outlook express spam filter

CHICAGO — They are imperfect and often overzealous, but spam filters are still the best way to fight unwanted e-mail, technology companies and privacy advocates said yesterday. At a conference here sponsored by the International Association of Privacy Professionals, people involved in the fight against spam said filtering software remains the most widespread and effective way to keep unwanted e-mail out of in-boxes. Scores of other methods to defeat spam have appeared in recent months, including legislation and changes to the structure of e-mail. "There are other solutions out there, but ... filtering is really the most valuable tool," said Carl Hutzler, director of antispam operations for AOL, the world's largest Internet service provider. Spam is unsolicited commercial e-mail. Spam is often deceptive in nature, and technology analysts have said it costs businesses as much as $10 billion a year in services and lost productivity. AOL said it blocks about 80 percent of all incoming e-mail because it is spam. Several hundred companies have emerged in the past year to offer spam-filtering software for e-mail users and businesses. Most filters search for characteristics common in spam, such as pornographic words. Many filters weed out e-mail sent from addresses that have been put on Internet "blocklists," which attempt to identify spammers. Most major Internet service providers use a filtering system to prevent spam from reaching customers, and some boast of blocking more than 90 percent of unwanted messages. The providers acknowledged yesterday that filters are imperfect, because they fail to block all spam and occasionally block e-mail that customers want. But they insisted that filters would remain the primary solution, because no other method has worked. Legislation designed to regulate spam at the state level has failed to stop senders of unwanted e-mail, according to those familiar with the laws. Congress is close to passing a bill that would ban the most deceptive forms of spam, but technology analysts said it is unlikely to work because spammers excel at hiding their identities. To some Internet providers, filtering is an economic necessity. "We can't accept every piece of mail that comes in," Mr. Hutzler said. "The cost would be prohibitive. Filters and blocklists are obviously necessary for these reasons." Microsoft, which owns the Internet service provider MSN, recently updated its spam-filtering service, which examines each e-mail based on more than 100,000 different attributes. It also uses products from Brightmail, a company that filters out spam to more than 280 million e-mail addresses. Much of the staff at the Microsoft's antispam division is charged with researching and analyzing ways to make spam filters more accurate. "We think filtering is certainly part of our core solution," said George Webb, the division's business manager

Commtouch Software, based in Mountain View, California, and MX Logic, based in Denver, both found that more than 99 percent of spam e-mail they checked through late last week did not comply with one or more provisions of the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2005.
A third spam filtering vendor, Audiotrieve, found just over 10 percent of unsolicited commercial e-mail complying with CAN-SPAM requirements in a survey of e-mail it conducted over the weekend.
On the Rise
The new law hasn't had an effect on the amount of spam being sent, either. "There's been no reduction in the volume of spam," says Scott Chasin, MX Logic's chief technology officer. "In fact, the exact opposite--our spam rates are actually going up."
MX Logic classified 77 percent of its customers' e-mail as spam on Monday, up 6.5 percent from January 1.
CAN-SPAM requires that spam e-mail include a working return e-mail address, a valid postal address for the sending company, a working opt-out mechanism, and a relevant subject line. The law also directs the U.S. Federal Trade Commission to study setting up a national do-not-spam list, similar to the national do-not-call telemarketing list now in effect.
Enforcement Needed
The numbers from the three vendors show the need for enforcement actions against major spammers, says a spokesperson for Senator Conrad Burns (R-Montana), a sponsor of CAN-SPAM.
On December 11, Burns and Senator Ron Wyden (D-Oregon), the other leading advocate of CAN-SPAM, sent a letter to FTC chairman Timothy Muris, asking his agency to take enforcement action against "kingpin" spammers once CAN-SPAM became law.
"Senator Burns has continually stated that enforcement is key regarding the CAN-SPAM legislation," the Burns spokesperson says in an e-mail. "This is something that we certainly won't let fall through the cracks."
An FTC spokesperson didn't immediately respond to a request for comment, but Burns' spokesperson provided a letter from Muris dated January 7. "Although we have directed substantial resources to studying a do-not spam registry, we have many more investigations under way," Muris wrote to Burns and Wyden.
Spammers often hide their identities, and an investigation into a spammer can take months, Muris also wrote.
Taking Action
The national spam law alone won't cut the amount of spam being sent, but enforcement could have an impact, with multimillion dollar fines and jail terms allowed in CAN-SPAM for some spamming activities, says Avner Amram, executive vice president at Commtouch. "Legislation is the first step, enforcement is the second," he says.
Commtouch and the other vendors tout antispam technology as an essential partner in the fight against spam. "While legislation helps, it's not the answer," Chasin says. "We applaud the intent of the legislation. Any step in the direction of trying to stop spam is a good road to go down."
To determine how much spam is in compliance with CAN-SPAM, the three vendors took different approaches. MX Logic, which provides spam and virus filtering services, looked at 1000 randomly selected pieces of spam received during the first seven days of January and found only three that complied with CAN-SPAM requirements that the e-mail include a working opt-out option and a valid postal address. In cases where the spam includes a physical address, it may be the address of a bulk e-mail company and not the actual company marketing the product, Chasin says.
Audiotrieve, based in Boxborough, Massachusetts, collected e-mail messages using so-called "honey pot" accounts on January 10 and 11, and found 102 of 1000 messages analyzed contained all of the information required by CAN-SPAM. Physical addresses were missing from all of the remaining 898 spam messages, according to a press release from Audiotrieve, which markets its InBoxer spam filter.
Commtouch, which uses its Recurrent Pattern Detection technology to identify and filter massive spam attacks, has analyzed millions of e-mail addresses since January 1 and found less than 1 percent that comply with CAN-SPAM, Amram says. Commtouch found that 80 percent of spam e-mail didn't include valid return e-mail addresses and more than 40 percent contained subject lines that weren't related to the text of the e-mail.

Efforts to curtail spam have been pressing forward, with some positive results. The CAN-SPAM Act, which went into effect on January 1, 2004, directed the Federal Trade Commission (FTC) to adopt tools to combat unsolicited commercial e-mails, commonly known as spam. Those rules continue to evolve, despite resistance from marketers who employ spam to spread the word about products that range from legitimate consumer goods to black market drugs, pornography, and worthless investments.
Still, there seems to be no stemming the flow of spam email that profile of obscure, penniless public companies. Read those reports and you might believe that every one of these struggling companies is poised to become the next Microsoft or Intel. That optimism is generally paid for by promoters who are looking to create interest in a company, help spike the stock price, and then dump their own shares. There is virtually no chance that any of these companies will rival Microsoft, Intel, or any other successful technology company. Most of them are lucky if they can afford to buy a computer, much less market one.
The anti-spam initiative moved forward this month when federal enforcement agents arrested two Detroit, Michigan-based men and charged them with sending millions of e-mail advertisements for a bogus weight loss patch. Two other men are still being sought in the case. The arrests mark the first use of the new spam busting regulations.
The four men, Daniel Lin, Mark Sadek, James Lin and Christopher Chung, could face five year prison terms under the CAN-SPAM law, as well as mail fraud charges that carry a maximum 20 year sentence.
Authorities claim that the defendants earned almost $100,000 a month selling the phony diet patch through a company called Phoenix Avatar. To cover their tracks, the men used other people's e-mail addresses, a technique known as spoofing. Spoofing is illegal under the new anti-spam rules.
In a separate case targeting spammers, the FTC said it is seeking to close Global Web Promotions Pty Ltd., an Australian-based spam operation that sends a massive number of spam to the U.S. Global Web, like Phoenix Avatar, has been promoting a useless diet patch, as well as other anti-aging products that experts say do not work.
These spammers, who are selling useless weight-loss products, have a good deal in common with spamming promoters who peddle worthless stocks. Both are using e-mail to gain immediate, low cost access to millions of potential customers, and both employ manipulative and misleading techniques to profit at the expense of innocent consumers.
Now, hopefully, the FTC will aim CAN-SPAM at the stock promoters as well, and curtail the seemingly endless stream of promotional nonsense that litters the e-mail.

