[Zsd-news] ZSD Newsletter, June 2003
I. Forbes
iforbes@zsd.co.za
Fri, 20 Jun 2003 10:08:27 +0200
Hello All
Time for another newsletter. This one I want to devote
to the topic of
spam - un-wanted bulk e-mail.
There are many types of spam that vary from the most
vulgar
pornographic advertisements through to messages
like this mailing
list. While the senders of bulk e-mail may argue about
what is or is
not spam, the recipients always know exactly what
they regard as
spam!
When dealing with spam it is important to understand
who sent it
and why, as that determines the best action to take.
FRAUDULENT E-MAIL
By fraudulent, I mean e-mail with forged information
designed to
make it difficult to track the message back to its
sender. These
messages usually contain the worst type of content
such as
pornography, cheap loans, on-line medication, on-line
gambling etc.
There is no point it replying to this mail. It is not a
good idea to click
on an "un-subscribe" link - that merely proves to the
spammer that
the e-mail reached a real person at a valid address
and that
address is flagged as a good target for more spam.
These e-mails can often be recognized by looking at
the subject
line, and it is best to delete them without opening
them.
If you do want to take further action regarding a
fraudulent e-mail, you
would have to go to some effort to track down the real
source of the
message - this requires specialized skills and time. As
the source is
almost always outside of the country the effort is
usually fruitless.
A better idea is to subscribe to a spam reporting
service, like
"Spamcop" (http://spamcop.net). Once you have
signed up with
them, you can forward spam messages to them. They
have a
computer program which analyses the spam and
forwards it on to
the administrators of various computers which were
used and/or
abused by the spammer to get the message delivered.
They also
build up a "Real Time Blacklist" (RBL) of the
computers which are
currently being used (or abused) to send out spam.
This list is used by
ISP's (including ZSD) to block e-mail from the effected
servers.
OPT-OUT LISTS
Opt out lists are set up by over eager marketing
people when they
"acquire" a list of e-mail addresses and send
advertising messages
to everybody on the list, with an invitation to "un-
subscribe" if you
want to stop receiving e-mail. It is often a quick and
easy process to
get removed from these lists, but it is unreasonable to
expect an
individual user to get his name removed from every
list that every
marketer puts together. For this reason, this behaviour
is strongly
discouraged by most ISP's. If you forward the
message (with all of
it's headers) to "abuse@<domain of originator's isp>"
the sender
will likely be placed under quite a lot or pressure to
refrain from
doing it again.
LISTS OF ESTABLISHED CONTACTS
Many organizations keep lists of e-mail addresses of
members,
customers, suppliers etc. From time to time they send
out e-mail to
these lists. (This news letter falls into this category). If
you do not
want to receive these messages you should contact
the sender and
ask them to remove your name. Normally they will
comply.
Another type of e-mail which falls into this group, is e-
mail sent out
by "friendly" people who like sending jokes etc to
everybody in their
address book. From the recipients point of view, these
are often un-
wanted, and thus can be regarded as spam.
E-MAIL HEADERS:
When you open an e-mail in your e-mail program, you
normally see
the content, and a few of the most important headers,
like the
subject line and who the message was from. E-mail
typically
contains many more headers, with information which
is of interest to
e-mail programs and e-mail administrators. If you want
to see the
full headers of a message you will have to invoke a
function on your
e-mail reader. For example with "Outlook Express",
right click on a
message in your Inbox, choose "properties" then
"details".
A lot detailed technical information is available in the
headers - but
beware, some of it can easily be forged. If you want to
report a
spam message to say "Spamcop" or an "abuse"
address, it is vital
that you forward all of the headers as well as the
content of the
message. Many e-mail programs will, by default,
forward only the
content.
FILTERING OF INCOMING SPAM
ZSD, and many other ISP's and organizations, attempt
to filter out
spam before it is delivered to the user. There are a
number of
techniques used in these filters. However when a filter
is used to
block spam, occasionally a valid message is blocked
up by
mistake. This results in what we refer to as a "false
positive". For
many recipients, like businesses, a single "false
positive" may be far
more costly than the inconvenience caused by many
spam
messages. For this reason the use and configuration
of spam filters
must be treated with circumspect.
