Spam Warfare
by Jerry Kapron, NYCT.NET
Spam Prevention Tips • eXspaminator
Reports from the Front
Spam is a major problem today for the Internet and society.
The volume of junk e-mail has just recently crossed the threshold from
public nuisance to public enemy. 50% of all e-mail is spam. It's costing
an estimated eight to nine billion dollars in lost productivity in the
U.S. alone. Several individual studies unanimously indicate that spam
will exceed normal e-mail by the end of July 2003. The blindly accelerating
growth of spam may drastically affect the way people will use e-mail and
the global structure of the Internet in general. It reached the point
where it’s practically impossible not to be forced to view or read some
immoral or offensive content while checking e-mail or browsing the web.
Our biggest concern of course is for our children’s protection from all
that unhealthy filth.
Our
Battleship
Despite the fact that the recent situation triggered
an unprecedented push by U.S. lawmakers and corporations to solve the problem
of spam, it does not necessarily mean that any new anti-spam law will come
to our rescue any time soon. In fact, efforts to tackle spam by adjusting
the law are nothing new. Many believe that such law would be a direct breach
of the First Amendment, which is the true barrier in passing a legal solution
to what endangers the Internet, as we know it. It appears that we may by
far conclude that technology will be our main weapon in the War on Spam
for a while.
Nearly a year ago New York Connect announced eXspaminator
- our homegrown highly customizable spam filtering system (http://spam.nyct.net/
). Many of our resolute users make perfect use of eXspaminator
by actively managing their spam filters and reducing or even eliminating
spam from their mailboxes.
Ever since eXspaminator
has been released we kept providing tips for creation of effective spam
filters as well as improving the system itself. The are some great new features
that we are very excited to announce for the first time it this very newsletter.
Not many people realize that eXspaminator
is in fact a very powerful and extendable system that in addition to
effectively killing spam can also detect and discard e-mail viruses and
worms, manage your auto-responders, as well as let you view the trapped
spam messages before they are permanently discarded and even more.
Prisoners of War
Killing spam definitely has its pros, but it can also
cause some problems. Some of the major national ISP’s serving masses of
customers deal with enormous amounts of spam daily. Due to the overwhelming
numbers they usually take a different approach in fighting spam. Rather
than allowing each user to define and manage their personal spam filters
they apply common and rater aggressive filtering rules to all users. Their
individual user has no control over which of his or her incoming e-mails
get classified as spam. With that type of spam blocking approach there are
many incidents of a desired e-mail being classified as spam and instantly
deleted. We can only guess that in most cases the recipient does not even
realize what happened. The fact however is that recently there were many
legal cases of customers suing the major ISP’s for such incidents.
That’s where we introduce the SpamBox.
SpamBox is a great feature,
which makes your spam filter management risk-free. Whenever an incoming
e-mail message gets classified as spam by your filters, instead of being
deleted is actually forwarded to your SpamBox
which is completely separate from your regular inbox. You may access your
SpamBox right from your web
browser by logging in with your regular e-mail user name and password at
http://SpamBox.nyct.net/.
Once you’re inside you may:
- browse the list of e-mail messages filed as spam
- open each message in a safe or normal mode
- perform a full text search on all messages in SpamBox
- move individual messages to your regular inbox (just in case something
got there by mistake)
- forward individual or multiple messages to any email address
- permanently delete individual or all messages
Once eXspaminator
places an e-mail massage in your SpamBox,
it will kept there for two weeks before it’s automatically deleted or
you manually delete it or move it to your inbox. Being able to see what
gets caught to your SpamBox
is a great way to tune the accuracy of your filters.
The Evolving acumen of eXspaminator
The truth is that setting up one filter for each keyword or phrase
is a very time-consuming and not very effective way of catching spam.
Spammers work hard to come up with new techniques and ways to get around
spam blocking technology. Known tricks are misspelling and scrambling
of hot keywords, replacing text with images, encoding entire messages,
creating bogus invisible html tags just to mention a few. The chances
that your regular keyword/phrase filters will detect spam using those
and other tricks are rather slight.
