Thursday, January 17, 2008

Are You Losing Your Sanity to Spam Emails?

If you are, chances are you're not alone. Spam emails have been used as a cheap online marketing strategy since email and the internet has been popularized. And as long as unscrupulous individuals exist, the end to email spam is far, far into the future. Still, you can do something against spammers to keep your online sanity...

What is Spam?

Image from Emails are junk, unsolicited emails you received from unknown individuals. They are usually sent in bulk. If you don't have any spam filtering software installed, spam emails eats up your time just by filtering which emails are valid from your inbox. Spam emails also eat up your bandwidth. If you own a website, emails sent to your domain are part of the bandwidth you pay for web hosting. So unlike traditional snail mail where the sender pays for the postage, in email you actually pay for the spam message to be delivered to your inbox.

Spam emails are also a tool for phishing. This happen when spammers forge their email to look like it’s from someone else you know or from a reputable organization or institution. Such fraudulent emails target users to unknowingly respond with certain personal information such as username and passwords.

Why do people send spam emails?

The bottom line of spamming is to push their “products” using cost effective techniques. Individuals or even large companies engage in spamming because it’s cheap. It’s a numbers game. Imagine sending marketing ads of their products via email to several or even hundred thousands users, chances are people will bite into their ad. Even if only a few hundred people buy into their product, the returns exceed the cost of sending these bulk messages.

Harvesting your email address

You may be asking yourself, “How the heck did they get my email address?” There are a lot of ways to do that, but I’ll just list down the most obvious ones:

  1. You subscribe to some questionable websites. These websites gathers emails address and then sells their email database to spammers.

  2. You have your email address ( posted in a web page somewhere. Some spammers deploy "Web Spiders" to crawl the web for the sole purpose of generating a list of email addresses. So if you have your email address posted in a website. You are vulnerable to get spammed.

  3. Joining discussion Groups. Discussion groups are one place where spammers routinely join. And they join not because they are interested in the discussions or topics. If you think they are there just for the email addresses, you guessed right!
As I mentioned, there are lot of ways how a spammer can actually gather email addresses. Some can even generate a program to scan popular email domains such as Hotmail, MSN, Yahoo, and Gmail. The technique they employ is a pattern matching algorithm that matches initials plus surname with It’s a hit and miss technique but it yields addresses nonetheless.

Finding their way to your inbox

Since spamming has been identified as an unethical and illegal activity, spammers have gone some great length to send out their emails without actually revealing their real identities (because once they do this, its game over for them). Large companies are hiring third parties to do the spamming for them so that in case of complaints or law suits, the blame falls on the third party.

These third parties, to protect themselves, employ a cat and mouse game against anti-spam professionals. Some techniques done by spammers are:
  1. Setting up spoof websites to send out spoof emails. Having a fake website let spammer gather emails from unsuspecting users. They can also be the launch pad in sending the spam emails. With little knowledge of PHP, a spammer can make use of the fake web host to forge emails and send it out to anyone in their list.

  2. Hijacking other peoples’ computers and sending their spam emails from them (also know as zombie machines). Just like how a virus can propagate, a malicious program (malware) can be installed in any computer. Once it's there the malware takes care of sending the spam messages without the computer owner's knowledge.

Restoring your sanity

How to avoid spam emails

The best way you can do to avoid spam emails are:
  1. Stop yourself from giving out your email addresses online. If you have to subscribe to an online newsletter or service, check out the credibility of the website first. Some decent websites have a privacy or anti-spam policy posted. If they have, read it.

  2. This also applies when you subscribe to discussion groups such as Yahoo groups or Google groups. When joining such groups it really help if you personally know who the group owner or members are.

  3. Avoid posting your email online. I have read somewhere that posting your email even in yourname[at]domain[dot]com format is not longer safe since some spammers have configured smart web spiders that can identify these format.

  4. Scan your PC regularly. These days, you should scan your computer not only for viruses but also for malwares (malicious softwares). If you notice your computer to hang up or runs significantly slower when you are connected to the internet there may be a chance that your computer have turned into a “zombie” that sends spam. Scary huh?

  5. It also helps if you can install some software which monitor your network or bandwidth activity. This way you can check if there is some unauthorized traffic coming in or out of your system.
I got spammed now what?

Once you're spammed, the probability of the spammer leaving your email alone is close to none. So if this is the case, you may want to consider getting an antispam software. There are a lot of anti-spam software ranging from freeware to licensed versions. If you are a website owner you may want to install SpamAssassin into your server. SpamAssassin, an open source software, is commonly distributed as an addon into your Cpanel by your Web Host.

If you use a private email then you may want to check out some available anti-spam software available in the net (i.e., SpamCop, Spam Killer, Spam Buster, etc).

If you use free email (i.e., Gmail, Yahoo, etc), they normally have some spam filter installed. I use Gmail and I am find their spam filter to be good enough.

The battle between spammers and the anti-spam industry is still ongoing and far from over. However, if you take some precautionary steps there's no reason to go insane about it.



joontrader said...

Interesting and informative article. Keep it up. Cheers^^

Midas said...

This is insane, but I think I know why I am getting hundreds of spam mails daily.