both show up in online user's email inboxes. Viruses
are relatively easily dealt with, using a combination of common sense,
healthy paranoia, and free or inexpensive software. Spam, however, is
for many users to get under control
name for what is sometimes referred to as 'unsolicited
e-mail'. In other words, e-mail messages are generally trying to get
from you-- whether selling products you don't want (herbal ecstasy,
mortgages, penis enlargements), get you to visit pay-for-porn websites,
or hoping you'll send money to someone in Africa after being promised
chance to make millions of dollars.
spam, others receive dozens of messages a day. Spam is
in frequency; it has been estimated that it will soon account for 50%
all e-mail traffic. While not all spam is sexually-related, many of us
are finding more and more messages including sexually-explicit offers
Brightmail, in March 2003, scams accounted for 10% of all
spam, while financial offers made up another 17%. 19% was porn or other
'adult-oriented' offers, as was product advertising, with a further 4%
for medical offers. (http://zdnet.com.com/2100-1105-996003.html)
delete these messages, often without even bothering to open them
But even that wastes time.
do they get my address?
an Internet security hazard, but for many people, it is a
irritant. Many other people, however, seem to rarely get spam.
to a study sponsored by the Pew Internet & American Life
of people are most likely to get spam:
emailers' who have posted
their email addresses publicly on web sites, in Usenet groups, etc.
mail because these addresses are harvested by 'spambots', searching the
Net for recognizable email addresses.
for free email
accounts (such as the popular hotmail.com) or use other popular domains
for their email; there is no evidence that such services provide their
users addresses to spammers, rather, they are subject to 'brute force'
attacks, checking for the existence of combinations of common first and
last names on those domains.
you've ever entered
your email address
online in a contest, to buy something, registered a product, or
to an email newsletter, you may have failed to uncheck an option in the
fine print 'to receive valuable offers from our marketing partners'. In
that case, you allowed the owners of the website to sell or trade your
address-- and the recipients to sell or trade it, on and on down the
You have 'opted-in' to receive spam.
can't the government just outlaw spam?
ongoing discussion over whether commercial messages like spam are
under Constitutional rights to free speech. In other countries
Canada), such rights are less firmly enshrined in law. But even if a
passed a law banning spam, nothing much would change. The Internet
tracking spammers for prosecution extremely difficult, and there are
over what jurisdiction a spammer could be tried under. A US-based
may have a website on a computer in the Bahamas, but use computers in
to actually send out millions of unsolicited email messages to users
the world. Under what set of laws can he be tried?
US Congress passed a so-called Can-Spam Law; critics suggest that
simply legalizes spam while making it more difficult to do anything
in late 2005 the US FTC reported to Congress that the
Can-Spam Law was working; even though 70% of the world's email messages
were spam, the percentage was levelling off. (http://news.zdnet.com/2100-9588_22-6003071.html?tag=zdfd.newsfeed)
about making it cost money to send bulk email?
If it cost a few
spammers would be financially discouraged. Yes. But there are at least
two problems with this proposal:
1) How to change
system that is currently free for end-users to one where users are
by the message. Who charges these fees? Who gets to keep the proceeds?
How is it administered? Currently, anyone can set up an email server.
2) How to avoid
out of business. Free email has permitted the blossoming of huge
of electronic publications using email for distribution to people who
to subscribe. Some of them are commercial-- I choose to get sale
from the Future Shop electronics chain. Others are computer-related,
social, literary, or what-have-you. Charging for email would quickly
most of these out of business, or force currently free publications to
charge a subscription, in either case, dramatically affecting them for
the worse. One of the rare areas of a truly free press would be brought
to a sudden halt.
about black lists?
tools rely on blacklists-- an example is SpamCop
receive messages they don't want, they send them to a website, which
them to compile blacklists of spammers; future messages from the
computer's IP address are banned. It sounds promising, but these lists
are problematic; real spammers can change addresses frequently,
black lists. Moreover, users often mistakenly send blacklists messages
from valid email publications-- rather than unsubscribe from the list,
they get their anti-spam tool to block future issues. But that means
everyone who subscribes to that publication no longer receives it,
they want to get it or not! Publishers of email publications have
how they're having to spend increasing amounts of time untangling their
legitimate mass-mailings from black lists that have mistakenly listed
just the reverse of blacklists... instead of having a service make a
of addresses to block, they set up a list of email addresses to allow-
the contents of your address book, for instance. Obviously this cuts
on mistakes, but it isn't a solution by itself.
