Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.
Stopping Spam: Creating a Stronger, Safer Internet
Report of the Task Force on Spam
- Address harvesting
- The collection of lists of email addresses by automated means from websites or other online sources.
- Black list
- A list of IP addresses, domains or email addresses from which email is not accepted. The most common form of black list is a Domain Name System black list (DNSBL), a list of IP addresses distributed via the Internet's DNS. Popular DNSBLs include the Spamhaus Black List (SBL), the Composite Black List (CBL) and the original DNSBL, called the Mail Abuse Prevention System (MAPS) Reverse Black List (RBL). Contrast this with "white list."
- A collection of "zombies" used to send spam or for another purpose. A single botnet often contains hundreds or thousands of computers.
- The process of rejecting the attempted delivery of an email message. Sometimes a stylized "bounce report" email message reports that a previous message couldn't be delivered.
A bounce may be a "soft bounce," in which case the sending computer can retry the delivery later, or a "hard bounce," in which case the delivery is a failure.
A soft bounce may occur because the recipient's mailbox is full, the server is overloaded or there are other temporary problems. A hard bounce most often occurs because the recipient address is invalid or the recipient host, by policy, rejects mail from that sender.
- The series of mouse clicks and related actions that a user makes while visiting a website. For an e-commerce website, a clickstream might include browsing the catalog, putting items into a virtual shopping cart, providing payment and shipping information, and then entering the order.
- A small data file created by a web server and stored on a user's computer. Cookies are a way for websites to identify users, keep track of users' preferences and recognize users who are revisiting the website. By keeping user histories, cookies let websites tailor pages and create custom experiences for individuals. Depending on how the web server is programmed, cookies may also contain personal information, such as site passwords and account numbers.
First-party cookies are ones created by the website you are visiting. Third-party cookies are created by a website other than the one you are currently visiting, most often a third-party advertiser on that site. Third-party cookies let advertisers determine whether an individual user is visiting multiple websites that display the advertiser's ads, and are often considered a privacy risk.
- To encourage a customer to buy a product or service related to one already purchased. Contrast this with "up-sell."
- Denial of service attack
- Often abbreviated as DoS or DOS. An attempt to keep a server or
network from performing its intended function, by flooding it with unwanted traffic. For example, an attacker could send tens of thousands of email messages to a mail server to overload it and keep it from processing desired mail. Many different DOS attacks and targets are possible, including attacks on mail servers, web servers, DNS servers and network routers. Spam sent in large volume can act as a DOS attack on mail servers.
- Dictionary attack
- An email-address guessing technique. The attacker tries to deliver email to a large number of made-up addresses, using either words out of a dictionary or letter combinations such as firstname.lastname@example.org, email@example.com or firstname.lastname@example.org.
- Domain Name System, the system that lets users locate computers on the Internet by domain name. DNS servers maintain a database of domain names (i.e. host names) and their corresponding IP addresses. For example, if the name www.mycompany.ca were presented to a DNS server, the IP address 22.214.171.124 might be returned. The DNS includes several different kinds of data, such as A records for IP addresses and mail exchanges (MXs) for mail servers.
The DNS is distributed among many different servers, with most servers delegating responsibility for names to other servers. In the example above, the Internet Assigned Numbers Authority (IANA), which is responsible for the entire DNS, would delegate all of .ca to the Canadian Internet Registration Authority (CIRA), which, in turn, would delegate all of .mycompany.ca to the registrant for that name, which, in turn, would operate the DNS servers that have information for www.mycompany.ca.
- A name used on the Internet. Domains consist of multiple sections separated by dots, such as ic.gc.ca or www.mycompany.com.
- Domain keys
- A technology proposal by Yahoo!® that puts a cryptographic signature on messages, which recipients can verify. This provides a way to verify both that the message was sent from the domain of its email sender and that the message was not altered during transit.
- EHLO/HELO identity
- The name by which a sending computer identifies itself to a receiving computer at the beginning of each SMTP transaction. The command the sending computer uses to identify itself by this name to the receiving computer is called the "EHLO" or "HELO" command.