The good
news is that eXspaminator
now supports special pattern definition markup, namely Regular Expressions,
which can be used to create very powerful filters may easily outsmart
most spam masquerading techniques. This feature makes eXspaminator
a one tough anti-spam weapon.
Instead
of trying to educate all our users how to use regular expressions markup
themselves, we will shortly start to offer sets of ready-to-use filters
created using regular expressions for clever flexible pattern matching.
New sets will be offered on a regular basis and users will be able to
choose which filters they would like to apply to their e-mail accounts
in addition to the filters you build yourself.Our goal is to make eXspaminator
intelligent enough to automatically create filters based on spam e-mails
forwarded by our users. Once that feature is implemented, you could forward
all junk mail from your mailbox to a spam analysis e-mail account, which
would parse the messages in attempt to detect some common patterns and
create a filter based on what it finds.
Setting Pitfall Traps
Let’s not waste any more time and put eXspaminator’s
powerful capabilities in action. Whether you do already have some eXspaminator
filters or not, this is a good way to start or go beyond the simple keyword
or phrase filters and equip your eXspaminator
account with some more combat intelligence.
This filter catch any unencrypted e-mail message containing the word ‘PENIS’
even if the spammed deliberately misspelled or scrambled it to fool the
filters:
- Point you browser
to the eXspaminator web
page at http://spam.nyct.net,
- Log on using your
regular nyct.net username and password,
- Click on 'Create
Filter',
- Scroll down and click
on 'Advanced Filter' at the bottom of the page,
- In the 'Filter
Name:' text field type Penis,
- In the 'Filter
Rules' select 'Entire Message' from the 'If
the' menu,
- In the menu right
below select 'contains',
- In the text field
right next to it paste the text sting shown below:
p[^a-zA-Z]*e[^a-zA-Z]*n[^a-zA-Z]*[i¡í1ÌÍÎÏìíîïI|][^a-zA-Z]*s
- Leave the 'then'
menu as is to display 'Place in SpamBox',
- Click [Create],
- Click 'Log
Out'.
More such filters for other common spam signature keyword and phrases will
be provided soon in the mentioned ready-to-use filter sets.
Please note that the filter above will not detect the pattern in encoded
e-mail messages, however we the next filter will make up for it.
This filter will catch all encoded e-mail messages. Encoding is used almost
only for binary attachments (pictures, programs, zip files, etc.). Considering
that other than attempting to mask its contents, there is no good reason
for anyone to encode an entire message, we may safely assume that every
encoded e-mail is a piece of spam. Here is how to catch them:
- Point you browser
to the eXspaminator web
page at http://spam.nyct.net,
- Log on using your
regular nyct.net username and password,
- Click on 'Create
Filter',
- Scroll down and click
on 'Advanced Filter' at the bottom of the page,
- In the 'Filter
Name:' text field type Encoded
Messages
- In the 'Filter
Rules' select 'Message Headers' from the 'If
the' menu,
- In the menu right
below select 'begins with',
- In the text field
right next to it type Content-Transfer-Encoding:
base64
- Leave the 'then'
menu as is to display 'Place in SpamBox',
- Click [Create],
- Click 'Log
Out'.
Spammers often replace some letters with similar looking foreign characters
(i.e. èéêëìíîï).
To do this trick in the subject line they need to encode it which eXspaminator
can easily detect. If English is the only language that you use to communicate
over e-mail, this filter is for you:
- Point you browser
to the eXspaminator web
page at http://spam.nyct.net,
- Log on using your
regular nyct.net username and password,
- Click on 'Create
Filter',
- Scroll down and click
on 'Advanced Filter' at the bottom of the page,
- In the 'Filter
Name:' text field type Encoded
Subject
- In the 'Filter
Rules' select 'Subject' from the 'If
the' menu,
- In the menu right
below select 'contains',
- In the text field
right next to it type =\?.+\?=
- Leave the 'then'
menu as is to display 'Place in SpamBox',
- Click [Create],
- Click 'Log
Out'.
