Free Computer Courses Training Tutorials Intelligentedu.com Home  ->  Learn About Computers, Software Development & Information Technology  ->  Table of Contents



Chapter 11:
Avoiding Spam


 

Introduction to Spam

Spam -- the mere mention of it provokes eye-rolling and heavy sighs. Every morning you wake up to 50 emails in your inbox, three of which are important and the rest telling you how to consolidate your credit card debt, some are even pornographic in nature. Just that few minutes you spend in the morning sifting the wheat from the chaff, so to speak, amounts to millions of productive hours lost every year and costs the economy a lot of money.

Unsolicited email, commonly known as spamming, is a growing problem across the Internet at large. Spamming is the sending of multiple or mass copies of either unsolicited or inappropriate letters. There are mainly two methods used when spamming: newsgroup postings and email messaging (Spam). An example of spamming would be sending out mass email such as a chain letter, or pyramid schemes to people whom never requested it. Spamming is generally quite annoying to many people as well as frowned upon in the Internet community. Email spamming can be made worse if recipients reply to the email, causing all the original addressees to receive the reply. It may also occur innocently, as a result of sending a message to mailing lists and not realizing that the list explodes to thousands of users, or as a result of a responder message that is setup incorrectly. A variant of spamming is email bombing where the abusers repeatedly send email messages to a particular address at a specific victim site. In many instances, the messages are large and constructed from meaningless data in an effort to consume additional system and network resources. Multiple accounts at the target site may be abused, increasing the denial of service impact. Spamming / email bombing may be combined with email spoofing (which alters the identity of the account sending the email), makes it more difficult to determine the identity of the sender.

A mail server that allows relaying processes an email message that neither originated from, nor sent to, a local user. The transaction has no legitimate reason to involve the mail server, which acts only as a relay point. Almost without exception, spammers are responsible. All the reputable ISPs have blacklisted known spammers, which means that mail sent from the servers that spammers' use is simply rejected. Therefore, in order to distribute their spam, they use unsuspecting mail servers (with relaying enabled) to distribute as much spam as possible. It takes up a great deal of Internet bandwidth when someone sends hundreds or thousands of email/postings. These mail/postings have to be routed all over the world, precious hard drive space on servers and individuals' computers are taken up by these unwanted messages. People who receive these unwanted messages have to take the time to download, view and delete them, when they could be looking at messages that are more important.

 

Problems caused by Spam

The sheer volume of spam...

  1. threatens the continued future of the Internet economy;

  2. threatens the stability and usability of the Internet itself;

  3. wastes 4 to 5 percent of the bandwidth on the Internet;

  4. violates the privacy of Internet users, as the users never requested it;

  5. causes most of the messages from legitimate businesses and marketers to frequently be lost in the deluge of utter crap that hits Internet users; and

  6. causes legitimate Internet Service Providers (ISPs) to bear the costs because they have to spend money on increasing bandwidth and storage space caused by the escalating spam deluge.  This cost is caused by spammers and by rogue ISPs and open relays that allow spam to flourish. Spam is so bad that Congress is looking at ways to stop the Spam. So far, however, there seems to be no practical or legal ways to go about doing that.

 

Types of Spam

Typically, spam refers to unsolicited mass communications distributed through electronic mail or posted in on-line discussion forums. Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. Most of these unsolicited mails are sent as a means of commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send, most of the costs are paid for by the recipient or the carriers rather than by the sender. Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses.

There are two more precisely defined but narrower terms in use to describe unwanted email communication. Unsolicited Commercial Email (UCE) and Unsolicited Broadcast Email (UBE) each refer to specific types of unsolicited communication. UCE is electronic mail messages of a commercial nature (usually advertising) that are sent to the recipients without their request. UCE may consist of a single message or tens of thousands of messages. UBE is a large volume of messages (generally at least hundreds of messages or postings) that may contain commercial, religious, or scam content.

