Spam Protection

Understanding Spam

Anyone who has an email address needs no introduction to this pesky phenomenon
of electronic communication. Spam is unwanted, unsolicited commercial email
that is mailed in bulk to thousands, even millions of recipients simultaneously.

Much of the confusion regarding spam comes from a lack of understanding the
everyday email user may have regarding the ways and motivations of the spammers.

Whether a given email is spam or not spam can be said to be in the eye of the
beholder. There are legitimate email marketers out there, who comply with all
applicable laws when they do their bulk emailing. They will, for example, only
send their advertising to recipients who have subscribed to their emailing
list. In fact, in formal studies have shown that currently, only about half of
all spam is deceptive or fraudulent; roughly half of all spam contains genuine
marketing messages. Thanks to spammers, all email marketing is tainted with a
bad name.

The nature of spam has less to do with its commercial content than with the
fact that it is unsolicited and sent out in bulk. There are two categories of
spam: unsolicited bulk email and unsolicited commercial email.

Unsolicited bulk email is mass-mailed to recipients who have not given their
consent to receive it. This category of spam encompasses jokes, chain letters,
virus alerts, etc. unsolicited commercial email targets your wallet. This
subset of spam includes get-rich- quick and pyramid schemes, stock offerings
for pennystocks, spamming software and fake pharmaceuticals.

While most spam is generally mailed out to advertise a product or service, some
is malicious in content and intent. It runs the gamut from jokes and ads, to
stock-market scams and virus-laden emails. Spammers, those obnoxious folks who
send you spam, will target you because:

* They want you to buy something

* They defraud you out of your hard-earned money

* They want to confirm that your email address is a real live one (and then add
  you to a spam mailing list)

* They just want to shock and offend

The huge volume of spam has created big problems. While it is free for the
spammer to send out his millions of spam emails, the cost of the bandwidth that
this junk mail takes up borne by the internet service provider (ISP). The ISP,
not one to bear this expensive burden on its own, will pass on some of the cost
to you in the form of price increases. You also pay the price for spam in the
time wasted sorting through and deleting junk mail, the loss in productivity
and the pure aggravation of having to deal with it. It also raises security
issues because it may contain viruses that are harmful to your computer.

How do you spot spam when it lands in your inbox?

Here are a few things you can look for that are a dead give-away

- Email from someone you do not know
- Nonsensical subject lines
- Outlandish promises of money, exotic cruises and lonely housewives
- Adult or pornographic content
- Unsubscribe links in unsolicited email
- Very brief emails -- a line or two

You should be aware that spammers often send you email that is designed to look
like it came from an acquaintance of yours, a reputable company or a reply to an
email from you.

The Costs of Spam

The volume of spam that is sent out every minute of the day has reached
pandemic proportions. The simple reason for this is because the cost to a
spammer ranges from zero to negligible. In fact, anyone with a list of email
addresses and Internet access can spam thousands, even millions of people with
a single click of the mouse. The cost of spam, however, now runs in the
millions.

Bandwidth

Spam takes up valuable Internet bandwidth that would otherwise be used for
legitimate business and personal use. Bandwidth refers to rate at which data is
transmitted; it is the amount of data that can be transmitted within a fixed
amount of time. The lower the bandwidth, the slower the transmission.

When spam uses up valuable bandwidth, and clogs up the system, it causes costly
delays in the transmission of important, legitimate information. It forces the
Internet Service Providers (ISPs) to increase bandwidth just to handle the
increased volume. This costs money, and this cost is passed on to the consumer.

Viruses, Worms and Malware

It is becoming an increasingly common menace. Spammers will attach viruses to
the email they send out for purely criminal or malicious purposes. Some
viruses, for example, are programmed to self-install and give the spammer
access to all the vital information stored on your computer. This information
is often be used for identity theft purposes.

Other viruses simply do great harm to computers the world over. A Consuner
Reports study estimates that the cost of repairs and replacement parts for
damage done to computer systems by viruses was over 8 billion over the past two
years. This does ot take into account the billions spent on anti-spam and
anti-virus software.

Productivity

Spam is not only annoying, it also takes up valuable time just to go through it
and figure out sort out the spam from the valid mail. For businesses that
receives hundreds of emails a day, the cost in time and productivity really
adds up. The "cost of spam calculator" that is available at cmsconnect.com
estimates the that spam costs almost $1000 per employee each year, with over 50
hours of lost productivity for each one.

Lost Messages and Data

As we try to battle the spammers by installing spam filters and blockers, these
programs often weed out legitimate businesss correspondence. Lost correspondence
from a client or supplier can easily cost businesses money, clients and goodwill

Identity Theft

The phenomenon of phishing has become more prevalent as spammers think up new
ways to make a buck at your expense. Phishing involves the use of email that is
designed to look like a legitimate company has sent it. It is sent out to
millions of people in the hope of scamming them into revealing personal
information that the scammer can use for identity theft. The cost of Phishing
and identity theft to their victims now also runs in the billions.

The cost of spam is a financial drain on the economy. We pay a high price for
the spammer to scam his victims. The spammer pays nothing.

A Brief History of Spam

In the early days of the Internet, spammers primarily targeted newsgroups on
USENET, the online conferencing system. These are newsgroups that are organized
as forums to discuss particular topics. As electronic messaging systems
advanced, it made possible the practice of crossposting -- posting the exact
same message to multiple newsgroups and other online forums.

Spammers were quick to adopt crossposting as a tool of their trade. Now, they
could send the same electronic message to thousands of newsgroup members at the
one time. Not only could they target a larger audience with one posting, but
they also did not have to differentiate between the interests and focus of the
individual forums that they targeted. What's more it cost them next to nothing
to spam these newsgroups.

As email became an increasingly widespread mode of communication, the spammers
shifted their focus the massive audience that it made available to them. Mass
emailing software soon became another essential tool of their trade, as they
begun to use this application to send junk email to thousands upon thousands of
unwilling recipients.

The spam industry also adapted the available Internet technology to create the
"spambot". A spambot is an automated program that will rove the Internet,
"harvesting" email addresses from newsgroup postings and from other websites.
It literally gathers thousands of email addresses in a single hour. These are
compiled into bulk mailing lists with which the spammers can thousands of
victims at a time.

The practice of sending out unsolicited, unwanted junk email and junk postings
came to be called "spam." The term is commonly believed to have been derived
from a British comedy skit by Monty Python, in which a restaurant serves each
meal with a side of spam. As a waitress emphasizes to a couple the availability
of spam with every dish, a group of Viking patrons break out in song, singing
"SPAM, SPAM, SPAM... lovely SPAM! wonderful SPAM!" in a loud chorus. In the
80's, the term was adopted to refer to the junk emails and postings, and the
name stuck.

The earliest, most widely known incident of commercial spamming dates back to
1994. It involved two lawyers who spammed USENET to advertise their services as
immigration lawyers. They later expanded their marketing efforts to include
email spam. The incident is commonly referred to as the "Green Card Spam."

This nefarious industry has since grown in leaps and bounds. Today, more than
half of the trillion-plus emails that are sent and received are spam.
Initially, spam was generally advertising-related email. In more recent years,
however, a particularly nasty crop of spammers has emerged, who send out their
spam with nothing less than malicious and/or criminal intent. Some send out
spam that contains viruses or malicious code. Others devise scams intended to
defraud you of your money. And then there are those whose focus is identity
theft.

