Spam Warfare
by Jerry Kapron, NYCT.NET


Spam Prevention Tips  •  eXspaminator

Reports from the Front

   Spam is a major problem today for the Internet and society. The volume of junk e-mail has just recently crossed the threshold from public nuisance to public enemy. 50% of all e-mail is spam. It's costing an estimated eight to nine billion dollars in lost productivity in the U.S. alone. Several individual studies unanimously indicate that spam will exceed normal e-mail by the end of July 2003. The blindly accelerating growth of spam may drastically affect the way people will use e-mail and the global structure of the Internet in general. It reached the point where it’s practically impossible not to be forced to view or read some immoral or offensive content while checking e-mail or browsing the web. Our biggest concern of course is for our children’s protection from all that unhealthy filth.

Our Battleship

   Despite the fact that the recent situation triggered an unprecedented push by U.S. lawmakers and corporations to solve the problem of spam, it does not necessarily mean that any new anti-spam law will come to our rescue any time soon. In fact, efforts to tackle spam by adjusting the law are nothing new. Many believe that such law would be a direct breach of the First Amendment, which is the true barrier in passing a legal solution to what endangers the Internet, as we know it. It appears that we may by far conclude that technology will be our main weapon in the War on Spam for a while.
   Nearly a year ago New York Connect announced eXspaminator - our homegrown highly customizable spam filtering system (http://spam.nyct.net/ ). Many of our resolute users make perfect use of eXspaminator by actively managing their spam filters and reducing or even eliminating spam from their mailboxes.
   Ever since eXspaminator has been released we kept providing tips for creation of effective spam filters as well as improving the system itself. The are some great new features that we are very excited to announce for the first time it this very newsletter. Not many people realize that eXspaminator is in fact a very powerful and extendable system that in addition to effectively killing spam can also detect and discard e-mail viruses and worms, manage your auto-responders, as well as let you view the trapped spam messages before they are permanently discarded and even more.



Prisoners of War

    Killing spam definitely has its pros, but it can also cause some problems. Some of the major national ISP’s serving masses of customers deal with enormous amounts of spam daily. Due to the overwhelming numbers they usually take a different approach in fighting spam. Rather than allowing each user to define and manage their personal spam filters they apply common and rater aggressive filtering rules to all users. Their individual user has no control over which of his or her incoming e-mails get classified as spam. With that type of spam blocking approach there are many incidents of a desired e-mail being classified as spam and instantly deleted. We can only guess that in most cases the recipient does not even realize what happened. The fact however is that recently there were many legal cases of customers suing the major ISP’s for such incidents.
That’s where we introduce the SpamBox. SpamBox is a great feature, which makes your spam filter management risk-free. Whenever an incoming e-mail message gets classified as spam by your filters, instead of being deleted is actually forwarded to your SpamBox which is completely separate from your regular inbox. You may access your SpamBox right from your web browser by logging in with your regular e-mail user name and password at http://SpamBox.nyct.net/.

Once you’re inside you may:
  • browse the list of e-mail messages filed as spam
  • open each message in a safe or normal mode
  • perform a full text search on all messages in SpamBox
  • move individual messages to your regular inbox (just in case something got there by mistake)
  • forward individual or multiple messages to any email address
  • permanently delete individual or all messages

Once eXspaminator places an e-mail massage in your SpamBox, it will kept there for two weeks before it’s automatically deleted or you manually delete it or move it to your inbox. Being able to see what gets caught to your SpamBox is a great way to tune the accuracy of your filters.



The Evolving acumen of eXspaminator

The truth is that setting up one filter for each keyword or phrase is a very time-consuming and not very effective way of catching spam.  Spammers work hard to come up with new techniques and ways to get around spam blocking technology. Known tricks are misspelling and scrambling of hot keywords, replacing text with images, encoding entire messages, creating bogus invisible html tags just to mention a few.  The chances that your regular keyword/phrase filters will detect spam using those and other tricks are rather slight.

