Where did using the term “spam” to mean unsolicited email originate? The prevailing theory is that it is from the song in Monty Python's famous spam-loving vikings sketch that goes, roughly, "Spam spam spam spam, spam spam spam spam, spam spam spam spam..." The vikings, who were sitting in a restaraunt whose menu only included dishes made with spam, would sing this refrain over and over, rising in volume until it was impossible for the other characters in the sketch to converse (which was, of course, a large part of the joke.) from www.cybernothing.org

Spam & filters
Not anymore the harmless yet repugnant chopped ham meat brick, spam is the scourge of the email inbox.  In December 2006, spam accounted for 90% of emails. And bad news on the horizon: it is predicted to get worse.   Global IT security specialist Secure Computing predicts that figure will be 97% by December 2007!

Like the oil filter on your car, spam filters work somewhat, but they not a standalone solution. There is simply too much! Filtering means you, your ISP, and your system have to work harder. Yet, you still get spam as spammers incessantly find new ways around them.   For example, spammers are now using images for their message and including random text to confuse filters.  The unnecessary costs of time, money, and resources are passed on to you in the form of higher access fees.   Using filters is a temporary solution, but only worthwhile if you couple it with other ways of combating spam.

 

Spoofing
A “spoof” used to be a satire or parody.  The internet version of the word is not as innocuous.  One of the dangerous things about spammers is their ability to “steal your identity.” They can do this even if you give no personal information out.   Let’s say you have your email address on a website, for example, on a contact page for your water system, recreational activity or club, or your city, etc.  Robots are created that automatically detect an email address format from webpages, much like search engines “crawl” sites to index them.  Then, the fraudster spoofs your email address and uses it as the Return-Path for their spam emails.  You can use any return path by simply changing your email account settings.  It doesn’t even have to be a valid email address.  It now appears that YOU are sending out spam, even if it did not originate from your computer!

<script language="JavaScript" type="text/javascript"> <!-- Begin  user = "jen"; site = "jensharp.com"; document.write('<a href=\"mailto:' + user + '@' + site + '\">'); document.write(user + '@' + site + '</a>'); // End --> </script>

A somewhat effective solution for this is a javascript snippet that is placed directly into the html document exactly where the email address will be displayed.

 

Another solution is to use an email address separate from your personal address for public use.  Yahoo and Hotmail are two providers of free email services.

From KRWA Wed Jan 10 06:24:34 2007 X-Apparently-To: skydivekansas@sbcglobal.net via 209.191.86.194; Wed, 10 Jan 2007 06:27:16 -0800 X-Originating-IP: [208.255.91.14] Return-Path: <krwa@krwa.net> Authentication-Results: mta129.sbc.mail.mud.yahoo.com   from=krwa.net; domainkeys=neutral (no sig) Received: from 207.115.20.176  (EHLO flpi136.sbcis.sbc.com) (207.115.20.176)   by mta129.sbc.mail.mud.yahoo.com with SMTP; Wed, 10 Jan 2007 06:27:16 -0800 X-Originating-IP: [208.255.91.14] Received: from vision.worldhosted.com (vision.worldhosted.com [208.255.91.14])           by flpi136.sbcis.sbc.com (8.13.8 inb/8.13.8) with ESMTP id l0AER40W007437           for <skydivekansas@sbcglobal.net>; Wed, 10 Jan 2007 06:27:05 -0800 Received: from SMTP32-FWD by jensharp.com   (SMTP32) id A037032D0; Wed, 10 Jan 2007 09:22:59 -0500 Received: from server.haugcomm.com [12.40.38.9] by vision.worldhosted.com with ESMTP   (SMTPD32-8.05) id A65E2DE4007C; Wed, 10 Jan 2007 09:21:18 -0500 Received: from 12.40.38.196.haugcomm.com ([12.40.38.196] helo=[192.168.0.5])           by server.haugcomm.com with esmtpa (Exim 4.60)           (envelope-from <krwa@krwa.net>)           id 1H4eNR-0006cx-Tg           for jen@jensharp.com; Wed, 10 Jan 2007 08:25:12 -0600 Message-ID: <45A4F722.2020300@krwa.net> Date: Wed, 10 Jan 2007 08:24:34 -0600 From: KRWA <krwa@krwa.net> User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Jen Sharp <jen@jensharp.com> Subject: Re: Web Update References: <45A2A8D7.4070907@krwa.net> In-Reply-To: <45A2A8D7.4070907@krwa.net> Content-Type: multipart/alternative;  boundary="------------070708090509090601050300" Content-Length: 422056

