Spam & Internet Security
Staying Safe While On-line
Dealing with Spam - Internet Security Issues
Dealing with Spam
Why Spam is a Problem
Spam (unsolicited junk e-mail) has become a significant problem for many on the Internet. The sheer volume is enough to frustrate anyone. It is relatively easy to hit millions of addresses at a cost that is much higher for the target (you) than the spammer. Only a few suckers are needed to justify the outlay. Here is a more extensive definition of what spam is.
Legislators have been reluctant to pass laws citing the potential value in advertising to business. Those that use spam are not somebody you want to do business with. Spam also costs billions to business in lost productivity.
CAN-SPAM Act Complicates Things
The United States passed the CAN-SPAM Act of 2003 which preempted tougher state laws pending, notably in California. This made opt-out (where you have to tell the spammer to stop) the requirement rather than opt-in (where you have to give permission first). This has been called the "YOU-CAN-SPAM" act because it favours the spammer rather than protecting the recipient of spam.
"The U.S. CAN-SPAM Act merely outlaws the sending of spam with false or misleading sender information (and other specified conditions). That in no way makes the sending of 'non-forged' spam OK." - spamhaus.org
Avoid Setting Yourself Up for Spam
There are several tools and techniques to help reduce the amount of spam you receive.
- Don't click on the "remove" link in spam messages. You will only confirm that your address is valid and that you actually read this stuff. (This is a significant weakness in the requirements of the U.S. CAN-SPAM Act.)
- Where possible, read your mail off-line or disable the viewing of in-line images. The images are sometimes tagged to identify you when you view the message. (There is often a bunch of nonsense text at the end of such messages).
- Use BCC: for messages with large groups of addresses. Do not send e-mail to groups with the addresses listed. If you receive such messages, delete the addresses before forwarding the message. More information about Blind Carbon Copy.
- Use a throw-away address when registering for products or services. Many companies re-sell your e-mail address.
- Read privacy statements on Web sites before giving information. These policies can change without warning so you should check each time you are asked.
Reducing Spam in Your In-Box
There are other techniques that require you use software that has special features.
- A number of e-mail programs will allow you to view mail on the server before you download it. By deleting it there, you can avoid some of the problems listed above. I strongly recommend PocoMail since it was built from the ground up to give you the tools to deal with spam and security issues.
- If your current e-mail program provides a method to automatically sort "junk mail" then enabiling that service and helping it to determine what is junk (baysian filters) is recommended. ZoneAlarm Suite includes such a feature if your current e-mail program doesn't or isn't sophisticated enough for your requirements.
- Some programs (like MailWasher) will allow you to "bounce" messages as though your ISP didn't recognize your e-mail address. These messages should mark your address as invalid in the databanks of the spammers over time.
- Check to see if your ISP has tools to help you reduce the amount of spam you download. These can include open relay lists or blocking all mail from known spam servers (usually in Asia). Be aware that these can block legitimate mail.
- Checks incoming mail against your address book before accepting the mail. Unknown addresses are either marked or deleted. This works as long as you want mail from a relatively small number of people.
- Many e-mail programs use external viewers for images and other content. Internet Explorer components are used by many e-mail programs. This is a vulnerability that spammers take advantage of. Use a program like PocoMail that avoids external dependencies.
- Web sites you visit can learn a lot from your browser. Anonymizer.com's free privacy test or GRC.com's ShieldsUP! will show you how much your browser potentially reveals during your visit to any Web site.
In spite of these precautions, sooner or later you are virtually certain to receive spam or block legitimate mail. The most likely victims will be any lists you are subscribed to. It is recommended that you include such lists in the section of the filtering software that keeps the addresses you don't want to be tested (known good addresses), often called white lists or friends lists.
Note that spammers are apt to play nasty. They forge addresses (i.e. don't use their own address) and may use yours without your knowing it (until you get a rash of complaints from those spammed with "your" address). There is little you can do about such events other than to report it to your ISP to let them know what is going on.
Open Relays
Open relays are mail servers that are known to have security weaknesses that allow arbitrarily-addressed mail to be forwarded without permission. This allows a spammer to forward a message to you without worrying that he'll be kicked off the server.
There have been several sites develop lists of these servers. They are often severely under funded and can be shut down for a variety of reasons. ORBZ is one such example that has been replaced with DSBL.
If you do decide to use the lists from one of these sites, be sure to understand the methods used to determine what is or is not legitimate mail. As in most efforts to fight spam, there is a balance between removing spam and stopping legitimate mail. The closer you get to removing all your spam, the more likely you are to remove mail you wanted to keep.
DSBL (Distributed Server Boycott List).
http://dsbl.org/main
RFC-ignorant.org (Request for Comments) lists those servers which don't play by the rules.
http://www.rfc-ignorant.org
SpamCop.
http://www.spamcop.net/bl.shtml
xbl.selwerd.cx: an eXtreme spam Blocking List.
http://xbl.selwerd.cx
Other Anti-Spam Resources
Avoiding Spam.
http://www.russharvey.bc.ca/resources/webrx.html#spam
CAUSE - The Coalition Against Unsolicited Commercial Email (UCE) is an ad hoc, all volunteer organization, created by Canadian and U.S. Netizens to advocate for a legislative solution to the problem of UCE (a.k.a "spam") on the Internet.
http://www.cauce.org/
InvestRight's SpamWatch helps investors identify stock spam before making an investment and helps prevent the trading in BC of company shares that are the subject of stock spam campaigns.
http://www.investright.org/spamwatch.aspx
alt.spam FAQ or Figuring out fake E-Mail & Posts.
http://www.faqs.org/faqs/net-abuse-faq/spam-faq
Death to Spam is an excellent resource that discusses how to trace spam, message filters, pending (U.S.) legislation and more.
http://www.mindworkshop.com/alchemy/nospam.html
Boycott Internet spam!
http://spam.abuse.net/spam
TRIPOLI - An Empowered E-Mail Environment is a proposed new e-mail system that would fix the problem of spam, partly by using a encrypted authentication token.
http://www.pfir.org/tripoli-overview
JUNKBUSTERS has lots of tips about how to avoid giving away information about yourself, about spam and free software for blocking banner ads.
http://www.junkbusters.com
Internet Security Issues
Internet Security Vulnerabilities - making your computer safer.
http://www.russharvey.bc.ca/resources/websecurity.html
Preventing Unauthorized Access deals with firewalls and privacy solutions.
http://www.russharvey.bc.ca/resources/security.html
Anti-virus primer and software download sites.
http://www.russharvey.bc.ca/resources/antivirus.html
EPIC Online Guide to Practical Privacy Tools
http://www.epic.org/privacy/tools.html
Shields Up! Gibson Research Corporation will "hack" your system to demonstrate your security vulnerabilities, then show you how to fix them.
http://www.grc.com
ZoneAlarm is a personal firewall security utility for those on a broadband (cable, ADSL, etc.) Internet connection. It is free for personal use.
http://www.zonelabs.com
SafeSurf is designing a rating system that is dedicated to making the Internet safe for your children without censorship.
http://www.safesurf.com/index.html
Submitting Link Suggestions
We only link to sites relevant to our site content. We do not do link exchanges for SEO, but to enhance the content on this site. See our guidelines, particularly regarding the relevance of your link.
www.canauthors.org/links/web.html
Updated: January 22, 2008
