WoPC Logo 

How to Reduce Spam, SPIT and SPIM

468x60

Index

Sitemap

Advanced Search

 

Site search by freefind

 

Contents:

  1. What is Spam?

  2. What does Spam do to me and my Computer?

  3. How do I know that I am receiving Spam?

  4. How do Spammers get my e-Mail address?

  5. Is there any way of identifying whether a received mail is Spam?

  6. How do e-Mail Servers work?

  7. Are there automated methods or software solutions to control Spam? What is the best option?

  8. How do Spam Filters work?

  9. Is it possible to have Universal Accept and Deny lists for e-Mail?

  10. How do I protect myself against Spam?

  11. Is the problem of Spam getting better or worse?

  12. Are there ways to know if a Spam attack is on, so that I may be more careful?

  13. What is SPIM? How do I avoid SPIM?

  14. What is SPIT? How do I avoid SPIT?

Spam


What is Spam?

Spam refers to unsolicited, unpleasant or nuisance-value e-Mail that you receive. It is the kind of mail you receive from a seller of Viagra, when Viagra was the last thing on your mind! It is NOT the kind of mail you receive unexpectedly from a schoolmate you had fallen out of contact with, 20 years ago! Again, if you had enquired about Ladakh from a tour operator, their response to you is not Spam: you had asked for that kind of information!

Again, the question of what is Spam mail and what isn’t, is rather tricky: you may consider a mail informing you of the release of the latest, bloodiest and violent Computer game as the epitome of Spam, while it would be the most useful and interesting mail received in the last 3 months, by, say, your 14 year-old son or brother or grandson!

With Viruses too being e-Mail-borne these days, the dividing line between Spam and Virus is rather thin: general consensus is that while Spam mail is merely unsolicited mail that wastes your time, a Virus is mail that can harm your computer.

 

What does Spam do to me and my Computer?

A number of studies have been conducted on Spam mail. Let us look at the results of one such study: you may or may not dispute the figures, but what you cannot dispute is the severity of the Spam problem! A recent study by Nucleus Research, a US-based Market Research organization, throws some startling facts to the fore: two out of every three e-Mails received by people in the US is Spam. It is worse in organizations, where over 90% e-Mail received by the employees is Spam! Now, it takes 16 seconds on an average to read, classify and delete a Spam mail. This translates into a loss of $712 per employee per month, in terms of lost productivity. The total loss to US organizations, the study concludes, is a staggering US$ 70 billion!

Read our Free White Papers on Spam and other Security issues by clicking here!

Our Focus 

PCs: Hardware, Software and Computer Services. And, People who use PCs

People seeking reliable advice for PC Purchases

People seeking advice for extracting maximum utility from their PCs 

People looking for reviews of and purchase links for top-notch Security Products (AntiViruses, AntiSpyware, etc.)

Small/ Home Offices with Networked PCs, seeking maximum RoI from their IT Investments/ advice on expanding IT Infrastructure

People and Corporations planning to set up professional, contemporary, optimized, aesthetic websites

Worldwide IT Vendors looking for authentic, professional and inexpensive Market Research on global IT Markets

Software Developers wanting to Document/ create quality User Manuals for their Products/ Services

In addition to wasting your time, Spam also gobbles up your Internet bandwidth and Hard Disk space. Unless you permanently delete your Spam, you might even end up with a crashed e-Mail client (such as Microsoft Outlook, Outlook Express, Eudora, etc.), since e-Mail clients typically have an upper limit for storing e-Mail.

How do I know that I am receiving Spam?

Sadly, if you have been using a PC and the Internet and e-Mail for even a few weeks, the likelihood that you are receiving Spam already is a near-certainty… Eliminating Spam completely from your Inbox is also a pipe dream as of now, all that one can realistically do is to reduce the Spam load

How do Spammers get my e-Mail address?

Spammers pick up your e-Mail from a number of sources. The moment a new domain is registered, it figures in the Whois Records. It is a legal obligation to give a valid contact email address, when a domain is booked. Again, it is also a legal requirement that these records be made publicly available. The result of registering and having it appear on Whois is that Spammers can search the whois records too and collect your address!

