Anti Spam Techniques

Outlook, Outlook Express	Hotmail, MSN	Yahoo

Step One - Defense - De-fuse the effectiveness of Spam. While spam costs little, it does not cost nothing. If it returns few or no results, then it costs more. A side effect of reducing spam is that it will reduce the spread of e-mail viruses as well. Therefore these techniques will work by "diluting" the E-mail address lists with addresses that work, but can not return any results (the mail is never even seen).

A small investigation revealed that using a service can run into the thousands of dollars to send Spam. The Spammer is billed on the number of deliveries. Therefore, in this case, it would actually be more effective to let the mail be delivered, but using a filter you can send it to your trash. It would also be better to leave your address on this list! By doing this, the spammer still has to pay, but gets no response. If enough of us do this then we will slowly drain the spammer of resources and results and drive them from this means of advertising.

Empower the users – The kazillion e-mail users. Send the spam that is supposed to reach them to oblivion. First and foremost, don't respond to a junk E-mail message! All it does is confirms that your e-mail address works. The "remove me from this list" mechanism is usually a way of verifying that your address is valid.

Use the spam protection in the E-Mail client to the best effect. - The two or three most popular e-mail clients have filters built in. Using these filters, you can block, filter, and automatically respond to Spam. These "very plain instructions" web pages show you how to use the built in features of the e-mail client to reduce the effectiveness of spam. The links are at the top of this page.

Set up a "key" system. One drastic measure would be to use a unique "password" in the subject area of the mail to you. Using the "not" filter then you can effectively screen out all mail "not" containing the password. It will be hard for the spammers to crack the password and will certainly cost money. The spammers will not know that that mail is failing.

Send their mail back to them – If you have an auto-responder available, send it back to them. Bandwidth costs money, even to the spammers. If the response "bounces" it will come back to you. Filter those out too!

If you have a spare e-mail account, set it up with a small quota, and let it fill up! All mail from there now bounces! Hide this address on a web page. They’ll cull it and start mailing there even more. Send in the product registration cards with this address on it, too. They’ll sell it and it will bounce and they’ll both pay for nothing. It will only bounce once or twice before it is removed by the list company but it still will end up costing them money.

Use the legal system effectively - AOL has a child setting. Use these to trap and threaten the porn Spammers. This would be particularly effective if you are a lawyer!

Spammer Retaliation – Expect them to drop the account from their list and publicize the drop. Bummer.

I must also mention that there are commercial software packages that can zap Spam but they cost money and their effectiveness is questionable. They are discussed in further detail here in a PC Magazine article.

Step Two - Activate the de-fusion - Broadcast these steps over the internet. It may take a while but spam will stop reaching everyone who uses this technique. Click throughs will go down steadily because the people who click the ad (like me) never get the mail in the first place!

Step Three - Send in the big guns – Continue to lobby the ISP’s for better and more spam protection. Earthlink already offers spam protection (filters?) The ISP can also detect large amounts of mail coming from a certain address. From there, perhaps they could block or return the known spam. They could also adopt a Policy Against Spamming that was enforceable by suspension or cut-off of mail service, on their own servers.

Lobby your Local Representatives for better protection - The link provided below details some of the legal issues involved in Spamming. Some States have passed legislation, however it appears to lack any type of enforcement or reporting mechanisms. One feature of almost all legislation is the use of an identifier in Spam. That means that the Spammer must include the word ADV in the subject of the message. That makes it really easy to filter, but they Spammers are counting on the fact that not many people know how to filter or just don't filter. Note: In some US states SPAM is illegal! California's E-mail reporting mechanism is here: http://caag.state.ca.us/contact/index.htm . This will allow you to fill in a form and send it to the attorney general?

[Note from M. E. Kabay: My good friend and colleague Stephen Cobb sent me this good news about progress in the fight against spam. Introducing delays into network responses is a well-established approach to interfering with automated attacks; for example, automated dictionary attacks on passwords via logon interactions can be stymied by a two- or three-minute delay every few wrong-guesses. I'm glad to see someone implementing this technique to deal with the wretched people who are abusing the 'Net with their floods of junk. As a matter of full disclosure, I have no commercial relation whatsoever with the vendor named in the following article. Please communicate directly with Stephen Cobb for all commentary about this article.]

