لطفا منتظر باشید ...
Hack 63 Slam That Spam
You don''t have to be
bedeviled by unwanted mail. Use this hack to kill as much as 90% (or
much more, in my case) of your spam.
If you
have certain body parts that you''d like enlarged,
expect Nigerian strangers to shower several million dollars upon you,
favor spending boatloads of money for semiworthless goods, and enjoy
vile, pornographic come-ons littering your email box, then
you''re a spam lover.
Everyone else, like you and me, hates the stuff.
While there''s no foolproof way of stopping all the
spam that makes its way into your mailbox, I''ve
found ways to block at least 90% of what I don''t
want headed my way. To get that effective a blocking rate,
you''ll need to use downloadable software; the
antispam features built into Outlook and Outlook Express simply
don''t cut it. (However, if you''re
bent on trying to use Outlook and Outlook Express''s
antispam features, head to the end of this hack to learn how.)
There
are two primary kinds of software you can use to block spam. One type
sits between your email program and the mail servers where you pick
up your email. It checks your mail, marks email that it considers
spam, and then (depending on the program) lets you handle that spam
in a variety of ways, such as automatically deleting it, letting you
manually delete it, or marking it in a way that will alert your
normal email program that it''s spamand
letting the email program filter or kill the spam. In all cases,
you''ll be able to read the messages before
they''re deleted, if you want.
The other type of software integrates directly into Outlook or
another email program and kills spam from directly within the
program. I favor this kind, because it''s a simpler,
one-step process. But I''ve used both types, and both
work well.
For the kind of spam killer that sits
between your email program and your mail server, I suggest the free
program MailWasher (http://www.mailwasher.net).
It imports your existing email server account settings so that you
don''t have to set them up from scratch, and it lets
you read and preview messages before deleting spam. I especially like
its bounced mail feature; it will send a false
"address not found" address to the
sender so that it will appear your email doesn''t
exist. While not all spammers bother to clean up their list of
addresses, there''s at least the possibility this
could lead to less spam ultimately coming into your mailbox. As with
most spam killers, you can add addresses to a list of known spammers,
though spammers so frequently spoof their addresses, this may or may
not be of much help. You can also create filters with specified words
or groups of words that MailWasher will look for in email, and if it
finds them it will consider the message spam.
A more powerful, for-pay version of the program is available for
$29.95. Its primary benefit is that it will check multiple email
accounts for spam; the free version will check only one. If you need
to check only a single account, stay with the free version.
One of the tricks that spammers use is to target a site and send a
dictionary
attack
to many potential email
accounts on a server. They will send to
"bob",
"nancy", etc., as well as
"asmith",
"bsmith",
"csmith", etc. Most of the emails
will bounce, but the spammer doesn''t care. They
encode the email in HTML with an embedded
<IMG> tag. The tag has information encoded
within it to uniquely identify the valid email addresses. For
example, say cjones@mycompany.com gets an email
in HTML format. Inside the email is:
<img src=>
The web server at 83.48.123.74 will load the image named
jojo.jpg to an email in cjones''
email program. When the user sees the advertisement for herbal Viagra
or whatever, she will delete it. However, the damage has already been
done. The spammer knows that
cjones@mycompany.com exists because they know
the image was downloaded. The user cjones will soon be getting more
than just offers for herbal Viagra.
One way to prevent this type of attack
is to turn off displaying
HTML in emails.
Unfortunately, there''s no direct way to do this in
Outlook, but
there''s a hack that will do the trick for you. When
you''re in your inbox, turn off
Outlook''s Preview Pane by choosing View
Preview Pane. (To restore the pane, choose ViewPreview
Pane again.) HTML email will grab pictures from web servers only when
you''ve opened the mail or viewed it in the Preview
Pane, so all you have to do is delete spam without opening
itby using spam killers as outlined earlier in this
hackand you''ll be safe. In
Outlook Express, you can
do the same thing by choosing View
the box next to "show preview
pane." You can also download a handy plugin for
Outlook that will turn off HTML email, called
NoHTML, at
http://ntbugtraq.ntadvice.com/default.asp?pid=55&did=38.
6.2.1 Peer-to-Peer Technology Fights Spam
I''ve
tried quite a few
Outlook
add-in spam killers, and my
favorite is SpamNet (http://www.cloudmark.com).
