reported back to home base. KU has a guide to spyware that you can view if you are interested.

Because of the way Internet mail works, it's not necessary for someone to be listed on the To or Cc lines of an e-mail in order for the e-mail to be sent to them. With few exceptions, the headers of an e-mail (the From, To, Subject, Date, etc lines at the top of the message) can be made to look however the program creating the message wishes them to. You can also be added to the recieving list as a Bcc, or Blind Carbon Copy, which does not show your address in the To or Cc header. Additionally, some viruses choose a random e-mail address out of an infected person's address book and put that in the From header. This means that anyone who has your name in their address book could potentially be sending out mail that looks like it comes from you.

Unless the spam is from a legitimate company (such as Amazon, Yahoo!, or another recognized and legitimate company), don't EVER click on those links and enter your e-mail address. These links often go nowhere and waste your time. Just as often, however, they are used to confirm that the spam reached an e-mail address that is actually checked, and spammers use this information to send you MORE spam. Nobody wants that, so just don't do it.

We are researching and hope to deploy in the not-too-distant future an anti-spam solution for KU that will allow most of the spam coming in to everyone's mailboxes to be dealt with automatically. In the meantime, we encourage people to submit any spam they may receive to abuse@ku.edu so that we may report, and in some cases as allowed, block, the spam. If you do submit spam in this manner, please be sure to include the full internet headers for each spam. Instructions on how to do this are located at http://www.security.ku.edu/spam/reporting.jsp.

Information will be updated shortly.

You can view the headers on the message and submit them to an online spam tracing service such as spamcop.net (free membership required). To see how to show the full headers on a message, see http://www.security.ku.edu/spam/reporting.jsp.

Usually a polite message to the owner of the offending list will stop the messages. If you absolutely can not get off the list, forward your complaint to abuse@ku.edu and we'll see what we can do for you.

The Information Technology Security Office (ITSO) handles all spam reporting on the Lawrence KU Campus.

No, and we won't in the future, either.