Spam – The Essentials

March 30th, 2007 by

Spam is regularly in the tech news these days and no wonder when it is estimated that 3 out of every 4 e-mails is spam related rather than genuine messages. There’s a lot of literature online on this and I’ve included a few links at the end of this post if you want to read more, but here’s a few ‘knowledge essentials’ if you just want the highlights…

So why are the spam levels increasing?

there’s a few reasons for this, the main two being;

  1. Image spam – by using pictures instead of words in their messages, spammers are able to evade filters designed to detect traditional text-based ads.
  2. The ‘bot’ networks – Spammers are now cultivating and using new computer viruses such as the particularly prolific Trojan horse program called “SpamThru” that turns home computers into spam-churning ‘bots’. These ‘bot’ networks can run into millions of computers, and because of their decentralised nature are very difficult to stop.

What can I do about this?

Unfortunately most people are not particularly bothered about securing their own home PC’s, they don’t like to receive spam but are unaware that their home computer could be part of a vast network that is responsible for churning it out! ๐Ÿ˜‰ Although steps need to be taken when you receive spam you also need to make sure you are not one of ones responsible for it (and unless you monitor your computer closely you could be completely unaware).

The main thing is to make sure your computer is secure and cannot be compromised easily, the overwhelming vast majority of these viruses/trojans are aimed at Microsoft Windows, so you could swap to a linux based system or to Mac OSX if you are considering buying a new computer at any point (which I’d recommend, but then I’m biased ๐Ÿ™‚ ). Or if you are using a PC you can follow a few simple steps;

  1. Keep everything updated to the latest versions – this should reduce the risk of trojans/viruses exploiting any security loopholes.
  2. Run Anti-Spyware/Malware software regularly. When I still used a PC I used Ad-aware for this which I found pretty effective (and free!).
  3. Keep Anti Virus up to date and regularly scan. Another good free example is AVG anti virus.
  4. You may want to upgrade your firewall to one which will alert you when anything tries to access the net from your PC (or send mail etc.), then you can see what is trying to access the net and set your own rules manually. I used the excellent Zone Alarm for this – again available in a free version.

You also need to ensure that your e-mail address cannot be ‘harvested’ from the web, there are various services you can use for temporary e-mail addresses if you need to sign-up for something online and supply this, or you can simply create several e-mail addresses and keep one for sign-up purposes (personally if I think I could receive spam I use junk@my domain rather than using the e-mail address I give to my friends). You can find a couple of good examples of temporary e-mail creators at mailexpire and mailinator.

If you need to publish your e-mail address on your website there are a multitude of scripts that will send you an e-mail without the e-mail address appearing to be harvested (as a form), or you can try and confuse the ‘spiders’ that trawl the web looking for valid e-mails by splitting your domain into words e.g. sales at mydomain dot com will not be normally recognised as an e-mail address by them.

What should I do if I recieve spam e-mails?

There are a few ‘do’s and don’ts’ that should ensure that you reduce the amount of spam you could recieve;

Don’t
– Reply to the e-mail or click on the ‘unsubscribe here’ link – All this is doing is confirming to the spammer that this is in fact a real addess and more importantly you are prepared to open and read their spam, which will mean they are likely to send you much, much more.

Don’t – Open any attachments or images, or click on any links in the e-mail – This is the most common method how the bot trojans/viruses spread. Part of the programming is to reproduce itself and replicate by sending to all e-mail addresses contained on the PC.

Do – Delete the spam e-mail

Do – Employ some sort of Spam Filtering – This is included in most good mail programs such as Outlook/thunderbird but is usually very basic, most ISP’s normally also have this available where you can change the ‘level’ of what you class as spam to be stricter, and there are also external companies or programs that you can use if necessary (it’s not normally this bad though unless you absolutely have to publish your e-mail on the web in my experience).

Is UK2 doing anything about Spam?

This has been in our minds recently as we have been upgrading our e-mail platform and there are a few measures we are taking (or have taken already).

  1. We’ve introduced an extra level of spam filtering on our own mail servers and actively monitor our shared services for any of our users attempting to ‘spam’ (intentionally or not).
  2. We are introducing free POP boxes on our domains and disabling the ‘Catch All Forwarding’ that we gave as standard back in the days when spam was not so much of a problem. This will have a massive, positive impact because dictionary (or brute force) attacks by spammers on domains will not work anymore (where a spammer sends multiple spam e-mails to random addresses on a domain trying to find one that works/replies).
  3. We have a new dedicated Abuse team to deal with any abuse complaints (including spamming) that we receive.

This means;

    a) Less spam being delivered to our customers (especially multiple copies).

    b) We don’t get our mail servers blocked for forwarding spam to other ISP’s (even though it didn’t originate with us)

    c) A faster, more efficient e-mail service.

 

OK so that’s the highlights as I see them but as this is such a massive subject here’s a couple of links where you can read more about the murky world of spammers, and what you can do.

http://www.spamhaus.org/index.lasso

http://www.ico.gov.uk/for_the_public/topic_specific_guides/spam.aspx
http://search.theregister.co.uk/?q=spam&mode=site

here’s also a sneaky one to trap the web spiders trawling for e-mail addresses if you have a web site ๐Ÿ˜‰ http://www.spampoison.com/

  • Share this post

The end of ‘unlimited’ – subject to FUP?!

UK2 celebrating our Office Move to Brick Lane

4 Comments

Ap0kalipSe
# 30th March, 2007

Is there any published info on what you do do/plan to do with regards to spam, ie RBL/SPF records, etc?

I have a mailbox on the cyborg2.com domain that get’s oodles of spam every day due to the email address being public ๐Ÿ™

Incidentally a good tool for your desktop for managing spam is mailwasher, http://www.mailwasher.net – well worth buying!

Ditlev
# 31st March, 2007

@Ap0kalipSe
A few months ago we upgraded our mailsystem to atmail as our core mail system, it has build in spam prevention that works pretty well.
However to make this even stronger we are currently upgrading our mail setup so all incoming mail is filtered using Mailfoundry boxes. And to make sure we do not send/forward spam from our system we filter all outgoing mail with Barracuda boxes.
It’s currently in betatest, trying to limit the delay this filtering will cause. I expect it to be fully implemented within 14-21 days ๐Ÿ™‚

Jeff Key
# 9th August, 2007

Hi,

there are several levels of spam protection you can select from 1 to 10. Can you give more details on what they cover. I have my daughters (8) set on level 4 but I am tempted to go higher.

What do you base the scores on and how and where is it defined.

Jeff.

Shannon
# 30th January, 2009

Hi,

I was directed to “Spam – The Essentials” from an email I received and I have to give kudos to the author for this statement:

“The main thing is to make sure your computer is secure and cannot be compromised easily, the overwhelming vast majority of these viruses/trojans are aimed at Microsoft Windows, so you could swap to a linux based system or to Mac OSX if you are considering buying a new computer at any point (which Iโ€™d recommend, but then Iโ€™m biased ๐Ÿ™‚ ).”

For m-a-n-y years everyone has known Windows products are targets for virus/spam/IP high-jackers and hackers, but since there is so much $$ to be made in repair, IT, maintenance of and broken/faulty/compromised systems and programming, new software updates, we’ll never see a day of nothing but working, useful computing and spam free web email.

I may be just a wee bit biased, but we run BSD and Mac – Hoorah for UNIX! ๐Ÿ˜‰

Leave a Response