Print
Discuss
Send to friend
RSS feedsEmail is one of the most useful tools that net users have available to them. While the web may be more glamorous, email has always been the workhorse; the way people arrange meetings, make contacts and keep up-to-date with others.
How is it, then, that more and more of us find that, instead of using it as the great social or business tool it's become, we spend almost as much time sifting through the unsolicited crud in our mailboxes, offering Viagra, body enhancements, cheap mortgages or the opportunity to assist third-world money launderers?
From a small trickle a few years ago, the volume of unsolicited email has grown exponentially, and some researchers now believe that each of us spends many minutes every day filtering out unwanted messages.
There are a few people who can proudly boast that they've never received junk email, but it's only a few. The rest of us have had to put up with an ever-increasing tide of bilge, sent by people who believe they have a divine right to waste our time and phone bills.
Since the cost of sending an email to one person is much the same as that of sending it to thousands, it's a very attractive option for those who feel they have a message to get across.
A whole mass-mailing industry has grown up, with a range of products designed to make it simple for people to send bulk email to tens of thousands of addresses in a very short time, along with companion products such as lists of 'valid' email addresses, which will almost certainly include your address.
And to complicate things further, there are companies attempting to use email marketing responsibly, often falling foul of the dislike of junk messages. Regulation is very hard, with senders and recipients often in different countries, so what can you do?
There's an increasing number of tools available to help work out which email is necessary and which is junk. You can allow only email from specific people to reach you, you can use a confirmation-based system or employ automatic filtering - at prices that can vary from nothing to several pounds per month per mailbox.
And there are plenty of tips and tricks you can use to try and cut down on the number of people who can figure out your email address and use it to send you junk. So, read on and find out how you can take back control of your inbox from the spammers, scammers and other low-lifes.
Assuming you're an innocent newcomer to the net, what sort of things can you expect to find in your inbox? The variety is astonishing - and often verging on lewd. Alongside weight loss programmes of dubious efficacy you'll find plenty of offers regarding Viagra, enlargement of body parts or promotion of some of the less savoury adult sites on the net.
Then there are offers of mortgage deals or loan consolidation, very often from foreign companies that don't even bother to check whether or not they're sending email to people they could do business with. And why should they after all, when the recipients bear most of the cost for collecting messages?
And as well as the straightforward spams, there are the scams too. While you might think that most of these are so obvious that any fool can see through them, some are rather more clever, and can take in even the most net-savvy user.
Among these are scams that have recently been used to target users of sites such as eBay, Paypal and Nochex. The most common form is an email that appears legitimate, asking you to update your stored personal details and offering a link to do so.
Usually, claims are made that you've been picked for a random security check, or that there's been some sort of computer failure that necessitates entering your information again.
Clicking the link takes you to a dummy website with a look and feel very much the same as that of the target. So, lulled into a false sense of security, you fill in all the requested information. Needless to say, all the information you type in will be used for something else, and the first you may notice is the unauthorised charges on your credit card.
There is one type of scam though, which seems so transparent it's a wonder anyone is taken in - but they are, with depressing regularity. Commonly known as the Nigerian 419 scam or advance free fraud, these make claims about lost fortunes, and a desire to find someone who can help ship cash out of a country, in return for a split.
Originally a postal scam operated from Nigeria, variations on these now crop up from all over the globe, including some topical Iraq-based ones.
All you have to do is pay a certain amount up front, supposedly for bribes, and a large portion of the money will then be yours. Why you? Often, money might have belonged once to someone with your surname, or some other tenuous connection will be claimed.
Sometimes there's no pretence: it's an invitation to take part in a fraud, and if your greed gets the better of you, please don't write to PCW about how unfair it all was.
Why me?
One of the questions you'll probably ask yourself as you sift through the junk in your inbox is 'Why me?' You may do so with a certain amount of trepidation if you've just received an email advertising 'sexy underage lolitas'. Does someone have you down on a list of people interested in such things? Is a knock on the door from the police not far away?
Fortunately, in most cases, the answer is no; the email lists used are very often indiscriminate, and those selling them guarantee little more than that the addresses work.
Addresses are culled from lots of different sources. Ever posted a message to a Usenet discussion group or a mailing list that's archived on the web and consequently available via Google?
