Spam - What it is and how to protect yourself

Spam - What it is and how to protect yourself What is Spam ? Spam is unsolicited email and it typically contains:      Offers on drugs such as Viagra or V1agra as it will often be spelt. URLs for pornographic websites. Adverts for financial services such as bank loans, mortgages etc. Never to be missed opportunities to purchase items such as Rolex watches. Too good to be true get rich quick schemes. This type of mail will usually be characterised by the fact that it will    Have been addressed unsolicited to a large number of people. Often contain content that is offensive. Will have had its source deliberately concealed Most people want this mail stopping. Why am I getting spammed ? People receive spam because their email address has found its way onto the distribution list for one or more spamming sites. The administrators of these sites are particularly unscrupulous individuals who build up their lists using a variety of means. These can include:     Email address harvesting programs which automatically crawl through websites looking for ‘mail to’ addresses. Purchasing lists of addresses from other spamming sites. Email addresses confirmed as live by recipients opening or responding to previous spam messages. Accessing the email addresses held in email lists or by news groups where the administrators of those lists or groups have not implemented a proper security system. What are Computing Services doing to stop spam ? Whilst Computing Services have always had systems in place to combat spam the challenge is to try to keep pace with the spammers and at the same time not being so paranoid about stopping spam that we stop the University going about its legitimate business. Spammers constantly introduce new methods and refine existing ones in order to maintain their advantage and at times it can often look as if the challenge is insurmountable. In an effort to significantly reduce the levels of spam Computing Services staff evaluated four commercial anti-spam products in late 2005. A solution using two of these products was implemented in February 2006. These systems offer a multi-layered approach to stopping spam reaching mailboxes. They include:  Mirapoint RazorGate - MailHurdle. This system provides protection at the network edge and results in large amounts of spam and virus traffic being blocked before it enters the University network. This approach will, by blocking threats before they reach our network, dramatically reduce the impact that spam and viruses have on bandwidth, storage, and staff time. See the URL http://www.mirapoint.com/products/mailhurdle.php for more information. The Barracuda Spam Firewall provides a multi-layered approach to stopping spam and will filter spam and viruses that will tackle any suspicious messages getting past the Mirapoint RazorGate Mailhurdle. See the URL http://www.barracudanetworks.com/ns/products/spam_overview.php for more information. Support for mail filtering in email clients such as Outlook 2003, Webmail and Entourage The Mail Abuse Prevention System (MAPS) Realtime Blackhole List (RBL) is a list of known Spam sites. The list is maintained by UKERNA. Mail originating from these known Spam sites and listed on the RBL is not allowed onto the campus. See the URL http://www.ja.net/CERT/JANET-CERT/mail/mail-abuse/rbl-plusguide.html#bg for a more information on MAPS.    Whilst these new systems will make a difference in the short term they are not a silver bullet. They will not stop every spam message from getting through - no automated process ever will. They will not be a final solution either. As the protective technology develops so does the ingenuity of the spammers. Should I report Spam ? Do not take spam seriously as you will not have been singled out to receive the email message in question. In general there is no need to report spam. If you do receive spam email then Computing Services recommends that you ignore it, delete it and forget it. Please do not blindly copy every example of spam to Computing Services as it will prevent staff there working on other tasks. In serious cases where, for example the spam is offensive and contains or appears to be offering illegal material (eg. child pornography), and you suspect that it has not been reported already you can report the incident either to:    The Internet Watch Foundation Computing Services Helpdesk Computing Services Customer Support Manager (http://www.iwf.org.uk/) (Tel 01482 46 6116) (Tel 01482 46 5248) If you do want to be more pro-active against general spam as an individual then you may also want to consider reporting it to Spam Cop (http://spamcop.net) Can I tell them to stop spamming me ? NEVER, never, never reply back to a spam email requesting them to take you off their list. All you will do is confirm that you are a live address and you will therefore be sent more spam in the future. The best thing to do with a spam email is simply to ignore it and delete it. Even if the spam is particularly offensive you will find that it is almost impossible to take action against it because spamming sites:    Will fake the content of the email headers so that it cannot be trusted. Send the email from temporary mail accounts or through unsuspecting and compromised machines. Are sited outside the country of the addresses they are spamming or are positioned in countries where antispam legislation is particularly lax. I have received an email