MailWasher PRO, Spam Filter and Spam Reporting Tool

If you are one of those people who often report spam to anti-spam organisations like SpamCop, KnuJon and Cyber Top Cops, I bet you always wished you had a tool that can combat spam and report it to anti-spam organisations at the same time. Well, you can stop wishing because such a tool has been available for quite some time now and it is called MailWasher PRO. In this article I will give step by step instructions on how to use MailWasher and how to configure it so that you can filter and report spam more efficiently.

MailWasher has quite a unique approach to spam filtering, by getting rid of your spam before you download it with your e-mail client. This saves bandwidth and the time of scanning through the multitude of junk in your inbox to find your good e-mails. Most e-mail clients already have a built-in spam filter (like Mozilla Thunderbird and Microsoft Outlook), but MailWasher does not attempt to replace these built-in spam filters, but rather complement them. You should see MailWasher as your first line of defence against spam and your e-mail client's built-in spam filter as a backup for the spam that got past MailWasher.

Where do I get MailWasher? Visit Firetrust.com and download the 30 day trial version of MailWasher PRO. There is also a free version available, but you can only use it with one e-mail account, you won't have a recycle bin for your deleted e-mails and the preview pane is very limited. If these limitations do not bother you, I recommend you download the free version.

Now how does MailWasher work? It is really simple, you open MailWasher before opening your e-mail client, let MailWasher check your e-mails, tell MailWasher which ones are spam and which ones are good and finally, click on the Wash Mail button and let MailWasher do the rest. After “washing” your e-mails, open your e-mail client and download your e-mails from your spam-free e-mail account.

So how exactly do you tell MailWasher which e-mails are good and which ones are bad? Well, each e-mail has a thumbs-up and a thumbs-down icon next to it. If you click the thumbs-up icon, MailWasher will identify the e-mail as good mail and if you click the thumbs-down icon, MailWasher will identify the e-mail as spam. Over time, MailWasher will get better at classifying your e-mails correctly, so you won't have to train MailWasher all the time. If you are not following what I am saying, watch the 60 second MailWasher PRO, quick start video.

One way of improving MailWasher without doing any manual training, is by setting up custom filters under the Spam Tool Settings. To do this follow these steps:

1. Click on Settings.
2. Click on Spam Tools.
3. Click on Filters.
4. Click on Add Filter.
5. Give your filter a name, for example avast! Spam Filter, you may leave the Description field empty.
6. Make sure Filter Type, is set to Spam and that the sentence under Rules reads: Apply filter to e-mails that match Any of the following rules.
7. Click on Add Rule.
8. Change Entire message to 'Subject'.
9. Enter the text *** SPAM *** in the text input box.
10. Click on the Save button at the bottom of the window.

This filter will work great with the anti-spam component of avast! Internet Security. avast! also uses the tag *** PHISHING *** for phishing e-mails, so you can add a second rule by repeating steps 7 – 9 above, and adding the text *** PHISHING *** instead of *** SPAM ***. This should work with any spam filter that modifies the Subject of identified spam e-mails, you just need to change the text, specified in step 8, to the appropriate tag added by your spam filter. For example Kaspersky Internet Security adds the text [!!Spam] to the subject line when it identifies an e-mail as spam, so if you are using Kaspersky Internet Security, replace *** SPAM *** in step 9, with [!!Spam].

This does not necessarily have to correspond to a specific spam tag added by a spam filter, you can also add filters for words found in the subject line, commonly associated with spam, for example: Enlargement, Supplement, Pharmacy, Congratulations, etc. You can even add a couple of other words, that's not appropriate for me to mention in this article, but I think you know what I mean. This will keep vulgar and inappropriate e-mails out of your mailbox and MailWasher will mark them as spam automatically. The possibilities with these custom filters are endless.

The other great thing about MailWasher is its Spam Reporting Tool. That's right you can report spam to SpamCop, KnuJon and Cyber Top Cops all at once. To set up a spam reporting service, follow these steps:

