06 June 2005
Spam, spam, spam, spaaaaam!
In the decade or so since Web access became a consumer commodity, we've fixed many things about the Internet, from the slow speed of dial-up modems to browsers that crash three times an hour. But spam is a bigger nuisance than ever.
It starts taking its toll long before it lands in your inbox. First, spammers employ spyware and viruses to hijack home and office computers for use as unwitting relays for junk e-mail. Then your Internet provider must spend time and money running filters, lest its computers be swamped.
The junk e-mail that inevitably leaks through wastes your time and band-width as you wait for each message to download. Almost all of it insults your intelligence and good sense; spam assumes we're drug-addicted, money-grubbing, porn-addled fools ready to click on any stupid offer.
And the single worst thing about spam? Enough recipients are those kind of fools, plenty to keep spammers in business.
Nobody has found a technological fix for spam. The Internet's design puts a priority on the free flow of data. Internet providers, too many of which still whore themselves out to spammers and spammers' own cockroach-like tenacity, all but ensure there won't be.
Because the Internet spans the world, laws aren't likely to solve this problem either although I am always delighted to see spammers being litigated into poverty, fined into bankruptcy or imprisoned forever.
Spam can, however, be managed. You can make your e-mail address a smaller target for spammers, and you can shunt aside a healthy chunk of the spam that does find you.
If you can keep your address off spammers' lists, you will get little or no junk e-mail. So never post your e-mail address on any public spot on the Web, and be choosy about giving it to strangers or companies.
Instead, create a second, throwaway account at any of the free Web-mail services, such as Yahoo Mail, Hotmail or Gmail, and use that for online commerce. Most Web sites won't share your address with the world - but a few might, so why chance it?
This method will not, however, defeat a dictionary attack, in which spammers send messages to randomly chosen names at popular Internet providers. Having an address with an unusual spelling or at a lesser-known provider can reduce vulnerability.
When spam arrives, never respond to it. And make sure your mail software isn't doing that for you: If it displays a picture in a spam message, it often does so by downloading the image from the spammer's Web site, which tells the sender you just read the spam.
Current releases of the major mail programs - Microsoft's Outlook Express and Outlook, Apple's Mail, Qualcomm's Eudora and Mozilla's Thunderbird - won't display pictures in mail from strangers. But older versions will, so upgrade now.
You can try forwarding your spam to the authorities. In America, you can send a copy to the Federal Trade Commission at spam@uce.gov, or via the link at www.ftc.gov/spam. Forwarding another to the "abuse'' address of the Internet provider that relayed the message (abuse@aol.com, for example) is also smart. But to do that right, you'll need to use your mail program's "show full headers'' option, which is often hidden.
You'd think that writing a program to delete spam would be easy, since even an Internet beginner can tell spam from real mail. But that hasn't happened - yet another way in which the computer can't match the human brain.
Your Internet provider's spam filtering will usually sweep the worst offenders out of sight, but some adopt an excessively strict policy that wrongly tags innocent e-mails as spam. Last winter, for example, Verizon's filtering suddenly began flushing away many legitimate e-mails sent from parts of Europe and Asia.
If you use your own mail program instead of a Web interface such as Hotmail or Yahoo, you can run your own spam filters. The best learn from your use, watching what mail you label as spam and adjust their screening to match. Apple's Mail and Mozilla Thunderbird (www.mozilla.org), both free, include this type of filter, as does the US$50 (HK$390) edition of Qualcomm's Eudora (www.eudora.com).
Microsoft's Outlook 2003, by contrast, has a non-learning spam filter, while its free Outlook Express includes no spam block. You can add a learning filter to either program with various add-ons; some, such as POPFile (popfile.sourceforge.net) and SpamPal (www.spampal.org), are free but may require tricky configuration; others, like SpamBully (www.spambully.com) cost money.
A more stringent defense, "challenge-response'' filtering, requires would-be correspondents to pass a simple test online that a bulk mailer can't or won't bother to complete - usually, visiting a Web page and typing in letters shown in an image. Some Internet providers - notably, Earth-Link - and such add-on software as SpamArrest (www.spamarrest.com) and ChoiceMail (www.digiportal.com) offer it.
But although these systems wave through mail from people in your address book, other legitimate senders must perform extra work. Challenge-response has not been widely adopted.
All of these techniques can only treat spam. A cure will have to be economic: When no money can be made from spam, nobody will send it. Filters, lawsuits and fines can raise the costs of sending junk e-mail, but there's still money to be made by defrauding the gullible.
