 |
| Home | Tech Support | WebMail | Contacts | Search | BCPL.info |
What is Spam, and how do I stop it?
- What Spam is
- How spammers get your e-mail address
- BCPL efforts to stop spam
- How you can stop spam
- CAN-SPAM Act
- What not to do
- Why are e-mails addressed to someone else coming to me?
- Links
- Giving out your e-mail address online - Spammers can get your e-mail address if you give it out in an online survey or while signing up for something online.
- E-mail harvesting - Spammers use automated programs (sometimes called spambots, spiders, or
trawlers) to harvest e-mail addresses from webpages. Examples of commonly harvested webpages include web-based
directories, bulletin boards or discussion groups. For example, if your e-mail address is in an online
directory of members in a professional or trade organization, a directory of your high school graduating
class, or something similar, your e-mail address can be harvested. If your e-mail address appears on
such a webpage, have it removed.
- To get an idea of whether spambots can find your e-mail address online, try entering your e-mail address in a search engine, such as Google. If the search engine comes up with any results, then your e-mail address is definitely exposed on the web. If a search engine's software can find your address online, so can spammers.
- For an excellent in-depth description of how spammers harvest e-mail addresses and what you can do to prevent this, see the Center for Democracy & Technology's Why Am I Getting All This Spam web page.
- Mailing lists - Spammers can obtain e-mail addresses from mailing lists.
- Usenet (newsgroup) groups - Newsgroups are a prime source of e-mail addresses for spammers.
- IRC and chat rooms - Spammers can obtain e-mail addreses from people using certain kinds of chat rooms. This is done frequently by spammers, as many users in chat rooms are Internet-newbies and may not be experienced in dealing with spam.
- Guessing - The shorter or more guessable an e-mail address is, the more likely it is to receive spam. For example, user names like dave or jdoe would make for very bad e-mail addresses.
- Other - There are many other ways spammers can get e-mail addresses, including but not limited to white and yellow pages, scams, and buying/swapping lists with other spammers. For a more comprehensive list of ways spammers can get your e-mail address, go to http://www.private.org.il/harvest.html
Subject: [SPAM] Wholesale prices on Vicodin
If you see that "SPAM" tag, you'll know that the Barracuda firewall identified the message as spam. You may want to examine "SPAM" tagged messages for a while, until you're satisfied that the Barracuda isn't tagging messages that aren't really spam. That's up to you.
No current technology is 100% accurate in identifying virus and spam e-mail, so don't expect miracles. Do not relax your guard! Continue to be on the lookout for suspicious e-mail in your Inbox. Continue to use anti-virus software on your PC, and continue to keep it up to date. The Internet is full of nastiness these days. Regardless of what BCPL.NET tries to do to defend you from them, never forget that you are your own final line of defence against the bad guys.
You'll probably see some spam e-mail that the Barracuda firewall misses and doesn't tag as spam. You may also find a few messages with the "SPAM" tag that are not really spam. This should improve as we learn to use the Barracuda's various features, and as the Barracuda itself learns from the thousands of e-mail messages it processes every day.
We will gradually turn on more advanced features as we become more familiar with the Barracuda, and will use BCPL.NET News messages to explain what those features are and how they affect your e-mail. Stay tuned for future developments.
If you're interested in learning more about the capabilities of the Barracuda 400 spam and virus firewall, visit the Barracuda Networks web site at http://www.barracudanetworks.com
For more information on the Barracuda, see our Spam and Virus Firewall FAQ.
- Keep your e-mail address out of the hands of spammers.
Put simply: If the spammers don't know your address they can't send you spam. The best way to avoid getting spam is to not give out your e-mail address. Once a few spammers get hold of your address, you'll get a steadily increasing amount of spam. Spammers trade and sell lists of addresses, so it doesn't take long for your address to become known to a large number of spammers.
- If you buy merchandise from an online store, you'll probably be required to enter your e-mail address as part of the ordering process. Reputable online merchants won't share your e-mail address with other online merchants without your permission, but not all online merchants are reputable. Look carefully for a checkbox or button that lets you specify that you don't want the merchant to give your address to anyone else. If there is no such option, search the merchant's web site for a published privacy policy. If you aren't satisfied that your e-mail privacy will be respected, either don't buy from that company, or use a "throw-away" address as described below.
- Don't put your e-mail address on a webpage - If you have your own webpage, don't put your address on it either in plain text or as a mailto: link. Instead consider creating a small graphic that displays your address (but don't make it a link). Disguise your address something like this: "jdoe at bcpl dot net" instead of "jdoe@bcpl.net". Or, utilize one of the free javascripts that will disguise your address (for an example see http://www.joemaller.com/js-mailer.shtml ).
- If you participate in a Web-based forum of any kind that displays your e-mail address, contact
the person in charge of the forum and ask if your address can be hidden. If not, stay away from
that forum.