    The good news is that eXspaminator now supports special pattern definition markup, namely Regular Expressions, which can be used to create very powerful filters may easily outsmart most spam masquerading techniques.  This feature makes eXspaminator a one tough anti-spam weapon.

    Instead of trying to educate all our users how to use regular expressions markup themselves, we will shortly start to offer sets of ready-to-use filters created using regular expressions for clever flexible pattern matching.  New sets will be offered on a regular basis and users will be able to choose which filters they would like to apply to their e-mail accounts in addition to the filters you build yourself.Our goal is to make eXspaminator intelligent enough to automatically create filters based on spam e-mails forwarded by our users. Once that feature is implemented, you could forward all junk mail from your mailbox to a spam analysis e-mail account, which would parse the messages in attempt to detect some common patterns and create a filter based on what it finds.



Setting Pitfall Traps

Let’s not waste any more time and put eXspaminator’s powerful capabilities in action. Whether you do already have some eXspaminator filters or not, this is a good way to start or go beyond the simple keyword or phrase filters and equip your eXspaminator account with some more combat intelligence.

This filter catch any unencrypted e-mail message containing the word ‘PENIS’ even if the spammed deliberately misspelled or scrambled it to fool the filters:

  • Point you browser to the eXspaminator web page at http://spam.nyct.net,
  • Log on using your regular nyct.net username and password,
  • Click on 'Create Filter',
  • Scroll down and click on 'Advanced Filter' at the bottom of the page,
  • In the 'Filter Name:' text field type Penis,
  • In the 'Filter Rules' select 'Entire Message' from the 'If the' menu,
  • In the menu right below select 'contains',
  • In the text field right next to it paste the text sting shown below:
    p[^a-zA-Z]*e[^a-zA-Z]*n[^a-zA-Z]*[i¡í1ÌÍÎÏìíîïI|][^a-zA-Z]*s
  • Leave the 'then' menu as is to display 'Place in SpamBox',
  • Click [Create],
  • Click 'Log Out'.
More such filters for other common spam signature keyword and phrases will be provided soon in the mentioned ready-to-use filter sets.
Please note that the filter above will not detect the pattern in encoded e-mail messages, however we the next filter will make up for it.

