SPAM !
The chances are that you have had emails offering you drugs without a prescription, or loans, or get-rich-quick schemes – sometimes cleverly disguised to look like personal email. This “spam” mail accounts for more than half of all the email sent
worldwide, cluttering up inboxes and distracting users from more important messages.
What is spam?
Spam is unsolicited commercial email, the electronic equivalent of the junk mail that comes through your letterbox. The commonest types of spam concern
- prescription drugs, drugs that enlarge or enhance body parts, herbal remedies, or weight loss drugs
- get-rich-quick schemes
- financial services, e.g. mortgage offers or schemes for reducing debts
- qualifications, e.g. university degrees, or professional titles available for purchase
- on-line gambling
- cut-price or pirated software.
- Spam sometimes comes in disguise, with a subject line that reads like a personal message, e.g. “Sorry about yesterday”, a business message, e.g. “Your account renewal now due”, or a non-delivery message.
Why do people send spam?
People send spam because it is profitable. Spammers can send millions of emails in a single campaign for a negligible cost (and if they can hijack other people’s computers to send the mail, the cost is even less). If even one recipient out of ten thousand makes a purchase, the spammer can turn a profit.
Is spam really a problem?
Spam doesn’t threaten your data in the way that viruses do, but it does harm your business.
- Spam wastes staff time. Users without anti-spam protection have to check which email is spam and then delete it.
- Users can easily overlook or delete important email, confusing it with spam.
- Spam, like hoaxes or email viruses, uses bandwidth and fills up databases.
- Some spam offends users. Employers may be held responsible, as they are expected to provide a safe working environment.
- Spammers often use other people’s computers to send spam (“hijacking”)
Hijacking
Spammers often hijack other users’ computers and use them to forward spam. The victims of hijacking are unwittingly bombarding other users with spam. Spammers are careful to ensure that they cannot be traced, so it is the company with the hijacked computer that receives complaints and has its reputation harmed.
Spammers know when you’re reading
Spammers want to know who is receiving their messages and who isn’t, so that they can target the next campaign.
Even if you don’t reply to spam, the spammer has ways of finding out that you have received it.
- If you have your email program set to preview messages (i.e. to show you the contents of the message in a window below the list of email), the spammer may be able to see that the email has been received.
- If you click on a link that lets you unsubscribe from a mailing list, you confirm that your email address is active. The spammer can then sell your address to others.
- Spammers can include a “web bug” in an email. This is a link that connects to the spammer’s website as soon as the email is read or previewed. If you want to avoid letting spammers know that their mail got through, follow the advice in the “How to avoid spam” section.
Anti-spam software
Anti-spam programs can detect unwanted email and prevent it from reaching users’ inboxes. These programs use a combination of
methods to decide whether an email is likely to be spam. They can:
- Block email that comes from addresses on a blacklist. This can be a commercially available list or a “local” list of addresses that have sent spam to your company before.
- Check whether email comes from a genuine domain name or web address. Spammers often use fake addresses to try to avoid anti-spam programs. Look for keywords or phrases that occur in spam (e.g.“credit card”, “lose weight”).
- Look for patterns that suggest the email’s sender is trying to disguise their words (e.g. putting “hardc*re p0rn”).
- Look for unnecessary HTML code (the code used forwriting web pages) used in email, as spammers often use this to try to conceal their messages and confuse anti-spam programs.
The program combines all the information it finds to decide the probability of an email being spam. If the probability is high enough, it can block the email or delete it, depending on the settings you choose.
The tricks spammers use
Spammers are constantly trying to find ways to disguise their messages and fool anti-spam software. Here are some of the tricks they use.
Lost in space
The spammer puts spaces between the letters of words that he wants to hide, for example “d r u g s”, hoping that the antispam
software will not read the letters as one word. This trick is easy to detect.
The black hole
The spammer uses HTML code (the code used for writing web pages) to insert a space between letters, but also sets the size of the space to zero.
