Remote Anti Spam

Spam Prevention Tips #2

We can’t say it enough times. Sometimes we’re in such a hurry to complete the sign-up process that we don’t stop to read the warning signs. Personally, I can’t remember the last time I actually read the terms and conditions before clicking the submit button. However, it’s often the terms and conditions that determine whether or not you are going to receive marketing spam from this company at a later time or not.

Having said that, most reputable companies do conform to the industry standard of allowing registrants the option to opt-in or opt-out of their email subscriptions. In actual fact, the industry has been moving away from the opt-out method as an acceptable form of registration and now most services are requiring opt-in. Confused?

Well the key thing here is to remember to check for the tick boxes which either sign you up or sign you out of receiving emails from the company whose web site you are currently on. The trick is to carefully read the text next to the tick box as some will ask you if you wish to be added to their mailing list whereas others will ask you if you do NOT want to be added to their mailing list. To confuse you even more, sometimes the box will already be ticked and other times it will be empty. There is no standard convention, so you can’t just assume that it’s working in your favour.

Here at Remote Anti Spam we would like to see a situation where web sites agree to conform to a single form of sign up with a single approach understood by everybody. All forms should simply ask

• ‘Do you wish to receive our products newsletter?’ 

The options should simply be to tick either of the Yes or No boxes. The default option should be ‘No’ so that users have to opt-in to receive messages.  If the company wants to offer to send you carefully selected offers and news from their partners (i.e. other people’s spam) the wording should be as simple as

• ‘Would you be happy for us to pass on your email address to our partner companies?‘

Again the default option should be ‘No’. While it is unlikely, however, that this position is going to be arrived at anytime soon, we are writing this guide to advise Internet users to carefully read the wording before clicking that submit button. Remember that the definition of spam hinges on the fact that an unwanted message you receive is ‘unsolicited’. If you got the tick box wrong, i.e. if you misread the wording, or didn’t understand it, and selected the wrong option, you may have unwittingly opted-in to receive spam messages from that company. In that case, the message(s) you’re receiving are not technically spam, even if they are heavily encouraging you to buy non prescription, endurance delivering, erotic drugs from their online pharmacy in Hanoi.

No Comments » | Uncategorized | Permalink

Spam Prevention Tips #1

In the first of this 10 part series, we will be providing some advice about how to prevent your email address getting into the hands of spammers. Prevention is better than cure so it’s always a good idea to practice safe browsing online and get into some good habits early on to safeguard your privacy and identity online. 

Now we all like to receive a few funnies in our inbox from time to time. Photos, jokes, funny video clips or hilarious song mashups and even the odd good luck charm to give you a lift on a dull Friday afternoon. But did you know that forwarding these messages onto everyone in your address book is one of the best ways to guarantee your email address ends up on spam lists? Yes, it’s true.

The fact is that no amazing good luck will happen to you by sending that message to 15 people you love within the next 5 minutes, no matter how convincing the sender makes it sound, and don’t believe their promises that it happened to them. Yeah right! You are not going to win a free iPod by sending that viral marketing email to everybody you know who listens to music. This one is excellent actually because, who do you know that doesn’t listen to music? That email petition going around is not going to prove or change a single god dam thing! In fact, email petitions are probably the worst type of spam gathering email you can get yourself involved in (more on this later). And for the last time, it does not take guts to say Jesus! See, I just said it!

The sole purpose of these messages is to get you to send them on to everybody in your address book so that eventually, this huge great list of live and valid email addresses ends up with the spammers. Luckily, there is a way you can keep yourself and your friends out of most of these email spam traps – except for the email petition which, as mentioned before, is particularly nasty. If you really do feel compelled beyond rational rhyme or reason to forward that message on to everybody you know, then instead of adding all their names in the TO box, add them to the BCC box instead.

BCC means Blind Carbon Copy and what it does is hide the names and email addresses of everybody who is in that box. So you can forward your latest antivirus alert hoax onto all 200+ of your eager contacts safe in the knowledge that not only will they take immediate responsive action by promptly deleting your message for wasting their time, but also that they won’t secretly chastise you for exposing their email address to spam! Now, when you’ve added all your friends’ email addresses to the BCC box, just add your own in the TO box before clicking Send, as some email programmes don’t like to send messages without at least one address in the TO box. They think it looks like spam.

