Fighting Spam | PC Magazine Windows Vista Security Solutions

When the spammers find you, it won't be long before your inbox is completely overwhelmed by junk e-mail. Although the fight against spam is definitely an uphill (and arguably impossible to win) battle, there are a number of different ways that you can work toward reducing your junk e-mail intake. Some of the primary methods and techniques that you can use to fight spam include:

Using the anti-spam and security capabilities of e-mail client software like Windows Mail
Installing anti-spam software
Using plain old common sense

Each of these concepts is explored in more detail in the following sections.

Fighting Spam with Windows Mail

Unlike its predecessor Outlook Express, Windows Mail includes anti-spam technologies similar to those in Microsoft's Hotmail service and its full-featured e-mail client, Microsoft Outlook. Techniques that fight spam in Windows Mail include:

Configuring junk e-mail options
Implementing safe and blocked sender lists
Designating that messages from certain international regions and those using foreign encoding are always treated as spam
Implementing anti-phishing settings
Configuring message security settings
Changing the way you view e-mail messages

These concepts and their configurations are looked at in more detail in the following sections.

CONFIGURING JUNK MAIL FILTERS

One of the most powerful features in Windows Mail is configuring junk e-mail options that are applied to all incoming messages. Junk e-mail options determine whether a message should be designated as spam based on its contents, the sender's address, the domain it was received form, and more.

By default, Windows Mail is configured to treat only those messages that are readily identified as spam as junk e-mail. When Windows Mail identifies these messages as spam, they are immediately moved from your inbox to the Junk E-mail folder. The Junk E-mail folder acts as a type of temporary holding location for all messages identified as spam. Before emptying or deleting the messages in this folder, you should always check to ensure that legitimate messages have not been falsely identified as spam. If you do find any legitimate messages in this folder, simply drag them to your inbox folder in Windows Mail.

Although its default junk e-mail settings are sufficient to trap the majority of common spam messages, you can also configure Windows Mail to scrutinize incoming messages more closely. Other junk e-mail options that you can configure in Windows Mail include:

No automatic filtering. When this option is selected, Windows Mail moves messages from blocked senders to your Junk E-mail folder, but no other anti-spam techniques are used to filter messages received.
Low. This default spam filtering method catches the most common spam messages and moves them to your Junk E-mail folder.
High. This option filters messages more aggressively in its search for spam, but may occasionally designate legitimate messages as junk e-mail.
Safe list only. When this option is selected, the only messages that end up in your inbox are those from senders on your Safe Senders List (which includes contacts in your address book).
Permanently delete suspected junk e-mail instead of moving it to the Junk E-mail folder. If you check this option, any message that your configured settings deems to be spam is deleted automatically - enable it with caution.

Follow these steps to configure junk e-mail options in Windows Mail:

Select Start → Windows Mail.
Select Tools → Junk E-mail Options.
On the Options tab, select the level of junk e-mail protection that you want to implement, as shown in Figure 11-2.

Figure 11-2: Configuring Junk E-mail Options in Windows Mail.
If you want to permanently delete junk e-mail instead of having Windows Mail store it in the Junk E-mail folder, select the Permanently Delete Suspected Junk E-mail Instead Of Moving It To The Junk E-mail Folder check box.
Click OK to implement your new junk e-mail option settings.

IMPLEMENTING SAFE AND BLOCKED SENDER LISTS

Although Windows Mail generally does a good job of identifying junk e-mail messages by default, you can implement stricter anti-spam measures by making use of the program's Safe Senders and Blocked Senders list. As the name suggests, the Safe Senders list consists of e-mail senders you know, such as friends, family, and business colleagues. When you add an e-mail address to your Safe Senders list, messages from that user are never treated as spam. For greater flexibility, you can also add domain names to this list - for example, entering a domain name like @company.com (instead of just one address) ensures that messages from any user with an e-mail address ending in @company.com is never treated as spam. The Windows Mail Safe Senders list is functionally the same as what is commonly referred to as a whitelist. You'll learn more about whitelists later in this chapter.