- Email address
- The name by which the sender or recipient of an email is identified. Each address is of the email@example.com form, where dom.ain is a domain name that can be looked up in the DNS, and mailbox is an arbitrary identifier used by the domain's management to identify a mail user.
- ESP or email service provider
- A company that provides email services to other businesses. ESP services include collecting and maintaining lists of email addresses, sending bulk email to the addresses on the lists, removing addresses that bounce, and dealing with complaints and abuse reports related to the mailings.
- Existing business relationship
- An existing business relationship exists where:
- the recipient has purchased a product or service from an organization within the past 18 months; and
- the recipient has not unsubscribed or opted out from commercial or promotional email messages, or otherwise terminated the relationship.
- An affiliate or third party may not rely on another organization's prior business relationship in order to send commercial or promotional email messages.
- Software used to separate wanted from unwanted email, based on the mail's characteristics. Filters might check for specific text strings, approximate text patterns, similarity to other messages or other criteria.
- Shorthand for "address harvesting."
- In Internet email, the initial part of a message, consisting of a series of lines that describe the message. Each header-line starts with a label such as From: or Subject: to identify its meaning. The header is followed by a blank line, and then the body of the message.
- Hypertext markup language, the coding scheme used to format web pages and formatted email messages. HTML uses textual tags, such as <h2>A Topic</h2> to indicate a second-level header, or <b>important text</b> to indicate bold-faced text.
- Identity theft
- The use of stolen personal information to impersonate someone, generally for financial fraud purposes. An identity theft may involve impersonating a victim to gain access to existing bank accounts or take out bank loans, or for other fraudulent purposes.
- IM or instant messaging
- Text messages delivered immediately from the sender's computer to recipients. Popular IM systems include AOL® Instant MessengerTM, Yahoo!® Messenger and MSN® Messenger.
- Implied consent
- The Canadian Standards Association Model Code says that "Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual." This covers situations where intended use or disclosure is obvious from the context, and the organization can assume, with little or no risk, that the individual, by providing personal information, is aware of and consents to its intended use or disclosure. (Source: Office of the Privacy Commissioner of Canada fact sheet.)
- IP address
- Internet protocol address, the number that identifies a computer or other device attached to the Internet. An IP address is usually written as four decimal numbers separated by dots, as in 126.96.36.199.
- A general term for hostile software such as viruses, worms and Trojan Horses.
- Marketing email
- Email primarily advertising the availability of goods or services. Contrast this with "transactional email."
- Also called "express" or "positive consent." Under this form of consent, commonly referred to as "express consent," the organization presents an opportunity for the individual to express positive agreement to a stated purpose. Unless the individual takes action to "opt in" to the
purpose — in other words, says "yes" to it — the organization does not assume consent. (Source: Office of the Privacy Commissioner of Canada fact sheet.)
- Also called "negative consent." The organization presents the individual with an opportunity to express non-agreement to an identified purpose. Unless the individual takes action to "opt out" of the purpose — that is, say "no" to it — the organization assumes consent and proceeds with the
purpose. The individual should be clearly informed that the failure to "opt out" means that the individual is consenting to the proposed use or disclosure of information. (Source: Office of the Privacy Commissioner of Canada fact sheet.)
- Impersonation of a trusted person or organization in order to steal a person's personal information, generally for the purpose of "identity theft." For example, an email message may appear to be from a well-known bank asking recipients to visit a website to confirm their account details, but the website is
actually controlled by a hostile party.
- Port 25 blocking
- Traditionally, every computer on the Internet has had the technical ability to send mail to any other computer. In practice, most ISP customers send their outgoing mail to their ISP's mail server to be forwarded along to its ultimate recipient. In recent years, the large majority of mail sent directly, rather than via the ISP,
has become spam and viruses. Many ISPs now block their customers from sending mail directly, and require it be sent via ISP mail servers, where the ISP can do virus filtering and take other anti-abuse measures. Since transmission control protocol (TCP) assigns each type of service a port number, and email is sent via port 25, this is called "port 25 blocking."
Blocking port 25 for consumer dial-up and broadband customers is widely considered a best practice.