Also there is one dangerous version of spam known as mailbomb that is meant for delivering enough email to a mailbox to overload the mailbox or perhaps even the system that the mailbox is hosted on. Mailbombs generally take one of two forms. A mailbox might be targeted to receive hundreds or thousands of messages which makes it difficult or impossible for the victim to use their own mailbox and might cause them to miss messages entirely due to overflow. This is seen as a denial of service (DOS) attack. Alternatively, a message could be bulk-emailed, with the intended victim's address forged in the From: and/or Reply-To: lines of the headers. The victim is then deluged with responses, mostly angry. There is a third, particularly nasty, form of mailbomb. This one forges subscription requests to many mailing lists, all for one recipient. The result is a huge barrage of email arriving in the victim's email box, all of it unwanted, but "legitimate". Many mailing list administrators are countering this form of abuse by sending a confirmation email to each subscription request, which must be returned in order to be subscribed to the list.


How Spam Works

At a purely technical level, one of the weaknesses exploited by those that send spam is the complete lack of authenticity guarantees in the email transfer protocols used on the Internet. SMTP (Simple Mail Transfer Protocol) is the primary protocol used for transferring email over the Internet. When messages are transferred with SMTP, there is no way for a recipient SMTP server to look at an incoming message and verify that the message came from the origin listed in the message headers. Spammers often take advantage of this weakness of SMTP.

There are two ways in which spammers use the loop hole with SMTP, for their own good. First one, the simpler one, by finding an open relay (SMTP servers that accepts mail from any client for any destination). Spammers search for open relays and then queuing hundreds and thousands of messages for recipients and leave the open relay to do the delivery. The open relay can help in confusing the origins of the messages and allows anyone with basic Internet connectivity to inject messages in to the system and make them appear legitimate because they would be delivered from a "regular" SMTP server. This method is convenient because it can be easily done with low-bandwidth connections to the open relay, and requires little connect time. The second way is that spammers directly deliver spam to a recipients SMTP server with forged source information in the headers. Though many ISPs filter to try to prevent direct email delivery by subscribers, but there are certain types of connections that allow this kind of access and can be abused by spammers to directly deliver spam.

Spammers also exploit SMTP on unsecured networks own by various organizations. They may gain access by wireless connectivity or network ports in public spaces and then use the organization's SMTP server as a relay to deliver spam. These situations provide almost complete anonymity to the spammer. In addition to exploiting technical weaknesses, spammers use other means to reach Internet users. Some attempt to turn spamming in to a legitimate advertising activity. They typically adopt somewhat more conservative standards, allowing customers to opt-out of email lists and only send electronic mail to people who have requested it. Other spammers use throw-away accounts from ISPs or free email providers. They sign up for free accounts, send hundreds or thousands of spam messages and then abandon the accounts.

 

How You Can Deal With Spam

Spam is a very serious problem that should be taken very seriously.As you can see from the tips below, however, it is not an insurmountable problem.Following these formulas costs nothing, takes almost no time, and will end the vicious stream of Spam.Solving the problem yourself will also let Congress move on to better things.

  1. Get a secondary e-mail account.Go to Yahoo, Hotmail, or one of the many other companies that offer free e-mail.Get one of these accounts and use that account as your return email whenever you do public posts, or fill out an online form for more information on a product or service you are interested in.Also use this account to sign into newsgroups and other groups.
  2.  Think about whom you give your email address to.Only give your address to people you know won't give it to anyone else.  The first step for protection against spam is carefully using your important email addresses (like official mail address, etc) and treating them the way you treat your social security number. Never give it out online while filling out surveys, buying a product or service. The more widely your address is known, the more likely it would be picked up by a marketing company and sold to companies who engage in spamming.

  3. Turn on the Spam filter.Outlook express has a Spam filter.Even the free Yahoo account has a special folder where it puts Spam. All you have to do is turn it on.
  4. Set up filters and use anti-spam software.  Many email programs offer bulk email folders or special rules that watch for incoming spam and kill it automatically. Also there are several software tools that checks your email and filter out spam before it has a chance to get into your Inbox.