Eight out of ten spam e-mails contain covert tracking codes which allow the senders to record and log recipients’ e-mail addresses as soon as they open the message. These are among the findings revealed this week by OUT-LAW.COM, the IT and e-commerce legal service from international law firm Masons. The research was carried out for OUT-LAW.COM by network security experts iomart.
Much of this unwanted spam is illegal under various regulations but Shelagh Gaskill, a partner at Masons, said: “The people sending it could not care less about the law.”
Iomart set up separate accounts to receive spam, or unsolicited commercial e-mail, and the team of investigators played dumb and opened up all spam that came into these accounts.
They found that 83% were HTML e-mails with hidden tracking codes that notified the spammers as soon the messages were opened. After a two-week period, the volume of spam received on these accounts virtually doubled. Hundreds of worthless e-mails became thousands in almost no time at all.
Next, the team ‘sterilized’ the spam flowing into these accounts, removing the hidden tracking codes. During the next few weeks there was a slight but steady decline in the mountain of spam being received.
Their conclusion was simple and stark: that spam e-mailers respond to the hidden tracking codes by sending more e-mail to identified accounts.
For a third trial period, spam e-mail was ‘bounced’ by means of an automatic e-mail being sent to the spam sender, stating that the e-mail could not be delivered, but not giving a specific reason why.
Predictably, based on their earlier findings, there was a marked drop in the number of spam e-mails being received. The decrease in spam e-mails started almost immediately, and after about two weeks the volume being received had decreased by about 40%.
“The rule is simple: do not open spam if you want to minimise it,” says Iain Richardson, a software developer with iomart. “A lot of spam is evident from the subject header and sender’s name. If you suspect it’s spam, the easiest thing to do is to delete it – otherwise you’re letting the senders know that you exist and you will receive more.”
Richardson offers a few tips on reading e-mail, and explains how people get caught out. “Popular software, such as Microsoft Outlook or Express, lets the user read a section of the e-mail in the preview window before opening the full e-mail. Be warned that viewing a preview pane will activate the hidden tracker code – so don’t use it if you want to minimise spam.”
Another option is to apply spam filters. The problem with filters is that no system is perfect: there is likely to be an occasional loss of legitimate business communications, unless someone examines all filtered e-mail.
Iomart has developed a product, part of its NetIntelligence suite, which businesses can install in their system to give the option of filtering or sterilising only the hidden tracker mechanism in spam.
There were a couple of points of note in the results of the tests conducted by iomart: most notably that the decrease recorded after spam was bounced was less pronounced than the increase noted when the accounts were newly set up and no action was taken to remove tracking codes or bounce e-mails.
So far, so good. Cutting down spam requires little more than ignoring the obviously tacky. Unfortunately, the iomart study suggests that the spammers have thought of that and are involved in a subtle form of electronic warfare to circumvent those who take the simple precautions outlined above.
When the team began bouncing e-mails there appeared to be an increase in the amount of spam coming from different domain names. They concluded that this is likely to be an attempt by the spam senders to circumvent blocking mechanisms based on domain names.
There are laws that are relevant to spam. Depending on how the e-mail addresses were obtained and the manner in which spam is sent, there may be a breach of the Data Protection Act. Do not trust those unsolicited offers of “128 million e-mail addresses on a CD for $200.”
There may also be a breach of the contract that the sender has with its internet service provider – since many ISPs forbid the sending of spam.
Also relevant is the E-mail Preference Service, a list to which people can add their e-mail addresses to say that they do not want to receive e-mail marketing – although it lacks any legal weight.
Most recently, under the UK’s E-commerce Regulations, all unsolicited commercial e-mail must be clearly and unambiguously identifiable as such as soon as it is received. Such e-mail must also, among other things, clearly identify the person on whose behalf it is being sent.
The UK has to implement a European Directive on the protection of privacy in the electronic communications sector before November 2003 that goes further than the current UK position on spam.
It requires that unsolicited commercial communications such as e-mail, text messages, faxes or telephone calls from automated calling systems, are only lawful if consumers have already indicated that they are willing to receive such communications.

COULD SPAM EFFECTIVELY destroy the Internet? While that's a question direct marketers would either avoid or laugh at, depending on their outlook, it's an increasingly-serious problem.
The Internet, in its most abstract form is a tool designed to facilitate communication between at least two parties who may be separated by hundreds or thousands of miles. The idea of an electronic mail system that can deliver messages across this network is an obvious one and is crucial to the dissemination of information. Even in the 21st century, email functions as the lowest-common-denominator of Internet access. Computers far too slow for streaming video or flash animations can access it, even users on ancient 14.4 modems can download it, assuming no attachments, and even the most electronically uninitiated can learn/understand the simple act of writing a letter and sending it to someone electronically. For many people exploring online for the first time, email acts as a gateway and entry point to a much wider world. It is, in a word, essential.
Spam began life as small containers of whipped pig, became an occasional annoyance, and is rapidly becoming a problem of endemic proportions. AOL is reportedly beginning to block ADSL users from certain networks that run their own personal mail servers, from writing to AOL addresses as an anti-spam effort.
Faced with a deluge of spam coming from the East, many US companies/technical firms have begun banning all email delivered from certain world IP ranges .[Most of my spam comes from the USA, Jack. Are you telling me that Coral Calcium won't change my life? Ed.] Blocked at the firewall, such email bounces and isn't delivered. An increasing number of users refuse to publish their email addresses or give erroneous ones so as not to be placed on email lists that are then sold to mass-marketing companies. Entire websites are devoted to maintaining blacklists of domains or IP's accused of spamming, and getting taken off such a list can be all but impossible.
All of the anti-spam actions undermine the fundamental principles of communication the Internet is meant to foster and the problem isn't getting better. Faced with an ever-increasing deluge of junk mail, users and companies alike are adopting increasingly restricted rules of communication that have begun to transform email networks from open communication areas to walled fortresses, the occupiers of which speak to each other only under an occasional flag of truce.
It might be easier to tolerate this parasitic form of advertising if any of the arguments used to justify its continued existence held water. Some of these are.
It takes no effort to delete Untrue. Deleting one email takes no effort, deleting 500 does, particularly when one must sort through all 500 to ensure that a real, valuable message isn't wiped along with the junk.
Users can opt-out of receiving it Again, untrue. It’s a well-known fact that responding to a spam email with a removal option will indeed get you removed from that particular company's list, but it'll also put your name on a list of "guaranteed" active email addresses that'll be resold at a premium price. It's like plugging one hole in a dike while drilling fifty more.
Spam advertises important services Unless fifty thousand people I don't know have somehow intuited that I'm drastically under-endowed, have a secret love for websites named "goatsandsheep.com" and want to make money from home without buying anything, selling anything, talking to anyone, or sending any mail, I don't think this argument holds water either.
Perhaps the biggest and most practical anti-spam argument, however, is its cost. While bulk email lists are cheap and sending the emails may be effectively free, the cumulative cost in network bandwidth to the thousands of companies slammed with the message isn't. Spam is the ultimate advertising parasite. Imagine, for a moment, that your newspaper boy was forced to deliver fifty thousand advertisements with every paper, while the newspaper company itself was stuck with the cost of transporting and creating those ads, even though the work was done by a third party.
Spam is, in fact, only distantly related to any other form of advertising. Pick up a paper or turn on the television and you'll see advertisements — but these advertisements are placed with the mutual understanding that you, by choosing to read the paper or watch a television program, have agreed to be shown such advertisements to help subsidise it. Websites operate under a similar paradigm. While you are reading this article there are ads running on the page — by visiting The INQUIRER you give tacit consent to view them as partial "payment" for the content you are consuming.
Email spam is something else entirely. It is the only form of advertising that thrusts itself into a space set aside for the private citizen, while trumpeting its right to exist due to the fact that it offers readers choices, whether they want them or not. The argument that having an email address is a tacit invitation to spam is logically false unless an ISP's specific agreement were to implant such a rule. By paying my $20 (or whatever you pay an ISP) you are paying for the right to rent what amounts to an electronic PO Box. Were you to do such a thing at a standard post office, it would not give Best Buy the right to stroll by and casually stuff it full of ads.
If the current spam epidemic is not stopped by legislative action it will inevitably destroy a fundamental principle on which the Internet was based. Email will still exist (as will websites, etc) but the open communication that made the Internet such a useful and interesting place will ultimately be scrapped in favor of a degree of privacy that prevents such abuse.

Challenge-and-response systems pose particular problems for newsletters and listservs. These systems try to cut down on fraudulent e-mail by not delivering a message until the sender replies to a confirmation e-mail sent by the intended recipient's ISP or e-mail host.
"Declan McCullagh of Politech and Dave Farber of Interesting-People can't do 100 challenge-responses a day," said Cohn. "That, as a solution, doesn't scale."

It would be wrong to call Cohn soft on spam. While in private practice she sued a spammer and won a court injunction and $60,000. And her employer uses antispam technology on its own servers.
The difference, according to Cohn, is that the SpamAssassin software EFF uses doesn't block spam, it simply rates each e-mail. Staffers then set up their e-mail clients to separate messages into different inboxes. This keeps the main e-mail boxes free of spam, but allows individuals to check the spam folder occasionally to see if a legitimate e-mail was incorrectly tagged as junk.
Many in the technology industry think that only better technology can stop the spam deluge.
"The only people who can stop spammers are other technologists," said trimMail's Gillette.
The most promising new approach is better filters that use Bayesian algorithms to tag spam automatically and move it into a spam folder. The algorithms look at the body and header of an e-mail and judge from past experience whether an incoming message is junk. Users then train the algorithm, by moving misclassified e-mail from one e-mail folder to another.
Paul Graham, who many credit for applying Bayesian filtering to the spam problem, is ecstatic at the power of the new filters.
"I don't need blacklists," said Graham. "My own software is better than I am at deciding what is spam and what is not."
Several open-source and commercial products, such as SpamBayes and Spam Bully, already use Bayesian filtering.
The ACLU's Johnson hopes the new technology will head off the worst of the antispam legislation.
"Why do we want to start imposing a different world for the Internet than we have in the real world?" asked Johnson.
"Let the marketplace handle spam," he said. "When Congress wants to show they are doing something about an issue, they often screw it up."