I''ve found that it blocks well over 90% of the spam
that I receive. It uses peer-to-peer technology to gather the
collective intelligence of thousands of other email users in order to
fight spam. When you install it, it creates a Spam folder in Outlook
and routes any spam into that folder, where you can review it and
then delete it. If you get spam that isn''t
automatically routed to the folder, you can mark it as spam. Not only
is the mail then sent to the Spam folder, but SpamNet servers are
also told that you consider that piece of mail spam. That information
goes into a database, along with similar information from hundreds of
thousands of other people who use the program. A variety of
algorithms are used to determine what is spam and what
isn''t, and that''s what ultimately
blocks spam on everyone''s system. It uses collective
intelligence, which may be the ultimate spam killer.
You can also block and unblock messages as spam, so if mail is
accidentally marked as spam it won''t be blocked in
the future. I''ve used the program for well over six
months, and I''ve found that it increases in
effectiveness over time. By now, I estimate that it blocks about 95%
of spam, though that changes on a daily basis.
SpamNet runs as a small toolbar in Outlook, as shown in
Figure 6-1. A nice little touch is the message bar that
tells you how much spam the program has blocked, how much time
it''s saved you, or how much spam
it''s blocked in a day. Depending on my mood, when I
see the total amount of spam it''s blocked,
I''m either depressed that there''s
so much spam in the world or pleased at how much spam
I''ve been able to avoid.
Figure 6-1. SpamNet running on the Outlook toolbar
When SpamNet was in its extended beta period, it was free, and beta
users can continue to use the beta for free. But for Version 1.0 and
above you''ll have to pay $4.99 a month.
That''s admittedly a hefty price for a spam killer,
considering that others are available for free. But if you get enough
spam, you may consider it worth the money.
6.2.2 Slam Spam Before It Starts
The best way to fight spam is
to make sure it never gets sent to your email box in the first place.
So, how do you end up on spam lists? There are many ways, but the
most common, according to a comprehensive study done by the Center
for Democracy & Technology, is that your email address is
harvested by spammers who use programs to automatically scan web
pages and gather email addresses from them. Those addresses are then
sold to other spammers, so you could end up on dozens of lists.
There might be many reasons why you need to have your email address
on a public web site, so removing your address from sites might not
be an option. However, there are ways to hide your address from
spammers, even when it''s in plain view.
One way used to be to spell out your
email addressfor
example, post "preston at gralla dot
com" instead of
preston@gralla.com. Automated harvesting
programs won''t be able to grab your address that
way.
At least you used to be able to use that trick. Some spammers have
figured it out by now. My new favorite trick is to use a bit of
inline
JavaScript to
generate your email address at page load time. Harvester bots see a
<script> tag, but users see
bob@bob.com.
<script type="text/javascript" language="javascript">
<!--
{ document.write(String.
fromCharCode(60,97,32,104,114,101,102,61,34,109,97,105,108,116,111,58,98,111
,98,64,98,111,98,46,99,111,109,34,62,98,111,98,64,98,111,98,46,99,111,109,60
,47,97,62))
}
//-->
</script>
<noscript>
<a href=">email me</a>
</noscript>
I got the JavaScript generator from
http://www.u.arizona.edu/~trw/spam/spam. You
feed it your email address, and it generates the javascript.
Another
solution is to use HTML characters for your address rather than plain
text characters. That way, a person who visits the page can see the
email address, since HTML translates the underlying code into a
readable address, but an automated harvester won''t
be able to read it. To use HTML characters, you need to use the ANSI
characters and precede each character with &#.
Separate each HTML character by a ; and leave no
spaces between characters. For example, in HTML, the
preston@gralla.com address is:
presto&#
110;@gralla
;.com
Keep in mind, though, that if you use HTML characters to spell out
your email address, you won''t be able to put
automated HTML "MailTo" links; that
requires the text to actually be spelled out rather than using HTML
characters.
Table 6-1 lists the common ANSI codes you''ll need
for most email addresses.
A | 65 | J | 74 | S | 83 | b | 98 |
B | 66 | K | 75 | T | 84 | c | 99 |
C | 67 | L | 76 | U | 85 | d | 100 |
D | 68 | M | 77 | V | 86 | e | 101 |
E | 69 | N | 78 | W | 87 | f | 102 |
F | 70 | O | 79 | X | 88 | g | 103 |
G | 71 | P | 80 | Y | 89 | h | 104 |
H | 72 | Q | 81 | Z | 90 | i | 105 |
I | 73 | R | 82 | a | 97 | j | 106 |
k | 107 | r | 114 | y | 121 | 3 | 51 |
l | 108 | s | 115 | z | 122 | 4 | 52 |
m | 109 | t | 116 | @ | 64 | 5 | 53 |
n | 110 | u | 117 | . | 46 | 6 | 54 |
o | 111 | v | 118 | 0 | 48 | 7 | 55 |
p | 112 | w | 119 | 1 | 49 | 8 | 56 |
q | 113 | x | 120 | 2 | 50 | 9 | 57 |
For a more comprehensive list of ANSI codes and special
HTML characters, go
to
http://www.alanwood.net/demos/ansil.