- Use a throwaway e-mail address
- Complain to the abuse or postmaster addresses of the originating domain
Almost all ISPs now have abuse addresses specifically for this purpose. If you identify the origin as erols.com, for example, address your complaint to "abuse@erols.com".
Unfortunately, this isn't as straightforward as it might seem. The address on the "From:" line of spam is almost never where the spam really originated. Spammers almost always use a fake address on the "From:" line. If you receive spam that shows "jdoe@erols.com" on the "From:" line, and if you complain to "abuse@erols.com", there is an almost 100% probability that you have complained to the wrong place. Figuring out the true origin of spam can be a hassle, but it is essential in order to know where to complain.
To determine the true origin you have to examine the "Received:" lines in the full message header. Most mail programs don't normally show you the full header. You have to turn on full header display, usually in the configuration or in one of the menus. For specific instructions on how to view full headers in many different e-mail programs please go to:
http://www.wurd.com/cl_email_faq_spamfight.php
Even with the full header in front of you, it can still be pretty tough for the layman to determine the origin of the e-mail. This is because most mass mail software adds one or more bogus "Received" lines and other information to throw you off track. Even if you are able to figure out which "Received:" lines are legitimate, you then need to do some research (typically a "whois" lookup in the ARIN database at www.arin.net) to figure out where to send your complaint. This is time-consuming, so we don't recommend it unless you are very serious about taking action against spammers.
- Set up your own spam filter
Although filtering at the server level isn't practical, filtering within your own mail program may be a viable alternative because it is completely within your control. All current versions of the most popular PC and Macintosh based mail programs (Outlook Express, Netscape, Eudora, Apple Mail, Entourage, etc.) have filtering capability. Consult the written or online Help documentation for your specific mail program.
One approach is to set up your filters to accept mail only from addresses you consider "friendly", i.e. from e-mail addresses that are known to you (this is sometimes called a white list) . This will certainly stop spam, but unfortunately it also has the potential to stop legitimate e-mail as well. We don't consider it a good solution, but many people do it.
A less stringent but more labor-intensive approach is to create filters that will block e-mail containing specific words. For example, if your primary concern is spam with pornographic content, then set up a filter to block e-mail containing words you consider to be objectionable. A "forbidden words list" intended to block normal non-pornographic spam (commercial ads, for example) is less straightforward because the words in such e-mail are not any different from the words you might find in legitimate e-mail.
There are many types of commercially available anti-spam software. Newer versions of anti-virus software (such as Mcafee or Norton) may contain anti-spam as part of security software package. You can obtain this software online or at most computer stores.
Please note that WebMail, used by many BCPL.NET customers and BCPL staff, does not have filtering capability. In order to filter you will have to use an e-mail program installed on your own computer.
- Change your e-mail address
There is only one sure way to eliminate spam (at least for a while). Change your BCPL.NET username (the part of your address in front of the "@"). Then, protect the new address as described above. If you want to do that, decide what you want your new username to be (plus a second choice in case your first choice is already taken), then contact the BCPL.NET Accounts Desk at 410-887-4172 or . Give it careful thought first, though. If you change your username, you will have to change it in your BCPL.NET login window, and in your e-mail program. You will also have to notify everyone from whom you want to receive e-mail of your new address, and you'll have to resubscribe to any e-mail mailing lists you're on.
In the final analysis, your best line of defense is the Delete function in your mail program. I know it's annoying to receive spam, but it takes only a moment to delete it. For most users this remains the most effective way to deal with spam.
A copy of the CAN-SPAM Act can be found on the FCC website via the link below. To view this document, you will need the Adobe Acrobat Reader software.
Some spam e-mail may direct you to fill out a form at a specific web site to have yourself removed from the spammer's mailing list. While some of these may be legitimate, most are merely mechanisms used by spammers to collect addresses for their mailing lists.
Mailbombs and similar measures are considered "denial of service" attacks, and are a very serious offense. Any BCPL.NET customer caught mailbombing another site, no matter what the motivation or provocation, will have his/her account terminated immediately.
To and CC work as you might expect - when you receive an e-mail it will clearly show all recipients placed in the To and CC fields, including yourself.
The BCC field, which stands for Blind Carbon Copy, is never shown to recipients. Addresses written in this field WILL be delivered to, but will not be displayed in the e-mail itself.
Originally, BCC was used as a way for people to send out newsletters without everyone in the To field being able to see each other's addresses. Lately spammers and virus writers have been using it to trick users into thinking the ISP has misdelivered their mail. The bottom line is, if you have received a message, you WERE written in as a recipient.
- "Figuring Out Fake E-mail & News Posts" (AKA "The Spam FAQ")
Includes links to many Web sites with useful info about spam.
http://www.faqs.org/faqs/net-abuse-faq/spam-faq/ - Where to Complain About Frauds & Scams:
http://www.elsop.com/wrc/complain.htm - General information about spam:
http://spam.abuse.net/spam/
http://spam.abuse.net/spam/userhelp/