China has woken up to the problem of spam email and blocked 127 servers which were identified as being the source of high volumes of unsolicited email.
The move is likely to send shockwaves through the international community of spammers who previously had regarded China as a safe haven in which to base their operations.
Many spammers had based their servers in and around Beijing because they believed they were safe from the long-arm of Western law and of very little interest to the Chinese authorities. But if that situation is now changing a drastic rethink may be in order.
The Internet Society of China today announced that 127 servers have been blocked, eight of which were based within China itself, 90 were based in Taiwan and 29 were based around the world. Any emails sent from these servers will automatically be blocked from reaching Chinese internet users.
Ren Jinqiang, an ISA official told official State news agency Xinhua: "This has been the first large-scale spammer blockade launched by the Chinese Internet industry."
While the blockade will have little short-term impact on the amount of spam being received in the West it shows a growing acceptance by the Chinese government of the large part it has to play in the war on the worldwide spam problem.
According to Steve Linford from Spamhaus 100 of North America's most prolific spammers are based in the suburbs of Beijing. This tightening of controls in China may encourage the spammers to move on to pastures new, with the long term hope being that they either run out of places to hide or run out of the funds to keep relocating.

Unsolicited bulk or "junk" e-mail, commonly called spam, now comprises at least 50 percent of all e-mail being sent through the Internet, according to figures compiled by Brightmail Inc., a San Francisco-based maker of anti-spam software.
"Earlier this year, Brightmail predicted that the volume of spam would reach 50 percent of Internet e-mail by the end of 2003, and it did this July," says Enrique Salem, president and CEO of Brightmail. "In less than two years, spam messages have increased from 8 percent of all e-mail traffic to more than half -- and we expect this trend to continue."
In July Brightmail identified more than half of the 61 billion e-mail messages it filtered as spam. Brightmail claims to filters nearly 10 percent of worldwide e-mail and says its estimates are the most statically relevant e-mail sample available.
Why so much e-mail? Brightmail says it's economics. Individual spammers are capable of sending hundreds of millions of e-mail messages each day -- at essentially the same cost as sending out a single message. Therefore, it takes very few recipients to respond to those messages to make a spammer profitable. And barriers to entry are extremely low with minimal hardware and experience needed.

RECENT surveys indicate that by the middle of 2004, junkmail will make up 60% of the total global e-mail volume.
The battle between network administrators and spam is akin to ongoing guerrilla warfare, but system administrators cannot spend the time to open and filter all incoming e-mail.
In the workplace, it is common to get a hearty laugh out of e-mail jokes and to use the company’s network to forward these items to your friends.
But have you unwittingly become an accomplice to spammers?
Employees often forward what they presume as useful e-mail over the company’s network. This unfortunately contributes to the rise in e-mail volume and a crunch in storage space.
As an example, a mail tagged “high priority” that had “Help a Little Girl with Leukaemia!” as the subject tugged plenty of heartstrings. It was widely circulated, and many concerned employees, out of the goodness of their hearts, forwarded this e-mail to everyone in their group.
Very few people checked out the true source of the message, and no one tried to find out whether the little girl had recovered or not.
Six months later, the e-mail will probably be back in your mailbox.
As e-mail like this continue to deluge your accounts, you will begin to doubt their legitimacy. This means that those who are truly in life-or-death situations and need help may well be ignored because of the lack of trust caused by malicious junk e-mail.
Malicious e-mail is nothing new, and best way to counter them is through education and training.
Cute lil' bear
Remember the e-mail that went around, saying: “Quick, check your hard drive and see whether jdbgmgr.exe is there. It’s the newest virus, you’ve got to get rid of it right away!”
Recipients of this e-mail forwarded it to everyone, as though a great enemy was camped at the door. More “enthusiastic” employees answered: “That jdbgmgr.exe file really is there! There’s also a cute little bear icon, it must be a virus all right. Get rid of it, quick!”
Later, that e-mail too was forwarded all over the place.
Poor innocent bear! That bear icon was actually Microsoft’s Internal Java error handler, and once removed it will be impossible for Java to run normally on your system.
But what should worry people more about e-mail being forwarded is that unscrupulous people could use this to harvest e-mail addresses for profit.
Unless you are positive that a virus alert comes from a reputable vendor, you should confirm the source as there have been instances where viruses have also used security company addresses to send e-mail. Last September, the virus Swen A falsely used Microsoft’s name to send huge quantities of “update patch” notifications.
The e-mail from “ms inet mail storage service” and “MS Program Security Section” caused many users to become infected with viruses. Since users thought Microsoft had issued an update or attachment notice, they opened the attachment and hence infected their computers.
The virus took advantage of Microsoft’s vulnerabilities to automatically run itself and used various means of infection to broadcast a large-scale virus attack.
So what does it mean to “be sure” of the source of such e-mail? Well, the quickest and safest way is to ask the manufacturer or your company’s service department.
Harder to manage employees
Jokes and pornographic photos no doubt account for a high percentage of e-mail forwards.
Such e-mail may be more harmful than you think. It can infringe upon the rights of other, and can exact an even higher price in terms of IT.
A well-known publicly traded company in the United States once had a female employee object to the subject line “25 Reasons Why Bears are Better than Women.” The company had to shell out more than US$1mil (RM3.8mil) to buy a mail management software system.
When objections come from within the company, it might not be so difficult to manage them – but when legal questions arise, it is not always so easy.
In recent years, employees have begun to rely more on the Internet. Survey results show that 40% of broadband enterprise bandwidth is used to download MP3 music files or audio-visual files unrelated to work.
Reacting to this technology proliferation, employers are continuously trying to exert a stronger supervision against the use of the Internet.
However, freezing or limiting Internet use is naturally a very controversial area. The majority of corporate policymakers who have made this difficult and necessary decision did so because they saw it as a way to stem the tide of worms coming in by e-mail and to avoid legal problems related to employee download of MP3 files.
Unfortunately, they have also unfortunately sunk into a morass of lawsuits.
Brotherhood of spam, viruses
The majority of firewalls are not effective enough to stop e-mail from coming in. This means that spam and worms can easily break through the first line of defence and get onto the e-mail server. From there, they move to the client workstations.
Junkmail means extra loads on mailserver bandwidth; they sit on top of legitimate e-mail, perhaps even covering up business opportunities. Sandwiched amid advertisements, pictures of puppies, “true stories” from voluptuous women, and joke animations, it is hard to predict how long a real piece of e-mail will take to reach its recipient.
Each e-mail that reaches the client may also carry a worm that will cause the recipient to unwittingly give up all the addresses in his address book. Then the worm starts its cycle of destruction again.
This year’s highly infective big virus, “Sobig,” is a good example of the partnership between viruses and spam. Sobig used e-mail with the subject lines “Thank you!,” “Details,” “My details,” “Approved,” “Your application,” “Wicked screensaver” and “That Movie” to spread itself worldwide.
Network security and antivirus experts are now in a dilemma with users relying heavily on the Internet and e-mail. Must safety-conscious IT departments force workers to give up the Internet, with its growing array of treasures?
That’s refusing to eat for fear of choking.
Therefore, the best thing is to have a network safety expert put a barrier in place for you.
Set up a united front
Since most firewalls only provide basic filtering capabilities, they are not well suited for advanced intrusion techniques. in response to the trend toward large-scale input of networks in companies.
Viruses and spam are arriving in droves via e-mail. That’s why protection at the network gateway, where an alarm is sounded by security filtering software even before the virus actually attacks, is so important.
With the increasing trend of convergence between junkmail, security vulnerabilities, websites, file sharing and other areas where enterprises are threatened, a complete enterprise security system must take into consideration how to protect the company from “combo” attacks or attacks in multiple modalities.
What is required is a solution capable of cutting off invalid or malicious mail at the gateway, preventing these items from disturbing the company, while also keeping out any viruses they might harbour.
The best software protection should also solve the thorny problem of virus protection and spam management once and for all, so that companies will no longer need to purchase two separate products.
Ever-changing spam kings
To stop the spam problem, we must first of all understand the structure of spam.
The most frequently-encountered form uses an automatic mailer so that the same message is tirelessly sent out over and over. Improvements in the tools used to send these e-mail messages is one reason for the recent explosion in spam. It’s now possible to send out millions of these messages in just an hour.
The so-called “Spam King,” Alan Ralsky from Detroit, Michigan, pumped out 650,000 e-mail messages per hour, which adds up to almost one billion messages a day.
One thing is sure: Ralsky could not have filtered all those messages to make sure they didn’t carry viruses before sending each one out.
As a result, it’s very possible that the enduser may encounter an unwanted gift with the mail.
Today, there are two ways to filter spam. One is to set up a virtual mailbox as a decoy; if this phantom mailbox receives any message, it means that it may be junkmail.
However, since spam engines are constantly evolving, you may not be be able to track down the spammers.
To avoid these problems, businesses are using a second method to directly analyse the spam mail structure. Using this method, it is possible for an enterprise to more efficiently handle its junkmail.
Avoid turning gold into junk
E-mail filtering software can help IT professionals avoid unwanted information hassles.
The definition of junkmail may vary from one person to the other because one man’s spam is another man’s filet mignon. For example, you may have received various commercial e-mail messages claiming assistance in “sexual enhancements.” To many it is merely junkmail, but for that someone who is seeking such information, it helps.
Consequently, spam filtering still faces the need for greater flexibility, and there are still many technical challenges to be overcome.
An effective antivirus solution is the one that locks spam outside the gateway and uses an intelligent heuristic engine to evaluate, identify and monitor existing new messages. The solution must be capable of a high accurate spam capture rate with low false positives.
The package must also effectively stem the tide of junkmail while reducing productivity losses associated with handling and filtering duties. This should translate to a lighter load on IT personnel in monitoring and processing e-mail that comes in.
What is required is a package that offers a high degree of integration with existing antivirus software to provide a comprehensive gateway sentinel.
But endusers should also be held more responsible with better education. They should be more selective of e-mail that is forwarded, and more careful of opening e-mail when its source is questionable.