- Port 587 or SUBMIT
- An alternative facility many mail systems provide for users to send outgoing mail to the ISP's mail server. It requires its sending users to authenticate themselves before sending, making SUBMIT much more auditable than port 25 mail. SUBMIT is also sometimes called port 587, after the TCP port number it uses.
- rDNS or reverse DNS
- Reverse Domain Name System, a service that looks up IP addresses to find domain names. It performs the opposite function of the usual DNS lookup. Reverse DNS is often used to log incoming traffic by
domain name for statistical and auditing purposes. It is widely considered a best practice for all mail client and server computers to have accurate rDNS.
- Role account
- Email accounts that must be in place and maintained by all domains with Internet connectivity, as specified in the Internet Engineering Task Force's Request for Comments (RFCs) document series. Such accounts include firstname.lastname@example.org, email@example.com and firstname.lastname@example.org.
- Sender ID
- An authentication scheme, similar to SPF, sponsored by Microsoft.
A computer that provides one or more services to other computers, such as email, DNS or World Wide Web pages.
- Simple Mail Transfer Protocol, the scheme used to send mail from one computer to another over the Internet. SMTP is defined in the Internet Engineering Task Force's Request for Comments series (RFC 2821).
- Although there is no internationally agreed-upon definition of "spam," many countries consider it to be any bulk commercial email sent without the express consent of recipients.
- Sender Policy Framework, an extension to the SMTP mail protocol on the Internet. It tries to determine the legitimacy of an email message by comparing the domain in the sender's email address to a list of computers allowed to send mail from that domain. See http://spf.pobox.com for more information.
- Impersonating another person or organization to make it appear that an email message originated from somewhere other than its actual source.
- Software that collects information about a user without the user's knowledge or consent. Also, software that modifies the operation of a user's computer without the user's knowledge or consent. Typical kinds of spyware include keyloggers, which send a list to a third party of the keys that a user pressed, and adware, which displays to the user advertisements selected by the adware's owner.
- Subject line
- A line that is part of the headers at the beginning of each email message. Mail programs invariably display the subject lines when showing a list of messages. It is widely considered a best practice for the subject line to accurately describe the contents of the message.
- Text messaging
- Short messages consisting of text rather than images. Text messages can be either "instant messages" or short mobile-phone messages.
- Transactional email
- Email primarily containing information about current or prior business dealings, such as confirmation of a sale, a registration number, an invoice, or an opt-in or opt-out confirmation. Contrast this with "marketing email."
- Transient failure
- A brief malfunction that often occurs at irregular and unpredictable times.
- Trojan Horse
- Software that, in addition to its nominal function, secretly performs a second function.
- To try to sell a customer a more expensive item or a more expensive version of a product or service. Contrast this with "cross-sell."
- Uniform resource locator, a name used to identify a web page or other online resource, typically of the form http://www.mydomain.ca/somepage.
- "Malware" that spreads by attaching itself to another resource on a computer. Early viruses spread by attaching themselves to application programs, but current viruses spread by email. Contrast this with "worm."
- Web bug
- Also called a web beacon, pixel tag, clear GIF (graphics interchange format) or invisible GIF. A way for an HTML email message's sender to determine if and when the message was opened and read.
- West African, 419 or Nigerian scam
- An advance-fee fraud in which the perpetrator claims to be an official, typically in West Africa, who wants the victim's help to steal large amounts of money from a government account. Also known as 419 fraud, after the section number of Nigerian law that forbids it.
Before this scam moved to Africa, it was best known as the Spanish Prisoner, in which form it dates from the 1600s.
- White list
- A list of email addresses or IP addresses from which a mail server is configured to accept incoming mail. White lists can be useful as one part of an email filtering system. Compare this with "black list."
- An Internet service used to ask registrars for a domain or network's registration information. It has not been universally implemented.
- "Malware" that spreads directly by copying itself onto other computers through security holes in the other computers' software. The earliest worm used a security flaw in Sun Microsystems' Solaris systems and in VAX systems, but current worms all use flaws in Microsoft Windows. Contrast this with "virus."
- A computer infected by "malware" so that the computer can be remotely controlled by the creator, distributor or controller of the malware. The majority of spam is currently sent through zombies.
- Date modified: