Internet >
Email > Help >
Email Spam
Well
there's egg and bacon - egg, sausage and bacon - egg and
spam - bacon and spam - egg, bacon, sausage and spam -
spam, bacon, sausage and spam - spam, egg, spam, spam,
bacon and spam - spam, spam, spam, egg and spam - spam,
spam, spam, spam, spam, spam, baked beans, spam, spam,
spam and spam - or lobster thermidor aux crevettes with
a mornay sauce garnished with truffle pate, brandy, and
a fried egg on top of spam.
- Monty
Python's Flying Circus.
|
It
would be useful for a Host to be able to decline messages
from sources it believes are misbehaving or are simply
annoying.
- Jon
Postel, On the Junk Mail Problem, RFC
706, Nov 1975.
|
Spam email
is unsolicited, usually commercial email sent to you by someone
you don't know, and often
carries messages involving products you don't want, pyramid
schemes, adult messages, frauds of all kinds, and computer viruses.
Spam can significantly interfere with your use of email,
but there are several options to help block spam and reduce the
scale of the problem.
The fundamental rules are never to respond
to an email that asks for personal information like a phone
number
or address,
never send money to anyone who contacts you by email for
any reason whatsoever, try to never open or preview
any unsolicited email, and do not give your email address or
anyone else's to any website (news, greeting cards) unless
absolutely required and worthwhile.
While it was first
termed "junk mail" as early as 1975 in RFC 706, the
popular term today is taken from the Monty Python skit where
the word "spam" is used more and more frequently in
each successive dish, which is kind of similar to the way spam
email seems to endlessly build up in your
mailbox. The first
spam email was sent on May 1st, 1978, by a DEC marketing
representative to every ARPANET address
on the west coast of the United States. The general reaction
was one of outrage, and it hasn't abated since. Only 5% of
email on the Internet was spam in
2001, rising to 50% in 2003, 70% in 2004, and almost
90%
by 2007. The sheer amount of noise it generates increasingly
threatens to drown out useful email sent legitimately.
There are some that argue that while technology might be able
to provide solutions to spam, it should not be made
illegal since it
is a form of free speech.
The fault in this argument is wide: spam is unsolicited commercial
speech whose motive
is not to trade in the marketplace of ideas but to benefit
a single business,
and moreover is magnified across
geographical
boundaries at such little cost that it has enabled commercial
enterprises to raise their conversation level to the point
that it is drowning out the free speech of the very individuals
we started out to protect in the first place.
You can find references to anti-virus free
open source software protection here.
The following subsections provide information on confidentiality, filters, response,
a poem,
and additional resources.
Confidentiality. The most effective
thing you can do to block spam is not divulge your
email address to third parties. If they don't have your address, they can't
send you email. The following tips can assist.
- Name change. The most effective way of blocking spam is to change
your email address to something not easily guessed, such as <smith-john-laurence92@twenty.net> or <master.gardener.halifaxns@twenty.net>,
and then be very selective about sharing your address with others. However,
that means notifying all your friends to update their address books, might
mean throwing away an address you've had for awhile and prefer
to keep, and could only be a temporary stop-gap if somehow your new address
gets on a spammer's list again.
- Shhhh... Never reply to any spam email, especially if it
is an offer to remove you from their mailing list. Particularly watch out
for surreptitious connections: always delete spam email without the preview
window open, because if you preview a spam email and it has an image link
you are verifying your email address just the same as replying to a fake
remove address, and invites even more spam.
- Disguise. Never enter a chat room or post to the newsgroups without disguising
your email address by either camouflaging it with nonsense
words or using a temporary, throw-away address.
- Remailers. For specific applications you can use a remailer to disguise
your true address.
- Safegaurds. Never give your address to a website unless necessary
to complete a registration or transaction, they have a good privacy policy,
and you trust them. This applies especially to offers to join notification
mailing lists, send online greeting cards, or email web pages to a friend
-- all methods used to harvest email addresses for spammers.
Filters. Filtering services can provide powerful
spam blocking through automatic processing techniques. There are four basic
approaches:
- ISP. Your first line of spam blocking should be at your
Internet service provider. If they don't already use a spam blocking service,
you should ask your provider to join one. These blocking services use a variety
of signature based schemes to identify spam and trap it at the email server,
and can be reasonably effective at blocking most spam before it gets to your
mailbox.
- Commercial. There are a number of commercial spam
blocking options available, such as the first peer-to-peer spam blocking
service Cloudmark.com,
which leverages the power of the Internet to enable people to share information,
collects information from its users as they identify spam email, and then
blocks those spam for all other users connected to the service.
- Encryption. There is at least one application, the Tagged Message
Delivery Agent (TMDA),
which blocks spam with cryptographic methods to confirm the legitimacy
of unknown senders, although these approaches introduce a layer of
complexity
that not
everyone is willing to accept.
- Application.
