Spam control is a necessity if you use e-mail which the vast majority of us do. And although PCMech has covered spam control with several articles on the subject, the methods change from year to year - so consider this an update for the 2008-2009 era of e-mail.

Client Side

With e-mail clients you have free and paid options but I concentrate on the freebies because I don’t consider spam protection worth the cost unless it’s in a corporate environment with hundreds and/or thousands of users.

The best freebie spam protection I’ve used client-side is the adaptive junk mail filter in Mozilla Thunderbird. Adaptive translates to "learns as it goes". When you first enable the filter Thunderbird will still deliver spam to the inbox until you flag it. The more you flag, the more the filter "learns" what is spam and what isn’t and filters appropriately over time. When used in concert with its built in address book (for whitelisting - more on that in a moment) it does the job well.

For those that would ask "How long does the ‘learning’ process take?", it’s all dependent on how much spam you get. The more you get, the longer the process takes. But even if you receive a ton of spam to the tune of 200 per day (which is extreme), the adaptive filter will be able to learn most of that in a few weeks.

Server Side (Domains)

If you have your own domain and pay for web hosting, you most likely use domain-based e-mail, such as you@your.domain. There are server-side options you can set in your web host’s control panel to slow the spam down.

SpamAssassin

Most web hosts (even the cheap ones) have SpamAssassin - which is an awesome spam filter. Lots of options, lots of control. Under most circumstances you should be able to instruct SA to modify the subject line or e-mails it thinks are spam. For example, if a spam is received and the subject line is "hello", SA will change it to "*****SPAM***** hello" before delivery to your inbox so it’s really easy to spot upon receive.

In addition, if you use the Mozilla Thunderbird e-mail client it has options to "trust" SpamAssassin based on e-mail headers.

SPF

Sender Policy Framework is an absolute necessity when using domain-based e-mail. This is not a filter per sé but rather a "challenge response" to stop spoofed e-mails.

If you run into the situation where all of a sudden you see tons of "Message could not be delivered" for mails you never sent, all with spam-ish looking subject lines, your domain mail is being spoofed. SPF will take care of this 99% of the time. Once enabled it takes a few weeks and then the spoofs will stop.

Whitelisting / Blacklisting

You can whitelists (addresses you want to receive mail from) and blacklists (addresses you want to block) on a server side level but there is some debate as to how effective it is compared to having a client do it.

If you’re the kind that uses a web-based version of your domain-based e-mail, utilizing server side lists of this type would serve to your advantage. If using a client, let the client do it.

Web-Based Free E-Mail

Example of freebie web-based mail services are Hotmail, Yahoo! Mail, AIM mail, Gmail and so on.

Freebie web-based e-mail compared to clients and/or server side differs because your options are much fewer as to what you can do. However there are things you can do now to take control of the spam.

Always use your Contact List / Address Book

With most freebie web-based mail, anyone listed in your Contact List is automatically whitelisted. So for friends, family, biz contacts and other types of mail you want, use that list and use it often.

It is better to have direct delivery instead of forwarded mail

Mail which is forwarded to you from another e-mail account runs the risk of bypassing the spam filters (even on Gmail) because it is in fact a forwarded mail addressed to you.

You’re better off not having anything forwarded, trust the spam filters provided by the freebie service and let the filters do their job. The more mail you have forwarded in, the more likely you are to have spam directly in your inbox - no matter how many times you flag it otherwise.

Stay inside the web interface

Spam filters work better on freebie web-based mail when using it in its intended environment - the web browser.

Example using Gmail:

Instead of using the Gmail interface you decide to access the mail using a mail client instead such as Mozilla Thunderbird. When spam comes in you flag the spam in Thunderbird, but it’s not using the Gmail reporting method but rather the internal client method. Gmail is never notified of the spam you reported so it will continue to arrive in your inbox. If you stay within the Gmail interface and flag spam there, Gmail "learns" what is spam and what isn’t - which is what you want to stop it from appearing.

