Archive for the ‘Spam Prevention’ Category

Tired of Spammers Harvesting Your Email from Your Website

Tuesday, April 28th, 2009

Anytime that you post an email address as part of a page in cyberspace, a spammer will find it sooner or later.  Then you will start getting email to that address that you do not want. (Be clear that I am not necessarily referring to email you provide for logging in purposes.  If someone gets that email address, blame the person you gave it to.)

Here is a new trick I found for reducing that spam if you want to list an email address on your website

1) Use an address that you do not send email from.

2) blacklist all email from that email address.

For instance I never send email from the address programmer@asitethatworks.com.  However, when I used to display my email address on my website, I used that as my address and I forwarded to my regular account.  (It was a way of letting me know what type of email I was getting.)

Since I do not send using that email address then no one else should either.  If they do, I know they are spammers. If I blacklist that address, I never see it.   (However, if they use that only as their “visible name” but use a different address for the real send, it will not work.)



Detecting Spam/Phishing

Monday, August 18th, 2008

You’ve seen emails with titles like

  • UPS Tracking Number 0917799165
  • please verify your account information
  • Mail Returned.
  • Weekly Top News

Do you automatically open these official sounding emails without looking at anything else?

I hope not!

You are setting yourself up for trouble. A few years ago I saw a web professional start filling one of these forms out because she was fooled by how “real” it looked. Luckily, she started paying attention to what she was doing before she hit send and gave someone her bank account numbers.

So what are some of the common warning signs and how can you uncover the truth?

  1. Very few, if any, companies will ask you for account numbers, any sort of ID numbers, passwords, usernames, etc via email. They keep things on file and assume they are correct. This is almost always a sure sign of spam.  If you forget a needed piece of information such as a username or password, they will either:
    a) send an email to the email address on file with new instructions to get into their system
    b) ask you some questions that you have previously answered that only you should know the answer (and let you in after to answer those questions–they may require you to change your password in the process.)
  2. Do you recognize the sender. If it looks like it might be legitmate but it is questionable, look the “header” information on the email and pay particular attention to the names there. (My last blog has more information on how to retrieve the header information.)
  3. Account or ID numbers with the wrong numbers with the wrong number of digits or other information that shows the sender was sloppy.
  4. Does the subject make it look like it is one of many emails on this topic that they send out regularly, such “Top News Stories Today” or  “News Digest,”  (from your news outlet of choice) “Today’s Tip to Lose Weight” (from your favorite diet service), “This week’s Specials” (from your favorite retailer).  In this case, check the headers.

How to Know Who Really Sent an Email

Monday, August 11th, 2008

Ever get an email from “Evelyn?” Who is Evelyn? Is she a long lost friend, a neighbor, a relative you just learned you had, or someone hoping you know an Evelyn and will open their pharmaceutical advertisement?

It may appear that you don’t know until you actually open the email, but that is not true. When you first open an email it very much like looking at the outside envelope of mail you get from the postal service. Both systems have a delivery address and a return address. In both cases, anyone can put what ever return address they want to. For instance, I could send out a thank you note on behalf of my parents. While doing the return address, I could forget who is “sending” the mail and put my personal address instead of my parents. The recipient would not know who actually sent the mail until the opened it.

The “from” address that displays in your email browser works the same way. The sender can put what ever he wants.

However, I cannot fake the post office that actually takes the regular mail and sends it for me. They add an ink stamp or two to on the front of the envelope. Responsible email servers also leave signatures identifying the “post office” or sender. This information is stored in the “Header” information of the email.

  • Outlook: you can get to this information by right clicking on the email in question. In the pop-up menu select “Message Options.”
  • Webmail (Horde): When you rollover the sender’s name in the email list, the system has a cursor pop-up that shows a real email address. (which can be faked, but is often not bothered with.)

