July 2000• Vol.8 Issue 7
Page(s) 66-67 in print issue

Spamitize Your Inbox
How To Prevent & Deal With Junk E-mail
Jump to first occurrence of: [MAIL] [SPAM]

No look at Internet spam can truly be complete without a brief nod to The Monty Python group and its homage to the tasty meat treat in a can. The British comedy troupe turned a rather pedestrian processed pork brick into a cultural icon with its amusing musical tribute. Even though electronic spam can certainly be filling, it’s definitely nothing to smile at.

If you’ve ever received e-mails from people named “KandyKane” or “MegaMillions” that promised adult pictures, incredible business opportunities, impossible health cures, or free college diplomas, you have received spam. Spam is the extreme state of UCE (unsolicited commercial e-mail), and it has turned into a flood of messages the Internet has proven incapable of stemming. At the least, it’s an annoyance; a constant trickle of the unwanted and inappropriate. At the most, it’s a real threat to legitimate Web businesses that find every e-mail they send being lumped in with the garbage messages.



 Low Fat Or Regular?

There are two types of spam. The first is of the newsgroup variety. These are messages sent to numerous Usenet newsgroups at once. This involves no e-mail addresses on the part of the spammer, and as such, this spamming technique is easy to use. Usenet has been so plagued with spam that its popularity has seen a steady decline over the past couple of years. ( Usenet is a giant bulletin board on the Internet consisting of user news, e-mail, and forums that discuss thousands of topics. A newsgroup is a virtual area on the Internet reserved for the discussion of a certain topic.)

The second type of spam involves your e-mail inbox. As we’ll show in a moment, your e-mail address is extremely vulnerable, and spammers are pros at harvesting addresses from Usenet, Internet mailing lists, and the Web itself. All it takes is a mailing list and a simple piece of bulk e-mail software, and a spammer is immediately up and running, sending hundreds of thousands of e-mails a day for a few pennies.



 The Price Of Canned Meat.

The recipients of spam bear its real cost. For those with measured phone service, spam is an obvious drain on the pocketbook because it costs money to download junk mail. It also costs ISPs (Internet service providers) and online services to transmit and handle so much e-mail, and these providers then pass their costs on to the consumers. Spam also sucks up bandwidth (the capacity a network or data connection has for carrying data), slowing traffic to a crawl as millions of “Free Valium” and “Freedom From Your Debt” messages clog the system.

As the cheapest ways to mass “advertise,” spamming tends to attract businesses with products that are of such poor quality it does not make sense to pay to advertise them. Spam also attracts people selling illegal products and services, and as the e-mail nobody wants, spammers “pretty up” their messages with misleading subject lines and invalid e-mail addresses to try to thwart filtering attempts and get recipients to open them. Spammers can spoof addresses in the From field to make it seem as if they came from just about anywhere (even from you). In addition, with Trojan horses (viruses that falsely appear to be useful applications and slip into a system unnoticed) such as BackDoor-G and BackOrifice, systems without updated virus-protection software face the possibility of having their systems actually being physically used to send out spam.

Even though spam is a big problem, there are things you can do to protect yourself from this junk e-mail.



 Inoculation.

Without exception, the best way to deal with spam is to shut it down before it happens. It’s much more difficult to get your name off a list than to keep it off in the first place. You should diligently guard your e-mail address and selectively reveal it to others. These are the keys to keeping your spam inflow to a minimum.

Posting to Usenet newsgroups is the classic way your e-mail address can fall into the wrong hands. Spammers using simple harvesting software can easily and quickly strip addresses from thousands of posts. So the harder you make it for them, the better your chances to escape with your e-mail address unharvested. One long-time trick is to place “NOSPAM” text somewhere in the address, such as name@NOSPAMdomain.com. Unfortunately, this has become so popular that it may be easy for spammers to strip the “NOSPAM” text out, so try a different phrase.

One more way to duck the harvesting bots is to avoid putting your address in a click-to-e-mail form, such as mailto:name@domain.com. Even though this makes it easy for people to respond to you, it’s also something bots look for. By the same logic, don’t put a click-to-e-mail link on your Web page.

Try to avoid member directories or other locations on the Internet where e-mail addresses gather (and spammers prowl), as well. Because these people deal in bulk your e-mail address by itself isn’t going to appeal to them. Your e-mail address in a group of thousands, though, is too tempting to resist. You also can try to choose a user name that begins with a letter further along in the alphabet (admit it, you’re always fancied yourself as a Zelda). Spammers often sign up for trial ISP accounts to run their programs, and these mass-mail sessions are often cut short. Because most mailing lists are sold in alphabetical order, a user name beginning with the letter “Z,” for example, is much less likely to be harvested.

One more strategy you may want to try is to employ a system of using many e-mail addresses. The Internet is now rich with free e-mail systems such as Hotmail (http://www.hotmail.com/) and Yahoo! Mail (http://mail.yahoo.com/), and you can easily dispose of these if they become clogged up with junk. By using these accounts to post to newsgroups and other high-risk areas, you’ll also keep your primary ISP account “clean.”