Networks can use time to stop spam - and I mean this quite literally. People may argue about the definition of unsolicited bulk e-mail or spam, but nobody disputes the fact that it continues to grow in volume, month after month, despite lawsuits and legislation (spam is already illegal in 30 states and, since most spam is commercially deceptive, much of it is a violation of the Federal Trade Commission Act). Nobody disputes the fact that spam places network administrators between a rock and hard place, where the rock is user complaints and the hard place is mail servers that are groaning and, all too often, collapsing, under the weight of expanding spam traffic. Security officers are being challenged as well, by spam's threat to uptime and availability, and its growing popularity as a distribution mechanism for malicious code and fraudulent scams.
Unfortunately, but perhaps understandably, the most common choice for antispam defense is filtering. This assumes spam is akin to malicious code, something you can readily identify and quarantine. But spam is the Achilles of e-mail threats, at once more powerful and yet more vulnerable. If you doubt the power of spam, talk to your local ISP. When a spammer targets your domain you can be staring down the barrel of a spam cannon firing 6 million messages an hour.
Some spam will always beat filters. This is because spam shares so much digital DNA with legitimate high-volume e-mail - like this newsletter or my Discover card payment reminder - as to be practically indistinguishable. Ratchet up the filters and you lose wanted e-mail. As for blacklisting as a spam defense, that is now fraught with problems too numerous to mention.
Spammers have a strong incentive to beat filters and blacklists: economics. Unlike virus writers, spammers are in it for the money, which turns out to be good news, because that is also their Achilles' heel. Consider what happens to a spam cannon when the target network is so slow most of the messages don't even leave the barrel: It moves on to the next target. In other words, if you can't get a network to accept a high rate of messages per minute, there is clearly no money to be made there, and you move on.
I know this because my colleagues in ePrivacy Group's antispam laboratory figured out how to make a large network appear - to spammers - as though it is very slow. When they tried this trick at an ISP whose servers had been collapsing under relentless spam attacks, the effect was immediate and quite astonishing. Spam attacks were either repelled or displaced. The good e-mail came through faster, without false positives, and server loads returned to manageable levels while user complaints plummeted.
The techniques used to accomplish this, a combination of traffic analysis and traffic shaping, have now been "productized" in an appliance that can be dropped into place between the Internet and an organization's e-mail servers. The technology, SpamSquelcher, works best when applied to networks of 5,000 mailboxes or more, and it can be an effective complement to filtering strategies. That's because spam squelching eliminates the biggest weakness of filtering: the need to receive all the messages that a spammer sends to then decide which are spam and which are ham. Whether you filter in-house or through a service, the spam has to be accepted by someone before a filter can look at it - which actually tends to increase spam volumes. Besides, if your first line of defense is squelching, rather than filtering, you can not only win back valuable server capacity, but also enjoy the distinct pleasure of knowing you are making life more difficult for spammers.

Other notes on Hotmail and Yahoo free E-mail: Both of these services are free. They are convenient for being able to retrieve mail from any web enabled computer. They are also both able to retrieve your regular E-mail from your ISP. They are pretty different after that. Hotmail has a tiny message limit of 2 megs of storage. This can fill up fast especially with messages getting larger all of the time. Yahoo allows 6 megs of storage. Even with this limit, neither of these services will do for business purposes. You can buy extra storage if you want with different plans ranging from $3 to $10 a month.

The PC Magazine article talks about having a DEA. That is Disposable E-mail Address. If you use Hotmail or Yahoo as your DEA then be sure not to keep an address book in the program. Should you abandon the account you will also lose your address book and any safe lists or mailing lists you have set-up. You could use a free E-mail account more as a JEA (Junk E-Mail Address). This would have the desired effect since the SPAM lists will still become less and less effective. Simply get a free E-mail account and use that account for all web transactions, product registrations, web pages, etc. Give your "real" address for friends, relatives and business, but never on any type of transaction that will record the e-mail address and then sell it. Therefore the junk address would be something like yourname@hotmail.com, and your real address would be yourname@yourISP.com.