Spam. Those annoying, time-consuming emails that clog your Inbox and ruin your day. You wonder: How did it ever get so bad? While it's not possible to completely eliminate spam, there are quite a few things you CAN do about the problem to reduce your burden.Spam is defined as an unsolicited email trying to get you to buy something. In addition, it's email that tries to get you to give up something: your credit card number, social security number, login ID, etc., by pretending to be a legitimate email. Here are some tips for stopping the current spam you're getting, and avoiding getting on new spam lists.1. Maintain two email addresses: a Personal Email Address (that you give to family, friends and business associates) personal one, and a Safe Email Address (one you use whenever you're ordering something online, signing up for an email newsletter, or creating a profile on a website). For instance, I use a Hotmail account for my Safe Email Address. If a spammer were to get a hold of that address, fine. All the spam will go into my Hotmail account, which I only look at once a week. Hotmail has a great anti-spam filter built in, so it's easy to see what's spam and what's not. This practice leaves my personal email account relatively spam-free (maybe I get two spam emails a day to mypersonal account). Some free email services include Hotmail, Yahoo and GMail (Google's new email service). 2. Use your Safe Email Address to send emails to companies who might be harvesting email addresses from incoming emails. For example, say you want to write to a company to ask them about their products. Some companies will harvest your email address from the email you send to them, and put you on their mailing list. By using your Safe Email Address, you can avoid seeing messages from these companies come to your personal email address.3. Stop giving your email address to everyone who wants it. Does your local bank really need your email address? Does your grocery store need it? Just because someone asks for it doesn't mean you have to give it to them. If it's a non-local company, or you are signing up for a mailing list, then they probably do need it. But it's okay to leave the email address blank when filling out forms. Always ask yourself, Do I want to be contacted by this company via email? (Speaking of mailing lists, make sure the companies you subscribe to have a public, posted Privacy Statement on their website.)4. Do not put your Personal Email Address on your website. Instead, use a form so that your email address is hidden. However, some spammers use special software that looks at the HTML code hidden in the form to steal your email address, so using a form by itself isn't always the safest route. Better yet, use a free Form Processor so that your email address is never even in the HTML coding on your pages. The service I use is Bravenet's Form processor http:// www.bravenet.com . You can see ours in action here: http://www.passionforbusiness.com/send-email.htm5. Never buy anything that's sent through a spam email. First, it just encourages them to continue to spam. Second, it tells them that your email address is accurate, and they can then sell that address to someone else.6. Never reply to spam and ask to be unsubscribed. They'll just ignore it anyway, and it tells them that your email address is accurate, which just keeps you on the list. Note: many legitimate emails newsletters and mailing lists use automated unsubscribe links at the bottom of their emails, and you CAN use these to get off of mailing lists.7. Use anti-spam software, like Norton Internet Security, on your own PC to filter spam as it comes into your email system. You still receive the spam, but it gets filtered to a Junk Mail or Bulk Mail folder, and segregates the spam from the legitimate email. Most anti-spam filters need to be trained, however, so you'll have to occasionally tell the filter that something is NOT spam that it inadvertently put into the Junk Mail folder. Many of these anti-spam filters work on the principle of White Lists (legitimate emailaddresses that you DO want to receive email from) and Black Lists (spammer email addresses that you do NOT want to receive email from). Learn how to train your anti-spam software and it will work wonders for you.8. Check to see if your ISP or hosting company has anti-spam technology in place, to catch spam before it even hits your Inbox. Be careful, though, because sometimes these filters are over-zealous and you have to train it to accept emails from mailing lists that you have subscribed to.9. Do not use a catch-all email address. A catch-all email address is set up if you have your own website, and it is intended to catch all of the incoming emails sent to your domain even if there is no legitimate mailbox by that name. For example, your email address might be http://mary@mydomain.com. If that mailbox is set up as a catch all, and someone sends an email to http://marie@mydomain.com (with a spelling mistake in the email name), it will be forwarded to http://mary@mydomain.com. However, spammers know about catch-all email addresses, and will take your domain name (mydomain.com) and add common prefixes to it, like info@ or admin@. If you have a catch-all, then those spamming emails will come to you, even if you don't have a legitimate mailbox of http://info@mydomain.com or http://admin@mydomain.com set up with your hosting company. See how easy it is for spammers to get to you?10. Finally, if spam is really bad, create a new personal email address for yourself, tell everyone about the new address (give them several reminders that you are changing email ddresses), then delete the old personal email address. This may seem a little drastic, but if you receive 200 spam emails a day, it might be time to time this final step to eradicate it.You are not powerless against spam. But you do have to take action to fight back. Don't let them bully you into accepting hundreds of unwanted emails a day! Take action now to reclaim your Inbox!Karyn Greenstreet. is a Self Employment expert and small business coach. She shares tips, techniques and strategies with self-employed people to boost clarity and focus, create sustainable motivation, and increase sales and profits.

The term ‘Spam’, however, originated in 1937, when Jay Hormel of Austin, Minnesota, in the United States, sent nearly two million 50-lb crates of Hormel’s Spiced Ham to soldiers in WW II. Soldiers quickly developed a love-hate relationship with the pink product.
The issue of e-mail spam has only gotten bigger over the years, and the spam business is now valued at around $20 billion per year. Hardly a day passes without us finding mails peddling, among other things, Viagra, debt, porn sites, insurance rates and online degrees in our mailbox. Even as security and mail companies offer various solutions to combat this menace, spammers themselves are becoming smarter by the day, finding means to bypass existing anti-spam tools.
One of the most promising antidotes to spam is so-called Bayesian filtering, which calculates the probability that a given message is spam, based on analysis of messages previously identified as being spam or not being spam.
Most of the spam filters available in the market are keyword-based, that use word and phrase lists to trap spam. These only look for occurrences of the ‘banned’ words to determine if a given mail is spam or not.
Bayesian filters, on the other hand, see casual connections, and can evolve with spam. A Bayesian filter would learn from experience. So while they know that the phrase ‘insurance rates’ is spam, they can also learn, without human assistance, that ‘get the best rates of insurance’ is also spam.
The Bayes in Bayesian was an 18th-century British clergyman and amateur mathematician, Thomas Bayes, who suggested in a posthumously published paper that the probability of some event occurring in the future is related to the proportion of times that event occurred in the past under the same circumstances. Later, mathematicians refined Bayes' ideas and, in the 20th century, built a formal system of classification and decision-making and began applying it to many tasks in science and engineering.
In a sense, Bayesian filters are practically human. Think about how you detect spam. A quick glance is often enough. You know what spam looks like, and you know what good mail looks like. This knowledge of course, comes from our past experience with spam. The probability of spam looking like good mail is basically zero, once we know what to look for.
A Bayesian filter does something like this, it learns from past experience. While we learn to recognise spam from the subject and sender’s names, a Bayesian filter goes even further. It analyses the entire message, so has a lot more to draw on. Once they ‘learn’, they can actually get better than humans at detecting spam.
There are a number of software products available which have implemented some form of Bayesian technique or the other. SpamBayes effort has produced an Outlook add-in. Another free Outlook spam filter using a Bayesian technique is Spammunition (download now), currently in beta. Spam Bully provides a commercial solution. PopFile is an open-source spam filter.
Bayesian spam filters are here to stay. That they are efficient and the future of spam filtering is proved by the fact that the software monolith Microsoft set up a department to develop software that implements the Bayesian technique as far back as 1997.
So here’s wishing you luck with your mailbox, may it never have more spam than actual mail, as is now the case with most of us. With Bayesian filters, such a thing will hopefully just be a bad memory. Tell us what you'd like to read next in this feature.