wrote in March 2003 that he had 'finally found a cure for spam (for
service called Mailblocks which, when suspicious-seeming
were identified, wouldn't let the message through until a real human
to a website, and replied to a numeric puzzle embedded in a graphic
Nice, but I suspect it would again cause problems for legitimate
lists and other non-spam bulk mailings.
filter messages, and automatically do a variety of things to them. In
Express, this involves setting up what are called 'rules', in Eudora, a
similar capability is called 'filters'. You could make a set of rules
filters that, if they encounter specific words or phrases in the
or body of a letter, automatically routes that message to a Spam folder
you've created, for instance. Periodically, you would review the
of that folder, trashing the real spam, and saving the
messages. According to the Wired article (referenced at the end of this
the most obvious spam tip-off? Ask SpamArchive.org. Its parent, email
firm CipherTrust, combed through more than 250,000 junk emails for Wired
and identified the telltale signs that you've got spam.
25 subject-line words and symbols:
Free, Get, FREE, $, !, SPAM, You, Your, Norton, Credit, Save, 000, Now,
Check, Year, Make, Sale, Money, DVD, just, now, Lose, software, Earn
25 phrases in body text:
now!, offers, most, partners, 999, fulfillment, yamato, naviant,
removal, recurring, mailings, free!, assistant, enjoy, grocers,
subscriber, cash, sun, rewarding, buy, today!, marketing
your own filters in Outlook, Outlook Express, Netscape Mail, and
email programs can be found In the Feb 2003 PC World article at: http://www.pcworld.com/howto/article/0%2Caid%2C107864%2C00.asp
an article online on creating and using Eudora filters that
he claims can block up to 99% of spam; his website:
http://www.cecilw.com/eudora/ includes sample filter-sets for
Users of other email programs may want to look at it for examples of
to create filters in their preferred programs. Alternatively, Robin
free K9 (http://www.keir.net/k9.html)
free email filtering application that works with Outlook Express
other standard POP3 email programs.
started responding to this sort of filtering, adding junk
characters, mis-spellings, replacing letters like 'E' with '3' all in
an effort to out-wit relatively simple filters.
way to help
limit spam (and some potential virus problems) is to turn off the
preview pane. This helps because when you view (or preview) a message,
when it goes online to grab graphics, it reports your location/email
address, thus letting the spammers know that they've reached a real
e-mail address... the result will be more spam coming to your address.
With the preview
off, you can delete obvious spam (and virus-infected) messages without
having to see them first.
-> Preview Pane
and remove the checkmark. In Outlook
and remove the checkmark beside Show
pane. In Eudora,
you could turn off display of HTML-formatted mail clicking Tools
-> Options -> Display and uncheck Automatically
download HTML graphics. Now you can delete obvious spam
be able to turn off automatic previewing of messages in some
some combination of blacklists, whitelists, checking for circuitous
routes, looking for suspicious keywords in subject lines and body text,
and more. Receiving a lot of attention recently are so-called Bayesian
analysis-- sophisticated ways of looking at message
or services combining all these techniques are being sold to large
or ISPs to protect groups of users-- either installing software on the
network server (such as Vancouver-based ActiveState's PureMessage) or
a service that organizations contract to filter all the email entering
their domain (such as FrontBridge -- formerly known as BigFish).
aimed at individual email recipients. PC Magazine and PC
spring 2003 reviews of a range of such products are listed at the end
this article; the PC Magazine article notes: "...even with training,
spam gets through. The consumer products we tested typically blocked
75 percent of spam; the corporate products, 85 percent. Worse, these
can block legitimate messages." Products have to deal with two types of
errors: false negatives, where real spam is not caught, and more
false positives where mail that is not spam is mistakenly blocked.
for personal use was the US$20 (per year) SpamCatcher
with Microsoft Outlook 2000 or 2002. (The company also
has a 'Universal' version for Outlook Express, Eudora, Netscape, etc.).
