Internet Annoyances: How to Fix the Most Annoying Things about Going Online

SPAM FIGHTING 101

The Annoyance:

Like everyone else in the world, my mailbox is filled to the brim with more obscene offers, get-rich-quick scams, and other digitrash than I thought existed on the planet. It's so overwhelming that I don't even know where to begin to fight it. I know that there's anti-spam software out there, but which is the best?

The Fix:

There's no one "best" piece of spam-fighting software. Truth be told, most of the major anti-spam apps do a good job. The key is to choose a competent anti-spam program and use it to the max. Before buying, look for these features:

Trainable spam filters

Anti-spam software typically lets you mark email as spam. The spam filter should learn as you use it, catching not only email you've identified as spam, but similar emails as well.

Customizable spam filters

You should be able to customize the program's spam filtersfor example, by telling it to nab any email that contains certain phrases.

Outlook 2003 includes a reasonably good built-in spam-killer, unlike earlier versions of the program. To turn it on, choose Tools Options and click the Preferences tab. Then click Junk E-mail. Make sure the "No Automatic Filtering box is unchecked, or else you'll turn off Outlook's spam-killer. Choose Low if you want to catch only the most obvious spam, and High if you want to be more aggressive(and can live with it flagging some legitimate mail as spam).

The ability to set filter levels

When anti-spam software is too aggressive, it filters out almost all spam but also treats normal mail like spam. When it is less aggressive, more spam gets through. Look for anti-spam software that lets you choose a range of settings, so you can find the one that's best for you.

The ability to build whitelists and blacklists

The program should let you build a whitelist of senders that you consider safe and not spammers, as well as a blacklist of senders known to be spammers. Look for anti-spam software that lets you build and import these lists.

Integration with your email software

Some anti-spam software works independent of your email software, but many people find it more convenient to use anti-spam tools that work from directly inside the email software.

There are, of course, a lot of spam-killers out there. Here's a very short (and not exhaustive) list of capable anti-spam tools:

Norton AntiSpam

The same company that brings you Norton AntiVirus, Norton Firewall, and other security tools also has a very good spam-killer (PC Magazine gave it an Editor's Choice Award). For information, go to http://www.symantec.com/antispam.

McAfee SpamKiller

McAfee, like Norton, makes anti-virus software, firewalls, and other security tools, as well as this spam-whacker. It's based on an open source program called SpamAssassin. For information about McAfee SpamKiller, head to http://www.mcafee.com.

Eudora 6.0

Eudora has a built-in spam-killer that's trainable. Choose Tools Options and click the Junk Mail icon. Look for the Junk Threshold slider. By default, its set at 50. Move it to the left, to a lower number, if it's catching most or all of your spam, but also some legitimate mail as well. Move it to the right if it isn't catching enough spam.

WHAT IS A BAYESIAN FILTER?

Many anti-spam programs rely on Bayesian filters to separate real mail from spam. Bayesian filters analyze the contents of a message, then compare them to a database of spam characteristics and calculate the probability that the message is spam. The more use you a Bayesian filter, the more effective it becomes, because as you tell it what is spam and what isn't, it adds that information to its database. Bayesian filters are far more effective than filters that only block email based on certain words or phrases in a message, because spammers can easily alter the spelling of words. The technique is named after the Rev. Thomas Bayes, an 18th-century English mathematician who developed a theorem of probability.

SafetyBar

This is anti-spam software with a twist. It's an Outlook add-in that uses peer-to-peer technology to fight spam. Everyone who installs it marks messages as spam, and that collective intelligence (at last count, over 1 million users) is then used to determine what's actually spam and what isn't. For information, go to http://www.cloudmark.com.

MailWasher

Unlike most spam-fighters, MailWasher sits between your email program and your mail server and blocks spam before it even gets to your mailbox. There's a free version that checks only one account, and a pay version that checks as many accounts as you want. For details, go to http://www.mailwasher.net. Some people use MailWasher in addition to other anti-spam tools. That way, spam gets filtered twice.