This filter will catch all encoded e-mail messages. Encoding is used almost only for binary attachments (pictures, programs, zip files, etc.). Considering that other than attempting to mask its contents, there is no good reason for anyone to encode an entire message, we may safely assume that every encoded e-mail is a piece of spam. Here is how to catch them:
  • Point you browser to the eXspaminator web page at http://spam.nyct.net,
  • Log on using your regular nyct.net username and password,
  • Click on 'Create Filter',
  • Scroll down and click on 'Advanced Filter' at the bottom of the page,
  • In the 'Filter Name:' text field type Encoded Messages
  • In the 'Filter Rules' select 'Message Headers' from the 'If the' menu,
  • In the menu right below select 'begins with',
  • In the text field right next to it type Content-Transfer-Encoding: base64
  • Leave the 'then' menu as is to display 'Place in SpamBox',
  • Click [Create],
  • Click 'Log Out'.
Spammers often replace some letters with similar looking foreign characters (i.e. èéêëìíîï). To do this trick in the subject line they need to encode it which eXspaminator can easily detect. If English is the only language that you use to communicate over e-mail, this filter is for you:
  • Point you browser to the eXspaminator web page at http://spam.nyct.net,
  • Log on using your regular nyct.net username and password,
  • Click on 'Create Filter',
  • Scroll down and click on 'Advanced Filter' at the bottom of the page,
  • In the 'Filter Name:' text field type Encoded Subject
  • In the 'Filter Rules' select 'Subject' from the 'If the' menu,
  • In the menu right below select 'contains',
  • In the text field right next to it type =\?.+\?=
  • Leave the 'then' menu as is to display 'Place in SpamBox',
  • Click [Create],
  • Click 'Log Out'.
You probably noticed spam advertising spam, which lately became very popular. This filter should detect some of those e-mails:
  • Point you browser to the eXspaminator web page at http://spam.nyct.net,
  • Log on using your regular nyct.net username and password,
  • Click on 'Create Filter',
  • Scroll down and click on 'Advanced Filter' at the bottom of the page,
  • In the 'Filter Name:' text field type 'Spam for Spam',
  • In the 'Filter Rules' select 'Subject' from the 'If the' menu,
  • In the menu right below select 'contains',
  • In the text field right next to it type (advertise)|(e[^a-zA-Z]*mail) .*million
  • Leave the 'then' menu as is to display 'Place in SpamBox',
  • Click [Create],
  • Click 'Log Out'.
Some spammers try to be in compliance with certain commercial e-mail advertisement laws by including the ‘ADV:’ prefix. Well, it’s still spam, so let’s get rid of it!
  • Point you browser to the eXspaminator web page at http://spam.nyct.net,
  • Log on using your regular nyct.net username and password,
  • Click on 'Create Filter',
  • Scroll down and click on 'Advanced Filter' at the bottom of the page,
  • In the 'Filter Name:' text field type ADV Prefix
  • In the 'Filter Rules' select 'Subject' from the 'If the' menu,
  • In the menu right below select 'begins',
  • In the text field right next to it type adv[^a-zA-Z]
  • Leave the 'then' menu as is to display 'Place in SpamBox',
  • Click [Create],
  • Click 'Log Out'.
These filters should put a significant dent in the amount of spam coming to your mailbox and that’s only the beginning.



Survival Tips

   You probably wonder how your e-mail address ever ended up in the hands of a spammer, right? The main source of e-mail addresses for spammers is so called e-mail ‘harvesting’. E-mail address collecting programs also known as spambots, e-mail harvesters or e-mail spiders automatically scan the Web in search for e-mail addresses. You don’t necessarily have to own a website or a web page with your e-mail address posted to be a victim. Some websites list newsgroup archives, e-mail archives, discussion list archives, user registration information, third party contact information, etc. Your e-mail address may be listed on those website without you even knowing about it. You have every right to contact the webmaster of such website and request them to remove your e-mail address.
In case you actually own a website or a web page with your e-mail address provided as a means of contact, you should disguise that e-mail addresses ASAP. FantoMail at http://www.FantoMail.com is a great tool to do just that.
There are many ways spammers harvest and collect email addresses to build their lists. Although you need to be careful of where you leave your email address at Web sites, in newsgroup posts, and when chatting, sometimes you'll end up on a list without exposing your address whatsoever. It's common for spammers to guess at potentially valid addresses by taking a common username and adding valid domains to it. For example, chances are there will be a "bob@" at just about any provider's domain.
Even if you already receive tons of spam it’s never too late to prevent from ending up on other spammers' mailing lists. Here are some very important tips:

  • Don’t give out your email address
  • Disguise your e-mail address on your website (tool at http://www.FantoMail.com)
  • Do not use your real e-mail address when posting a message to the newsgroups
  • Uncheck all "can we notify you" type options on web forms.
  • Never ever send greeting cards through any of those free greeting card websites and ask your friends not to send any of those to you either
  • Ask your friends to place your address on the Bcc line (instead of To) when sending a joke to multiple people at the same time
  • Never enter your real e-mail address on a web guest book or any other place where it’s not absolutely necessary
  • Use the search engines to locate websites listing your e-mail address. Contact the webmasters of those websites and request your e-mail address to be removed immediately.
  • Never Ever reply to spam or even request them to take you off their mailing list - the floodgates will open, as they will know that there is a human being on the end. Many have learnt this lesson the hard way.
Remember, an ounce of prevention is worth a pound of cure!

© 2003, New York Connect, Inc.