Benign or malicious, commercial or criminal -- spam has transformed the way we
communicate electronically, and will continue to do so well into the near
future and very likely beyond. Spam has become a regular, albeit unwanted, fact
of online life.

Top Ten Tricks of the Spammer

The spammer's most fervent hope is that you are ignorant of the tricks and
tactics used to spam your inbox. Learning the spammer's nefarious ways is your
best protection against spam.

Manipulating Text:

This is one of the most commonly used spamming techniques. Spammers will
manipulate the text in the email, to foil the anti-spam filters. They may, for
example, deliberately misspell some words: "M0rtg4ge" for example. They may add
characters or spaces to words in the email header, to make the email seem unique
from other email. Like this: X_A_N_A_X Here's an example, . They may also insert
random strings of text within the email.

Chain Letters:

Spammers may send out chain letter instructing you to forward the email to your
friends and family. To entice you to do so, it may claim that forwarding it will
bring good luck. This spam may carry viruses or a Trojan horse, which is sent
along to anyone you forward the email to.

Image-based Spam:

The spammer sends out spam that contains an image in GIF format. This image
bears the spammy message. Image-based spam is effective in by-passing spam
filters because they are generally text-based.

Dictionary attacks:

This is a technique used by the spammers to find email addresses that they can
spam. It involves trying random combinations of common names and words, and
using these to making up email addresses, e.g. JaneDoe@YourISP.com,
JDoe@YourISP.com, JaneDoe1@YourISP.com. The spammer will then send out junk
email to the different variations of these addresses in the hope that some of
it will go through,

Spammers tend to direct the dictionary attacks at the large email companies,
which have a large number of customers.

Email spoofing:

Email spoofing involves the use of a fake email header that is written to make
it look like someone other than the spammer sent the email. Very often, the
spammer will make it look like the email came from a credible source such as
your bank or yahoo, and try to get you to reply with personal information such
as a password, social security number or credit card number. This technique is
widely used because it is easy to do, and tends to catch the recipients off
guard.

JavaScript:

The spammer can use Javascript that will ensure that the spam is only visible
when the email is loaded. This type of spam can only be prevented using
anti-spam software that decodes or blocks the java script.

Social engineering:

This spammer ploy attempts to fool the recipient into reading the junk email by
pretending to be an acquaintance. It involves a junk email that has a "personal"
subject line, such as "I'm leaving tomorrow," "I got your message" or "Let's
meet again".

Mining message boards and chat rooms:

When you post a message to a message board or chat room and leave your email
address, automated programs called spambots will find your address and add it
to the spammer's mailing list. Much like a listed phone number in the telephone
directory, leaving your email at these types of websites makes it public
information.

Web beacons:

A web beacon, also called an "invisible GIF," is an image sent out with spam
that is invisible to the recipient. When the email is opened, the spammer will
be alerted that your email address is "live."

Open proxy, 3rd-party servers:

An open proxy is a third-party server that enables the spammers to camouflage
their real identities as well as their Internet locations, when they send out
their junk mail. Many spammers use these open proxy servers to help maintain
their anonymity.

The What, Who, Where and Why of Spam

Spam was once just clutter in your inbox; now it is a commonly used vehicle for
fraud, electronic crime and even corporate espionage. The 4 Ws of spam answer
the most commonly asked questions about spam.

What is Spam?

Spam, also called junk email, is generally defined in the Internet industry as
unsolicited commercial email (UCE). It is email that is sent out in bulk to a
huge number of recipients who did not request it. The contents of spam range
from benign advertising to malicious programs that can literally hijack your
computer system do grave damage.

The most common commercial spam advertises pyramid schemes, pornographic web
sites, mortgage loans, chain letters, credit repair, fraudulent pharmaceuticals
and illegally pirated software. The more dangerous spam will often contain
viruses that can infect your computer, Trojan horses that can hijack your email
program and use it to send out spam to your friends and family, and phishing
scams that attempt to get your personal and financial information.

Who Spams?

"Spammer" is the term used to refer to those responsible for spam. In the Spam
world, there are two types of spammers. There are the honest spammers who
comply with the anti-spam laws, and have the consent of the spam recipients.
These willing recipients usually join the honest spammer's "opt-in" mailing
list by signing up at a website, for example to enter a lottery, or to be
notified of future promotions. Then there are the dishonest spammers, who will
get your email addresses by any means possible. They use their spam for
criminal or malicious purposes and have zero regard for the law. Spammers range
from the lone, home-based individual to multi-million dollar companies with
several employees. Most of the spam companies are increasingly relocating to
offshore locations to evade US laws and law enforcement.

Where do the Spammers Get your Email Address From?

Spammers get their victim's email addresses from just about anywhere you can
imagine. Primarily, they use Newsgroup harvesters and Spambots, which are
automated programs designed to "harvest" (extract) email addresses from online
sites. Newsgroup harvesters target newsgroup postings and other unprotected
web-based forums, which tend to have low security. Spambots troll the Internet,
scanning websites and "harvesting" (extracting) email addresses. It typically
searches for the "@" sign that denotes an email address.

The average spambot can harvest over 30,000 email addresses in just one hour.
And this goes on 24/7, year and year out. There are also companies that sell
CDs that are packed with valid email addresses. These can sell for as little as
$25, and they are a goldmine for any spammer.

Why do Spammers Spam?

In a word? Money. Spammers literally make millions from their illicit trade.
Studies show that for every million junk emails sent out, a spammer will
average about 100 sales. Add to this the fact that they make $50-$100 in
commission for each sale, and you can see how the numbers add up to incomes in
excess of $100,000 a year! What's more, spamming can cost next to nothing.

But why does spamming continue despite its cost in time, effort and money?
Because there are people out there who respond to spam. Even with a minimal
response rate of one sale from every 10,000 emails, it can be highly
profitable. If no one responded to spam, the spammer's cash cow would starve
and the practice would end. It is these few who keep the spammers in business.
They make the cost of spamming worthwhile.

Top 5 Techniques to Protect Yourself From Spam

It is virtually impossible to avoid having your email address end up on a
spammer's mailing list. You can, however, take steps to minimize the amount of
spam that you receive. Here are to top five:

Address Munging

Never, ever post your permanent email address publicly online. Posting it on a
website, on USENET, or in a guest book, for example, virtually guarantees that
it will end up on a spammer's emailing list.

If you absolutely have to supply an address, or regularly participate in online
forums but do not want further communication, camouflage your address in some
way. You can, for example, disguise your address by writing it in such a way
that humans can read it, but the spammers automated programs cannot.

Example: instead of JaneDoe@ISP.com, add a blank space before and after the "@"
sign, or use characters e.g. JaneDoe at ISP dot com.

This is reffered to as "address munging". While address munging does not allow
for a regular, clickable email link, anyone who really wants to contact you
will figure it out the proper address.

If you have a website, provide a feedback form instead of giving your email
address.

Sign up for an Alternative Email Addresses

Do not use your primary email address when placing an online order, getting a
free download, or want to sign up for a newsletter or free service Get a
secondary email address that you can use in these instances. You can open a
free email account for this purpose. Email providers such as GMail and yahoo
offer this free email service.

Reserve this email address specifically for this online activity -- do not
offer it to people from whom you want to receive email, as this will likely be
lost in the deluge of junk mail.

