Spam - The Graffiti of the Internet
How to stop spam in your inbox.
How Email Works
Network
Servers
Servers relay and store email messages. They act as the post office and your
personal mailbox.
- This is the best place for your spam filter if you have sufficient
control over the rules
Clients
Clients retrive email from the servers, display and organize messages email
messages. Many clients also store address book information and some store
your calendar information.
Protocols
- SMTP - Simple Mail Transfer
Protocol - What is used to send email (Client >>> Server). Why spam
is so easy to send.
- POP - Post Office Protocol
- Receive mail from the mail server (Server >>> Client). Mail is
normally moved from the server onto the client when you get your mail. Only
one folder: Inbox. Server-side spam filters can only mark the spam message.
- IMAP - Internet Mail Access
Protocol - Access mail from the server. Mail and folders are stored on the
server. Server-side spam filters can put the spam in a specific folder.
Headers
Received: (qmail 10764 invoked by alias); 11 Sep 2002 15:17:36 -0000
Delivered-To: alias-dan@eparklabs.com
Received: (qmail 10760 invoked from network); 11 Sep 2002 15:17:35 -0000
Received: from unknown (HELO pe300online.on-line.com) (205.170.23.251)
by m2.overhaulshop.com with SMTP; 11 Sep 2002 15:17:35 -0000
Received: from dc-mx11.cluster1.charter.net ([209.225.8.21])
by pe300online.on-line.com (Post.Office MTA v3.1.2
release (PO205-101c) ID# 0-33965U500L500S0) with ESMTP id AAA2440
for <estes@estes.on-line.com>; Wed, 11 Sep 2002 09:19:06 -0600
Received: from [24.240.237.131] (HELO eparklabs.com)
by dc-mx11.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9)
with ESMTP id 295584; Wed, 11 Sep 2002 11:19:42 -0400
Message-ID: <3D7F5F14.6080402@eparklabs.com>
Date: Wed, 11 Sep 2002 09:19:48 -0600
From: Dan Fitzpatrick <dan@eparklabs.com>
Organization: ePark Labs
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: estes@estes.on-line.com, announcements@epicug.org
Subject: EPICUG Meeting Tuesday Sept 17th - Microsoft SharePoint Technology
- An EPICUG Team Website
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Mailing-List: Estes.On-Line.Com
Reply-To: estes@estes.on-line.com
The body of the message is here...
All Header fields can be used for filtering.
About Spam
Where did the term "Spam" come from?
What is Spam?
Most of this section can be found at spam.abuse.net and mail-abuse.org in more detail.
"Spam is flooding the Internet with many copies of the same message, in an
attempt to force the message on people who would not otherwise choose to
receive it. Most spam is commercial advertising, often for dubious products,
get-rich-quick schemes, or quasi-legal services. Spam costs the sender very
little to send -- most of the costs are paid for by the recipient or the
carriers rather than by the sender..." Read more: http://spam.abuse.net/overview/whatisspam.shtml
"An electronic message is "spam" IF: (1) the recipient's personal identity
and context are irrelevant because the message is equally applicable to many
other potential recipients; AND (2) the recipient has not verifiably granted
deliberate, explicit, and still-revocable permission for it to be sent; AND
(3) the transmission and reception of the message appears to the recipient
to give a disproportionate benefit to the sender." Read more: http://mail-abuse.org/standard.html
How to avoid spam in the first place
- Don't click "Remove me from the list"
- If possible, turn your pictures off in email messages. Many image links
are used to track whether or not you opened the email message. This confirms
your identity (email address is valid) and it is used to test the effectiveness
of certain subject lines.
- Don't send it in the first place.
- Don't use the "Send this page to a friend" forms on web pages unless
they have a trustworthy privacy policy. These forms are used to collect email
addresses.
- Try to keep you email address off web pages or have them password-protected.
- Setup a second email address that you use for most info request forms.
This is your spam-catcher email address.
Client-side Spam Filtering
Client-side filter can be used if you only get a little bit of spam. You
can filter on "!!!" or certain keywords like "Viagra". The downside of this
method is that you will eventually build a huge filtering system and it only
works on your current client. Below are a few screenshots of email filters.
Outlook Express
Outlook
Mozilla/Netscape
Client-side Spam Pluggins
Many spam filter technologies can be deployed on both the server and the
client. Pluggins become a part of the email client application.
Sample SpamAssassin output. This has an amazing score of 41.3 (Only 5 points
are needed to be classified as spam.
SPAM: -------------------- Start SpamAssassin results ----------------------
SPAM: This mail is probably spam. The original message has been altered
SPAM: so you can recognise or block similar unwanted mail in future.
SPAM: See http://spamassassin.org/tag/ for more details.