  5. Opt-out. Most legitimate businesses will give you the option of opting out of Spam.At the bottom of the page will be a sentence that says something to the effect of 'if you don't want to get email from us, reply with the word remove in the subject line.' 
  6. Never ever respond to Spam, with the exception of following #4. All you are accomplishing is confirming that your email address is valid and that you do read your email.The illegitimate people spamming you do not care that you are angry with them. If you need to complain, complain to the ISP instead, and please remember to be polite to the customer service agent, they did not send the Spam.  Many users often open the message and try to reply. But this tactic is likely to fail because spammers easily forge the sender information on an email message. Many emails come from false addresses like user444@aol.com, user222@hotmail.com, etc. When users click reply and try to send a response, their message is usually returned to them a few minutes later with a "user unknown" message.

  7. Don't use 'no Spam' email addresses.Some people are trying to configure their email so that it sets their return address as either blank or with something added to it.The only thing this really does is make it difficult for people to respond to your emails.
  8. Don't use auto responders.This confirms that the email address is in use, and, even worse, two auto-responders can get stuck in a feedback loop.Also, it isn't really necessary.
  9. Follow the unsubscribe directions.  Most commercial spam messages contain some kind of unsubscribe information at the very bottom. Scroll down until you see this information. Normally you need to click an "unsubscribe" or "remove" link, which connects you to a Web page with additional information on how to opt out of future mailings. Many of these unsubscribe commands actually work, while others may be illegal email address-collection tools. In reality, there's no way to be 100% sure that your unsubscribe command will be processed or if instead you've unwittingly given a spammer your address for future campaigns.

  10. Simply Delete junk mails.  When you receive any unwanted message, then you don't have to do anything about it. Every time you receive a message you didn't expect to receive, you could delete it immediately. After all, clicking the delete button takes less than a second. If every single user took this step, the theory goes that the entire bulk email business would collapse in on itself. No response means that a campaign to sell a product or service using unsolicited bulk emails has failed.

  11. Track down the perpetrators.  By reading the email header one can track the original email server from where message has been sent and how to register an effective complaint to the owner of the server (usually abuse@servername) that's been hijacked to send you spam so future mailings can be blocked.

  12. Identify yourself.  Spammers often use invalid addresses and never put their names in their messages. To differentiate yourself from them, identify your message and remind people that this mail is not sent unsolicited. When they know who it is coming from and they understand they chose to receive it, they will not be annoyed or offended by your messages.

Spam Filtering for Client-Based and Server-Based Systems

With fraudulent, inappropriate and offensive junk-mails being delivered in vast quantities everyday, spam protection is an essential component of any security policy. Mainly, there are two common approaches to spam filtering, client-based and server-based. Client-based systems run on end-user machines, while server-based systems run either at the SMTP relay or the POP/IMAP server. Of the client-based systems, some are integrated with email clients while others run as separate applications. An advantage of client-based systems is that they are the most configurable, as the user has control over all options; a disadvantage is that client software must be installed, configured and maintained on each end-user machine. An advantage of server-based systems is that spam filtering can be extended to all users within the enterprise; a disadvantage is that users cede granular control to enterprise-level system administrators. Some server-based systems include an option for managed services. Three potential approaches to implementing spam filtering are:

i)   to negotiate a site license or volume purchase agreement for a client-based solution;

ii)  to implement a server-based solution on the campus email servers; or

iii) to provide both 1 and 2 as a comprehensive solution (which is the option currently used for virus scanning).

There are three common methods used by spam filtering software to detect spam, namely, signature filtering, blacklist / whitelist, and pattern matching. Many packages employ two or more of these methods.

