Managing Spam

Want to reduce the amount of junk mail you receive? You're not alone.

Reducing Spam
Q: How can I find out who is sending me all this junk mail?

A: Use the tools at http://samspade.org

Q: I receive an awful lot of Spam (junk e-mail) on my computer. Is there anything I can do?

A: Yes, and just for the record, the problem is getting worse. A recent survey found that 80 percent of incoming e-mail at Hotmail is Spam. Within four years, consumers can expect to receive an average of 1,400 pieces of junk e-mail per day, according to Net researcher Jupiter Media Metrix.

The easiest way is to use an email service provider that provides Spam filtering. Apple's .mac mail service (formerly known as iTools) silently filters incoming mail for spam; however, you have neither notification nor control over the process -- a limitation that has some users demanding more control. Microsoft's Hotmail service provides customizable junk mail filters. They help but, at least on my Hotmail account, a lot of junk mail still gets through, even when the "high" filter setting is used.

Alternatively, you might use a program such as Spam Weasel, SpamEater or Spam Detective (or any one of a number of others). These anti-spam tools effortlessly handle spam before it hits your inbox, or if you prefer, can be configured to mark it any way you wish before it enters your inbox. Spam Weasel is a POP proxy program and it can be used with other POP proxy programs such as Norton Antivirus by relaying between ports. (No Nags has more information on this and other anti-Spam freeware.)

Mailshield from Lyris (pronounced "Leer-iss"), formerly known as Spam Detective, provides support for POP3, IMAP and MAPI mail systems. Its IMAP support and frequent updates make it the program of choice here at PC Buyer's Guide. The most recent releases have added the much-needed ability to check only new mail for spam. Versions released prior to v2.06 re-checked every piece of mail every single time a spam check was scheduled (by default, every ten minutes). This led to a lot of needless disk thrashing and, in the case of IMAP accounts, wasted internet bandwidth. I sent the programmer a suggestion recommending a "check new mail only option" and, sure enough, there it was in the next version. Gotta like that!

Its IMAP support is another key advantage, as this is the protocol my mail server uses to allow me "anytime, anywhere" access to my email from multiple locations. It's US$39, with a freely downloadable evaluation version available at the Lyris website.

Mailshield programmer Markus Schmidt told PC Buyer's Guide, "before we started SpamDetective I checked out all the major spam filters (I remember SpamWeasel and SpamEater). I simply looked for a program that would relieve us from the spam we get but didn't find any (the whole story is told in our help file, check out "How Mailshield works"). In a nutshell Mailshield only exists because  the client side spam filters we tested simply didn't what we expected  them to do (which is, of course, mainly to delete spam, but which also is, to not delete regular mail)."

Briefly, Mailshield works by assigning demerit points to certain attributes it observes in incoming mail: multiple recipients, certain keywords (e.g., "Save Money") and so on. When a piece of mail reaches a certain threshold, Mailshield can flag it for deletion or, if you prefer, chuck it straight into the trash. All of the settings are easily user-customizable (you can, for example, teach it the addresses and names of your friends, to ensure that messages from these parties will not be mistaken for spam) and it's really not complicated to configure or use.

I encountered only one minor glitch related to IMAP servers and it was not serious (messages forwarded to my email client and subsequently deleted from within Mailshield led to a temporary "cache not synchronized" error, which disappeared as soon as a new piece of mail arrived). Since then, I've set it up to trash all Klez worm infected messages automatically, I've taught it many new words, such as "mortgage" and "Viagra" (recent updates have added these, along with quite a few naughty words) and, already, my time wasted dealing with junk mail has been reduced by 80 percent.

There are other things you can do to deal with spam, as well. To minimize the junk mail you receive, never post your email address on a web page (automated "spambots" diligently harvest posted addresses), never reply to a spam -- especially to request removal from their mailing list! -- never post the address on a website or a Usenet newsgroup. Read the Stop Spam FAQ and other tips linked below.

Even after taking all of these steps (some of which may be impractical or impossible!), you'd probably still receive some spam. To combat it, you can set up Rules in your email program to delete all files containing a certain word (I have one that automatically deletes all files containing the characters "!!!") and, if you want to be really thorough, you or your ISP could run a server-side program that intelligently filters email and blocks all incoming mail from known spammers. There are various "blacklists" on the internet, including several designed to combat the "open relay" method of unauthorized mail forwarding employed by most spammers to send massive amounts of mail... from someone else's account! See the anti-anti-spam article at http://lowendmac.com/practical/02/0115.html or the links below for more suggestions.

And, as for whether blacklists, "whitelists," Bayesian filters or other spam filtering solutions are the ultimate solution, I encourage you to consider the alternatives....

