Where business women meet on the internet.

Canning Your Spam
Written by Candace Carter   
Tuesday, 22 April 2008

ImageSpam is an interesting, if highly technical, topic. Understanding it will help you in your attempts to deal with it.

E-mail spam is defined as "unsolicited commercial e-mail", also known as "bulk e-mail" or "junk e-mail". Nearly identical messages sent to numerous recipients by e-mail.
E-mail spam has existed since the beginning of the Internet even before web sites "as we know them" came into being, and has grown to about 90 billion messages a day.

Who is generating all this spam mail?
Fewer than 200 spammers send about 80% of spam. Those mostly responsible are criminals in the US, Russia, China, South Korea, Nigeria, and Eastern Europe.

What makes them do it?
Spam is primarily a medium for criminals to defraud users. You may wonder how anyone could make money with spam since these scams are public knowledge and people have learned to avoid them. However, spam fraud is a numbers game, and if hundreds of thousands of attempts can be made for very little cost and effort even if only a small percentage of the scams actually work - that translates into significant money.

Is it just me or is it getting worse?
In absolute numbers:
• 1978 - An e-mail spam is sent to 600 addresses.
• 1994 - First large-scale spam sent to 6000 newsgroups.
• 2005 - (June) 30 billion per day
• 2006 - (June) 55 billion per day
• 2006 - (December) 85 billion per day
• 2007 - (February) 90 billion per day

Yes, it is getting worse in terms of volume of sent emails and in other ways as well.


Efforts to control spam are usually based on distinguishing between legitimate email and spam email. Spammers continually circumvent these efforts by making their spam look more like legitimate email with new delivery methods and smarter software. Some efforts to control spam actually tend to make things worse by blocking legitimate email accidentally, making it harder for average folks to use email effectively.

Could I be contributing to the spam problem?
- Newsletters and distribution lists:
Sending out mass emails to people who have not asked to receive your emails is technically spamming. If you do this, you are contributing to the problem (albeit in a very minor way).

- Carbon Copy:
Including multiple addresses in the "CC" field allows everyone who receives the email to see all of the other addresses. Others could then use these addresses illegitimately. This is definitely a practice to avoid for this reason. As well, some people receiving messages sent in this manner will get very upset with you for exposing their email address in this way.

- Viruses and security:
Botnets are groups of virus-infected computers, they account for about 80% of all spam. This means that if your computer is infected, it could be sending out email spam messages while it is connected to the Internet.


How do I get control?
Prevention -If spammers do not have your email address then they cannot use it. Spammers may harvest e-mail addresses from a number of sources. To prevent unauthorised use be careful to verify the receiver when giving out your address, especially on the web.

The role of the web site
Many spammers use programs called web spiders to find email addresses on web pages. Instead of printing your email address on your site, use a web form, which will send visitor's emails to you while hiding your address from the spam bots.

However, some spammers have software that can use these email forms on web sites to send their spam to you. In an effort to cut down on this abuse, many web sites have adopted a system called captcha. Users attempting to submit the form are asked to perform a task that is easy for a human but very difficult for automated software to do.

You can see an example of this here: http://www.markhamlaw.com/060~Contact_Us/ (See the "Are You Human?" question, just before the submit button).

Prevention should be viewed as a temporary solution since eventually, if you ever use your email address, a spammer is likely to find it. Because of this, some people routinely change their email address every few years just to avoid spam.

Personal Detection and filtering:
It is easy for humans to detect spam email - just by looking at the "subject line" and the "from" attribute you can often detect it instantly, and looking at the content confirms it easily. But for automated software (your email filters) it is a much harder job.

Filters sort email into spam and "real email" based on the content of the e-mail, either by detecting keywords such as "viagra" or by statistical means. Such methods can be very accurate when they are correctly tuned to the types of legitimate email that an individual gets, but they can also make mistakes such as detecting the keyword "cialis" in the word "specialist". The content also doesn't determine whether the email was either unsolicited or bulk, the two key features of spam. So, if a friend sends you a legitimate email that mentions "viagra", content filters can easily mark it as being spam even though it is neither unsolicited nor sent in bulk.

