28 June 2005
Microsoft adopts spam-fighting system
Microsoft Corp is stepping up the pressure on email senders to adopt its Sender ID spam-fighting technology despite problems that could send up to 10% of legitimate messages to junk folders.
By the end of the year, Microsoft's Hotmail and MSN services will get more aggressive at rejecting mail sent through companies or service providers that do not register their domain names with the Sender ID system.
Sender ID seeks to cut down on junk email by making it difficult for spammers to forge email headers and addresses, a common technique for hiding their origins.
The system calls for internet service providers, companies and other domain name holders to submit lists of their mail servers' unique numeric addresses. On the receiving end, software polls a database to verify that a message was actually processed by one of those servers.
Although only a quarter of email messages now carry the proper Sender ID information, Microsoft believes it needs to begin requiring Sender ID to do a better job of cutting down on junk email, said Craig Spiezle, director of Microsoft's technology care and safety team.
"We have a solution that works for about 90% of mail today," Spiezle said. He said Microsoft will continue to fine-tune its spam filters to account for the remaining cases.
Although the standard-setting Internet Engineering Task Force dissolved a working group on Sender ID in September, partly because of a dispute over Microsoft's claims to a patent, Microsoft and other companies were encouraged to continue pushing their technologies in the marketplace.
For the past six months, Microsoft's Hotmail and MSN services have been checking Sender ID records as one test in determining whether a message is junk.
Microsoft began posting a warning for users on top of messages whose numeric addresses don't match those in Sender ID records, meaning the email likely came through an unauthorised mail server and could be junk.
By the end of the year, Microsoft will treat as failures cases where Sender ID records don't exist at all, increasing the likelihood those messages would be considered junk.
The Direct Marketing Association, the trade group for email and other marketers, lauded the move as "a necessary step to protect both corporate brands and consumer confidence," said Jerry Cerasale, senior vice-president for government relations.
Use of such systems, the association said, could help protect legitimate marketers from unauthorised use of their brands online.
Indeed, Spiezle said Sender ID has helped reduce the number of legitimate messages mislabelled spam. Email that passes the Sender ID test is given a slight positive boost in the filtering test, and for borderline cases it is enough to push the message to the non-junk inbox, Spiezle said.
But Spiezle acknowledged lingering concerns, including the disruption of mail-forwarding services that colleges and companies offer to alumni and subscribers.
Sender ID also could break "send to a friend" features in which someone clicks on a web link to pass an interesting item to someone else.
Spiezle said Microsoft is monitoring such cases
By the end of the year, Microsoft's Hotmail and MSN services will get more aggressive at rejecting mail sent through companies or service providers that do not register their domain names with the Sender ID system.
Sender ID seeks to cut down on junk email by making it difficult for spammers to forge email headers and addresses, a common technique for hiding their origins.
The system calls for internet service providers, companies and other domain name holders to submit lists of their mail servers' unique numeric addresses. On the receiving end, software polls a database to verify that a message was actually processed by one of those servers.
Although only a quarter of email messages now carry the proper Sender ID information, Microsoft believes it needs to begin requiring Sender ID to do a better job of cutting down on junk email, said Craig Spiezle, director of Microsoft's technology care and safety team.
"We have a solution that works for about 90% of mail today," Spiezle said. He said Microsoft will continue to fine-tune its spam filters to account for the remaining cases.
Although the standard-setting Internet Engineering Task Force dissolved a working group on Sender ID in September, partly because of a dispute over Microsoft's claims to a patent, Microsoft and other companies were encouraged to continue pushing their technologies in the marketplace.
For the past six months, Microsoft's Hotmail and MSN services have been checking Sender ID records as one test in determining whether a message is junk.
Microsoft began posting a warning for users on top of messages whose numeric addresses don't match those in Sender ID records, meaning the email likely came through an unauthorised mail server and could be junk.
By the end of the year, Microsoft will treat as failures cases where Sender ID records don't exist at all, increasing the likelihood those messages would be considered junk.
