Spam Prevention Tips #5
If you are a webmaster or manage your own domain, one of the easiest things you can do quickly and cost effectively to reduce spam, is to stop using catchall email forwarding on your domain. Catchall mailboxes receive such high volumes of spam for two reasons;
1) Spammers take guesses at email addresses on your domain. They use dictionaries to prepend any word or name to your domain name as well as other methods where they employ clever tools to guess at other possibilities such as james.smith@yourdomain.com or jsmith@yourdomain.com. These tools can also generate countless other variations of an email address before then sending several thousand spam emails to your email server.
2) They also send spam messages to other people supposedly from guessed mailboxes on your domain. When these messages are bounced they end up coming back to your domain and if you keep catchall forwarding on, they ultimately arrive in your inbox. This technique is one of several forms of ‘backscatter`, a phenomenon which has been annoying and puzzling many email account owners for years.
Of course, the address the spammer tried to send a message to was probably also an invalid address, so this server may also bounce back the message, ensuring that the message continues to loop around causing endless backscatter. You can considerably reduce the amount of spam you receive by disabling catchall forwarding and thereby only receiving email sent directly to the addresses you have setup on your domain. A message sent to an address which you haven’t expressly setup is returned to the sender advising them that the address does not exist.
This is the correct functionality and prevents the increase and spread of spam.
Spam Prevention Tips #4
In the old days computer viruses were computer viruses and antivirus programs protected your computer against them. In that bygone era spam was spam and was filtered by anti spam filters and software. And never the twain did meet. Today, as spammers constantly conjure up more sophisticated and cunning schemes to get into our mailboxes and convince us to open their messages, the lines have become extremely fuzzy and the two forms have merged.
Spammers now send us spam containing viruses in order to infect our computers with their spam bots, the intention being to turn our computers into zombies which then send out more spam on their behalf, courtesy of you and me. It has indeed gone full circle. Spammers spam us with viruses which in turn spam us with more viruses. And so it continues ad infinitum.
In the latest of these techniques spammers have developed a new trick where their spam email appers to come from Microsoft, advising us of a new important Windows security update. By opening the attached .exe file we can supposedly quickly patch our computer and protect ourselves from the new Windows vulnerability. Not so. In fact, the .exe file contains the Win32/Haxdoor Trojan which proceeds to steal passwords and private details such as financial information and personal identifiable data, sending them to the criminal spam gangs. Christopher Budd, a spokesperson from the software giant responded by reminding users that the software giant never delivers Windows updates via email, these are only distributed through the Windows Update tool built into the Windows operating system itself.
“As a matter of company policy, Microsoft will never send you an executable attachment… If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof”
Remember the good old days when spam just tried to sell us anatomy enlarging pills or pump & dump stocks? How I long for those days again because now, spam has mutated. Today, spam is bent on infecting our computers and stealing from us. How times have changed for the worse!
Antivirus software always comes with a scheduler and usually these are set to update automatically straight out of the box. Yet some users actually turn this feature off, sometimes when troubleshooting an issue, and often forget to turn it back on. We can’t stress enough how important it is to keep your antivirus software updated, especially as a spam prevention measure.
So today’s lesson? Remember to keep your antivirus software updated, preferably opting for daily updates and at a time of day when you are likely to be using your computer. And crucially, don’t open attachments ending in .exe. Nobody really sends them anymore and most email programmes won’t even let us attach them meaning that if you get one, it’s unlikely that a real person has sent it. Even if it appears to have been sent by somebody you know, delete it without opening it. Don’t say we didn’t warn you!
One of the Internets biggest spam gangs has been indicted by the US Federal Trade Commission (FTC) and the New Zealand government in an action anticipated to have far reaching implications for spammers around the world. Internet anti spam authority Spamhaus reports,
“The #1 worst spam gang on the Internet for much of 2007 and 2008, and active since at least 2005, has been indicted by the US Federal Trade Commission (FTC) in conjunction with simultaneous charges in New Zealand and possibly Australia & India”
In a preliminary action on Tuesday, the FTC succeeded in convincing a US district court to freeze the assets of the group, known collectively within the anti spam industry as HerbalKing, and order them to shut down operations immediately. It is reported that the group had sent billions of spam email messages over the past 2 years on subjects ranging from replica jewelry, to fraudulent slimming pills and penile enlargement products, just to name a few. In ordering that HerbalKing cease their operations immediately the court may have succeeded in immediately and significantly reducing the levels of spam circulating on the Internet.
