Thursday, January 11, 2007

The Key To Beating Spam

By Coenraad De Beer

Unsolicited junk mail is one of the biggest problems faced by Internet users everyday. We have spam filters keeping spam out of our mailboxes, but these filters are far from perfect and many legitimate e-mails are filtered as spam because of this. So what exactly is the true key to beating spam?

Spammers have changed their tactics a lot over the last few years and the amount of spam circulating the Internet is rising at an alarming rate. The vast diversity of spam messages and different techniques used by spammers make it hard to identify spam accurately, whether it is a human being or a computer program doing the identification. Identifying spam will not have a direct impact on the amount of spam distributed each day, but over a long period of time it can make spam an ineffective method of marketing. Spammers continue to distribute unsolicited bulk e-mails because it works and they need active readers to make it work. If nobody read their e-mails anymore they will have no reason for wasting their time on unresponsive recipients, except for the lunatics who like sending junk e-mails for no reason at all.

Spammers link to remote images or JavaScript from within their e-mails to track their performance. These linked objects are loaded from a server each time a recipient opens one of their e-mails. They monitor the logs of these servers to see how many times the images or scripts were loaded, which will effectively give them a good indication of how many times their e-mails were opened. If they continue to see activity from these linked objects, they will continue sending spam. An e-mail client like Thunderbird can be configured to block remote images in e-mails. Images embedded into the e-mail or images sent as attachments, will still be displayed, because embedded and attached images cannot send tracking information to the sender. Blocking remote images will not cause any discomfort while reading legitimate e-mails, all remote images in a legitimate e-mail can easily be unblocked with the click of a button. Disabling JavaScript in your e-mail client is not a bad idea either, very few legitimate e-mails use JavaScript so you will not miss a thing by disabling it. In fact, it is anyway safer reading e-mails without the execution of JavaScript. By blocking images and disabling JavaScript you make it impossible for spammers to monitor the performance of their e-mails.

The main reason why spammers embed images into their e-mails instead of using text, is to bypass the spam filters. Certain phrases within the text of an e-mail may trigger a spam filter, but spam filters cannot read the contents of an image, so it is perfectly safe to put the text inside an image and embed the image into an e-mail. This worked for a while until spam filters started to flag these messages as spam. Spammers started to add random text from various books at the end of their e-mails to fool the spam filters. Spam filters cannot read the text of an e-mail in context with the rest of the e-mail, so e-mails containing an image and some senseless text at the end, may appear perfectly legitimate to most spam filters. Spammers also add CAN-SPAM banners and fake unsubscribe links in their e-mails to make it appear as legitimate and compliant with anti-spam legislation. Anyone can add a CAN-SPAM banner to an e-mail and the only purpose of the unsubscribe link is to confirm that your mailbox is active. You may believe that you will be removed from their list by clicking on the unsubscribe link, but that will only cause your e-mail address to be moved to their priority list and you will be exposed to even more spam.

Links in spam e-mails normally contain affiliate or tracking codes. The affiliate code will only be beneficial to the spammer if you buy something from the web site referred by the link. You should never buy anything from a web site referred by a spam e-mail, not even a well-known and trustworthy site. You always run the risk of becoming a victim of a phishing attack. Links containing tracking data may be linked to your e-mail address and can have the same effect as a fake unsubscribe link. Sophisticated spammers can create a unique link connected to the e-mail address of each e-mail they send out, so they can easily confirm that your e-mail account is active when you click on one of those links.

So what is the bottom line of all this? To battle spam effectively, you need to ignore it. But you can only ignore it if you are able to identify it. Identifying spam often means that you need to open the e-mail. Opening the e-mail may cause tracking information to be sent to a server (through remote images or JavaScript), informing the spammer that your mailbox is active or the information may be used to monitor the effectiveness of the e-mail. To prevent this tracking information from being sent you need to disable JavaScript and block remote images with your e-mail client. Links provided in these e-mails should never be trusted and you should never click on any of them.

Ignoring spam does not mean you should not report it. Ignoring spam simply means that you should not respond to the spam like the spammer would like you to do. Making spam less effective for the spammer and reporting it to the appropriate authorities is the crucial key to beating spam.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and educating users against online scams and malicious software. Cyber Top Cops is dedicated to fighting spam, do your part in the battle against spam and report it.

No comments: