Home || Computing Articles || Mac Articles and Links || Working with Windows
Spam is another name for Unwanted Bulk Email, or UBE. (It used to be called Unwanted Commercial Email, UCE, but there is quite a bit of non-commercial bulk email now.) Some of the most numerous examples seem to promote mortgage rate providers, herbal viagra, prescription drugs, voyeurism, work at home schemes, Internet detective services, and millions of email addresses (to send your own spam.) You can view a small sample of Subject lines from one of my filtering reports.
In addition to the sales of questionable items and services, they may masquerade as eBay, PayPal, Microsoft, etc. Spammers are usually looking to separate you from your information and/or your money. It's been noted that some viruses may actually gather email addresses from your mail client, ostensibly for inclusion on CDs for spam publishers. Their techniques are constantly changing. Be very wary of email you are not expecting and visit online business Web sites to verify policies before sending account information, etc. Few ask for account information via email.
The technical publisher O'Reilly and Associates has a book, "Stopping Spam: Stamping Out Unwanted Email and News Postings." A complete description with sample chapter and table of contents is available at http://www.oreilly.com/catalog/spam/ Here is an excerpt from that sample chapter, "What's Spam and What's the Problem?"
Spam may be cheap to send, but bulk email and newsgroup postings come at a high price to recipients of the messages and to the Internet through which they travel. It's because of this price that "simply clicking Delete" isn't a good solution to the spam problem...
It may take a spammer just five or ten minutes to program his computer to send a million messages over the course of a weekend. Now it's true that each of these messages can be deleted with just a click of the mouse, which takes only three or four seconds: a few seconds to determine that the message is in fact spam plus a second to click Delete. But those seconds add up quickly: one million people clicking Delete corresponds to roughly a month of wasted human activity. Or put another way, if you get six spam messages a day, you're wasting two hours each year deleting spam.
It also notes there is a cost to the ISP, traffic generated, etc. If you use a modem to connect, downloading your email with a large portion being spam is an exhausting and useless activity. I spoke to a South African colleague a couple of years ago and discovered he was paying for access by the minute via modem! A recent fact from CNN.Com listed in the magazine The Week (Volume 5, Issue 95) stated "The time spent deleting spam costs U.S. businesses $21.6 billion annually."
Expect to see more spam... a lot more spam. A good portion of the latest crop I'm seeing is from, or run through, servers in Russia or China. Spammers have tools to find poorly configured mail servers they can use. All spam sending tools will obscure where the spam originates through several 'spoofing' techniques.
The short answer is the sky is the limit. Here is an example from my accounts.
Before I took action, one-quarter of my daily mail was spam (about 25 messages), and three-quarters on the weekends. [A service I used for manually reporting spam, estimated I received spam at the rate of 97 MB per year in 2001.] I recently (2004) read that 60% of email traffic is spam when I was getting about 125 messages per day in each of my two accounts. One is 90% spam and the other is 99% spam. Note, I filter both and I still see several getting through as spammers adapt to the tools used to fight their unwanted invasion. In early 2005, I cancelled the first account and the second now gets about 200 spams per day.
As an experiment to see the current volume of spam, I activated my ISP's greylisting spam filter on the main account that only gets spam—I used Matt Wright's junk FormMail.pl web form processing script years ago on this account and spammers know to look for its "hidden" recipient field to harvest email addresses. Over a 24-hour period, I used PINE at the Unix command line to display an index of messages, select all and delete/expunge the messages, noting the date and number of messages deleted in a text file. Here is the result:
Fri Oct 27 00:09:42 EDT 2006
429
Fri Nov 10 10:26:23 EST 2006
496
Note: (13-Nov-06)
Note: Changed email settings to discard all email to main account;
will use domain email accounts
Mon Nov 13 11:18:32 EST 2006
0
Note: (26-Feb-07)
Note: Changed account settings to deliver mail but use provider's
junk mail filtering for a test 24-hour period.
Tue Feb 27 14:58:55 EST 2007
211
Note: (27-Feb-07)
Note: Returned mail settings to delete all email again
The result of my most recent test shows that in November 2006, I was getting about 250 spams per week. I am now getting a bit more than 200 spams per day, from Monday to Tuesday afternoon. I see 46 spams in the INBOX (see subject-sorted INBOX listing image) and 165 filtered JUNK messages (see subject-sorted SPAMTEMP listing image) in a spamtemp mailbox. (As I mentioned, it gets much worse on the weekend.) I haven't used or given out this email address for several years. As you can see, the volume of spam only increases.
In my separate POP account, nearly all correspondents use an email address at my mail redirect service that filters for spam. My average of held messages there is 22 per day. Average of false positives—legitimate mail caught by the filter—is 1.5 per week. So, 7 x 22 = 154 filtered messages per week with 1.5 held inappropriately, gives a 9.7% good email to 91.3% spam.
You can get yourself in a spam database if you have a 'mailto' link to your email address on a Web page, or if you use the incompetently written, popular FormMail.pl script for Web form processing on your Web site. Spam generators use email 'harvesting' robots to crawl across Web sites looking for 'mailto' links, or the FormMail.pl Web form's 'recipient' hidden field.
You might also get added to an email address database by posting your email address to a news group or an email discussion list that archives its messages online, registering for a members-only Web site, or purchasing from an online shopping site where that site sells its member list. One option to avoid questionable memberships is to use temporary email address services, as described below. You should check to see if shopping or membership Web sites have online privacy statements. Reading if may reveal your exposure to direct marketing efforts. Here is an excerpt of one such privacy statement:
[We] may also use personal information for any marketing and survey purpose on behalf of [ourself] and [our] affiliates and subsidiaries. [We] may disclose personal information to third party agents and independent contractors that help us conduct our marketing and survey efforts. Further, [We] may disclose personal information to other companies in connection with marketing efforts including but not limited to direct marketing, which may have no relationship to [us]. Finally, if [our business] or any of its assets are acquired by or merged with another entity, member information will be one of the transferred assets.
It is also possible you might also have someone unhappy with you who adds your name to some opt-in site or, a well-meaning friend may send you an e-greeting card from a service that is promiscuous with its database of email addresses. Note, the great majority of opt-in marketing sites do not send confirmation emails to verify if you want to receive their marketing information as a legitimate business would.
Once you start receiving spam, you have a number of options and several are explained below. The simplest is that you can simply delete the message. Note, if the message has 'to remove yourself...' instructions, DO NOT REPLY as most spam generators hide their origins using special software and often the 'Reply-to' address is dead, bogus, or an unsuspecting third party. Or, if you do reply, it will only verify that your email address is good, and worthy of sale to other spam generators. Often, there is a note that the message complies with "proposed Senate bill xxx." It is still spam. You didn't sign up for it. If you find yourself drowning in spam, you can explore other options. There are steps you can take and several online services for spam prevention or handling. These are described below.
Spammers might consider themselves as merely sales people making "cold calls" similar to the dinner-time telemarketers. While annoying, computer telemarketing calls are cost-effective compared with a live person for the businesses that use them. Of course, you always have the option to sign up for the National Do Not Call Registry or tell individual marketers to place you on their 'no call back' list. There is nothing comparable for spam.
Telemarketing and mass postal mailings are usually targeted to specific customer groups that might desire the sender's product. They need to target the contact because it costs the marketer to send to or call a prospect. For example, a mailing needs to return between 2-5% to be cost-effective as a marketing tool. The publisher is also readily identified with a legitimate address and phone number as they want you as a repeat customer.
Spam, on the other hand, needs only to get a couple sales from millions of messages sent because email is currently nearly free as we all pay a portion through our ISP subscription fees. Because it is so cheap, there is no reason to review email address lists for duplicates or target emails to particular customer groups. Spammers don't want to easily identify themselves because they are often hit-and-run, or fly-by-night businesses. Look at the products and services they are promoting. It's like buying a Rolex on a street corner.
How does one minimize exposure to spam? Don't include a linked email address on your own (or any) Web site, if possible. There is a Javascript for constructing an email link at http://javascript.internet.com/ that I have used in the past (search for 'spam'.) It breaks up the link using Javascript's 'document.write' method to confuse the email harvesting robots. Include the plain text of your email address (not linked) in a 'NOSCRIPT' tag pair, for those with Javascript disabled, if you like. Also, you might simply post the plain text of your email address rather than linking it.
Here are some other prevention options when you are shopping or registering on Web sites:
You can't. It's that simple. Occasionally, I see spam with footers describing they are in compliance with Senate Bill xxx, or by clicking or replying with 'remove' as the subject, you will be removed, etc. On the SpamCop.net site there are discussion groups for spam warriors, new users, etc. I received one spam with a footer that said to go to removeyou.com and use this supposed global removal service to get your email address out of spam databases. A message was posted by 'staff' at the 'removeyou' service with no return email address. My feeling, and those on the discussion list, is if they can't stand behind their service enough to sign their name, or include a legitimate email address, it's a questionable resource. There is no Trust-e logo on the site, of course. One SpamCop list member did a search on the contacts for the domain, etc. and found anomalies. Another poster said the domain is run by a spammer.
After a long fight, there is now a law in Washington state that requires commercial email to have legitimate return addresses and other valid identifying information. See Adam Engst's TidBITs article: http://db.tidbits.com/getbits.acgi?tbart=06458 for the story of their involvement and success. You shouldn't have to remove yourself from something you didn't choose.
You can also change your email account yearly as one fellow I spoke with does. This seems extreme and businesses and those that do much online shopping and bill paying certainly can't do that.
Filtering in your email account is usually the next option after simply deleting unwanted email. Many ISPs (Earthlink, MSN, etc.) include some sort of spam filtering now. Activate it for your email account. Most often it will move messages to a 'filtered' folder of some sort, where you can review captured messages to see if any need to be added to a local 'white list' of legitimate email addresses. My ISP, voicenet.com, allows me to delete messages after a period of time. I get so much that I set it to keep held messages for only two days and I receive a filtered digest of message headers each day that I can review in my daily email session.
On the client side, I use Eudora to filter all expected email from lists, software vendor announcements, friends, colleagues, etc. to individual mail folders, to mailing list or other topic folders. In this way, all unwanted email will appear alone in my 'INBOX' for easy scanning and deletion. Most email clients have features to create filters that move mail automatically to folders.
For information on filtering in your email client, see "Filtering Messages" in Eudora Help. In Netscape Communicator, choose 'Help' under the 'Help' menu and then 'Using Email'. Scroll down to 'Organizing Your Mail' to read about filters. In Outlook Express Help, see "Organizing Mail." In addition to its rules for organizing email, Outlook Express has a Junk Mail Filter. Here is an excerpt from its description:
The Junk Mail Filter uses known criteria to classify messages you receive as junk mail. For example, if you receive a message that includes signs of a forged e-mail address in the From box, the Junk Mail Filter classifies the message as junk.
By the way, the latest technique used by spammers is to confuse your spam filter system. I saw the following on the Ad-Aware web site:
If you have received e-mails that are just filled with gibberish, but do not require you to click on anything, they are designed to get you to mark them as spam and confuse your Bayesian spam filter (uses statistical methods to classify messages as spam). It may be wise to use your web mail account to delete all junk mail before opening up Outlook or Outlook Express.
By gibberish, I believe they mean email messages constructed with dictionary words strung together as nonsense paragraphs (Here is a gibberish screen capture image.) I've also seen true gibberish (Ex: " iryol sopuekbtf rqtwuden jpzomtv mkiuzqgw rqaukj laimek") along with bogus URLs in web feedback form submissions. I believe the spammer was testing to see if the web form can be used to send spam.
In the past, I was able to download and import a blacklist into Eudora for filtering of problem senders. This worked for awhile but spam-generating software now creates random, bogus addresses or otherwise mangles various email header fields. Filtering by subject is also difficult as the spam software continually modifies that field. Good blacklist sites are maintained by a community of volunteers and used by the email filtering services described below. Spamnix is a pre-configured plug-in for Eudora for Windows or MacOS X that automatically sends spam to Eudora's Junk folder. It uses Bayesian filtering (like the SpamAssassin server tool) and has an Accept/Reject utility.
There are also separate spam filtering programs that will run on your Mac or PC to assist your email client program in handling the deluge of spam. Search http://www.versiontracker.com/ for 'spam' and read the user reviews of the listed software and try them out.
In addition to filtering email in your email client application (Eudora, Express, Netscape...), you can use a filtering service.
POBox.Com - this is a redirection account service with spam tagging. It's been around a long time. You can get long-term accounts here with the advantage of having one consistent email address, even if you change providers. If you do change, simply log in to your POBox.Com account and change the 'redirect to' address. Mail sent through POBox.Com is filtered and possible spam is held. A report arrives daily (see screen capture of daily report) that you can review, allowing you to release "false positives", as necessary. (Note, you many not be able to use a redirecting address in subscribing to an email discussion list as you may not be able to confirm your address for the list administrator.)
SpamCop.Net - this is a paid service where you can have your email filtered. You can then decide to either report the spam or release the emails to your account. All management is via the service's Web site. This is heavy-duty spam control. It takes some time to understand the configuration and options. (I have an older article on Using the SpamCop Service.)
While this won't be an option for many users, I'm including it for completeness.
It is possible to use script and command-line techniques to filter your email, if you have programming experience, and access to a command-line shell for your account. There is an article on user-level email filtering, "Filtering Mail with Mail::Audit and News::Gateway", by Simon Cozens in Issue #18 (Vol. 5, No. 2, Summer 2000) of "The Perl Journal." (http://www.tpj.com/)
Procmail is a useful tool for filtering email. O'Reilly has an online article, Procmail: Order from Chaos with Procmail [2000], and there is a book, The Procmail Companion by Martin McCarthy [2001], that is informative.
There is a series of three articles by Mark Jason Dominus on "My Life With Spam", available at http://perl.plover.com/lp/Spam.html. Mark is a Perl guru who writes well and explains things thoroughly and concisely and in these articles Mark uses Perl to create various methods for filtering email. Here's a brief excerpt from the intro in the first article:
The email spam was really starting to bother me towards the end of 1996, when I was getting several junk messages each week. (How quaint that seems now!) I tried to figure out what to do about the spam. Some of the plans worked out well. Some were instant failures. Some were failures but it took me years to decide that they didn't work---those are the most interesting ones.
One of my accounts uses SpamAssassin (http://www.spamassassin.org/) and I can save a group of spam messages, with full headers enabled, to a file and give a shell command to have it learn what is spam.
% sa-learn --spam --mbox todayspam.txt Learned from 32 message(s) (33 message(s) examined).
Conversely, it will also let me submit a group of legitimate messages so it can learn how to recognize those also.
There are services online where you can become involved and report spam after you receive it:
SpamWatcher.Com (http://www.spamwatcher.com/) - Appears to be a free site. You paste in spam and it finds the host that sent it. It's useful to paste a spam email with full headers into the reporting form and read the results to learn the basics of checking email headers. It's a quick intro to the dirty work. See the "My Life With Spam" series of articles listed above for extensive header review techniques.
SpamCop.Net - has a free service where you can register for a free account to report spam. The service also has a paid member filtering service. (See my older article on Using the SpamCop Service.)
Reporting spam to these services is done by viewing a spam message in your email client (Outlook Express, Eudora, command-line text email clients like pine... :-), displaying full email headers, copying the full email headers and message, and pasting it into the Web reporting form and submitting it. When you report spam, you are becoming a volunteer spam warrior. It has value in that it alerts system administrators of the activity and possible server vulnerabilities.
Note: copying Web mail service headers and messages probably will not work. (i.e., reviewing messages using a Web browser like the Excite, Yahoo, WebBox.Com, etc. services.)
Spam is currently responsible for 60% of all email traffic. It will only continue to grow until spam publishers have to pay per message. In other words, if it begins to cost them dearly to send it.
Another possibility would be some sort of authentication scheme. Web sites have digital certificates, verified by established certificate authorities like Verisign. Users can include digital signatures using something like GnuPG (The GNU Privacy Guard.) Domain Keys Identified Mail (DKIM) looks like a promising technology according to a BBC News article covering its acceptance as a draft IETF standard.
Also, as spam filters get more aggressive, legitimate email might be caught as a 'false positive' spam. Perhaps ISPs and legitimate email business senders will begin using verified email services like http://www.bondedsender.com/. (If you do your own filter programming with something like procmail or SpamAssassin, they have plug-ins you can download or suggestions for identifying headers you can add to your filtering.)
I'm hoping some solution is found before Internet business and correspondence grinds to a halt, drowning in spam traffic. In the meantime, I hope the suggestions above help in your efforts to reclaim your INBOX.
P.S. An earlier version of this article was posted on a colleague's graphic design Web site. He is a committed warrior in the fight against spam. He has a short article on his experience with and value of SpamCop.
P.P.S. I don't know how long this "US net providers pursue spammers" BBC article will hang around but it is interesting reading. Also, I have an article on Home Computer Security Tips that mentions the spam problem in context. I also have an index page of spam fighting resources.
