Just Say No to Spam!
Ever wonder what unsolicited e-mail has to do with the canned meat produced by Hormel? Nothing! Rumor has it that the moniker “spam” derives from a humorous Monty Python skit in which a character who is trying to order breakfast is repeatedly offered Spam—against their will. Regardless of how it earned its name, unsolicited e-mail isn’t funny and is a potential security risk. More than a personal irritation, unwanted e-mail can cause network congestion and impede the routing of legitimate e-mail messages.
Applied both in business transactions and in personal communications, e-mail has proved to be an important function in Americans’ lives. Unfortunately, e-mail’s efficiency and convenience may fall victim to exploits via spam. In fact, it is now estimated that more than 50 percent of all e-mail traffic is comprised of spam, and more unsettling, today’s spam is usually fraudulent (or at least deceptive) in nature. The heavier burdens placed on ISPs as a result of the excess e-mail traffic result in increased costs, which are then passed on to subscribers, both business and consumer. In the words of Howard Beales, director of the Federal Trade Commission’s (FTC’s) Bureau of Consumer Protection, “Spam isn’t just annoying, it also can be a threat to computers and personal information.”
Lately, in an attempt to remain a step ahead of more wary e-mail message users, a form of spam has emerged where the tactic is to mimic an authentic e-mail message. Disguised as customer service representatives or accounting departments, sometimes using names of firms with which you are doing business or with which you are probably familiar, they attempt infiltrate your system via “important,” not-to-be-ignored e-mail messages. They may include instructions to follow a link or fill out an attached form. These spam, or scam, artists seek to educe vital information from you that might enable them to access your credit card and/or bank accounts, along with other personal data.
Luckily, Internet users have many options for limiting the amount of spam gracing their e-mail inboxes. The following recommendations from the State of Washington Office of the Attorney General should help reduce the influx of spam you receive:
- Avoid displaying your e-mail address in public. If it is not required, do not provide your e-mail address when filling out Web registration forms, surveys, etc. If you must provide your e-mail address, look for a box that asks if it is okay to send you offers or information. Make sure you say “no.”
- Delete your member profile from online services such as America Online.
- Avoid posting your e-mail address in chat rooms, newsgroups or on auction and sales sites. Spammers often send scavenger bots (programs that “harvest” e-mail addresses) to these sites.
- Don’t list your e-mail address directly on a Web page, even your own. Use an alias or a secondary account that you can delete later if necessary.
- Avoid responding to spam, even if you are asking to be “removed” from a mailing list. On the contrary, responding can actually result in an increase in the amount of spam e-mail you receive because spammers then know your address is active.
- Use a unique e-mail address. Your choice of addresses may affect the amount of spam you receive. Spammers use “dictionary attacks” to sort through possible name combinations at large ISPs or e-mail services, hoping to find a valid address. A common name like djoe may get more spam than a more unique name like jd51x02oe. Of course, there is a downside—it’s harder to remember an unusual e-mail address.
In addition to these tips, the use of a commercially available e-mail filter can also help significantly. Before you use a third-party spam filter, check your e-mail account and/or software to see if it provides a tool to filter out potential spam or a way to channel spam into a bulk e-mail folder. If not, you may wish to consider purchasing commercial software that filters out many spam messages or offensive materials. Here are just a few popular products:
- SPAMfighter (www.spamfighter.com)
- MailWasher (www.mailwasher.net)
- McAfee SpamKiller (us.mcafee.com/root/product.asp?productid=msk)
- Symantec’s Norton AntiSpam 2004 (www.symantec.com/antispam/)
- Mail Zapper (www.mailzapper.com/products.html)
A final note, on Dec. 16, 2003, President Bush signed the “Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003” (or the CAN-SPAM Act) to federally regulate spam. Under that law, the Federal Trade Commission is authorized to set up a “do-not-spam” registry. If convicted, violators face multimillion dollar fines and jail time, and could be sued for damages.
Douglas Schweitzer, A+, Network+, i-Net+, CIW, is an Internet security specialist and the author of “Securing the Network from Malicious Code” and “Incident Response: Computer Forensics Toolkit.” He can be reached at email@example.com.