Also, be sure to log into this account on a regular basis to delete the junk
mail and avoid having the account closed. If you get over-spammed, just close
this account and open a new one.

Choose an email address that cannot be easily guessed at. One method used by
spammers to get email address is to generate a list of likely email addresses
based on a combination of first names, last names and commonly used words. They
may, for example build an emailing list that has variations of an address like
JoelDoe1@hotmail.com, JoelDoe2@hotmail.com etc. You can foil this spammer's
tactic by using a relatively long email address, for example 8 or more
characters long. You should also avoid choosing email addresses that include
either of your names. Use your initials instead, in combination with numbers,
e.g. jtd1509@yahoo.com.

Beware the Phisher Spam

Phishing is a tactic used by spammers to scam you into giving up vital personal
and financial information. Its sole purpose is identity theft.

Never divulge any personal or financial information that is requested in an
email. Your bank or credit card company would never ask you to confirm or
update your personal information via an email or a link in an email. Any such
emails should be reported to the bank or credit card company. Never, ever click
on any links in this type of spam.

Get a spam filter or spam blocker

Stop the spam dead in its tracks before it ever makes it into your inbox. Well,
most of it at least. Though they are not 100% effective, anti-spam software will
keep most of it out. Even if you only use the internet a spam filter will help
protect you from spam.

How Spammers Get Your Email Address

Each minute of each day, there are literally thousands upon thousands of spam
email messages flooding inboxes the world over. Some of that email even goes
out from what appears to be your very own email address! Where on earth do
spammers get your email address? There are various ways -- some are legitimate,
and most are not. Typically, spammers will "harvest" email addresses from
legitimate web sites, such as USENET groups, chat rooms, message boards, AOL
profile pages and special interest group postings. These are sites you have
visited and requested more information from, or corporate sites where you may
have placed an order.

The spammers collect these addresses using automated programs called spambots.
Spambots are designed to harvest the email addresses from these web sites. They
scan every page on the site, collecting any text containing the symbol "@" they
find. The email addresses they collect are compiled into a database, loaded
into a bulk-emailing program and out goes the spam. Often, these harvested
email addresses are also sold to other spammers ; once you email address makes
it to a spammer's mailing list, it will make it onto their fellow spammer's
lists.

Some websites require you to register before you can place an order or access
certain parts of the site. Not all these websites will be as protective of your
email address as you may wish. Newsgroups are particularly notorious for
exposing their users' email addresses to the spam gatherers. Most newsgroups do
not take a great deal of care to hide the email of their users, and each and
every email member email address is exposed and up for grabs by spammers. Some
of the wbsites that aask you to register may also sell to spammers.

Another method commonly used by the spammers is to target a domain. They simply
guess or make up every possible variation of email address based on the domain
name, for example @yourDomain.com . They create a mailing list of these
addresses and then spam them. Corporate emails are especially vulnerable, as
their emails have a distinct format such as @BusinessName.com.

While most of the spam will bounce, it really does not bother the spammers
because they can and do send out millions of this type of junk mail a day. A
small proportion of the emails will actually be legitimate and will receive the
spam -- that is good enough for the spammer. This method of gathering email
addresses is called a brute force spam attack.

One way to defend against this is to make it more difficult for the spider to
harvest your email. When you place your email address on a web site, remove the
@ symbol and replace it with the word "at." This makes it far more difficult for
the spam harvester to gather your address, because it cannot be gathered
mechanically; it can only by read by a human who is actually reading the site.
Alternatively, you should display your email address as an image rather than as
text.

What is the Harm with Spam?

In the early days of the Internet, spam was little more than an irritating
nuisance. However, like every other aspect of the Internet, spam has evolved to
become something far more nefarious in nature.

To understand just how big a problem spam has become, it will help to realize
the sheer volume of unsolicited junk mail is sent out every day. More than 50%
of all the trillions of email that is mailed out is spam. This spam clogs up
and wastes bandwidth, especially with the recent advent of image-based spam. It
places a huge strain on servers and wastes a huge amount of time and money to
deliver millions upon millions of unsolicited emails to the inboxes of
recipients.

Mass Mailing Viruses

Aside from constantly inundating your inbox with unwanted email, spammers now
also pose grave threats to the health of your computer

One of these new dangerous aspects of spam are that illicit senders can now
manipulate your email addresses, and make it seem to the rest of the world that
the spam that is sent is coming from your personal computer or domain. This may
result in your service provider blocking your Internet connection, or
terminating your account. And all of it can be done without any knowledge on
your part. It can easily be made to seem that you are an actor in a malicious
mail campaign when in fact you are an unwitting actor at best.

AVF

Email is the most common vehicle of choice for spreading viruses, and for
hackers to get into your computer system. There is an increasing amount of this
type of spam being mailed out of late. These small programs can be used in
myriad harmful ways, including crashing your own system, crashing that of the
parties you email or keystroke logging to gather your personal information.

Another insidious tactic that the spammers employ is called "Phishing." It
involves the spammer sending out junk email that is specifically designed to
look like it is from a reputable, legitimate source such as a reputable company
like ebay or paypal. This spam utilizes the company's logo and official graphics.

The purpose of this type of spam is to get your personal and financial
information. Often it will fraudulently send you to web sites where this
information regarding email, finances, bank accounts or other personal info is
gathered and used in illegal ways. Very often, the spammers will combine
methods, spamming their victims with virus-laden software, phishing and other
schemes that take spam to a whole new level of illicit, criminal activity.

A 2006 study by Consumer Reports estimated that in two years, Americans spent
more than $7 billion on repairs and parts replacement resulting from viruses,
malware and spyware. This does not take into account the cost to the Internet
Providers who have to pay for all the bandwidth taken up by the spammers junk,
or the cost in time, money and productivity to businesses that have to sort
through all the spam.

Spam is no longer harmless, silly, or simply annoying. It is increasingly
harmful and we need to protect against it.

Spam Protection -- Know Thy Enemy: Viruses and Malware, Trojans and Adware

It has become increasingly common for spam to contain malicious programs or
software that can be harmful to both your computer. The purpose of these small,
malicious is to perform unauthorized, usually harmful, actions, when they
self-install into your computer system, and infect your programs and files.
They are commonly spread by e-mail, in the form of cleverly disguised
attachments that trick you into clicking on them.

The most common of these programs are: Viruses, Trojan Horses, Malware and
Adware. Knowing what they are and how they work will help you better protect
yourself from malicious spam.

Viruses

A is a computer program that is specifically created to replicate itself and to
infect a computer system without permission or even knowledge of the user.
Viruses come in several varieties including:

The Boot Sector Virus

This virus will infect the root-most part of your computer hard drive, called
the boot sector. This is what is used to start up your computer.

This type virus can prevent your computer from starting and may even force a
hard drive format, causing you to lose all of the information on your computer
in one fell swoop.

The Program Virus

This is an executable file. It becomes active when the program it has infected
is run. When it is activated, it will infect other programs on your hard drive,
disabling them.

The Macro Virus

The third type of virus specifically targets documents such as Microsoft word.
It is activated when the infected document it has infected is run. One action
it may perform, for example, is to erase dates in your documents as well as
other areas of the computer.

Malware

The term "malware" is short for malicious software. It is a type of program
that propagates on your hard drive and can create untold problems when it does
so. Malware may install a program that you did not want, or ask for. When it
does so, it will use up many of your computer's system resources, effectively
slowing it to a near standstill.