Do you have a web page? Have you ever been in a chatroom or have been a little incautious when signing up for websites and not checked their privacy terms to see what they'll do with your email address?
Those are all the obvious and easy ways for someone to find out your email address, but there are plenty of others. If you're a member of a professional association, it may have a directory on the web. And if that's searchable, it can probably be manipulated with a script to extract the email addresses of all the members.
Websites can be searched easily by robots, which will look for the 'mailto' links, or addresses in the text of the page, and extract addresses from them.
But what if you've never ever posted anything anywhere, never put your email address on a web page and never signed up for anything, and you're still receiving junk email? You can still become a target via what's called a 'dictionary attack'.
If there are enough users in a big domain - like AOL or Hotmail - then there's a good chance that most of the common names and words in the language will be valid email addresses.
You can extend it, too, by putting two words together, or a name and an initial, like jsmith or perhaps a year; all the spammer has to do is try it once, see which addresses are rejected, and the rest are worth sending things to in future.
Stopping the flow
So now you know how people can get your address, what can you do to stop it and get your inbox back under control?
First things first. The bad news is that if your address is on lots of lists then your best solution may be to accept that you need to change your address, and try hard to keep the new one junk-free.
If you don't do that, you can still cut down on the junk, but it's a lot easier if you start with a clean slate.
If you want to take part in discussions on the net, whether in chatrooms, message boards or Usenet groups, it's worth creating a new ID to use just for that; you could sign up with Hotmail or, depending on your ISP, simply create a new account on your computer.
You can also obscure your address by amending it when you post to online forums; you'll often see addresses like fred@NOSPAMfredspc.co.uk. Most people realise that they need to remove 'NOSPAM' when they use the address.
While that will cut back some junk, it won't repel all of it, since character strings like 'NOSPAM' are a fairly simple thing to search and replace. You may wish to be more creative.
And while it can be useful to have a 'Mail me' button, or to put your address there, it's also an invitation to have your address grabbed, both by spammers and by some viruses. Consider creating a graphic with your email address spelled out in the graphic and then use that in place of text - that way it won't be readable by robots.
And instead of a mailto link for people who want to contact you, consider providing a contact form that can send you an email without divulging it to the web browser.
Sometimes, of course, you have to give your email address to people, often as a condition of signing up for something.
In that case, if you can create additional addresses with your account, it's often worth doing so. That way you can work out who's passed your address on. For example, if you signed up for something on the Acme website, you might create a special address like Nigel.acme@your-isp.co.uk.
Filtering it out
Of course, this sort of trick will help stop your address being spread about, but what about getting rid of the mail that's already being sent to you?
First rule of the road is: never reply. Even if they say that replying will take you off their list, don't - unless it's a reputable UK company or someone else you've already done business with.
More likely, such links and reply addresses will just confirm that your address works. If your email program provides such a facility, bounce the message back to the sender, so that it looks invalid.
The next thing to do is to spot them when they hit your inbox. Sometimes that's easy - anything with words like 'Viagra', 'enlarge' or 'lolita' is likely to be junk. Sadly though, there's a lot of spam that uses subjects like 'Re: last night' or 'Hey there' to try and make you think it's a part of an ordinary email exchange.
Look out too for random number or characters in subjects, which can be a kind of code so people know who has responded to which email. Claims that a message has been sent in accordance with a particular piece of legislation, or that it's not spam, almost certainly mean that it is.
It's this kind of more detailed analysis that automatic spam filters use, and some of them claim accuracy rates of over 90 per cent. But that means there's a 10 per cent chance of mis-identification, which can include real mail being erroneously flagged as unsolicited and either tagged as such or rejected.
Some mail programs, like the Mac OS X Mail client, include filtering too, which you can train and then leave to filter junk. But as with all training systems, it's advisable to check the results from time to time.
There is a wide range of solutions you can use, including software on your own PC, or choosing an email provider that uses their own or third-party filters like Brightmail or Messagelabs.
You can add Messagelabs services to a corporate email system and, at a few pounds a month per mailbox, it will probably pay for itself in time saved.
It's also worth considering packages like Mailwasher (www.firetrust.com) to help filter and reject messages, or Spamcop (spamcop.net), which will collect messages from your mailbox and filter them into a new mailbox on their server for $30 (£19 approx.) per year.
