Background images in February 2003 are selected from the analyticalQ
Photo: East Coast of West Malaysia, 1988
Spam : weapons of mass disruption
contribution by the Hungry
Personal Computers and the Internet are amongst the greatest
inventions of modern times, arming individual users with tools of mass communication
and productivity at the finger tips. With various accessibility tools, people
with disabilities can also communicate and participate in cyberspace activities
through voice recognition and other sensory interaction applications.
along with these marvelous inventions came inventions such as Worms, Viruses and
Spam Mailers which are clearly ill-conceived weapons of mass disruption.
can install reputable virus detection software, keep your system software and
virus scandata up-to-date, and combine these with prudent practices and disciplines
to more or less keep most viruses and worms at bay. Systematic update, discipline,
and common sense.
But how do you fight a war against privacy terrorism
such as Spam mail ? How do you disarm these weapons of mass disruption ? No spam
filtering software has been known to effectively deal with spam mail in a satisfactory
manner. You can never filter enough and at the same time you are afraid of filtering
out important and critical emails. Why is this so ?
Unlike worms, viruses
and their various mutations which are usually produced by techie nerds and jerks
of cyberspace and hence constrains the number of possible creators, any person
including automated computer programs can easily produce and propagate spam mail
effortlessly. The possible number of spam mail creator is essentially unlimited
if you count automated spam software.
The problem with not being able
to filter out spam mail effectively is many-fold, here's just a short list of
- Spam sender addresses keep changing and may use popular domains
such as Yahoo.com or Hotmail.com
- Spam subject lines are disguised as
innocent titles and everyday subject matter like "how are you" etc
Spam message format and content vary infinitely
- Spam mailings are sent
through thousands of unsecured SMTP servers in cyberspace making it impossible
to detect network of origin (*don't worry about the tech-talk)
relentless spam mail often relies on some form of "stealth" characteristics
in disguising itself as innocent everyday email messages to get past detection
by spam filter software.
The key to spam mail working is the email addresses
everyone uses to communicate with each other. Your email addresses are recorded
in some computers somewhere. Spammers discover your email addresses through a
variety of very simple and very creative means - below is not an exhaustive list
- Supplied by free online subscription websites, search engines,
and free membership organizations - they need "sponsors", right?
Supplied by free webmail service providers (including previously the "Hot"
one) - yes, nothing is free.
- Hacking into databases of protected online
paid subscription websites, corporate databases, business directories and professional
- Extracting from Web pages, online forum postings
and bulletin boards that featured your entries.
- Web advertisers "click
tracking" software which accumulate email addresses and click patterns into
...the list is endless.
In a nutshell, your
email address stored anywhere in cyberspace can be discovered by spam mailers,
often through "robots" and "spider" automated address scanning
programs no different from how search engines discover web pages and web content.
As long as you have an email address, you cannot hide from spammers.
than installing spam mail filtering software, here are some rules on how to combat
Rule No. 1: Avoidance
Rule No. 2: Refer to Rule
Avoidance is still the first and best strategy. You can never
avoid all spam mail, but you can reduce the level of disruptions caused by spam
mail through applying basic avoidance tactics such as:
- Never disclose
your "permanent" email address, the one you get from your ISP for your
Internet connections, be it ADSL or dial-up connections.
- Establish a
set of protected email addresses for different applications and be selective who
you disclose which to.
- Use only free and changeable public domain email
addresses when subscribing to any free online services or non-critical memberships
Your Permanent Email Address
This is strictly a nondisclosure item
if you can help it. Once you get relentlessly spammed on this address by automated
spam software, the only way to fix it is to change this address and that usually
means signing up for a new ISP account. Surely you don't want to do this often.
2. Protected Email Addresses
You should have at the very least
three email addresses which are "protected" and you do not simply disclose
to non-relevant parties. Never use these addresses for registration with any free
online services including free magazines, newsletters, news services, non-critical
memberships, and the likes.
i) Personal email address for personal
emails with friends, relatives and personal contacts and you only disclose this
email address very selectively.
ii) Professional email address
which you usually get assigned to you by your employer or business organization
- disclose this only strictly to business or professional contacts and avoid using
this for unsecured professional subscriptions or membership registrations unless
email contact address for general email usage outside the realm of personal
friends, relatives or business contacts, meant for casual email contacts. Disclosure
can be somewhat relaxed but still avoid registering this for free online services.