Trojan Horse

Much like its Greek namesake, the Trojan horse program is a seemingly harmless
and innocuous application or file, but it contains harmful, malicious code and,
when installed, can wreak havoc on your computer system. This program often runs
undetected, giving the hacker access to your computer system and, for example,
your personal information such as saved passwords and bank account numbers. The
hacker is also able to display messages on your computer screen.

Adware

While not necessarily malware, but adware can be used for malicious purposes.
Adware goes above and beyond what is reasonable advertising. It is adware, in
fact what has given a bad name to some otherwise incredible free software that
may actually be very beneficial to you.

It generates popups or other annoying advertising that can in fact freeze or
lock your computer. In many cases, the adware is difficult if not impossible
for the regular user to remove, disable or even detect.

In addition to displaying ads for the original advertiser, adware may log your
whereabouts on the internet and send user information back to the spammy ad
company about your computer use without asking for your permission to do so.

Spam is not always the most harmful thing you will find in your inbox; it is
the attachments that come with spam that can really devastate your computer
system. It is crucial that you do not open attachments in unsolicited email.

How Does a Spam Blocker Work?

A spam blocker is one way you can effectively cope with the deluge of spam that
is targeted at your inbox each day. This type of anti-spam software works by
blocking any unsolicited email from getting to your inbox. It is generally
about 90% effective in blocking this spam, along with any viruses and other
malicious code that may come with it.

The spam blocker differs from a spam filter in that its function is
specifically to block most of the incoming spam. The spam filter works by
organizing email that it identifies as spam into folders, and leaves it to you
to take further action on. The spam blocker, on the other hand, is specifically
programmed to prevent spam from getting through. With a spam blocker, you do not
have to deal with the spam it detects and blocks.

So How Does a Spam Blocker Work?

The spam blocker will log into your mail server email account every 10 minutes,
inspecting it for spam email. It immediately destroys any viruses, and gets rid
of any obvious spam such as email that contains adult or pornographic material.
Undesirable email is flagged and then redirected to a folder specifically for
spam. You will have an opportunity to sort through this spam folder to verify
that no legitimate email is mistakenly diverted there. Any email that it is on
your white-list or which it determines as legit will be left on the server to
be downloaded as normal.

If an email is from an unknown source and the spam blocker cannot clearly
categorize it as either legitimate or spam, it is quarantined in a specific
folder until you either move it or delete it. The quarantined spam is usually
held in this folder for up to 30 days, or until you take action on it. The spam
blocker keeps track of the particular action you take on each quarantined email
e.g. if you delete the email. It will "remember" this action and use it to
create a new filtering rule that it will apply to future incoming email.

What are the Benefits of a Spam Blocker?

- A spam blocker frees up storage space. Most mailboxes have a very limited
  capacity to store email. Spam takes up space, and a spam blocker generally
  prevents large files from making it into your main folder.

- By blocking spam rather than just filtering it, the spam blocker helps
  minimize the amount of time you have to personally sort through your spam 
  email.

- Because this anti-spam software deletes spam, it drastically lowers the risk
  of a computer virus infecting your system.

- Many spam blockers are available online for immediate download, are usually
  very easy to install and generally do not require further configuration..

Many email services offer spam blocker software. If, however, you choose to buy
your own, make sure you get one that is compatible with your service. Also take
into account the level of blockage it offers as well as flexibility it offers
in letting you customize the settings to your own preferences.

How to Choose Anti-spam Filter Software

Nowadays, spam is more than just an irritating flood unwanted email. It is also
a means by which spammers can transmit viruses, spyware and adware to your
computer. An anti-spam filter is essential to minimizing this potential risk.
It will also stem the flow of spam into your inbox.

What is an anti-spam filter?

An anti-spam filter is a program designed to detect and block unsolicited bulk
email. It works by scanning any incoming email for words, phrases, html code
and other spammer tactics to determine whether an email is spam or not. It does
this based on probability formulas that calculate the likelihood that an email
that has certain words is spam.

It will also create black lists and white lists. The blacklist will store email
from unknown ISP and email addresses or ISP addresses; the whitelist will hold
email that is sent from pre-approved sources. The filter software will also
keep these lists up to date. Whenever the filter detects that an incoming email
is spam, its address is added to the blacklist. Whenever the sender or recipient
confirms an email as trusted and legitimate, it will be added to the white list.
Most of the "sporm" (spam pornography) will be filtered out as well as any email
that it detects has adult content.

What Should You Look for in Anti-spam Filter Software?

Here are other important features you should take into consideration:

- Make sure the anti-spam filter software is compatible with your particular
email service. Do not take it for granted that it will work with what you have.

- It is important that the software program is easy for you to use and
navigate. Anti-spam software is worthless if you can't figure out how to use it
or if it has features you do not understand.

- The features and tools the software offers should enable you to customize the
program to suit your own needs. It should be flexible in letting you set your
own rules regarding which email to permit into your inbox and what you want to
filter out or block.

- Ideally, it should enable you to set up whitelist, which will indicate
particular email and ISP addresses that should always be delivered to the
inbox. This will ensure that legitimate email from trusted sources will never
be filtered out or accidentally deleted.

- The software should install with ease, with zero or minimal errors
encountered during set up. Some anti-spam software requires registration,
additional downloads or other steps to be taken before it can be used.

- The software you choose should be stable in its release and workings. One way
to check this is to look at the release package and view what the programmers or
company states is the last stable release. It is probably not in your interests
to buy software that is still in the beta phase, particularly if you are not
familiar with the program.

Spam is irritating at best, and maliciously destructive at worst. Buying the
right anti-spam software will go a long way toward protecting you from the
spammers of the world.

Spam -What is Your Protection Under the Law?

Spam has become an ever-increasing problem in recent years, costing legitimate
businesses a great deal in both time and money.

In response to the growing threat from spam, new legislation was enacted in
2003. it was called: Controlling the Assault of Non Solicited Pornography and
Marketing Act (CAN-SPAM act). This act created some requirements for all
companies who are sending bulk commercial email, as well as those companies
whose products are offered for sale in the spam emails. It also instituted
penalties for violators, as well as giving the client or consumer the right and
the means to request that the emailers cease the spam efforts.

CAN-SPAM was enacted in January, 2004. The act covers any email which have as
its purpose advertising or promotional efforts for any service or product,
including those whose contents reside solely on a web site.

The legislation also covers "transactional or relationship messages," meaning
those emails which help a web site to deal with any transaction, even those
which are agreed on, or make updates to any customer whether new or exisiting.
None of these may contain false or spoofed routing information.

The Federal Trade Commission (FTC), the United States agency for consumer
protection, was granted the authority to enforce the act and the DOJ, or
Department of Justice is additionally charged with the enforcement of the CAN
SPAM act. It also provides that Internet Service Providers who are hurt by the
spam may in fact sue the violators of the legislation to recoup losses to their
own business.

Other Major Provisions of the Law

-It bans any attempt to falsify the information in the header or subject line.

These must correctly identify what the message is about, and accurately display
routing information as well as "To" and "from" information. The email must
accurately indicate the identity of the sender and recipient. It must
accurately portray the domain from which the email originates as well as the
senders real email address.

- It bans misleading subject lines

The subject line must not mislead the recipient to open the email under false
pretenses. It should clearly indicate the actual subject matter of the email.

