Spam FAQ

from the January 2007 Actrix Online Informer
by Rob Zorn

Spam, sausage, spam, spam, bacon, tomato, and spam.....

In the famous Monty Python Spam sketch, the wonderful female impersonator Graham Chapman becomes increasingly agitated at her inability to order a breakfast not containing spam. "I don't want ANY spam!" she screams. But alas, even the Lobster Thermidor comes with a mandatory side-helping.

The most popular Internet lore says that unwanted or unsolicited e-mails came to be known as spam, because it's impossible to have the Internet without them. There are many competing stories, however, including that spamming originally referred to chatroom users in the early days of the net typing the word 'spam' over and over to drive away newcomers to the group. Others say spam is an acronym for "Stupid people's annoying messages", "Self-promoting advertising material", or even "Sh*t posing as messages".

Whichever of these is the real origin, the Monty Python version will always be preferred because the poor woman so prophetically and perfectly sums up how so many of us feel at times when we fire up our e-mail programme in the morning. One can almost hear the Vikings chanting in the background as e-mail after unwanted e-mail arrives, "Spam, Spam, Spam, Spam...."

A lot has been written about spam both in the Actrix Newsletter in recent months, and around the web in general, and there are many conflicting statistics about how bad a problem it is. One thing is for certain. Spam is a plague of ever-burgeoning proportions, and, at least for the foreseeable future, it is here to stay.

This month we seek to sum up a lot of information about spam, and answer some basic questions about it in layperson's terms.

How did the spammers get my address in the first place?

Spammers 'harvest' e-mail addresses in a multitude of ways. The most common way is to send out little robot programs that trawl every website and newsgroup they can find recording every e-mail address they come across. They collect e-mails that have been forwarded to lots of people so they can copy out the e-mail addresses, and they offer free newsletters to anyone who will sign up with their e-mail address. Once they have the addresses, they are quickly sold and traded to other spammers. Sometimes they just set up a computer program to send their spam to a list of e-mail addresses made up of the most common user names and a particular ISP's domain name.

I clicked the link to unsubscribe, but it made no difference. Why is that?

Many spammers include an unsubscribe link in the e-mails, but this is just a trick. If you try to unsubscribe, you just confirm to them that they have a valid e-mail address. That makes you more valuable and even more likely to be sold or traded. Never reply to a spam e-mail either (even though sending back some well-chosen words of abuse may be tempting). It just achieves the same thing.

Sometimes I get spam e-mail that isn't addressed to me. Why is that?

It is very common for spammers to include lots of e-mail addresses in the 'To' field, the 'CC' (circulating or carbon copy) field and the 'BCC' (blind carbon or circulating copy) field of an e-mail. If your e-mail address has been included in the BCC field, it will turn up for you looking as if it was addressed to someone else. So, no, we haven't made a mistake and wrongly delivered someone else's e-mail to you.

Why do I sometimes get bounce messages coming to me for spam that I certainly never sent?

Spammers not only send spam to you. They also send spam from you. They don't want to deal with all the bounces their e-mails generate so they put someone else's address in the sending field of the e-mail. You'll usually find this happens in waves. Spammers will usually only use one fake sending address for a short time before they change it. It's all part of making themselves harder to trace.

Well, why can't they trace these guys and teach them a jolly good lesson? I thought you could tell where an e-mail comes from.

If only it were that simple. These days most spam comes from bot nets which are hard to trace. Bot nets are groups of ordinary user's computers that have been hijacked without their owner's knowledge. A special virus known as a Trojan is on their machine secretly sending out spam for its master while they surf the Internet blissfully unaware that they've become unknowing minions of an evil spamlord. This is why it is so important to have anti-virus software on your computer, and to scan your hard drive regularly. Individual machines that are part of a bot net are called 'zombies' and there are literally millions of them connected to the Internet at any one time.

Are spam e-mails dangerous?

In and of themselves, they rarely pose a danger. We're pretty good these days at catching attachment viruses before they get to you. Spam messages are only dangerous if you follow their instructions and click any links they contain. It is common for spam e-mails to pose as correspondence from your bank, for example. These 'phishing' e-mails ask you to go to a site and log in to fix up something that has gone horribly wrong with your account. But in reality, you’re taken to a fake site designed to capture your log in details. Make it a rule never to click a link in a spam e-mail of any sort.

Is it my imagination or did spam volumes go nuts for a while there over the last couple of months?

It's not your imagination. Spam volumes really have gone crazy. There are a number of reasons why spam volumes have increased. The first is that bot nets have become very big and very powerful. Some bot net barons claim to have a million machines under their control. Spammers have also become much cleverer at disguising their e-mails so that ISP spam filters can’t detect them. Lastly, the pump and dump scheme seems to be working very well for spammers, and as a result, more and more spammers are jumping on that bandwagon. In recent weeks, other ISPs were hit so hard that their mail servers went down completely, and their customers had mail delayed for days.

What's a pump and dump scam?

You may have noticed lots of spam e-mail lately encouraging you to invest in the stock of some company you’ve never heard of. Basically, the spammers have bought this stock cheaply. They’re hoping to 'pump' up interest and encourage as many suckers as possible to invest in the company so that the value of the stock will increase and they can sell and make a profit. When they do, the shares become worthless and those duped are left out of pocket. Usually, the company involved has not deliberately participated in the scheme.

Spam volumes have dropped again now though. Are the spammers all on holiday?