The Direct Marketing Association, the trade group for email and other marketers, lauded the move as "a necessary step to protect both corporate brands and consumer confidence," said Jerry Cerasale, senior vice-president for government relations.
Use of such systems, the association said, could help protect legitimate marketers from unauthorised use of their brands online.
Indeed, Spiezle said Sender ID has helped reduce the number of legitimate messages mislabelled spam. Email that passes the Sender ID test is given a slight positive boost in the filtering test, and for borderline cases it is enough to push the message to the non-junk inbox, Spiezle said.
But Spiezle acknowledged lingering concerns, including the disruption of mail-forwarding services that colleges and companies offer to alumni and subscribers.
Sender ID also could break "send to a friend" features in which someone clicks on a web link to pass an interesting item to someone else.
Spiezle said Microsoft is monitoring such cases
Understand how various spam software works
There are four major types of spam fighting technology. We discuss those types here
When considering how to protect your mail system from spam, you'll find that there are too many choices in the marketplace to be able to evaluate them all. Since each solution handles spam differently, it's important to understand the various methods by which spam filters work. There are four major types of spam technology available. I'll discuss each here.
BayesianBayesian filters use complex statistical algorithms using existing information to determine the probability that a message can be trusted. The term 'existing information' is important as it means that this type of solution requires an initial period during which it may be less than effective at capturing spam. However, many people report that, once filters are trained, they do an excellent job of canning spam with a minimal number of false positives. Further, since by its nature, a Bayesian filters learns from its mistakes, it generally requires less ongoing maintenance than other types of filters, and the filter is good at adjusting its parameters to meet the needs of the individual user. On the con side, spammers have found ways to defeat some of the measures used by these filters. If you've ever received a spam email with a large number of nonsensical words, you've seen this in action. By inserting enough valid words into a message, a spammer can fool a Bayesian filter into thinking a message is legit.
Whitelist and blacklistIf an address or domain exists on a whitelist, the message is allowed through; in fact, only messages from addresses on the whitelist are allowed through. If, on the other hand, an address or domain is on a blacklist, it's blocked while all other messages are allowed. There are a number of blacklist services-called RBLs, for RealtimeBlackhole Lists, that compile lists of known spammer addresses. However, RBLs can be problematic in that if they're not maintained, or they're maintained by an overzealous administrator, legit senders might be blocked. The pro side of white and black lists is their simplistic nature. For this kind of spam filter, there is only the dark side and the light side. There is no in between. On the con side, they require a huge amount of maintenance, especially for whitelists, which require an entry every time you want to add a new allowed sender.
Content-basedVery simply put, these kinds of spam filters look for certain words, such as 'Viagra' and kill a message if those words are present. These filters require significant administration in that each time you want to block a new word, you need to create a rule. Further, spammers have found it child's play to get around these kinds of filters. They use a variety of ways to do this. One way is to make the word still readable, but different. For example: 'V.i.a.g.r.a'. You can certainly create a rule that blocks that version too, but spammers have become even sneakier. In some cases, you might look at the word 'V.i.a.g.r.a' and wonder why your filter didn't catch it. If you copy and paste the word into Word and change the font size to something larger, you'll notice that the spammers don't use periods between the letters at all. Instead, they use a variety of characters with a font size of 1 so that they look like a period, but can get past filters.
Challenge/responseIn a desperate move to thwart spammers, some new spam systems require senders to basically prove that they are allowed to send mail to someone. Before a person using this system receives a message, the sender must visit a web site and answer some questions. The pro is that this system virtually eliminates spam. The con is that it's a pain in the neck for legitimate senders.
When considering how to protect your mail system from spam, you'll find that there are too many choices in the marketplace to be able to evaluate them all. Since each solution handles spam differently, it's important to understand the various methods by which spam filters work. There are four major types of spam technology available. I'll discuss each here.