For other e-mail services where you download mail via POP, the same applies. Flagging spam in a client never notifies the e-mail service you flagged it, decreasing spam prevention.

Not using your true e-mail address

The reason web sites like BugMeNot exist is because people get sick and tired of signing up for stuff only to find it nearly impossible to "de-sign" your e-mail address later.

You do have a few options here, all of which work well.

Using an alternative "don’t bug me" e-mail provider

The best example of this is Mailinator. You can fabricate e-mail addresses out of thin air in seconds. However there’s one serious drawback - you always have to go to that site to get the mail delivered there (very inconvenient).

Linked accounts

This is by far the absolute best way to have a "throw away" e-mail address you can easily access while still using your primary account.

The service that does this best is Hotmail because it’s stupidly easy.

If you use an @live.com, @msn.com or @hotmail.com account, login to it, then go to Options and click "View and edit your personal information" under "Manage your account". On the next screen there are options for "Linked Windows Live IDs". From here you can link other Hotmail, Live and/or MSN accounts to your primary account. If you want to add one, go ahead. If you want to add more than that (I have 5), go ahead.

When you’re done, in your normal Hotmail interface at the far right you will see your e-mail address. This can be clicked and you can switch over to your other account instantly.

The beauty of this setup is that your e-mail addresses stay separate. They are linked but do not share inboxes. So whenever you want to check the other account, all it takes is two clicks.

This is free to do, by the way.

To note: AIM mail and Yahoo! also have linked account options.

Gmail does have the ability to poll mail from other accounts but has no linking ability (as in link 2 Gmail accounts together in concert).

What did I miss?

Do you have any spam prevention tips I missed? If so, please feel free to tell everybody in the comments. Any spam prevention is good spam prevention.

There is a large set of problems that are usually attributed to spyware, but that doesn’t mean the effects of spyware are limited to the items described below. If you are experiencing any one of these, it may be a good idea to run some spyware scans.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

The single, all-encompassing term “spyware” is more or less a misnomer, for there are a number of different kinds of software that engage in data harvesting and come under the broad, umbrella-like term “spyware”. Spyware can be loosely associated with viruses; Trojans and Worms being the closest relative to viruses, but there is a fine line of difference. Viruses are typically self-replicating. They can copy themselves and spread from computer to computer through security holes and exploits, as well as relying on a user’s poor security habits to quietly slip in to an unguarded system. Spyware usually relies on a user’s ignorance and credulity to infect a system and does not engage in replication. So, in effect, the first and best form of prevention is awareness.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Taken down to its simplest form and to be quite general, spyware is a software technology that assists in information gathering. The kind of information being gathered depends on how the spyware was written and what it was made to target. Once installed on a system, it can collect password data, bank and credit data, information on web surfing habits, email addresses, or just about anything else that you may consider a breach in privacy. This information is gathered from your computer and then relayed over the Internet to advertisers and any other interested parties, as allowed and directed by the piece of spyware. This definition, however, does not include or apply to all forms of software that fall under the heading of “spyware”.

The Internet can be a great place to visit and can contain a wealth of information that is made readily available at your fingertips, but like anyplace else, you must exhibit a certain degree of caution while making your way around. Wariness coupled with awareness can go a long way to help combat spyware.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

This file contains the mappings of IP addresses to host names. Each entry should be kept on an individual line. The IP address should be placed in the first column followed by the corresponding host name. The IP address and the host name should be separated by at least one space.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

At last, we have arrived. As you can see, spam is a huge and apparently growing problem on the internet. Due to the nature of the internet, though, it is not a problem that is easily controlled. As I outlined, spammers are spread out all over the world. Many of them reside in countries which have no laws regarding spam. Additionally, the email system, as designed, is very insecure. There is no fool-proof way to track a message to it’s sender and it is all too easy to manipulate the headers of an email to make it look like it came from anyone. It would be like all of us, anywhere, being able to type in our own name and phone number before making a call to someone and that information showing up on the Caller ID system. We would never be able to trust the information on caller ID. Instead, though, we have a centralized system controlled by the phone company which provides that control. On the internet, there is no such thing.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