In addition to the public Whois records, some of the other sources for collecting e-Mail addresses are your e-Mail Hosting Server if it is not adequately protected, your own e-mail inbox, your Address Books, your Instant Messenger window, the website guest-books that you may be signing into, the blogs you frequently check out/ post, etc. The bitter truth is that using technology alone or passing legislations against Spammers alone will not eliminate Spam. The problem is compounded because the Internet is liberal by design. Bringing regulations into it now would be extremely difficult, if not impossible. As of now, it appears that the only way to deal with Spam is to adopt safe practices and to continue to permanently delete the Spam that comes in, despite adopting the safest of practices.

Is there any way of identifying whether a received mail is Spam?

While there are a number of tell-tale signs, you can never be really sure whether a mail is Spam. However, most often, reading the first few lines of a mail will definitely help you classify it as spam or genuine. Spam mails are usually poorly written, contain many different fonts and/ or font colors and is usually sent out by people and/ or mail domains that you are not aware of.

How do e-Mail Servers work?

Click on the link, e-Mail Server Setup to understand just how an e-Mail is sent/ received by you!

Are there automated methods or software solutions to control Spam? What is the best option?

Indeed yes, there are a number of Spam Filtering solutions on offer. These solutions fall into the following two broad categories, depending on just where they are deployed:

  1. Server-level Spam Filtering solutions

  2. Personal (Desktop/ Notebook) level Spam Filtering solutions

Both kinds of solutions work broadly in the same fashion, with the only difference being that while Server-level Spam Filters protect the entire mail domain (such as your organization’s e-Mail domain), the Personal solutions protect your e-Mail address alone. The former are adopted (or should be adopted) by public e-Mail service providers such as Yahoo and GMail as well as your organization, while the latter come built in with popular e-Mail clients such as Microsoft Outlook/ Outlook Express, Eudora, etc.

Server-level Spam filtering solutions are either developed by Mail Hosting Service providers themselves, or are developed by specialists in the field of tackling Spam Mail. Naturally, these cost money. Similarly, you have a number of add-on solutions for Spam filtering at the personal level, such as MailWasher, SpamButcher, Lockspam, etc. These Add-ons come in all flavors – Freeware (i.e., you pay nothing for using them), Shareware (you pay a small amount – sometimes as low as US$ 20, for using them) as well as Adware, where you pay nothing at all, but need to watch Ads that the vendor builds into the solution.

While the variety of AntiSpam solutions is impressive and truly reflects the magnitude of the problem that Spam is, none of them can guarantee 100% efficiency… In our experience, these AntiSpam solutions do not offer too much more than the in-built Spam Filtering tools that are part of Microsoft Outlook!

Usually, you need to right-click on a Spam Mail that lies in your Inbox. This will bring up a pop-up with options to classify the mail as genune or spam. Left click the relevant option, to classify the e-Mail as Spam. You also have the option of classifying the sender of the mail alone as a Spammer, or to classify the entire mail domain as a Spam mail domain. Once you complete this step, all mail received in future from the sender (or the mail domain, as per your choice) will be treated as Spam and will be moved to the Junk Folder under your Inbox.

Note, you need to be very careful here! To illustrate, consider a mail from abcde@yahoo.com. The sender of this mail, i.e., abcde@yahoo.com, should be classified as a Spammer. If you wrongly classify yahoo.com as a Spam mail domain, any mail you receive in future from yahoo.com – including mail from your spouse’s yahoo.com mail account, would get moved to your Junk Mail folder!

How do Spam Filters work?

Both Server Spam Filters as well as Personal Spam Filters work on basically the same principles. They work on Bayesian algorithms which do a quick scan of the Subject Line of each received mail. If these algorithms were to check out each received mail from top to bottom for objectionable words/ phrases, it would slow down the entire mail queue to a pathetic crawl!

During the scan, Spam Filters look for the following tell-tale signs:

  1. In the body of the mail, it looks for the use of different fonts, different font colors and different font sizes – the more the instances of such violations, the higher the chances of the mail being classified as Spam

  2. Use of vulgar words as well as words such as ‘Free’, ‘Bargain Offer’, etc., in the Subject Line of mail. These words are commonly used by Spammers for attracting your attention.

