< Day Day Up > |
Spam Bam, No Thank You Ma'amThe Annoyance:Spam spam egg sausage and spam that's all I get in my inbox. How did these spammers get my email address? The Fix:Spammers can grab your email address in any number of ways. If you posted your address in an online forum, newsgroup, or on a web page, it was probably harvested by a spambot special software that scours the web looking for "@" signs, then collects the addresses surrounding them. You may have signed up for an online sweepstakes at a site like jackpot.com or grouplotto.com and agreed to receive the junk, even if you're not aware you agreed to it. (See the "How to Read a Privacy Policy" sidebar in this chapter.) Or a friend might have signed you up at one of these sites (friends like this you don't need). More likely you were the victim of a "dictionary" or "brute force" attack, where a spammer overwhelms your ISP's email server with messages sent to random combinations of letters (like bob-aaa@yoursisp.com, bob-aab@yourisp.com, etc); those that don't bounce back are added to the spammers' collection and then sold over and over and over. So, in other words, you could do absolutely nothing on the Net and some spammer could still find your email address and start filling your inbox with junk. For a detailed discussion of the many ways spammers harvest email addresses, see http://www.private.org.il/harvest.html. For a good general discussion of Spam, read the FAQ provided by the Coalition Against Unsolicited Commercial Email (http://www.cauce.org/about/faq.shtml). Whose Address Is It, Anyway?The Annoyance:I'm tired of being a magnet for electronic luncheon meat. What can I do to wrest my email address from the clutches of these evildoers? The Fix:Sorry. Once a spammer has your address there isn't much you can do to get it back, short of abandoning your old address and starting from scratch with a new one. But you can limit exposing your new address using a few time-tested tricks. For a start, don't use your primary email address when you fill out web forms, especially for sites that offer something free in exchange for your information. Instead, set up a junk address on a free web mail service (such as Yahoo Mail) and use that one when you sign up. You may have to check that address periodically for legit mail, such as the confirmation messages you get when you sign up for some sites. If you post information to newsgroups or online forums, you can subtly alter your real email address so it's easy for humans to decipher but impossible for spam bots to harvest. Something as simple as "Bob at yourisp dot com" will tell people you can be reached via bob@yourisp.com. If you're starting over, choose an email address that's harder for brute force attacks to guess, such as bob1776smith@yourisp.com. That may slow the attackers down a bit. Finally, if you've got your heart set on putting your email address on your web site, do it by creating an image of your email address with a tool such as Windows Paint, or take a screenshot of your email address (that you've typed into a Word document) and save it as a GIF or JPEG file. Then plop the image onto your page like any other picture. Spambots can't read graphics.
Nix Those Nasty PixThe Annoyance:I don't mind deleting spam. Sometimes I even enjoy reading the stranger ones it's like haiku for geeks. But the porn photos do intrude on my right to be let alone. How do I turn these images off? The Fix:You need to tell your email client to stop displaying email formatted to look like a web page (i.e., written in HTML), and instead display it as plain text. To turn off HTML display in Outlook 2003, for example, you'd select Tools But remember, this change also applies to newsletters and other HTML-formatted mail whose pictures you would want to see. To get around this setting, open the email, right-click the bar across the top of the message that says "This message was converted to plain text," and select Display as HTML.
annoyances 3-5. You can tell Outlook 2003 to display HTML pages (bottom) as plain text (top) and effectively turn off offensive images. When you get an email you want to see in all its HTML glory, you can restore its appearance with just a couple of clicks.![]()
Declare War on Spam, Part IThe Annoyance:Deleting spam takes forever. Isn't there some way to get rid of all the junk before it hits my inbox? The Fix:Yes, but the solution will cost you time and/or money. The cheap fix is to set up filtering rules in your email client that look for obvious spam messages and route them to a special folder, where you can look them over. If you get only a handful of junk each day, this approach can be effective. If you're swimming in the stuff, you'll spend more time creating and tweaking the rules than you would simply deleting each spam that comes in. Some email packages, such as Outlook 2003 or Eudora 6.0, already have spam filtering built in (see "Declare War on Spam, Part Deux"). Most other email clients let you build rules from scratch. For example, to set up a filter in Outlook Express 6.x, you'd select Tools Now all suspect mail with "Cialis" in the subject line will be shuttled to your spam folder where you can review the messages before deleting them, just in case your filter catches legit mail by mistake. When you create the rule, make sure the rule also searches the From field, message text, and so on. You'll also need to continually add new filters and tweak old ones as new spam pours in. Declare War on Spam, Part DeuxThe Annoyance:It sounds like creating and maintaining email is more work than just deleting the junk. The Fix:You got that right. Fortunately, there are simpler solutions. You can use tools provided by your Internet or web mail service provider to block spam, provided they have any. You can buy a third-party spam filter that works with your existing email package (the best ones actually work inside your email program, which saves you some hassle). You can move up to an email package that has spam filtering built in. Or you can adopt a new email service that filters mail for you. Here's the skinny on each.