In order to properly report spam, you need to learn a few basic networking tools. Very often you will see IP addresses only in the email headers. For those who do not know, IP addresses form the basic building block of the internet. It is a series of numbers separated by periods. Every computer connected to the internet has an IP address when it is connected to the internet. Each ISP has a set of IP block assigned to it. The first 2 or 3 sets of numbers in the IP address will signify the IP block which will be traceable to the ISP. The numbers after the IP block refer to the specific user on the ISP’s network. Additionally, the internet makes use of the domain name service (DNS) to map those IP addresses to actual alpha-numeric names which can be remembered by us - people. The DNS system is a mapping of domain names to the specific IP address of the server which hosts a website, mail server, or any other server online.

There are a series of tools in order to work with this system and identify information based on the information you have. Those tools are:

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Reporting spam is a good way to fight the problem. You need to know who to report to and what to report. The first rule of thumb is NOT to complain directly to the spammer. As stated above, any reply to the spammer simply tells them your email address is valid. That makes your email address more valuable as a commodity to the spammer. They don’t care how huffy or puffy you get in your email. The proper parties to contact are the people through which the spammer operates. The idea is to cut off their ability to deliver spam or to create some sort of backlash against the spammer. You can do this by either contacting the ISP which is hosting the email servers which were used to send the spam or by contacting the ISP who hosts the company which was being advertised in the spam. The idea here is that the spammer obviously doesn’t care whether you like the spam or not. The website being advertised by the spammer is either his own (which of course won’t get you anywhere) or is owned by a company which may have no qualms with spam because they are making money. However, almost all ISPs will care immensely if anyone is using their systems to send spam. As stated previously, spam costs the ISP industry a whole lot of money. If an ISP becomes aware that they are empowering a user to send spam, they will almost always shut down the account.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Using spam filters is one of the most common ways to battle spam. What this means is that the software scans the incoming email, runs it through a series of tests and compares it to known spam criteria, then decides whether it is a good email or a spam message. If it is spam, it will act according to settings.
If it is good, it makes it to your inbox. The perfect spam filter would always get it right, filtering out all spam and letting all valid email through. In real life, however, its a constant battle for accuracy. Filters miss email or falsely flag email all the time. A “false negative” is when the filter does not flag an email as spam when it should have. A “false positive” is when the filter incorrectly flags a legitimate email as spam. For most, a false positive is the worse of the two because perfectly valid email can get removed. This happened to me just the other day when a perfectly valid email contained the word “mortgage” got filtered out. The sender called wondering if I got the email, which of course, I didn’t. The only solution (other than training your filter) is to periodically check your “Deleted Items” folder to see if there are any valid emails in there.

How Filters Work

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Ok, so what can you do if you do not host your address on a website but you are still getting spam? You already have the problem. Now what?

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

How do you stop Spam? After all, that is what this section has been leading up to. Well, the first line of defense is not to get onto their email lists in the first place. As mentioned previously, the main ways they get your email address are you submitting your email address to a website and email harvesters scanning your email address off the web. So, your first line of defense, obviously, is not to provide your email address in a fashion where a spammer can get it. Here are some ways to do it.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

The US government has done things to try to curb the problem of spam. After all, spam is a major problem. It clogs up the internet’s data pathways and costs companies money. The problem is that these laws really don’t mean much at all. Anybody can pass a law, but that doesn’t mean spammers will just all of a sudden turn into great little law followers. And enforcement of these laws is a problem because it is hard to sometimes find exactly who the spammer is.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

There has been a lot of lore about a spam message giving your computer a virus and causing all kinds of problems. But, does it actually happen? If the email you received is in text format, the answer is most definitely no. A text message cannot harm your system in any way, so while it may be annoying, you do not have to worry about it. However, if you receive an HTML message (and most spammers do use HTML), there is a possibility that there is some harmful code in that email. Many HTML-capable email programs do run code inside of an email without your warning. A spammer could use this code to launch pop-ups, cover their own tracks, or more dangerous activities. Properly coded, and if you don’t have adequate protection, a spammer could implant a virus on your machine which then sets you up as a zombie (see above). A virus could also potentially install a keystroke macro, meaning anytime you press certain key combinations, you will get some ad or other thing.