  3. These days, Spam Filters also check for forbidden attachments – i.e., attachments with the file extensions .VBS, .BAT, .EXE, .PIF and .SCR. Such attachments are most likely to be Viruses and so, the Spam Filter doubles up as an AntiVirus program to that extent, here.

For every transgression found in a mail, a predetermined weight is given to the mail. The total weight allotted to the mail decides whether the mail is finally classified as Spam or Genuine. The cut-off weight can be lowered (thus letting more Spam mail to get into your Inbox) or increased (thus letting more mail get classified as Spam and being moved to your Junk mail folder)

As you can see, such a method is far from perfect, though it is still the best available for tackling Spam. However, it gives rise to a serious problem, which needs to be tackled manually. Spam Filters may end up classifying a Spam Mail as Genuine, if the Spam Count of the mail is less than the Spam cut-off of your Spam Filter. Under this condition, a Spam Mail that ought to have been delivered into your Junk (or Spam) folder gets delivered into your Inbox, as if it were a genuine mail. Such errors are called Type 1 Errors or False Negatives, in Spam parlance. The Spam Test showed up as ‘Negative’, ‘falsely’ and thus, a Spam mail is erroneously declared a non-spam mail by the solution.

While False Negatives at their worst only result in a few extra mails that will have to be deleted, the opposite case is the real one to worry about – Type II Error or False Positives. When a Genuine mail is wrongly classified as Spam and is delivered into your Junk or Spam folder, whereas it should rightfully have been delivered to your Inbox, you have a False Positive. You also have a major headache – the mail could be a vital business communication, a mail from your family or friend or any kind of mail of great importance to you. If you do not check your Junk folder, it would lie there unread and the time to act on it may be past, by the time you finally get down to opening it! You end up missing an important deal, a fun dinner or date, a job interview, whatever… just because your Spam Filters goofed up! It is primarily for this reason, that WellOiledPC recommends that you use only one Spam Filter on your machine - the one that comes with your e-Mail client!

Opinion:

WellOiledPC is of the opinion that you need not purchase any of the add-on AntiSpam solutions (such as MailWasher, SpamButcher or Lockspam). The AntiSpam functionalities built into Microsoft Outlook, although not fool-proof, are still quite usable. None of the commercial Spam Filters offer anything extra for the extra money you pay for them.

WellOiledPC also recommends that you use only ONE AntiSpam Solution on your machine, since each AntiSpam solution that is installed creates small errors with respect to classifying received mail as Spam or Genuine. The more the number of AntiSpam solutions you use, the more the places you need to check, to ascertain whether any Genuine Mail has got wrongly classified as Spam Mail! If this happens, the cure (i.e., the AntiSpam solution) becomes worse than the disease (i.e., Spam) and you could end up spending huge amounts of time in checking out such wrong classifications!

Is it possible to have Universal Accept and Deny lists for e-Mail?

Yes indeed! Good Spam Filters allow you to create your personal Black List and White List. The Black List comprises of e-Mail Addresses and e-Mail Domains that are confirmed Spammers, people/ domains from which you are sure you do not ever want to receive e-Mail.

On the other hand, the White List comprises of e-Mail Addresses and e-Mail Domains that are certified (by your organization or yourself) as senders of genuine mail, whose mail is to be trusted and delivered to you, without any Spam processing.

A well-configured mail system would first check the user’s black list and white list. Any mail received by you should first be checked against your personal black and white lists. If present in your black list, the mail should be deleted (or moved to your Junk Mail folder, as per the set up) and if present in your white list, the mail should get delivered to your Inbox – without any further Spam processing at all. For example, if the mail domain cookypooky.com is on your organization’s black list, but is on your personal white list, you should be able to receive all mail from the domain cookypooky.com, even if it contains viruses! But then, a well-configured Virus solution would still strip the virus-laden attachments from the mail from cookypooky.com, before it is delivered to your Inbox…

As you can see for yourself, Spam and Virus management are extremely important tasks. They also take up a number of man days, depending on the number of employees in the organization, the number of e-Mailboxes and the quantum of mail received daily. Finally, they are continuous tasks, the task is never ‘completely done!’

So the next time you get a few spam mail in your Inbox – worse, you find that a few Genuine Mail have gone into your Junk folder instead of coming into your Inbox, take a deep breath and calm yourself a bit, before blaming the Systems guys! Unless you work closely with the Systems guys, both of you would end up losing important mail and wasting time deleting useless junk!

