Spam – I’d Rather Eat it Than Read it!
by
Doris Bornhoeft
What is spam?
Spam is commonly defined as unsolicited bulk e-mail, or the electronic equivalent to junk mail. America Online estimates that spam already accounts for more than 30 percent of e-mail to its members – as many as 24 million messages a day (http://www.anti-spam-software.com/help/statistics.htm).
How do they get my address?
There are many ways that a spammer gets your address. They may buy it from a broker who “harvests” the addresses from web pages, newsgroup postings, and unprotected databases/directories for sweepstakes, e-cards etc. In fact, have you ever received a message (e.g. jokes) that included a long list of people who had received the message in the past? Such a message could easily fall into the hands of a spammer and they have just obtained a list of known addresses. Another method is to use software to generate variations of addresses, e.g. johndoe@und.edu, john.doe@und.edu, j.doe@und.edu, doej@und.edu; ultimately one of the addresses may be legitimate.
I’m sure we’ve all received e-mail messages as the result of a computer infected with a virus. The virus pulls addresses from the infected computer and uses them to “spoof” (fake) the sender address, as-well-as send the message to you. As the virus spreads, so do the e-mail addresses.
How do I stop spam?
Stopping spam may not be possible but you may be able to reduce it. When submitting information via the internet, carefully review the privacy policies of the entity you are giving the information to. You may wish to have multiple e-mail addresses, one for business, one for personal correspondence, and a “disposable” one for newsgroups, chat rooms, contests etc. If this latter address starts to receive spam, you can close it down and get a new one.
Filing complaints about spam
Filing complaints about spam has varying effectiveness depending who you are complaining to. If spam is originating on a computer at UND, we do our best to identify the computer and rectify the problem. The majority of the time, the spam is due to a computer virus and disinfecting the computer and protecting it from future infection resolves the problem. Odds are that the originating site already knows about the spam from other recipients, but if you wish to file a complaint, the first thing you need to do is identify where the e-mail originated. The From: address is most likely fake.
How do I deal with the spam I’m receiving?
Don’t respond to the spam. Many times the spam message will include an unsubscribe offer, be aware that this is typically a ruse used to verify that your address is legitimate and you end up receiving more spam rather than less.
Also, spam is such a cheap and quick method of getting your “product” out to people, that if only a handful follow-up and buy, it is very profitable.
There is a whole category of spam, known as phishing, just for e-mail that appears to be from a legitimate enterprise (e.g. banks, paypal etc.) and is sent in an attempt to obtain private information, such as account numbers, passwords etc. Be very wary of e-mail requesting you to verify your account information, esp. if it includes a link to use to do so. The following is an excerpt of an email I received as I was writing this article.
“In
order to secure your account we may require some specific information from you.
We encourage you to log in by clicking on the link below and complete the
requested form as soon as possible.
https://www.paypal.com/cgi-bin/webscr?cmd=_login-run”
While the link text leads you think you will be taken to a paypal web site, the link actually points to the host tigermail.co.kr, a computer located in South Korea. Also, note that while they try to fool you into thinking that it is a secure connection (https://), the actual URL is not secure (http://). The following is the warning I received from Eudora when mousing over the URL in the e-mail message I received.
Not all e-mail software will have such a warning in place, so if you think the message might be legitimate, contact the service or go to their web site directly through your browser by typing it in rather than using the link.
Filtering your e-mail
While you may not be able to stop spam, you may be able to use features of your e-mail software to help make managing your e-mail Inbox a little easier. One such feature is to filter messages based on some criteria, e.g. the sender or subject. Spam usually doesn’t come from the same sender nor does it have the same subject so a different criteria needs to be used.
ITSS uses a spam filter for e-mail messages sent/received by its U-mail and GroupWise servers. Each message is assigned a score indicating the probability that it is spam (e.g. X-UND-MailScanner-SpamScore: ss). The {SPAM???} label is placed at the beginning of the Subject: field for messages that have either a score of 5 (sssss) or higher. The {SPAM???}{DS} label marks the message as “definitely spam” and is assigned to messages with scores of 15 or higher and/or are on a blacklist service we utilize. The spam label or score may be used to create a filter, or rule, to move the matching messages to a “junk” mailbox or even the trash. Be aware, that no filter is 100% accurate and you should check the messages being filtered to be sure you aren’t missing legitimate e-mail messages.
Instructions for creating filters/rules for the three most common e-mail clients supported by ITSS follow.
Creating a Spam Filter Using Eudora
Creating a Spam Rule Using GroupWise (PDF)
Creating a Spam Filter using Outlook Express
Many U-mail users access their e-mail using the “Web Access for U-mail.” Unfortunately, this method doesn’t allow filtering but sorting messages may be help. Sort your messages by clicking the column heading, e.g. Subject. This will sort the messages alphabetically and the {SPAM???} messages will be grouped together. You may then select and delete the messages in a group. Click the Received column heading or log out to re-sort by date (the default),
Isn’t there a law against this?
Laws prohibiting spam won’t be a panacea for the problem. Enforcing any laws is a difficult proposition, due to the explosive growth of the internet, its global nature, and the ever changing skills of spammers. Your best defense is to protect your e-mail address, use your common sense about e-mail offers you receive, and utilize e-mail features to help manage the problem.