- Emails sent in this fashion must offer the recipient a legitimate means to
get out of receiving the commercial email in the future. Any such requests to
opt-out must be honored by the spamming company, and the email address deleted
from its sending list. The commercial emailer will have 10 days to after the
request to cease sending messages to that address

- Commercial bulk email should easily be identified as an advertisement or
solicitation. It must also include the sender's actual physical postal address

- The recipient must be fore-warned of any sexually explicit information the
email may contain. This warning must be displayed in the email's subject line.

Each and every violation of this law or the aspects of the law subjects the
sender to strict fines that can go as high as $10,000 per incident and, for
certain violations, the commercial emailer will face possible jail time.

Another legal initiative aimed at fighting spam is the "Digital PhishNet"
(DPN), which was established in 2004. It is a collaborative effort between the
Internet industry and criminal law enforcement. Its purpose is to identify and
to prosecute spammers who break the law through phishing. Online auction sites,
financial institutions, ISPs and other groups within the industry are all
involved in this imitative. Important data and information is forwarded in real
time to law enforcement.





How to Report Spam Abuse Spam is as prolific as the leaves on the trees and because there are so many kinds of it, it is a challenge to find the right site or organization to report spam to. Each type of spam will violate the law in one way or another and each can be prosecuted if it can be proven. Saving and sending the entire email header is an important step in reporting spam. The header of every email you receive will contain information on the full chain of computers through which the email passed in order to get to you. Generally, most email will pass through at least four computers: The spammer's computer, the spammer's ISP, your ISP and finally your computer. This is the most reliable way for an anti-spam service to track down the spammer's ISP because the spammer will camouflage the "from" address. As the email passes through each computer, information is added to the header indicating who the mail came from, as well as where they are sending it. While this header information will seem complicated, you just need to make note of the originating ISP, which will be easy to recognize. For example, if you receive your mail through AOL and you note "yahoo" in the string of information, then you will know to report the spam to yahoo. To read the information in the email header, just right click on the email, choose properties and then either "options" or "header" depending on your email program. Then cut and paste the header path in its entirety, into the body of the email. Finally, forward the spam email first, to the spammer's ISP, and then next to spam reporting agencies You should also forward the spam to the Federal Trade Commission (FTC). You can do this at the website: uce@ftc.gov. While the FTC will not take action on individual incidents, they will add the spam to a database reffered to as UCE (unsolicited commercial email) A common spam scam you may come across is called a "419 Scam", or the Nigerian Advance Fee Fraud. These spam emails generally relates a tale of woe -- a death in the family and a huge inheritance that the sender needs your (financial) help to claim. As improbable as it sounds, many people have fallen for this scam and millions of dollars have been defrauded from them. Fax a copy of this spam along with the header information to the United States Secret Service. Here is a list of the agencies you may report spam to, along with the type of email they can handle or will deal with. The Federal Trade Commission (FTC). www.ftc.gov/bcp/conline/edcams/spam/ -- This site offers you information about the law enforcement actions that have been taken against deceptive mailers and companies and those who do not honor opt-out requests from email recipients.. www.spamabuse.org This is a third party reporting agency. www.spamcop.net Another third party agency which will report spam on your behalf to the relevant anti-spam agency. For stock fraud, email the Securities and Exchange Commission (SEC) at enforcement@sec.gov . They are prosecuting however they are only able to deal with fraud in email that has to do with stocks and bonds. What Can an Anti-spam Firewall Do For You? Today, the Internet is reminiscent of the wildest days of the Wild, Wild, West. Your stagecoach through the World Wide Web can be hijacked at any instant if you have no knight in firewall armor to ward off any viral intruders. When your computer is connected to the internet with no firewall running, it is vulnerable to attack from spammers, hackers and phishers. Much like human viruses, computer viruses run the gamut from the benign to the fatally destructive to the computers they infect. And just as with human viruses, prevention is better than cure. Prevention begins by stopping them in their tracks at the portals of contact. This is where a firewall can come in handy. An anti-spam firewall application will, to an extent, help in keeping viruses at bay. There is, however, no firewall that is 100% hacker proof -- there are too many ways in which viruses can be embedded in a software download or regular data, for a firewall to detect and catch them all. However there are some relatively effective firewall programs available on the market, and some of them are actually free for your personal use. At the bare minimum a home personal computer that is connected to a cable modem or a full time connection needs to have and run a personal firewall software program, as well as anti-spyware and some type of anti-viral program. The ideal firewall will hide the ports that a hacker might use to gain access to your PC and protect your home PC from attacks, as well as track those attempted entries and prohibit unauthorized access or output from your computer. Two-way firewalls are the best as they block the threats that are incoming OR outgoing, to prevent things such s virus, Trojans or malware from being installed without you knowing it. Windows XP, as well as the new Vista have a personal firewall built into the operating system that is by default turned on. Because it monitors and offers popup warnings many people turn it off, and leave themselves remarkably vulnerable to attack. The Windows firewall default of "on" should be maintained until and unless you find another software or hardware firewall to protect your system. Some good freeware anti-viral and firewall software programs are available, such as Zone Alarm and Zone Alarm Pro. AVG also comes in a free as well as a pro version.Neither of these programs comes with adware attached and they are very good solutions to begin to address your internet security. You will need good anti-virus programs to go after any viruses that may inevitably bypass your firewall. It should be programmed to either quarantine or, preferably, destroy them. Last but certainly not least, it is essential to always keep your anti-viral and firewall programs up to date with the newest patches and security updates. Most viruses target your C: drive, so scan it daily. And never, ever open any unsolicited emails or the attachments that come with them. Top Anti-Spam Filter Reviews In the race to provide the best anti-spam system to fight the ever-growing threat of spam email, there are a few which stand out among the for-pay software systems. Some are software programs, while others are web-based systems that function by sending your email through their service before it gets to you. The web-based filter has the added benefit of not permitting spam to get through to your system, in the first place; on the other hand, if valid email is filtered out and isn't spam, its difficult to recover it. Here are reviews of top-rated spam filters Mailwasher: The Mailwasher spam filter is a very efficient and secure spam filtering tool. It combines a number of different techniques to detect and delete spam before it gets to your inbox, as well as protecting your computer from viruses. These techniques include: using statistics, blacklisting and white-listing, databases and advanced learning filtration. Mail Washer supports IMAP and POP accounts, as well as MSN, AOL and Hotmail. However, it does not offer IMAP or POP proxy filtering. This spam filter takes a bit of time to "learn" what you think is spam, and in time will be highly efficient in its spam filtration. Only My Email: Is on an online web based filtration system, so there is no software to download or install. Because it is not downloaded to your computer itself, the spam filtering operations will never affect your computer's performance. Your email is filtered prior to coming to your computer and the spam will never be downloaded to your personal machine. You also get a daily spam report. Only My Email is an extremely accurate anti-spam filter. It is capable of filtering up to three IMAP or POP email accounts. Cloudmark Desktop: This is a great, easy to use anti-spam filter. It is a plug-in for Outlook and Outlook Express. This software is highly accurate, with a great spam detection rate and relatively low false positives. Cloudmark Desktop uses a database of spammers to identify and filter out spam. This database is updated by the community of over a million Cloudmark users. For example, when you identify a message as spam, it is automatically deleted from other Cloudmark users' inboxes as well. Phishing spam faces the same fate. This spam filter deletes spam immediately or moves it into a dedicated folder for further action from you or later deletion. Cloudmark Desktop is a subscription service that needs to be renewed annually. There are