You can assist your Systems guys by forwarding any persistent Spam mail, with the request that such mail be blocked at the server itself. For the rest, you should create a personal filter (i.e., one that works on your machine alone). Also, YOU need to create your Black and White Lists – do not expect the Systems guys to know what you consider to be genuine mail and what you consider spam – that kind of stuff is personal!

How do I protect myself against Spam?

As we have said before, currently, there is no way to stop Spam completely. All that you can do is to adopt safe e-Mail practices and thus, limit the number of spam e-mail you receive. This will save you precious time, frustration and money. Safe e-Mail practices include;

1.   Keeping your e-Mail Address away from public eyes as far as possible

Spammers create e-Mail Harvesting programs to collect e-Mail Addresses from places like public Internet chat rooms, on Web sites, Newsgroups, Guestbooks and blogs, to which you post. Instead of posting the e-Mail address as, doctorkent@hotmail.com, posting it as doctorkent-at-hotmail-dot-com will make it immediately decipherable to humans, while e-Mail Harvesting programs would just not catch it!

2.   Choosing complex e-Mail Addresses

Spammers also attack Mail Servers and use a method called Dictionary Attack, in their attempt to send out Spam Mail. In this method, Spammers get access to a Mail Server. This is easy, considering that mail servers MUST grant access to e-Mail! Once inside the server, spam is sent out to different combinations of letters and common names at the server. Thus, a simple e-Mail address like joey@mydomain.com would be easier to attack, than a more complex address like joey_dsouza@mydomain.com.

3.   Choosing to NEVER click Links in Spam e-Mail

Its a No Brainer that you should not click a Spam mail’s link leading to advertised merchandise: after all, you’ll only end up at a page displaying products or services you do not want. What is equally important is that you do not click ANY link in a Spam mail – not even the Unsubscribe link! Clicking the "Unsubscribe" link of a mail you have not subscribed to is like telling the spammer, "Yes, this is indeed my Mail account and I do check the mail in it regularly!". The rule to follow here is, "If you have not Subscribed to a mail, DO NOT Unsubscribe from it as well!" If you do unsubscribe, instead of being bothered by one undesirable product or service, you may end up being bothered by half a dozen such products and services in the immediate future!

Instead of clicking on the links inside a Spam mail, you would do well to type the link into your browser (or a second browser window) and thus visit the link mentioned in the spam mail. Do not be surprised if you end up with a ‘Page Not Found’ message, more often that not! This means that the links in the mail do not lead anywhere, except to the Spammer’s private collection of ill-gotten e-Mail addresses!

4.   Using a good e-Mail Filter

We have covered this topic extensively, under the following FAQs:

  • “Are there any automated methods to control Spam? What is the best option?”

  • “How do Spam Filters work?” and

  • “Is it possible to have universal Accept and Deny lists for e-Mail?”

5.   Working with your Virus Scanner

As mentioned earlier, the dividing line between Spam mail and Virus mail is very thin. Many mails containing viruses as attachments can also be detected and stopped, by Server-level AntiSpam solutions. However in case a few still slip through, a decision on your part that you will never open or accept attachments with mail that is suspect Spam, is a good decision.

We would like to re-emphasize this: while all the above best practices can help lower the number of spam and Virus-laden e-Mails that you receive, these are not substitutes for an AntiVirus program! You MUST invest in an effective AntiVirus program, so that your PC stays a WellOiledPC at all times!

Is the problem of Spam getting better or worse?

We sincerely wish it were otherwise, but the Spam menace is definitely getting worse each day. The Spam menace is less harmful to your computer than the menace of Spyware or Virus. However in terms of sheer numbers, it is already way ahead of both Viruses and Spyware combined!

Are there ways to know if a Spam attack is on, so that I may be more careful?

Certainly not. It is also highly unlikely that anyone could ever develop a program or algorithm that accurately predicts the next big Spam attack on your mail server!

What is Spim? How do I avoid Spim?

Spim is the abbreviation for Spam over Instant Messaging (IM). You are a potential target for Spim, when you enter a public Chat Room like the Yahoo Chatroom. Spim is carried out by means of software programs called ‘Bots’, that harvest IM Usernames. Spim invariably contains a link to the creator’s website. Thus Spim is used by marketers and they haunt Public Chat Rooms to snare their prey.