Headers
Not a double header at a baseball game, email headers are a sort of “envelope” that traces the path of an email from its sender to its recipient. At right is an example of an email header.  The number following the Originating IP is usually the sender’s IP address.  An IP address is a specially assigned number, like a serial number, assigned to your exact computer.   Although you can assign your own IP address to your hard drive, many internet service providers dynamically assign a number to you as you log onto their service.  The IP addresses following Received: from tell the story from top to bottom, the path that email took to reach you.  You can use databases online to look up information about suspect IP addresses.

Internet Numbers are assigned by region as shown by the map below.  You can look up a specific IP address using any one of these Regional Internet Registries (RIR) and find information about where that IP originated.  You may not know immediately what region the IP address is in, but these IP databases will redirect you to the appropriate region. Most of the time, you will find the IP address as part of a range of numbers assigned to a company. However, by looking at the range of IP address, you can narrow down what company a particular spammer uses as their ISP.  You can find email addresses, physical addresses, and phone numbers to contact these companies. Since in most cases, individuals will have a different IP number each time they log on, you will need to report the IP number and time of the abuse to the network administrators, who should be able to use their log files to contact the individual involved. ISPs will not give out detailed information about the exact user.  If that company receives multiple and frequent abuse complaints about a particular IP address, they can take action on that spammer, such as refuse to provide service.

Map of Regional Internet Registries
APNIC	Asia Pacific Network Information Centre	www.apnic.net/apnic-bin/whois.pl
RIPE NCC	Réseaux IP Européens Network Coordination Centre	www.ripe.net/perl/whois
ARIN	American Registry for Internet Numbers	www.arin.net/whois
AfriNIC	African Regional Network Information Centre	www.afrinic.net/cgi-bin/whois
LACNIC	Latin American and Caribbean Internet Addresses Registry	http://lacnic.net/cgi-bin/lacnic/whois
ICANN	Internet Corporation for Assigned Names and Numbers	www.icann.org www.internic.net
In general, these databases contains details of the networks that are using address space, not the individual users.  There are two major types of whois databases. One type contains records on domain names and the other contains IP address records.  These above are IP address databases.

 

How do I view a header in my email program? With Outlook Express – Select a message, under main menu: File, Properties, Details tab With MS Office – Select a message, under main menu: View, Options: Internet Headers at bottom of window With Yahoo – click on Full Headers at the top right of the message With Hotmail – on top menu bar at right: Options, Mail Display Settings, under Message Headers select Full or Advanced With Thunderbird – under the main menu: View, Headers, All

Obviously, looking up the IP address for every spam email is time consuming and impossible.  However, if you have a particular repetitive problem, complaining to the ISP of a spammer can get results.  There are also services and shareware available that do this for you automatically, such as SpamCop, Spam!Alert, Spam Control and other resources found at http://spam.abuse.net/userhelp/#report.

 

Blog Posters
“Poster” used to mean a large colorful picture or advertisement… now it’s someone who posts on blogs. (What’s a blog?) More and more internet users are posting to guestbooks, forums, newsgroups, and the increasingly popular chronological “diary” called a blog.  This means, more opportunities for spammers to flood resources and lock up a site, or simply to post annoying or advertising content.