PC World's May 2003 best buy was the US$20 IHateSpam
which also integrates with Outlook. (http://www.sunbelt-software.com/
The company also makes a version for Outlook Express). There are
30-day free trial versions of both SpamCatcher and IHateSpam, though in
each case, users must register with the company to receive registration
Infoworld was very impressed with the free add-in for Outlook
Outlook Express): SpamBayes
(http://spambayes.sourceforge.net/index.html), rating it 9.4 out of 10.
For best results, you should have a set of messages that you consider
along with another set that is non-spam, so the software can learn to
the way you do; afterwards, check its proposed results for a while. It
can be used with non-Outlook mail clients, but requires complicated
in that case. Another Outlook add-in that's free for personal use
Magazine revisited Spam Blockers: http://www.pcmag.com/article2/0,4149,1474449,00.asp
reviewing 11 antispam utilities. Their favourite this time around was
Norton AntiSpam 2004.
free, open-source, cross-platform anti-spam program that works
most email software (in includes detailed instructions for Outlook,
Express, Eudora, and Pegasus, and can be made to work with other
as well). When first set up, it's stupid, but over time, will learn
you use PopFile with Outlook, you may want to check out the free
accepted) Outclass (http://www.vargonsoft.com/Outclass/
) which simplifies PopFile setup.
intercepts your mail before it gets to your email software, and is good
for up to 10 e-mail addresses (for personal use).
free version and a US$20 Pro version. I found it
use, as it must be run as a separate program, prior to opening your
software, rather than integrating directily into your email software.
US$30 Pro version (again, there's a 30-day free trial version) supports
multiple mail accounts and Hotmail accounts.
3rd party anti-spam program, some users may prefer to move to
an email client with built-in spam filtering. Apple's Mail
(included in its OS X 10.2 and later) and Mozilla Thunderbird email
Windows, Linux, and Mac OS X) both include built-in optional anti-spam
filtering. Outlook XP (but not Outlook Express) and Eudora Pro 6 (paid
US$29 version only) now include antispam filtering; I'm currently using
Eudora Pro 6, and finding it's catching about 90% of the spam coming
my accounts. Outlook
included in the October 2003 release of Microsoft
Office 2003, reportedly also includes reasonably effective
tries to identify spam messages. A toolbar icon allowing users
to correct their initial opinions lets the program 'learn' better what
you consider spam.
the Junk Mail options for Eudora 6.0. Note the user can define mail
spam if the user is in the address book, and can automatically add
senders to the address book (which I didn't do). This would create
list of designated non-junk addresses.
can adjust the
Junk Threshold to
catch more junk mail (but probably accidentally junk more legitimate
or let more junk through but mis-label fewer legitimate messages.
messages can be
to an automatically created Junk mailbox, or left in the Inbox for
inspection. Messages in the Junk Mailbox are automatically removed
a user-configurable amount of time. (By default, they're not erased,
moved to Eudora's Trash, where they can still be retrieved until the
Antispam filters work
PC World May
filters look hard
the return address,
which is often fake. In this case, the address consists almost entirely
of numbers, a common component of machine-generated spam.
filter may examine the
IP address where
the e-mail originated and compare it against lists of addresses known
be sources of spam. If it finds a match, that e-mail is usually
compares the date on
the message against the time it's actually received; spammers will
delete the date or assign one in the future so that the e-mail lands at
the top of its victims' mailboxes.
the subject line (like as seen on TV and free
another giveaway; many
spammers also insert garbage characters, misspellings, or odd letter
in an attempt to fool simple text filters.
capital letters--or oversize
fonts in HTML mail--are a common spam tactic, so some filters flag
that contain them.
give out your
address to people
you plan to correspond with. For web-based forms, see below.
etc) to create an email address to use to correspond with Web-based
etc. When the free account gets clogged with spam, abandon it and
a disposable email
address, again abandoning
it when it starts to get spam. See: Disposable
Email Services: http://www.pcmag.com/article2/0,4149,849410,00.asp)SpamGourmet
or Mailinator (http://www.mailinator.com/mailinator/Welcome.do) are
in other words,
on Web forms feel free to lie!
