Spam & Internet Security

Staying Safe While On-line

Dealing with Spam - Internet Security Issues

Dealing with Spam

Why Spam is a Problem

Spam — unsolicited (junk) email — has become a significant problem on the Internet. The sheer volume is enough to frustrate anyone. It is relatively easy to hit millions of addresses at a cost that is much higher for the target (you) than the spammer. Only a few suckers are needed to justify the outlay.

A message is Spam only if it is both Unsolicited and Bulk.

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
— spamhaus.org

Legislators have been reluctant to pass laws citing the potential value in advertising to business. Those that use spam are not somebody you want to do business with. Spam also costs billions to business (and you) in lost productivity.

CAN-SPAM Act Complicates Things

The United States passed the CAN-SPAM Act of 2003 which preempted tougher state laws pending, notably in California. This made opt-out (where you have to tell the spammer to stop) the requirement rather than opt-in (where you have to give permission first). This has been called the "YOU-CAN-SPAM" act because it favours the spammer rather than protecting the recipient of spam.

“The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of ‘non-forged' spam OK.”
— spamhaus.org

Avoid Setting Yourself Up for Spam

There are several tools and techniques to help reduce the amount of spam you receive.

Don't click on the "remove" link in spam messages. You will only confirm that your address is valid and that you actually read this stuff. (This is a significant weakness in the requirements of the U.S. CAN-SPAM Act.)
Where possible, read your mail off-line or disable the viewing of in-line images. The images are sometimes tagged to identify you when you view the message. (There is often a bunch of nonsense text at the end of such messages).
Use BCC: for messages with large groups of addresses. Do not send email to groups with the addresses listed. If you receive such messages, delete the addresses before forwarding the message. More information about Blind Carbon Copy.
Use a throw-away address when registering for products or services. Many companies re-sell your email address.
Read privacy statements on websites before giving information. These policies can change without warning so you should check each time you are asked.

Reducing Spam in Your In-Box

There are other techniques that require you use software that has special features.

A number of email programs will allow you to view mail on the server before you download it. By deleting it there, you can avoid some of the problems listed above. I strongly recommend PocoMail since it was built from the ground up to give you the tools to deal with spam and security issues.
If your current email program provides a method to automatically sort "junk mail" then enabling that service and helping it to determine what is junk (Bayesian filters) is recommended. ZoneAlarm Suite includes such a feature if your current email program doesn't or isn't sophisticated enough for your requirements.
Some programs (like MailWasher) will allow you to "bounce" messages as though your ISP didn't recognize your email address. These messages should mark your address as invalid in the databases of the spammers over time.
Check to see if your ISP has tools to help you reduce the amount of spam you download. These can include open relay lists or blocking all mail from known spam servers (usually in Asia). Be aware that these can block legitimate mail.
Checks incoming mail against your address book before accepting the mail. Unknown addresses are either marked or deleted. This works as long as you want mail from a relatively small number of people.
Many email programs use external viewers for images and other content. Internet Explorer components are used by many email programs. This is a vulnerability that spammers take advantage of. Use a program like PocoMail that avoids external dependencies.
websites you visit can learn a lot from your browser. Anonymizer.com's free privacy test or GRC.com's ShieldsUP! will show you how much your browser potentially reveals during your visit to any website.

In spite of these precautions, sooner or later you are virtually certain to receive spam or block legitimate mail. The most likely victims will be any lists you are subscribed to. It is recommended that you include such lists in the section of the filtering software that keeps the addresses you don't want to be tested (known good addresses), often called white lists or friends lists.

Note that spammers are apt to play nasty. They forge addresses (i.e. don't use their own address) and may use yours without your knowing it (until you get a rash of complaints from those spammed with "your" address). There is little you can do about such events other than to report it to your ISP to let them know what is going on.

Open Relays

Open relays are mail servers that are known to have security weaknesses that allow arbitrarily-addressed mail to be forwarded without permission. This allows a spammer to forward a message to you without worrying that he'll be kicked off the server.

There have been several sites develop lists of these servers. They are often severely under funded and can be shut down for a variety of reasons. ORBZ is one such example that has been replaced with DSBL.

If you do decide to use the lists from one of these sites, be sure to understand the methods used to determine what is or is not legitimate mail. As in most efforts to fight spam, there is a balance between removing spam and stopping legitimate mail. The closer you get to removing all your spam, the more likely you are to remove mail you wanted to keep.

DSBL (Distributed Server Boycott List).
RFC-ignorant.org (Request for Comments) lists those servers which don't play by the rules.
SpamCop.

Other Anti-Spam Resources

alt.spam FAQ or Figuring out fake E-Mail & Posts.
Death to Spam is an excellent resource that discusses how to trace spam, message filters, pending (U.S.) legislation and more.
Avoiding Spam. ()
Boycott Internet spam!
CAUSE () — The Coalition Against Unsolicited Commercial Email (UCE) advocates for a legislative solution to the problem of UCE (spam) on the Internet.

Return to Top

Internet Security Issues

Anti-Virus Protection () — software, strategies, avoiding hoaxes and evaluating antivirus solutions.
EPIC Online Guide to Practical Privacy Tools
Preventing Unauthorized Access () deals with firewalls and privacy solutions.
SafeSurf voluntary rating standard to protect families online.
Shields Up! Gibson Research Corporation will "hack" your system to demonstrate your security vulnerabilities, then show you how to fix them.
Web Security () — vulnerabilities in Internet software.
ZoneAlarm a software firewall.

Return to Top