If you're feeling adventurous, you can also try a free Outlook spam-killing add-in from SpamBayes, an open source project devoted to killing spam. It's perennially in beta or alpha, but people report that it's useful and reliable. Get it from http://spambayes.sourceforge.net/windows.html.


Tip: If you're willing to pay $20 a year for Yahoo!'s Mail Plus email, there's another way to protect your email address. Any time you make an online purchase, you can create a disposable email address that's used only for that purchase. After you've gotten purchase confirmation, you can destroy the disposable address, and so spam sent to it heads into the ether, not to you.

STAY OFF SPAM LISTS

The Annoyance:

I use spam-fighting email software, but I still get too much mail from friendly Nigerian millionaires and others promising to enlarge my bank account or other, um, assets. How can I stay off these spam lists in the first place?

The Fix:

You're rightthe best way to avoid spam is to avoid spammer lists. So how do you end up on these lists? The most common technique is "harvesting," according to a 2003 study ("Why Am I Getting All This Spam?") conducted by the Center for Democracy and Technology (http://www.cdt.org). Spammers use automated programs, or "bots," to scan web pages, forums, newsgroups, instant messages, and other sources for email addresses. Those addresses are then sold to other spammers, and boomsuddenly you're living in Spamopolis. So if possible, don't post your email address on a personal or public web site. If you post to forums, Usenet newsgroups, and the like, use an email account created specifically for this purpose, such as a free email account from Yahoo!, Hotmail, or Google.

If you must list your email address on, say, a personal web site, you can hide it from the bots in plain view. One easy trick is to spell out your email addressfor example, write "preston at gralla dot com" instead of preston@gralla.com. Most harvesting programs won't be able to grab a spelled-out address.

Anti-spam mavens also use another classic technique: show your email address in an image file, such as a screen shot of the address in .GIF format. People can read it; spambots can't.

Some clever spammers have figured out ways around these techniques, so another solution is to use an inline JavaScript to generate your email address when the web page loads. Spam-harvester bots only see a <script> tag, but users see an address like preston@gralla.com.

To get your own bit of personalized code, go to the Java-Script generator at http://www.u.arizona.edu/~trw/spam/spam.htm. Feed it your email address and it generates the JavaScript, ready for you to plug into your site.

Yet another solution is to use HTML characters for your address rather than plain-text characters. Anyone visiting your site will see the address, because their browsers will translate the underlying HTML; bots will just see a string of numbers. The trick? Each letter or number in your email address is represented by its ANSI code. Instead of "p", you'd use "112", prefaced by &#. Separate each HTML character with a semicolon (;), and leave no spaces between characters. For example, in HTML characters, preston@gralla.comwould be:

&#112;&#114;&#101;&#115;&#116;&#111;&#110;&#64;&#103;&#114;&#97;&#108;&#108;&#97;&#46;&#099;&#111;&#109

Keep in mind, though, that if you use HTML characters to spell out your email address, you won't be able to use automated HTML "MailTo" links on the pagethat requires the email address to be spelled out using regular letters and numbers.

For a comprehensive list of ANSI codes and special HTML characters, go to http://www.alanwood.net/demos/ansi.html and click the Symbol link at the top right of the page.

Finally, if you're really drowning in spam, you should carefully choose a new email address, inform your friends, set up an auto-reply on the old one, and never visit the old account again. Sounds too time-consuming? Well, you probably spend at least 30 minutes a day deleting floods of spamnow that's too time-consuming!

THIRTY-SECOND GUIDE TO TRACING SPAMMERS

The Annoyance:

I'm sick of spam and I'm not taking it anymore. How can I track down these e-scum and turn them in?

The Fix:

Two pieces of software, eMailTrackerPro and VisualRoute, can track down the real source of spam and notify the spammer's ISP in as little as 30 seconds.