post your email
address on web pages,
guest books, contact lists, newsgroups, contact lists, etc. If you need
to, add an extra something that real humans will understand:
or alan at zisman dot ca
you can get them
to stop pestering you by replying to them. Don't! Replying to a spam
simply confirms that they've reached a valid email address and will
increase the amount of spam you receive.
you buy anything
online or fill in an
online form, check for options to opt out of receiving email or giving
permission for the company to share your address with others. Be sure
these are checked appropriately.
buying online or
filling in forms, look
use free or disposable email or a fake address.
organizations are working
against spam, including CAUCE
(Coalition Against Unsolicited Commercial E-mail: http://www.cauce.org),Spam
different is spam in
Messenger programs or chat rooms. Read about it and what you can do to
control it at: http://www.pcmag.com/article2/0,4149,1401423,00.asp
you are designing a
and are tempted to include your email address to make it easy for
to contact you (as I've done on this page), think again. You're also
it easy for spam harvesters to get your address (as I've also done).
still contact you. See the tutorial at: http://www.insideoutmarketing.com/index.php?p=pages&pid=15.
for Democracy & Technology report cited above
steps to hide email addresses are (at least for now) effective against
An alternative way to hide your email address on
webpages is using a free product called Natata Anti-spam encoder
Tips for Dealing With Junk Email - https://www.bookyourdata.com/tips-for-junk-email
antispam software works: Wired Magazine April 2003: http://www.wired.com/wired/archive/11.04/start.html?pg=6
Spam Killers: PC World
May 2003: http://www.pcworld.com/reviews/article/0,aid,109698,pg,1,00.asp
Antispam Tools: PC
Magazine Feb 25, 2003: http://www.pcmag.com/article2/0,4149,849558,00.asp
Antispam Tools: PC
Magazine Feb 25, 2003: http://www.pcmag.com/article2/0,4149,849389,00.asp
out where spammers get your address: IDG News Service Mar 19,
spam, spam, spam Globe and
Mail Report on Business May 2003: http://www.globeandmail.com/servlet/ArticleNews/TPStory/LAC/20030425/RO5SPAM/TPBusiness/ROBM
I Getting All This Spam? Center
March 2003: http://www.cdt.org/speech/spam/030319spamreport.shtml
on African money appeals: The 419 Coalitionhttp://home.rica.net/alphae/419coal/
August 2003 MSNBC
of a Spam King:
2003 NY Times article takes you inside
the spam industry (free registration required): http://www.nytimes.com/2003/09/28/magazine/28SPAMLT.html
Add to Spam:
2003 NY Times shows how spam is not always
low-down and dirty http://www.nytimes.com/2003/10/28/technology/28SPAM.html
4, 2004 PC Magazine article on how Bayesian filters work: http://www.pcmag.com/article2/0,1759,1567368,00.asp
Delete: Bathwater, Undelete: Baby-
August 5 2004 NY Times article on the ongoing 'battle' between spam and
spam filters: http://www.nytimes.com/2004/08/05/technology/circuits/05filt.html
Tracks Zombies to the Source- October 2005: How Microsoft
set up 'honeypots' to catch hackers taking over computer on behalf of
(or more) of the
free or trial antispam utilities listed on this page or listed at: http://www.pcworld.com/downloads/file_description/0%2Cfid%2C22343%2C00.asp
and or try
Firebird (or the paid version of Eudora 6) see how well it works for you
up for a free
account with Hotmail
or Yahoo mail
up for a
email address from
at the options
creating rules (Outlook
Express) or filters (Eudora) and think how you could filter out much of
the spam you receive
the website of
of the listed organizations
trying to fight against spam.
to make sense of
the information in Email headers: http://www.stopspam.org/email/headers.html
CyberSafety course includes the following modules:
and wireless issues
Or cut to the chase with 7 Steps to Internet Security!
(Last updated 21 December 2005)
Alan Zisman is a
Vancouver educator, writer, and computer specialist. He can be reached
at E-mail Alan