In this page
=Why is it such a problem now?
=How is it sent?
=Why is it not blocked?
=How did they get my address?
=How do avoid getting spam?
=Virus scanning
=The quarantine
=Multi-recipient forwarding
=Bounce or block emails
=IMAP access
The term 'spam' was originally applied to
the practice of posting the same message to multiple
Usenet newsgroups, and is thought to have arisen from a
well known Monty Python sketch in a caf where
everything on the menu included spam. These days, 'spam'
usually refers to Unsolicited Commercial Email, or UCE
for short. Unsolicited, because normally the mail is
unwanted, and not asked for. Commercial is a broad term,
but usually boils down to advertising goods or services,
legal or not, with usually the spammer benefiting from
your interest. This is the electronic equivalent of junk
mail that arrives through your letterbox, with email
being the preferred delivery method.
Spam mails are used for
everything from advertising financial services and
get-rich quick schemes, to wonder pills and miracle
cures. Why? Because sending email is an incredibly cheap
method of getting a message across. It costs next to
nothing to send out millions of emails. Even if 70% or
more of them don't reach a target, there's still a lot
to be gained for very little outlay. With more and more
people discovering email and the Internet, the volume of
spam mail has risen dramatically in the past few years.
This increase in volume is becoming more of a threat -
bandwidth is wasted in receiving it, storage space and
processing power is wasted in delivering it, and time is
wasted reading and deleting it.
Some of the spam
received may be adult-oriented, or even offensive, and
some of it will be designed to fool you into revealing
your personal details, passwords, or bank details. Other
spam is designed to gain access to your computer, so
that more spam can be sent, or flood a network/mailbox
with so much junk mail that legitimate mail cannot get
through.
Generally,
spammers send out their messages through a collection of
'open relays' and 'open proxies'. They use many relays
and proxies so that one source cannot be blocked, and it
makes them more difficult to trace. An 'open relay' is
usually an insecure mail server that the spammer has
gained access to (illegally) and is capable of relaying
mail from any address to any address. Open proxies are
generally insecure home PCs that the spammers have been
able to install 'back-door' or 'Trojan horse' software
onto, to enable them to send mail from that PC, usually
without the owner's knowledge.
Such back-door
programs are often installed by viruses that the PC
owner contracts through email, or they can be installed
through operating system vulnerabilities exploited by
the spammer.
Spammers are using increasingly
sophisticated methods to disguise their mails. As
previously mentioned, the mail can be sent from almost
anywhere - dialup connection or legitimate mail server.
Attempts have been made in the past to identify the
open-relays and open-proxies, and deny all mail from
them, but this is increasingly less effective. Spam mail
is now often sent to you from addresses you may
recognise. Basically the 'from:' addresses are 'spoofed'
or forged to look like someone you may know, or a
company you trust, such as eBay or PayPal.
Also,
subject lines will include commonly-used expressions and
greetings, such as "Re: Why haven't you replied?", "Hey,
what's up", or "Re: Hi there". Because of this, scanning
mail for commonly used spam addresses, or subject lines,
has become redundant. Scanning the message body for
suspect content has also become difficult, due to
increasing tendency to obscure popular spam words like
"Viagra", "money!!", or "porn" with punctuation, HTML
code, and even non-printing characters.
There are lots of ways
that spammers can get hold of your address. By far the
most common method of getting hold of valid email
addresses is to scan web pages, and then 'harvest' the
email addresses found there. If you have your email
address on a home page, then you're particularly
vulnerable. Other popular web-based sources are
discussion forums and guestbook's. Some spammers use
viruses to infect your machine, and then scan your
address books, and temporary internet files for email
addresses, all of which are sent back to the virus
writer or spammer.
An increasingly popular
method recently is 'dictionary harvesting', where
spammers will try common usernames @ a domain name, like
sales@, john@, mike@ and info@ - but there could be
thousands of these that the spammer will try. Those that
don't generate an error are considered valid addresses,
and generally targeted for more spam.
