The original list of problems was compiled by Liudvikas Buky (). Ref: http://www1.ietf.org/mail-archive/web/asrg/current/msg01077.html. I have added some of my own. So, here is the list. Evading accountability - forging envelope sender - forging From header Exploitation of weak systems - exploit open smtp relay - exploit insecure web services (cgi formmail) - exploit open proxies (HTTP CONNECT, HTTP) - exploit HTTPD to "spamvertise" hosted site. Aggressive database generation - directory harvesting (web, LDAP) - name guessing & probing - name guessing without probing [selling bogus data to others] - inappropriate database sharing/selling Inadequate opt-in - no actual opt-in - deceptive opt-in - single opt-in without confirmation Inadequate opt-out - opt-out not implemented - opt-out ineffective (pro forma removal from one list not all) - opt-out untimely - opt-out difficult to execute - opt-out hostile (used only for address verification & enrollment in even more databases) Evasion of automated filters - content randomization - eyespace transformation - misspelling - punctuation and spacing - substitution of visually similar characters - html coding tricks - slice&dice tables - javascript-generated content - font size/color/background - mime multipart encoding - inclusion of non-spam chaff (visible or invisible) - content in images, not text - content in other external links Evasion of human caution - fake DSN - fake content resembling common cgi-to-mail - "returned your call", "your account has a credit", etc Not a real business - spam as chain letter/pyramid, selling software and bogus data to the naive - spam as DoS attack, no real solicitation in content False claims - false claims regarding opt-in Fraud & Crime - Nigerian 419 - eBay password/credit card theft - payPal password/credit card theft - phishing in general