which is not even addressed to me. Is this spam too ? Although your email is not displayed it will be in the BCC (Blind Carbon Copy) field which is never actually displayed on an email. Sometimes a genuine sender will have used the BCC field to include you in the contents of a message without letting other recipients aware of the fact. Unfortunately the technique can also be used by spammers as it is an extra field on an email message into which they can place more unfortunate recipient email addresses. Why has this message, which isn’t spam, been put in my Junk E-mail folder? The Outlook Junk E-mail filter sometimes gets things wrong. If you don’t receive much spam it may be safer to switch off spam filtering of email in Outlook. For instructions on how to do this please go to the URL http://www.hull.ac.uk/comp/FAQ/BlahBlah.htm Could the email I send be regarded as spam ? It is possible that emails you send could be classed as spam by various anti-spam systems. To avoid this or to reduce the chance of it happening:   Do not send out emails in HTML format. Do not send out emails ALL IN CAPITAL LETTERS. Use words that are all capitals sparingly. Is there anything I can do to protect myself and reduce the amount of spam I am receiving ? It is never too late to take action against spam and if you follow the advice below you should be able to reduce the amount of spam you receive. DO NOT…               DO… Read messages you believe to be spam. Delete it straight away. Some spam distributed in HTML format can confirm a live address simply by being read. Report every item of spam email to Computing Services. We are aware of lots of the mail already and already take every action possible to prevent it getting on to campus. Reply to the message or request that the spammers remove you from their lists. Remember: Spammers are unscrupulous and they will lie ! The spammers will use the reply to mark your address as ‘live’. A confirmed live address is worth much more when they sell it on. The spammers return address will almost certainly be fake and your reply will generate an error message. Not only will you be confirming your own address but you are also generating additional junk email for yourself. The apparent sender or the reply address in the spam email may not be the true sender so you may be sending your reply to an innocent party. ‘Unsubscribe’ links in a spam email message will not unsubscribe you at all - they will simply confirm a live address. Use an automatic out of office reply facility in your email client without being aware that it will respond automatically to spam emails and thereby confirm your address as live. Purchase any of the items offered via spam. At worst you may never see the goods whilst at best you are simply encouraging the spammers and inviting more spam mail. Be convinced by get rich quick schemes. There are not hundreds of Nigerian officials looking for a UK bank account in which to deposit illicit oil money. There are however hundreds of criminals looking to get your bank account details so that they can deposit your hard earned savings into their wallets. Be tempted to have a go back at spammers. It is usually futile and if you get so worked up as to make threats you will contravene the ‘Regulations And Guidelines Governing The Proper Use of University Computer Facilities And Services’ and may leave yourself open to prosecution by the police. Provide your email address if you don’t have to. If its optional - exercise that option and do not provide the address. Install Spam Blocking Utilities downloaded from the internet. Whilst they may block some spam they are frequently used as Trojans for depositing adware and spyware onto your computer. Delete spam straight away. This is a simple and an effective way of dealing with spam that has already Use mail filtering tools to help spot and move suspected spam emails into a junk mail folder automatically. Keep your email address as private as possible. Do not divulge your email address to people you do not know or do not trust. Consider having a separate non-university email account (via Hotmail, Yahoo etc) to use for personal mail or for Remove ‘Mail To’ addresses from the web pages you have responsibility for. These email addresses can be Using an image such as Disguise it within text. For example ‘Alberts email address is a.lastname. Senders should add @hull.ac.uk to this.’ replaced by removing the ‘mail to:’ and entering into websites that you will only interact with infrequently or for personal business. arrived. Switch off the reading pane in email clients such as Outlook. This can be done by selecting View -> Reading Pane -> Off Is there any other information about spam that I can look at ?     UKERNA http://www.ja.net/CERT/JANET-CERT/anti-spam.html  MAPS via UKERNA http://www.ja.net/CERT/JANET-CERT/mail/mail-abuse/rbl-plus-guide.html CAUCE (Coalition Against Unsolicited Commercial Email - http://www.cauce.org/en/index.html) Euro-CAUCE (http://www.euro.cauce.org/en/index.html) Other University websites  Bath University http://www.bath.ac.uk/bucs/email/junkmail.shtml  The University of Manchester http://www.mc.man.ac.uk/cos/email/spam  Bristol University http://www,bris.ac.uk/is/services/computers/nwservices/mail/spam.html  Lancaster University http://www.lancs.ac.uk/iss/email/spam.html  University of Dundee http://www.dundee.ac.uk/ics/services/email/emailspam.html The Internet Watch Foundation http://www.iwf.org.uk/ 