Absolutely not. Spam volumes are still higher than they've ever been. The Actrix techs have just put a lot of time and thought into designing the filters to better catch it. Spam volumes will always ebb and flow. Spammers will come up with new tricks and evade the filters for a while. Technicians will work out how to block it and volumes will die down again until the next round of new tricks surfaces. It's something that we're just going to have to live with to some extent.

Why on earth did this one spam come through. It clearly had the word 'Viagra' in the title.

As an ISP, and the agent for your electronic communications, we're actually in quite a difficult position when it comes to spam, and it's not always as easy to make rules that work in all situations. Around 75% of the e-mail that comes through our mail servers is caught as spam, so we're doing pretty well. If we turn up the filtering too high, the danger is that we’ll start filtering off legitimate e-mails along with the bad, which would be an even worse problem. Just imagine if a husband wrote an e-mail to his wife saying, "Don't forget to pick up my Viagra, and the real estate agent says we have to have the deposit in by 5 pm or we lose the house." If we blindly filtered off that e-mail just because it contained the word "Viagra", the domestic consequences for this hypothetical couple could have been pretty dire.

You can rest assured that we’re doing the best that we can, and we were quicker than most ISPs at getting on top of the last explosion.

Will changing my e-mail address help?

Well, yes, in the short term it will help, but probably not for long. It's an option if things have gotten so bad that you really can't stand it anymore, but before long spam will start finding its way to your new address as well. There are also a number of hassles involved with changing your e-mail address that might outweigh the advantages. These involve having to let your friends and correspondents know, and having to change your contact details at sites where you are a member such as TradeMe or PayPal.

So how do the spammers trick the filters?

Currently, the most common evasion technique is to send you an image of some text rather than text itself. A filter can look for certain patterns in written words and catch spam more easily that way, but it doesn’t have a human brain, and can’t actually read a picture. Lots of legitimate e-mails also have pictures in them, so the spam filter errs on the side of caution and lets the picture through. The spammers also change the size and name of the pictures they send very frequently so that filters can't learn to recognise them that way either.

Spammers also include random words of text in their e-mails. This reduces the ratio of known spam words in an e-mail making it harder for the filter to be sure. Because machines can't read and make sense of writing the way humans can, they can't tell sense from gibberish. Though they can do amazing calculations and assess an e-mail's spam likelihood in microseconds, they really aren't very literate in and of themselves.

So what does Actrix do with the spam it filters off?

Every e-mail that passes through our mail servers is assessed by the filters and assigned a points value according to how many 'spammish' characteristics it has. This will put it into one of three categories. If it receives very few points, it is likely to be a legitimate e-mail and it is allowed through to your mailbox. If it receives enough points to make us think it is probably spam, it will get filtered off into each individual customer's Spam folder where it will remain for one week before being completely obliterated. If it receives enough points to make it definitely spam, it is simply killed on the spot by the filters.

How can I check what's been filtered off to my spam folder?

It's easy. Go to the Actrix homepage at www.actrix.co.nx and log into My Actrix with your user name and password. Once inside, click on WebMail and Spam folder. Once inside WebMail, you can click the link to your Spam folder over on the left hand side. It is remotely impossible that our spam filters have filtered off a legitimate e-mail. So it does pay to check this one per week, especially if something you've been expecting hasn't arrived.

I am slightly insane and quite like spam and don't want you to filter my e-mail. Can I opt out of spam-filtering?

Sure. if you'd like to join what we call our "spam lover's list" you can turn of spam filtering yourself. Simply log into My Actrix, the choose Manage My Account/Configure Spam Filter, and disable it. It that's too much, just send an e-mail to support@actrix.co.nz requesting that we cease filtering your mailbox. There is a very small number of user names currently on this list.

Do you guys still offer that CyberFilter thing, and what's that all about?

Yes we do. There's a fair bit of information about how it works on our website under Residential/Security/CyberFilter, and we won't duplicate all that here. It's a system that works according to customisable white, black and grey lists. if you have CyberFilter, no e-mail comes through to you unless the sending address is on your white list. E-mails from blacklisted addresses get bounced, and e-mail from anyone else receives a challenge e-mail automatically from our mail servers. These senders have to respond to that before their e-mail will come through to you, which is something spammers don't generally have time for.

CyberFilter probably works best in a domestic situation where you know where most of your e-mail will come from. It may not be the best solution for businesses where contact from unknown individuals is usually welcomed. The sort of challenge e-mail CyberFilter sends out may be a slight barrier to receiving new business.

Is there good software out there to help combat spam?

The popular Firefox browser has a companion email program known as Thunderbird (free at www.mozilla.com/en-US/thunderbird/).  Thunderbird gets very good reviews, not only as a great email program, but also for its intelligent ability to learn about and filter off spam according to what you teach it.

If you're hesitant to change the e-mail programme you're used to, programs such as Cactus Spam Filter (free at www.codeode.com/spamfilter/) and Spam Bully (14 day trial www.spambully.com/) can interact with your e-mail program to do the same sort of thing.

One of the simplest approaches is to use something like MailWasher. Free at www.mailwasher.net/, MailWasher is a popular program developed in New Zealand which allows you to connect directly to your mailbox. You can then delete your spam before you open your email program to fully download your mail. Email Remover (free at http://www.email-remover.com/) does the same thing, but is even smaller and simpler to use.