As you might have guessed, the Blocked Senders list accomplishes exactly the opposite of the Safe Senders list. Messages received from individual e-mail addresses or domain names added to the Blocked Senders list are automatically moved to your Junk E-mail folder.

Follow these steps to add e-mail addresses or domain names to your Safe Senders and Blocked Senders lists in Windows Mail:

Select Tools → Junk E-mail Options.
Select the Safe Senders tab.
Click the Add button.
To add an individual e-mail address to your Safe Senders list, type in the full address and click OK. You can also enter a domain name like @company.com to ensure that messages received from any e-mail user with an @company.com address is never treated as spam.

Figure 11-3 shows a Safe Senders list with both individual e-mail addresses and entire domain names configured.

Figure 11-3: The Safe Senders list.
Select the Blocked Senders tab.
Click the Add button to add individual e-mail addresses or entire domain names to the list. Messages from e-mail addresses or domain names that appear on this list are always treated as junk e-mail.

Tip

You can quickly add e-mail addresses to both your Safe Senders and Blocked Senders lists by right-clicking a message from a user, selecting Junk E-mail, and then choosing Add Sender To Safe Senders List or Add Sender To Blocked Senders List, as required.

While blocking spammers' e-mail addresses may seem like an effective way to combat spam, it's not always an appropriate solution. The main issue is that spammers seldom use the same address to send you messages, and rarely use a valid e-mail address. In other words, blocking an address that a spammer has used to send you a message is generally futile because the spammer is unlikely to use it again. However, this technique is helpful in cases where you've somehow managed to end up on an e-mail newsletter list and are receiving repeated messages from the same source. If you can't dig up the details of how to remove yourself from these (typically) opt-in lists, adding the sender's e-mail address to your Blocked Senders List can prove an appropriate solution.

CONFIGURING REGIONAL AND ENCODING JUNK E-MAIL SETTINGS

If you take the time to examine the junk e-mail that makes its way into your e-mail inbox, you're likely to notice that many arrive from countries worldwide, and sometimes include foreign characters. In most cases these messages are clearly spam. Windows Mail makes it easy to designate all such messages as junk e-mail via the International tab in its Junk E-mail Options window.

Windows Mail blocks international spam messages in two ways. The first is by analyzing the Top-Level Domain (TLD) from which the message was sent. For example, if a message is sent to you from a user with an e-mail address ending in. AF, the sender's domain name is associated with Afghanistan. Assuming that you don't know anyone in Afghanistan, you can probably safely block all messages from senders in that region.

Similarly, a message that uses the Simplified Chinese character set won't be of much use to you if you can't read Chinese. To deal with messages using encoding methods other than those associated with your native language, Windows Mail enables you to designate all such messages as spam. As with the regional example previously mentioned, Windows Mail automatically moves all messages that use encoding methods you choose to block to your Junk E-mail folder.

Follow these steps to configure Windows Mail to designate messages from certain TLDs - or those using foreign encoding - as junk e-mail.

Select Tools → Junk E-mail Options.
Select the International tab.
To block messages from certain countries or regions, click the Blocked Top-Level Domain List button.
In the Blocked Top-Level Domain List window, select the check boxes next to the countries or regions to treat messages from e-mail addresses in those locales as junk e-mail, as shown in Figure 11-4. When finished, click OK.

Figure 11-4: Blocking e-mail messages by TLD.
Click the Blocked Encoding List button.
In the Blocked Encoding List window, select the messaging encoding types that you want to treat as spam and click OK.

CONFIGURING ANTI-PHISHING SETTINGS

Phishing threats have become very commonplace, and are addressed in Windows Mail through the anti-phishing filter built into its companion browser, Internet Explorer. Windows Mail helps to ensure that you don't fall prey to phishing scams by displaying a warning dialog box when phishing messages are downloaded and detected, as shown in Figure 11-5.

image from book
Figure 11-5: The message that Windows Mail displays when junk or phishing messages are downloaded.