1. Click on Settings.
2. Click on Spam Tools.
3. Click on Spam Reporting.
4. The SpamCop service will already be created, so double-click it to open its settings.
5. Replace the text in the Email to field with your own SpamCop reporting e-mail address. It should be in the format submit.SPAMCOPID@spam.spamcop.net. Replace SPAMCOPID with your unique SpamCop ID.
6. Choose the e-mail account through which MailWasher must send the report.
7. Choose the colour of the report service. This is the colour of the icon that will appear next to the e-mail under the Reporting column.
8. Choose a letter of the alphabet to identify the spam reporting service easily. The letter 's' will already be assigned to the SpamCop Service.
9. Click on the Save button at the bottom of the window.
10. Click on Add Service.
11. Type Cyber Top Cops next to Service name.
12. Type spam@cybertopcops.com next to the Email to field.
13. Leave Email content blank.
14. Repeat steps 6 – 9. Choose the letter 'c' in step 8.
15. Repeat step 10 – 14. Choose the letter 'k' in step 8. Instead of Cyber Top Cops in step 11, type KnuJon and instead of spam@cybertopcops.com in step 12, type KNUJON@COLDRAIN.NET or your unique KnuJon reporting e-mail address.

Now you are properly equipped for the battle against spam, without breaking a sweat. All you need to do now is to mark the appropriate spam reporting services before clicking on Wash Mail. To do this go back to your Inbox in MailWasher, right-click on the column bar with the different headings and select Reporting from the list. When you mark an e-mail as spam, also click on the reporting service icons under the Reporting column. If you followed my instructions correctly you will have 3 icons next to each spam e-mail, where each icon correspond to the colour and letter your chose in steps 7 and 8 above.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, analysers of security software and raising awareness about spam and malicious software.

How Did They Get My E-Mail Address?

Unsolicited commercial e-mail, more commonly known as spam, can be seen as another form of e-mail fraud. Spammers use clever and misleading techniques to collect and verify e-mail addresses, yes, that 'innocent' spam e-mail, advertising the next technological breakthrough, uses misleading marketing techniques to entice the reader to click on a link, buy a bunch of junk or some dangerous substance or even infect your PC with malware. No matter what the spam e-mail is trying to market, the only goal of the spammer, aside from making money, is to take the recipient for a ride.

The most frequently asked question from spam victims is: "How did they get my e-mail address?" This clearly shows that most victims of spam don't have a clue about preventing it. Knowledge about the techniques used by spammers to collect e-mail addresses is crucial, because this gives the e-mail user an edge in the war against spam. In this article we will look at the e-mail harvesting methods used by spammers and the precautions you can take to prevent your e-mail address from falling into the wrong hands.

Using a Secondary E-mail Address to Limit Exposure to Spam
Before we get to the nitty-gritty details of this article, lets look at a very useful method of preventing spam. Using a secondary e-mail address is a very effective method of keeping your primary e-mail address private. I recommend a free e-mail service like Gmail, Hotmail or Yahoo! Many websites demand an e-mail address in exchange for something else, or you often need to supply your e-mail address to activate an account or membership. This is where a secondary e-mail address comes in very handy. Just remember, the idea behind a secondary e-mail address is not to expose it to spam unnecessarily, but to use it in circumstances where you have concerns about your privacy or possible exposure to spam.

Chain Letters, Petition Lists and Hoaxes
Oh yes, those very popular chain letters and petition-lists being forwarded so vigorously by friends and family. That 'innocent' e-mail about some missing or sick child no one ever heard of, the warning of a syndicate, drugging people and removing their kidneys, yet it is never mentioned in the news media and you can't help to think that you have seen this e-mail before. What about the Osama Bin Laden virus destroying your hard disk, Mars coming to large view every 60,000 years, yet an e-mail about this event is distributed each and every year, or the one from Microsoft or AOL donating money to an non-existent fund of a non-existent cancer patient, each time the e-mail gets forwarded to 3 different people. These e-mails may seem innocent, some may contain a lovely message, some may even be true, but whatever the case, it should NOT be simply forwarded to everyone you know and neither should you encourage the recipients to forward it to all their friends and family as well.

The main problem with chain letters is the exposure of e-mail addresses along the line. E-mail clients often place the Subject, Date, From and To entries from the e-mail header in the body of the e-mail when you forward it inline. Forwarding the e-mail as an attachment, forwards the full header and not just the entries mentioned above. This procedure is repeated each time someone forwards the e-mail to someone else, resulting in pile of e-mail addresses building up in the body of the e-mail. Very few people remove this information before forwarding the e-mail, so you will be able to see the e-mail addresses of many other people who received the stupid e-mail as well. A chain letter, forwarded as an attachment each time, delivers more or less the same result as explained above, the only difference is that the recipient has to open attachment after attachment several times before getting to the original e-mail (which can be quite annoying).

A chain letter will be passed along the line and will definitely land in the mailbox of someone you never met and probably never will meet. Even if you send the chain letter to trustworthy people alone, you can never be sure where their friends and family will send the e-mail, so your e-mail address may land in the hands of a spammer or someone who sells e-mail addresses to the spammers.