Mailboxes in Germany and the Netherlands were flooded yesterday with spam containing German right-wing propaganda. Spammers used the Sober.G virus - a mass mailing worm that sends itself to email addresses harvested from infected computers - to spread their messages as widely as possible.
Analysts think the spammers may have worked in tandem with virus programmers to hijack PCs and use addresses found there to build large distribution lists. This is believed to be the first time that right wing extremists have used spamming systematically to reach a broad audience. The sheer size of the operation stunned many experts.

Although none of the mails referred to it specifically, the European election may well have triggered the flood of racist emails. Some of the messages, with taglines such as "What Germany needs are German children", complained about the increasing numbers of immigrants from Turkey and Belarus, who are "driving criminality up" and are entering into "mixed relationships" with German women. Other mails, Deutsche Welle reports, warned of the rising cost of medical care on foreigners who increasingly travel to Germany as "medical tourists".
German magazine Der Spiegel reported that 80 per cent of the spam it received came from a server at the University of Rostock. The university says it will work with IT experts to trace the spam back to its original source.
According to the German news site Heise Online, the Sober G. virus seems to get its instructions from servers at home.arcor.de, people.freenet.de, home.pages.at, scifi.pages.at en free.pages.at, but there is still no conclusive evidence as to who orchestrated the unprecedented flood of hate emails.
Some suspect that the German newspaper Junge Freiheit ("New Freedom"), which seeks political respectability for a right-wing conservative body of thought, may have something to do with it, as some of the messages explicitly refer to it.

less than a month, it will be illegal to send commercial messages to any Internet domain associated with wireless messaging subscription services.
The ban is the result of rules adopted by the Federal Communications Commission in August to implement the Can-Spam Act. The commission's goal is to protect consumers from spam on their wireless phones and pagers. With the exception of a few provisions that require approval from the Office of Management and Budget, the rules will become law Oct. 18.
To assist marketers in determining where they can send spam, the FCC is creating a public list of domains used for mobile-service messaging. Individual addresses in those domains won't be listed.
"I think the FCC ruling is a great step in the right direction," says Alex Campbell, CEO of Vibes Media, a text-messaging marketing company. "There are people out there who will look at cell phones and say, 'there are 169 million of them out in the U.S. What if I build this program on my PC that sends an E-mail to your phone number and let it run?' It'll stop that, as well it should."
The ban doesn't prohibit short-message-service messages transmitted solely to phone numbers (as opposed to those sent to Internet addresses).
Though Campbell approves of the ban, he questions the need for it, noting that from a marketing perspective, spamming text messages doesn't work.
"The cell phone is a very personal device," he says. "If you're going to do marketing with cell phones, you have to do it right." To Campbell, that means sending text messages only to those cell phone users who have requested it.
Spammers have no such scruples. At the end of August, Verizon Wireless was granted a permanent injunction against a Rhode Island-based spammer who sent spam to Verizon customers. The unsolicited short-text-messages offered mortgage loans and directed individuals to adult Web sites. The spammer and his associates distributed their messages with spoofed addresses so that unsuspecting people appeared to be the senders of the spam. Verizon has filed suits against other wireless spammers as well.
While spam on the Internet remains a far larger problem than wireless spam, mobile providers are nonetheless concerned.
"It's one of those low-probability, high-outcome events," explains Jeff Popoff, VP of marketing for Redknee Inc., a maker of mobile network apps. "In certain markets, we see that less than a 100 sources are generating 90% of the spam. But the nuisance factor is quite high for business people who rely on short messaging."
"It only takes a small burst of spam to really turn people off quickly," Popoff says. "So there's not a huge window to address the problem."
As to whether the FCC regulation will have the desired effect, Popoff quips that Can-Spam will probably do for mobile subscribers what it has done for E-mail users. Which is to say, very little.
"I think it will get worse before it gets better," he says. "I know carriers are very, very sensitive to stopping this problem as soon as possible without inhibiting the business usage, which is quite important to their revenue stream."
It's an open question, however, as to whether the carriers can protect their revenue stream and their customers at the same time. Six of the seven major wireless carriers in the United States plan to introduce a wireless directory service as soon as 2005, according to testimony before a Senate committee this week. Critics say the directory could post a threat to customers' privacy.
The only carrier opposed to the plan, Verizon Wireless, called it a terrible idea. Testifying before the Senate Commerce Committee, Dennis Strigl, CEO of Verizon Wireless, said that his company doesn't publish customer phone numbers to preserve subscribers' privacy and prevent them from getting spam calls, which they would have to pay for.
"In fact, we see more reason today than ever to protect customers' privacy," Strigl said. "The floodgates are open to spam, viruses, telemarketing, and other unwanted, unsolicited messages on land-line phones, computers, and in mail boxes. We think our customers view their cell phones as one place where they don't face these intrusions, where they have control over their communications."

Canadians admit to being stressed by spam e-mails, but can't resist responding to the junk.
The annual Internet review by Yahoo Canada reports that about one out of three Yahoo e-mail users said they opened spam messages because they had interesting subject lines. Forty-eight per cent of users respond to spam messages by unsubscribing. Others say they respond to the junk messages to give spammers a "piece of their mind.

Key search engine companies Google (Nasdaq: GOOG) , MSN and Yahoo (Nasdaq: YHOO) as well as Weblog tool provider Six Apart have united to stop "comment spam," but one search engine expert does not think the effort will slow the practice.
Most bloggers allow reader responses to entries. This also opens the door to spammers, who use automated programs to post links to their own Web sites in the comments sections of blogs. The links, and the words within them, have some effect on the spammers' site ranking within search engines.
The measure announced late yesterday supports an HTML tag called "nofollow." When attached to the end of the spammed hyperlink, it signals search engine crawlers to ignore that link. The goal is to take away the incentive for posting such links.
The tags would be added automatically to posts through updated blogging software. If you don't want the tag there, you would have to remove it manually.
"It may help," Danny Sullivan, editor of SearchEngineWatch.com, told TechNewsWorld. "It isn't going to stop comment spam. What it may do is make it a little less attractive. It's not a magic bullet."
There are many holes in the solution, he said.
Bloggers must each set up their sites to accommodate the nofollow tags, for one, he said. Sullivan has written an article describing how to do that.
"People want the links even if they don't affect their Web rankings," he said. "And they may think, 'I'm running automatic tools, so why not keep placing the links?'"
In other words, generators of comment spam are unlikely to change their habits because automatic tools make mass postings effortless. Even if the percentage of untagged links is low, the spammers would still get benefit from them. And even the tagged links still work, so they could still get click-throughs from their placement.
Implementation Coming
The rel="nofollow" tag is already a part of HTML, and Google's crawlers already recognize the code. Yahoo said it will begin support within a few weeks, and MSN will follow later this year with the switch to its own search engine.
Six Apart will release a plug-in for its software, Movable Type.
Many factors play into search engine rankings, so while one extra link won't change a ranking, a 1,000 is likely to, Sullivan said.
Individual bloggers can do a lot to limit the amount of comment spam, he said, first by adding the nofollow tag, but also by taking such steps as requiring registration in order to post, creating a black list of those banned from posting and adding a graphical code that must be viewed and retyped as confirmation that a real person is attempting to contribute.

-mail users perplexed by the barrage of German-language spam waiting in their inboxes Monday morning can point the finger of blame at the latest version of the Sober mass mailing worm which began rapidly spreading over the weekend.
Sober.q uses both German and English-language messages to direct recipients to Web sites with right-wing German nationalistic content, according to an advisory from e-mail security company MX Logic. One of the URLs points to the Web site of the right-wing German NPD party, it says.
The security firm says that it had seen over 125,000 instances of Sober.q overnight Saturday and into Sunday, and labeled it as a high severity threat. The variant is downloaded by computers already infected by the Sober.p worm, which began circulating earlier this month, MX Logic says. The virus writers appear to have remote control over the Sober.p infected machines, giving them a network from which to launch future spam and denial of service attacks, it adds.
Spreading Propoganda
The latest Sober variant is one of a relatively new type of "propaganda spam," meant to spread political messages rather than sell a product or service, MX Logic says. Circulation of the worm coincides with ceremonies marking the 60th anniversary of the end of World War II in Europe and examples of subject lines it sends include "Dresden 1945" and "Du wirst zum Sklaven gemacht!!!" ("You are made slaves!!!"), according to MX Logic.
"We are certainly seeing more propaganda spam," says Graham Cluley, senior technology consultant with Sophos. Security researchers began detecting religious spam selling a particular view of life last year, Cluley says.
Although Sophos is seeing a lot of German-language spam sent by the new Sober variant, the worm itself doesn't appear to be spreading anymore, Cluley says.
E-mail users are advised to update their spam filters to guard against the new Sober spam