BayesianBayesian filters use complex statistical algorithms using existing information to determine the probability that a message can be trusted. The term 'existing information' is important as it means that this type of solution requires an initial period during which it may be less than effective at capturing spam. However, many people report that, once filters are trained, they do an excellent job of canning spam with a minimal number of false positives. Further, since by its nature, a Bayesian filters learns from its mistakes, it generally requires less ongoing maintenance than other types of filters, and the filter is good at adjusting its parameters to meet the needs of the individual user. On the con side, spammers have found ways to defeat some of the measures used by these filters. If you've ever received a spam email with a large number of nonsensical words, you've seen this in action. By inserting enough valid words into a message, a spammer can fool a Bayesian filter into thinking a message is legit.
Whitelist and blacklistIf an address or domain exists on a whitelist, the message is allowed through; in fact, only messages from addresses on the whitelist are allowed through. If, on the other hand, an address or domain is on a blacklist, it's blocked while all other messages are allowed. There are a number of blacklist services-called RBLs, for RealtimeBlackhole Lists, that compile lists of known spammer addresses. However, RBLs can be problematic in that if they're not maintained, or they're maintained by an overzealous administrator, legit senders might be blocked. The pro side of white and black lists is their simplistic nature. For this kind of spam filter, there is only the dark side and the light side. There is no in between. On the con side, they require a huge amount of maintenance, especially for whitelists, which require an entry every time you want to add a new allowed sender.
Content-basedVery simply put, these kinds of spam filters look for certain words, such as 'Viagra' and kill a message if those words are present. These filters require significant administration in that each time you want to block a new word, you need to create a rule. Further, spammers have found it child's play to get around these kinds of filters. They use a variety of ways to do this. One way is to make the word still readable, but different. For example: 'V.i.a.g.r.a'. You can certainly create a rule that blocks that version too, but spammers have become even sneakier. In some cases, you might look at the word 'V.i.a.g.r.a' and wonder why your filter didn't catch it. If you copy and paste the word into Word and change the font size to something larger, you'll notice that the spammers don't use periods between the letters at all. Instead, they use a variety of characters with a font size of 1 so that they look like a period, but can get past filters.
Challenge/responseIn a desperate move to thwart spammers, some new spam systems require senders to basically prove that they are allowed to send mail to someone. Before a person using this system receives a message, the sender must visit a web site and answer some questions. The pro is that this system virtually eliminates spam. The con is that it's a pain in the neck for legitimate senders.
Spam can be managed
In the decade or so since Web access became a consumer commodity, we've fixed many things about the Internet, from the pokey speed limit of dial-up modems to browsers that crash three times an hour. But spam is a bigger nuisance than ever. It starts taking its toll long before it lands in your inbox. First, spammers employ spyware and viruses to hijack home and office computers for use as unwitting relays for junk e-mail. Then your Internet provider must spend time and money running filters, lest its computers be swamped. The junk e-mail that inevitably leaks through wastes your time and bandwidth as you wait for each message to download. Almost all of it insults your intelligence and good sense; spam assumes we're drug-addicted, money-grubbing, porn-addled fools ready to click on any stupid offer.
