How
spam got its name
Click here for a good definition of the term "spam".
Spam in the
news
Here's some links to the latest news about spam:
Spam
Offers: Some Legit, Most Not - WIRED 2/12/03
Study:
Spam costs businesses $13 billion - CNN.com article 1/3/03
Brightmail
Reveals Annual Top 10 Spam Messages for 2002 - Brightmail
press release 12/12/02
Spam
to overtake real e-mail in 2003 - MSNBC article 12/11/02
How do I report
my spam?
In most cases, deleting the message is the best action. If
you really hate spam and want to be effective at reporting
it, use the SpamCop
reporting service. SpamCop will decode the various pieces
of the header and find the appropriate email addresses to
send complaints. SpamCop can be a bit hard to use but it gets
the right info to the right people.
How did they
get my address?
There are many people supplying lists of email address for
sale. We've seen spam advertising "20 Million fresh addresses
on CD for only $29.95." How do these lists get your address?Three
basic methods:
1. Harvesting - Special address harvesting programs scan
web sites, newsgroups, chat rooms, mailing lists and membership
directories looking for anything resembling an email address.
If your address is visible anywhere on the Internet, it is
almost guaranteed to be on a harvesting spam list. See the
Federal Trade Commission's study on email
harvesting.
2. Guessing - Starting with an electronic dictionary, a phonebook
and a list of ISPs, they simply guess addresses. These are
called "dictionary attacks." We've seen spam lists
with john@aol.com, john@cox.net, john@mindspring.com. Then
they try johna, then johnb, etc. Then john1, john2, john3,
etc, etc. Then john.smith, john.jones, etc. For each domain.
Hopefully you get the idea. They run through as many combinations
as they can. The spammer generally uses bad reply-to/from
addresses so they don't have to deal with any bad guessed
addresses; they go for quantity over quality.
3. You gave it to them - Many web sites ask for your address
for various reasons. It goes on their mailing list. Depending
on their privacy policy, they may share or sell their list
to a direct email marketer. This is called an opt-in list.
We know of one email marketer who proudly says he gets his
list from 200 different web sites. His list contains over
20 million addresses. If you don't like spam, be sure to read
the privacy policy for any web site asking for your email
address.
How do I get
off a list?
If you're on a harvested or guessed list, there's no way to
get off it. All you can do is remove your address from any
visible place on the Internet or change your address to something
obscure.
If you are on a direct email marketing list, there's a chance
that following the remove instructions will get you off their
list. The risk is that by responding, you are validating your
address and they may just put it on some other list. There
is no federal law in this area. Some states have passed anti-spam
laws requiring email marketers to remove users upon request.
Oregon does not have an anti-spam law.
How can I tell
what type of list I'm on?
It's hard to tell but here's a rule-of-thumb that seems to
be valid. If your email address is on the To: field and they
mention your name ("Hello John.") then you are on
an opt-in list and there's a good chance that following the
remove instructions will get you off the list.
If you don't see your address on the To: field, it's from
a harvested or guessed list. Removal will be unlikely.
How does the
spam get to me?
Any message (spam or not) originates from a mail server somewhere
and gets delivered to your mailbox. Some spammers scan the
Internet looking for mail servers they can hijack. These are
called open relays. Open relays are generally unintentional.
Running a mail server can be quite complex and many server
administrators inadvertently configure their servers incorrectly.
The spammer sends their spam through the open relay often
without the server administrator being aware of it.
There are also many companies who allow spammers to use their
servers. Often these are overseas. We see a lot of spam coming
from Korea and sources in China. Unfortunately these servers
look like normal mail servers so it is very difficult to block
the source. They look like legitimate servers. The ISPs for
these companies are usually not interested in preventing the
spam so complaints have little impact. The only way to block
this spam is by looking at the message content.
Is there software
for my computer to block spam?
Yes. These new programs use their entire user community to
tell them what's spam and what isn't and build an effective
rule set. The most-current rule set is automatically loaded
when the email program starts. The programs examine every
incoming message. Messages they think are spam go into a separate
folder where you can check them. If they miss one, you click
a button and a note gets sent to the vendor's server. As more
and more people make this designation, more and more messages
get blocked by the software. It is a neat idea, and in my
tests I found each product was able to block about 75% of
the spam messages that I receive every day. Usability varies,
and each program has a range of other features so it's a good
idea to give them a try. Let us know which works best for
you.
SpamNet
Currently available for Outlook 2000/XP only - other versions
are coming. It integrates with Outlook and has a very simple
interface. SpamNet is in beta and free.
Matador
Currently available for Outlook only - other versions are
coming including Eudora and Netscape. Matador is in beta and
free.
Inbox
Cop
From a local Portland company (Genius Unlimited). Works with
Outlook and Outlook Express. Special offer for EasyStreet
customers - $0.99/mo or $4.95/year.
POPFILE
Works with any mail program on Windows, MAC or Linux and is
free. For more technical users.
iHateSpam
Separate versions for Outlook and Outlook Express. The price
is reasonable at about $20.
SPAMMUNITION
Uses Bayesian filtering described Paul Graham's article "A
Plan for Spam." Outlook only - no Outlook Express.
Free.
SpamKiller
SpamKiller is a traditional spam filter. It uses a local rule
set and puts you in complete control. Pricing is also reasonable
at $25 (normally $40 with a $15 rebate).
If you really don't want any spam, take a look at Choice
Mail by DigiPortal. Choice Mail assumes ALL mail is spam
unless send by an approved sender. You get to approve anyone
attempting to send you a message. Works with all mail programs.
Does Oasis
sell my address?
No! Oasis does not sell or make available addresses to any
3rd party. We respect your privacy and we hate spam as much
as you.
What if the
spam has my address in the From: field?
In the past spammers would put a bogus address in the From:
field. Some mail servers are now checking for From: address
validity before accepting the message. So, the spammers have
started putting a random address from their list in the From:
field. Unfortunately, if you are that unlucky person, that
makes the spam look like it comes from you and you'll get
all the bounces. It's a nasty spammer trick. (We can tell
from the full headers that the source is not really you.)
It isn't spam but another way an unusual message might get
your address in the From: field is from a Klez virus infected
computer. Once a computer is infected with Klez, it pulls
random addresses from the infected address book (and Internet
cache) and puts them in the To: and From: fields of a message
containing an infected attachment. If the To: address isn't
valid you'll get the bounce.
There are currently no Federal laws prohibiting someone posing
as you and from putting your address in the From: field. Several
states have enacted false mail identity laws; Oregon is not
one of them.
What are
other anti-spam resources?
WHEW.COM
- Dedicated to ending spam.
CNET
Self-Defense against spam - good advice for not getting
on lists.
The Federal Trade Commission has a nice spam
overview.
Coalition
Against Unsolicited Commercial Email
Elsop's
Anti-Spam Page
Isn't this
against the law?
Unfortunately not yet. There is strong opposition to any anti-spam
laws from the various direct marketing associations. For an
excellent overview of Federal and state laws, see Anti-spam
laws.
|