Follow these steps to configure settings related to how Windows Mail deals with phishing-related e-mail messages when they're detected:

Select Tools → Junk E-mail Options.
Select the Phishing tab. Although Phishing protection is enabled by default, you should also select the Move phishing E-mail To The Junk Mail Folder check box, as shown in Figure 11-6.

Figure 11-6: Phishing settings in Junk E-mail Options.
Click OK to close the Junk E-mail Options window.

Cross Reference

For more details on the anti-phishing filter built into IE7, see Chapter 5.

CONFIGURING MESSAGE SECURITY SETTINGS

Along with its junk e-mail options, Windows Mail also includes additional configurable security settings accessible through Tools → Options → Security, as shown in Figure 11-7.

image from book
Figure 11-7: Windows Mail Security options.

The name of the Virus Protection section on this tab is somewhat misleading - it doesn't offer any virus protection in the traditional anti-virus sense, but does offer a degree of protection against common virus and spyware tactics.

First, the IE Security Zone settings enable you to configure how Windows Mail deals with HTML-based e-mail messages, using restrictions similar to those originally looked at in Chapter 5. The remaining settings in this section are enabled (selected) by default. The first check box alerts you when other programs (like viruses) try to send out messages via Windows Mail, whereas the second blocks you from opening or saving dangerous virus attachments. As a best practice, you should leave both of these check boxes selected.

Note

When the Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus option is selected in Windows Mail, potentially dangerous attachments are removed from messages by default. File types that are automatically removed from messages include those ending in .exe, .pif, and .scr.

The Security tab also includes a section called Download Images. When the Block Images And Other External Content In HTML E-mail check box is selected (as it is by default), Windows Mail protects you from the possibility that spammers will use these elements as beacons. As with the previous settings, keep this setting enabled as a security precaution and to help reduce the possibility that you'll receive more spam as a result of viewing a junk e-mail message.

Additionally, you can stave off some of the dangers associated with HTML e-mail messages by reading all messages in plain text format. To do this in Windows Mail, select Tools → Options → Read and select the Read All Messages In Plain Text check box as shown in Figure 11-8.

image from book
Figure 11-8: Configuring Windows Mail to read all messages in plain text.

Filtering Spam with Anti-Spam Software

Although the anti-spam features of Windows Mail meet the needs of most Vista users, there's no shortage of powerful e-mail filtering programs available from a variety of companies. If you find that the features built into Windows Mail are not robust enough to meet your needs, you may want to consider using a dedicated anti-spam program for added protection.

Some of the more popular anti-spam software packages include:

K9. This free program works in conjunction with your regular e-mail client to automatically classify incoming messages as legitimate or spam. K9 only works POP3 e-mail accounts, and can be downloaded from http://www.keir.net/k9.html.
MailWasher Pro. This anti-spam program, shown in Figure 11-9, works with POP3, IMAP, and HTTP e-mail accounts, using a variety of different filtering methods to reduce your spam intake. It even includes a feature that enables you to delete spam e-mail messages from your mail server before downloading them to your computer. You can download a trial version of MailWasher Pro from http://www.mailwasher.net, and register it after 30 days for $37.

Figure 11-9: MailWasher Pro is a popular commercial anti-spam program.
POPFile. You can train this free e-mail classification program to detect spam and automatically organize other incoming e-mail messages into different folders according to your preferences. You download POPFile from http://www.popfile.sourceforge.net.
SpamPal. This free e-mail classification program uses filtering techniques and RBL lists in an attempt to keep your inbox spam-free. SpamPal works with both POP3 and IMAP e-mail accounts, and you download it from http://www.spampal.org.

Note

The preceding list of anti-spam programs is only a small collection of some of the more popular products available. For a more comprehensive list of anti-spam programs and other spam-related resources, visit the Coalition Against Unsolicited Commercial E-mail web site's resource page at http://www.cauce.org/about/ resources.shtml.

The primary security and anti-spam features of these software packages include:

Bayesian filtering
Whitelists and blacklists
Realtime blackhole lists (RBLs)

Each of these security and anti-spam features are explored in more detail in the following sections.

