San Diego Business Journal

Fighting Unwanted Spam, One Computer User at a Time
Simple Guidelines, Software Helps Reduce Invasive E-mail

BY JOHN HUFFER

According to recent reports, more than 50 percent of all e-mail traffic is spam. Increasingly, businesses relying on e-mail communications are being buried under this flood. Many business people receive 100 spam e-mails every day, wasting their time and their company's money.

Current Internet e-mail protocols are designed to ensure mail is delivered accurately, but do not verify the senders' address , just as the U.S. Postal Service only checks the "To:" address when delivering standard mail. Bulk e-mailers (spammers) can therefore continue their operations with relative impunity despite recent legislation such as the CAN-SPAM Act. Stemming the increasing spam burden is therefore up to individual users. Blocking individual spammers' addresses can be an exercise in futility. In an article published Feb. 5, 2004, the New York Times reported that spammers often use random name generators to create the "From" lines in spam. However, this does not mean users are defenseless.

- What Can You Do To Protect Yourself?

& #183; Avoid having your e-mail address on your Web site. Spammers "harvest" e-mail addresses appearing on Web sites and add them to their databases. Rather than listing an e-mail address, consider having the company Web site designer add a page containing blanks where prospects can type in their message and press a "send" button that automatically sends an e-mail to a fixed address.

If this is impractical, try setting up a special e-mail mail address other than your regular account so that your regular e-mail is not mixed in with the spam

& #183; Set up filters (or rules in Outlook) routing your regular mail to separate folders. Setting up filters sending spam to the trash is time-consuming, as spammers change their attacks every day.

However, setting up filters routing mail from people users know into a separate folder or folders is relatively simple and requires little maintenance. Once users get into the habit of setting up a new filter every time a non-spam message arrives in their in box, almost all desired messages will be automatically routed to the dedicated folder, leaving only spam in the in box (with the occasional new correspondent.)

& #183; Do not open spam messages and avoid clicking on the "Remove" links in spam e-mails. According to the U.S. Computer Emergency Readiness Team (CERT), there are currently security holes in Microsoft's Internet Explorer allowing attackers to take over your computer by tricking users into opening the wrong Web page or HTML e-mail. (http://www.us-cert.gov/cas/alerts/SA04-033A.html) Every time users click on a spam message's "Remove" link, or open spam containing graphics in HTML format, their computers are opened to possible attack.

& #183; Keep all computers' anti-virus software definitions up-to-date and consider setting up a firewall. Spammers often use other people's computers for sending their bulk messages. This keeps their costs down and helps spammers avoid retribution. Many recent viruses contain their own e-mail sending software as well as opening holes in the infected computer's defenses allowing hackers (or spammers) to control infected computers. If everyone protects their computers from these threats, spammers will be forced to use their own computers for sending spam. This will in turn make spammers easier to track down.

- Purchasing Anti-Spam Software

There are a number of anti-spam software programs available, for both e-mail servers and for individual computers. Programs using "Bayesian" classification techniques can reduce the spam reaching a user's in box by 90 percent or more.

However, anti-spam software also generates "false positives," messages fitting a spam "profile" that are not spam. Good anti-spam software must therefore allow each user to customize their individual anti-spam filters. For example, most anti-spam filters allow users to upload their e-mail address books directly into the "white list" of authorized senders. Addresses on the white list are never marked as spam.

Many anti-spam software companies also offer subscriptions to "rule update" services. These services allow users to download the latest spam "profiles," combating spammers' ever-changing messages.

Some anti-spam software relies exclusively upon "white lists" of known users. New senders receive so-called "challenge" messages to confirm their identities. However, this system often annoys the users' correspondents and does not work well with commercial e-mail messages such as automated responses. This type of anti-spam software is generally not used for corporate e-mail systems.

Most of these software packages are available for testing as free downloads. As with all other software, it is very important to back up your system and data files before installing software. It is also important never to install software just before a critical project is due, as Murphy's Law virtually ensures the installation will go wrong.

Three typical anti-spam software packages are Spam Inspector from Giant Company Software (http://www.giantcompany.com), Symantec's Norton AntiSpam 2004 (http://www.symantec.com/antispam/), and SpamFire from Matterform Media (http://www.matterform.com.) Each of these programs can be used with multiple e-mail accounts if accessed from a single computer.

& #183; Giant Company's Spam Inspector 4.0 for Windows computers ($29.95 per copy) works with Outlook, Outlook Express, IncrediMail, Eudora, and Hotmail (in Internet Explorer.) This software adds an extra menu bar to the user's e-mail program allowing easy access to various spam-fighting tools. It also removes so-called "tracking bugs" placed within some spam messages that report back to the spammer.

Spam Inspector combines individualized Baynesian filters with automatic downloads of anti-spam updates. The purchase price includes one year's free updates. The user's e-mail address book is used to create a "whitelist" during the installation process to prevent e-mail from known addresses from being marked as spam.

After installation, Spam Inspector automatically routes suspected spam into a special folder. Users can then review this folder and mark any desired e-mail as "not spam" by clicking a button. Users can also mark undetected spam making it into their in basket by clicking the "is spam" button. Spam Inspector uses this feedback to improve its accuracy.

& #183; Symantec's Norton AntiSpam for Windows computers ($39.95 per copy) works in a similar manner. As with Spam Inspector, Norton AntiSpam adds a toolbar to the user's e-mail software (Outlook, Outlook Express, or Eudora.) It, too, comes with a one-year anti-spam profile subscription and generates a whitelist from the users' address book. However, Norton AntiSpam also includes "pop-up ad" prevention software. This has little relation to spam, but is a nice feature.

& #183; Matterform Media's SpamFire Pro for Windows XP (and Macintosh) ($39.95/copy) uses a slightly different approach. Rather than integrating with the user's e-mail program, SpamFire is a separate application that accesses the user's e-mail account(s) and downloads suspected spam. If any non-spam mail is detected, SpamFire then triggers the users' e-mail software to download the non-spam messages. This is especially useful for desktop computers that automatically download e-mail, as incoming spam does not trigger an arriving message alert.

If SpamFire accidentally downloads a non-spam message, the user can "rescue" the message and, if desired, add the sender to a whitelist. (SpamFire generates a whitelist from the users' e-mail address book during installation.) As with Spam Inspector and Norton AntiSpam, SpamFire's purchase price includes a one-year subscription to a spam profile update service.

Dedicated hardware with anti-spam software is now available, and there is increasing pressure to better identify authorized e-mail servers. Until the current e-mail system changes to a more secure protocol, however, the spam barrage will continue.

Huffer is a San Diego-based technical writer. He can be reached at jmhmail@nethere.com.