Ham v Spam: what's the difference?
One of the most common calls I answer from Network Administrators is: “Why are we getting so much email spam?” When I look at the examples they provide, many times I see that the email message is actually ham, not spam.
The following is a brief article to help you to identify the difference between Spam and Ham and what to do about them.
So, what is Spam?
Wikipedia describes Spam as “the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately.” This is a commonly accepted definition in the industry, though there are variations in how governments define and regulate spam. For example, in the United States, any commercial email has to comply with Spam regulations, even if the email is not sent in bulk.
The key word here is unsolicited. This means that you did not ask for messages from this source. So if you didn’t ask for the mail it must be spam, Right? That is true, however quite often people don’t realize that they are signing up for mailers when they download free software, or sign up for a new service, or even when updating existing software. The best way to deal with spam is to forward the message to the system administrator.
In 2003 the CAN-SPAM ACT was made law. This act defines the rules for advertisers and bulk mailers to follow. In order to legally send bulk mail and advertisements, they are required to adhere to the following guidelines:
- The header of the commercial email (indicating the sending source, destination and routing information) doesn't contain materially false or materially misleading information;
- The subject line doesn't contain deceptive information;
- The email provides "clear and conspicuous" identification that it is an advertisement or solicitation;
- The email includes some type of return email address, which can be used to indicate that the recipient no longer wishes to receive spam email from the sender (i.e. to "opt-out");
- The email contains "clear and conspicuous" notice of the opportunity to opt-out of receiving future emails from the sender;
- The email has not been sent within 10 days after the sender received notice that the recipient no longer wishes to receive email from the sender (i.e. has "opted-out");
- The email contains a valid, physical postal address for the sender.
So what is Ham?
The term ‘ham’ was originally coined by SpamBayes sometime around 2001 and is currently defined and understood to be “E-mail that is generally desired and isn't considered spam.”
Desired? You may be saying to yourself “I do not desire this mail; how is this ham and why am I getting it? “ The answer is you requested it.
There are two ways you could have signed up for this email.
- Directly- While downloading free software such as a browser or a game or signing up for a new online service you were required to agree to and check the box agreeing to their Terms of Service (TOS). Below or above the TOS were other checkboxes. One said “Yes! I would like to receive information and offers from you and your partners.” If you checked this box, then legally you asked for this email.
- Indirectly- This is the same scenario as Directly signing up except, The box for the information and offers is pre-checked, leaving it for you to uncheck the box if you do not want to be on their mail lists.
Either way, once you are on a bulk mail list, they can legally send you the offers (and rarely any information worth anything) as long as they follow RFC Regulations.
The good news is that if they follow RFC Rules, then it is easy to stop these emails. All you have to do is simply “click to unsubscribe,” and the mail stops. That is if they follow rules.
Malicious spammers especially will take advantage of this and offer the same format at the bottom of their emails linking the unsubscribe link to malicious downloads and/or tracking cookies, etc...
How am I supposed to know the difference?
Here are a few simple things to look for when evaluating the legitimacy of a message:
- Check who the email is from. An email address has two parts:
- The username- the part before the “@” sign
- The domain- the part after the “@” sign
- Mouse over the “unsubscribe” link or button
- If the end of the address something(.com,.org,.net,.gov,etc…) is the same as the from domain name it is a good bet that this is legit ham and it is ok to click to unsubscribe.
- If the end of the address does not match the from domain, Don’t Click It! This still may be badly formatted legit mail, but why take a chance. Instead forward the mail to postmaster@ (your domain) they will know what to do with it.
- Another option that can be exercised, especially if the mailer is from a legitimate retail or such, is to contact them directly and let them know you will not shop with them as long as they use such tactics to advertise.
- Most Retailers do not knowingly employ spam as a means of advertising, however quite often we receive spam from them. The reason is Retailers hire Marketing firms that may employ other firms some of which for economic reasons hire less scrupulous bulk mailing firms. Letting a retailer know of this allows them to review whom they do business with. This tactic is also prohibited in the CAN-SPAM ACT.
A Hacker's greatest tools are the oldest tricks in a book written before time. Those tricks still work today.
Our Threat Spotlight series has detailed analyses and images of recent attacks.