What the anti-spam program sees
V<font size=0> </font>i<font size=0>
</font>a<font size=0> :</font>g
<font size=0> </font>r<font size=0>
</font>a
What you see: Viagra
Invisible ink
Spammers sometimes want the reader to see one message while the anti-spam program sees another, more innocent one. They use HTML code to insert an innocent-looking message, but in the same colour as the background.
What the anti-spam program sees
<body bgcolor=white> Viagra
<font color=white>Hi, Johnny! It was
really nice to have dinner with you.
See you soon, love Mom</font></body>
What you see: Viagra
The microdot
The spammer inserts an extra letter into the middle of a word he wants to disguise, but uses a very small type size. The anti-spam program sees the letter and misreads the word, but the recipient of the email doesn’t.
Return to sender
The spammer deliberately sends his email to an invalid address, but puts your address in the “From” field. The email can’t be delivered, so the service provider’s server may send it back to … you.
The numbers game
A spammer can write a word by using the special HTML codes for each letter, instead of ordinary letters. For example the letter “a” can be written by typing a.
What the anti-spam program sees
V<font size=0> </font>i<font
size=0> </font>a<font size=0>
</font>g<font size=0> </font>
r<font size=0> </font>a
What you see: Viagra
Slice and dice
Spammers use HTML tables to “shred” text into thin vertical columns, as if the message had been put through a shredder. What the anti-spam program sees
V
S
F |
i
a
r |
a
m
e |
g
p
e |
r
l
|
a
e
|
s
|
What you see
Viagra
samples
free
Spam and viruses together
Spammers and virus writers can team up to create even more problems for email users.
Viruses can open up new opportunities for spam. A virus writer can write a virus that enables other users to take control of a computer without the legitimate user realising. If that virus succeeds in infecting a computer, it sends a message to the virus writer, who can sell his list of infected computers to a spammer. The spammer then uses these computers to send out spam. More than 30% of spam is now sent via such compromised computers. By sending out spam this way, the spammers distance themselves from the activity and make themselves harder to trace. Spammers may have returned the compliment by helping to spread email viruses. A virus writer could kick-start a virus by emailing it to large numbers of users, using a spammer’s address list. With so many recipients, a substantial number would activate the virus, ensuring that it could forward itself and spread rapidly. There seems to be some evidence of collusion between spammers and virus writers. The Mimail-L virus, for example, attempted to launch a denial of service attack on several anti-spam websites.
How to avoid spam
Use anti-spam software
Anti-spam software can reduce unwanted email, especially if it uses your feedback to “learn” which mails are spam.
Never make a purchase from unsolicited email
By making a purchase, you are funding future spam. Your email address may also be added to lists that are sold to other spammers, so that you receive even more junk email. Worse still, you could be the victim of a fraud.
If you don’t know the sender, delete the email
Most spam is just a nuisance, but sometimes it can contain a virus that damages the computer when the email is opened.
Never respond to spam or click on links in it
If you reply to spam – even to unsubscribe from the mailing list – you confirm that your email address is a valid one, so encouraging more spam.
Opt out of further information or offers
When you fill out forms on websites, look for the checkbox that lets you choose whether to accept further information or offers. Tick or un-tick the box as appropriate.
Don’t use the “preview” mode in your email viewer
Many spammers can track when a message is viewed, even if you don’t click on the email. The preview setting effectively opens the email and lets spammers know that you receive their messages. When you check your email, try to decide whether it is spam on the basis of the subject line only.
Use the “bcc” field if you email many people at once
The “bcc” or blind copy field hides the list of recipients from other users. If you put the addresses in the “To” field, spammers may harvest them and add them to mailing lists.
Never provide your email address on the internet
Don’t publish your email address on websites, newsgroup lists or other online public forums. Spammers use programs that surf the internet to find addresses in such places.
Only give your main address to people you trust
Give your main email address only to friends and colleagues.
Use one or two “secondary” email addresses
If you fill out web registration forms or surveys on sites from which you don’t want further information, use a secondary email address. This protects your main address from spam.
Top ^
* Recommended: 1024 x 768 screen resolution