A large number of PC and Internet users also use IM. Many use it for chatting with their relatives who do not live with them, others use it to make new friends over the Internet. The number of IM users is growing by leaps and bounds, with a number of public chatrooms springing up today, offering a variety of chat topics as well as the ability to create private rooms for chatting with one or more people, without being disturbed by the other users in the chatroom. With increase in the use of IM, Spim has also grown, with unscrupulous online marketers joyfully taking to Spim as a means for peddling their wares.

Although Spim is far less common than Spam, it is considered a bigger annoyance than Spam. This is because you pick the time to check out your Spam, but Spim does not allow you to pick the time – it hits you when it wants to! As a consequence, you also need to deal with Spim the moment it hits you. If you are familiar with combating Spam, you already know most of the techniques for combating Spim. Here are the basic rules:

  1. Never click the links in a chat window that an unfamiliar chatter creates, when he/ she sends you a chat message

  2. Never open attachments from people you do not know, in a chatroom

  3. Never respond to strangers in a chatroom – this will nearly eliminate all chances of you being targeted by Spimmers

  4. Keep your IM profile – user name and password, off public directories

  5. This is the tough part: make sure a message is indeed from a friend, before responding to the post/ opening an enclosed link. For all you know, your friend’s machine may be infected or it may be a spimmer using your friend’s username in the chatroom!

  6. Keep your Antivirus and AntiSpyware programs up-to-date - nothing beats this!

What is SPIT? How do I avoid SPIT?

SPIT is the abbreviation for Spam over Internet Telephony. With the Telephone and the Computer merging into what is called Internet Telephony - also called VoIP (Voice over IP), you can now call anyone anywhere in the world, using your Internet connection. Yes, this is a huge saving over the ISD rates you would otherwise pay!

Unfortunately, with a number of people taking to Internet Telephony, Internet marketers could easily latch on to this medium as a vehicle for thrusting their products and services down the throats of people who may not want it at all. Internet Telephony is itself rather recent – even for such a young field as the Information Technology field. Until October 2004, not a single case of SPIT was reported too. However, the threat is indeed real – so much so, that a few far-sighted Internet Telephony companies have already applied for patents for solutions that will stop SPIT.

With Instant Messaging growing in popularity, many a Spammer turned into a SPIM-mer. It is therefore feared that with Internet Telephony picking up, SPIM-mers would turn into SPIT-ters! Now, although there isn’t a single case of SPIT bringing a Network down, SPIT is clearly much more intrusive than either Spam or SPIM. When you receive a telephone call, you would naturally stop whatever you were doing and answer the call. The potential loss of productivity due to SPIT is a whole lot more than that due to Spam or SPIM, as you can imagine!

The other dimension of SPIT is that it is is also a whole lot cheaper than setting up a call center, staffing and equipping the staff. An automated SPIT can be sent out literally with the push of a button and literally for peanuts! It is also a potential tool for pranksters who could inject words or entire sentences into an ongoing conversation, in such a way that the recipient alone hears it, not the original caller! It may also be used merely for degrading the call quality.

Whether used for marketing or for pranks, SPIT has the potential to clog entire networks and thus render your computer and you ineffective. Here are a few tips to avoid becoming a victim of SPIT:

  1. Understand the risks and inconveniences of SPIT, pass on the message to friends and well-wishers. It could easily suddenly burst into our living rooms/ offices!

  2. At organizations, it is vital that all the concerned hardware (Internet Telephony Servers, Switches/ Routers and other Hardware devices) are placed inside a robust Firewall and that all Internet Telephony conversations are encrypted. Certain software products already exist, with one of them asking all callers a question (which only a human can answer), before connecting the caller to the requested recipient. While this is certainly NOT the best way to filter out unwanted calls (as this is offensive to real humans who need to contact the person in a hurry), more such products will be developed in future. Check them out!

  3. Choose carefully, when choosing an Internet Telephony Service Provider. A Thumb rule is that larger IP telephony service providers are more likely to have Firewalls and Intrusion Detection Systems in place, than smaller operators. Your experience should therefore be better with a large operator.

728x90