All Products  |  Support  |  Search  |  microsoft.com Home       
HomeMembershipFeaturesTips & TechniquesRegularsCompetitionsPromotionsAbout CMQ
     
 
 

Wham, Bam NO Thank You, Spam

2nd of April, 2002
   
 
 
An incessant stream of unsolicited emails is not only irritating, it also slows down productivity and limits your resources. David Peterson shows us how to hit the stop button on spam

Nobody likes spam. The constant barrage of unwanted emails promoting pyramid schemes and pornography is the bane of every Internet user’s life. Some spam is simply annoying, some is offensive and much of it is illegal, but the problem extends beyond the content of the emails themselves.

Companies that don’t block spam from reaching their employees can expect, at best, to waste valuable time and resources and, at worst, may run the risk of ‘hostile work environment’ lawsuits for allowing explicit emails to reach staff.

According to various surveys, the number of spam messages received by the average Internet user has doubled every 3 to 6 months over the past two years – and the trend shows no sign of slowing. The cost of this traffic has been conservatively estimated at around US$9,000,000,000 per year. So against these statistics, how can you stem the tide of mailbox-clogging junk?

Getting off the hit list
Spammers get their lists of email addresses from a range of sources, including buying lists from other spammers or harvesting them with automated tools from Web sites, newsgroups and online databases.

There are a number of ways to reduce the chances of this happening:

  • On public newsgroups you can obfuscate your reply-to email address and signature to confuse automatic email harvesters (for instance: david at petersonitconsulting dot com or david@petersonNOitSPAMconsulting.com, with instructions on how to decipher).
  • Before posting to a discussion group on a Web site or joining an email discussion forum, check what measures the operators have taken to keep your address safe from spammers. The GenForum site (www.genforum.com) is a good example of this, converting email addresses to graphics and thus rendering them invisible to email harvesting tools, but remaining easily readable by other site users.
  • Rather than publishing email addresses on your Web site, consider the use of feedback forms that post customer enquiries to a contacts database or that generate emails ‘behind the scenes’.
  • Take care when using search engine submission tools that promise to register your Web site with thousands of search engines. Some of these Web sites fund themselves by selling your contact details to spammers. Best to limit yourself to the major search engines and any specific to your region or industry and avoid the rest.
  • Whenever you fill out a registration form or survey that requires your email address, check for a box that asks you if it’s okay to send you material from ‘selected partner organisations’. Make sure you say no, unless you are certain that your email address won’t be abused.
  • Set yourself up a disposable email address with a free email provider such as Hotmail (www.hotmail.com) and use that if you need to provide an email address to an untrusted party. That way, all of your spam should end up in the one spot, leaving your regular email address uncluttered by junk.
  • Commercial emailers who are members of the Direct Marketing Association will periodically check their lists against the Email Preference Service database. If you register your email address at www.e-mps.com, this can help reduce the amount of unsolicited commercial email that you receive.

Did I really do that?
Registering on a Web site to download software will often subscribe you to a company mailing list for product updates and so forth. If you aren’t careful, you may inadvertently ‘opt-in’ to receive even more commercial email.

Many sources claim that attempting to unsubscribe from any unsolicited email will simply verify your email address to spammers and invite even more spam. This is rarely the case, with automatically generated delivery and read receipts and ‘bounces’ being a far more reliable method of confirming active addresses. In many cases, your request will be honoured, and you will have one less source of spam to worry about.

However, even if an email message says that it was only sent to people that requested it, that may not necessarily be the case. Some spammers include this as a tactic to feign legitimacy and to convince their ISPs not to evict them when complaints start rolling in. These are less likely to respect your unsubscribe request.

Even if they do, it’s probable that they bought your email address on a spam list that may have been sold to hundreds of other spammers. Expressions of outrage will certainly be ignored, so your time may be more productively spent hitting the delete key, or setting up your email software to block spam.

How to block spam
If requesting to be removed doesn’t work, email software such as Microsoft Outlook can provide you with a last line of defence with its built-in spam filtering. By clicking on the Organise button on the toolbar or from the Tools menu, you can configure Outlook to highlight any emails that contain certain keywords, automatically delete them or move them to a junk email folder as soon as they are received.

Unfortunately, spammers are always working on new ways to circumvent junk email filters and will often studiously avoid including any of these keywords in their emails. Fortunately, Outlook gives you the ability to add new customised filters through the Rules Wizard (see the sidebar Blocking spam in Outlook, at left).

Conversely, a junk filter may inadvertently classify legitimate email as spam. “The party is on Saturday; bring a carton of VB and a carton of XXXX” would be picked up by the same rule that filters “Visit my XXX Web site”. So Outlook allows you to specify certain email addresses as exempt from filtering.

Improving your image
Email marketing can be an extremely effective and efficient tool to promote your products and services, build relationships with your customers and increase sales – if done correctly. If not, it can be an extremely efficient way of destroying your company’s image.

  • If you buy a direct marketing mailing list, make sure that the list is correctly targeted, that the individuals on the list have explicitly ‘opted-in’ to receive information on products like yours and that anyone on a ‘Do Not Mail’ file (for example, www.e-mps.org) has been removed.
  • Check the credentials of your list provider and ensure that they are a member in good standing of an industry body such as the Australian Direct Marketing Association (www.adma.com.au).
  • It is much safer to create your own opt-in list – but even here you need to exercise caution. There is always a chance that a competitor or other malicious party will seek to sabotage your reputation online by subscribing anti-spam activists to your opt-in lists. If you end up on a spam blacklist, you will have great difficulty communicating with your customers. To avoid this, make sure that your sign-up process follows the ‘double opt-in’ model, emailing a message asking for confirmation that the recipient really did intend to join your mailing list.