All well and good, but this advice doesn’t work with email petitions because people filling these out actually type their names and email addresses into the main part of the email message, known as the email body. Imagine how thankful spammers are when such messages, full of several thousands of self annotated email addresses, land in their inboxes. It’s Christmas come early. If the cause for which you’re petitioning is a just and worthy one, no doubt they will have a web site where you can go to sign their online petition or contribute in some other way. These online petitions will generally have safeguards to protect your identity and email address from being abused.

So the lesson learned today? Use the BCC field to send or forward jokes and amusing, non important stuff to your friends and contacts, if you really have to send them at all. They’ll thank you for it.

To put this into practice, why not send this article to your friends using the BCC field now. Let’s start to pread the word.

No Comments » | Uncategorized | Permalink

Microsoft and Google are facing renewed challenges in their fight against spammers who abuse their webmail services to send out spam. Earlier this year spammers successfully used bots (software that automatically signs up with online services) to break the CAPTCHA security systems at Hotmail and GMail. Once penetrated these bots proceed to create several accounts, and then use them to send high volumes of spam messages. Both Microsoft and Google responded by strengthening their CAPTCHA systems, but it seems that the spammers have found another way in.

We are all now familiar with CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the extra step we must all take when submitting almost any type of form on the web. The process involves entering the garbled, often illegible, text displayed on screen to prove that a human is completing the form and not a robot.

While it is relatively easy for humans to decipher the text on screen, computer bots find it much more difficult as the distortion of the text makes it difficult for them to identify the letters using their optical character recognition capabilities. However, in recent weeks it has emerged that Microsoft’s CAPTCHA has been breached by spammers again, and it has been suggested that spammers are getting it right between 10-15% of the time.

If spammers are successfully breaking CAPTCHA on huge services like Hotmail and GMail, who have the resources to implement the most secure techniques available, where does that leave the average webmaster who uses CAPTCHA to prevent the abuse of their contact forms, order processes or blog articles?

Well, some are suggesting that CAPTCHA in its current form is now rendered useless and just not viable anymore. Some industry experts are suggesting a wholesale switch to alternative forms of CAPTCHA, such as Microsoft’s Asirra image based format where users are required to identify  and distinguish between photos of cats and dogs.  Others, such as Terry Zink, are suggesting a second CAPTCHA challenge post sign up which would statistically reduce the overall success rate of the spammers’ bots.

Nobody quite yet has the perfect solution, and though many believe it’s just a game of cat and mouse, the anti spam industry continues to seek the most effective measures of preventing spam reaching our inboxes.

No Comments » | Uncategorized | Permalink

In a move that could have wide reaching implications in the anti spam effort, US state Nevada – famous for it’s ‘Sin City’ of Las Vegas – today becomes the first to require that all transmissions containing personal, identifiable information sent over the internet be encrypted. Key wording from the new law reads,

“NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.]

1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission”

At Remote Anti Spam, we believe that this is a bold and progressive move and will monitor developments there closely to see how it is enforced. Having said that, we acknowledge the massive headaches this will give small businesses in Nevada, as they must scramble to ensure compliance.

It is conceivable that many small businesses in Nevada will not have prepared and could find themselves breaking the new law from the outset on 1st October. It is unclear at this point how vigorously the Nevada state government will go after such small businesses, particularly in the period shortly after 1st October.

The state of Nevada originally passed this law in 2005 thus giving industry almost 3 years to prepare for today’s 1st October 2008 deadline. This law is designed, not specifically to prevent or filter spam, but as a move to protect citizens from identity theft, phishing and other similar crimes which can result in the leaking of personal private data over a public medium, such as the internet.

If other states observe and follow suit, we may be so bold as to speculate that we could see some sort of reduction in spam for that region as well as better digital protection for personal data on the internet.

Despite the inherent implication difficulties and the inevitable teething problems that will arise, we applaud Nevada for this pioneering and giant step forward.

Full details of the Nevada state law

No Comments » | Uncategorized | Permalink

Over the weekend it emerged that Google had performed a major deep crawl and updated PageRank (PR) data for sites in their index. Many webmasters seem to be as confused as ever as to why in particular their sites have seen PageRank increases or decreases, but one thing seems to be ringing a resounding bell across many SEO (Search Engine Optimisation) forums.

Webmasters in the SEO forum at Digital Point, for example, are expressing their surprise that sites which they spent considerable time optimising and promoting seem to have had their PR decreased while sites they relatively neglected saw PR go the other way.

Some webmasters are suggesting that the only possible reason for this is that Google could now be taking a dim view on the excessive promotion of websites using social bookmarking sites like Digg, Stumbleupon and Technorati.