Some spam
mail comes with 'hidden links', which send data to
websites, confirming your address and providing valuable
statistics to the spammers. This will usually be
concealed in HTML, or behind an image.
A really
good way to give your address to spammers is to reply to
their mails, or click on one of the bogus 'unsubscribe'
links at the bottom of spam mails. Although the link may
look valid, generally all this will achieve is alerting
the spammers to the fact that someone is reading the
email at that particular address.
-
Never reply to spam,
or click on the 'unsubscribe' links at the bottom of
the mails. Simply delete them.
-
Banks and financial
institutions *never* ask you for your details over
email. Be careful who you send your private and bank
details to.
-
When filling in
forms, look for the option not to receive 'regular' or
advertising emails from them. If they don't provide
this option, and they don't have a privacy policy,
consider not using their services, or use a
'temporary' email address that you can easily dispose
of if it does start receiving mail.
-
Disguise email
addresses that you use on public WebPages. For
example, instead of using joe@bloggs.com, consider
using "joe at bloggs dot com", or
"joe@nospam.bloggs.com" (with a note telling
legitimate users to remove the 'nospam' part.
Avoid using
'obvious' email addresses, like 'sales@', 'john@' or
'info@'. Try more complicated varieties, or using your
surname in your email address - that way a dictionary
attack will not succeed.
For the same reasons
above, don't use an email 'catch-all' address unless
it's absolutely necessary.
If someone you don't
know sends you an offer out of the blue that sounds
too good to be true, then it probably is. Don't send
any money to people who promise you a share of a
'fortune', and never give out bank details.
There's no such
thing as a free lunch - if a website offers to install
a 'cool web search' program, or thousands of smileys,
etc. for free, beware that these programs may contain
'spyware', which can search your computer for your
address (and those in your address book), and send
them to the spammers.
Our spam
scanning engine searches each message for certain words,
styles or phrases which are characteristic of spam.
Additionally, the unique 'fingerprint' of the mail is
looked up in a central spam database, and the sending
machine is also looked up in several anti-spam
databases. Over 800 tests in total are carried out, and
each test is assigned a 'score'.
When the
scanning is complete, the scores are added up, and if
the total is over a user-defined threshold, then the
mail is put into a quarantine area (see below).
Similar to spam
scanning, several tests are performed on the message and
any attachments. If the message contains any known
viruses, then the whole message is moved into
quarantine. There is no 'score' to consider here, either
the message contains a virus, or it doesn't. The
database is updated daily.
When mail is downloaded, the contents
of the quarantine stay on the server. The user is
provided with a page where the contents of the
quarantine can be inspected for 'false positives'
(legitimate mail incorrectly identified as spam), and
messages there can be delivered normally or removed
permanently. Messages in quarantine will be left on the
server for 7 days by default (user-configurable), and
then removed. The quarantine area can also be accessed
as a separate folder called 'Junk' if you are using the
IMAP service.
A 'digest' is also available,
which is an email sent to you every day
(user-configurable) informing you of what's in your
quarantine area, and links to browse the
contents.
You can also set the anti-spam
threshold or 'aggressiveness' from the quarantine area
page. Lower numbers will move more mail into quarantine.
The threshold is per-address customisable, meaning you
can have a lower threshold on 'sales@yourdomain', than
on 'yourname@yourdomain'.
Instead of forwarding the 'catchall' from one
domain, to a fixed email address at another domain, this
new feature will allow you to forward all mail, while
retaining the 'local part' of the email address. For
example, if a mail is sent to james@domain1, it will be
forwarded to james@domain2, and likewise any mail sent
to john@domain1 will be forwarded to john@domain2. This
has been on our wishlist for quite some time. It will
take precedence over any other forwarding on the source
domain.
These are like small mailing lists. When an
email arrives at a multi-recipient forward address, like
sales@mydomain, the mail is forwarded to many other
recipients, like alice@mydomain, brian@mydomain,
charlie@otherdomain, etc. This can be useful in an
office environment, where a number of employees can be
kept in-touch with a single email address, such as
'finance@mydomain' or 'support@mydomain'. Limited to 10
destination addresses.