You can also use databases from organisations like Spews (www.spews.org). These provide lists of known spammers, the companies and ISPs that support them, and the open relays (insecure systems used to pass spam through) that they use.
Spews also tracks dialup connections, also often used to send spam. By using these databases of offenders, instead of filtering mail when it reaches your mail box, any attempt to connect to your server will be rejected before the mail is sent, if it comes from a 'bad' source.
If you run - or could run - your own mail server, such a solution can be one of the most effective. Even if you don't, you can use these databases with Windows tools such as Spampal (www.spampal.org) to tag suspected spam as it's downloaded from your ISP's mail server.
Yet another alternative is to use a system like Active Spam Killer (www.paganini.net/ask) or one of the similar systems available on the net.
Essentially, these respond to each piece of incoming mail with a reply that people must acknowledge in some way, either by sending back a code displayed on a web page, or just by replying to the message.
Once that's done, the sender is accepted, and further messages from them pass through to your inbox unobstructed.
Most spammers don't have the time or inclination to respond to such requests, but it can also be confusing for some legitimate correspondents. You can usually create a 'white list' of people you always want to receive messages from, so they don't have to go through the process when they contact you.
Fighting back
So far, we've looked at ways of filtering junk email out, but is there anything you can do to get back at the selfish fools who send it?
The most important lesson is that, no matter how tempting it is, don't send huge files or viruses back to the sender. Very often the address that a junk email purports to come from isn't real. It's likely to belong to another unwilling recipient, or to be completely forged.
You can try forwarding the junk back to 'abuse' or 'postmaster' at the domain the email came from, and they'll be able to track down information by looking at the message headers.
If the email is an incitement to commit fraud, along the lines of 'please help me get these millions out of the country following the tragic death of someone with a surname spookily similar to yours,' check the Metropolitan Police website at www.met.police.uk/fraudalert.
For the time being, the only types of junk email that the police are able to deal with are fraud and child pornography - but that may change.
Already, some states in the US prohibit the sending of junk email to their residents, and there have been some successful prosecutions, although nowhere near enough to make a difference.
And while the EU is intending to introduce controls that will make much junk email illegal, only people who have opted in will be legitimate recipients, and that won't stop people from outside the area sending email in.
The best response for many people is to help report spammers, either via email if you can work out where it was sent from, or via websites.
For example, the Spamcop website has a reporting system which feeds directly into its real-time blacklist, ensuring that once a sending host is listed, people using the black list won't receive any more spam from it. At the Mail Abuse Prevention System (www.mail-abuse.org), you can find plenty of other tools to help you track down the senders.
But for most people, we reckon the solution is to use some of the tools we've looked at earlier. If you can, choose an email provider that offers filtering and tagging of messages. If not, pick a tool like Mailwasher or Spampal to clean up your mailbox for you.
At the very least, set up filters in your mail program to move the email you care about into one place, and leave everything else in a folder of its own to look at another time. Above all, no matter how tempting the offers you receive, don't reply!
DOs AND DON'Ts
- Always use a disposable address for postings in online forums like newsgroups, chatrooms and message boards. You can abandon it if it gets too spam-filled, and give genuine correspondents your real address.
- If you want to provide email contact on your website, use a script to allow form-based emails, or create a graphic with your address in it. Don't put the address in the text or use mailto links.
- Never reply to a junk email, or click the Unsubscribe links. If your mailer has a Bounce option, use that to reject the message and consider reporting it via Spamcop.
- When you sign up on a website, check carefully to make sure if you have to opt-in or opt-out of receiving email, as it's not always clear. And consider using a unique address for each site, if you can.
- If you manage your own mail servers, consider installing software like Spamassassin, using Spews filtering or signing up for a service like Messagelabs mail filtering. The cost will be repaid in time saved by your users.
- If you run your own business, make sure you genuinely have the consent of customers before sending them email. Assuming that you have their implied consent is likely to cause you more problems than directly seeking it.
See also:
The term 'spam' may have been popularised by a Monty Python sketch but, in the electronic world, junk mail is far from a laughing matter. 06 Jun 2003All Online
del.icio.us
Digg this
reddit!
