August '04 Tools

Spam email is designed to get you to click something. If they can get you to browse to their product’s site, the spammer makes money. To get you to do this some masquerade as legitimate emails from a company you would normally trust, others leave vague misleading information and links that don’t appear to be links. Only after you have clicked one of these links do you find that you have been tricked. Your machine now has more browsers open than you can possibly close and dozens of tracking cookies have probably been installed. Worst of all - the spammers now know that they sent an email to a “live” email address making it more valuable as it can be sold as a verified email address.

Identifying who’s sending spam and preventing it can be nearly impossible. Just about anyone can send email and claim that they are “bob1234@aol.com”. Spammers are well aware of current legislation and know just how far they can push things and how to cover their tracks.

Verifying Emails
Wouldn’t it be great if, every time an email came in, the sender’s intent could be verified? Some anti-spam programs can do that. When an email comes in from an unknown sender… say bob1234@aol.com, the email is held up in a queue while a another email is sent back to bob1234@aol.com asking for verification. If bob1234@aol.com is a made up name, no one ever receives a request to verify so their email is never released to you. When valid senders get the email verification request, they click on the link, fill out a few fields, and automatically their email(s) are released to you. Additionally, they are added to your safe senders list so from now on so their subsequent emails come through to you.

Can your ISP Help?
ISP providers would like to shut down spam. It causes bandwidth constraints, angry users, server outages and security issues. To make it even harder for email administrators, they have to make sure that no matter what spam emails they drop, that personal and solicited emails make it through the system unadulterated. A single inaccurately dropped email can cost an ISP provider many man hours in tracking down and retrieving. That is assuming their system affords them this ability, which many don’t.

At the very least you should be aware of what your ISP is doing to help prevent SPAM. Ask they what their policy, find out if they use Reverse DNS lookups. Check if they subscribe to an Internet based “Black List”. Also make sure they have a “White List” option. Your ISP maybe able to help with spam but it is unlikely they will be your only solution.

Spamming Tricks
Many spam emails contain hidden catch phrases or links. To find these, read through the spam for the word “unsubscribe” or something similar. All you have to do to make the spam active is to click that link - which could trigger a barrage of spam that can run into the hundreds. Most unsubscribe links are bogus - either the page doesn’t work or it doesn't exist. In either case, by clicking on the link, you've just verified that your email is live. Even if spammers do remove you from their list, nothing prevents them from selling your now VERIFIED email address to hundreds of other spammers before doing so.

One technique that spammers use with linked pictures is called “Beaconing”. A beacon is a link to a picture or file that is created in such a way it identifies the person looking at their picture. If you read the email you are triggering those beacons.

Another thing you might see on the page is a lot of misspelled words. These misspelled words are attempts at circumventing “content filters”. Something else you might see throughout the spam is random numbers and letters. These help fool math based content filters.

One of the things spammers feed on is information, the newer, more dynamic it is, the more they like it. Have you ever posted a question on a message board? Ever asked for assistance where your question was posted on a web page? If you have there is a good chance your email is sitting out there waiting on the internet to be read by a spam bot. A spam bot is a program that programmatically looks at WebPages for email addresses, its logs them and keeps on going looking for more. Only post your private email address publicly if it is the only option.

Even Your Friends Can Hurt You
If your friends are sending out emails with a long list of copies (cc:) to everyone, they are a spammers best friend. Chain letters are a common method for spammers to inherit hundreds of email addresses. If you receive a chain letter, the damage is already done, it means no matter what you do with the message, if a copy of it falls in to the malicious hands of a spammer, it will be hard to keep your mailbox spam free. So when a friend sends you a chain letter, make sure they know, by just replying privately to them, that they are giving out too much of your personal information.

Spam blocker Check List
If you want to use a spam filter, at a minimum you should be looking for "Beacon Blocking" (also known as tracking bugs) A Beacon is a portion of an email that, once viewed, reports back home that the email arrived and that you are a live email address.

Also check for “updateable spam definitions” that informs your anti-spam program of new spam messages and techniques.

The anti-spam programs that do best are the ones that are compatible with more email clients. (like Outlook, Outlook Express, Eudora, etc.) If a company backs an anti-spam non-profit organization, its usually top notch.

The most effective spam filters are ones that “learn” from your email. Where content filters fail, these “Bayesian” filters will succeed. Spammers have to find ways to get past email filters. They jumble up word order, they scramble words, and they add garbage text, hidden fonts, and even make letters out of pictures as well as all other kinds of nonsense to thoroughly confuse the filters. This technique does not work well against Bayesian filters because once it has learned what your proper emails look like, those scramble up ones are so completely different that they get dropped.

What Makes A Great Spam Blocker?
A perfect Spam Blocker doesn't exist, but here is a list of the attributes found in the best Spam filtering software.

Ease of Use - Is the product easy to install? Is it easy to setup the email filtering rules that you choose? Is it easy to use?

Effective filtering - Does the spam filtering software filter spam and yet allow valid emails to come into your inbox? How easy is it to customize sensitivity of spam filtering?

Email Processing Steps - Does the spam software allow you to easily retrieve your email? A good spam filter should not require you to perform an additional step to filter your email.

Allow/Blocking of Email - You should be able to specify what email you want to appear in your inbox. Does it allow you to block or allow email based on the senders email address, IP addresses, server or domain addresses, or country of origin.

Content Categories - Spam filters should include the capabilities to specify the allowing or blocking of spam with content categories. General categories might include financial, services, health, insurance, adult, games, gambling, etc. Categories allow you to easily identify and specify what should be allowed or blocked, especially if you don't know who the sender is.

Rule Creation - Does the spam filter allow you to easily define and customize certain rules? These rules might be in conjunction with allow/block lists or allow/block categories. Does the product allow you to easily incorporate a new rule once an allowed email is identified as spam?

Quarantine Area - A good spam filter should provide a quarantine area where all blocked email is stored. This allows you the opportunity to retrieve email that may have been inadvertently blocked. The quarantine area should not have to burden you with any additional email processing functions and should automatically clean itself with old unwanted emails.

Worst of the Spam - Sporn - How well does the email filter support the blocking of sporn or spammed pornography? Does it allow you to block all pornography and/or adult themes? Does it allow you to view quarantined email without viewing any of the pornography?