Another 'wish-list' feature. Sometimes it's
useful to either discard or bounce messages as soon as
they arrive at the server, for example a 'noreply'
address used to send out automated mails, that you don't
want to see replies to. Messages that come into these
accounts can either be deleted immediately, or bounced
back to the sender with a customisable message. This is
also very useful if you need to close an email account
because of spam, or an employee leaving - you can leave
a message that tells people to re-send their email
elsewhere.
IMAP is a
protocol for accessing your mail, much like POP3, but
IMAP allows mail to be stored on the server. Folders can
be created (and removed) on the server, and mail can be
'synchronised' between PC and mail server. This allows
greater freedom for mobile users, and also allows more
features to be accessed from webmail. With IMAP enabled,
you can still use POP3 access as well, but only the
'inbox' will be available. Mail stored on the server
will be limited by a 'quota', which is initially 50mb -
more space can be purchased.
No guarantees can be
made as to the effectiveness of this system, but testing
has shown it to be very accurate, and can cut out over
90% of spam if an appropriate threshold is used. At the
moment, forwarding and catchall accounts can not be
scanned. Our Anti-Virus & Anti-Spam service
should be regarded as an additional protection to
Anti-Virus/Spam being run on the receiving
PC/Server.
The term 'spam' was originally applied to
the practice of posting the same message to multiple
Usenet newsgroups, and is thought to have arisen from a
well known Monty Python sketch in a caf where
everything on the menu included spam. These days, 'spam'
usually refers to Unsolicited Commercial Email, or UCE
for short. Unsolicited, because normally the mail is
unwanted, and not asked for. Commercial is a broad term,
but usually boils down to advertising goods or services,
legal or not, with usually the spammer benefiting from
your interest. This is the electronic equivalent of junk
mail that arrives through your letterbox, with email
being the preferred delivery method.
Spam mails are used for
everything from advertising financial services and
get-rich quick schemes, to wonder pills and miracle
cures. Why? Because sending email is an incredibly cheap
method of getting a message across. It costs next to
nothing to send out millions of emails. Even if 70% or
more of them don't reach a target, there's still a lot
to be gained for very little outlay. With more and more
people discovering email and the Internet, the volume of
spam mail has risen dramatically in the past few years.
This increase in volume is becoming more of a threat -
bandwidth is wasted in receiving it, storage space and
processing power is wasted in delivering it, and time is
wasted reading and deleting it.
Some of the spam
received may be adult-oriented, or even offensive, and
some of it will be designed to fool you into revealing
your personal details, passwords, or bank details. Other
spam is designed to gain access to your computer, so
that more spam can be sent, or flood a network/mailbox
with so much junk mail that legitimate mail cannot get
through.
Generally,
spammers send out their messages through a collection of
'open relays' and 'open proxies'. They use many relays
and proxies so that one source cannot be blocked, and it
makes them more difficult to trace. An 'open relay' is
usually an insecure mail server that the spammer has
gained access to (illegally) and is capable of relaying
mail from any address to any address. Open proxies are
generally insecure home PCs that the spammers have been
able to install 'back-door' or 'Trojan horse' software
onto, to enable them to send mail from that PC, usually
without the owner's knowledge.
Such back-door
programs are often installed by viruses that the PC
owner contracts through email, or they can be installed
through operating system vulnerabilities exploited by
the spammer.
Spammers are using increasingly
sophisticated methods to disguise their mails. As
previously mentioned, the mail can be sent from almost
anywhere - dialup connection or legitimate mail server.
Attempts have been made in the past to identify the
open-relays and open-proxies, and deny all mail from
them, but this is increasingly less effective. Spam mail
is now often sent to you from addresses you may
recognise. Basically the 'from:' addresses are 'spoofed'
or forged to look like someone you may know, or a
company you trust, such as eBay or PayPal.
Also,
subject lines will include commonly-used expressions and
greetings, such as "Re: Why haven't you replied?", "Hey,
what's up", or "Re: Hi there". Because of this, scanning
mail for commonly used spam addresses, or subject lines,
has become redundant. Scanning the message body for
suspect content has also become difficult, due to
increasing tendency to obscure popular spam words like
"Viagra", "money!!", or "porn" with punctuation, HTML
code, and even non-printing characters.