One of the major tools used by ISP's are the "Real
Time Blacklists"
(RBL) services. These are hosted by various
organizations and list
e-mail servers which are believed to be sending out
spam. ZSD's e-
mail servers checks if a sender is listed on one of
these lists before
accepting e-mail from them.
ZSD blocks e-mail from the following categories of
servers:
- "Open relays" and other misconfigured servers.
These messages
have a patent defect in their structure normally
associated with
spam, or they have been sent by a demonstrated
incorrectly
configured e-mail server. When we get complaints of
"false
positives" regarding these servers, we advise the
senders to sort
out their software.
- Servers listed on RBL's as active spammers. Mail
from servers that
get listed on services like "Spamcop" is blocked.
Occasionally we
get reports of "false positives" - particularly when a
large ISP's
server is listed as a result of the activity of a small
fraction of it's
members. In this situation we will "white list" effected
mail servers,
which forces our e-mail servers to accept mail from
these ISP's.
- Senders to "poison" e-mail addresses. Many anti-
spam services
and ISP's setup "poison" addresses which are
mentioned on
websites and news groups - together with instructions
that no e-mail
should be sent to these addresses. These addresses
are
"harvested" by spammers when their programs to
collect e-mail
addresses from web sites etc and the poison
addresses end up in
spammers' databases'. Therefore any server sending
e-mail to one
of these addresses, is sending out spam. A program is
used to
collect details of e-mail sent to the poison addresses
and the
offending servers are added onto RBL's.
- Known spammers. We block e-mail from a few
senders who have
been observed to send out spam on a regular basis.
ZSD's efforts filter out a huge amount of spam
however there is still
a lot more that still gets through.
There are some new developments with anti-spam
software which
makes use of content scanning rules. This software
detects certain
words in spam and scores marks based on these
words - for
instance three $ signs in a row will attract a high
score. If the score
for the entire message reaches a certain threshold,
the message is
marked as spam. The trouble with these systems is
that there is a
significant level of "false positives". The spam is not
deleted, it is
dumped into a folder. From time to time somebody
must manually
check the spam folder in case there is valuable mail in
it. The rules
must be continually adjusted to achieve the best
results. Newer
systems are "self learning" but they have to be fed
with a collection
of predefined "spam messages" and another collection
of "good
messages" so that they can build up their rules.
ZSD is monitoring the development of this software.
Perhaps, in the
future we will be able to apply it in a practical manner
to the benefit
of our users.
HOW DO SPAMMERS GET YOUR E-MAIL
ADDRESS
Spammers use special programs to scan websites,
archives of
mailing lists and newsgroups. They "harvest" e-mail
addresses and
add them to their databases. As soon as you start
using your e-mail
address in a public forum you become a targeted by
spammers.
If you enter your e-mail address onto a form on a
website for some
reason you can be certain that it will end up on a list.
The site may
have "privacy policy" detailing when and how they will
use your
address. You should also look out for a "don't send
me e-mail"
option on the form.
If your friends forward e-mail messages to everybody
in their
address lists in a manner where all the addresses,
including yours,
are visible, they are doing you no favour at all. As one
of those
recipients may forward the message on again. This
can happen
again and again, accumulating more addresses each
time, until
somebody picks up the message and gets the bright
idea of adding
the addresses to a list. Trade fair registrations,
business contacts,
banks and insurance companies all collect e-mail
addresses and it
is only a matter of time before some of these attract
un-wanted e-
mail.
As a point of record, ZSD had never made client e-
mail addresses
available to 3rd parties. No ISP in their right mind
would ever sell or
make available a list of their customer's e-mail
addresses. Not only
is it entirely un-ethical, but they would also have to
deal with the
extra e-mail that this would attract to their mail
servers.
CONCLUSION
Spam is a major problem facing all users and service
providers on
the internet. It is a cheap and effective advertising
tool, and the
amount of spam grows every day. Despite the best
efforts of ISP's
like ZSD, spam messages are going to continue to
arriving in your
inbox. The computer savvy user can normal identify
spam from the
header lines displayed in their inbox.
The best advice I can give is, delete the spam while it
is in your
inbox, don't get emotional and don't let it spoil your
day.
Ian Forbes
---------------------------------------------------------------------
Ian Forbes ZSD
http://www.zsd.co.za
Office: +27 21 683-1388 Fax: +27 21 674-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South
Africa
---------------------------------------------------------------------