Signature Filtering
 Signature filtering works in a manner similar to virus scanning: some central authority maintains a database of known spam signatures (a signature is the result of an algorithm that produces a comparatively short string of characters to uniquely identify a longer message, e.g., an MD5 checksum). If a user receives an unwanted message that is not currently included in the signature database, the user can then submit the message to the database authority. A signature of the message is then calculated and included in the database. Subsequently, that message is blocked as spam for all users. Some packages store the signature database online such that email received by a user is checked against the database. Other packages periodically download the signature database to reduce network dependency and load. Database authorities employ a variety of validity checking techniques to ensure that messages submitted as spam are indeed spam, including requiring that a possible spam message be submitted by multiple users before the signature of the message is classified as spam. An advantage of signature filtering is that it is message-specific and results in very few false positives. A disadvantage is that messages' signatures must be in the database in order for messages to be identified as spam. In addition, there is generally a significant delay between the time that spam is initially sent and the time that its signature is included in the database.

Blacklist/Whitelist Filtering
Blacklist/Whitelist filtering works by maintaining a list of the email addresses or domains of known spammers and another list of known-good senders. Any messages originating from or routed through an address or domain on the blacklist are rejected and any messages from an address or domain on the whitelist are accepted. Some packages use only a blacklist, some use only a whitelist and some use both. For blacklists, many packages use a central database (similar to a signature database), some use a site-local database and others require each user to define their own blacklist. For whitelists, most packages require users to create their own list. An advantage to the blacklist/whitelist system is that blacklists can easily be implemented at the enterprise-level mail relay to reduce the total amount of spam, not only eliminating such messages from being received by recipients but also reducing the amount of network traffic used to deliver them. A disadvantage is that messages from legitimate senders (e.g., other users from a blocked domain) may also be blocked, resulting in many false positives. Also, spammers must be on the list to be blocked, so there are many false negatives. Systems that use centralized lists cede a great deal of control to the list publishers.

Pattern Matching
 Pattern matching defines a set of criteria that potentially indicate when a message is spam. Such criteria include lines of text in all caps, phrases frequently included in spam, suspicious header lines, etc. Typically, each criterion is assigned a point value. The user can then set the point threshold, and any messages that score at or higher than the threshold is marked as spam. Some newer systems allow the user to 'train' the software to recognize spam or exempt messages from being identified as spam. An advantage of pattern matching is that it is highly configurable to a user's taste. Disadvantages of pattern matching include requiring multiple tests on a message to identify a message's status (e.g. spam or non-spam) and inadequate rule-sets results in both false positives and false negatives.


Spam Protection in Outlook

The filtering capabilities of Microsoft Outlook can be used to delete unsolicited and unwanted email messages. Microsoft Outlook's "Organize" feature can be used to instruct the program to delete messages that are identified as junk or mail containing adult content.

  1. On the folder list click the appropriate Inbox folder.

  2. From the Tools menu, select (click) Organize.

  3. Select (click) Junk E-Mail to see the options.

  4. Choose from the drop-down menus so that the organization statements read as follows:

    • Automatically move JUNK messages to Deleted Items.

    • Automatically move ADULT CONTENT messages to Deleted Items.

  5. For each statement, click Turn On to activate the deletion of junk and adult content messages. (The button then changes to Turn Off. You can click it if you no longer want to delete send junk or adult content email.)

  6. To close the "Organize" pane, click the Close button (x) in the upper right corner of the pane.


Then, if the user wants to filter unwanted email messages from a specific source, right-click a message from the offending sender in the Inbox, point to Junk E-Mail on the shortcut menu, and choose either Add To Junk Sender List or Add to Adult Content Senders List. From then on, all messages from that sender would get deleted automatically.

To view or edit the names you added to Junk Sender List or Adult Content Senders List:

  1. On the folder list click the appropriate Inbox folder.

  2. From the Tools menu, select (click) Organize.

  3. Select (click) Junk E-Mail to see the options.

  4. Click on the link that says "The Junk and Adult Content filters identify messages by looking at key words. They are not 100% accurate. For more options, click here."

  5. Choose the list you want to view/edit by clicking either Edit Junk Senders or Edit Adult Content Senders.

  6. To close the list, click on the OK button.

  7. To close the "Organize" pane, click the Close button (x) in the upper right corner of the pane.

Spam Glossary

Acceptable Use Policy (AUP)
 An AUP is a policy statement, made by an ISP or any company that has customers, in which the company sets out its "rules" for use of the account. A good AUP clearly states that not only is spamming not allowed but also spell out the punishment for doing so.

