Skip to content

Services, Wiki-Artikel, Blog-Beiträge und Glossar-Einträge durchsuchen

↑↓NavigierenEnterÖffnenESCSchließen
Bedrohungslandschaft Glossary

Spam

Unwanted bulk emails or messages sent for advertising purposes, phishing, malware distribution, or fraud—one of the oldest and most widespread phenomena on the internet.

Spam refers to unsolicited messages sent in bulk—primarily emails, but also text messages (smishing), comments on forums and social media, and instant messages.

Types of Spam

Advertising spam: Mass advertising for products (both legal and illegal)—Viagra, financial products, counterfeit luxury goods. Annoying, but usually harmless.

Phishing spam: Fake emails that link to phishing sites to steal login credentials. A dangerous type of spam.

Malware spam (malspam): Emails with infected attachments (Word documents with macros, ZIP files containing ransomware) or links to malware downloads.

Business Email Compromise (BEC): More targeted fraud, often without mass distribution—but technically also using spam infrastructure.

Spear spam: Mass mailings with personalized elements to lower detection rates.

Why so much spam?

Spam is the most cost-effective attack medium: Millions of emails cost attackers just a few euros (botnet infrastructure), and even a click-through rate of 0.01% on phishing links can be profitable.

According to the APWG and Google: 45% of all emails sent worldwide are spam—that’s around 122 billion spam emails every day.

Combating Spam

Technical:

  • Spam filters at the server level (Bayesian filtering, machine learning)
  • SPF, DKIM, DMARC – prevents domain spoofing and improves spam detection
  • Reputation-based blocking – blocks known spam IPs and domains
  • Greylisting – temporarily rejects unknown senders (Spammers do not try again)
  • CAPTCHA - prevents automated forms from being used as a source of spam

Organizational:

  • Do not post company email addresses in public forums
  • Email harvester protection on websites (addresses displayed as images or JavaScript)
  • Regular employee training on spam detection

UWG (Unfair Competition Act): Unsolicited promotional emails to consumers are prohibited in Germany. Subject to warning letters.

GDPR: Processing email addresses for advertising without consent constitutes a GDPR violation.

Fines: Up to 300 EUR per unauthorized spam email (based on court practice); for large-scale campaigns, this can threaten a company’s existence.

Spam and DMARC

DMARC (Domain-based Message Authentication, Reporting & Conformance) is one of the most effective technical measures against email abuse: It prevents attackers from using your domain for spam and phishing. Companies without a DMARC policy jeopardize their domain reputation and their own deliverability.

AWARE7 Services on This Topic

Security Awareness Training
Back to Glossary Book a free consultation