It starts taking its toll long before it lands in your inbox. First, spammers employ spyware and viruses to hijack home and office computers for use as unwitting relays for junk e-mail. Then your Internet provider must spend time and money running filters, lest its computers be swamped.
The junk e-mail that inevitably leaks through wastes your time and band-width as you wait for each message to download. Almost all of it insults your intelligence and good sense; spam assumes we're drug-addicted, money-grubbing, porn-addled fools ready to click on any stupid offer.
And the single worst thing about spam? Enough recipients are those kind of fools, plenty to keep spammers in business.
Nobody has found a technological fix for spam. The Internet's design puts a priority on the free flow of data. Internet providers, too many of which still whore themselves out to spammers and spammers' own cockroach-like tenacity, all but ensure there won't be.
Because the Internet spans the world, laws aren't likely to solve this problem either although I am always delighted to see spammers being litigated into poverty, fined into bankruptcy or imprisoned forever.
Spam can, however, be managed. You can make your e-mail address a smaller target for spammers, and you can shunt aside a healthy chunk of the spam that does find you.
If you can keep your address off spammers' lists, you will get little or no junk e-mail. So never post your e-mail address on any public spot on the Web, and be choosy about giving it to strangers or companies.
Instead, create a second, throwaway account at any of the free Web-mail services, such as Yahoo Mail, Hotmail or Gmail, and use that for online commerce. Most Web sites won't share your address with the world - but a few might, so why chance it?
This method will not, however, defeat a dictionary attack, in which spammers send messages to randomly chosen names at popular Internet providers. Having an address with an unusual spelling or at a lesser-known provider can reduce vulnerability.
When spam arrives, never respond to it. And make sure your mail software isn't doing that for you: If it displays a picture in a spam message, it often does so by downloading the image from the spammer's Web site, which tells the sender you just read the spam.
Current releases of the major mail programs - Microsoft's Outlook Express and Outlook, Apple's Mail, Qualcomm's Eudora and Mozilla's Thunderbird - won't display pictures in mail from strangers. But older versions will, so upgrade now.
You can try forwarding your spam to the authorities. In America, you can send a copy to the Federal Trade Commission at spam@uce.gov, or via the link at www.ftc.gov/spam. Forwarding another to the "abuse'' address of the Internet provider that relayed the message (abuse@aol.com, for example) is also smart. But to do that right, you'll need to use your mail program's "show full headers'' option, which is often hidden.
You'd think that writing a program to delete spam would be easy, since even an Internet beginner can tell spam from real mail. But that hasn't happened - yet another way in which the computer can't match the human brain.
Your Internet provider's spam filtering will usually sweep the worst offenders out of sight, but some adopt an excessively strict policy that wrongly tags innocent e-mails as spam. Last winter, for example, Verizon's filtering suddenly began flushing away many legitimate e-mails sent from parts of Europe and Asia.
If you use your own mail program instead of a Web interface such as Hotmail or Yahoo, you can run your own spam filters. The best learn from your use, watching what mail you label as spam and adjust their screening to match. Apple's Mail and Mozilla Thunderbird (www.mozilla.org), both free, include this type of filter, as does the US$50 (HK$390) edition of Qualcomm's Eudora (www.eudora.com).
Microsoft's Outlook 2003, by contrast, has a non-learning spam filter, while its free Outlook Express includes no spam block. You can add a learning filter to either program with various add-ons; some, such as POPFile (popfile.sourceforge.net) and SpamPal (www.spampal.org), are free but may require tricky configuration; others, like SpamBully (www.spambully.com) cost money.
A more stringent defense, "challenge-response'' filtering, requires would-be correspondents to pass a simple test online that a bulk mailer can't or won't bother to complete - usually, visiting a Web page and typing in letters shown in an image. Some Internet providers - notably, Earth-Link - and such add-on software as SpamArrest (www.spamarrest.com) and ChoiceMail (www.digiportal.com) offer it.
But although these systems wave through mail from people in your address book, other legitimate senders must perform extra work. Challenge-response has not been widely adopted.
All of these techniques can only treat spam. A cure will have to be economic: When no money can be made from spam, nobody will send it. Filters, lawsuits and fines can raise the costs of sending junk e-mail, but there's still money to be made by defrauding the gullible.
# posted by vdodon @ 01:27 