BAYESIAN FILTERING

Using message rules to filter out spam is difficult, because spammers use variations in spelling and punctuation to avoid matching the keywords or phrases you configure. With this weakness in mind, most anti-spam programs employ a technique known as Bayesian filtering. Bayesian filtering is a technique that uses statistical methods in an attempt to determine whether an e-mail is or is not spam, based on its subject and message contents. Over time, the anti-spam program's Bayesian filters learn which messages are spam and which are not (based on the messages you flag as spam), and then use this information in its spam calculations.

Ultimately, Bayesian filtering is a great feature, but it can take a while for it to gather enough information to determine whether incoming messages are spam with a fair degree of accuracy. Additionally, this method suffers from a problem known as false positives, as outlined in the sidebar.

Positively False?

One reason using anti-spam software can often be just as frustrating as not using it at all has to do with a situation known as false positives. A false positive is an occurrence where your anti-spam software deems that a legitimate e-mail message (such as one from a friend, family member, or business associate) is actually spam. This can happen for a variety of reasons, such as when the message's subject or body includes spam-like terms or phrases, or simply matches some pattern or set of characteristics commonly identified with spam.

If you do choose to go the anti-spam software route, be sure to take a quick peek into the folder where junk mail messages are stored every week or so (and especially before you empty the folder to delete messages). You'll likely find that at least a few legitimate messages have been mistakenly flagged as spam, so take the opportunity to move these messages to your inbox.

As a guard against false positives, most anti-spam programs include a feature whereby addresses that appear on your whitelist are never marked as spam, regardless of their contents.

WHITELISTS AND BLACKLISTS

In addition to Bayesian filtering, most anti-spam programs also include the ability to define blacklists and whitelists. A blacklist is effectively the same as a blocked senders list, meaning that you will never receive messages from addresses (or domain names) on this list.

In contrast, a whitelist (akin to the Safe Senders list in Windows Mail) is a list of e-mail addresses from whom you should always receive messages and which should never discarded. For example, you can add all e-mail addresses belonging to friends, family members, and business associates to your whitelist to ensure that messages from these senders are never blocked as potential sources of spam. Many anti-spam programs even enable you to block all e-mail messages except those from users on your whitelist. If you only communicate with a small number of people via e-mail, whitelists provide a very effective way to keep your inbox spam-free.

REALTIME BLACKHOLE LISTS

It is very rare for spammers to set up their own e-mail servers for the purpose of sending their messages. Instead, spammers search the Internet looking for misconfigured servers that allow any user to send e-mail messages, and then use this server as their spam-sending gateway. When messages are sent through these misconfigured servers, the owner of the server is usually contacted to alert them to the situation - often through a barrage of angry messages from those who have received the spam. If the owner takes the steps necessary to properly secure his or her server, then all is generally well. If the owner ignores the messages and continues to allow his or her server to be used as a gateway for spam, however, any one of a number of organizations may add the server's name and IP address to what is known as a Realtime Blackhole List (RBL). In the world of e-mail, RBLs serve as a regularly updated source of information about e-mail servers that act as a gateway to spammers. Many anti-spam programs enable you to take advantage of the information that RBLs provide by allowing you to subscribe to the RBL and check all incoming messages against it. When the anti-spam software determines that a message was sent via a server that appears on an RBL list, the message (assumed to be spam) is automatically deleted.

Overall, enabling the RBL-checking feature of your anti-spam software is a good idea. A number of different RBL services exist, with ORDB (http://www.ordb.org) and Spamhaus (http://www.spamhaus.org) among the most popular. Although subscribing to an RBL won't cease the spam tide completely, it can help to significantly reduce your intake.

Defeating Spam with Good Ol' Common Sense

Sometimes the best defenses are also the most simple, and this is especially true when it comes to dealing with spam. Two of the key non-software solutions to defeating spam are:

Protecting your e-mail address
Knowing when to accept defeat

Each of these concepts is looked at in more detail in the following sections.

PROTECTING YOUR E-MAIL ADDRESS

The easiest way to protect your e-mail inbox against the scourge and security threats of spam is to always protect your primary e-mail address. Although the idea of keeping any and all of your e-mail addresses spam-free is a noble one, it's simply not practical. Over time, any address that you post online or submit in web registration forms is going to be hit by spam, one way or another.