Finally, remember that the fundamentals of good business practice are the same on the Net as they are in the world of bricks and mortar. You’ll generally get the best results for your marketing dollar by pitching for increased sales from your existing customer base – with whom you already have a relationship of trust – rather than cold-selling to a collection of unqualified leads.

Owner beware
Experienced spammers prefer to work anonymously. They are constantly on the look-out for undefended mail systems, or ‘Open Relays’ through which to send their junk emails, rather than using their own facilities. This way, any retaliatory action will fall upon an innocent third party rather than the spammers – who are then free to continue their activities unchecked.

This is obviously an issue for the administrators of corporate mail servers, but it can also affect Web site owners. Microsoft Internet Information Server (IIS), for example, includes an SMTP mail server to allow emails to be generated from any hosted Web site through ‘contact us’ or feedback forms to email customer responses back to a company contact. As a result, your Web server, or even your home PC if you use a product such as FrontPage to design Web sites, may have an SMTP server installed.

If a spammer finds your computer and uses it to relay spam, you may find yourself becoming the launching pad for hundreds of thousands of junk emails. As well as the immediate impact of tying up your server and Internet link, you run the risk of being mistaken for a spammer and having yourself placed on anti-spam blacklists, having legitimate email from your company blocked and possibly even your access to the Internet severed by your ISP.

Am I at risk?
If you are using Microsoft’s IIS, then the good news is that the problem is easy to fix by making a couple of changes to your settings. First, you need to check if you are running SMTP Server. If you have the Windows 2000 operating system, you can check this with the following steps:

  1. Open the Control Panel from the Start menu.
  2. Double-click on ‘Administrative Tools’, and then double-click on the ‘Internet Services Manager’ shortcut if it is there.
  3. When the Internet Information Services window opens, click on the ‘+’ symbol next to your computer name and check the services that are running. If you see an entry called ‘Default SMTP Virtual Server’, then the SMTP service is installed and running. If you see ‘Default SMTP Virtual Server (Stopped)’, then the SMTP service is installed but is not currently running.

Securing your server
As a general rule, you should never run any services that you don’t need on your computer. If your Web site has no need to send emails, then stop the SMTP service.

To be completely safe, you may want to uninstall it altogether through the ‘Add/Remove Programs’ control panel. You can always reinstall it should you need to use it in the future. This will not affect your ability to send emails using Outlook or any other mail package.

If you do need the SMTP service, then make sure that logging is enabled. This will keep a record of every time your SMTP server is used to send email. To do this:

  1. Right-click on the ‘Default SMTP Virtual Server’ entry in Internet Services Manager and select ‘Properties’ from the drop-down menu to display the Properties dialog box.
  2. Check the ‘Enable logging’ check box at the bottom of the window.

Next, make sure that your SMTP server is not allowing outsiders to use it to send email. From the Properties dialog box, do the following:

  1. Click on the ‘Access’ tab.
  2. Click the ‘Connection …’ button to display the Connection Control dialog box.
  3. Make sure that ‘Only the list below’ is selected.
  4. Click ‘Add …’ to add the address ‘127.0.0.1’ and the IP address of your computer.
  5. Remove any other addresses unless you are absolutely certain that those computers will need to use your SMTP server to send email.

The ‘Relay restrictions’ section of the Access tab can be used to stop other mail servers from relaying mail through your computer. There are very few occasions when you would want this to happen, so:

  1. Click on the ‘Relay …’ button to access the Relay Restrictions dialog box.
  2. Make sure that ‘Only the list below’ is selected.
  3. Remove all entries.

This should be enough to deter most spammers, who will be using automated tools to detect open relays and will not persist if an initial attempt to hijack your server fails, turning their attention to easier prey elsewhere.

Have you been hijacked?
There are three easy ways to check whether your system has been hijacked by spammers: you can check your SMTP logs; check your mail root directory; and, finally, check with anti-spam blacklists.

SMTP logs: If you have logging switched on, these should be under log files in your system directory (C:\WINNT\system32\LogFiles\SMTPSVC1 on most systems). Look for any unusually large log files, keeping in mind that in the case of most spam attacks the volume of emails will be so large that they will have been sent over several days.

Open a couple of log files and check the IP addresses. If there are any foreign addresses present, then this may be a sign of an attack, or a spammer checking if your SMTP server is a likely target. Figure 5 shows an extract from a log file where only the local machine (203.xxx.xxx.59) has been sending email – probably as a result of a customer filling in a feedback form.

Mail root directory: Open up your mail root directory (for example: C:\Inetpub\mailroot) and use Notepad to open up a sample of the messages in the Queue and BadMail directories. If the text of the message looks like the content of a spam email, then your server has almost certainly been hijacked.

Anti-spam blacklists: A good Web site to check all of the major blacklists in one go is relays.osirusoft.com/cgi-bin/rbcheck.cgi. Simply enter your computer’s IP address and click the submit button to see if you have been registered on any of the lists.

If you are on a blacklist, the blacklisting Web site will generally contain information on how to get off the blacklist and avoid future incidents. You may also be able to contact the blacklist owner for assistance – but remember to ask politely. Most of them are regularly bombarded by threats from irate spammers who insist that they have a right to promote pyramid schemes and pornography and will have little patience with you if you come across as a spammer trying to get off the hook.

David Peterson is a principal consultant at Peterson IT Consulting (www.PetersonITConsulting.com). He can be contacted by email at david@PetersonITConsulting.com.

   
     
   
   
     
     
Search Features

View Latest Features