Email Spam
Posted on May 20, 2004
Filed Under Internet, Security |
Spam, in its simplest terms, is unsolicited email that is often sent to a large number of email addresses at the same time. Spam can also appear in Usenet newsgroups, on-line chat rooms, and web based forums, but spam arriving in your email inbox is likely to cause the most aggravation.
Aside from the stress spam causes the average internet user, the costs of spam can also be high. By some accounts, spam constitutes more than half of all Internet email traffic. Handling this unwanted traffic uses valuable resources that Internet Service Providers and ultimately, end users must pay for. Whether you pay for a certain amount of time on-line or your ISP limits the amount of data you can send or receive every month, spam eats into your quota.
How do spammers get your email address in the first place? The U.S. Federal Trade Commission completed a study where 250 new email addresses were posted at 175 different locations on the Internet. The locations included web pages, newsgroups, chat rooms, message boards, and online directories for web pages, instant message users, resumes, and dating services. The email addresses were used for no other purpose than to monitor the spam that they received. In the 6 weeks that the study was conducted, the new email addresses attracted 3349 spam email messages.
Where email addresses were posted in on-line chat rooms, an incredible 100% of them received spam. Amazingly, one address posted in an on-line chat room received spam 9 minutes after it was posted for the first time!
Email addresses that were planted on web pages or posted to newsgroups attracted spam 86% of the time. In other words, if you post your email address on your web page or a page somewhere on the internet, you stand an 86% chance of that address being harvested and used by spammers. The same applies if you post your email address to a Usenet newsgroup.
Placing an email address on a free personal web page service resulted in spam 50% of the time, message boards 27% of the time, and email service directories 9% of the time. Clearly, if your email address can be found on the Internet, spammers will often find it.
The FTC study does not include tactics such as sending random dictionary type spam messages to known domains. In this scenario email is sent to a list of common words and names at a particular domain. For example, a spammer might pick yourdomain.com to spam and send messages to a list of possible email addresses made up of common words or names with an “@” symbol followed by the domain name. There is a good chance that addresses such as bob@yourdomain.com or sales@yourdomain.com will be legitimate email addresses and the spam will be sent successfully to those addresses.
So now that we know a few ways that our email addresses get into the hands of spammers, what can we do to limit spam? Notice that I said limit spam and not prevent spam. The unfortunate truth is that it is near impossible to completely eliminate spam without running the risk of eliminating legitimate email as well. Thankfully though, we can put a real dent in the volume of spam that reaches our inboxes:
- If a spam message includes a link where you can be removed from the sender’s list, be very cautious in using it. Often this backfires by telling the sender that your email address is real and encourages more spam rather than preventing it.
- If your ISP provides you with more than one email address, consider creating a “dummy” email address to use when filling out web forms. This dummy email address can be deleted when it gets bombarded with spam and when you are comfortable that your information has not been compromised you can give the form owner your “real” email address.
- If a check box is provided when filling out a web form that prevents your email address from being used for unsolicited email, use it.
- Rather than post your email address on your personal or company web site, use a form that visitors must fill in to contact you. Even if you are not a programmer, there are a number of tools available to help you easily have the form contents emailed to you but keep your email address hidden from visitors and spammers.
- Turn automatic read receipt confirmation off in your email program. Only send read receipts when you are certain that the sender will not use your address for spam.
- Use spam filtering software. There are a number of tools available on the internet that intercept email before it reaches your inbox to make a reasonable guess as to whether or not the message is spam. If it is, the program can move it to a specified folder or delete it altogether. If you use Microsoft Outlook, consider upgrading to Outlook 2003.
- If you in a business environment and run your own mail server, consider placing a spam filter “in front” of or on your mail server. Be sure that the server is secure and cannot be used to “relay” spam.
More information on the FTC study can be found at http://www.ftc.gov/ /bcp/conline/pubs/alerts/spamalrt.htm
Comments
Leave a Reply
You must be logged in to post a comment.