How to avoid Spam

  • Thread starter Thread starter Biswajit.HD
  • Start date Start date
  • Replies Replies: Replies 0
  • Views Views: Views 1,352

Biswajit.HD

Member
Joined
5 Aug 2011
Messages
2,282
Reaction score
281
Webmail

Hotmail exploded on the scene years ago, and set the trend for Web mail services online, accessible from anywhere in the world. Let’s take a closer look at the spam filters provided by this service, as well as a couple of its competitors, Yahoo and Gmail. In our test scenario, we created free accounts in each of the providers. Next, we listed these e-mail addresses in popular websites, ranging from news organizations to blogs, and gave the e-mail addresses away on online surveys and contests. We monitored the flood of e-mails received over a period of three days and logged the parameters—‘Total’ number of spam e-mail received, percentage of spam e-mails ‘Caught’ by the provider’s filter, percentage of spam e-mails ‘Allowed’ to the Inbox. We also sent out legitimate e-mail messages with some suspect keywords, for instance, ‘Viagra’, and logged how many of them were sent to the ‘Spam’ folder.

Bypassing Filters

If you were to take a closer look at the header in the spam messages you will notice that no two spam messages contain the same sender’s e-mail address. That’s because spammers change their addresses constantly to delude mail provider’s spam blockers. For instance, if a spam message from ‘[email protected]’ is received by the mail provider, it will be blocked from the Inbox the second time. So, the next time, the spammer will send his e-mails using ‘[email protected]’ to get past the spam filter. Another method spammers use to pass the filters is by inserting special characters in their e-mails or by creating a message with an unusual mail format. Thus, when the provider’s filter checks the message for keywords, it is tricked into letting it pass.

Users can better filter spam from their Inbox using a tool called Spamihilator. It has a flexible criterion for detecting spam messages, and its functionality can be extended via plug-ins. However, this tool can only be used with mail clients, such as Outlook or Thunderbird, because Spamihilator positions itself between the provider’s e-mail server and the mail client, acting as a proxy server. When the user pushes the ‘Send/Receive’ button on his mail client to download e-mail messages from his provider’s mail server, they are checked by Spamihilator for suspicious content and are deleted if they are indeed spam, and only the remaining e-mails are passed on through to the Inbox. Thus, using this tool, the user can successfully block unwanted e-mails that have slipped past his provider’s filter from clogging up his Inbox.

INSTALLATION: Close all running mail clients and install Spamihilator from this month’s CHIP DVD or the website www.spamihilator.com. During setup, select ‘Full’ type of install in order to ensure an all-round protection with plug‑ins.

Spamihilator automatically identifies the installed mail client and the protocol used. Fortunately for users, Spamihilator has been supporting IMAP access for some time now and the supported mail clients is long—Microsoft Outlook, Eudora, Opera, Pegasus, IncrediMail, Phoenix and so on. The default settings are quite adequate for protection and the user need not bumble around making any changes to them. The best plug-in of Spamihilator is the highly effective DCC filter. Since it is a plug-in, it isn’t directly integrated in the core module of the tool, but it can be used to block spam. DCC stands for Distributed Checksum Clearinghouse and works by sending a secure checksum of every incoming mail to the network and receives the number of users who also sent the same checksum. This comparison helps the spam recognition rate. For instance, if after installing Spamihilator to work with your mail client you receive a mail, it sends the message’s checksum to a DCC server where it is ascertained how often a mail with the same check number has been sent to a mail recipient. If this checksum number comes up too frequently during the comparison, the DCC server classifies the message as spam and reports it to the Spamihilator, which filters it out. However, this service requires a fast Internet connection, so disable this feature if you don’t need it.

TRAINING: Apart from the DCC filter, Spamihilator also offers other popular security measures, right from a word filter to blacklists and whitelists. Any spam filter will work better only if the user spends time to ‘train’ it. Here is how to go about doing that—right click on the Spamihilator icon on the system tray and select ‘Training Area’, which works similar to a text pattern profiler. The training window displays a list of recently received e-mails—select a message from a known sender and press ‘View Message’. If it turns out to be spam, then press the ‘Spam’ button, otherwise press ‘Non-Spam’. The more you do this, the better Spamihilator gets at detecting spam e-mails, based on the content of identified spam messages.