Google may now be considering the over marketing of sites within these channels as attempts to spam their index in order to unfairly rank higher in search results. The search giant is constantly tweaking its algorithm in order to filter spam and ensure the integrity of its search results continues to remain the most relevant and most highly regarded in the industry.

Spam filtering measures such as this, if the claims are founded, are just another in a long line of major directional changes Google have implemented into their search engine results spam filter to prevent the poisoning of their index. In the past they have dropped the relevance of the keyword tag, penalised sites which enter into controversial link exchanges and, even developed measures (allegedly) to prevent spammers who create short term sites benefiting from high search result placements in order to sell their dubious spamvertised products (search engine poisoning). These are just a few.

If it is indeed true that Google have rewritten their algo to weed out social bookmarking spam, could this spell the end of the social bookmarking phenomena which has surged in popularity in just a few short years, heavily due to the popularity of the medium with SEO experts and webmasters?

We will be watching developments closely and welcome your comments in the meantime.

No Comments » | Uncategorized | Permalink

In his excellent anti spam blog, Terry Zink discusses measures that can be taken by the webmail giants such as GMail, Yahoo! Mail, and Hotmail to prevent the phenomenon of automated spam bots successfully breaking CAPTCHA to create new accounts and send spam from those services.

Zink rightly suggests that the industry needs to look into some sort of secondary measure to prevent this happening. After all, spammers only need to break CAPTCHA once to win, while service providers must constantly battle to lock them out. However, we feel that his suggestion of sending a link which needs to be clicked in order to complete the email account signup process is seriously flawed. While this may be the perfect solution for newsletters and mailing lists it would not be suitable for email accounts as it assumes too readily that the person signing up (assuming it is a real person) already has an email address at which to receive that link.

While many of us nowadays do actually have more than a handful of email addresses, it is important to remember that there is always a generation of new internet users (students, children at home, people in developing countries, etc) who are signing up to these services for the very first time.

In these cases, where could you possibly send them that authentication link? Anti spam measures must continue to prevent the successful delivery of spam to our inboxes, while minimising the inconvenience to real people. The cops and robbers analogy is perfect to explain this.

The robber can indiscriminately shoot and cause harm to achieve his purpose while the cop must attempt to apprehend the robber yet keep innocent members of the community safe (and relatively unrestricted) during his pursuit.

That’s the anti spam fight in a nutshell.

No Comments » | Uncategorized | Permalink

We didn’t have to think very hard about starting this blog. While we really want to concentrate our efforts in improving our spam filter and at the same time keep it affordable, we realised that we need to find better ways to connect with our clients, potential clients, and the general internet community at large.

Our product is a hosted spam filter service. What this means is that we do all the spam filtering for you. A quick and easy change to your domain means that your emails are redirected to our servers (presently in the UK, Europe and the United States) where they are checked for spam, phishing and viruses. Obvious spam is blocked and rejected immediately and stuff that we’re not sure about is marked (or ‘tagged’) as spam (not in the subject line but invisibly in the message ‘headers’) and forwarded on to your email server. Your email programme can read the invisible tag and redirect those that are tagged to your junk folder. We think our spam filtering service is the most simple to use and straight forward. You don’t have to install, configure or update anything.

Our spam filtering service is very simple but we think it’s very powerful at the same time. We are constantly working on new spam rules and looking for ways to catch more spam messages. We feel that for the small business, or consultant, or even the home user with their own domain, it’s the best value hosted anti spam service out there.

We intend to use this blog to keep you up to date with news on our developments and also inform you about the latest goings on in the anti spam industry. We will also use this blog to advise you on the latest techniques spammers are using to try and get to your inbox. Notice that we used the word “techniques” where others might use the word “threats”. We want to keep this as simple and straight forward as possible. Phishing and malware (software with malicious intentions) may pose serious concerns but we are just dealing with email here. We don’t want to scare you into a panic with words like “threats” and “attacks”. It’s important to keep a level head about this whole thing and we feel that through this blog and the information we can provide (or “arm”) you with, you’ll be better informed and better able to deal with spam as a whole.

Actually, that’s our job, isn’t it?

If you want to link to our blog so as to keep up-to-date with what we’re doing and stay informed with all the various ways to “combat” spam, you can subscribe to our feed using the links at the bottom of the page.

If you want to link to this blog from your web site please use the following code:

<a href=http://www.remoteantispam.com/blog>Spam Filter Talk</a>

No Comments » | Uncategorized | Permalink