June 07, 2006
Fighting Spam, Part II
PC Security — Fighting Spam, Part II: Webmaster Strategies
Fighting spam — like countering any illegitimate activity — is a battle fought best on multiple fronts. There are simple steps end-users can take to minimize the impact of junk mail (outlined in Part I), but the webmaster or e-mail provider has even more tools available.
Foiling them by raising the spammer's cost, without turning your efforts into a full-time job, is the most effective way to shift the equation in your favor. Some of the end-user techniques discussed in Part I are even more useful to the webmaster.
CAMOUFLAGE
Spambots can only do what they're programmed to do. Often, disguising a publicly visible e-mail address is enough to cause the spambot to bypass you. They're frequently programmed to look for character strings like John_Example@somecleverdomainname.com. A change to John_Example_at_NOSPAMsomecleverdomainname.com is enough to fool them.
Even if your disguised e-mail address is still harvested, at minimum the address has to be 'scrubbed' in order to be used. Scrubbing routines are even harder to write than spambots, because there are so many possible variations. (NO_SPAM, NOSPAM, no*spam, and many that are much more clever. Be creative!)
The method has a drawback: users have to strip out the extra letters and insert the @-sign (in the above example) — something they sometimes fail to do.
E-mail addresses can be made un-harvestable by embedding them in a graphic, rather than using mailto: or other plain-text options. Very few bots are sophisticated enough to read a graphic and translate the pixel pattern into usable text — particularly since the graphic can have an infinite variety of shapes. Here again, users can't simply copy-and-paste or reply to, so there's some inconvenience for them.
An alternative option is to eliminate visible and accessible e-mail addresses entirely. Instead, provide a feedback form that stores user information in areas unsearchable by spambots. Or, store the information in easy to encode but difficult to crack encrypted formats by using for example javascript.
BARRIERS
Banning visible e-mail addresses, or hiding them in graphical form, makes communication between trusted parties more difficult. Put the burden back on the spammer by blocking known spambots.
They often have an easily spotted signature, in the form of a known IP address or process name (or both), or by looking for non-browser User-Agents.
IP address blocking is a simple matter for any webmaster, but blocking unwanted processes isn't difficult either. Just start a cron job that periodically scans for a process name and uses kill to terminate the associated process ID.
The more sophisticated webmaster can have a daemon that sleeps until a process name is instantiated, wakes up instantly and kills the process before it can do any harvesting. Only slightly more difficult to implement, sample programs are available by searching your favorite engine.
It's possible to set a spambot trap that blocks incoming requests based on excessive search behavior or other pattern. The technique is a little more difficult to implement and administer since it requires defining patterns and altering them for different bots. Again, sample perl scripts and how-to guides are available by a brief search.
RAISE THE PRICE
Eventually, even determined spammers get tired of programming variations to bypass the hurdles thrown in their way, deciding the effort isn't worth the reward. The trick is to make the cost of their effort much higher than the reward, while making the cost to you low and the reward high.
Spammers won't surrender until the profit is taken out of their efforts. Even legislation, such as CAN-SPAM in the U.S., seems to have deterred mostly legitimate businesses who were not the guilty parties.
But junk mail filters are getting more sophisticated, penalties for sending spam are having some effect and there are new proposals being discussed (such as "mailer id") that will eventually reduce the problem to a negligible annoyance.
That's bad news for spammers — which is welcome information for the rest of us.
Posted by SpywareSolutions at 10:13 PM | Comments (0)
June 04, 2006
Fighting Spam
PC Security - Fighting Spam, Part I: User Strategies
Fighting spam - like countering any illegitimate activity - is a never-ending battle. You devise a strategy and there's a counter-response. But taking low-effort steps that make spammers actions ineffective or difficult puts you at an advantage.
Two can play at that game.
Since spam is made possible by programs, programs can fight it - and, fortunately, there are many already available. Before learning how to use them, it's helpful to know how spammers do their dirty deeds and what simple actions a user can take to counter them.
One of the most effective tools spammers have are spambots - programs that automatically browses websites looking for e-mail addresses, which it then "harvests" and stores into large lists. The lists are then either used directly for marketing purposes or sold, often as CDs listing millions of addresses.
There aren't yet perfect mechanisms for foiling spambots, but there are several effective techniques.
MISDIRECT
If you don't expose an e-mail address to harvest, you can't get harvested. But in a time when blogs, forums and other public sites are heavily used - and most require providing an e-mail address to post if not to read - it's difficult to avoid.
So for those public venues, define and use an address where you intend to get no personal e-mail. After responding to the sign-up confirmation you don't have to care what goes there. Keep another for personal use and give it only to trusted individuals and vendors.
