Wednesday, January 22, 2003

Spam, Spam, and more Spam

When someone says 'Spam' do you think of the meat by-product canned loaf, or do you think of unsolicited commercial e-mail (UCE)?

If you read blogs regularly, or are a blogger yourself, you probably think of the latter.

So, what do you do about it? Its a question I get from clients all the time. In fact, the elimination of spam (UCE) is becoming a high-dollar industry. Companies buy e-mail filtering software all the time to protect from improper e-mails going to and coming from employees.

First is to try to avoid having your e-mail addressed published on any public web site or anywhere in the USENET Newsgroups. "Spammers", those who send out spam or the people who sell e-mail address lists, have programs that crawl the Internet's public areas looking for e-mail addresses to add to their lists. However, keeping your e-mail address private is very difficult. Most on-line order systems require it, and once you order something, they will sell your information when they get the chance. This is why many people have multiple addresses, one that they keep 'secret', and the other(s) that they use for online ordering and for public consumption. However, all it takes is someone who has your 'secret' e-mail address to send you one of those electronic greeting cards and its all over.

So what else to do? The politically active amongst us will try legislation. As you can see, most of the states have passed laws regulating spam. Some states even allow you to sue spammers for cash if you can prove in small claims court that it was unsolicited. If you read the different laws, you'll wonder why the spam in your state doesn't follow any of the regulations. That's because these laws are rarely enforced, as it is too easy for 'small-time' UCE spammers to operate. Law enforcement would be overwhelmed trying to deal with it all.

So now you're at home, the laws aren't being enforced, and spammers have figured ways around your e-mail program's rule set. There are even people who have written elaborate programs and statistical analysis theories about spam that still get some of it. I myself manage several domains, one of which gets a lot of spam, and I get all of the bleed-over from defunct accounts. Someone at Chaos Theory pointed me to a neat service that filters spam.

Cloudmark Spamnet is a Peer-to-Peer spam filtering service that I've been using for a few months. It works the same way as Kazaa and other file-sharing programs do, only you share 'spam' lists. If you get a piece of spam, you click on the "Block" button in the Cloudmark program which then generates a unique mathematical serial number for that spam. Then if anyone else who is running Spamnet gets that mail, it automatically gets flagged as spam and moved to the appropriate folder and/or deleted. Its kind of neat, you have everyone working together to identify spam, and everyone benefits from it. Of course there are two drawbacks: One is that is people classify spam differently - one persons' spam is another persons treasure; The second is that it only works with Outlook 2000 or XP (Not Outlook Express). However, it does work very well. I had a few false positives at first (mainly due to the fact that I am subscribed to several e-mail lists on Bugtraq), but its been near 100% accurate.

Earthlink and other ISPs now offer spam protection (its usually opt-in, that means you have to turn it on), as do many of the 'free' web-based e-mail services.

Maybe we should start tracking spammers down and sending them to North Korean Concentration Camps. Oh wait, I forgot - the North Korean's (along with the Iraqi's) situation is our fault. Oh well, what a better place to send them - well maybe they could join the human shields who are headed over to Iraq...