Spam & Internet Security

Staying Safe While On-line

Dealing with Spam - Internet Security Issues

Dealing with Spam

Why Spam is a Problem

Spam — unsolicited (junk) email — has become a significant problem on the Internet. The sheer volume is enough to frustrate anyone. It is relatively easy to hit millions of addresses at a cost that is much higher for the target (you) than the spammer. Only a few suckers are needed to justify the outlay.

A message is Spam only if it is both Unsolicited and Bulk.

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent. Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.
— spamhaus.org

Legislators have been reluctant to pass laws citing the potential value in advertising to business. Those that use spam are not somebody you want to do business with. Spam also costs billions to business (and you) in lost productivity. In short, you pay for spam!

CAN-SPAM Act Complicates Things

The United States passed the CAN-SPAM Act of 2003 which preempted tougher state laws pending, notably in California. This made opt-out (where you have to tell the spammer to stop) the requirement rather than opt-in (where you have to give permission first). This has been called the "YOU-CAN-SPAM" act because it favours the spammer rather than protecting the recipient of spam.

“The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of ‘non-forged' spam OK.”
— spamhaus.org

Avoid Setting Yourself Up for Spam

There are several tools and techniques to help reduce the amount of spam you receive.

Don't click on the "remove" link in spam messages. You will only confirm that your address is valid and that you actually read this stuff. (This is a significant weakness in the requirements of the U.S. CAN-SPAM Act.)
Where possible, read your mail off-line or disable the viewing of in-line images. The images are sometimes tagged to identify you when you view the message. (There is often a bunch of nonsense text at the end of such messages).
Use BCC: for messages with large groups of addresses. Do not send email to groups with the addresses listed. If you receive such messages, delete the addresses before forwarding the message. More information about Blind Carbon Copy. ()
Use a throw-away address when registering for products or services. Many companies re-sell your email address. TrashMail.net works great for protecting your real address — there is even a Firefox Addon.
Read privacy statements on websites before giving information. These policies can change without warning so you should check each time you are asked.

Reducing Spam in Your In-Box

There are other techniques that require you use software that has special features.

If your current email program provides a method to automatically sort "junk mail" then enabling that service and helping it to determine what is junk (Bayesian filters) is recommended. ZoneAlarm (Suite or Extreme editions only) includes such a feature if your current email program doesn't or isn't sophisticated enough.
Some programs (like MailWasher) will allow you to "bounce" messages as though your ISP didn't recognize your email address. These messages should mark your address as invalid in the databases of the spammers over time.
Check to see if your ISP has tools to help you reduce the amount of spam you download. These can include open relay lists or blocking all mail from known spam servers (usually in Asia). These can also block legitimate mail.
Check incoming mail against your address book before accepting the mail. Unknown addresses are either marked or deleted. This works as long as you want mail from a relatively small number of people. More recently, spammers have spoofed (faked) messages to appear to come from your own address which confuses you and these sorts of filters.
Many email programs use external viewers for images and other content. Internet Explorer components are used by many email programs. This is a vulnerability that spammers take advantage of. Use a current email program that avoids external dependencies (Outlook uses either Internet Explorer or MS Word, depending upon the version).
websites you visit can learn a lot from your browser. GRC.com's ShieldsUP! will show you how much your browser potentially reveals during your visit to any website.

Spam Inevitable

In spite of these precautions, sooner or later you are virtually certain to receive spam or block legitimate mail. The most likely victims will be any lists you are subscribed to. It is recommended that you include such lists in the section of the filtering software that keeps the addresses you don't want to be tested (known good addresses), often called white lists or friends lists.

Spammers Don't Play Nicely

Spammers play nasty. They forge addresses (i.e. don't use their own address) and may use yours without your knowing it (until you get a rash of complaints from those spammed with "your" address). There is little you can do about such events other than to report it to your ISP to let them know what is going on.

Open Relays

Open relays are mail servers that are known to have security weaknesses that allow arbitrarily-addressed mail to be forwarded without permission. This allows a spammer to forward a message to you without worrying that he'll be kicked off the server.

There have been several sites develop lists of these servers. They are often severely under funded and can be shut down for a variety of reasons. ORBZ is one such example that has been replaced with DSBL.

If you do decide to use the lists from one of these sites, be sure to understand the methods used to determine what is or is not legitimate mail. As in most efforts to fight spam, there is a balance between removing spam and stopping legitimate mail. The closer you get to removing all your spam, the more likely you are to remove mail you wanted to keep.

DSBL (Distributed Server Boycott List).
SpamCop.

Other Anti-Spam Resources

alt.spam FAQ or Figuring out fake E-Mail & Posts.
Death to Spam is an excellent resource that discusses how to trace spam, message filters, pending (U.S.) legislation and more.
Spam — Electronic Junk Mail. ()
Boycott Internet spam!
CAUSE — The Coalition Against Unsolicited Commercial Email (UCE) advocates for a legislative solution to the problem of UCE (spam) on the Internet.

Return to Top

Internet Security Issues

Anti-Virus Protection () — software, strategies, avoiding hoaxes and evaluating antivirus solutions.
EPIC Online Guide to Practical Privacy Tools
Phishing & Identity Theft. ()
Preventing Unauthorized Access () deals with firewalls and privacy solutions.
SafeSurf voluntary rating standard to protect families online.
Shields Up! Gibson Research Corporation will "hack" your system to demonstrate your security vulnerabilities, then show you how to fix them.
Web Security () — vulnerabilities in Internet software.
ZoneAlarm a software firewall.

Return to Top