There are several other things you
can do to keep your address out of spammer''s hands.
When registering at a site, always read the fine print to see whether
you''re also signing up to get unsolicited mail. I
also suggest using multiple email addresses, including those from
free mail services like HotMail and Yahoo, and to use those addresses
when registering at sites. That way, any spam will be sent to them
rather than your normal mail address.
6.2.3 Viewing Mail Header Information in Outlook and Outlook Express
As a general rule,
spammers spoof their email addresses so that you
won''t be able to find them. However, not all do, and
if you examine email header information you may be able to trace spam
to its source. Once you find the originating mail server, you can
send a message to the ISP''s administrator, asking to
block mail from the sender. It might not always work, but
it''s worth a try.
The problem for Outlook and Outlook Express users is that those
programs don''t show mail header
informationinformation such as the original sender of the
message, the original mail server, and relay information in your
messages. However, there is a way to view it.
In Outlook, right-click on
the message whose header you want to view, and choose Options. Header
information appears at the bottom of the screen, as shown in
Figure 6-2. You can scroll through it and copy and paste
from it. You can also view this information if
you''re reading a message, by choosing View
Options.Note that if you use logic when trying to view header information in
Outlook, it won''t work. If you choose View
Message Header, for example, you won''tsee your header information. Instead, that option toggles the To:,
cc:, and Subject: lines on and off.
Figure 6-2. Header information in Outlook
In Outlook Express,
right-click on a message, choose Properties
Details, andyou''ll see header information, as shown in Figure 6-3.
Figure 6-3. Displaying header information in Outlook Express
6.2.4 Handling Spam in Outlook Express
Both Outlook and Outlook Express include
ways to handle spam, though neither does a particularly effective job
because they require that you manually determine what spam is and
then block future spam based on that. Because spam comes in from so
many different email addresses and includes so many different subject
lines, it''s difficult to control spam this way.
However, you can give it a try. Here''s how to do it
in Outlook Express.
Outlook Express handles spam by letting you add email addresses and
domains to a Blocked Senders List. Then, every time
a message comes in from the address or domain, the mail is
automatically sent to the Deleted Items folder. To add an address or
domain to the list, choose Tools
Message Rules Blocked Senders List. The Blocked Senders tab of the Message Rules
dialog box appears. Click Add, and you''ll see the
screen pictured in
Figure 6-4. Type in the email
address or domain you want to block. You can block mail, newsgroup
messages, or both. Click OK when you''re done.
Figure 6-4. Blocking spam in email and newsgroup messages using Outlook Express
6.2.5 Handling Spam in Outlook
Outlook handles spam differently than
Outlook Express; it won''t automatically send spam to
the Deleted Items folder. Instead, it will color junk mail gray and
color messages with adult content maroon. You can then scan your
inbox for messages with those colors and delete them manually.
When you receive a message that you consider spam or that contains
adult content, right-click on it and choose Junk Email. From the
flyaway menu, choose "Add to Junk Senders
list" or "Add to Adult Content
Senders list." You can also manually add senders to
either list by clicking the Organize button on the Outlook toolbar
and then choosing Junk E-Mail. The screen shown in
Figure 6-5 appears. From here, you can turn on and off
the Junk Senders list and the Adult Content Senders
list. To add to either list, click on the "click
here" link, then click on Edit Junk Senders or Edit
Adult Content Senders, and add addresses to either list.
Figure 6-5. Turning spam filters on and off and adding new senders to the spam lists
|
6.2.6 See Also
The Center for Democracy and Technology''s report on
how spam is generated and how to avoid it, at
http://www.cdt.org/speech/spam/030319spamreport.shtml.
SpamPal (http://www.spampal.org) is a free spam
fighter that marks email as spam before it gets to your email
program. You then use your email program''s filters
to filter out the resulting spam.
An excellent resource for news and information about spam, and what
you can do to stamp it out, can be found at
http://spam.abuse.net.