SPAM:
SPAM: Content analysis details: (41.3 hits, 5 required)
SPAM: X_PRECEDENCE_REF (4.6 points) Found a X-Precedence-Ref header
SPAM: VERY_SUSP_CC_RECIPS (1.1 points) Cc: contains similar usernames at least 5 times
SPAM: PLING_PLING (0.8 points) Subject has lots of exclamation marks
SPAM: NO_REAL_NAME (0.5 points) From: does not include a real name
SPAM: FROM_ENDS_IN_NUMS (0.4 points) From: ends in numbers
SPAM: PLING (0.1 points) Subject has an exclamation mark
SPAM: VIAGRA (4.7 points) BODY: Plugs Viagra
SPAM: CLICK_BELOW (1.5 points) BODY: Asks you to click below
SPAM: BILL_1618 (4.6 points) BODY: Claims compliance with senate bill 1618
SPAM: HR_3113 (2.7 points) BODY: Mentions Spam law "H.R. 3113"
SPAM: UCE_MAIL_ACT (2.6 points) BODY: Mentions Spam Law "UCE-Mail Act"
SPAM: OPT_IN (2.1 points) BODY: Talks about opting in
SPAM: NO_COST (1.9 points) BODY: No such thing as a free lunch (3)
SPAM: EXCUSE_14 (0.4 points) BODY: Tells you how to stop further SPAM
SPAM: EXCUSE_10 (0.4 points) BODY: "if you do not wish to receive any more"
SPAM: EXCUSE_13 (0.1 points) BODY: Gives an excuse for why message was sent
SPAM: LINES_OF_YELLING (-0.0 points) BODY: A WHOLE LINE OF YELLING DETECTED
SPAM: REMOVE_PAGE (2.2 points) URI: URL of page called "remove"
SPAM: CLICK_HERE_LINK (0.8 points) BODY: Tells you to click on a URL
SPAM: BIG_FONT (2.1 points) BODY: FONT Size +2 and up or 3 and up
SPAM: FREQ_SPAM_PHRASE (2.4 points) Contains phrases frequently found in spam
SPAM: [score: 47, hits: bill title, cannot considered,]
SPAM: [click below, click here, considered spam, email]
SPAM: [from, enter your, for removal, from future,]
SPAM: [further mailings, further transmissions, iii]
SPAM: [passed, mailing list, may stopped, not wish,]
SPAM: [passed congress, please click, receive further,]
SPAM: [reply this, spam long, stopped cost, the]
SPAM: [internet, this email, this mail, this message,]
SPAM: [title iii, transmissions you, wish receive, you]
SPAM: [not, you sender, your email]
SPAM: SPAM_PHRASES_020 (2.1 points) spam-phrase score is over 20
SPAM: PORN_3 (0.5 points) Uses words and phrases which indicate porn (3)
SPAM: SUBJ_ALL_CAPS (-0.1 points) Subject is all capitals
SPAM: CTYPE_JUST_HTML (1.7 points) HTML-only mail, with no text version
SPAM: MSG_ID_ADDED_BY_MTA_3 (1.1 points) 'Message-Id' was added by a relay (3)
SPAM:
SPAM: -------------------- End of SpamAssassin results ---------------------
Message Body (I took out all the links and HTML):
Click Here to order VIAGRA-PROPECIA-MERIDIA-ZYBAN!!!
Click Here to order CELEBREX-RENOVA-VANIQA-VALTREX!!!
FDA APPROVED DRUGS THROUGH THE INTERNET!!!
LICENSED PHYSICIANS ONLINE!!!!
CLICK HERE
This email was sent to
you because your email is part of a targeted opt-in list. If you do not wish to
receive further mailings from this offer, please click below and enter your
email to remove your email from future offers.
****************************************************************
Anti-SPAM Policy Disclaimer: Under Bill s.1618 Title III passed by the 105th U.
S. Congress, mail cannot be considered spam as long as we include contact
information and a remove link for removal from this mailing list. If this e-mail
is unsolicited, please accept our apologies. Per the proposed H.R. 3113
Unsolicited Commercial Electronic Mail Act of 2000, further transmissions to you
by the sender may be stopped at NO COST to you
****************************************************************
Do Not Reply To This Message To Be Removed.
Easy Remove and contact: HERE
Server-side Marking
Many ISPs will mark messages that have a high probability of being spam.
You can then use your client to put spam in a certain folder (or the trash).
Server-side Filtering
Nearly all mail servers have native code or pluggins that can be used for
filtering spam. There are also "appliances" that sit between the mail server
and the Internet. Here are a few server options:
RBL (Realtime Blackhole List) Servers
These are servers that list domains and IP addresses that send spam.
Spam Filter Services
Spam filtering services are normally paid services that act as a middleman
in the email flow. Your email goes to its normal server. The spam filter
service then gets your mail off that server, filters it, and stores it on
the spam filter server. You then get your mail from the Spam blocking server.
Spam Filter Service Providers
- SpamCop.net - Filters mail
- CyberLynk
- Filters mail
- MailCircuit - New senders receive
an email asking them to confirm they are a real person. However, many spams
are sent from other people's email addresses.
There are many more service providers. Search Google for more. Many ISPs
now offer spam filtering. I use AT&T for dialup access while traveling
and they have their own spam filter.
Other Topics
Resources
Author:
Dan Fitzpatrick (dan@eparklabs.com)
Published: October 15, 2002