As a last resort, you can block spam with your own application
spam filter built with
your email application's built-in filter capability.
Be forewarned that this approach requires set-up and regular ongoing
maintenance to remain effective, and should be used only when other protective
measures cannot be taken.
Respond. There was a time, a brief period in
the late 1990's, when responding to spam email might do you some good - maybe
you could get their ISP to close their account. Today, if you want to respond
to
spam,
you first have to ask yourself if it is
worth
the
effort
since
there
are so
many more productive things you could be doing instead. Second, consider
that there are so many spammers, so much spam, and so very, very little you
can do to change
the tide. Third, remember that response to a spammer themself will only get
you on many more spam lists and boomerang a hundred-fold, so you need to be
careful only to respond to legitimate umbrella organizations supporting the
spammer's business.
If you nevertheless feel moved to proceed despite the considerable risk, essential
futility, and enormous effort required... then there are a few options available
depending on the information the spammer has revealed:
- Offline reply. If the spam email requests feedback through off-line
means such as paper mail, phone number, or fax, then almost certainly all
of the rest of the information in the email is faked. You can choose to respond
by the offline means, but don't reveal any return information, don't phone
any expensive long distance phone numbers, and don't expect any lasting effect.
I do know of one fellow that used to phone 800 numbers he found in spam email
and try to sell whoever answered discount carpet cleaning, which he said
was fun, although he never made a sale.
- Email address. While return addresses are almost always faked, sometimes
the body of the email will request a response to a temporarily legitimate
email address such as <greatmortgages@yahoo.com>. If the address is
hosted at a legitimate provider, they usually have a team to address violation
of their terms of usage such as spamming, and you should be able to find
an address or response form at their web site to report the problem. They
will often close the account, directly depriving the spammer of any further
revenue.
- Web site. Sometimes everything in a spam email is fake except a
link to a web site where the scam resides. If that page is part of a larger
site like a community home page site, then you can complain to that site's
administrators -- they will often close the user's account, depriving the
spammer of further revenue. If the web site is used solely for the spam and
there is no legitimate contact, then only the most determined experts should
consider one of the remaining options described below.
- Domain name. You can look up the site's domain
name in the Internet whois database
to find out who manages it. If it can be confirmed that the contact is
not the spammer themself, then you can email them requesting resolution.
- Name servers. Domain name contacts for spammer sites are often the
spammer or fakes like <no-one@nowhere.com>, neither one of which you
want to contact. You can sometimes follow the trail one level deeper by contacting
the administrative contacts for the domains listed as the name servers. If
you even considering this, you should already be familiar with the role of
a DNS administrator and their workload.
- IP address. If you can decipher the originating IP address from
the full header listing (see Header tracing below), or the spam
contains a web site address in the form of an IP
address alias in an attempt to shield it from domain name attacks,
then you can look up the address in the Whois databases and let the upstream
owner of the larger block of addresses know one of their users might be violating
their acceptable use terms. If you are even considering this...
- Header tracing. Long ago, back in the twentieth century, the art
of locating people by following the trail they left behind was called "tracing",
and its equivalent in spammer pursuit today refers to analysis of email headers
to follow the originating email server or IP address back to its source.
This is a detailed activity best left to experts, although there are some online
resources available to assist.
Poetry. The worst tragedies in life inspire the
greatest artistic responses. The feelings of many people about spam are summed
up nicely by Daniel Macks in the following poem, which hit the right online
nerve and was distributed widely around the Internet in the late 1990's.
Ode to Spammers
I do not want your
MLMs;
I don't want to see nude teenage femmes.
I do not want psychic advice,
So there's no need to mail me thrice.
I do not like New Jerseyan swearing,
And I don't want the panties you're wearing.
I do not want your Asian chicks;
I don't care about your lame stock picks.
I do not want to see Pam's bod,
Don't care about your views on God.
I don't want calling cards prepaid,
Nor Herbalife's new diet aid.
So, Dave Rhodes, lawyers Seigel and Canter,
And the "I am so great" ranter,
And all you others who have no name--
Whether small-time or of nanae fame:
I do not want to sound too crass,
But I think someone should kick your /dev/null.
- by permission
of Daniel
E. Macks.
|
Resources. The following Request For Comments discuss
spam related issues:
- RFC
3685; C. Daboo; SIEVE Email
Filtering: Spamtest and VirusTest Extensions; February 2004.
- Spam This! - Drawing a spammer down a rabbit hole.
The following resources provide more
information about spam blocking and prevention:
The following sites provide information about tracing
spammers, mainly interesting for historical purposes:
- alt.spam
FAQ -- Titled "Figuring out fake E-Mail & Posts", describes how
to find out which computer a fake post or e-mail comes from, and who you
should contact.
- Fighting
E-mail Spammers -- By Todd Burgess, describes how to use the received
headers of email to find the real sender or site that sent it.
|