[N8DBB]

*Due to the overwhelming posts on numerous boards regarding the influx of spam, especially in the last two weeks, hope this post can help understand how they receive spam and what they can do to combat it.

How Spammers Find You...

All it takes to get on the mailing lists used by spammers is an email
address. There is no need to sign up for anything or ask for emails. The
spam just starts coming, out of nowhere, apparently without any plan,
and without a reason. It invades email addresses that are never used.

But how do spammers discover email addresses? How do they find your
mailbox when your best friend does not?

Dictionary Attack

Big free email providers like Hotmail or Yahoo! Mail are a spammer's
paradise, at least when it comes to finding spammable addresses.

Millions of users share one common domain name, so you already know that
("hotmail.com" in the case of Hotmail).

Try to sign up for a new account and you will discover that guessing an
existing user name is not difficult either. Most short and good names
are taken.

So, to find email addresses at a large ISP, it's enough to combine the
domain name with a random user name. Chances are both "asdf1@hotmailcom"
and "asdf2@hotmail.com" exist.

To beat this kind of spammer attack,

1. use long and difficult addresses.

Brute Searching Force

Another tactic employed by spammers to discover email addresses is to search common sources for email addresses. They have robots scanning web pages and following links.

These address harvesting bots work a lot like the search engines'
robots, only they're not after the page content at all. Strings with '@'
somewhere in the middle and a top-level domain at the end are all the
spammers are interested in.

While not picky, the pages the spammers are particularly keen to visit are web forums, chat rooms and web-based interfaces to usenet because lots of email addresses are likely to be found there.

This is why you should

1. disguise your email address when you use it on the net or, better
yet,
2. use disposable email addresses.

Worms Turning Infested PCs Into Spam Zombies

To avoid being detected and filtered, spammers seek to send their emails
from a distributed network of computers. Ideally, these computers are
not even their own but those of unsuspecting users.

To build such a distributed network of spam zombies, spammers cooperate
with virus authors who equip their worms with small programs that can
send bulk emails.

Additionally, these spam sending engines will often scan the user's
address book, web cache and files for email addresses. That's another
chance for spammers to catch your address, and this one is particularly
difficult to avoid.

How Can You Prevent Spam..

Stop Spam with Disposable Email Addresses

But what should you use instead of a real email address?

1. Use disposable email addresses!

A disposable email address will forward all mail to your real address.
So where exactly is the benefit? Won't it forward all the spam, too? Not
if you dispose of it.

What To Do When You Get Spam

As soon as you get spam through a disposable address, you disable it,
and all messages (and all spam) sent to the disposable address bounce
back to the sender instead of your Inbox.

Since (and this is a crucial point) you give every disposable email
address to precesely one web site or contact, you know exactly who
spammed you or leaked the address to spammers.

For the same reason turning off a disposable address has no impact on
all the other mail you receive through your real address and
(preferably) other disposable email addresses.

You merely stop the spam.

You can even use disposable email address to stop spam you get from
posting your email address on your home page or blog in a mailto link.

Disguise Your Email Address in Newsgroups, Forums, Blog Comments, Chat

To avoid ending on a spammer's mailing list when you post to a web forum or a newsgroup, you can

1. disguise your email address by inserting something obvious into it.

If my email address is email.guide@about.com, I can modify it to read
email.guide@ABOdelete_thisUT.com, for example. I will not get spam at
that email address since all messages to it will bounce, but people who
want to send me an email can still do so after they remove "delete_this"
from the address.

Obscuring your email address does make sending mail a bit more difficult.

But this is not always a disadvantage.

Automatic Email Address Obfuscation

Email address encoding tools take the obfuscation a step further. While
primarily designed for use on web sites, you can also use addresses
encoded with such tools on web forums or web-based usenet, for example.

Use Disposable Email Addresses at Your Web Site

Use a disposable email address in the mailto: links on your site instead
of your real one. Depending on the mail that comes in, you take two
different sets of actions:

If a stranger sends you a legitimate email that you welcome, she gets
her own special disposable email address. Create a new disposable email
address and send a reply including the information that any further
emails should only be sent to the new, dedicated disposable email address.

* Make sure you also set the Reply-to: header to that new disposable
address.
* If spam arrives at the disposable email address posted on your
home page, disable the address immediately and replace it with a
new disposable email address. This will stop all further spam sent
to the old disposable address, but it won't hamper mail from all
the welcome senders since they already have their own dedicated
disposable email address.

(Of course you can also give welcome senders your real email address
instead of a dedicated disposable one if they claim that "you don't
trust me.")

For totally understandable (and entirely unacceptable) reasons, spammers
rarely send their unsolicited messages using their own email address in
the /From:/ field. Not only would this reveal their identity, it would
also allow you and the millions of other recipients to write angry
replies. (You can still find out where the email originated, though, and
complain to the spammer's Internet Service Provider.)

Authors of worms and viruses desire the opposite to what spammers want,
but the result is similar. For worms to spread, social engineering is
important, and a crucial point is that the malicious code appears to
come from a friendly or even trusted source.

At the same time, the From: line should not contain the email address of
the infected computer's owner.