You can download fully working demos of eMailTrackerPro and VisualRoute from http://www.visualware.com. After 15 days, you can buy the duo for $69.90.

EMailTrackerPro (Figure 1-10) analyzes email headers and traces the messages back to their true senders, when possible, by finding the originating IP address. It even reports on the sender's country of origin. It also reports on the software used to send the message, which isn't especially useful but is something that Net geeks like to know. EmailTrackerPro also tells you if the email address it digs up has been "spoofed," or faked.

Figure 1-10. eMailTracker Pro tracks down the source of spam, including the email program used to send it and the country of origin, and reports if the address has been spoofed.

There are two ways to copy email headers into the program for analysis. If you use Outlook, eMailTrackerPro installs a button on the Outlook toolbar. Just highlight an email and click the button. If you don't use Outlook, copy the header information from the email, choose Edit Paste Headers in eMailTrackerPro, and the program will set off to work.

WHAT ARE HASH-BUSTING AND SPAMMERWOCKY?

You may have noticed that many spam messages end with gibberish. Some spam filters use a technique known as hashing, comparing incoming emails to emails it knows are spam. Spammers hope that by adding the gibberish, the Bayesian filters will let their spam througha technique known as hash-busting. Alas, it often works.

A related technique is called spammerwocky. The spam contains a collection of words, such as "inexorable contrive stone brain conclude grandpa trickster." Many spam filters look for spam-like phrases, words, and sentence constructions. These random word collections are an attempt to make the email seem like a legitimate message. However, spam-killers have caught on, and spammerwocky rarely works these days.

Tracking down the spammer's IP address solves the first part of the problem. To locate the spammer's ISP and send it an email, you must turn to VisualRoute. VisualRoute traces the route back to the IP address of origin, reporting on the path the message took and showing the owner of each server on the Internet over which the message traveled (Figure 1-11).

So while eMailTracker Pro will find the originating IP address, VisualRoute will identify the originating ISPand that's who you want to complain to. When it finds the originating ISP, click the name, and VisualRoute will summon the WhoIs information for that ISP, including name, address, contact information, and email addresses (Figure 1-12).

If you see an email address for reporting spam, click it, and it will launch your email program. Paste in the header from the spam and send your complaint on its wayyou've just reported a spammer.

Figure 1-11. Once you know the IP address of the spammer, VisualRoute will find the exact path the spam took to get to you.

Figure 1-12. VisualRoute finds the spammer's ISP and pops up handy contact info for turning in the slimeball.

The Birth of Spam

Most Internet historians generally agree that spam was born on March 8, 1994, when the law firm Canter & Siegel posted a public message on a number of Usenet newsgroups soliciting business. Newsgroups had never been used for commercial solicitations before. Despite the immediate outcry, the firm continued to post, and soon newsgroups were being spammed frequently. Ultimately, the practice spread to email, IM, and everywhere else.

CAN THE CAN SPAM ACT CAN SPAM?

The Annoyance:

Congress passed the Can Spam Act. Big deal. I get more spam than ever. Can I really use the law to can spam?

The Fix:

In a word, no. Experts hardly expect the act to stopor even slowthe flow of spam, and evidence indicates that it's not having much impact. For example, Vircom, a maker of security software, examined more than half a million pieces of spam originating in the U.S. (and so covered by the law) and found that only 71 messages complied with the act. Another study, by the anti-spam vendor Commtouch, found that only 10% of all spam originating in the U.S. complies with the act. The law itself has a variety of requirements, including that spammers must use their true return addresses and that they must include opt-out instructions in every email. But the law pertains only to the U.S., and many spammers have simply moved offshore or started sending spam from servers in other countries. In addition, there's no way that any government agency can possibly keep track of, much less prosecute, all the spammers who violate the law.

