andrew bellak wrote: > > Dear H-T list, > > I am getting so much spam now that it's just taking too much time to > sort through and delete. I run Win XP Pro, and use MS Outlook to > funnel 3 e-mail accounts. I also use the free Avast ant-virus software. > > My domain host for 2 of the 3 accounts says that my e-mails are > running through their anti-spam tools, Spam Assassin, but too much is > coming through. > > I'm open to buying anti-spam software. > > I look forward to the collective wisdom on this list to help me reduce > this nuisance. > Don't know who your domain host is, but maybe they aren't quite up to it or are being overwhelmed. Dealing with spam is a constant war. We spend an inordinate amount of time tuning our mail system to deal with spam. Spamassassin is only one piece of the puzzle. It scores spam, but takes no action. We are using it in a context with Mimedefang and Sendmail. We also have other tools in the mix, and we are constantly tuning, adjusting, and/or adding rules. We try to stop spammers before the mail is even received so that Spamassassin doesn't have to bother. But it comes in waves, and the nature of the game is constantly changing. Now that your email addresses are exposed and you are getting spam, there isn't much you can do about exposure. However, some people protect their primary email addresses religiously, using throwaway addresses to interact with online sites and mailing lists. When an address starts getting spammed, they toss it and make up another. Earthlink actually provides throwaway accounts for it's users and automatically forwards them to the primary account. Use them during Christmas shopping season, then toss them in January or February when you are through with all that and sure you have no returns to process. I've tacked below a US-CERT Cyber Security Tip on Reducing Spam. If you follow the link at the bottom, you will find that they have published and distributed many other focused Tip documents on various security and online issues. Pertinent to the discussion on this list resulting from someone's daughter's online activities, there is a Tip titled Keeping Children Safe Online. There are enough Tips posted there that it's well worth people taking a look and becoming aware both of risks and of how to protect against them. --------------- Chris Hoogendyk - O__ ---- Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~~~~~~~~~ - University of Massachusetts, Amherst <hoogendyk at bio.umass.edu> --------------- Erdös 4 -------- Original Message -------- Subject: US-CERT Cyber Security Tip ST04-007 -- Reducing Spam Date: Wed, 11 Apr 2007 14:45:44 -0400 From: US-CERT Security Tips <security-tips at us-cert.gov> Organization: US-CERT - +1 202-205-5266 To: security-tips at us-cert.gov -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Cyber Security Tip ST04-007 Reducing Spam Spam is a common, and often frustrating, side effect to having an email account. Although you will probably not be able to eliminate it, there are ways to reduce it. What is spam? Spam is the electronic version of "junk mail." The term spam refers to unsolicited, often unwanted, email messages. Spam does not necessarily contain viruses--valid messages from legitimate sources could fall into this category. How can you reduce the amount of spam? There are some steps you can take to significantly reduce the amount of spam you receive: * Don't give your email address out arbitrarily - Email addresses have become so common that a space for them is often included on any form that asks for your address--even comment cards at restaurants. It seems harmless, so many people write them in the space provided without realizing what could happen to that information. For example, companies often enter the addresses into a database so that they can keep track of their customers and the customers' preferences. Sometimes these lists are sold to or shared with other companies, and suddenly you are receiving email that you didn't request. * Check privacy policies - Before submitting your email address online, look for a privacy policy. Most reputable sites will have a link to their privacy policy from any form where you're asked to submit personal data. You should read this policy before submitting your email address or any other personal information so that you know what the owners of the site plan to do with the information. * Be aware of options selected by default - When you sign up for some online accounts or services, there may be a section that provides you with the option to receive email about other products and services. Sometimes there are options selected by default, so if you do not deselect them, you could begin to receive email from lists those lists as well. * Use filters - Many email programs offer filtering capabilities that allow you to block certain addresses or to only allow email from addresses on your contact list. Some ISPs offer spam "tagging" or filtering services, but legitimate messages misclassified as spam might be dropped before reaching your inbox. However, many ISPs that offer filtering services also provide options for tagging suspected spam messages so the end user can more easily identify them. This can be useful in conjunction with filtering capabilities provided by many email programs. * Don't follow links in spam messages - Some spam relies on generators that try variations of email addresses at certain domains. If you click a link within an email message or reply to a certain address, you are just confirming that your email address is valid. Unwanted messages that offer an "unsubscribe" option are particularly tempting, but this is often just a method for collecting valid addresses that are then sent other spam. * Disable the automatic downloading of graphics in HTML mail - Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message--when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem. * Consider opening an additional email account - Many domains offer free email accounts. If you frequently submit your email address (for online shopping, signing up for services, or including it on something like a comment card), you may want to have a secondary email account to protect your primary email account from any spam that could be generated. You should also use a secondary account when posting to online bulletin boards, chat rooms, public mailing lists, or USENET so that you can get rid of when it starts filling up with spam. * Don't spam other people - Be a responsible and considerate user. Some people consider email forwards a type of spam, so be selective with the messages you redistribute. Don't forward every message to everyone in your address book, and if someone asks that you not forward messages to them, respect their request. _________________________________________________________________ Authors: Mindi McDowell, Allen Householder _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Note: This tip was previously published and is being re-distributed to increase awareness. Terms of use <http://www.us-cert.gov/legal.html> This document can also be found at <http://www.us-cert.gov/cas/tips/ST04-007.html> For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRh0sJexOF3G+ig+rAQJjCQgAkqLoMWZIWfjjLTp0hUMuhmpawzt+Nfi6 cNTXjHr8JBPUjMccKR9Z7By2reiNOtCfyOzD0ZlKlDLm2gYVoMIRZW/T4L0PM1lT TWI8a3hWxVBh6mpEvTbZs4meJ/b0e/cZn1ZlxDj1cHoNFHlUX4g8WHxB7BhAhi/B Jwenvqe3Cns9k3dNJ0y94Q19YWOaMznrtY9Vs3uofiMYSDIRuLF/mygtbHs7xUzW 4wRTjrao220bnpn5J62R/FaFblaCNAcAZUWwK6eQvgPlakCZWyFRPdHJyqF0XOay ADVb/EdDpNmMyEyLvMng50aPk6HRtZV1IShug7/rwIcX//4ViE5gnQ== =6mwa -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20080417/966c8c2f/attachment-0004.html