We also ask our readers to be Good Samaritans and notify infected PC owners that their accounts or PCs are in the hands of spammers. It is not difficult for a spammer to take over one’s PC. All he has to do is smuggle a Trojan into the system that reads and copies all the e-mail addresses in the mail client. It then sends these addresses back to the spammer.

A Whitelist offers additional protection as it marks messages from specific addresses as ‘non-spam’. Go to ‘Settings’ in the context menu of the system tray icon, and browse to ‘Senders | Friends’ in the left-side navigation panel. There are two ways to input addresses here—simply drag and drop e-mails from acquaintances into the window, or if the mail client doesn’t support drag and drop, then enter the addresses in manually. Importing addresses from the Windows address book, or a comma separated text file (CSV), is also supported.


Weeding out Spam

The security measures that we have mentioned so far will only protect your Inbox against standard spam. In order to block e-mails containing Cyrillic special characters, PDF attachments or unusual formats, the user requires something extra that deletes spam messages immediately. Otherwise, the user’s Junk E-Mail folder will be full in no time. Outlook users should take advantage of the Junk E-Mail options in the program, from ‘Action | Junk E-Mail | Junk E-Mail Options’ and define a Whitelist that contains all contacts from your Outlook address book in the ‘Safe Senders’ tab.

THUNDERBIRD: This mail client from Mozilla keeps a list of all the mails that the user considers spam. All you need to do is inform the client about the method it should use to deal with the junk e-mail it finds. To do this, select ‘Tools | Options | Privacy | Junk’ and check the option ‘When I mark messages as junk Delete them’. Save your changes and close the window by pressing ‘OK’. Now if you receive a junk e-mail, simply select the message and click on the ‘Junk’ icon on the toolbar. The more often you do this, the better Thunderbird gets at weeding out spam.

DEFENSE SHIELD: If the user implements all the measures mentioned till now, then his PC is almost a hundred percent protected against all kinds of threats. But this protection is fleeting and lasts as long as spammers do not think of any new ways of delivering spam messages. In order to keep your mailbox ‘spam free’ forever, you need to conceal your e-mail address, thus preventing e-mail address collectors from confirming the existence of your Inbox.

DISPOSABLE ADDRESSES: If you need to post something to a Web forum, you will most probably have to register and provide an e-mail address before you can start a thread and reply to a topic. Once that all important e-mail address has been revealed, it is a piece of cake for spammers to get hold of it. Sure, you can do what a lot of other people do, and create an account especially for handing blogs and Web forums, but keeping track of multiple e-mail accounts gets to be quite a hassle. We recommend that readers use free services such as Spamgourmet (www.spamgourmet.com), or 10 Minute Mail (http://10minutemail.com).

In Spamgourmet, all you have to do is enter in your real e-mail address, and the service creates a fake account (e-mail ID) for you, from which you can forward up to twenty e-mails to your real Inbox. Once you receive your confirmation and activation e-mails from the Web forum master, you can forward them and not be hassled by any future notifications from spammers who discover the e-mail address. This has an advantage over 10 Minute Mail, because here you actually have an e-mail with your account username and password, whereas with the latter, the e-mails need to be saved instantly or they will be lost.

Website Woes

If you operate a website or blog, you have to publish your e-mail address so that visitor may be able to contact you. And once your address is out there, the probability that a spammer will discover and use it is very high. However, there are a few highly effective methods you can use to counter this threat.