Auto-Responder
 An email that can be set up so that replies to a particular address will automatically receive a pre-defined response.

Blackhole
 (n) Either an email account which silently and invisibly deletes all mail sent to it, or the act of doing so.
(v) To automatically delete emails coming from a certain IP address.

DNS Domain Name System Internet use to keep track of which host name corresponds to which IP number (which is what the computers use internally).

DOS Denial of Service. A type of attack against another system that cripples it. Examples include mail-bombing, ping flooding, and SYN flooding.

Dropbox
 When a spammer creates an email account on one system, then spams from another account, soliciting replies to the first email account or "dropbox". Free email providers such as Yahoo and Hotmail are commonly used as dropboxes.

Harvesting, Email Harvesting
The act of using a program (commonly known as a spider or robot) to search either the web or Usenet and gather email addresses. When spammers do this, they usually aren't able to filter out some of the munged addresses that are used which results in lots of bounces when the spam is sent out.

Headers
 Headers are the part of an email that most people do not see. Headers contain not only the "Subject:" line but a complete list of the path that the email took along various machines on the Internet to reach its destination. Learning to decipher headers is a major part of becoming a spam hunter because the spammers usually try to forge, conceal, and mislead with the headers.

Injection Point
 A host that is being used to relay spam through.

LART
Acronym for Luser Attitude Readjustment Tool, meaning to adjust the attitude of a spammer by bringing them to the attention of their ISP. To LART someone is to file complaints against them.

Listwashing
When someone complains about a mailing list that he or she has never signed up for in the first place and the admins simply remove that user from the list rather than terminating the list entirely, they are "listwashers".

Mail Bomb
 The result of sending a spammer (or anyone for that matter) lots of email until his or her site or account crashes.

Munging
 Changing one's email address so that it is invalid but a human can determine the proper address. For example: dmuth@ot.com_NOSPAM. This technique is used to foil spammers who harvest addresses.

Open Relay
 A mail server that permits relaying by anyone. Such systems are often abused by spammers and must be configured to prevent open relaying.

Opt-in
Opt-In is the action a person takes when he or she actively agrees to receive emails.

Opt-out
Opt-Out is the action a person takes when he or she chooses not to receive emails. It requires tactics and mechanisms by which people can ask to be removed reliably from an email list.

POP
 Post Office Protocol, a common protocol that is used for retrieving email from a mail server.

Realtime Blackhole List (RBL)
 Realtime Blackhole List (RBL) is a list containing the server IP addresses of ISPs whose customers send and perpetuate Unsolicited Bulk Email (UBE).

Spambot
 A spambot is a robot that specializes in gathering email addresses for a spammer to use. It basically follows links and saves any email addresses it finds as it goes along. A spambot usually gathers emails from the web or from Usenet, but may also gather it from other sources.

Spamfighter, White-hat
 Those who are actively doing something about the spam problem by spam hunting, legislative efforts, spreading good information, etc.

Spamhaus
 Spamhaus is yet another play upon the word "spam". It is used to refer to a site or a company that is not just spam friendly but actively produces spam. Usually the label is only applied to sites that not only know they are producing spam but are not doing anything about it. The plural of spamhaus is spamh�user.

Spammer
 One who spams. Usually some desperate yet misguided individual who has bought some spamware and is under the completely wrong impression that money can be made from spamming.

Spamware
 Spamware is any kind of spammer software. Spambots are a type of spamware, as is the software the spammer uses to send the mail. Often these are integrated into one package.

UBE
 Unsolicited Bulk Email, aka spam.

UCE
 Unsolicited Commercial Email, aka spam.

Usenet
 Also known as "news", "newsgroups", or "discussion group." Usenet is a huge collection of newsgroups of various topics. Once a person posts to a newsgroup, it is transmitted to news servers all over the world for other people to see. Spammers often extract email addresses from newsgroups as a result many people have stopped using usenet or hide their email when posting.