Another potentially dangerous practice is phishing. This is not dangerous because it can install software to your computer. It is dangerous because, through social engineering, it could trick people into giving up sensitive information such as log-ins, social security numbers, bank account numbers, etc. The way it works is that the phisher will create an email which is designed to look like a well-known website. Ebay and Paypal are common targets. The email that is sent is designed to look like it came directly from eBay or Paypal (for example). They usually say something like they need to confirm your information because of a server problem or some routine maintenance. In short, they say there is some problem with your account and they need info from you. If you lick the link and go to their website, it is a look-alike copy of the original website. However, if you filled in the form, your info would NOT be going to the company allegedly sending the email. It goes right to the phisher’s database who may then turn around and sell it to criminals. After all, the phisher is a criminal.

How can you identify a phishing email? Its not difficult.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

We’ve all experienced this. You sign up for a brand new email account, maybe having switched internet providers. You are getting no spam because nobody knows your email address. But, over time, you begin to get more and more spam until, before too long, its as if you never changed your email address. It can leave you baffled. How the hell did they get my email address?

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

In looking at a SPAM message, we need to also look at the body of the message and some of the things often done to entice, throw off, or fool the recipient into responding. Let’s look at the biggies:

Hidden URLs

Some spammers will make use of various forms of encoding to hide URLs or fool users into clicking on URLs they would not otherwise click on. Many will use IP addresses rather than domain names, thereby obfuscating the potential nature of the target site from the user until they actually visit it. However, one can use the “nslookup” tool on their computer to get the domain itself in many cases (more on this later). Sometimes they will encode the IP address in escaped characters, meaning the ASCII or HTML special character code for the item. Other spammers will use the little-used user ID field of the URL to fool people. For example, sending a browser to “http://www.notspam.com%10.10.10.10/” is, to a browser, the same as going to 10.10.10.10 with a username of “www.notspam.com“. The site will, usually, ignore the user field so therefore there you are staring at 10.10.10.10. Most users, though, would believe they are going to www.notspam.com.

Related, some spammers will make use of other IP ports. Typically internet traffic comes in on port 80, which is used for HTTP transactions. But, if a spammer tries to link you to “www.notspam.com:2000″, then they are routing you to port 2000 rather than 80. If the spammer has some kind of control placed on port 2000 on that server, then you just got “had”.

Two other very common URL tricks are redirectors and deceptive HTML links. There are URL address out there whose only purpose is to redirect to another web address. They can give the click-through URL a legitimate looking name, but clicking on it would route you somewhere else. Lastly, being that much SPAM is in HTML format, they can have a link in the email which is hyperlinked in the traditional blue, underlined text, but actually clicking on the link takes you somewhere else entirely. The way to protect yourself against this is to “View Source” on the message by right-clicking and choosing “View Source”. Look for the HTML

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

In order to understand a SPAM message and how to best prevent them, one needs to know a little bit about how an email works in general. One doesn’t usually think about it. They just type their message along with a “to” address, and it miraculously arrives on the other end. But, how does that work? Well, ironically, one can compare it to postal mail, in a way. When you send snail mail, you have the message in an envelope. The envelope has a return address and an address to send it to. You put it in your mailbox, the postman picks it up, and it is sent. The postal service is the relay for the message, and your letter moves through the system, from terminal to terminal, until it arrives at the recipient. Email messages, too, contain a header which serves as the “envelope” for the message. It contains the sender’s name, the return address, the subject line and where the message is going, along with a bunch of other information. When you send the message, it is sent via a mail host server. It uses a protocol called SMTP to transfer the message. It transfers over the internet, each mail server it hits reading the headers and moving it along. It finally reaches a mail host at the recipient’s ISP, where it sits until the recipient logs on, checks their email and downloads it from the server.