Online Forums, Discussion Groups and Community Sites
419 scammers love to browse social networking sites in search of possible victims. Making your e-mail address public on the Internet will expose you to all kinds of Internet criminals. Spam bots crawl the web in search of e-mail addresses posted by unwary Internet users on forums and other community sites. Whenever you register on one of these sites, use your secondary e-mail address to sign up. Your e-mail address is normally required to activate your account, to receive notifications when people send you private messages or when someone replies to a post you made. However you won't really need these e-mail notifications if you visit the site regularly, so a secondary e-mail address will do fine when this is the case, because you will basically use it only to activate your account.

Contact Pages and Web Forms
There will always be scenarios where you need to publish your contact details online if you wish to stay in touch with your visitors or customers. Contact pages of websites will often contain an e-mail address. A Webmaster will always try to make the contact page as accessible as possible to his visitors, so a spam bot will not have any difficulty finding this page. This means the e-mail addresses on these pages are always sitting ducks for spam harvesting software. There are a couple of ways to protect your e-mail address if you need to make it available to the public.

One way is to embed the e-mail address in an image. A simple program like Microsoft Paint can be used to create the image. You can even make the image blend into the text of the page by saving it as a GIF or PNG and making the background transparent by using Microsoft Photo Editor. It is advisable to use a font that's easy to read to the human eye but hard to read for OCR (optical character recognition) software. OCR software will have problems reading an image when the characters appear faded, if they contain indistinct edges, if they are aligned at different angles, if the lines of text are wavering up and down across the image or if they appear to be dipping at the side of the image.

Another method of protecting your e-mail address from spam bots is to 'encode' it with a random format that's clear to humans but not to computers. You can 'encode' it by breaking the e-mail address up with spaces and spelling the special characters out with words, for example johndoe at example dot com. You can also use random substitutes for special characters and provide instructions in brackets, for example johndoe$example?com (replace the dollar sign with an at and the question mark with a dot). Another technique is to spell your e-mail address backwards, most people will realise that they will need to reverse the e-mail address before using it, for instance moc.elpmaxe@eodnhoj. You can even swap the special characters, for example johndoe.example@com (swap the at and dot characters). The possibilities are endless, so use your own creative 'encoding' methods, as long as it makes sense to humans. You may argue that there is no need to provide decoding instructions, because people with a bit of technical savvy will be able to decode it anyway. This will automatically exclude those dumb scammers who can't tell the difference between Western Union and Western Onion.

Webmasters can use a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to protect their web forms from being bombarded with spam. Many webmasters avoid CAPTCHA to make their websites more user-friendly, but a small loss in user-friendliness is nothing compared to the burden of filtering through all those spam submissions. However CAPTCHA is a must when the information submitted through a form is published on a site without any moderation.

Online Recruitment Sites
Yet another example of where it is critical to publish proper contact details, because a job seeker will always want a prospective employer to reach him or her without any troubles. The only problem is you need to disclose quite a lot of information in your CV in order to clear up any suspicions an employer might have. If you choose to omit critical information from your CV, you might just miss out on a great job opportunity.

Luckily online recruitment is quite expensive for the employer, something the online scammer often avoids. The online scammer will most of the times be on the lookout for cheap and free services. Some online recruitment agencies have specific criteria for employers before allowing them to browse CV's or post ads. For instance certain agencies demand a landline number from the employer, mobile numbers are not accepted. We all know that it is much easier to obtain a disposable cell phone than a landline and confirming the personal details of a disposable cell phone owner is much harder than tracking down the owner of a registered landline. Still these precautions are very limited and can easily be circumvented by more advanced scammers.

The bottom line is, your e-mail address and most probably other contact details will be exposed to various prospective employers. Spam bots won't be able to crawl the databases because they are password protected. It is very unlikely, but not totally impossible, to find a spammer going manually through each CV, recording the e-mail address of each job seeker in order to build a mailing list for spamming purposes.

Your best defence against online scams, while using an online recruitment agency, is a vigilant eye. You need to spot the scam before it catches you. Your contact details are exposed, so be ready for a dodgy proposition or two.

Replying to 419 Scammers
Many people get so sick of advance fee fraud e-mails that they reply to a scammer out of anger, to insult him, to insult his mother or just to tell him where he can shove his phoney e-mail. This is the last thing you should do when you receive a fraudulent e-mail. If the 419 scammers can't steal your money, they will sell your e-mail address to the spammers to make at least a buck or two out of the deal. So no matter how you look at it, you will always loose something if you reply to a 419 scammer, unless you are a scambaiter off course.