And the single worst thing about spam? Enough recipients do click on those stupid offers to keep spammers in business. Nobody has found a technological fix for spam. The Internet's design puts a priority on the free flow of data. Internet providers, too many of which still whore themselves out to spammers, and spammers' own cockroach-like tenacity all but ensure there won't be. Because the Internet spans the world, laws aren't likely to solve this problem either, although I am always delighted to see spammers being litigated into poverty, fined into bankruptcy or imprisoned until senility sets in. Spam can, however, be managed. You can make your e-mail address a smaller target for spammers, and you can shunt aside a healthy chunk of the spam that does find you. If you can keep your address off spammers' lists, you will get little or no junk e-mail. So never post your e-mail address on any public spot on the Web, and be choosy about giving it to strangers or companies. Throwaway account Instead, create a second, throwaway account at any of the free Web-mail services, such as Yahoo Mail, Hotmail or Gmail, and use that for online commerce. Most Web sites won't share your address with the world — but a few might, so why chance it? This method will not, however, defeat a dictionary attack, in which spammers send messages to randomly chosen names at popular Internet providers. Having an address with an unusual spelling or at a lesser-known provider can reduce vulnerability. When spam arrives, never respond to it. And make sure your mail software isn't doing that for you: If it displays a picture in a spam message, it often does so by downloading the image from the spammer's Web site, which tells the sender you just read the spam. Current releases of the major mail programs — Microsoft's Outlook Express and Outlook, Apple's Mail, Qualcomm's Eudora and Mozilla's Thunderbird —won't display pictures in mail from strangers. But older versions will, so upgrade now. You'd think that writing a program to delete spam would be easy, since even an Internet beginner can tell spam from real mail. But that hasn't happened —yet another way in which the computer can't match the human brain. Your Internet provider's spam filtering will usually sweep the worst offenders out of sight, but some adopt an excessively strict policy that wrongly tags innocent e-mails as spam. Last winter, for example, Verizon's filtering suddenly began flushing away many legitimate e-mails sent from parts of Europe and Asia. Filtering spam If you use your own mail program instead of a Web interface such as Hotmail or Yahoo, you can run your own spam filters. The best learn from your use, watching what mail you label as spam and adjusting their screening to match. Mozilla Thunderbird (www.mozilla.org) and Apple's Mail, both free, include this type of filter, as does the $50 edition of Qualcomm's Eudora (www.eudora.com). Microsoft's Outlook 2003, by contrast, has a non-learning spam filter, while its free Outlook Express includes no spam block. You can add a learning filter to either program with various add-ons; some, such as POPFile (popfile.sourceforge.net) and SpamPal (www.spampal.org), are free but may require tricky configuration; others, such as SpamBully (www.spambully.com) cost money. A more stringent defense, “challenge-response” filtering, requires would-be correspondents to pass a simple test online that a bulk mailer can't or won't bother to complete--usually, visiting a Web page and typing in letters shown in an image. Some Internet providers--notably, EarthLink--and such add-on software as ChoiceMail (www.digiportal.com) and SpamArrest (www.spamarrest.com) offer it. But although these systems wave through mail from people in your address book, other legitimate senders must perform extra work. Challenge-response has not been widely adopted. All of these techniques can only treat spam. A cure will have to be economic: When no money can be made from spam, nobody will send it. Filters, lawsuits and fines can raise the costs of sending junk e-mail, but there's still money to be made by defrauding the gullible.
And the single worst thing about spam? Enough recipients do click on those stupid offers to keep spammers in business. Nobody has found a technological fix for spam. The Internet's design puts a priority on the free flow of data. Internet providers, too many of which still whore themselves out to spammers, and spammers' own cockroach-like tenacity all but ensure there won't be. Because the Internet spans the world, laws aren't likely to solve this problem either, although I am always delighted to see spammers being litigated into poverty, fined into bankruptcy or imprisoned until senility sets in. Spam can, however, be managed. You can make your e-mail address a smaller target for spammers, and you can shunt aside a healthy chunk of the spam that does find you. If you can keep your address off spammers' lists, you will get little or no junk e-mail. So never post your e-mail address on any public spot on the Web, and be choosy about giving it to strangers or companies. Throwaway account Instead, create a second, throwaway account at any of the free Web-mail services, such as Yahoo Mail, Hotmail or Gmail, and use that for online commerce. Most Web sites won't share your address with the world — but a few might, so why chance it? This method will not, however, defeat a dictionary