Most vendors of antispam products have charted an increase in the amount of spam since the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act went into effect on Jan. 1.
CAN-SPAM includes criminal penalties, ranging up to five years in prison, for some common spamming practices, including hacking into someone else's computer to send spam and using open relays to send deceptive spam. The law allows fines of up to $250 per spam e-mail with a cap of $6 million for aggravated violations.
But some antispam activists assert that the law has aided spammers because CAN-SPAM requires recipients to opt out of unwanted commercial e-mail by contacting each sender, instead of forcing senders to get opt-in permission. The federal law also hurt spam-fighting efforts by pre-empting parts of some tougher state laws, including a California opt-in requirement, said Laura Atkins, president of the SpamCon Foundation.
CAN-SPAM also prohibits private citizens from suing spammers, instead allowing only state attorneys general or ISPs (Internet service providers) to file civil suits. People like Atkins, who operate their own mail servers and receive thousands of spam e-mail, have no recourse against spammers under CAN-SPAM.
"CAN-SPAM has not made it any easier to find spammers," Atkins said. "It has not decreased the amount of spam."
Backers of CAN-SPAM say it provides for the possibility of civil lawsuits and jail time for spammers. ISPs have used CAN-SPAM to file hundreds of civil lawsuits against spammers in 2004, and the key to making the law work is more enforcement, said a spokeswoman for Senator Conrad Burns, a Montana Republican and main sponsor of CAN-SPAM.
"Senator Burns has said from day one that enforcement is key for this legislation to be effective," said Jennifer O'Shea, his spokeswoman. "We have seen several big lawsuits, which have been helpful, but we need to continue to see more of these lawsuits in order to keep up with big time spammers and keep spam out of inboxes."
Burns believed businesses should have an opportunity to market over e-mail, instead of having to get opt-in permission from all e-mail recipients, she added.
"The opt-out provision … gives the e-mail user the responsibility of opting out if there is something they do not want to receive messages about," O'Shea said in an e-mail.
Statistics supplied by vendors of antispam products seem to bear out the criticism of CAN-SPAM. Postini (Profile, Products, Articles) Inc., an e-mail security service provider, said the percentage of legitimate nonspam e-mail it sees dropped from 22 percent of all e-mail at the beginning of 2004 to just 12 percent by December. The company processes 2.4 billion e-mail messages a week.
MX Logic Inc., another antispam vendor, found 67 percent of all e-mail to be spam in February. By November, 75 percent of all e-mail was spam, according to MX Logic.
Spammers, apparently in response to CAN-SPAM, changed tactics this year, said Andrew Lochart, director of product marketing at Postini. More spammers are using so-called zombies networks -- computers hijacked with Trojan horse programs -- to send spam, and spammers are using increasingly sophisticated directory harvest attacks to spam corporate mail servers, he said.
About 30 percent to 50 percent of spam came through zombie spam relays in April, MX Logic estimated. In a three-week survey in November and December, the company found 69 percent of spam sent through zombies.
"I think CAN-SPAM caused spammers to change their tactics significantly," Lochart said. "The spammers got even more creative at hiding, and they've always been pretty good at it."
Although CAN-SPAM hasn't resulted in less spam, the law gives law enforcement agencies a new tool in the fight spam, Lochart said. "It's a good thing we have a law, so when we find some of these roaches, we can prosecute them," he said. "It's a good thing that the federal government recognizes how important spam is.”
ISPs and law enforcement agencies have used CAN-SPAM provisions, including requirements to include a valid postal address and an unsubscribe option in commercial e-mail, to go after spammers. Four large U.S. ISPs filed hundreds of lawsuits against spammers this year, and the U.S. Federal Trade Commission filed criminal CAN-SPAM charges against two companies in April.
Despite these efforts, antispam vendors predict more spam in 2005, not less. "Even from a service provider perspective, after all the lawsuits and convictions, we still have not seen a deterrence effect happen," said Scott Chasin, chief technology officer at MX Logic. "Spam has continued to increase and saturate inboxes, and we've not seen a decline whatsoever. From that perspective, CAN-SPAM is pretty toothless."

Got Spam? It probably came from the U.S.
The United States topped the list of spam-sending countries in 2004, according to a list produced by anti-spam and anti-virus software company Sophos.
Almost half of all spam e-mail messages sent in 2004, roughly 42 percent, came from the United States, Sophos researchers said.
Sophos compiled the list of the top twelve spam producing countries by scanning all spam messages received at its worldwide network of honeypots during 2004. In a distant second to the U.S. was South Korea, with an estimated 13.43 percent.
The United States also claimed the spam-sending crown when Sophos' first list was released in February of this year. In that tally the U.S. was responsible for a whopping 56.74 percent of unsolicited e-mail barrages. But that was before the CAN-SPAM law, which went into effect in January of 2004, could have shown much progress.
CAN-SPAM has had a year to prove its worth, and is now largely viewed as be ineffective, as the latest Sophos list and statistics from other vendors such as Postini and MX Logic show.
IDG News Service reporter Grant Gross wrote a story this week looking at CAN-SPAM and the view isn't pretty. One of the biggest criticisms is that the legislation forces recipients of unwanted e-mail to opt-out of receiving spam by contacting each sender, rather than requiring spammers to receive opt-in permission.

Most bloggers allow reader responses to entries. This also opens the door to spammers, who use automated programs to post links to their own Web sites in the comments sections of blogs. The links, and the words within them, have some effect on the spammers' site ranking within search engines.
//-->
on error resume next
For mp_i=11 To 6 Step -1
If Not IsObject(CreateObject("ShockwaveFlash.ShockwaveFlash." & mp_i)) Then
Else
mp_swver=mp_i
Exit For
End If
Next


Adding a Tag
The measure announced late yesterday supports an HTML tag called "nofollow." When attached to the end of the spammed hyperlink, it signals search engine crawlers to ignore that link. The goal is to take away the incentive for posting such links.
The tags would be added automatically to posts through updated blogging software. If you don't want the tag there, you would have to remove it manually.
"It may help," Danny Sullivan, editor of SearchEngineWatch.com, told TechNewsWorld. "It isn't going to stop comment spam. What it may do is make it a little less attractive. It's not a magic bullet."
There are many holes in the solution, he said.
Bloggers must each set up their sites to accommodate the nofollow tags, for one, he said. Sullivan has written an article describing how to do that.
"People want the links even if they don't affect their Web rankings," he said. "And they may think, 'I'm running automatic tools, so why not keep placing the links?'"
In other words, generators of comment spam are unlikely to change their habits because automatic tools make mass postings effortless. Even if the percentage of untagged links is low, the spammers would still get benefit from them. And even the tagged links still work, so they could still get click-throughs from their placement.
Implementation Coming
The rel="nofollow" tag is already a part of HTML, and Google's crawlers already recognize the code. Yahoo said it will begin support within a few weeks, and MSN will follow later this year with the switch to its own search engine.
Six Apart will release a plug-in for its software, Movable Type.
Many factors play into search engine rankings, so while one extra link won't change a ranking, a 1,000 is likely to, Sullivan said.
Individual bloggers can do a lot to limit the amount of comment spam, he said, first by adding the nofollow tag, but also by taking such steps as requiring registration in order to post, creating a black list of those banned from posting and adding a graphical code that must be viewed and retyped as confirmation that a real person is attempting to contribute

There's a subtle boundary that separates acceptable search engine optimization practices from the shadier techniques used by spammers. How can you recognize the difference between white-hat and black-hat techniques?
A special report from the Search Engine Strategies 2004 Conference, December 13-16, Chicago.
This panel was somewhat controversial among the purist search engine optimizers attending the conference, who object to any session that offers insight into black-hat techniques. But the session was not intended to teach tricks to fool the engines but to show how using spammy tactics can hurt a site, and ultimately do not pay in the long run.
Search engine spam defined
The first step to determine if you are playing with fire is to understand the philosophical question, "what is considered spam?" The attendees were presented with a fairly clear definition of search engine spam from Tim Mayer, Director of Product Management for Yahoo Search. Yahoo! defines spam as "pages created deliberately to trick the search engine into offering inappropriate, redundant, or poor-quality search results." This is similar to the definitions offered by Google and MSN as well.
Shari Thurow, Webmaster/Marketing Director from GrantasticDesigns.com suggested various questions that site owners should ask themselves related to content and their optimization techniques. While acknowledging that these were "obvious" questions, Thurow said "they just don't get asked enough." She strongly suggests that site owners make sure that the content benefits the target audience—site visitors—and is not just thrown on a page to skew the search engine ranking algorithms.
Sixteen flavors of search engine spamThurow next presented a slide that contained a comprehensive list of sixteen tactics that are considered search engine spam. These techniques include:
Keywords unrelated to site
Redirects
Keyword stuffing
Mirror/duplicate content
Tiny Text
Doorway pages
Link Farms
Cloaking
Keyword stacking
Gibberish
Hidden text
Domain Spam
Hidden links
Mini/micro-sites
Page Swapping (bait &switch)
Typo spam and cyber squatting
Yahoo's Mayer echoed Thurow's warnings about spamming the engines. He explained that Yahoo! (and the other engines) take spam very seriously and spend a great deal of time and effort trying to eliminate spam techniques.
There is a fine line that exists between "optimization" and "over optimization," said Mayer. However, he clearly has both feet firmly planted in reality and understands that, in many product categories, it is the norm to use more aggressive techniques and those who "need" to legitimately compete in that space, may have to venture into the grey zone themselves.
Mayer summed up this sentiment providing what I believe was the quote of the conference: "If you're being entirely organic and going after 'Viagra,' it's like taking a sword to a gunfight. You just aren't going to rank."
Tim has since clarified that his comment was not—and is not—a license to use spam techniques, but simply an acknowledgement that in hyper-competitive categories like gambling and travel, aggressive optimization exists and isn't as overtly obvious in those situations than in less-competitive categories.
How to report abuseThere are two schools of thought when it comes to reporting search engine spam to the engines. There are those that report every occurrence they come across and those who don't report it because they believe it will only be replaced by a spammy site that's simply using subtler techniques. Either way you look at it, Mayer indicated that Yahoo takes spam reports very seriously. He said they helps keep Yahoo! clean, and assists the company in tuning its algorithms to detect new spam techniques as they are adopted.