Some anti-spam systems place onerous demands on the party sending the email, in an effort to filter out automated mass-mailers. One such system replies to the party sending email with a message instructing them to visit a URL, where they must explain why the message they sent deserves to be read. Then, the party has to read and retype (!) a random string of characters before the message is allowed to pass. It's safe to say I'll never be emailing that person again.

CDT Releases New Report on Origins of Spam
CDT in April 2003 released a new report based on a six-month project entitled "Why Am I Getting All This Spam?" The results offer Internet users insights about what online behavior results in the most unsolicited commercial email and also debunk some of the myths about spam. Read more....

For Further Reading

• Andy Rooney of 60 Minutes has some suggestions for eliminating annoying telemarketers' phone calls or postal junk mail. [May 5, 2003]
• Download PC Buyer's Guide's Anti-Spam Rules for use with Mailshield or other rule-based email blockers.
• News.com: Net surfers set out to squelch spam
• News.com:  [Mar. 22, 2002] Spam flood prompts desperate measures
• News.com: [Mar. 12, 2002] Spammers target IM accounts
• New York Times [Apr. 18, 2002] Looking to Avoid Spam? Opinions Differ.
• ZDNet AnchorDesk: [July 11, 2002] Want to stop spam? Here's how YOU do it.
• Bagley.org: [Nov. 23, 2002] Anti-spam resources and tools. Includes information on Cloudmark's Folsom peer-to-peer technology, in which users in the Cloudmark network vote on whether each mail they receive is or isn't spam. This info is shared with other users. (human wave technology).
• Freep.com [Nov. 23, 2002] Spam king lives large off others' e-mail troubles: "The computers in Ralsky's basement control 190 e-mail servers -- 110 located in Southfield, 50 in Dallas and 30 more in Canada, China, Russia and India. Each computer, he said, is capable of sending out 650,000 messages every hour -- more than a billion a day -- routed through overseas Internet companies."
• cauce.ca [Nov. 23, 2002] What's the situation in Canada? According to the Coalition Against Unsolicited Commercial Email, it's not very good.

Q: How did the spammers get my e-mail address in the first place?

A: Direct marketers obtain email addresses in a number of ways. Sometimes, they buy the addresses from someone at whose site you've previously given an email address as part of a registration process. Sometimes, they simply send email common names, such as jsm...@yourdomain.com (whether the mailbox exists of not). More commonly, they utilize automated email address harvesting techniques to surf the web looking for email addresses on web pages, newsgroup postings or in other accessible locations. Sometimes, you will receive a "test" message. If the email does not bounce back to the spammer as "undeliverable," your address gets added to the list. We've even heard of systems that automatically generate random addresses, which the system then tests and validates using the above technique.

If you've heard that replying to one of those spam messages saying "reply to this message with the subject line 'remove' and we will take you off our list" is a scam, you already know why this doesn't work -- it just tells spammers you exist, and then the junk mail really starts to pour in. But replying to messages isn't the only way spammers can verify your email address. An item known as a "Web bug" is virtually always added to "HTML mail" (the kind of email that contains colors, bold type, etc.). These Web bugs can be automatically detected when the email is opened. Thus, by simply opening the email message, you are verifying that your email address is a "live" one. And you know what happens next.

MacInTouch has an extensive list of Spam related links on its Security & Privacy page. The general items give a good overview of the spam (unsolicted email) problem, while the next section lists primary resources for reducing the amount of this garbage you receive and for reporting the spammers that send it.

General Spam Information:

1. The E-mail Abuse FAQ
2. Spam Considered Harmful
3. CDT Report to FTC

Preventing and reporting Spam:

1. Spam Lessons
2. UXN Spam Combat
3. SPAM-L FAQ
4. CIAC ideas
5. spam.abuse.net
6. alt.spam FAQ
7. email headers primer
8. Finding full headers
9. EIMS filters
10. EIMS page more filters
11. OITC EIMS Spam/Virus filters
12. Spam Recycling Center
13. FTC
    (send spam samples to FTC)
14. SpamCop
15. Stop Spam FAQ
16. Sam Spade tools
17. NCL Fraud Center
    telemarketing tips
18. Enigma log and fight telemarketers

How to stop that Messenger Spam (This works for Windows XP and Windows 2000.)

1. Click on Start and then on Run
2. Type “services.msc” (without the double quotation marks) in the Run dialogue box
3. Press “Enter” on the keyboard.
4. Scroll down the list and find “Messenger”. Highlight “Messenger” Right Click and click on Properties
5. Click on the ‘down arrow next’ to the  “Startup Type” dialogue box (‘automatic’ is probably shown in that box) Change “Automatic” to “Disabled”.
6. On the next line down, click on “Stop” and then on the “Apply” button.
7. Next time you restart your computer (RECOMMENDED that you do so now, Messenger Spam should be eliminated…