There is a high likelihood of this address being spammed because one of your casual
contacts has unwittingly (or willingly) revealed this to spam address collectors,
so be prepared for this eventuality. If this is a serious concern you may wish
to relegate this to a "changeable email address" discussed in the next
For subscriptions to professional membership organizations and
paid online subscriptions, you can use any of the above, but make sure the privacy
policy protects disclosure.
3. Changeable Email Addresses
unprotected usage, non-critical applications, or usage anywhere that has "high-risk"
of discovery of your email address, you should use a set of changeable email addresses
which you can obtain from free web mail service providers such as Yahoo.com, Hotmail.com,
Mail.com and lots more.
These are also your email addresses for registering
to free online services such as newsletter subscriptions, free downloads, free
membership organizations, and the likes. Nothing is free in cyberspace, so you
can almost guarantee that any free online service provider will sell or disclose
into by spam mail address collectors for the purpose of accumulating email addresses.
You can be very sure your email addresses here will be the victim of spam
mail within very short time of establishing them, and the volume of spam mail
here will continue to grow without restraint.
Be prepared to change these
addresses when spam mailing gets out of control, that's why it is best to use
free web mail service providers. When you change such addresses, it will be a
hassle to redo all the free online registrations, but this is by far better than
being spammed on an email address you cannot change and you are helpless at stopping
the endless flow of spam mails to your protected email address.
It is best to
keep the mailboxes of these free email addresses on the web service providers'
own servers, and not download them into your Microsoft Outlook, Outlook Express,
Eudora, Lotus Notes, Netscape Communicator, and whatever POP mail client software
you are using. This has several advantages:
- Faster access, no time-consuming
unnecessary download time
- Less risk of virus attack on your PC in case
of malicious mail attachments
- Easier to mass delete spam mail by examining
the headers and unfamiliar senders
- Reducing risks of all sorts by keeping
this separate from your critical communication system
One last word
on using free web mail services. When you
sign up for free email addresses, and they ask you for an "alternate"
email address, never disclose your protected email address. This entry is also
a source of spam mail address collection.
Spammers Favourite Tricks
Spam mail address collectors who sell their databases of email addresses usually
charge a premium to web advertisers when they can guarantee that the email address
is a legitimate recipient who opens his/her mail. Web advertisers sending out
spam mails may be interested to know if their mail is opened, so as to target
the recipients in a relentless manner. Whatever the reason, there are several
tricks employed by spam mailers to obtain these "acknowledgments".
Most spam mailings come with a "remove" or "unsubscribe"
button for you to click on. If you are tempted to believe clicking these will
stop the spam mail from coming, don't. Clicking on any button in the spam mail
is just about the LAST thing you do to a spam mail - it is an acknowledgment that
you have opened the email. Guess what - one click and you will get thousands more
Spam mails (or any other mail for that matter) can contain
"web bugs" which access a website and pass on a token (typically an
illegal marked URL) to the website that the spam mail has been opened if you open
the spam mail while online. This is another way to obtaining "acknowledgment"
from the recipient. As a good practice, you should always go "off-line"
before opening and viewing suspected spam mail to ascertain its content if you
want to avoid sending these "acknowledgment".
When using POP
mail client such as Microsoft Outlook, Outlook Express, Eudora, and others, always
disable the setting "Send Read Receipt" which basically automatically
sends an email message to the sender address acknowledging opening of the email
each time you open an email which contains a read receipt request. Allowing this
may be a great way for friends to know if you are opening each others' emails.
But it is also a great way of acknowledging the opening of spam mail.
It is no doubt troublesome and inconvenient to keep
so many email addresses, but in this age of cyberspace mass communication, there
is almost no other alternative if you wish to protect yourself against these weapons
of mass disruption. By restricted disclosure of protected email addresses, and
using changeable addresses for high risk usage, you are combating spammers using
their own tactical advantage - stealth. Moving targets are harder to shoot at
than fixed ones.
With a clear set of avoidance tactics and email address
strategy described above, maintaining strict discipline and prudent practices
combined with common sense, you may stand a chance at combating these weapons
of mass disruption and make your existence in cyberspace less stressful, more
productive and a little more enjoyable.
Note from editor:
article has been generously contributed by the Hungry Poet who assisted Anne Ku
with anti-spam tactics. See "Victim of spam"
for related Bon Journal entry.
25 February 2003 Tuesday