attack, in which spammers send messages to randomly chosen names at popular Internet providers. Having an address with an unusual spelling or at a lesser-known provider can reduce vulnerability. When spam arrives, never respond to it. And make sure your mail software isn't doing that for you: If it displays a picture in a spam message, it often does so by downloading the image from the spammer's Web site, which tells the sender you just read the spam. Current releases of the major mail programs — Microsoft's Outlook Express and Outlook, Apple's Mail, Qualcomm's Eudora and Mozilla's Thunderbird —won't display pictures in mail from strangers. But older versions will, so upgrade now. You'd think that writing a program to delete spam would be easy, since even an Internet beginner can tell spam from real mail. But that hasn't happened —yet another way in which the computer can't match the human brain. Your Internet provider's spam filtering will usually sweep the worst offenders out of sight, but some adopt an excessively strict policy that wrongly tags innocent e-mails as spam. Last winter, for example, Verizon's filtering suddenly began flushing away many legitimate e-mails sent from parts of Europe and Asia. Filtering spam If you use your own mail program instead of a Web interface such as Hotmail or Yahoo, you can run your own spam filters. The best learn from your use, watching what mail you label as spam and adjusting their screening to match. Mozilla Thunderbird (www.mozilla.org) and Apple's Mail, both free, include this type of filter, as does the $50 edition of Qualcomm's Eudora (www.eudora.com). Microsoft's Outlook 2003, by contrast, has a non-learning spam filter, while its free Outlook Express includes no spam block. You can add a learning filter to either program with various add-ons; some, such as POPFile (popfile.sourceforge.net) and SpamPal (www.spampal.org), are free but may require tricky configuration; others, such as SpamBully (www.spambully.com) cost money. A more stringent defense, “challenge-response” filtering, requires would-be correspondents to pass a simple test online that a bulk mailer can't or won't bother to complete--usually, visiting a Web page and typing in letters shown in an image. Some Internet providers--notably, EarthLink--and such add-on software as ChoiceMail (www.digiportal.com) and SpamArrest (www.spamarrest.com) offer it. But although these systems wave through mail from people in your address book, other legitimate senders must perform extra work. Challenge-response has not been widely adopted. All of these techniques can only treat spam. A cure will have to be economic: When no money can be made from spam, nobody will send it. Filters, lawsuits and fines can raise the costs of sending junk e-mail, but there's still money to be made by defrauding the gullible.
More tips on the use of Outlook Express
Use HTML Format:
You may have received e-mail, such as newsletters that have images, animation, tables, and other features of a Web page. Have you wondered how to create such a mail? There are two ways. In the first (and perhaps the less versatile) method you compose the message directly in OE. You can use options like Insert Picture, Horizontal Line, Hyperlink, and others to create a Web page-like mail.
In the second method you use an HTML editor or software like Dreamweaver to create a Web page. First, create the page and save it as an HTML file. Second, position the cursor in the OE message composition window where you want the page to appear. Third, select Insert > Text from File, and specify the file. While HTML messages can add a new dimension to your mail, be aware, however, that such messages not only take more time to download from the server, but may also annoy the recipient. Get Hotmail Mail If you have a Hotmail account, you can download it without having to visit that site. Here are the steps: Start OE. Click Tools > Accounts. Click the Mail tab. Click Add > Mail. Type a name in the Display name field. Click Next. Type your Hotmail address in the E-mail address field. Click Next. Select HTTP from the "My incoming mail server is a" menu. Click Next. Type your Hotmail login name and password. Click Next > Finish. Opening Attachments If you receive a mail with an attachment from someone you don't know, you should not open it. Because it may contain virus, it is better that you delete the mail. If you do want to open the attachment, however, first scan it with an up-to-date antivirus software. Even if you know the sender, you should scan the attachment before you open it. Note that certain antivirus software automatically scans all incoming and outgoing mail. Ignore Spam A bane of e-mail communication is spam. If you receive spam mail, don't reply to it. If you do, it will only confirm that your e-mail address is valid. And, spammers may bombard your Inbox with more junk mail. Use filters to reduce spam mail. Many ISPs and free e-mail service providers (such as Yahoo!) offer additional options to tackle unwanted mail. You have another way to deal with spam: Complain to the spammer's ISP. That may not be easy, however, as spam mail are often sent using fake e-mail IDs. In such a case, see if the domain (the part after the @ symbol of the e-mail address) is visible. If yes, send e-mail to the domain's postmaster. Example: If the domain is services.isp.net, complain to postmaster@services.isp.net.
