| ||||||
|
Arts & Entertainment Books Comics Health & Body Media Mothers Who Think News People Politics2000  Technology- Free Software Project Travel & Food  Columnists
Current Click here to read the latest stories from the wires. - - - - - - - - - - - -
- - - - - - - - - - - - View From the Top - - - - - - - - - - - - Also Today For a full list of today's Salon Technology stories, go to the
Technology home page. - - - - - - - - - - - - Search Salon - - - - - - - - - - - - Recently in Salon Technology Complete archives for Technology - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
Planet Spam
How to avoid the evil eye
- - - - - - - - - - - -
April 21, 2000 | There are two fundamental ways to keep
spam out of your in box. The first is to
prevent spammers from getting your
e-mail address in the first place. The
second is to filter out the incoming
spam from the e-mail that you actually
want to see. Go stealth If you are going to try to keep your
e-mail address from the spammers, you'll
need to apply constant vigilance.
Spammers have written programs that
harvest e-mail addresses from
practically every location you can
imagine: Web pages, Internet provider
directories, chat rooms and mailing list
archives. These robots are silent and
extremely effective: A friend of mine
who is a school teacher in Los Angeles
visited the "Parent Soup" chat room on
America Online; two days later, her
mailbox was filled with messages pushing
pornographic Web sites. The easiest way to hide your e-mail
address is to withdraw from Internet
communications: Don't visit chat rooms,
don't post, don't participate on mailing
lists and don't put your e-mail address
on your Web page. Follow these
techniques and you'll get little spam;
unfortunately, you probably won't get
much other mail, either. Planet Spam
A simple variant of the stealth technique is to cycle your e-mail addresses -- get a new one every two or three months. Naturally, this is easier to do if you own your own domain. Alas, a constantly changing e-mail address will be difficult on your correspondents. A less anti-social technique is called "address munging." With this technique, instead of participating in online discussions using your real e-mail address, you use an e-mail address that's not valid, but from which your correct e-mail address is easily discerned. For example, if you were President Clinton, instead of using president@whitehouse.gov, you might use president@remove-me.whitehouse.gov, or president@whitehouse.nospam.gov. Address munging throws off the current generation of address-scraping robots, although it's only a matter of time before spammers have their robots automatically prune out the most common munging names. If you do choose to go stealth, make sure that your e-mail address doesn't appear in online directories, like Bigfoot or the America Online membership pages. Many of the early spammers built their vast collection of e-mail addresses by milking UNIX servers at universities and businesses. Unfortunately, stealth techniques won't help you if you have a common e-mail address. That's because spammers are increasingly resorting to what's called "dictionary attacks." Instead of trying to find a valid e-mail address, the spammers simply guess which e-mail addresses might work. For example, the spammer might send e-mail to tom@hotmail.com, dick@hotmail.com and harry@hotmail.com, without knowing that those addresses actually exist. A more creative spammer might try toma@hotmail.com through tomz@hotmail.com, and so on throughout the dictionary of first and last names. Try filtering Since ultimately there is no way to prevent the spammers from sending messages to your mailboxes, many people have turned to filtering -- automated techniques for identifying spam and sending it to the trash can without human intervention. Filtering is somewhat error prone. Filter the words "business opportunity" in the subject line and you'll can a lot of spam messages, but you're likely to also throw away the e-mail about that new job offer. Throw away e-mail that's in ALL CAPS and you're likely to miss the HAPPY BIRTHDAY e-mail from your grandmother, who still doesn't really understand the Caps Lock key. Some filters work on domain names in the "From:" address. You can't go wrong blocking e-mail from annoy.com, a Web site which was created to send out annoying e-mail. On the other hand, a lot of spam that gets sent shows a return addresses from popular services like AOL.com, Yahoo.com and Hotmail.com; block those and you'll be blocking a lot of legitimate e-mail as well. You could filter messages based on the IP address of the computer from which they originate. The Mail Abuse Prevention System maintains three Internet blacklists. The most widely used is the Realtime Blackhole List (RBL), which lists known "spamhausen" --- computers with high-speed Internet connections that have been known to originate millions of messages at a time. Many ISPs subscribe to the RBL and automatically block any e-mail originating from one of the blacklisted computers. Other ISPs simply add a mail header to e-mail that is received from blacklisted sites, so that customers can filter on these as well. One of the most technically
sophisticated filtering systems is
maintained by a company called
Brightmail. Brightmail has set up
e-mail boxes all over the world that
exist solely to receive spam. When these
mailboxes get a message, the message is
sent back to Brightmail's 24-hour
operations center. A person looks at the
message, identifies it as spam and
constructs a special-purpose filter for
that message. This filter is then
distributed to all of the businesses and
ISPs that subscribe to the Brightmail
service. The theory behind Brightmail is
that spammers tend to send the same
message to millions of different
mailboxes; once a message is identified
as spam, that message won't bother any
Brightmail customers.
- - - - - - - - - - - -
- - - - - - - - - - - -
- - - - - - - - - - - - Search Salon | |||||
 |
 |
 |
 |
|||