Below is a sample header from Outlook sent from “John Hannah” Notice in particular the number of ways that the sender can be identified. If you see something odd in any of them, be very concerned:

  • Notice the sections in Red–that is what the server puts in to tell you where it really came from
  • Notice the section in Blue–that is what you typically see from your email browser.
  • Purple is a comment from me
  • The grey text has been changed just to keep it out of the public domain. (Some of us are just paranoid; no use in attracting any more spam than I need to.)

X-Spam-Flag: YES
X-Spam-Level: **********
X-Spam-Status: Yes, score=10.6 required=4.0 tests=BAYES_99,HELO_LH_HOME,
RDNS_NONE,TRACKER_ID,TVD_SPACE_RATIO autolearn=no version=3.2.3
X-Spam-Report:
* 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
* 2.7 HELO_LH_HOME HELO_LH_HOME
* 2.0 TRACKER_ID BODY: Incorporates a tracking ID number
* 2.3 TVD_SPACE_RATIO BODY: TVD_SPACE_RATIO
Received: from speedtouch.lan ([IPS Address]) by myserver with MailEnable ESMTP; Mon, 11 Aug 2008 11:09:32 -0400
Message-ID: <01c8fb78$d21fb600$c9eded40@maintainedtw91>
From: “John Hannah” <maintainedtw91@rv-ventures.com> The section betwen < and > can be faked. This is the address that shows up when in the rollover in webmail.
To: my name<myemailaddress@pracprog.com>
Subject: [SPAM] SpecialPrices100mgBestQuality
Date: Mon, 11 Aug 2008 06:09:32 -0900
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”us-ascii”;
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
X-Spam: Not detected
Return-Path: <maintainedtw91@rv-ventures.com>
Reply-To:
<maintainedtw91@rv-ventures.com>–Sometimes faked also
Sender: <maintainedtw91@rv-ventures.com>
X-Spam-Prev-Subject: SpecialPrices100mgBestQuality

Postcard Virus and a Related Hoax

Wednesday, October 17th, 2007

I just got one of those emails with a dire warning about a new virus presenting itself as email indicating that I had received a “postcard” from a family member. There is a serious postcard email threat, but this email mixed information about a hoax email and the more serious problem of a spam/virus problem that went rampant this past summer. Both are serious concerns, but the hoax email just clutters my inbox (and scares people).

Basically the hoax says that a news report has just come out that says a new virus has come out and there is no cure. It locks up your computer. Then when you hit ctl+alt+del it erases “sector 0” on your harddrive. You can read more at : http://www.snopes.com/computer/virus/virtualcard.asp (There is no sector 0 that when erased will destroy your hard drive.)

The other email is far more serious and deserves a little bit of information: http://www.snopes.com/computer/virus/postcard.asp

The glue that holds these two emails together for the casual observer is that both refer to a “postcard” in the subject line. The actual bad item shows up with a subject line idicating you have just received a postcard (or holiday card, etc.) from a family member (or trusted friend, or co-worker, etc.) The hoax email will mimick this email to a certain extent.

Although I may appear to some to be nit-picking, I really do take these types of threats very seriously. I had one of these @#$W$ things take over my computer a couple of years ago and I lost a few days of my valuable work time dealing with it and had to do a bunch re-installs, lost some documents, etc. So I have particularly strong opinion against these @$%@ guys. Your best defenses is to

  • keep your PC operating system up-to-date
  • keep your anti-virus software up-to-date
  • avoid opening these types of emails

If you open one of these emails, if it is from a reputable company, you will have an access code and web address where you can go to see the postcard. There should be less chance of getting a virus/spam/worm etc. following this approach, rather than opening the link in the email itself.

You can get more information about Microsoft updates at http://www.microsoft.com/protect/computer/updates/automatic.mspx. (Once you click on the appropriate link for the operating system you have, you actually get some helpful information—unlike some of Microsoft’s very bad help screens.)

How do you know what operating system you have?