There Oughta Be a Law. Wait, There Is a Law!The Annoyance:I thought spamming was illegal. Why am I still getting this stuff? The Fix:At last count, 36 states had rules on the books outlawing various spamming practices (for a list of the state laws, see http://www.spamlaws.com/state/). But in 2003, Congress passed The CAN SPAM Act of 2003, which pre-empted most of those statutes. ("CAN SPAM" stands for Controlling the Assault of Non-Solicited Pornography and Marketing, proving once again that Congress is better at coining acronyms than writing laws.) The Act essentially says that companies can send you unsolicited email until you tell them to stop, as long as they follow a few simple rules such as including a real return address on each message, as well as a way to unsubscribe from future mailings. If the bulk mailer doesn't follow the rules, it can be sued by ISPs or the Feds (but not by you). Downsides: you'll have to unsubscribe from every company that sends you mail, which could mean doing it thousands of times a year. And it won't do squat to stop scofflaw spammers many of them located offshore from flouting the law and continuing to hawk fake prescriptions, work-at-home scams, and other flimflams. In fact, the volume of spam has increased dramatically since CAN SPAM was passed from around 40 percent of all email to about 70 percent, by most estimates. So yes, spamming is illegal, but the law ain't helping much. Fight Fire with WaterThe Annoyance:I am so sick of spam I could just scream. Blocking the junk isn't enough. How can I fight back? The Fix:Unfortunately, the CAN SPAM Act does not allow individuals to sue spammers (don't blame me, blame Congress). But it does allow Federal agencies and ISPs to sue the bastards. In March 2004, AOL, EarthLink, MSN, and Yahoo filed their first suit against spammers under the new law. You can add fuel to their fires by forwarding spam to your ISP's abuse department (usually something like abuse@yourisp.com) and to the Federal Trade Commission's spam "refrigerator" at uce@ftc.gov. If the spam is also a scam, you can also register a complaint with the Internet Fraud Complaint Center, which is run by the FBI and the National White Collar Crime Center. You'll find a link to the complaint form at http://www.ifccfbi.gov/cf1.asp. But remember, they don't accept anonymous complaints, so you'll have to surrender a fair amount of personal info, like your name, phone, email, and date of birth.
Don't Bank on ItThe Annoyance:I got an email that looks like it came from my bank asking me to verify my account information. Should I be suspicious? The Fix:Very. No bank worthy of your business will ask for your account information via email. You've got what's known as a phisher spam email that pretends to be from a financial services firm (or ISP, or online payment site), but is really designed to coax personal information from you. Phisher email can be quite sophisticated; many feature genuine logos and working links to the corporation's actual site. Some even take you to the real site, then pop up a window that asks for your name and account info; that data gets shuttled to scammers who sell your identity to crooks, who then use it to buy stuff and open new accounts in your name essentially stealing your identity. According to the Anti-Phishing Working Group (http://www.anti-phishing.org), phishing attacks are increasing at a rate of more than 100 percent per month. So expect to see a lot more bogus bank emails. Some spam blocking packages, such as MailFrontier Desktop and Qurb, have filters to identify possible phisher scams. EarthLink offers a free ScamBlocker toolbar (http://www.earthlink.net/earthlinktoolbar/download/) for Internet Explorer that warns you when you attempt to visit a site operated by a known phisher gang (see Figure 3-6). Support for other browsers is due later in 2005, but with dozens of new phishers scams emerging each day, EarthLink can't possible track all of them. Be alert! annoyances 3-6. So despite all my warnings you clicked the link in that phisher email after all, eh? If you had EarthLink's ScamBlocker toolbar installed, this is what you'd see.![]() Another option is to download Corestreet's free SpoofStick toolbar (http://www.corestreet.com/spoofstick/), which installs into Internet Explorer or Firefox and displays the name of the web site you're really on a fast way to separate phisher sites from the real McCoy. To install SpoofStick in IE, click the download link on the Corestreet site, and in the File Download window click Open. Follow the prompts in the install wizard. IE will shut down automatically. When you re-launch IE, the SpoofStick toolbar should be prominently displayed below the address bar. In Firefox the steps are a little different. If Firefox prevents sites from installing new software (as it should by default), click the Edit Options button in the banner that displays across the top of the page. In the Allowed Sites dialog, click the Allow button, then OK. When Firefox asks you to confirm your choice, click the Install Now button. Restart Firefox, then select View If you use a different browser, your best recourse is to never click any links inside an email message that claims to be from your bank or other financial institution.
