AbleStable®
go to Reviewsgo to Servicesgo to Registered Usersgo to Resource Centrego to AbleStable: Helpgo to About Us
go to AbleStable: Home Articles
go to Search

go to Exhibitions Centre
  The Internet: exploring the world of creative professionals
go to Help
go to Resource Centre
go to Library
go to Articles
go to E-Books
go to Glossary
go to Reviews
go to Web Link
Library > Articles > The Internet > 015

E-mail this web page address to a friend or colleague
Enter their email address below (no record is kept of this action)

     
How To Deal With Spam: Part 1 | Part 2
Contributor: Andrew Ward

Introduction

This highly informative extended article discusses the world of Spam (unsolicited email), and provides advice about how to counter it.

Although spam causes problems to network infrastructure, perhaps the biggest nuisance it causes to an organisation is the effect on users. Spam wastes employee time, and not just because of the time taken to read the headers and then delete them. Although many spammers are extremely stupid, as evidenced by the illiterate nature of most spam, some do make a crude attempt to make messages appear to come from someone known to the recipient, and this can trap busy or unwary users into paying them more attention than they deserve.

Furthermore, users may go so far as to click on the links advertised in some spam messages, causing yet further distraction, wasted time, and even the downloading of offensive or illegal material.

Spam And The Law

There is considerable international variation in the laws relating to spam, but it is very unlikely that any spam is ever legal. If there is no specific anti-spam law within a country or state, then spam will almost certainly fall foul both of any computer misuse (anti-hacking) legislation as well as any data protection legislation that might be in force.

Regardless of the law of the land, Internet service providers usually have a contract term that specifically prohibits the sending of spam. Any Internet user sending unsolicited commercial email therefore is in breach of contract and may have their account terminated. This does in fact happen, although some spammers will simply immediately open a new dial up account, usually using stolen credit card numbers. Fortunately, there are ways to protect against even this tactic.

Fighting Spam

There are many ways in which an organisation can cut down the amount of spam
it receives, as follows:

Educate users to avoid actions that might encourage spam.

Report spam so that spammers and their web sites are shut down.

Prevent systems being used by spammers within or outside the organisation.

Subscribe to a service that helps the organisation control the amount of spam
received.

Subscribe to a service that filters email and removes spam.

Install filters that remove spam.

User Actions

Most spam is generated through careless user behaviour. Users need to be educated about the various actions that can easily generate spam, and perhaps the company’s acceptable use policy should be modified to include dissuasion of spam-friendly activity.

Users should not post messages in any forum that spammers might see. This
includes Web bulletin boards, Usenet newsgroups, chatrooms and virtually every Internet-based communications environment except email itself. If users do need to use Usenet or similar forums for their work, they can corrupt their email address in such away that a genuine user, but not an automated spam email address harvester, can understand and correct. For example, change andrew.ward@itp-journals.com to andrewREMO.VEward@itp-journals.com.

Alternatively and additionally, users can post messages in such environments using a different email address - for example, one from a free Web-based service such as hotmail - where the vast volumes of spam generated won’t interfere with their daily work or the company’s network.

It’s also a good idea to keep watch on what users are doing. How to do this depends on what monitoring capabilities there are within the elements of network infrastructure already in place. Some firewalls can monitor and log user activity, as can Novell Border Manager. Otherwise, add-on products such as eTrust from Computer Associates (http://www.ca.com) can do the job. It may be worth going even further and physically preventing certain activities - such as Usenet postings - using filtering tools or the capabilities within firewalls.

Never Reply

One thing that users should never, ever do is to respond in any way to a spam message. Replying to the message, or replying to any address that might be listed within the message for being removed from the mailing list, simply tells the spammer that the address used is live and active. The result - a lot more spam, both from the original spammer and from anyone to whom he sells the list.

Furthermore, even clicking on a link within a spam message can tell the spammer who responded and when. People who respond are immensely valuable to spammers, since of course most people just delete these illegal messages.

How do spammers achieve this? Careful inspection of spam messages reveals that some contain hyperlinks with complex URLs. Encoded into these is the user’s email address, or a reference to it within the spammer’s database.

When registering on Web sites, explain to your users that they must take the utmost care to only register with legitimate, recognised businesses and to avoid any guestbooks, free memberships and other dubious sites that request email addresses. Even with legitimate sites, users should be careful to read any small print about junk mail, and either check or uncheck boxes as appropriate to opt out of any follow-up email. Often the same registration form will contain more than one checkbox, with some requiring the box to be checked and others unchecked.

Some sites don’t offer these options at registration time at all, but include registrants on mailing lists automatically. It’s necessary to revisit the site and amend user preferences to opt out of junk mailings.

Both the organisation itself and individual users should be wary about publishing email addresses on Web sites. If possible, publish forms that people can use to send enquiries instead, so no email address is visible to automatic address harvesters. However, recent activities by spammers have even included posting messages onto forms rather than sending email.

Receipt Of Spam

Whatever procedures and systems are put in place, it’s almost inevitable that some spam will get through to users, so guidelines should deal with this eventuality. Ideally, messages should be forwarded to the network administrator and then deleted but the tendency of many mail clients to remove full headers means that users need to go to some trouble to forward messages correctly, which may be unworkable. Full headers are necessary if the spam is to be reported, or the sender and/or sending domain are to be added to filtering rules.

Reporting Spam

Any spam received should be reported to the sender’s ISP, the owner of the mail relay used (which may be a different organisation), and the ISP of any web sites and email addresses referenced within the spam - unless they are spoof addresses, of course. There are many resources on the Internet that explain how to read and understand message headers in order to be able to report the spam to the appropriate authorities.



How To Deal With Spam: Part 1 | Part 2



     
       
 
Authors background

This article by Andrew Ward first appeared as a guide at Tech Support Alert. In addition to a well respected computer technology bi-monthly newsletter, Ian 'Gizmo' Richards, editor of www.techsupportalert.com, provides many useful guides on his site that delve into many technical issues relating to computers.

If you observe inaccuracies in our in-house contributions or wish to contribute an article or review to be included at AbleStable® visit Feedback.

Copyright Notice
Although our contents are free to browse, copyright resides with the originators of all works accessed at AbleStable®, and unauthorised copying or publication of our site contents is strictly prohibited. To use our specially selected premium content go to Content Syndication and Licensing

AbleStable © 2002-2007

 
     
       

 All Material: AbleStable © 2002-2007
go to Frequently Asked Questionsgo to Feedbackgo to Press Centrego to Privacy Statement