Vista: where it used to say “Start”, you will have a circular icon surrounding the familiar windows symbol

Some Version of XP:

  • Click on the “start” button (usually at the bottom left of your screen)
  • RIGHT click on the icon/text for “My Computer” (if you have this icon on your desktop, you do the same thing there)
  • From the pop-up menu click “Properties”

There are so many different versions of anti-virus software I’m not really going to go into much detail on ensuring that it is up-to-date. However, most of them have an option in their main menu that you can select to do updates. (They like to encourage you to keep things up-to-date through a subscription service.)

I hope this helps at least a few folks.

Getting Rid of Spam–Why Is There So Much?

Monday, May 21st, 2007

Spam is advertising!

By advertising we mean an attempt to get you to buy something or like something. It is not profitable for businesses to spend money getting you to buy or like something unless you spend more money than the cost of the advertising and making the product. Email is probably the cheapest way to communicate a message to specific individuals and the recipient and the internet service providers bear a lot of that cost, not the spammer. It is certainly cheaper than television, but it is also significantly cheaper than the direct mail campaigns you get in the postal mail. Consequently, the response rate can be incredibly low and still be worthwhile to the “business.” By business, we mean legitimate corporations, sole proprietors, as well as black marketeers. (Yeah they are running a businees to; it is just not considered legitmate.)

Consequently, unwanted email is here to stay.

While some email is very obviously spam, some unwanted email is nothing more than bad judgement by someone you met a recent networking meeting trying to extend their legitmate business connections. Hopefully, you can send them a nice email to express your dis-interest or just delete those emails as the cost of being an active networker.

The obvious spammers are much harder to deal with. In all cases remember that these people do not respect the law and that they have set-up a marketing businesses. This fact means that it is their business to identify real potential targets for a real advertising campaign they either develop or are paid to send out. They may or may not selling the actual illegal pharaceuticals themselves.

Technically marketing and advertising are two different steps of a business’s efforts to get you to buy something. Marketing is the process of determining who might buy and what would induce them to buy. Advertising is developing a sales pitch that will reach that defined market using the defined inducements. Successful marketing determines the potential success of the advertising campaign. Said another way, advertising can be no more successfull than the underlying marketing campaign, unless the business gets really, really lucky.

After a spammer has set-up his technological infrastructure, he has to do the marketing.

  1. he must identify real email addresses (his general target audience)
  2. she must identify something that person might be interested in (her refined target audience)
  3. he either sells that information or puts it into his database of recipients for his other (quite possibly illegal) business operation(s) advertisements. (his advertising)

A direct mail campaign often starts with someone buying either a targeted list from someone or buying a general list with other data and doing some analysis of the data themselves. (We’ve assumed that they have already identified who they want to target. For a variety of reasons, the most obnoxious (high volume) spammers do not really care about highly refining the target set of individuals.)

A spammer has several ways to build his list:

  • They can buy your email address from someone.
  • They can create software robots that search all of the websites out there for email addresses that are encoded on the site’s pages.
  • They can send random emails (it is really cheap.)

At this point it is important to remember that spamming is still a business, even if the distribution costs are really low. So spammers prefer to send email to addresses that are real. Consequently, the put tracking mechanisms in their emails. If you open the email they send, you are confirming they have a real address. If you follow any links, they know you have an interest.

The spammer has just completed his marketing to you because you have been identified and confirmed. They can now send even more spam your way. To me it seems like they tell all of their friends, but it is more likely that each spammer simply markets a for a variety of businesses.

Solutions:

Therefore, no one technique will foil spammers. Although there are many different approaches, they can be divided into the following three categories:

  • Techniques that use sophisticated software to identify spam so that you do not get advertisements for medicine or pornography that you do not want. These are the most important ones you can take.
  • Techniques that make it harder for spammers to find your address
  • Techniques that allow you to filter your email so that you open less spam. (This last one may sound like a nuisance, but it actually very important because they are constantly tracking what emails get opened.)

Over the next few posts, I am going to discuss these techniques in much more detail and give you some valuable insight.

    Please come back when we have finished our re-branding and have republished this site