> Desktop Security
SPAM!
What is it?
Why do we get it?
What can you do about it?
What is Spam?
If I had to pick one subject that is sure to cause high
blood pressure in the vast majority of people who find themselves working at a
computer, it would be Spam. For the fortunate few who might not know what spam
is, I’ll start by offering a definition:
Spam (spam) n. Any form of unsolicited commercial email
(UCE), sent to mailing lists or individuals; the electronic form of junk mail.
The reason spam is so abundant is simple. Spamming can be an
incredibly lucrative source of income that has very little start up expenses
associated with it. All that is required is a simple computer, a list of
victims to be spammed, and a good Internet connection. If you are an
unscrupulous individual, you could abuse an unsecured email server and do away
with the high speed Internet connection.
Why do we get Spam?
There are very many ways for your email address to show up
on a spammers address list. The most common methods for spammers to discover
your email address is still by either giving it to them, or making it available
to them.
Giving your email address to spammers is still the quickest
way to get a metric ton of junk emails. If you sign up for any sort of service
via the Internet, the companies who collect this information often share this
information with other companies, or even sell it directly to marketers.
Publishing your email address on a publicly searchable web
page is almost as bad as giving your email address away. The only difference
being that the spammers will simply have to find your email address. Spammers
have created automated methods of searching through web pages for email
addresses. If you’ve published your email address on a web page, it won’t take
long before you start receiving your fair share of spam.
Forwarding chain letters is also a way for spammers to
gather email addresses. This method has lost much of its appeal to spammers
since the small number of addresses obtained for the amount of work invested
doesn’t make it nearly as attractive as the automated methods mentioned above.
What can you do about it?
There are many options for controlling how much spam you
receive, or how that spam is handled once it lands in your inbox.
To prevent spam:
- Try not to post your email address on a web page. If
possible, you can mask your email address to make it harder for automated
methods to find your real email address in a web page. For example, list your
address as “someone@nospam-montana.edu” and instruct readers to delete “nospam-”
before sending the message. The only problem with this method is that is
requires some manual intervention on the part of the sender instead of simply
clicking on a link.
- Never reply to spam from an unknown source or a shady business.
When you reply to a spam message, not only are you confirming that they’ve
reached a valid email address, but that there is someone reading the messages
sent to that address. If the message is from a reputable company and offers a
way to unsubscribe you from their mailing list by either replying to the
message or clicking on an unsubscribe link, its probably safe to do so. Again,
it depends on how reputable the company in question is.
- Use a temporary email account when signing up for free services.
Sometimes you are required to provide a legitimate email address to sign up
for some sort of service on the Internet. These sites will often email you a
confirmation code or a password, so simply giving them a bogus email address
isn’t an option. What I usually do in this situation, is open a free Hotmail
or Yahoo email account and just use it that one time to get the confirmation
code. Most free email providers will delete your account after 30 days of
inactivity, so don’t feel guilty for taking advantage of a free email address.
To control spam:
- Install a spam filter. Most methods of controlling spam
involve some sort of filtering technology. Some of the technologies include
key word filters, Bayesian algorithms or subscription based services.
- Keyword filters can be tricky. For example, you instruct Outlook
to automatically delete anything with the word Viagra in the message text. The
first thing you’ll probably notice is that spammers often disguise the word to
get past keyword filters (v1agra, v-i-a-g-r-a, etc). The next thing you might
not notice, because you might never see it, is a legitimate email message that
for some reason contains the word Viagra and gets deleted.
- Bayesian filters, when configured correctly, can be very
helpful. Bayesian based filters use algorithms to search the message header
for clues that result in the message receiving a score. The messages can be
kept or deleted based on how high of a score the message receives.
- Subscription based services filter messages based on known spam
content or the addresses of email servers known to send excessive amounts of
spam. Subscription based services usually involve some sort of fee and don’t
adjust well to your personal preferences as to what constitutes a legitimate
email message.
- For a review of commercial spam filtering software products,
visit: http://www.spamfilterreview.com
. Note: All of these products are retail products that are for sale, and some also
require an annual subscription fee.
- If you’re not interested in wasting money, then we’ve found a
great product that does as well if not better than most of the products listed
in this review. It’s called Spambayes,
and it’s available for download - free of charge. It works with Microsoft
Outlook and you can train it to recognize what you consider to be legitimate
email and what you want to treat as spam. After running Spambayes for only a
couple of days, it was moving most of the spam I receive to a designated junk
email folder. After a couple of months, it’s now filtering out at least 99% of
the spam I receive. Instead of trudging through a ton of spam looking for
legitimate emails every time I sit down at my desk, I now quickly scan the junk
email folder looking for any legitimate emails once a week before simply
deleting all the spam. I would recommend staying with the default of moving
junk mail to a junk folder instead of immediately deleting it because no spam filter
is perfect and legitimate email will occasionally get marked as spam.
More information on spam and how to prevent it can be found
online at:
Microsoft Certified Professional Magazine – May 11, 2004:
http://mcpmag.com/news/article.asp?EditorialsID=688
Microsoft Office Online - 2004
http://www.office.microsoft.com/assistance/preview.aspx?AssetID=HA011194221033
In depth information can be found online at:
http://www.securityfocus.com/infocus/1763
(Part 1 of 2)
http://securityfocus.com/infocus/1766
(Part 2 of 2)
If you are having trouble with this page...you probably can't read this and any contact information I put here would be useless.
|