 Infection.

“Too late!” you cry, your inbox awash with fresh offers for loans and fake licenses. You’re already knee deep in spam, and it’s rising fast. What can you do?

First, don’t spam the spammer. Not only will this confirm your e-mail address is valid but also attract the special attention of someone whose primary skill is the ability to send out 1 million e-mails a day. In addition, if a spammer is using an innocent third party to forward the mail (or spoofing the From address), you may be dumping on someone who doesn’t deserve it. Don’t threaten, don’t mail bomb (when someone transmits mass amounts of e-mail and attachments and clogs a single recipient’s mail system), and don’t respond, even to the Click This To Have Your Name Removed link. (They usually don’t work anyway).

Don’t bother adding your name to an opt-out list, either. Spammers know you hate them and don’t want their e-mails. They know one in 10,000 actually does, and they’re willing to bury those 9,999 to find the one. It costs them pennies and is still legal almost anywhere, and it is the way they do business. Why should they spend time comparing opt-out lists with their mailing lists? At the very least, opt-out lists are just another possible revenue source for many.

In addition to filtering (see the “Sift Out Spam” sidebar), complaining to the right sources can often help. One good source is the postmaster of the ISP where the mail came from, and for this, you’ll need the real domain (a group of connected computers) where the mail originated from. Don’t bother with the From field; it usually contains an invalid address. To find the real point of origin, check the Message-ID field. (You may need to tinker with your e-mail client to get it to show up.) This field will have a considerable amount of information. What you’re looking for is the domain name after the at (@) sign. Forwarding the message to “postmaster” or “abuse” at this domain (such as abuse@domain.com) will often result in the ISP canceling the offending account.



Third-party filtering solutions such as SpamBuster offer a variety of advanced features, such as the ability to display charts that detail how much spam you receive.
Another option is to report the spammer online. Sites such as the Spam Recycling Center (http://www.chooseyourmail.com/spamindex.cfm) and Abuse.net (http://www.abuse.net/) let you forward spam to authorities and system managers who can act on the messages. Both sites also offer free antispam filters and other tools and resources to help you control spam.

One unique solution of questionable efficiency comes from Junkbusters (http://www.junkbusters.com/). This site offers a ton of information on spam, junk mail, and telemarketing calls, as well as a Notification And Offer section, which contains a text passage you can cut and paste into replies to spammers offering to “purchase” spam messages for $10 a shot. In other words, if they send you spam, they must pay for the right to do it. Even though this threat of possible litigation may be enough to stop some spammers, you’ll still need a valid reply address to send it to (as mentioned, few use these). You can find the Notification And Offer at http://www.junkbusters.com/ht/en/spam.html#strong.



 There Ought To Be A Law.

The forces for good are beginning to strike back at the behemoth, spam. AOL (America Online), which was receiving 1.8 million spam e-mails a day at one point (at a cost of 5,000 hours per day in connect time), has taken spammers to court and forced them to stop bombarding its users. States such as Colorado have enacted legislation or are attempting to pass bills that would sharply limit a spammer’s ability to hide behind fraudulent e-mail addresses or misleading subject headers. Even the federal government is considering the issue, with the Spam Unsolicited Electronic Mail Act, a bill that promises to put up many roadblocks in the way of potential spammers. ( NOTE: At press time, this bill was slated to go before the full House in late spring.)

But this legislation isn’t bulletproof. A judge in March of this year threw out the first case brought under a Washington state antispam law, ruling it was “unduly restrictive and burdensome.” One thing is for sure: The battle over spam should continue for some time to come.  

by Rich Gray




Sift Out Spam


One of the best ways for individuals to deal with incoming spam is to filter it. Web-based e-mail, such as Hotmail (free; http://www.hotmail.com/) and Yahoo! Mail (free; 408/731-3300; http://mail.yahoo.com/), presently feature e-mail filtering tools, and most other e-mail clients also provide filtering features. With filtering, you can have your e-mail client screen incoming messages at the door for specific words and known spammer e-mail addresses. You can then have your e-mail client automatically reroute the suspect spam to a specific folder.

Clients such as Microsoft Outlook ($109; 800/426-9400, 425/882-8080; http://www.microsoft.com/office/outlook) easily let you add junk senders and messages with adult content to a special file. (To turn on these e-mail features in Outlook, select Organize from the Tools menu and click Junk E-mail. Then highlight a message and select Junk E-mail from the Actions menu. Choose Add To Junk Senders List or Add To Adult Content Senders List.) If you want even more protection, try a third-party solution such as Novasoft’s SpamKiller ($29.95; 888/236-2446, 913/469-5900; http://www.spamkiller.com/) or Contact Plus’ Spam-Buster ($19.95; 800/366-9876, 321/984-2592; http://www.contactplus.com/spam/spam.htm). These programs offer more options to deal with and report spam.