Charles Sturt University
Charles Sturt University


Spam is basically junk email and is used as a cheap way to advertise. The term spam was originally used to describe emails which were

  • unsolicited advertising for a product or service
  • sent to many recipients (aka bulk email)

Since then people have also started using it to describe phishing and malware emails. Phishing emails are often called spam but they have different intentions. They are not trying to sell a product or service though they may pretend they are to trick you. They attempt to acquire information such as your usernames, passwords and credit card details by sending an email which appears to be from a legitimate business, organisation or individual. These emails most commonly direct you to click a link, go to a website and enter your details which are then captured and used to access your accounts without your knowledge. When spam and phishing emails contain viruses and links to websites (which have viruses or spyware) they are described as malware (mal is short for malicious). When files attached to emails are opened or links to malicious websites are clicked on they can trigger installation of software on your computer which captures your usernames, passwords and financial account details.

It is essential to educate yourself about phishing emails because identification and prevention is the best protection against these scams.

The Department of Communications provides a number of resources about online safety and security

Prevalence of spam

According to the first quarter 2013 Commtouch Internet Threats Trend Report an average of 97.4 billion spam emails and 973 million malware emails were sent worldwide each day. In March the number of daily spam emails sent was 117.8 billion. Spam is an international problem and many governments have introduced legislation to start trying to combat it.

The Australian Communications and Media Authority (ACMA) is responsible for enforcing the Spam Act 2003, which prohibits the sending of ‘unsolicited commercial electronic messages’ (known as spam) with an 'Australian link'. A message has an Australian link if it originates or was commissioned in Australia, or originates overseas but was sent to an address accessed in Australia.

The Spam Act covers email, mobile phone text messages (SMS), multimedia messaging (MMS), instant messaging (iM), and other electronic messages of a commercial nature.

How does a spammer or cybercriminal get my email address?

There are a variety of ways spammers and cybercriminals obtain email addresses including

  • crawling the web for @ sign (sophisticated programs allow them to automatically scan webpages to harvest email addresses)
  • buying lists (list of email addresses can be purchased both legally and illegally)
  • hacking email accounts, email servers and computer networks
  • using tools to generate common usernames and combining them with specific domains eg,,, etc
  • using tools to scan UseNet posts, from IRC and chat rooms
  • viruses which harvest emails from emails and address books on infected computers

A cybercriminal is an individual who uses computers or mobile devices and the Internet to commit crimes such as distributing viruses, spyware and malware, identity theft, stealing account details, hacking etc.

Top of page

Why doesn't anti-spam software and hardware appliances stop all spam?

There is a fine line between preventing delivery of unsolicited email whilst providing access to legitimate email. Anti-spam software and hardware appliances are used to block delivery of emails based on a set of rules including

  • checking senders name and addresses against a blacklist
  • checking recipients names and addresses according to certain criteria eg if the mail is sent to a very large list which is sorted alphabetically it could be considered spam and filtered (delivery prevented/blocked)
  • looking for predefined words or phrases eg online pharmacy, Cialis, Viagra, online degrees, online casinos, online dating, replica watches, swear words etc

Whilst emails containing the above are unsolicited by most they are legitimate for some eg those who are a member of online dating sites, use online casinos, purchase medication from online pharmacies, are receiving emails that contain a swear word etc. This is where the difficulty lays in identifying spam emails at an enterprise level. This is why you should review blocked messages on a regular basis to ensure no legitimate emails have been blocked. If they have been you can elect to deliver the and approve the sender. See links to using the CSU spam filtering system in the sections below for more information.

Top of page

How to minimise your exposure to spam

The best defence against spam is to take proactive steps to reduce it in your primary accounts. One way to limit possible exposure is by creating an additional email account which you only use to sign up to mailing lists, chat rooms, blogs, coupon providers, newsletters etc. You can also use it when completing forms on websites to request information. That way if one of the organisations sells their lists this account gets spammed instead of your primary account(s) eg work and home.

You should

  • keep your virus protection up to date to prevent virus and malware infections, run regular scans
  • check privacy policies before submitting your email address to a website (check if they provide your email address to other companies)
  • when signing up to an organisations mailing list be aware of pre checked boxes that give permission for its partners to send updates
  • delete spam or unsolicited email messages
  • do not reply to spam under any circumstances. By replying to spam you confirm your email address exists which means it will keep being sent until the sender is blacklisted
  • don't click unsubscribe links in unsolicited emails. This is another attempt to confirm your email address exists
  • be smart online
  • learn how to use the CSU Spam Filtering System to block and approve senders

Be careful when downloading adware, freeware and shareware. These sites often ask for an email address before providing access to the download. Use an additional email account (as advised above). You should also only get software from large and trusted sites. Always scan a file before opening in case it is infected with a virus.

Top of page

Using the CSU Spam Filtering System

The CSU Spam Filtering System scans incoming and outgoing emails for spam. If an email is deemed to be spam, it will be quarantined by the CSU Spam Filtering System. They are filtered into quarantine in case they are legitimate emails. If they are you can deliver and approve sender so future emails from that sender are always delivered and not quarantined. You will receive a daily notification of any emails which have been detected as spam so you can login, review and take the necessary action. You can login to the system from anywhere you have an Internet connection using the address below.

Top of page