still some areas in which improvement is needed such as in the case of false positive spam removal, but all in all, it is a great spam and phishing email solution. CA Anti-spam Previously known as eTrust Anti-Spam, this software is a whitelist spam filter. This means that it will only permit mail from those you have added to your whitelist and will quarantine all other emails. Once approved, messages from a previously quarantined sender will be moved to your inbox. It also updates your whitelist by scanning you outgoing email. While CA Anti-spam works well for those who receive only mail from those they know, but may not be practical for those who receive large volumes of email from several legitimate but unknown sources. Top 5 Myths About Phishing There are several myths and misconceptions that abound when it comes to Phishing. These are the top 5 most common ones: Myth #1 Anti-spam software can detect phishing email While anti-phishing and spam filters can decrease the number of phising emails that get into your inbox, they are not 100% effective. Whenever anti-phishing technology keeps improving, the phishers are always devising ways to get around them. It truly is a cat-and-mouse game. Secondly, because spam email and phishing email are different (phishing email spoofs a legitimate business), a different set of rules and criteria are required to detect the phisher. Myth #2 As long as I don't give my password and user-name, I won't be Phished Phishers are getting increasingly sophisticated. They now employ several variations on the original spoofed email that once requested your password and user-name. They will, for example, instruct you to click on a link so as to update your information at a website. If you do click on the link, malware such as a keylogger or syware wil be downloaded to your computer. The link may take you to a spoofed website, but it may also link you to the actual website of the legitimate business. Once there, a pop-up or overlay is activated, directing you to log in. You will probably be unaware that your access information has been compromised. Myth #3 Most Phishing attacks originate from outside With all the time and effort that has been poured into the Nigerian 419 spam scams, it is commonly assumed that phishing originates from emerging countries outside America. However, a study by Symantec shows that the majority of phishing attacks actually originate within the U.S. Myth #4 Phishing is a problem that we can solve by educating users This is not true. There are various ways the phisher can camouflage an IP address. In fact, a large proportion of phishing attacks are enabled through common misconfigurations in a web application. Phishers can manipulate internet technology to redirect you from a real and legitimate website, in such a way that although the original web address points to this real web site you are taken to the phisher's web site. As the incidents of phishing and identity theft have increased, people have become more aware, and better able to identify phishing emails. The percentage of phishing victims has gone down. However, even though users are getting better educated and informed about phishing, there is always still a chance that someone will mistake a well-crafted phishing email for the real thing. Myth #5 I will know one when I see one This is another misconception regarding phishing, and a potentially dangerous one at that, especially in our digital world. With all the time, talent and technology available to them, these cyber crooks have more than ample resources to create and execute increasingly realistic email spam, web site spoofs or other electronic means by which to scam you out of your confidential financial data and wreak havoc on your financial affairs. Vigilance is, in fact, your number one protection against the phisher's hook. Underestimating the phishers may cost you. 5 Tips to Protect Yourself From the Spam in Your Inbox You will inevitably receive some spam in your inbox -- there is no getting around that fact of life. How you handle this unwanted junk mail will go a long way toward reducing or increasing the amount of spam you will receive in the future. It may also protect you from viruses, credit card fraud, identity theft and other forms of cyber-crime. Next time you log into your inbox, keep these 5 tips in mind to stop the spammers dead in their tracks. Do not Preview If you are able to preview your entire email messages in your inbox, you should disable the message preview pane. This is important because some spam email contains code that is specifically designed to compromise your computer and leave you vulnerable to viruses, Trojan horses or worse. Review the options offered in your email program and change the settings. Do not Fall for the Phisher's Hook Many spam emails are cleverly designed hoaxes, which are intended to get you to unwittingly divulge private information. They claim to be from your credit card company, bank or other financial institution, and attempt to fool you into divulging personal information such as your social security number, bank account number, password or other private, identifiable information. This fraudulent practice is called phishing. Responding to this form of spam would leave you vulnerable to identity theft, credit card fraud and other financial cyber-crime. Friend or Foe? Just because an email has been sent to you by a friend, do not assume that it safe for you to open any attachment that comes with it. Contact your friend and verify that they did indeed send it. Very often, spammers will attach a virus to their spam, which, if opened, will hijack your email program and mail itself out to every email address in your address book. This fraudulent email will appear to the recipients to have been sent by you. If they in turn, open this email attachment, the same malicious cycle is repeated. Read your Email in Plain Text Spammers often use Javascript to embed malicious code in their spam. It may, for example, be designed to infect your system with a virus that can install itself in your computer, and give a hacker or other scammer access to your private and financial information -- without your ever knowing it. You can protect yourself against this by changing the settings to display the email messages in plain text. This effectively disables many harmful scripting features Never Respond Do not click on any banner advertising or send a reply to a spam message. Doing this lets the spammer that yours is a "real, live" address, which will only result in a deluge of even more spam. Unless you have specifically subscribed, do not click on any unsubscribe messages contained in junk mail. Most of these are only intended to fool you into confirming your address as valid. Also, do not forward any junk chain letters you may receive. Above all else, common sense is the most important form of spam protection you can have. Be vigilant when you check your mail -- even the most advanced anti-spam filter available today cannot keep 100% of all spam out of you inbox. Protect your Kids from Spam Spam is commercial email that is sent out in bulk to millions of people without their consent. It is may contain advertising messages for regular products and services but increasingly, it is email of an inappropriate, offensive or malicious nature. Today, many children have an email address that they use to email their friends, submit homework, etc. It is a fun, inexpensive and instant way to keep in touch. However, as the volume of spam keeps rising, the need to protect children from the dangers of spam is a growing concern. Like all other Internet users, children are just as susceptible to receiving spam as are adults. And because spam is an equal opportunity menace, kids are just as likely to receive spam that contains adult and pornographic material. While there is really no way to totally eliminate the possibility of your kids receiving spam, there are steps you can take to minimize it. Here are a few: Here are a few tips to help protect your kids from spam Email Filters Your email service comes with email filters built in. You can use these to filter your child's email into specific folders, and filter spam into the trash folder. This involves setting up rules that your email program will follow in determining what action to take on incoming messages: to let it through to the inbox, send it to trash or to block the sender. Your email spam filter program will apply these rules based on certain words in the subject line or body of the email. For example, if an email contains the word "viagra," it will be sent directly to the trash and the sender blocked. Spam Blocker Your email service may also come with a spam blocker. If it does not, it may be worth your while to invest in one for your child's computer. Where-as your email filter filters incoming email into folders, the spam blocker blocks spam from going through the system. It checks your mail server every 10 minutes, where it deletes the spam and destroys any viruses it finds. Legitimate email is let on the server and downloads to the inbox when you log in. Whitelists Set up an email account for your child that "whitelists" only specific email addresses. A whitelist is just a list of trusted and approved email addresses. For example, you can have the addresses of your child's grandparents, aunts and uncles whitelisted. Whenever email is received from any of the whitelisted addresses, it goes directly to your child's inbox. All other email addresses are blocked. Monitor, Monitor, Monitor Be sure to log into your child's email account on a regular basis to monitor the incoming and outgoing messages, and to ensure that the spam filter and spam block are working appropriately. Using your email spam filter, you can set up a rule that will ensure that a copy of every email that is sent and received on your child's account