A word of caution: Hotmail, Yahoo and other large providers have often been used for this purpose. Some sites are wise to this and won't allow addresses with @hotmail.com, for example. Fortunately, there are dozens of free e-mail providers and you don't have to use the same one every time.
CAMOUFLAGE
Spambots are clever, but they're not human. They can't make subtle distinctions or inferences unless they're programmed to do so. Often, disguising a publicly visible e-mail address is enough to cause the spambot to bypass you. They're frequently programmed to look for character strings like John_Example@somecleverdomainname.com. Programs only do what they're instructed, so even so simple a change as John_Example_at_NOSPAMsomecleverdomainname.com is enough to fool them.
Even if your disguised e-mail address is still harvested, at minimum the address has to be 'scrubbed' in order to be used. Scrubbing routines are even harder to write than spambots, because there are so many possible variations. (NO_SPAM, NOSPAM, no*spam and many that are much more clever. Be creative!) Those variations are usually simple for humans to decipher, but again programs only do what they're instructed.
The method does have potential drawbacks. Humans have to strip out the extra letters and insert the @-sign (in the above example) - something they sometimes fail to do out of failure to understand the need to, or because they simply hit Reply To. Also, since many e-mail confirmation systems are themselves automated (by software, naturally), they too will fail to deliver to the desired address.
A variation on the technique can be used not only by web site designers but (to an extent) users. You can usually configure your e-mail account to make the receiver see your e-mail address as anything you wish, regardless of the actual address. After all, that's how spammers often disguise themselves, too.
FILTERS
Once you make the effort to create an e-mail account and 'advertise' it to your friends, business associates and trusted vendors changing (or even disguising) it can be undesirable. That puts you in the position of making high cost efforts for low reward - exactly the role you want the spammer to be in, not you.
Spam or Junk Mail filters to the rescue.
Filters examine every e-mail before it's delivered and apply complex algorithms to determine whether one is junk or not. They're configurable so that e-mail from senders listed in your address book pass through to your Inbox, with others directed to a Junk folder.
Though imperfect, those algorithms are reviewed often by e-mail providers and evolve to capture more junk and fewer valid messages. And, when reviewing the junk mail folder, some allow you to specify whether they 'guessed' correctly. Your answers allow the algorithms to make better guesses.
RAISE THE PRICE - Eventually, even determined spammers get tired of programming variations to bypass the hurdles thrown in their way, deciding the effort isn't worth the reward. The trick is to make the cost of their effort much higher than the reward, while making the cost to you low and the reward high.
Spammers haven't surrendered, but progress to date has been impressive.
Posted by SpywareSolutions at 10:04 PM | Comments (0)
June 02, 2006
Common Spam Scams
PC Security - Common Spam Scams
Along with spam advertisements hawking prescription medicines, 'cheap' mortgage rates and online gambling sites, there are a number of common scams whose sole goal is to separate you from your money.
Some Internet scams offer investment opportunities with huge paybacks. They usually claim to be risk-free, but once they have your money, you're very unlikely to see any return. Another common scam involves offering credit cards for those with bad credit ratings - just send a security deposit and processing fees. In return you get - that's right - nothing. And by the time you start to investigate, the scam artist has disappeared.
Then there are the multilevel marketing schemes (MLMs), urging you to buy large quantities of the 'latest new product' - which you can resell for an easy profit while receiving a commission on each sale from the greater fool down the line. Once you've bought the merchandise, however, the distributor will have disappeared - sometimes without even sending the goods.
Remember these offers are worse than even ordinary spam. Legitimate businesses do not promote their products by spamming. They e-mail selected groups, generally those who have purchased from them before or voluntarily offered an e-mail address. Other offers should usually be ignored. Simply hit your delete button. However, even highlighting the e-mail in order to delete it can signal a spammer that you received one. To fight that, see the article 'Fighting Spam' in this series.
Never reply to spam. Doing so simply indicates to the spammer that your e-mail address is valid, and you'll receive more spam than before. Some spam contains a message offering to remove your e-mail address from their mailing list. Don't use even this service - it's nothing but another method for verifying e-mail addresses.
Above all, never give your credit card number, bank account details or private data to anyone unknown over the Internet. PayPal, for example, and other legitimate online businesses will never ask for your password in an email. One common scam is to fake return addresses and tailor subject lines and content so the message appears to be from them or another financial institution 'confirming' your information. Don't fall for them.
How do you know whether it's spam? Since, one man's spam is sometimes another's welcomed advertisement, there's no perfect answer. But there is one good rule of thumb: if you don't recognize the sender, it's probably not someone you want to hear from. After all, how many former dictators in Nigeria are you likely to know?
Posted by SpywareSolutions at 09:11 PM | Comments (0)
