Dealing with spam (or spam, spam, lovely spam)
By Lasa Information Systems Team
Spam is probably the single most annoying aspect of the Internet's success. If you have email you've probably received spam. This article seeks to explain the problem of spam and offer suggestions for dealing with it.
Spam - no longer just luncheon meat!
Just a few years ago your email inbox was relatively uncluttered except for messages from friends, co-workers, family or stuff that you really did want to know about. Nowadays nearly everyone's inbox is flooded with unsolicited messages.
Unsolicited bulk email, commonly known as spam (remember the Monty Python sketch? Spam, spam, lovely spam!) has been on the rise for several years. It can include things like commercial solicitations, advertisements, pyramid schemes, sexual offers and fraudulent offers.
Various surveys have estimated that up to 50% of corporate email is spam. Spam messages can also pose security risks. Email security firm Message Labs claims that around 1 in every 270 spam messages contains a virus. Needless to say spam has become a very annoying but common part of modern electronic life.
Emails with subject headings like "Re. Your credit", "Congratulations", "20 YEARS YOUNGER" or offers to enlarge various parts of your anatomy etc. all fall into this category. Unscrupulous advertisers have found a cheap way of flooding the market at very low cost, hoping that some unsuspecting people may actually consider using these services.
Spammers are even offering to deal with the problem of spam, and how do they contact you? - via an unsolicited email! Unfortunately, until these messages are regulated or made illegal, spammers will continue to peddle their wares. Even regulation won't get rid of spam completely as much spam originates from outside the country it is being sent to. Regulations will probably be difficult to enforce and spammers can be very difficult to track down.
Why do I receive these emails?
Email addresses can be acquired in several ways.
If your address has ever appeared on any Web site, mailing list, newsgroup posting, as an email link on a web page, or if you've ever entered your email address onto a form on the Internet e.g. for a contest, or to sign up to a commercial mailing list, web site registrations, electronic post cards (the list goes on), then it's more than likely that your details will end up in a spammer's database.
Spammers also go an extra step, by inventing addresses using computer software to simulate Yahoo, Hotmail and other accounts. The software normally creates a large number of random addresses and floods the Web seeking some kind of response. For example you reply requesting removal from their email list. This then confirms to the spammer that your email account is an active one.
In short, if you have an email address and have had it for any length of time, you will almost certainly be receiving spam emails.
How can I stop spam?
There really isn't any way to totally protect yourself from spam, just like you can't stop all the junk mail that arrives through your letterbox at home or work. If you only get the occasional spam message, treat it like you would junk mail - throw it in the bin.
Replying to spammers' "Remove me from your list" or "unsubscribe" address is not always a good idea. Reply only to messages that are from companies or organisations that you recognise. A reputable company will honour your request to be removed from their mailing list, but in most cases, replying to spam will only validate the existence of your address and in all likelihood, will increase the number of spam emails you get.
What to do when you receive spam
The following are some suggestions that will help alleviate the problem:
Use the Delete key
This is probably the simplest of all solutions, especially if you only receive a low number of unwanted emails. If you have no other system, the most reliable way of dealing with spam is to use the delete key.
Use a filter option
Many email packages offer the ability to filter incoming mail, and, based on the rules you supply, may be able to detect spam once it is downloaded. Spam messages can then be deleted automatically or stored in a separate folder so you can check to ensure they really are spam before deleting them. For more on this see the help files of your email software.
Consider using spam filtering services
Internet service providers (ISPs) are beginning to come to terms with the problem and some may provide a free or subscription based service that deals with the menace before it gets to your computers. Although this sounds like the ideal solution, it is complicated by all sorts of issues.
For example what is spam to one user may be another user's legitimate mail. Also the fact that spamming is an evolving art means that spammers will continue to change the way they operate as technology comes up with solutions.
The way the service works is similar to the filtering option described above. Rules are used to identify likely spam candidates and these are stored in a separate folder, which can be viewed by a user and contents retrieved individually or all deleted at the click of a button. By informing the service of any emails that have been allowed through, the provider can update their rules for future spam detection.
If your ISP or Web host does not offer some sort of spam filtering maybe it's time to consider a change ...
As well as providing services to ISPs, companies like Brightmail and MessageLabs also offer email security and spam filtering services to other businesses, although these tend to be aimed at organisations with large numbers of users and priced accordingly.
Try spam filtering tools
There are hundreds of programs that have been designed to deal with spam. Some are useful, others are more trouble than they are worth, or are very complex to set up, or may wipe out legitimate messages. We recently tried a free version of the program Spamnet (which works with Outlook 2000 and later versions). Spamnet is simple to install and use, and does a good job of dealing with items that have been labelled as spam.