Use a Different ID For general use, obtain an e-mail address from free e-mail service providers like Yahoo! The benefits from such an ID include huge storage space, options to tackle spam, and facility to scan attachments. When someone wants to send you an important message, you can ask him/her to send one copy to your main e-mail address (given by your ISP), and a carbon copy (Cc) to the free mail ID. If, for some reason, you're not able to retrieve the mail from one account, you've an alternative way to access the mail.
You may have received e-mail, such as newsletters that have images, animation, tables, and other features of a Web page. Have you wondered how to create such a mail? There are two ways. In the first (and perhaps the less versatile) method you compose the message directly in OE. You can use options like Insert Picture, Horizontal Line, Hyperlink, and others to create a Web page-like mail.
In the second method you use an HTML editor or software like Dreamweaver to create a Web page. First, create the page and save it as an HTML file. Second, position the cursor in the OE message composition window where you want the page to appear. Third, select Insert > Text from File, and specify the file. While HTML messages can add a new dimension to your mail, be aware, however, that such messages not only take more time to download from the server, but may also annoy the recipient. Get Hotmail Mail If you have a Hotmail account, you can download it without having to visit that site. Here are the steps: Start OE. Click Tools > Accounts. Click the Mail tab. Click Add > Mail. Type a name in the Display name field. Click Next. Type your Hotmail address in the E-mail address field. Click Next. Select HTTP from the "My incoming mail server is a" menu. Click Next. Type your Hotmail login name and password. Click Next > Finish. Opening Attachments If you receive a mail with an attachment from someone you don't know, you should not open it. Because it may contain virus, it is better that you delete the mail. If you do want to open the attachment, however, first scan it with an up-to-date antivirus software. Even if you know the sender, you should scan the attachment before you open it. Note that certain antivirus software automatically scans all incoming and outgoing mail. Ignore Spam A bane of e-mail communication is spam. If you receive spam mail, don't reply to it. If you do, it will only confirm that your e-mail address is valid. And, spammers may bombard your Inbox with more junk mail. Use filters to reduce spam mail. Many ISPs and free e-mail service providers (such as Yahoo!) offer additional options to tackle unwanted mail. You have another way to deal with spam: Complain to the spammer's ISP. That may not be easy, however, as spam mail are often sent using fake e-mail IDs. In such a case, see if the domain (the part after the @ symbol of the e-mail address) is visible. If yes, send e-mail to the domain's postmaster. Example: If the domain is services.isp.net, complain to postmaster@services.isp.net.
Use a Different ID For general use, obtain an e-mail address from free e-mail service providers like Yahoo! The benefits from such an ID include huge storage space, options to tackle spam, and facility to scan attachments. When someone wants to send you an important message, you can ask him/her to send one copy to your main e-mail address (given by your ISP), and a carbon copy (Cc) to the free mail ID. If, for some reason, you're not able to retrieve the mail from one account, you've an alternative way to access the mail.
A Better Outlook on Email
A Better Outlook on EmailInstalling a new email client is often the last thing on anyone’s mind. But Mozilla’s Thunderbird, which promises tougher spam filters and clever customization, is a strong contender to Microsoft’s Outlook or Outlook Express. A built-in RSS reader lists updates on desired Web pages (news sites, blogs), while the message grouping function bundles emails by date or sender. As for viruses, Thunderbird doesn’t let attachments automatically open within the program, a problem found in other email clients. The only caveat concerns importing: Some users find it difficult and time-consuming to move their contacts and archived emails from their old program over to Thunderbird.Downloads in one month after its December 2004 launch: More than 4 million.