Who to complain to: America Online:  abuse@aol.com Compuserve: ecgintern@csi.compuserve.com Prodigy:  mailadm@prodigy.com AT&T WorldNet: abuse@worldnet.att.net Earthlink: spam@earthlink.net abuse@earthlink.net Netcom: abuse@netcom.com For others:  postmaster@<the provider's site> (according to internet standard RFC822 (STD 11), all sites are supposed to have such a mailbox)

Sample Complaint Letter: Hello. The spammer below is either using your resources to send out bulk unsolicited commercial e-mail ("spam") or is deceptively trying to make it look like he is. In either case, a legitimate company like yours probably would not approve. The information below should be all you need. --begin full headers-- (from abuse.net)

If you maintain a website with a contact form, forum, guestbook, newsgroup, blog, etc., be sure to include as part of the information gathered from posters their IP address, or remote name as it is sometimes called.  This will allow you the ability to look up their origination information, or even block their IP address from your site.

Phishing
No, it’s not something to do at a lake on a lazy Sunday afternoon…  Internet criminals set up fraudulent website or solicitations by email that invite you to give them your personal data.  They set the bait and hook and wait as they phish for unsuspecting users to believe their scam. Phishers need your cooperation for this to work: their schemes to get your sensitive private information include lottery winners, free web space, soliciting donations for a cause, make money fast claims, and chain letters.  This is the Information Age where data is gold.  Protecting your information is as imperative as keeping your valuables in a safe.

Users are becoming educated and are more cautious to fraudulent emails claiming to be a well-known company asking for sensitive information.  So, fraudsters take it up a notch: a new extension to phishing is vishing, where criminals use the internet to call users on the phone, leaving them an automated message that warns them some “account” is in jeopardy.  They are told they need to call and update their account information, which of course includes a credit card number. 

 

Herders & Zombies
You thought “Night of the Living Dead” defined zombies?  You thought the worse a virus could do to you was a cough and fever?  In the past, a hacker’s goal was to write a virus that would be the most destructive.  Today, viruses are being written specifically to create a robot network or botnet.  Their goal is to elude detection by anti-virus software, to “lay low” and quietly take over the user’s computer.  This collection of compromised machines run programs (worms, Trojan horses, viruses, etc.) under a common command and control network. The bot herder, or originator, controls the group, much like a herding cows, only they do it remotely without the user’s knowledge or permission.  You could be an involuntary spammer, a Zombie, and not know it! It is estimated that more than 450,000 unique zombies appear every day! 

 

Do’s • Subscribe to a blocking list or ask your ISP to do so. • Install spam-reporting software or subscribe to a service to report spam automatically. • Report spam abuse to sites like abuse.net that are dedicated towards fighting spam. • Complain to ISPs that originate and forward the spam. • Things change all the time.  Keep yourself educated and watch for suspicious activity. • Consider using a separate email address for some public activities such as chat rooms or contact list on your website, in order to protect your main address from spammers. • If possible, consider setting up a filter to block all email unless its address is on your approved list. • Write your legislators and let them know this is an issue you care about.  Suggest they promote an “opt-in” approach vs. the current “opt-out” view.

Don’ts • Give your email address or other personal information when filling in forms online unless you are confident in the reputation of the company and confident it’s not an imitation website • Give any private sensitive data such as credit card numbers or social security numbers unless you are confident you are dealing with a reputable company and not an imitator. • Never reply to spam, even if it is to send a "remove" request. Most spammers ignore such responses, or worse, add you to their list of validated email addresses that they sell. • “Spam the spammer…” This doesn’t help, wastes your time, and can validate your email to the spammer. • Just rely on your filter, or use a manual filter.  This means you waste even more time. Filters don’t work that well, and spammers continue to find ways around them.  You also must act in other ways.

Other websites for more help:
http://spam.abuse.net/
http://spam.abuse.net/userhelp/howtocomplain.shtml How to complain!
www.cauce.org  Coalition Against Unsolicited Commercial Email
www.spamcop.net List of Resources
www.windweaver.com/nospam2.htm How to Report Spam
www.abuse.net Network Abuse Clearinghouse
www.mynetwatchman.com Monitoring and reporting worm/hacking activity
www.cybernothing.org/faqs/net-abuse-faq.html Spam FAQs
www.elsop.com/wrc/nospam.htm List of Links
www.ecofuture.org/jmemail.html List of Links

 

included graphics in order of appearance & their credits:
spam.jpg from www.spam.com
region_map.jpg from www.apnic.net/info/faq/abuse
globalpolicy.jpg from www.afrinic.net/policy.htm