is forwarded to your own email address It is very important to educate your children on the dangers of spam and how to handle it if they do receive any in their inbox. Popular Email Scams on the Internet Today Phishing Scams: "Phishing" is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or any other kind of confidential personal information. Identity theft is the goal of this scam. The phisher sends you a fraudulent email that is designed to look like it was sent from a reputable company. The email directs you to a website that looks like it belongs to the reputable company, but is actually a spoof. You are asked to "update" your information here, and if you do, all that personal information goes straight to the phisher. uses this information for identity theft purposes such as making withdrawals from your bank and credit card accounts, ordering new credit cards which they promptly max out, etc. Some of the most recent phishing attacks have spoofed the email and websites of well known companies, including eBa, Paypal, Yahoo, Pfizer, Bank of America, among others. Work-At-Home Scams: These are some of the more tempting spam scams. They offer those who need to make extra money the opportunity to do so, and invariably the email will state: "no experience necessary." The scammer often claims to have "inside information," and tries to bait you with the lure of quick money for next to no effort. More often than not, you are asked to pay anywhere from $35 to several hundred dollars to purchase the kits or materials that will not earn you a dime. This scam often offers opportunities involving handicrafts, stuffing envelopes or medical billing on your home PC. If you fall for this scam, pay the fees for the handicraft or envelop-stuffing "kit," and complete the assembly of the crafts as instructed, you will be informed that your work is of poor quality and not worth paying for. If you sign up for the medical billing "opportunity," you will be asked to purchase a list of doctors. These doctors are either fictional or do not want or need your services and never did. Credit Repair Scams: These scams tell promise to erase real and usually correct negative information that has been added to you credit report, so that you can qualify for loans, mortgages, unsecured credit cards, etc. These services rarely deliver on their promise, and more often than not, will create a great many more problems in the long run. They have even been know to suggest that you commit fraud e.g. falsifying your social security number. Guaranteed loans on easy terms: Some email scams offer guaranteed, unsecured credit, such as a home-equity loans that does not require equity in your home, or credit cards regardless of your credit history. This offer of credit is often extended by an off-shore bank. This scam is often executed in conjunction with a pyramid scheme, which will encourage you to make earn money by signing up friends and family to participate in the scheme. The promised offer of a home equity loans turns out to be a useless list of lenders who will turn you down if you don't meet their qualifications. The promised credit cards never come through, and the pyramid money-making schemes invariably collapse. Chain letters: The spam email directs you to send a small amount of money to each of 4 or 5 names on a list, add your name to the top of the list and remove the last name on it, and then forward the updated list via bulk mail. Typically, the letter will claim the scheme is legal, and may refer to sections of US law as supporting proof of this. Not true. These chain letters are almost always illegal, and nearly all those who participate in them lose their money. Phishing-101 Phishing is an email spam scam that is specifically used to commit identity theft. Its sole purpose is to scam you into divulging personal information, which they can use to perpetrate identity theft. This includes passwords, card numbers, birth dates, PINs and other vital personal data. The term came into use to denote the way phishers bait to lure their victims into divulging private data. Industry experts define this devious practice as a form of "social engineering." Typically, a phishing attack will be executed in combination with a massive spam mailing. Phishing spam is sent out to millions of recipients, often with a subject line that is exciting or upsetting. It is calculated to trigger an immediate reaction from the recipient, and get them to respond without further thought. The phishing email will often have phrases such as: -Dear Valued Customer. -Click the link below to access to your account. -If you don't respond within 24 hours, your account shall be closed. The phishing spam is typically a fraudulent but very official-looking e-mail. It is cleverly designed to replicate the website and email messages of a business you know and trust such as your bank or mortgage company. The email will even sport official logos and graphics of the legitimate company. It will instruct you to click on a link in the email to go to the company's website, where you can "update" your personal information. The link will usually be "masked," which means that when you click on it, it will take you to a phony web address. Clicking on the link will take you to a website that appears to be that of the real financial institution's website. It is, however, just a copycat spoof, set up to give the spammer access to your personal and financial data. You may give your information thinking you are at the real website. Instead, any information you enter here will go directly to the identity thieves. What are the Consequences? If you fall prey to the scam and unwittingly divulge private information, you will be left vulnerable to identity theft, credit card fraud and other financial mishaps. These identity thieves will either sell the information to fellow criminals, or use it for their own financial gain. This vital personal data will be used, for example, to set up fraudulent online bill pay, with payments made out to the phisher. They may use it to access funds from your bank accounts and credit cards and transfer them to their own checking accounts. They may even use a copy of your bank or credit card along with the phished PIN to withdraw cash from your accounts at any ATM. Phishing is a numbers game for these criminal spammers. They will send out their phishing email to millions of recipients. They count on just a few falling for the scam and volunteering their information: if a mere 1% of recipients volunteer their personal information, the phishing expedition will be a hughly lucrative. It is these few who make their scam worthwhile. Don't Fall for the Phisher's Bait Never respond directly to any unsolicited email that asks you to update or verify your personal information. Banks, stores and other legitimate businesses will never ask you to give this information via email, particularly following the advent of phishing. If there is any doubt as to whether or not the email is from who it purports to be, contact the company immediately to confirm and clarify the request for information. Be sure to call a phone number from your statement. Calling the phone number in the email is probably a direct line to the identity thief. Never click on a link in any such email. To do so would be to risk downloading malicious Trojan horse spyware, which will install keyloggers in your computer system. This would provide hackers direct access to all the personal data stored on your computer, which they will use for their own nefarious financial gain. Never, ever fill out forms contained in an email that request personal information. The mere request for this information should ring a loud alarm bell. Phishers are able to use HTML to design very official-looking email messages. Any information entered into these forms goes directly to the phisher Never trust links contained in unsolicited email. Phishers have devised ways to spoof legitimate website links. Common tricks that are used include misspelling web addresses or using sub-domains that include the name of a legitimate business. An email link can also be "masked" in such a way that it displays a very official looking text-link to a legitimate company's website, but clicking on it will take you to the phisher's web site. Do not cut and paste the link contained in the message into your browser. Type the address of the legitimate company in a separate browser window, so as to bypass having to click on the link in a suspected phishing email. Always be suspicious of impersonal email. Almost all email communication from legitimate businesses will contain some specific piece of personal information that is not readily available to anyone but you. An email from your bank, for example may include part of your account number. Always keep in mind that here are malicious people out there who do nothing more than think up creative, innovative ways to get at your personal information. Be sure to use anti-syware and anti-virus software, and keep these regularly updated. Anti-spam filter software may help eliminate or minimize the amount of phishing spam you will receive in your inbox. Be very cautious of opening any emailed attachments you receive, even if they seem to be from an acquaintance. Help catch the phishers by reporting any phishing attempts. Forward the phishing email to the company that is being spoofed. Also forward it to these email addresses as well: spam@uce.gov and reportphishing@antiphishing.org. This information will be used by the Anti-Phishing Working Group to fight phishing. This organization is a coalition between the internet industry, and financial institutions and law enforcement. Learn more and stay informed by visiting the Federal Trade Commission's Identity Theft website: www.consumer.gov/idtheft. Anti-phishing Software The threats posed by spam are always evolving, and phishing