This is a huge victory for the anti spam effort and for the Internet community at large. However, it is feared that HerbalKing may have invested its assets in offshore bank accounts, thus effectively cancelling out any effect of a freeze on their assets in the USA.
As this is an early phase in the civil action, penalties and/or fines will not be handed down until much further in the case but, at Remote Anti Spam, we’re hoping that the US court in Illinois takes this opportunity to make a serious statement and show a committed intent to bringing down spam rings wherever they operate.
Spam Prevention Tips #3
One of the most effective techniques spammers use to gather email addresses is to scan the Internet with programs called spiders (or bots). These spiders crawl the Internet looking for email addresses on web pages and online services. We all use Internet services on a regular basis and very often find that we’re required to sign up with an email address to gain access to a service we want to use. The problem is that some of these services then publicise our email addresses for others on the Internet to see. Why not give this a quick test; search for your email address in Google and If it turns up anywhere, then you can be pretty certain that spammers have already scanned that web site and retrieved your email address. Whether you’re a webmater that has your email address on your web site or in whois, or a normal web user with an account on facebook, myspace or linkedin, the chances of your email address being published somewhere is very high.
So what can you do about this? Well if you’re a webmaster you have a little bit more control than the normal web user as you’re able to make changes on your web sites. Some social networking sites are now employing techniques to protect their members’ email addresses, while others are dragging their heels to do so.Even if your social networking sservice doesn’t provide any protection technique, most do atleast allow you to set your email address as private so that only people you have accepted as friends can see it. You should be able to find this option in your account settings.
One of the methods being used more widely now is email address image conversion. This involves converting your email address into an image file such as a jpg or gif and uploading it to your web sites. The automated robots that spammers use to crawl the internet for addresses can’t read the text on image files very easily (at the moment) and this means that they won’t see your email address sites they crawl. Take a look at the following example,
The example above for the address you@yourdomain.com was generated by SafeMail which goes one step further, providing you with automatically generated links which allow you to paste the image code straight into your web page. The best thing about this technique is the simplicty of it. There are now several web sites available to do this automatically for you. We have suggested our favourite for you below.
SafeMail makes it very simple to convert your email address in seconds and then download the resultant image file. SafeMail carries a declaration that they will not abuse your email address.
Just to ensure that your email address will be safe with this serviceswe tested it with a specially created email address and monitored it for 2 weeks to see if it received any spam. After all, you’re giving your email address to these sites to convert it to an image, who is to say they won’t store it and send you spam? We didn’t receive any spam in the 2 week test and are pretty sure (at the time of writing) that your address will be safe with SafeMail. If this changes, we will let you know.
It is emerging that spammers are increasingly using zombified computers (machines that are infected with Trojan software which allows them to be controlled by the virus author) to distribute spam containing malware such as viruses, Trojans and phishing scams. The malware is usually compressed into a .zip or .rar file, sometimes password protected, as many antivirus filters are set to not reject encrypted archives (i.e. zip files with passwords). A password is often sent with the message and this can trick users as they believe password protected .zip files are more likely to be genuinely from a business contact.
Another technique being used by spammers is that of embedding malicious code within the HTML source of some email messages so that the code is run when the email opens.
Security experts have also identified a rapidly increasing trend in phishing scams exploiting the current global financial turmoil. Phishing scammers are sending messages appearing to provide advice or services able to assist people with concerns over their mortgages, savings and investments.
Some sources have reported that there has been a 101% increase in the number of zombified computers sending spam in the last month, possibly a sign that spammers are realising an opportunity to benefit from the current financial crisis affecting everybody.
Here at Remote Anti Spam we are working closely with our partners and developing new rules and techniques to detect and block this surge in spam and malicious content. In the meantime we encourage our customers and all email users to exercise caution when receiving messages from people they are not familiar with, especially if those messages contain .zip or .rar files (whether password protected or not).
Crucially, users should also ensure that their antivirus software is up-to-date with the very latest definitions and antivirus software engines.