There are lots of ways
that spammers can get hold of your address. By far the
most common method of getting hold of valid email
addresses is to scan web pages, and then 'harvest' the
email addresses found there. If you have your email
address on a home page, then you're particularly
vulnerable. Other popular web-based sources are
discussion forums and guestbook's. Some spammers use
viruses to infect your machine, and then scan your
address books, and temporary internet files for email
addresses, all of which are sent back to the virus
writer or spammer.
An increasingly popular
method recently is 'dictionary harvesting', where
spammers will try common usernames @ a domain name, like
sales@, john@, mike@ and info@ - but there could be
thousands of these that the spammer will try. Those that
don't generate an error are considered valid addresses,
and generally targeted for more spam.
Some spam
mail comes with 'hidden links', which send data to
websites, confirming your address and providing valuable
statistics to the spammers. This will usually be
concealed in HTML, or behind an image.
A really
good way to give your address to spammers is to reply to
their mails, or click on one of the bogus 'unsubscribe'
links at the bottom of spam mails. Although the link may
look valid, generally all this will achieve is alerting
the spammers to the fact that someone is reading the
email at that particular address.
Our spam scanning engine searches each message for certain words, styles or phrases which are characteristic of spam. Additionally, the unique 'fingerprint' of the mail is looked up in a central spam database, and the sending machine is also looked up in several anti-spam databases. Over 800 tests in total are carried out, and each test is assigned a 'score'.
When the scanning is complete, the scores are added up, and if the total is over a user-defined threshold, then the mail is put into a quarantine area (see below).
Similar to spam
scanning, several tests are performed on the message and
any attachments. If the message contains any known
viruses, then the whole message is moved into
quarantine. There is no 'score' to consider here, either
the message contains a virus, or it doesn't. The
database is updated daily.
When mail is downloaded, the contents
of the quarantine stay on the server. The user is
provided with a page where the contents of the
quarantine can be inspected for 'false positives'
(legitimate mail incorrectly identified as spam), and
messages there can be delivered normally or removed
permanently. Messages in quarantine will be left on the
server for 7 days by default (user-configurable), and
then removed. The quarantine area can also be accessed
as a separate folder called 'Junk' if you are using the
IMAP service.
A 'digest' is also available,
which is an email sent to you every day
(user-configurable) informing you of what's in your
quarantine area, and links to browse the
contents.
You can also set the anti-spam
threshold or 'aggressiveness' from the quarantine area
page. Lower numbers will move more mail into quarantine.
The threshold is per-address customisable, meaning you
can have a lower threshold on 'sales@yourdomain', than
on 'yourname@yourdomain'.
Instead of forwarding the 'catchall' from one
domain, to a fixed email address at another domain, this
new feature will allow you to forward all mail, while
retaining the 'local part' of the email address. For
example, if a mail is sent to james@domain1, it will be
forwarded to james@domain2, and likewise any mail sent
to john@domain1 will be forwarded to john@domain2. This
has been on our wishlist for quite some time. It will
take precedence over any other forwarding on the source
domain.
These are like small mailing lists. When an
email arrives at a multi-recipient forward address, like
sales@mydomain, the mail is forwarded to many other
recipients, like alice@mydomain, brian@mydomain,
charlie@otherdomain, etc. This can be useful in an
office environment, where a number of employees can be
kept in-touch with a single email address, such as
'finance@mydomain' or 'support@mydomain'. Limited to 10
destination addresses.
Another 'wish-list' feature. Sometimes it's
useful to either discard or bounce messages as soon as
they arrive at the server, for example a 'noreply'
address used to send out automated mails, that you don't
want to see replies to. Messages that come into these
accounts can either be deleted immediately, or bounced
back to the sender with a customisable message. This is
also very useful if you need to close an email account
because of spam, or an employee leaving - you can leave
a message that tells people to re-send their email
elsewhere.