Responding to Commercial Spam
This is perhaps one of the most overlooked ways of loosing your e-mail address. Clicking on that strange link in a spammy e-mail, filling out that mortgage application form or un-subscribing to something you never signed up for, will most certainly get you on a spammer's list. Why am I saying this? Ever saw one of those spam e-mails sent to several recipients, but each e-mail address starts with more or less the same characters and it is only the last couple of characters or digits of each e-mail address that's different? It is a primitive technique similar to the one we used to made prank calls when we were kids. You dial a random number, do the prank and hang up. Then you only increment the last digit of the previous number until you find another number that's working and do the prank again. When the last digit reaches zero, you start incrementing the second last digit and when the second last digit reaches zero, you move on the third last digit, repeating the process until you're tired of making prank calls.

It's really a shot in the dark and your e-mail address is not really on a spammer's list, it is merely on a sample list generated by a computer program. Each e-mail address on the sample list needs to be confirmed before adding it to a priority spam list. Clicking on a link in a spam e-mail will give an indication to the spammer that your e-mail address is active and that you are responding to his or her e-mails. This makes you a much more promising target in the eyes of a spammer. So whatever you do, don't click on any links or follow any instructions given to you in a spam e-mail, unless you enjoy receiving spam.

Conclusion
This is not an exhaustive list, there may be many other causes of spam, but these are the most common reasons why you are getting all those junk e-mails in your inbox. Be my guest, open a new e-mail account and avoid all the pitfalls discussed in this article and you will discover that it is possible to live in a spam free world.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about online scams and malicious software.

Spam - Report it or Prevent it?

It has been quite a while since my last article and I apologise for the long delay. I devoted most of my time during November and the first couple of weeks in December to research and the blog unfortunately got neglected. I then took a break for a week to spend time with friends and family during the festive season. (I'm not a cyborg and even cyber cops need to take a break so once in a while). The only thing I regret is that I did not download any e-mails during this time, so you can expect I had quite a lot of e-mails in my inbox (the majority was spam anyway). 2007 has come to an end and 2008 lays ahead of us. Looking at all the security related articles since the start of 2008, I get the idea that the cyber security industry is preparing for one rough ride in terms of computer security in 2008. But enough about that, let's get to this week's article and the first one of 2008.

---

One Sunday on my way to church, I noticed that one of the cars parked in front of the church still had its headlights on. I was about to go to the consistory to ask someone to announce it, when my mother told me not to bother, because she reckoned many people will see it and eventually report it. I decided not to take my mother’s advice and reported it anyway. However it was not announced before the sermon started, so I guessed they already informed the owner about it. When the sermon was over I was really disappointed to find out that the owner was not informed and that the car actually belonged to an elderly couple. Of course, all their attempts to get the car running were in vain, the battery was completely dead.

Apparently I was the only one who reported this incident. I find it hard to believe that no one else saw this car, because its bright headlights were shining in the direction of the street where most people could see it, in fact many other members of our church had to pass this car just like I did. But what does this have to do with spam? I will explain in a moment.

Reporting several spam e-mails a day, without a single response from a service provider, host or registrar can be demoralising to say the least. People who report spam on a regular basis will probably agree with me. It can become so demoralising that you find it hard to see any sense in reporting spam to anyone. The lack of cooperation from the responsible parties, gives us a damn good excuse not to report spam, now doesn’t it? Sorry to blow your bubble, but that it is a lame excuse for not reporting spam.

Spam reporting is only one side of the coin. We also need to prevent spam. Spam can prevented in many ways. Protecting your e-mail address from unnecessary exposure should be your first priority when it comes to personal spam prevention and secondly you need to protect your computer with anti-malware software and a firewall to prevent your computer from becoming a spam-relaying zombie. A good junk mail filter can be added to your defence, to make it easier to manage all the unsolicited e-mails pouring into your mailbox. The spam you report are used in various ways, depending on who you report it to. Some anti-spam organisations use it to close spammer websites and the internet access accounts of known spammers, some use it to improve anti-spam software, some use it for anti-spam research to find better ways of preventing it and some organisations use spam reports for all the aforementioned reasons.