Always type the name of your bank's web site into your browser, and make sure you arrive at a secure site the address should begin with https and you should see a tiny padlock icon in the lower right corner of your browser. When in doubt, contact your bank. If there's a phisher scam circulating in their name, they'll likely know about it. So, is it the real deal or a fiendishly clever spoof? Check the following five tell-tale signs to see if you've got a phisher mail, as illustrated in Figure 3-7.
annoyances 3-7. Anatomy of a phisher scam.![]()
Watching the (Digital) DetectivesThe Annoyance:I'm bombarded by spam that claims I can find out anything about anybody, simply by buying a $30 software package. Are these things for real? The Fix:Well they're real in the sense that the people who sell these things really do take your money. But no software product can turn you into a virtual Philip Marlowe, or conversely, expose your secrets to the world. The "detective" software products I've seen consist largely of text files explaining how to find and use public records databases, along with links to paid search sites (such as the ones discussed in "Fend off Cyber Stalkers"). Because the data is public and largely available for free at sites like Search Systems (http://www.searchsystems.net) and Public Record Finder (http://www.publicrecordfinder.com) there's no earthly reason to spend 30 bucks. And since you can't do much to suppress public records (such as property ownership or professional licenses), it makes little sense to worry about it. Swat Web BugsThe Annoyance:I've heard that it's possible for spammers to tell if you've read email they've sent you. That just creeps me out. How do they do this, and how can I stop them? The Fix:You heard right provided they're sending you HTML mail. In fact, this is becoming standard practice for all bulk emailers, legitimate and otherwise. The trick involves embedding a tiny transparent graphic often a single pixel in the message that's tied to a bit of HTML code. When you open the message, that little bit of HTML code tells the page to go fetch a picture from another server out on the Net. But there's no picture to fetch; the server on the other end craftily records that the email was opened, the email address of who opened it, their IP address, browser used, and potentially more. Many web sites use the same technology to determine what pages people open when they visit a site. To turn off web bugs in email, follow the steps outlined in "Nix Those Nasty Pix" above. To detect the little critters in web pages, download the free Web Bug Detector from Bugnosis (http://www.bugnosis.org). Two caveats: it only works inside Internet Explorer 5.x or later, and you may quickly grow tired of the little noise the detector emits as it encounters bug after bug after bug... Enquiring Minds Don't Really Want to KnowThe Annoyance:I received a message from a web site claiming that other people have made inquiries about me. But to get more information, they want $25. Should I pay up to find out what people are saying about me? The Fix:Not unless you want the word "sucker" tattooed on your forehead. This is an old scam that comes from a variety of domains, such as http://www.word-of-mouth.org and http://www.shareyourexperiences.com. (See the Snopes Urban Legends page at http://www.snopes.com/computer/internet/wordofmouth.asp for more details.) Even if someone was investigating you (doubtful), all these sites do is let you contact them anonymously via email. That's hardly worth 25 bucks. Free Web Mail, Free SpamThe Annoyance:I signed up for one of those free webmail accounts so I could use it as a spam repository. Now I'm getting spam sent from the web mail provider to my primary email account! The Fix:You didn't think those accounts were really free, did you? The price for using a "free" email account is to be pelted with ads and the occasional spam (see Figure 3-8). Netscape Mail is particularly egregious it automatically signs you up to receive all types of marketing sludge, including junk mail and telemarketing calls, and not only from Netscape but from its cousins in the Time Warner mediopoly, such as like America Online, MapQuest, and Fortune magazine. Fortunately you can tell them to bug off. With Netscape, sign into your webmail account, click the My Account button below your sign-in name, then select Tools & Services from the menu on the left of the screen, and click the Preferences link under the Communication heading. Change all the Yes answers on that page to No, then click Save, then OK. Yahoo isn't quite as bad; a free Yahoo Mail account opts you into Yahoo marketing slop, but only the electronic kind. To remove your name, sign in to your mail account, click the My Account link just to the right of the Yahoo Mail logo (you'll have to sign in again), then click the "Edit your marketing preferences" link in the Member Information area, and uncheck all the boxes. Click the Save Changes button, and then sign out. With Hotmail, the only dreck you're automatically signed up for is email from MSN about new services. Unfortunately, the only way to stop it is to cancel your Hotmail account. The good news? At least half the time, Hotmail's own spam filters shunt such messages to its Junk folder, where they disappear after 7 days. Or you might just sign up for a free Gmail account, which comes 100 percent free of marketing sludge. However, Gmail's servers will scan the content of your email, then serve up text ads based on keywords inside your messages (see Figure 3-8). This can lead to some interesting juxtapositions such as ads for baby products showing up inside porn spam. For some folks, having anyone read their email, even if it's only a machine, constitutes a privacy violation. annoyances 3-8. Google's Gmail service scans the content of your email, and then delivers ads based on keywords inside the message.![]() |
< Day Day Up > |