IMAP is a
protocol for accessing your mail, much like POP3, but
IMAP allows mail to be stored on the server. Folders can
be created (and removed) on the server, and mail can be
'synchronised' between PC and mail server. This allows
greater freedom for mobile users, and also allows more
features to be accessed from webmail. With IMAP enabled,
you can still use POP3 access as well, but only the
'inbox' will be available. Mail stored on the server
will be limited by a 'quota', which is initially 50mb -
more space can be purchased.
No guarantees can be
made as to the effectiveness of this system, but testing
has shown it to be very accurate, and can cut out over
90% of spam if an appropriate threshold is used. At the
moment, forwarding and catchall accounts can not be
scanned. Our Anti-Virus & Anti-Spam service
should be regarded as an additional protection to
Anti-Virus/Spam being run on the receiving
PC/Server.
When mail is downloaded, the contents of the quarantine stay on the server. The user is provided with a page where the contents of the quarantine can be inspected for 'false positives' (legitimate mail incorrectly identified as spam), and messages there can be delivered normally or removed permanently. Messages in quarantine will be left on the server for 7 days by default (user-configurable), and then removed. The quarantine area can also be accessed as a separate folder called 'Junk' if you are using the IMAP service.
A 'digest' is also available, which is an email sent to you every day (user-configurable) informing you of what's in your quarantine area, and links to browse the contents.
You can also set the anti-spam threshold or 'aggressiveness' from the quarantine area page. Lower numbers will move more mail into quarantine. The threshold is per-address customisable, meaning you can have a lower threshold on 'sales@yourdomain', than on 'yourname@yourdomain'.
Instead of forwarding the 'catchall' from one domain, to a fixed email address at another domain, this new feature will allow you to forward all mail, while retaining the 'local part' of the email address. For example, if a mail is sent to james@domain1, it will be forwarded to james@domain2, and likewise any mail sent to john@domain1 will be forwarded to john@domain2. This has been on our wishlist for quite some time. It will take precedence over any other forwarding on the source domain.
These are like small mailing lists. When an
email arrives at a multi-recipient forward address, like
sales@mydomain, the mail is forwarded to many other
recipients, like alice@mydomain, brian@mydomain,
charlie@otherdomain, etc. This can be useful in an
office environment, where a number of employees can be
kept in-touch with a single email address, such as
'finance@mydomain' or 'support@mydomain'. Limited to 10
destination addresses.
Another 'wish-list' feature. Sometimes it's
useful to either discard or bounce messages as soon as
they arrive at the server, for example a 'noreply'
address used to send out automated mails, that you don't
want to see replies to. Messages that come into these
accounts can either be deleted immediately, or bounced
back to the sender with a customisable message. This is
also very useful if you need to close an email account
because of spam, or an employee leaving - you can leave
a message that tells people to re-send their email
elsewhere.
IMAP is a
protocol for accessing your mail, much like POP3, but
IMAP allows mail to be stored on the server. Folders can
be created (and removed) on the server, and mail can be
'synchronised' between PC and mail server. This allows
greater freedom for mobile users, and also allows more
features to be accessed from webmail. With IMAP enabled,
you can still use POP3 access as well, but only the
'inbox' will be available. Mail stored on the server
will be limited by a 'quota', which is initially 50mb -
more space can be purchased.
No guarantees can be
made as to the effectiveness of this system, but testing
has shown it to be very accurate, and can cut out over
90% of spam if an appropriate threshold is used. At the
moment, forwarding and catchall accounts can not be
scanned. Our Anti-Virus & Anti-Spam service
should be regarded as an additional protection to
Anti-Virus/Spam being run on the receiving
PC/Server.
Another 'wish-list' feature. Sometimes it's useful to either discard or bounce messages as soon as they arrive at the server, for example a 'noreply' address used to send out automated mails, that you don't want to see replies to. Messages that come into these accounts can either be deleted immediately, or bounced back to the sender with a customisable message. This is also very useful if you need to close an email account because of spam, or an employee leaving - you can leave a message that tells people to re-send their email elsewhere.