I know some individuals who are so passionate about fighting spam that they will even report other people’s spam for them. Many people feel that this is not a good idea, because of various reasons, one of them being the fact that only the original recipient can tell what is spam and what is not, because only you know what you signed up for and what not. Then again, this is not totally true. There may be merit in this argument, but it is not that hard to distinguish unsolicited commercial e-mails from legitimate opt-in e-mails. I know that some unethical companies are not always willing to remove your e-mail address from their database, which turns an opt-in e-mail into an unwanted e-mail, in other words SPAM! That being said, I still feel that it is quite easy to spot an unsolicited junk e-mail these days.

Some people feel that when you report spam without benefiting directly from it, you do it for altruistic reasons only. My personal opinion is that this is a bad overgeneralization of loyal spam reporters who report spam to see justice being served. Crime statistics at the end of a year often reveal a rise or decline, but a decline in child abuse for instance does not necessarily mean that less children were abused during the past year, what about all the child abuse incidents that were never reported? The same is true for spam, a decline in spam reports during a certain period does not necessarily mean that spammers sent less spam during that period. People need to be aware of the problem of spam and people need to understand how big it really is. In order to raise awareness about a problem, it needs to be reported, so that it can be accurately measured. I think our current awareness about the spam problem is only the tip of the iceberg.

Reporting spam will not make your spam disappear overnight and if anyone told you that they can take away your spam, then they are lying. Spam filters do not stop spam from being sent, they only stop it from being delivered and spammers will always find a way to circumvent your defence systems. The fact that you are receiving spam already puts you in a catch-22 situation. An active e-mail address is a commodity in the spam industry and your e-mail address can be sold to several spammers worldwide. Once a spammer gets shut down, he either sells his e-mail database to other spammers or he finds a new ISP to distribute spam once again. The cycle repeats itself time and again and it is likely that your e-mail address may land in the hands of a spammer operating from a spam haven (in other words a country where there is no anti-spam laws). The only way to solve your spam problem completely, is to put all the spammers who have your e-mail address in jail, destroy these databases before they get distributed to other spammers and shut down the botnets distributing the spam. A single botnet may consist of thousands of infected computers, scattered all over the globe, so you can see it is quite a feat to accomplish.

I recently read about an incident where a Russian registrar claimed they couldn’t take any action against a spam-relaying zombie, because their legislation does not provide any means by which they can act against the offending party. I’m not up to par with Russian anti-spam legislation, so I’m not sure if they were telling the truth, but nothing stops them from prohibiting spam and malware distribution through an Acceptable Use Policy. But what if a company does not worry about people abusing their networks? You will obviously need a higher level of authority to force them to take action against the perpetrators and in order to do that you need proper anti-spam laws.

Anti-malware developers can’t keep up with the rapid evolution of malware. This means more computers get infected much faster, resulting in large botnets being created on the fly, ready to distribute spam in next to no time. Malware infected computers are one of the biggest sources of spam, so if anti-malware companies are finding it hard to stay ahead from the malware creators, then think for yourself how hard it is to keep spam distribution in control, yes in control, we are not even speaking of eliminating it.

So what does the story of the elderly couple with the flat battery have to do with spam reporting. First of all, if we all have the attitude that someone else will report spam, then we will never get even close to solving the problem. Secondly, registrars and ISPs should stop hiding behind a bunch of lame excuses, they should stop ignoring spam reports and start taking action against the offenders. The registrars and ISPs who fail to take action against the spammers are like the minister who failed to announce the registration number of the car that was parked in front of the church, with its headlights still burning. If things continue like this we will have a flat Internet overloaded by a bunch of unsolicited junk.

In my next article I will discuss some of the most common causes of spam and steps that can be taken to prevent spam 'contamination'.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud, raising awareness about spam and assisting users in the removal of malicious software.

Fighting Spam - Is It A Loosing Battle?

By Coenraad De Beer

A loyal reporter of spam asked me the other day whether we are fighting a loosing battle against spam. He goes out of his way to report several spam e-mails every day, not the normal routine of spotting a spam e-mail and forwarding it, no this guy did his homework before he went out on a crusade to battle spam. Because I know what hard work it is to take action against spam, I can understand why he asked this question. After a hard day of fighting spam, you come to the conclusion that all your attempts are in vain. Abuse departments never reply to your reports and the volumes of spam hitting your mailbox seem to magically increase as you report more spam. So you are left with only one unanswered question, are we fighting a loosing battle?