By clicking once on the offending item, it is not only deleted, but a wider community can be informed of the existence of the spammer and the software updated in due course.
We've also tried with good results, the open source (free) Spambayes.
Conceal your email address
Email collection programs called "scrapers" automatically search the Internet for email addresses they harvest from Web sites. If you must put your email address on a Web page, try putting it in a disguised form e.g. john dot Olufawo AT lasa dot org dot uk, jolufawoTAKE@OUTlasa.org.uk, email@example.com (remove the anti-spam xx) are simple examples of doing this.
Other ways to disguise your email address include:
- using XML character references where you want your email address to appear - e.g. "firstname.lastname@example.org" could be written as email@example.com Your email address will appear normally on your web page. However, the HTML code behind the page will appear disguised as above so your email address is hidden from email scraper programs.
A free online tool for encoding emails using this method is available from West Bay Web Internet Publishing at www.wbwip.com/wbw/emailencoder.html.
There are also downloadable tools available. Typing "email encoding software" into your favourite search engine should reveal many examples of online and downloadable tools.
Unfortunately such methods don't work for long - once a spammer learns of them they can adjust how they collect email addresses accordingly.
Consider using email forms on your Web site
There are various pre-written scripts that can be downloaded from on the Internet and used to create forms on your Web site. These can be used to allow visitors to your site to submit their details or queries to you by email instead of you publishing your email address on your site. However, many of the widely available form scripts are no good because they include your undisguised address inside the HTML code.
There are more secure alternatives around though, for example the FormMail script available at NMS. You would need to check that your Web host will allow you to run your own CGI (Common Gateway Interface) scripts to implement this solution though.
Be aware that a badly run script which sends email can be used to send spam!
Use a separate account for business emails and personal emails
Or use a different address for forms you fill out on the Internet. If spam email really is a problem, maintaining a set of email addresses will enable you to monitor how spammers are getting hold of your address. If it becomes unbearable, then simply change your email account and take steps to keep it clean.
Don't pass spam emails on to your friends
This is especially true of chain letters, -- you just end up with one email with a whole host of valid email accounts. Before suggesting a friend or relative for a particular service ask them, if they are really interested and let them subscribe to it themselves.
On a similar note, when sending email to a group of people, put their addresses in the BCC (Blind Carbon Copy) field to keep them confidential.
Tighten up your email lists
Actively ensure that your contacts are up to date and valid. This will enable you to set up rules for any emails you receive from people not in your contact list. Emails from anyone not on the list can then be automatically moved to a spam folder for deleting.
You can in some instances contact the spammer's ISP (Internet Service Provider) and alert them to the fact that one of their users is spamming from their domain. Bear in mind that the majority of unsolicited mail has forged return address information, so the To:, From:, and Reply-To: addresses are not the actual source of the message.
To trace the real culprit you need to extract the information needed from the "message header" of the email. A message header is text that is somewhat difficult to decipher but has all the information you need to alert the proper ISP. In Outlook 2000 do the following:
- Highlight the suspect email message
- Go to View > Options
- At the bottom of the Options window, you will see "Internet Headers"
- Highlight the text in the Internet Header window (by clicking in the window, then pressing Ctrl-A or Right Click then select all)
- When you have highlighted all the text in the window, Right Mouse Click and select Copy
- Close that window (Internet headers) then click on the icon to forward the email message
- In the forwarded message window Right Mouse Click. This time, select Paste. This will copy the message header information to the forwarded message
- Look at the first line of the header that says Received from or Return path and you should see an email address in the form of Mailbox@domain.com. Address your email to firstname.lastname@example.org, briefly (and politely) explain that you are getting unsolicited emails from one of their users and they should take it from there.
Inform your system administrator
(assuming you have one) - If all else fails hand the problem over to your system administrator, they'll probably tell you they are having the same problems as you are having, but will suggest trying one or more of the above methods. If they are really nice, they may even set up a solution on your computer.
When informing them of the problem try and maintain a list of spam emails you have received to give them something to work with. Depending on how serious the problem is you will probably end up using a combination of the above methods to effectively deal with spam.
The only sure fire way not to get spam is to not do anything on the Internet, but most of us do not have that option. Unfortunately, in this modern age of information technology spam is becoming as common and annoying (if not more so) as telemarketers and telephone scam artists. The big difference is that it takes less time and costs less to email a thousand people an advertisement than it does to call each person individually.
For more information on fighting against spam see the knowledgebase article Spam - Solutions Anyone? and the following sites:
- Center for Democracy and Technology article Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research, Six Month Report
Published: 1st July 2003 Reviewed: 10th April 2006
Copyright © 2003 Lasa Information Systems Team