 |
Red Shift Internet News Letters
Red Shift Newsletter for June 2002
SPECIAL REPORT: SPAM
============================
1. SPAM: What is it?
2. SPAM: Why you get it
3. SPAM: How they get your email address
4. SPAM: What are the laws?
5. SPAM: How to stop it
6. SPAM: Resources
1. SPAM: What is it?
SPAM is defined as Unsolicited Commercial Email (UCE). It is email that attempts to either get you to purchase something or is perpetuating a scam of some sort. SPAM is junk mail in email form.
SPAM email often appears to be from addresses that are unintelligible. The SPAMMERS may even fake who it is from and make it look like it came from another address on the ISP you're subscribed to. Often they don't even make the "TO:" line match your address so as to make it look like the mail got to you by mistake. Don't be fooled though, the mail really was mailed to you, someone just forged that "TO:" line, which is easy to do. The real address is buried deep in the full headers which most people don't see when they read email because mail programs default to abbreviated headers. If you want to experiment, go into your mail program and turn on "full headers". You'll see a great deal of information about your email - where it really came from, who it was really addressed to and the path it took getting to you.
Cut and paste the link provided below for information on how to get your particular mail program to show you the full headers to your email:
http://www.techtv.com/screensavers/answerstips/jump/0,24331,3007398,00.html
2. SPAM: Why you get it
You get SPAM because someone wants your money. SPAMMERS know that a small percentage of people will respond, or buy their goods, so they believe SPAMMING is worthwhile. Some types of SPAM are from persons who are trying to defraud you, the most often used trick is something like "Earn $50,000 per month"; they are pyramid schemes dressed up disguise. SPAM is an ugly boil on the underside of the Internet.
Those who decide to send SPAM buy lists of email addresses or they buy programs that gather up email addresses for a list. The list is then used mainly in one of two different ways:
A. They dump the list on a SMTP mail server that allows outside users to mail through it (called "open-relays")
B. They mail it out from their own mail server, or the mail server they are subscribed to.
A lot of SPAM appears to come from foreign countries, but it isn't really from those countries. SPAMMERS in the states have simply found foreign mail servers that will allow themselves to be used without authentication (again, referred to as "open-relays"). Mail servers in the states are generally much more secure so it is hard for SPAMMERS to find vulnerable mail servers in this country.
3. SPAM: How they get your email address
Many methods are used, often more than one is used to create a particular list. Lists that are matured become more valuable. Mature lists are lists of verified addresses.
One method that is used is guesswork based on psychology. SPAMMERS know how a lot of people choose their email addresses. First they find out the domains used by ISPs in this country or even worldwide. Once they know the domain names of the ISPs they can guess a lot of valid names being used at those ISPs. Say for example they have redshift.com in their list, they can take a dictionary of names, such as bob, joe, mary, etc., and then they can take common surnames and put letters in front of them, such as jsmith, abrown, etc., then put them together as jsmith@redshift.com, abrown@redshift.com. A SPAMMER can create a nice list using nothing more than educated guesswork.
SPAMMERS also gather email addresses off of websites. Software is available that crawls around to websites looking for addresses to capture for a list.
Some ISPs actually capture incoming addresses of email being sent to their clients. They create lists from those incoming email addresses and use them to advertise their own goods as well as sell the lists to others. You might be getting on a list simply by replying to a friend or associate who is on an ISP that does this. This practice is most common on budget, or free ISPs, due to the fact that the ISP needs a certain revenue stream which isn't being supplied by subscriptions alone.
If you reply to a SPAM message for any reason, your email address becomes confirmed and is put on a list of verified email addresses. Your address is more valuable to SPAMMERS now and you'll get even more SPAM.
If you buy something advertised via SPAM your address not only becomes verified but you also become known as a person who is willing to buy from such advertisements and your email address will be very valuable and become widespread.
If you use your email address in Usenet newsgroups your address will immediately be captured to a list. SPAMMERS capture all email addresses that show up in *any* newsgroup. Use only throw-away email addresses in newsgroups.
Some websites will capture your email address if you purchase something from them. Most commercial sites don't do this, but some unscrupulous vendors will. Don't let this deter your online shopping, just make sure to use a throw-away email address when you do.
4. SPAM: What are the laws?
California law on UCE (Unsolicited Commercial Email) is summarized as follows:
Under legislation approved in September 1998, unsolicited commercial e-mail messages must include opt-out instructions and contact information, and opt-out requests must be honored. Certain messages must contain a label ("ADV:" or "ADV:ADLT") at the beginning of the subject line. A provider may sue a sender of unsolicited commercial e-mail for violating the provider's policies if the sender has actual notice of such policies. The law applies to e-mail that is delivered to a California resident via a provider's facilities located in California.
That is the sum of it. Not very helpful. Don't count on current laws to help with SPAM. In fact, never use the opt-out because the SPAMMERS have simply turned the law around to their advantage by verifying your address when you try to opt-out; which simply makes you even more susceptible to getting SPAM.
5. SPAM: How to stop it
How indeed do you stop this scourge? SPAM might appear to be unstoppable, and while some is, you can eliminate most of it by following these guidelines and using these resources:
Use two or more email address. Use one email address for private, verifiable addresses, Use another for placing orders on websites; communicating in Usenet newsgroups, and for replying to addresses at ISPs that you might suspect will capture it (such as the FREE ISPs, they have to make money somehow, they aren't charities, this is one way they can create cash flow).
The surest method is to use a personal SPAM filter. There are many programs that will work with Windows or Macintosh. Red Shift is not endorsing any of these programs and we make no promises to you as to their effectiveness. This information is provided with no warranties at all from us. If one of these programs melts your hard drive down to its molecular level, don't call us:
================
Windows Software
================
Most of the software listed here can be found on www.spamcop.com
1. McAfee Spamkiller. Has a few holes, costs $29.95. Has automatic updates, which is probably a good thing because SPAMMERS change their source addresses a lot.
2. Inbox Protector. A basic filter that works with Microsoft Outlook (R). Seems to be a popular choice.
3. Spamex. Another filter possibly worth trying.
4. Mailshell. $34.95 per year to use it. Lets you use disposable addresses in conjunction with your real ones. Has some extras, like encryption.
5. Mailshield by Lyris. Seems to be mainly designed for business mail servers.
============
MAC Software
============
Cut and paste the following URL into your browser for a nice list of MAC SPAM filtering software:
http://downloads-zdnet.com.com/3120-20-0.html?qt=SPAM&tg=dl-2003
6. SPAM: Resources
www.cauce.org
www.spamcop.com
www.spamcop.net
www.spamkiller.com
www.helpmesoft.com
www.inboxprotector.com
www.mail-filters.com
www.elsop.com/wrc/nospam.htm
www.lyris.com
Want even more? Go to www.google.com and search on the word SPAM.
Karl Van Lear
President
Red Shift
|
|
 |