You may think that you can easily set up a filter for the word Viagra and you will no longer get any spam for viagra but the difficulty is demonstrated when you consider that there are 600,426,974,379,824,381,952 ways to spell Viagra (according to cockeyed.com 7 April 2004.) in a way that humans can still read, for example:


• V1agra
• Via'gra
• V I A G R A
• Vaigra
• \ /iagra
• Vi@graa

With so many combinations it is difficult to set up a filter successfully.


Bayesian filtering has become popular as a spam-filtering technique for this reason. Bayesian filters rely on word probabilities, not just key word detection. If a message contains many words which are only used in spam, and few which are never used in spam, it is likely to be spam. Many current email programs use Bayesian filtering, however spammers are working to get around this type of filtering also.


Image spam is an obfuscating method in which the text of the message is stored as a GIF or JPEG image and displayed in the email. This inhibits text based spam filters from detecting and blocking spam messages, since only the headers have text in them.


Our recommendations
Notwithstanding these limitations, at Back2Front we are recommending to our clients to obtain and learn to use email-filtering software and to upgrade it often. This is by far the best way currently available to control the impact spam has on your computing life.


When you get a spam email you identify it as spam. In this way the software learns your patterns of email use and can become better at detecting real spam as you use it. It is vitally important under this system to only identify real spam in this manner. For example, if you get joke email from a client, although to you it may be spam, do not identify it as spam - just delete it. That way you will still get the next email your client sends you (maybe a purchase order!).

It is also important when using these systems to check for false positives. Learn how to look inside your "junk" box and check for legitimate email that accidentally got transferred there. When you find one, you identify it as NOT spam and the software will learn for next time.
At Back2Front we are not generally in favour of ISP level spam filtering if you are not given some control over this filtering to modify it according to your individual email use patterns. (This is not usually offered.)

There are companies who specialize in filtering email for a monthly fee. This may be a viable option depending on the price and your email spam burden. Only use companies who allow you to a) control the level of filtering, b) do not delete immediately but keep the "spam" so that you can check the email caught by their filters for legitimate email as needed.


The future of spam
The core problem with spam is that the email system was never set up in the first place to verify the senders. Anyone could send messages to anyone as long as they had a valid email address to send to. Criminals have exploited this weakness and the spam problem is the result.

The only sure way to eliminate spam is to "retool" the whole system to require the authentication of the sender - spammers could not function successfully under such a system. Such a "retooling" would be a massive project. It would take a large company like Google or Microsoft to decide to take it on, and they would need to get buy-in from email software vendors, service providers, and ISPs to have a hope of success.

But with the headaches that these people as well as the rest of us are currently experiencing due to spam I expect that someone will step up to this plate soon.

For more information on spam: http://en.wikipedia.org/wiki/E-mail_spam .


Candace Carter
About the author:
Candace Carter is an artist, web designer, computer programmer, entrepreneur, writer and public speaker. Educated in Fine Art at the University of Guelph and in Computer Programming at the University of Ryerson, she has worked in web development for high-tech firms Sun Microsystems, MCI-WorldCom and Tucows.

Candace launched Back2Front - The Web Site People with a partner in 2002. Back2Front's growing team of web developers work from home, reducing environmental impact by eliminating the daily commute. Back2Front is one of the most successful website management companies in the GTA, providing unlimited fully-managed website service for a flat, per-page fee to a large roster of business clientele. Visit Back2Front’s educational web site at: http://www.back2front.ca

Candace is an accomplished public speaker with a friendly and knowledgeable style. She is an expert in web design, human/computer user interface and search engine optimization. Book Candace to speak at your event: presentations@back2front.ca


Comments (0)add comment

Comment on this Article
 

busy
 






Featured Businesses

simple work at home opportunity
aziza healing adventures women's retreats personal growth
zree zrii
Girls Night Out Club

Sponsored Links