In June this year, Neo from WebProWorld started a very interesting discussion on spam. Although his post mainly revolved around forum spam, he did touch a very actual topic. Spam is not only limited to one medium only, spam is a much bigger problem than most people realise. We have to deal with forum spam, search engine spam, e-mail form spam, guest book spam (for those who still use guest books on their websites), article spam (yes article syndication can also turn into annoying spam), IRC spam, blog spam, comment spam, ebook spam, affiliate network spam, mobile phone spam, and of course the infamous unsolicited junk e-mails. I am sure I missed a couple, but I think you get the picture, spam has infiltrated almost every digital form of communication. No wonder people become pessimistic about fighting spam.

Some interesting reasoning came to light during this discussion on WebProWorld. One thing that sticks out its head in every discussion about spam is the apathetic approach towards spam. The attitude of "spam has always been a problem and will always be, live with it, accept the problem, you cannot change it, nor can you fix it". There is no merit in any of these statements, so lets take a closer look at them and I will show you why. "Spam has always been a problem". Really? Spam started to become a problem when people discovered its marketing potential. Spam wasn't a problem in the early days of the Web, we allowed it to become a problem by accepting the problem. Yes people got punished back then, but the spam volumes increased so much that it became impossible to punish every single spammer. Companies seem to be more concerned about treating the symptoms (with spam filters) than attacking the root of the problem. The right statement would be: "Spam has always been allowed to be a problem."

"Spam will always be a problem". Do we know for certain? Spam may eventually cause the collapse of the e-mail communication system and how do something remain a problem if the infrastructure is gone? If you believe that spam will always be a problem, then you obviously believe that whatever replaces e-mail will also fall victim to spam. Probably, but the creators of a new communication infrastructure will be complete idiots if they allow history to repeat itself. Spam has become a problem because of crippling legislation and in certain cases a total lack of legislation. How can we battle spam if legislation allows spammers to spam you until you tell them to stop? Its like allowing murderers to kill you until you tell them to stop. Can you see how ridiculous our current spam legislation is, spam will always be a problem, as long as we allow useless laws to regulate it.

"Live with it, accept the problem, you cannot change spam, nor can you fix it". People change, they adapt to their environment. Our kids are growing up with spam, so it will have a far smaller effect on them than it had on us. Those of us who grew up with commercials and ads displayed during our favourite TV shows, have developed a kind of blindness to these ads. Our children will also develop spam blindness over time, they will not respond to spam as easily as we do. It is a matter of education and removing the ignorance. Spam only works because people continue to respond to them. According to an article by Michael Specter, "Damn Spam - The losing war on junk e-mail", spammers usually need to send a million e-mails to get fifteen positive responses, for the average direct-mail campaign, the response rate is three thousand per million. With a response rate as little as that you can easily see where spam could be heading if we can limit the response rate to zero. There will be no sense in sending spam anymore. People need to realise what is counted as a response and what they can do to limit accidental responses. Yes, simply by opening the e-mail already counts as a response in many cases.

Should we accept spam, should we live with it? Well you can easily ask, should we accept serious crimes like murder, rape and armed robbery? Just think what would happen if we had the same attitude towards these wrongdoings, crimes forbidden by civil law. What is civil law, it is actually common sense. We know it is wrong to steal money from someone else, but we are willing to live with a system where it is acceptable for other people to waste our money. That is exactly what spam is. Conventional advertising demands an investment from the advertiser, making it an unattractive medium for cheap unsolicited bulk advertising. However in the case of spam, the consumer ends up paying for the advertising. Some spammers do not even pay a penny for sending these batches of spam, they have bot networks doing the work for them. These bot networks consist of consumer PC's infected with malware. The one consumer (the sender) unknowingly pays to send the spam and the other consumer (the recipient) unknowingly pays to receive the spam. So the consumer coughs up on both sides of the channel.

Brad Taylor, Gmail anti-spam engineer, sees the battle against spam as a war. One side eventually gets tired and anti-spam authorities cannot allow themselves to get tired in this struggle against spam. Sometimes the spammers get tired of trying to fool the spam filters and eventually give up, but only for a short space of time. During this rest period they regroup to find a loophole in the filtering system. Once they discover a way around it, they start spamming again. Stock market spam is a classic example of this roller coaster ride. Stock market spam was quiet for some time and suddenly they started popping up like weed via PDF attachments. Spammers will always try to circumvent the system. Does this mean we should give up trying to beat them at their own game? Absolutely no, spammers annoy us with their unsolicited junk, so if we have means to our disposal to annoy them too, why not use it? The war against spam is far from over, the battle against spam is far from lost, I say bring it on.

About the Author
Coenraad is webmaster and founder of Cyber Top Cops, leaders in Internet security, prevention of online fraud and raising awareness about the importance of reporting spam.