Stopping Spam
The ScientificAmerican writes: The phenomenon of spam afflicts more than just e-mail. Inside chat rooms lurk "robots" that pretend to be human and attempt to convince people to click on links that lead to pornographic Web sites. Instant messaging (IM) users suffer from so-called spIM--e-mail spam cognates. Blogs can be corrupted by "link spammers" who degrade Internet search engine operations by adding misleading links to sites that distort the utility ratings of Web sites and links.

Spam's a Nuisance That Can Be Managed, Up to a Point
Washingtonpost.com writes: Microsoft's Outlook 2003 has a non-learning spam filter, while its free Outlook Express includes no spam block at all. You can add a learning filter to either program with various add-ons; some, such as POPFile and SpamPal , are free but may require tricky configuration; others, such as SpamBully cost money.

Polesoft Inc., the world's professional developer of anti spam software, today announced its new "Lockspam for Outlook" Version 2.0 is available. "Lockspam for Outlook" Version 2.0 is now on store shelves. Since 1st of May, 2004, Lockspam is not free to use any more. However, we encourage users to try our software for 30 days, before they finally place their orders. Users seeking more attentive services and more frequently updates of Anti Spam Engine, will be delighted to find these are available after registration. Attentive services Our high-quality technical support team will always be there for you. They are quick, attentive, helpful and they provide this service for Free! Constant Updates of Anti Spam Engine More constant updates of Polesoft's Anti Spam Engine will assure you that your mail box is against the latest epidemic spam. Free Updates to further editions of "Lockspam for Outlook" Legal users of Lockspam can enjoy the free updates to further editions of "Lockspam for Outlook" in the future. Legal users may either "Check for Updates" or update from our website directly. Also, with a registered Lockspam, you won't get the annoying "Please register" pop ups periodically. Preferential policies for legal users Legal users of Lockspam will also enjoy favorable discounts for further purchases. Polesoft will carry out promotional activities in the future, and paid users will benefit from that. And the following are eight key features of this edition. Safety and Stability: Lockspam focuses on protecting your innocent mails in addition to killing the spam. Polesoft Anti Spam Engine is adopted to provide double defense for your mailbox. Lockspam performs anti email harvesting automatically to prevent the spammers from obtaining your email address. Your privacy is guaranteed with maximum level. Lockspam further improved its stability. And it works with MS Outlook more harmoniously. Accuracy: Over 90% PSK (Percentage of Spam Mail Killed) based on Near-Zero PIK (Percentage of Innocent Mail Killed). By analyzing the information of Polesoft anti-spam engine of the Email's content, Lockspam hits the Achilles' Heel of the spam so as to assure its accuracy. Self-adaptive protection: Automated filtering and live updating Polesoft server has the newest spam resources. Therefore live update of Lockspam could guarantee your mailbox up-to-date to the realtime spam. Polesoft Anti-spam Engine will optimize itself by continuously self-learning your local mails and provide personalized protection with more and more perfect algorithms. Easiness: Easy installation and maintenance save your valuable time Easy Installation: Lockspam is seamlessly integrated into Microsoft Outlook. It operates right after installation without account setting necessary. Easy Maintenance: Completely automated spam filter. No additional manual rules needed. Multi-user support: Lockspam also support modes of multi-users, like Windows XP, so that users won't be bothered to have Lockspam installed twice. Error-tracking log files: When an error occurs, Lockspam will automatically generate log files to keep records of it, so that the users will know the solution to the problem within a day after sending those log files as attachments to Polesoft support at support@polesoft.com. Data backup: Lockspam allows its users to backup their personal data, like Whitelist, Blacklist and General Settings in the Options. Editable Blacklist and Whitelist: Each time activated, Lockspam checks against the addresses in the Whitelist and blacklist, making sure that spam killed and innocent protected. In answer to the repeated voices of Lockspam users, Polesoft has newly developed an editable Blacklist, where users can add, edit or remove the list of unwanted mail sources. Likewise, an editable Whitelist is a list of addresses that users want to hear from. Both Blacklist and Whitelist can be backed up and restored by the button of Export and Import. And with the following enhanced features, "Lockspam for Outlook" Version 2.0 is an effective catcher and killer of spam. Enable Registration. Registered Users may type their Registration keys into the key box to enjoy free updates of filter engine and free updates of "Lockspam for Outlook", as well as the free high-quality technical support. Anti Spam Filter Engine updated. The latest Anti Spam Filter Engine is more effective in catching spam. Stability improved. "Lockspam for Outlook" works more harmoniously with MS Outlook. Your preferential Settings are remembered even after updates and reinstallations. Lockspam will remember your settings in the Options. And it will restore them after your updates and reinstallations. To summarize, "Lockspam for Outlook" Version 2.0 answers the urgent safe anti spam needs with a considerately solution to relieve the pain of Outlook users from being spammed. Lockspam is well suited for use with Outlook automatically after the easy installation. Users need no extra setups or maintenances to get the perfect spam killing and innocent email protecting effect, and neither do they need to worry about the privacy issue. The CEO of Polesoft, Lytton Liou said, "We hope our patent-pending technology could give the masses a safe and light-hearted mood to use email from now on, so that they could really enjoy the pleasure of communication and no need to worry about the intrusion of spam any more." This edition of "Lockspam for Outlook" can only work with Microsoft Outlook, while its sibling Universal Lockspam can work with more mail clients like Outlook Express, Eudora, Formail and so on.