To demonstrate, I sent a message from myself to myself and below are the headers for that email:

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Yes, Spam, is the name for that little blue can of processed “meat” made by Hormel you can find in the grocery store. The meat is junk, which is fitting, but I’m not sure if that’s the source of the word we’ve grown so fond of. Actually, the generally accepted derivation for the word is a Monty Python skit. They had a skit in which a group of Vikings were singing “spam, spam, spam, spam” so loud and often that it drowned everyone out. In the early days of the internet, when the net was mostly populated by nerds of the classical sense, there were very few net surfers who didn’t appreciate Monty Python, so I guess the word caught on and I can see the correlation.

When we hear the word SPAM, our first thought is unsolicited junk mail. For most practical purposes, this covers it. But, some have simply defined it as “unsolicited email”. This is an incomplete definition simply because most of us get emails every day we didn’t directly ask for. It’s simply not plausible for each of us to give people a call and say “Hey, send me an email.”. It’s silly. Others have said SPAM is email coming from an unknown source. Again, this is incomplete because people receive emails every day from people they do not know. If I only accepted emails from people I knew, then anybody reading this book or visiting PC Mechanic at all could never email me. What most people mean when they think of SPAM is simply annoying email. If they find the email annoying in some fashion, then its SPAM. This definition gets a little closer, but it still left to the preference and mood of the recipient and, for this reason, is not a very useful definition. For example, PC Mechanic sends out a Tip of the Day every day. There are always a few people who say we are spamming them and they take themselves off the mailing list. There is nobody on our mailing list who did not directly sign themselves up for it. Therefore, it not unsolicited at all, but that particular day they found our Tip of the Day annoying and therefore, to them, it is SPAM. Again, a very useless definition. How about “unsolicited bulk email” as a definition? Close, but again there are caveats. If I receive an email from my bank or some other company who provides a service to me, then chances are the email is unsolicited. I didn’t ask them to send me emails. But, at the same time, I have a business relationship with them and therefore it is reasonable that I would receive occasional emails from them.

Get the point? Determining whether an email is SPAM or not is a gray area and is, to large degree, in the eye of the beholder. Perhaps the most accurate definition would be “unethical mass email”. Ethics is that effort on each person’s part to perform the most good for the most number. So, on the reverse side of this, if you have a mass email which offends the ethical sense or netiquette of a majority of internet users, it is probably SPAM. Therefore, any email sent individually to a person is not SPAM; it is not a mass email. But, a commercial email (one advertising a product or service) can be if it does the following:

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Every one of us deal with it - we go to check our email and, along with the messages we want from business contacts, friends and family, we download a bunch of unsolicited email advertising. Things like porn sites, medications, low-interest loans, and even the long lost secret of an adventurous love life. It’s novel at first, but after, oh, a few seconds, it’s annoying. To some, it is simply an annoyance and stays that way. You simply delete the email and move on with your life. This is the usual procedure for people who use email mainly for personal use. But, those of us with email addresses that are pretty public have this problem in a huge way. If you use your email for business, then likely your email address is on at least a few mailing lists and on people’s address books. If you have had your email address for some time, its probably gotten worse. But, on the far end of the spectrum, there are those who run internet websites and whose email addresses are very public. Large companies and internet business actually waste a lot of time and money due to this problem.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.

Now that we have covered the general background of computer viruses, it all comes down to one thing: how do you prevent it? The good news is that it is very easy to prevent and it is not going to take long to explain this to you.

Here are the general preventative techniques. Some of these will be obvious. Others perhaps not as much.

Please Login or Register to read the rest of this article. Gold/Silver Membership required.