Still, some of the big ISPs and various law-enforcement agencies are using the law to go after spammers. In March 2004, America Online, EarthLink, Microsoft, and Yahoo! filed civil actions under the law against hundreds of spammers. A month later, the Federal Trade Commission and the U.S. Attorney's Office of the Eastern District of Michigan announced they were prosecuting four spammers.

But let's face it, the law is flawed. It doesn't prosecute those who benefit the most from spamthe companies that sell the products being advertised. After all, if McDonald's paid someone who paid someone to plaster private property with McDonald's posters, the company would be liable. But for some peculiar reason, anti-spam laws haven't taken this tack. Could this be yet one more example of Congress passing a law so it can tell voters it's done something about a problem, even if the problem remains? Look in your email inbox tomorrow morningthen you decide.

BEWARE THE NATIONAL "DO NOT E-MAIL REGISTRY"

The Annoyance:

I signed up at the National Do Not E-mail Registry site at http://www.unsub.us, to get my name off of spammers' lists. Not only did my spam not stop, but I now get more than ever. Is the federal government trying to reduce the deficit by selling email lists to spammers?

The Fix:

You've unfortunately been the victim of a hoax. There is no such federal registry. The site you visited, according to the Federal Trade Commission, "mimics the language, look, and navigation of the web site for the National Do Not Call Registry, a legitimate free service of the federal government." The FTC believes the site might be collecting email addresses to sell to spammers. The site is currently down, but may rise again. Don't get fooled!

UPDATE OUTLOOK'S SPAM FILTER

The Annoyance:

I use Outlook 2003's spam filter, but after a few months, it seems like more and more spam is getting through. Is Outlook simply getting as tired as I am sifting through all this junk?

The Fix:

New types of spam are created all the time, and on its own, Outlook can't keep up with them. To solve the problem, Microsoft occasionally releases updates to its spam filter. Go to http://office.microsoft.com/en-us/officeupdate/default.aspx and click the Check for Updates link to look for the latest.

MY NEWSLETTER GETS BLOCKED AS SPAM

The Annoyance:

I send out a weekly newsletter to several thousand people who asked to receive it. But every week, hundreds of them don't get it because their ISP or their anti-spam software considers my email spam. What's the curative?

The Fix:

Spam tends to have certain common characteristics, and your newsletter may inadvertently mimic some of those traits. Follow these tips, and you'll go a long way toward making sure your emails don't get bounced:

Don't send an HTML-formatted newsletter

This commonly sets off spam filters.

Watch your language

Don't use the kind of words that got your mouth washed out with soap as a kid. This applies to both the subject line and the body of the message.

WILL MY NEWSLETTER BE CONSIDERED SPAM?

A free service called SpamCheck claims that it can tell you whether your newsletter will be considered spam. Email the newsletter to spamcheck-thatswise@sitesell.net. Start the subject line with the word TEST, and make sure that it's capitalized. (After the word TEST, enter the subject line you'd normally include.) You'll get back an analysis of your newsletter, including an overall rating of its spamacious nature, plus specific recommendations for how to fix your newsletter so it won't be considered spam. The recommendations are mildly useful, but not earth-shaking.

How accurate is the service? Not very. I sent it multiple pieces of real spam, and it didn't give any of them a bad enough rating to be considered spam. One spam I sent even contained the subject line "Cure for Erectile Dysfunction." If that's not spam, nothing is.

Don't overuse capitalization

THIS MIGHT LOOK LIKE SPAM to a spam filter. Follow proper grammatical rules for capitalization. This applies to both the subject line and the body of the message.

Don't overuse punctuation

Use too many exclamation points and question marks, especially in a row, like this !!?!, and the newsletter may be flagged as spam.

Avoid spam-like phrases

Phrases commonly used by spammers, such as "free investment," "cable converter," or even "stop snoring" could put your newsletter in the spam bin. For a list of phrases to avoid, head to http://www.wilsonweb.com/wmt8/spamfilter_phrases.htm.