You probably noticed spam advertising
spam, which lately became very popular. This filter should detect some of
those e-mails:
- Point you browser
to the eXspaminator web
page at http://spam.nyct.net,
- Log on using your
regular nyct.net username and password,
- Click on 'Create
Filter',
- Scroll down and click
on 'Advanced Filter' at the bottom of the page,
- In the 'Filter
Name:' text field type 'Spam for Spam',
- In the 'Filter
Rules' select 'Subject' from the 'If
the' menu,
- In the menu right
below select 'contains',
- In the text field
right next to it type (advertise)|(e[^a-zA-Z]*mail)
.*million
- Leave the 'then'
menu as is to display 'Place in SpamBox',
- Click [Create],
- Click 'Log
Out'.
Some spammers try to be in compliance
with certain commercial e-mail advertisement laws by including the ‘ADV:’
prefix. Well, it’s still spam, so let’s get rid of it!
- Point you browser
to the eXspaminator web
page at http://spam.nyct.net,
- Log on using your
regular nyct.net username and password,
- Click on 'Create
Filter',
- Scroll down and click
on 'Advanced Filter' at the bottom of the page,
- In the 'Filter
Name:' text field type ADV
Prefix
- In the 'Filter
Rules' select 'Subject' from the 'If
the' menu,
- In the menu right
below select 'begins',
- In the text field
right next to it type adv[^a-zA-Z]
- Leave the 'then'
menu as is to display 'Place in SpamBox',
- Click [Create],
- Click 'Log
Out'.
These filters should put a significant
dent in the amount of spam coming to your mailbox and that’s only the beginning.
Survival Tips
You probably wonder how your e-mail address ever ended
up in the hands of a spammer, right? The main source of e-mail addresses
for spammers is so called e-mail ‘harvesting’. E-mail address collecting
programs also known as spambots, e-mail harvesters or e-mail spiders automatically
scan the Web in search for e-mail addresses. You don’t necessarily have
to own a website or a web page with your e-mail address posted to be a victim.
Some websites list newsgroup archives, e-mail archives, discussion list
archives, user registration information, third party contact information,
etc. Your e-mail address may be listed on those website without you even
knowing about it. You have every right to contact the webmaster of such
website and request them to remove your e-mail address.
In case you actually own a website or a web page with your e-mail address
provided as a means of contact, you should disguise that e-mail addresses
ASAP. FantoMail at http://www.FantoMail.com
is a great tool to do just that.
There are many ways spammers harvest and collect email addresses to build
their lists. Although you need to be careful of where you leave your email
address at Web sites, in newsgroup posts, and when chatting, sometimes you'll
end up on a list without exposing your address whatsoever. It's common for
spammers to guess at potentially valid addresses by taking a common username
and adding valid domains to it. For example, chances are there will be a
"bob@" at just about any provider's domain.
Even if you already receive tons of spam it’s never too late to prevent
from ending up on other spammers' mailing lists. Here are some very important
tips:
- Don’t give out your email
address
- Disguise your e-mail address
on your website (tool at http://www.FantoMail.com)
- Do not use your real e-mail
address when posting a message to the newsgroups
- Uncheck all "can we notify
you" type options on web forms.
- Never
ever send greeting cards through any of those free
greeting card websites and ask your friends not to send any of those
to you either
- Ask your friends to place
your address on the Bcc line (instead of To) when sending
a joke to multiple people at the same time
- Never enter your real e-mail
address on a web guest book or any other place where it’s not absolutely
necessary
- Use the search engines
to locate websites listing your e-mail address. Contact the webmasters
of those websites and request your e-mail address to be removed immediately.
- Never
Ever reply to spam or even request them to take
you off their mailing list - the floodgates will open, as they will
know that there is a human being on the end. Many have learnt this lesson
the hard way.
Remember, an ounce
of prevention is worth a pound of cure!
© 2003, New York Connect, Inc. |