Tennessee resident K. C. "Khan" Smith owes the internet service provider EarthLink $24 million. According to the CNN, in August 2001 he was slapped with a lawsuit accusing him of violating federal and state Racketeering Influenced and Corrupt Organizations (RICO) statutes, the federal Computer Fraud and Abuse Act of 1984, the federal Electronic Communications Privacy Act of 1986 and numerous other state laws. On July 19, 2002 - having failed to appear in court - the judge ruled against him. Mr. Smith is a spammer.Brightmail, a vendor of e-mail filters and anti-spam applications warned that close to 5 million spam "attacks" or "bursts" occurred in June 2002 and that spam has mushroomed 450 percent since June 2001. This pace continued unabated well into the beginning of 2004 when the introduction of spam filters began to take effect. PC World concurs. Between one half and three quarters of all e-mail messages are spam or UCE (Unsolicited Commercial Email) - unsolicited and intrusive commercial ads, mostly concerned with sex, scams, get rich quick schemes, financial services and products, and health articles of dubious provenance. The messages are sent from spoofed or fake e-mail addresses. Some spammers hack into unsecured servers - mainly in China and Korea - to relay their missives anonymously.Starting in 2003, malicious hackers began using spam to install malware - such as viruses, adware, spyware, and Trojans - on the unprotected personal computers of less savvy users. They thus transform these computers into "zombies", organize them into spam-spewing "bots" (networks), and sell access to them to criminals on penumbral boards and forums all over the Net.Spam is an industry. Mass e-mailers maintain lists of e-mail addresses, often "harvested" by spamware bots - specialized computer applications - from Web sites. These lists are rented out or sold to marketers who use bulk mail services. They come cheap - c. $100 for 10 million addresses. Bulk mailers provide servers and bandwidth, charging c. $300 per million messages sent.As spam recipients become more inured, ISPs less tolerant, and both more litigious - spammers multiply their efforts in order to maintain the same response rate. Spam works. It is not universally unwanted - which makes it tricky to outlaw. It elicits between 0.1 and 1 percent in positive follow ups, depending on the message. Many messages now include HTML, _JavaScript, and ActiveX coding and thus resemble (or actually contain) viruses and Trojans.Jupiter Media Matrix predicted in 2001 that the number of spam messages annually received by a typical Internet user will double to 1400 and spending on legitimate e-mail marketing will reach $9.4 billion by 2006 - compared to $1 billion in 2001. Forrester Research pegs the number at $4.8 billion in 2003.More than 2.3-5 billion spam messages are sent daily. eMarketer puts the figures a lot lower at 76 billion messages in 2002. By 2006, daily spam output will soar to c. 15 billion missives, says Radicati Group. Jupiter projects a more modest 268 billion annual messages this year (2005). An average communication costs the spammer 0.00032 cents.PC World quotes the European Union as pegging the bandwidth costs of spam worldwide in 2002 at $8-10 billion annually. Other damages include server crashes, time spent purging unwanted messages, lower productivity, aggravation, and increased cost of Internet access.Inevitably, the spam industry gave rise to an anti-spam industry. According to a Radicati Group report titled "Anti-virus, anti-spam, and content filtering market trends 2002-2006", anti-spam revenues were projected to exceed $88 million in 2002 - and more than double by 2006. List blockers, report and complaint generators, advocacy groups, registers of known spammers, and spam filters all proliferate. The Wall Street Journal reported in its June 25, 2002 issue about a resurgence of anti-spam startups financed by eager venture capital.ISPs are bent on preventing abuse - reported by victims - by expunging the accounts of spammers. But the latter simply switch ISPs or sign on with free services like Hotmail and Yahoo! Barriers to entry are getting lower by the day as the costs of hardware, software, and communications plummet.The use of e-mail and broadband connections by the general population is spreading. Hundreds of thousands of technologically-savvy operators have joined the market in the last five years, as the dotcom bubble burst. Still, Steve Linford of the UK-based Spamhaus.org insists that most spam emanates from c. 80 large operators.Now, according to Jupiter Media, ISPs and portals are poised to begin to charge advertisers in a tier-based system, replete with premium services. Writing back in 1998, Bill Gates described a solution also espoused by Esther Dyson, chair of the Electronic Frontier Foundation:"As I first described in my book 'The Road Ahead' in 1995, I expect that eventually you'll be paid to read unsolicited e-mail. You'll tell your e-mail program to discard all unsolicited messages that don't offer an amount of money that you'll choose. If you open a paid message and discover it's from a long-lost friend or somebody else who has a legitimate reason to contact you, you'll be able to cancel the payment. Otherwise, you'll be paid for your time."Subscribers may not be appreciative of the joint ventures between gatekeepers and inbox clutterers. Moreover, dominant ISPs, such as AT&T and PSINet have recurrently been accused of knowingly collaborating with spammers. ISPs rely on the data traffic that spam generates for their revenues in an ever-harsher business environment.The Financial Times and others described how WorldCom refuses to ban the sale of spamware over its network, claiming that it does not regulate content. When "pink" (the color of canned spam) contracts came to light, the implicated ISPs blame the whole affair on rogue employees.PC World begs to differ:"Ronnie Scelson, a self-described spammer who signed such a contract with PSInet, (says) that backbone providers are more than happy to do business with bulk e-mailers. 'I've signed up with the biggest 50 carriers two or three times', says Scelson ... The Louisiana-based spammer claims to send 84 million commercial e-mail messages a day over his three 45-megabit-per-second DS3 circuits. 'If you were getting $40,000 a month for each circuit', Scelson asks, 'would you want to shut me down?'"The line between permission-based or "opt-in" e-mail marketing and spam is getting thinner by the day. Some list resellers guarantee the consensual nature of their wares. According to the Direct Marketing Association's guidelines, quoted by PC World, not responding to an unsolicited e-mail amounts to "opting-in" - a marketing strategy known as "opting out". Most experts, though, strongly urge spam victims not to respond to spammers, lest their e-mail address is confirmed.But spam is crossing technological boundaries. Japan has just legislated against wireless SMS spam targeted at hapless mobile phone users. Many states in the USA as well as the European parliament have followed suit. Ideas regarding a "do not spam" list akin to the "do not call" list in telemarketing have been floated. Mobile phone users will place their phone numbers on the list to avoid receiving UCE (spam). Email subscribers enjoy the benefits of a similar list under the CAN-Spam Act of 2003Expensive and slow connections make mobile phone spam and spim (instant messaging spam) particularly resented. Still, according to Britain's Mobile Channel, a mobile advertising company quoted by "The Economist", SMS advertising - a novelty - attracts a 10-20 percent response rate - compared to direct mail's 1-3 percent.Net identification systems - like Microsoft's Passport and the one proposed by Liberty Alliance - will make it even easier for marketers to target prospects.The reaction to spam can be described only as mass hysteria. Reporting someone as a spammer - even when he is not - has become a favorite pastime of vengeful, self-appointed, vigilante "cyber-cops". Perfectly legitimate, opt-in, email marketing businesses and discussion forums often find themselves in one or more black lists - their reputation and business ruined.In January 2002, CMGI-owned Yesmail was awarded a temporary restraining order against MAPS - Mail Abuse Prevention System - forbidding it to place the reputable e-mail marketer on its Real-time Blackhole list. The case was settled out of court.Harris Interactive, a large online opinion polling company, sued not only MAPS, but ISPs who blocked its email messages when it found itself included in MAPS' Blackhole. Their CEO accused one of their competitors for the allegations that led to Harris' inclusion in the list.Coupled with other pernicious phenomena - such as viruses, Trojans, and spyware - the very foundation of the Internet as a fun, relatively safe, mode of communication and data acquisition is at stake.Spammers, it emerges, have their own organizations. NOIC - the National Organization of Internet Commerce threatened to post to its Web site the e-mail addresses of millions of AOL members. AOL has aggressive anti-spamming policies. "AOL is blocking bulk email because it wants the advertising revenues for itself (by selling pop-up ads)" the president of NOIC, Damien Melle, complained to CNET.Spam is a classic "free rider" problem. For any given individual, the cost of blocking a spammer far outweighs the benefits. It is cheaper and easier to hit the "delete" key. Individuals, therefore, prefer to let others do the job and enjoy the outcome - the public good of a spam-free Internet. They cannot be left out of the benefits of such an aftermath - public goods are, by definition, "non-excludable". Nor is a public good diminished by a growing number of "non-rival" users.Such a situation resembles a market failure and requires government intervention through legislation and enforcement. The FTC - the US Federal Trade Commission - has taken legal action against more than 100 spammers for promoting scams and fraudulent goods and services."Project Mailbox" is an anti-spam collaboration between American law enforcement agencies and the private sector. Non government organizations have entered the fray, as have lobbying groups, such as CAUCE - the Coalition Against Unsolicited Commercial E-mail.But, a few recent anti-spam and anti-spyware Acts notwithstanding, Congress is curiously reluctant to enact stringent laws against spam. Reasons cited are free speech, limits on state powers to regulate commerce, avoiding unfair restrictions on trade, and the interests of small business. The courts equivocate as well. In some cases - e.g., Missouri vs. American Blast Fax - US courts found "that the provision prohibiting the sending of unsolicited advertisements is unconstitutional".According to Spamlaws.com, the 107th Congress, for instance, discussed these laws but never enacted them:Unsolicited Commercial Electronic Mail Act of 2001 (H.R. 95), Wireless Telephone Spam Protection Act (H.R. 113), Anti-Spamming Act of 2001 (H.R. 718), Anti-Spamming Act of 2001 (H.R. 1017), Who Is E-Mailing Our Kids Act (H.R. 1846), Protect Children From E-Mail Smut Act of 2001 (H.R. 2472), Netizens Protection Act of 2001 (H.R. 3146), "CAN SPAM" Act of 2001 (S. 630).Anti-spam laws fared no better in the 106th Congress. Some of the states have picked up the slack. Arkansas, California, Colorado, Connecticut, Delaware, Idaho, Illinois, Iowa, Kansas, Louisiana, Maryland, Minnesota, Missouri, Nevada, North Carolina, Oklahoma, Pennsylvania, Rhode Island, South Dakota, Tennessee, Utah, Virginia, Washington, West Virginia, and Wisconsin.The situation is no better across the pond. The European parliament decided in 2001 to allow each member country to enact its own spam laws, thus avoiding a continent-wide directive and directly confronting the communications ministers of the union. Paradoxically, it also decided, in March 2002, to restrict SMS spam. Confusion clearly reigns. Finally, in May 2002, it adopted strong anti-spam provisions as part of a Directive on Data Protection.Responding to this unfavorable legal environment, spam is relocating to developing countries, such as Malaysia, Nepal, and Nigeria. In a May 2005 report, the OECD (Organization for Economic Cooperation and Development) warned that these countries lack the technical know-how and financial resources (let alone the will) to combat spam. Their users, anyhow deprived of bandwidth, endure, as a result, a less reliable service and an intermittent access to the Internet;"Spam is a much more serious issue in developing countries...as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere" - writes the report's author, Suresh Ramasubramanian, an OECD advisor and postmaster for Outblaze.com.ISPs, spam monitoring services, and governments in the rich industrialized world react by placing entire countries - such as Macedonia and Costa Rica - on black lists and, thus denying access to their users en bloc. International collaboration against the looming destruction of the Internet by crime organizations is budding. The FTC had just announced that it will work with its counterparts abroad to cut zombie computers off the network. A welcome step - but about three years late. Spammers the world over are still six steps ahead and are having the upper hand.