Understanding that receiving spam e-mail messages is more or less a guaranteed eventuality, keep the following points in mind when it comes to minimizing your spam exposure:

Create a secondary e-mail address and use this address in all cases where submitting an e-mail address is required.
Never post your primary e-mail address on web pages, or when registered for access to password-protected web sites.
Never use your primary e-mail address in Usenet newsgroup postings.
Never submit your primary e-mail address as the address to which online newsletters should be sent, if possible.

Although none of these methods guarantees that your primary e-mail account will never receive spam messages, it helps to significantly minimize your intake. When managed correctly and not posted online, it's absolutely possible for your protected e-mail address to take in next to no spam at all.

KNOWING WHEN TO ACCEPT DEFEAT

Kenny Rogers probably never imagined that the lyrics to his song "The Gambler" would be used in an analogy in the fight against spam. However, you truly do need to understand the value of the line "you've got to know when to hold 'em, know when to fold 'em" when it comes to dealing with spam.

In a nutshell, any e-mail account that already receives tens (if not hundreds) of spam messages per day is in all likelihood a lost cause. Although you could invest a great deal of time and money into trying to fend off spam, things really can and do get to a point where the fight just isn't worth fighting any more. Whichever way you cut it, battling spam just isn't a good investment if things are already out of hand.

With that in mind, it may be best to cut your present "spamtastic" account goodbye, once and for all. A new e-mail address is literally a fresh (and spam-free) start, a chance to take what you now know about how spam finds you and not make the same mistakes again. Although there certainly isn't any such thing as an e-mail account that remains 100 percent spam-free over time, it is possible to have one that is close. Along with being much less annoying, your new account also ensures that you're less susceptible to the security threats that are increasingly creeping into Windows by way of spam - if you're serious about your online security and privacy, that alone is reason to consider making the switch.

New Address = Fresh Start

Switching to a new e-mail address may seem like a drastic and unrealistic step in fighting the war on spam, but you must consider it as an option if your spam intake becomes overwhelming. Quite simply, you can't undo past mistakes, and if your e-mail address has found its way into spammer circles, there's nothing that you can really do to stem the tide. Certainly you can invest time and money into the battle, but at the end of the day, it's you versus hundreds - if not thousands - of spammers. In other words, the odds of you winning are just not very good.

Most people look at changing their e-mail address as a bad idea - what will happen to all those people who already have their e-mail current address, after all? Although the risk of someone (especially a business contact) not being able to get in touch may seem high, the risk is quite easy to mitigate with the right approach.

Let's say that you create a new e-mail address (more on that shortly). Start by sending a message to all of your friends, family members, and contacts from your current e-mail address, letting them know that you're switching to a new address. Outline the reason (too much spam!), and let them know your new e-mail address. Then, send them a second message from the new address, asking them to add the new address to their contact list or address book, and to use it for all future correspondence. While you're at it, let them know that you're going to keep an eye on your old address for a month or two. Then, every time that you receive a message at your old address, send back a reply and a reminder that your address has changed.

Of course there may also be people you cannot contact, and who will still try to e-mail you at your old address. For this purpose, consider setting up an out-of-office reply on your old address that informs people that the address they have sent the message to no longer valid. In this message, specify an alternate way to contact you, perhaps through a business phone number or alternate e-mail address (like a new and temporary free web mail address). Just don't provide your new official address in this automatic reply, lest it become a new target for spammers.

As far as obtaining a new address is concerned, just sign up for a new web mail address if that's the route you prefer, or contact your ISP about creating a new e-mail address on its service. Many ISPs provide you with up to five free e-mail addresses as part of using their service, so this shouldn't be a problem. If it is, contact their customer support line, explain the situation, and they should be more than willing to help - less spam sent to you means less useless work for their mail servers. If your ISP refuses to help, tell their customer care people that you are considering switching to a different service provider. You'd be amazed as how persuasive an argument that can be!