The reply from a virus filter notifying them that their computer was
infested could alert them. That's why worms put real, but random
addresses in the From: line. They usually pick them up from the email
clients' address books.

For both spam and worms don't care who the recipients of their —
hopefully millions — of replicas are, the messages often go to email
addresses that are inactive, full or have never existed.

When, How and Why Delivery Failure Reports are Generated

Since email delivery usually works (or at least did before overzealous
spam filters started blocking legitimate mail), success is not normally
reported but failures are. If you have ever mistyped an email address
I'm sure you know the often detailed, not always easy to parse but
usually alarming "delivery failure" messages.

Ignore Delivery Failures of Messages You Did Not Send

Now, what happens if a spammer or a virus decides to put your email
address in the From: line can be annoying, disturbing or disastrous. If
the messages claiming delivery failures of messages you did not author
(sometimes, these bounces of messages you did not send are called
"backscatter") don't come in the thousands,

1. it is usually best to ignore them.

You Didn't Request Information

There are two words that you will find in almost any unsolicited bulk
email: you requested.

Don't believe it.

Spammers count on your uncertainty, and that in doubt you will rather
not take any action and complain about the spam.

Chances are, however, that

1. you did not request anything,
2. there is nothing about the company or person sending you bulk
email you recognize, or if
3. the service offered does not sound like something you would ever
be interested in or request.

Unknown Email Addresses

People who know you do not spam you. They may terrorize you, but they
never spam you. Usually, these people are in your email client's address
book.

If they are not there yet, you should probably add them, because such an
address book of everyone you know can be a helpful tool to identify spam.

If you do not usually receive mail from strangers, you can assume that

1. every message not from somebody in your address book is spam and
2. filter such messages to the /Junk Mail/ folder.

Now and then, you should check this folder for important messages you
may have missed, maybe because somebody's email address has changed.

Building on this idea of only allowing known senders, challenge/response
spam filters render your email virtually spam free with very little to
no maintenance.

Watch Those Check Boxes

When you sign up for something on the Web, there is often some
innocent-looking text at the end of the form saying something like:
"YES, I want to be contacted by select third parties concerning products
I might be interested in." Quite often, the checkbox next to that text
is already checked and your email address will be given to you don't
know who.

To avoid that,

1. look closely at every form you fill on the Web and
2. make sure all relevant checkboxes are not ticked.

Sometimes, the text will read: "NO, don't give away my email address,"
and the checkbox will consequently be unchecked by default. Check it.

They Found Me! HELP!

So what do you do if your email falls victim to a spammer?

Well the first thing you can do is long onto your BIS website and see if
they have a filter program you can set up (Most will). However, this may
work for a day or two. Once the spammers realize that their messages are
being stopped by a spam filter, they will simply re-work the subject
line and body of the email to get past your filter. Next thing you know,
you will have 20 filters set up and still be receiving spam.

You can also set up your email to redirect through another email. Pretty
much, have any messages coming in forwarded to an email provider such as
Gmail (Which has the best built in spam feature by far), and then to
your handset.

Or, finally, you can just make a new email address, which I would
recommend as a last step since its probably going to be a PITA to inform
everyone of your email changes.



Anyways, hope this helps

N8
Information Provided Mainly From About.com
http://email.about.com/od/spamfighti...pular_tips.htm
http://email.about.com/od/spamandget..._finds_you.htm

[SuzzyP]

Great Information N8. Hope everyone reads this and takes Spam seriously... It can be a real headache. Palm treo 700 & other windows based users are having real issues with it

[Dirty Cash]

Very comprehensive! Excellent read!!!

~via BB (wap.pinstack.com)~

[flash24]

~via BB (wap.pinstack.com)~thanks for the info n8. Whenever I get spam I just mark it as "spam" and I never receive emails again from them

[N8DBB]

BTW, of course some of the above only refers to computer based email accounts, so they are pretty much N/A to devices...

The main one I think we all need to make sure that we watch is forgetting that there are spam-bots trolling bulliten boards...

[msbrenda64]

Thanks for the information N8 and once again a great contribution to Pinstack!

[N8DBB]

Is it just me, or is the post like kinda whack? I mean, fonts different sizes, major gaps, etc...I need to fix that...It's annoying me...

[msbrenda64]

There are a few gaps, etc. you're a perfectionist N8!

[skip00319]

~via BB (wap.pinstack.com)~ here is a trick to keep your email contact list from being raided. Don't know if they have a way around it. Set the first three email addresses to Aaaaaaaa@aaaa.aaa and such. This is is supposed to stop those spam and viruses that use your Email contact list.

[srl7741]

N8,

Without question that is one of the best posts i've ever seen/read.
Thanks for posting it, not only does it take knowledge but fortitude.

"Lead, follow or get out of the way"
you have certainly chosen to lead.

thanks.

[naviwilliams]

N8, when Igrow up, I want to be like you...

[cp6169]

Thank you for the info N8, I really appreciate it.

[Rcbjr]

Great Post N8. Thanks for all the info.

Rcbjr.

[MORTGAGESAVE]

Great Post thanks for the Info !!

Wish this crap didnt happen

[eddie8]

N8,are there any settings we can do on our berries to stop the spammers?