Pick your mass email software carefully

Some anti-spam software looks for fingerprints left behind by mass-emailing programs commonly used by spammers. Use that software, and your newsletter could be targeted as spam. The web site run by Dr. Ralph F. Wilson, an e-commerce consultant, notes that some mass-emailer programs that might be penalized include jpfree, VC_IPA, StormPost, JiXing, MMailer, EVAMAIL, and IMktg.

Link to domain names instead of IP numbers

If you have links in your newsletter, always use the domain name, such as http://www.oreilly.com, rather than the IP address, such as http://208.201.239.36.

Check if you're on blacklists

Many spam filters use blacklists to help determine what's spam. If you end up on a blacklist, your newsletter won't get through to people using some anti-spam programsand many ISPs use the blacklists to block spam as well.

Some of the most common blacklists:

http://www.spews.org

http://www.spamhaus.org/sbl/index.lasso

http://www.abuse.net/lookup.phtml

http://www.njabl.org/lookup.html

http://razor.sf.net

http://www.rhyolite.com/anti-spam/dcc

http://pyzor.sf.net

If you find your newsletter or your IP address on any of the lists, contact the site, and ask how to be taken off the list. Keep in mind, though, that actually getting off one of these lists can be very difficult. For advice, go to http://www.spamcop.net/reported.shtml.

For more tips, head to http://www.wilsonweb.com/wmt8/spamfilter_avoidance.htm and http://www.thatswise.com/free/lessons/0503.html.

MY ISP THINKS I'M A SPAMMER

The Annoyance:

I've got a much worse problem than some spam filters thinking I'm sending spam. My ISP thinks I'm a spammer, and it won't let me send out a newsletter at all. In fact, it's about to kick me off the service entirely. How can I change my ISP's mind?

The Fix:

Don't bother trying. If you're sending out a newsletter to more than 25 people, you should be using a service that does it for you. Don't do it from your own computer and your own email account unless you're absolutely sure it's kosher with your ISP. Check your ISP's rules before sending. On AOL, for example, head to http://postmaster.info.aol.com/tools/whitelist_guides.html. From this page, you can request to be put on AOL's whitelist, which means that you'll be able to send a newsletter and AOL won't block it as spam. However, you'll have to agree to a set of rules: your mailings will have to comply with the Can Spam Act, valid contact information must be included, all of your subscribers must have requested the newsletter, and so on.

Some ISPs and web-hosting services offer free newsletter-mailing services, so check with yours. If they do, it'll most likely be limited to newsletters with a few hundred subscribers. You can also go with a free newsletter service such as Coollist (http://www.coollist.com) or Yahoo! Groups (http://groups.yahoo.com). To use the Yahoo! Groups service, first create a new group by clicking the "Start a new Group" link. After you've created the group, go to the Members section and click Invite Members. That will allow you to add subscribers to your newsletter, which you can then send out whenever you want. Pay sites, such as http://www.dundee.net, http://www.sparklist.com, and http://www.topica.com, are good if you're distributing to several thousand readers.

LISTSERV LITE

If you don't derive a profit from your newsletter, and you are willing to be your own system administrator, another option is to get the free LISTSERV Lite Free Edition, which lets you run your own mailing list. Go to http://www.lsoft.com/products/default.asp?item=listserv, click the Free Download button in the upper-right corner, and then click the LISTSERV Lite Version link. The program handles up to 10 mailing lists with 500 addresses apiece. Just remember, this isn't a program for casual usersrunning your own LISTSERV can be a headache. Tip: Even if you aren't sending out a newsletter, your ISP may consider you a spammer if you send messages to more than 25 people. When you send email to more than 15 people, put the recipients in the bcc (blind copy) field, and always select a low sending priority.

For a more complete list, head to http://directory.google.com/Top/Computers/Internet/E-mail/Mailing_Lists/Hosted_Services/.) The actual amount you'll pay varies according to the number of subscribers and the size of your newsletter.

    Категории