Anti-Spam Tools

There are many anti-spam tools available in the market. Before selecting any anti-spam tool, it's better to measure its effectiveness and accuracy. Effectiveness is measured by the percentage of spam that is caught. Accuracy is measured by the percentage of emails incorrectly identified as spam. This second percentage should be as low as possible. Below are some of the most popular spam controlling tools.

Brightmail Anti-Spam - Enterprise Edition, Version 5.0
 Brightmail is a worldwide leader in anti-spam technology providing an integrated suite of software and services that makes messaging secure and manageable. Brightmail protects the networks of service providers, wireless carriers and enterprises by filtering spam, viruses and undesired messages at the Internet gateway. To learn more about its features, prices and free 30 day trial version, click here.

ClearSwift MIMEsweeper
 CS MIMEsweeper is the market leading family of products designed to implement email and Web communications epolicies. CS MIMEsweeper delivers the capabilities for organizations to protect themselves against email and Web based threats, meet legal and regulatory requirements, implement productivity saving policies and manage the intellectual property passing through their network. To know more, click here. A fully functional evaluation version of all its products is also available.

Declude JunkMail
In mid-2000, Computerized Horizons released the first of the Declude set of tools to take care to handle unwelcome emails. Declude JunkMail is available in three versions - Declude JunkMail Lite (for mail servers that handle a single domain), Declude JunkMail Standard (for servers with multiple domains) and Declude JunkMail Pro (for ISPs and web hosting companies). To learn more about the Declude products and pricing details, visit Declude website.

InboxCop
 InboxCop uses thousands of filter rules, up-to-date blocked lists of known spammers, plus Baysian filters that learn over time. InboxCop can be downloaded from following link.

Matador
 MailFrontier Matador gives a high level anti-spam protection at a very low price. New filtering and other technologies set to the task of virtually eliminating all junk mail from the inbox. It can be used with Outlook and Outlook Express. It can be used with Hotmail and IMAP, too (when added to Outlook Express).to learn more about MailFrontier Matador features and prices, click here. A free trial version is available for download.

SpamAssassin
 SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify spam. SpamAssassin uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around. Various SpamAssassin versions are available for download.


Free Spam Filter Tools

MailWasher 2.0
 MailWasher is a powerful email checker with effective spam elimination. MailWasher analyses each email as it arrives and warns you if it is suspected junk mail or a virus by heuristic checking and filtering. MailWasher works independently of other email programs. The latest version of MailWasher Free is always available from this page.

Eliminate Spam Deluxe 2.01
 Eliminate Spam uses sophisticated customizable filters and checks each incoming email against extensive database of known spammers. If an occasional junk message does sneak through the filters, in one click user can simultaneously trash the message, ban the sender or sender's domain, and report the spammer to the spam-prevention database so his messages would not reach other intended victims. To ensure that no valid email is removed, the software doesn't apply filtering to emails coming from people in users' Address Book. Eliminate Spam Deluxe version 2.01 is available for free download.

Spam Nullifier 3.0
 Spam Nullifier Free Anti Spam Filter is a powerful email checker programs with effective spam elimination. Spam Nullifier can also be used as an effective privacy tool. Spam Nullifier filters the messages using a multiple criteria like spam words, friend list, blocked list, and state of the art algorithm rules. Spam Nullifier can be downloaded from here.

Email Express 1.1.24
 Email Express is an anti-spam tool that works with all Windows POP3/SMTP email programs. It uses real-time blackhole lists and word proximity filtering to provide the very best inbox protection against spam. It also features bug filtering and active content filtering that some spammers use to spy. Email Express can be downloaded from this link.

NetMail 5.03
 NetMail provides extensive filtering, processing and recording capabilities for incoming correspondence and requests, creating incoming and outgoing message archives. To solve the 'junk mail' problem NetMail uses a filtering, exclusion date base support and anti-spam filtering functions, which automatically delete unwanted electronic messages even as they are received. NetMail 3.0 is available to download for free.






 

Copyright 2006 by DeepSearcher Inc. - All rights reserved