is one of the most recent scams the spammers have come up with. Your most important protection against phishing is vigilance and a healthy skepticism. You can, however, supplement this with Anti-phishing software programs Anti-phishing software works by detecting phishing content that may be contained in an email. It is genrallly used in conjunction with your email service as a toolbar. This tool bar will display the real name of any website you visit, and expose any spoofed websites that phishers may attempt to use. This software is offers a second line of defense to for blocking phishing attacks and sites that might have foiled and bypassed by your browser's built-in protection. Here are a few of them: Earthlink Toolbar Scamblocker Offers a check towards a phishing blacklist of sites Checks the owner and location of the web site Prevention against phishing and pop ups Earthlink offers a free browser toolbar that includes ScamBlocker, an application that protects you against phishing scams and phishing pop ups. It will, for example, warn you when you attempt to connect to a website that is on Earthlink's balcklist of fraudulent sites. It will analie each web page hat you visit and display a security rating of the webpage on its toolbar. Earthlink's Scamblocker can be downloaded at this link: http://www.earthlink.net/software/free/toolbar/ Netcraft Anti-phishing Toolbar When a one recipient of a phishing email reports it, the relevant URL is blocked for the rest of the Netcraft community members. It will display for you the website's hosting location, which will help expose fraudulent urls. Say, for example, you are on the bankofamerica.com website, the hosting location is unlikely to be in Poland. The toolbar will also detect any web addresses that contain letters or characters that are only used in the URL to deceive. The Netcraft Anti-phishing Toolbar can be downloaded at this link: http://toolbar.netcraft.com/ TrustWatch Toolbar This free toolbar is also designed to protect against phishing, identity theft and internet fraud. It does real-time checks to let you know if a web site you are visiting has been verified by a legitimate third party organization, and if it is therefore safe to transmit your confidential personal information. It is the internet equivalent of a credit check. The TrustWatch Toolbar can be downloaded at this link: http://toolbar.trustwatch.com/ Stopzilla Anti-Spyware 5.0 STOPzilla works by detwecting and blocking Phishing Attacks, Popup Ads, Spyware, Adware and other malicious applications. It also provides hijack protection. Stopzilla can be downloaded at this link: http://www.stopzilla.com/ Spybot -- Search and Destroy This is a free Anti-Spyware application. An important feature of this application is that it will Write-protect your computer's HOSTS file, which is a primary target of phishers'spyware. Spybot can be downloaded at this link: http://www.safer-networking.org Webroot's Phish net Phish Net employs a dynamic blacklist to protect against phishing. The application stores your personal data such as credit card numbers, social security numbers, etc. When you visit a site and attempt to enter this information, a pop-up will alert you that it is not on your list of trusted sites, and will expose any redirects that the may be involved in the transmission of your data. It will also verify that the site has an encrypted connection before it transmits the data. Webroot's Phish net can be downloaded at this link: http://www.webroot.com/consumer/products/ Whitelists -- The Ultimate in Spam Protection Whitelists are quite possibly the single most effective form of spam protection available on the market today. They are as close as you can get to totally eliminating spam from your inbox. A whitelist is a database of trusted email addresses, IP addresses and domains. To build the list, each one of these trusted sources is manually added to the whitelist. Only email from a whitelisted source is delivered to the user's inbox. In fact, whitelists are so effective, that the catch-rate for spam is almost 100%. However, the efficiency of whitelists comes at a price, because it produces a large number of false positives. This means that a lot of legitimate email goes undelivered. To deal with this problem, a challenge-response technique is often instituted. When an email from an unknown source is received, the system will respond automatically, sending a "challenge" back to the sender. This challenge may require the sender to answer certain questions, or decipher an image that displays a series of letters and numbers. This image can only be deciphered by a human, and not by spamming software. Once this is successfully done, the email is allowed to go through the system to the inbox. The sender is also added to the whitelist. The challenge-response methodology uses a combination of human judgment and software technology to determine which email to let through and which to block. The advantage of this method is that it is not worth it to spammers to wade through all the challenge-response emails and respond to them. They are more likely to remove the email address from their lists and go after other addresses that do not have such requirements. However, the inconvenience of having to register to send email to the whitelist user may discourage legitimate email senders from following through. Another impractical aspect of whitelists arises when the email account user places an online order, registers for a newsletter or other service. Each of these new email sources must be manually added to the white list. If the user forgets to do this, or enters it incorrectly, important email may be blocked. Whitelists are far more effective than anti-spam filters, because the latter work by calculating the probability that if an email contains particular words, it is likely to be spam. However, spammers easily get around this feature simply by misspelling words, or by avoiding words associated with spam. For this reason, spam filters are usually only 80-90% successful. This may be acceptable on a personal account, but not on a business account that likely receives over a hundred emails a day. Whitelists are especially beneficial to businesses as they almost totally eliminate the waste of valuable time that would otherwise be spent wading through the hundreds of spam that are received each day. However, despite their effectiveness in blocking spam, whitelists have not gained widespread use because of the high rate of false positives. It is also virtually impossible for businesses to compile an exhaustive whitelist database of trusted email sources. The Next Generation of Spam: Image and PDF Spam As spam filters get increasingly effective, spammers are changing their tactics to foil anti-spam software and get through to your inbox. Recently, this has involved a shift from the use of text-based spam to the use of embedded images and PDF file attachments as the preffered delivery method for their spammy intrusions. Image Spam The prevalence of this form of spam increased in 2006, primarily as a means for advertising penny stocks. It involved the use of a picture or graphic embedded in the body of the junk email. The junk email's message is displayed as an image. Because most anti-spam filters are text-based, image spam was relatively successful. This led to its use in advertising everything from sexual enhancement to fake pharmaceuticals. One serious effect of image spam has had is to further clog up Internet bandwidth, and drive up costs to businesses. This is because the average size of each junk email almost doubled. In fact, this increased size and the sheer volume of image spam forced many businesses to block all emails that contained embedded or attached images. By early 2007, image spam reached an all-time high, accounting for almost two-thirds of all junk email. However, as spam filter technology has adapted to detect image spam, its use has since declined to less than 15% of all junk email. Instead, spammers are turning to PDF spam PDF Spam Spammers are increasingly using PDF files to bear their spam messages. The practice begun in mid-2007, primarily as a scam to fool recipients into investing their money in the stock of a particular company. With this type of spam, the junk email is sent out with a PDF file attachment, which most anti-spam filters cannot or do not read. These attachments range from rudimentary to professional-looking documents. The text in the body of the email is usually nonsensical gobbledygook that the spam-filter does not recognize as junk mail. For the spammer, the use of PDF files is advantageous because PDF files are so commonly used in the business world. In fact, several companies allow or even require their business email systems to deliver these documents to the recipient. This makes it very likely that this PDF spam will reach the user's inbox. The use of junk mail with PDF attachments takes up even more Internet bandwidth. This is because PDF files are generally much larger than the embedded pictures and graphics used in image spam. Image spam is typically in GIF format; PDF files are upto 3 times the size of these files. The upside to the use of image and PDF spam is that so far, there is no hard evidence that either one can be used to embed malicious software on the recipient's computer. The only harm is done to those who do what the message says. Spammers have also begun to experiment with attachments in different file types such as excel and zip files. The advent and decline of the different types of spam attest to the cat-and-mouse game that goes on between the spammers and the security experts. As anti-spam technology catches up to their techniques, they continue to innovate and change tactics to deliver their spam messages.






Peace Icon  InfoBank Intro | Main Page | Usenet Forums | Search The RockSite/The Web