Siliconetix "Running Dialogue"

Here you'll find our comments, tips, articles, and suggestions relating to technology. Feel free to browse and if you have any questions, please contact us.

The Skinny on Spam

October 31st, 2006

Nothing is certain but death and taxes…and spam.  Email spam has become a huge problem over the years and despite legislation (CAN-SPAM), it only seems to be getting worse.  Estimates as of June, 2006 indicate that some 55 billion spam messages are sent out each day and odds are pretty good that some are addressed to you.

How Spammers get Your E-Mail Address

In order to send you spam, the spammers need to get your email address in some manner.  Unfortunately, it’s fairly easy to do through a variety of common methods.

  1. Harvesting.  Spammers use “robots” that scour the Internet to find text that matches a pattern commonly associated with email addresses.  When it finds something matching the email address pattern, it loads it into a database and continues trolling the internet for more.  The robots look at the HTML code itself (click “View”->”Source” in Internet Explorer, to see what I’m talking about) when performing these searches.
  2. Adware/Spyware/Viruses.  If your email address sits in another person’s email box or address book and they get certain adware, spyware, or viruses, then it’s possible that the adware, spyware, or viruses could harvest this information from their computer and sends it to a central computer for storage.   
  3. Mailing Lists.  Spammers can buy mailing lists from people that have collected this information in some manner.  They may have harvested that information or perhaps just bought a list from a company that failed to protect the information you provided or from an employee that stole and sold such information from that company.
  4. Guessing.  Spammers will employ techniques to guess email addresses by combining names and words and then sending out email messages to those particular combinations.  It’s not real efficient, but with some email providers — like Yahoo and Hotmail — it can be effective for spammers to email like this. 
  5. Fake “unsubscribes”.  Spammers may send out a message with a fake “unsubscribe” link in it.  When you click to unsubscribe, you’ll confirm your email address as valid and it’ll be marked as such in their database.

The bad news is that, because there are so many ways for spammers to get your information, there is simply no single method you can do to eliminate having your email harvested, aside from not using email at all.  But, there are some things that you can do, to help minimize your exposure.

How you can Help Keep your Email “Safe”

  1. Unless you’re a business, I would recommend not putting your email address on your website at all (including blogs, MySpace, etc).  Most personal web pages are visited by friends and family anyway and you can give them your email address directly without posting it online.  If you’re a business, then I recommend putting your email address online.  I know that this will set you up for harvesting, but it’s a balance between allowing your customers to reach you and dealing with spam and I’d rather make it easy for my customers to reach me and have some spam make it through than to lose a customer because they couldn’t get in touch with me in the manner with which they’re most comfortable.
  2. Avoid using your primary email address when signing up for special offers — especially if it’s with a company that you’re not familiar with.  Reputable companies should have a “Privacy Policy”, so review it to see how they use your information. 
  3. Don’t open spam.  Spam messages can contain “web bugs” that allows the sender to know immediately if you’ve opened an email message — this will confirm your email address as valid.  To help prevent this, don’t allow scripts to run on your email client and disable images from loading by default in your email client.
  4. Don’t buy from spammers.  Most people that get spam, delete the message immediately, but some will buy whatever it is the spammer is offering and even though it’s a small percentage that do, it’s enough to make it worth the spammer’s resources to continue spamming. 
  5. Don’t unsubscribe from a spam message.  This often just confirms your email address as valid and likely means you’ll just get more spam.
  6. Use anti-spam software — preferrably a solution offered by your email provider.  This will help minimize the amount of spam that makes it through, but know that it won’t catch every spam message and may mark legit messages as spam.  It’s important to set your filters carefully.  If you’re a business, then you should be even less aggressive with your spam filter settings or you’ll risk possibly losing a customer’s email to your spam filter.  Filter configuration takes some work because you may end up deleting a good message if you set it too low and allowing too much spam in, if you set it to high.  You’ll want to tune the filter over time to ensure optimal performance.  Our spam filter uses a scoring system with the higher the number, the more likely it is the message is spam.  My filter will mark a message as spam, if it has a score of 5 or higher and will delete the message completely, if it has a score of 10 or higher.  Your settings will vary, but you’ll want to set your delete threshold higher at first (or turn it off), to ensure that you’re not deleting good messages, incorrectly marked as spam.  It’s also helpful if your email provider uses a “co-op” (like Vipul’s Razor) for spam identification scoring, in addition to the bayesian techniques commonly deployed.  The “co-op” allows messages to be marked as spam by other users in the “co-op” to benefit the group in spam detection.
  7. Run operating system updates.  Make sure that you have any updates available for your operating system (for instance, Windows updates).  This will help keep your system from getting compromised by a malicious user exploiting a security hole in your operating system and gather email addresses or using your computer to send email on their behalf.
  8. Deploy adware, spyware, and virus defenses.  Make sure that you have anti-adware, anti-spyware, and anti-virus software on your system and that it’s up-to-date.  These almost always have annual subscriptions, so when they expire, either upgrade to a new version or renew your subscription.  If your subscriptions lapse, then you’re not ensured the latest updates.  Updated protection software will help protect the data on your computer.

As long as you use email, you’ll run the risk of getting spammed.  But there are several things you can do to help keep your email box clean.  If you need anti-spam software for your small or medium business, please contact us for a free assessment.

This entry was posted on Tuesday, October 31st, 2006 at 8:09 am.

« Back to Articles