The first method involves publishing your e-mail address on the Web page in the form of an image. Now, before you hasten to inform us that most address harvesters used by spammers can read normal images file without any problems, there is a trick to it—divide the image into separate pieces and put them side-by-side. Here’s how—open up MS Paint from ‘Start | Run | mspaint.exe’ and use the text tool to write your e-mail address on a blank canvas. Open a new canvas by pressing [Ctrl]+[N] and use the cut-paste tool to split the phrase in the middle of a letter and paste it in the new canvas. Save the two image files. Finally, combine them in your Web page by placing the images next to each other in such a way that the split isn’t visible. The second method to disguise your e-mail address requires you to be comfortable with code. That’s because it is easy to confuse the harvester by using absurd HTML commands. For instance, instead of the phrase ‘[email protected]’, enter the following lines in the Web page editor:
<P>deepti.kr<FONT color=#000000>ishnan</FONT>@<FONT color=#000000>ch</FONT><FONT color=#000000>ip.in</FONT></P>
The <P> command starts a new paragraph, and the <FONT> command assigns the font characteristics of the text, in our example the color attribute. The value ‘#000000’ corresponds to the color black, and all that the code does is that it assigns the color black to the text repeatedly. So, while the address will be perfectly legible to the visitor, the address harvester won’t be able to recognize it as one while reading the source text of the page. It will not be able to identify the e-mail address as a coherent text any more because we have also split the term ‘chip.in’ into two parts.

Many Web pages display their e-mail address in text form only, for instance, ‘abc (at) web (dot) com’. Unfortunately, spammers have already wizened up to this trick and have programmed the address harvesters to recognize this format. So, when a harvester does come across an ‘(at)’ it automatically converts it into the right format ‘@’. You can try it out with browser Lynx (http://lynx.isc.org) based on the command lines:
Lynx –dump <url> | grep @
With this command, you can search in it for different styles for the character ‘@’.


Rat Trap

Not matter how many layers of protection you set up, nothing is quite enough to ensure zero spam. To date, spam defense is very much a cat and mouse game. Should a spam wave be blocked, the sender will soon find a way to bypass the protection measure. What does this mean? If we want to eradicate spam from our Inbox, we need to do it ourselves.

THE BAIT: If you operate and maintain your own website or blog, there is a way you can switch off the most important operating tool of a spammer, which is the address harvester. You will find the Perl-CGI script ‘Wpoison.pl’ and the ‘words.zip’ file in the ‘WPoison’ folder on this month’s CHIP DVD or on the official website (www.monkeys.com/wpoison). You must unzip the latter (‘words.zip’) to the same folder that contains the Perl script on the Web server. The procedure of integrating the script perfectly depends on the website service provider and the Web editor you use. Navigate to the website www.webweavers.de/material/cgi.rtf to find instructions for incorporating the CGI scripts in the source text of the website. The manufacturers of WPoison provide their script for free, but they ask for the incorporation of their logos on your website. Instructions for doing so can be found in the source code of the Perl scripts and on their website. Though the integration of the logo on your website may not be aesthetically pleasing, there is an advantage to displaying it since all visitors would be warned. Thus, a spammer with evil intentions stupid enough to try to attack your site with an address harvester will have to bear the consequences himself. That’s because once the script is added, the following happens—when the harvester reads the source code of your Web page, the script creates incidental Web and e-mail addresses. If the harvester now follows the links, WPoison generates other ones immediately. The address collector is caught in an infinite loop and forwards only fake addresses to its owner.

WAR GAMES: Spammers have taken certain measures to protect themselves against scripts like WPoison and are starting replace their harvesters with botnets. Unfortunately for users, there is as yet no tool available against that. Nevertheless, filing a complaint at the service provider of the spammer is sometimes quite helpful, since they would take immediate action against illegal use of its services. After all, it is the provider who has to suffer financial losses due to unnecessary data traffic, brought on by the spammer.

The website Spamcop.net (www.spamcop.net) evaluates received spam messages to ascertain the credibility of the sender. We recommend that readers register themselves at Spamcop.net using the ‘Register Now’ link. Once you receive a confirmation mail from ‘Spamcop Authorization System’, activate your account and log in, you can start sending in spam e-mails to the service. SpamCop will do the rest. At the very least, once the provider knows about the nefarious activities of the spammer, he will be sure to cut him off.

Source : Chip magazine.
 
Back
Top Bottom