[Hidden-tech] Anti-spam help

Chris Hoogendyk hoogendyk at bio.umass.edu
Thu Apr 17 13:33:47 EDT 2008



andrew bellak wrote:
>
> Dear H-T list,
>
> I am getting so much spam now that it's just taking too much time to 
> sort through and delete.  I run Win XP Pro, and use MS Outlook to 
> funnel 3 e-mail accounts.  I also use the free Avast ant-virus software.
>
> My domain host for 2 of the 3 accounts says that my e-mails are 
> running through their anti-spam tools, Spam Assassin, but too much is 
> coming through.
>
> I'm open to buying anti-spam software.
>
> I look forward to the collective wisdom on this list to help me reduce 
> this nuisance.
>

Don't know who your domain host is, but maybe they aren't quite up to it 
or are being overwhelmed.

Dealing with spam is a constant war. We spend an inordinate amount of 
time tuning our mail system to deal with spam. Spamassassin is only one 
piece of the puzzle. It scores spam, but takes no action. We are using 
it in a context with Mimedefang and Sendmail. We also have other tools 
in the mix, and we are constantly tuning, adjusting, and/or adding 
rules. We try to stop spammers before the mail is even received so that 
Spamassassin doesn't have to bother. But it comes in waves, and the 
nature of the game is constantly changing.

Now that your email addresses are exposed and you are getting spam, 
there isn't much you can do about exposure. However, some people protect 
their primary email addresses religiously, using throwaway addresses to 
interact with online sites and mailing lists. When an address starts 
getting spammed, they toss it and make up another. Earthlink actually 
provides throwaway accounts for it's users and automatically forwards 
them to the primary account. Use them during Christmas shopping season, 
then toss them in January or February when you are through with all that 
and sure you have no returns to process.

I've tacked below a US-CERT Cyber Security Tip on Reducing Spam. If you 
follow the link at the bottom, you will find that they have published 
and distributed many other focused Tip documents on various security and 
online issues. Pertinent to the discussion on this list resulting from 
someone's daughter's online activities, there is a Tip titled Keeping 
Children Safe Online. There are enough Tips posted there that it's well 
worth people taking a look and becoming aware both of risks and of how 
to protect against them.


---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 

<hoogendyk at bio.umass.edu>

--------------- 

Erdös 4





-------- Original Message --------
Subject: 	US-CERT Cyber Security Tip ST04-007 -- Reducing Spam
Date: 	Wed, 11 Apr 2007 14:45:44 -0400
From: 	US-CERT Security Tips <security-tips at us-cert.gov>
Organization: 	US-CERT - +1 202-205-5266
To: 	security-tips at us-cert.gov



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System
                        Cyber Security Tip ST04-007


Reducing Spam

   Spam is a common, and often frustrating, side effect to having an
   email account. Although you will probably not be able to eliminate it,
   there are ways to reduce it.

What is spam?

   Spam is the electronic version of "junk mail." The term spam refers to
   unsolicited, often unwanted, email messages. Spam does not necessarily
   contain  viruses--valid  messages  from  legitimate sources could fall
   into this category.

How can you reduce the amount of spam?

   There  are  some steps you can take to significantly reduce the amount
   of spam you receive:
     * Don't  give  your  email address out arbitrarily - Email addresses
       have  become  so common that a space for them is often included on
       any  form  that  asks  for  your  address--even  comment  cards at
       restaurants.  It  seems harmless, so many people write them in the
       space  provided  without  realizing  what  could  happen  to  that
       information. For example, companies often enter the addresses into
       a  database so that they can keep track of their customers and the
       customers'  preferences.  Sometimes  these  lists  are  sold to or
       shared  with other companies, and suddenly you are receiving email
       that you didn't request.
     * Check  privacy  policies  -  Before  submitting your email address
       online,  look for a privacy policy. Most reputable sites will have
       a link to their privacy policy from any form where you're asked to
       submit   personal   data.  You  should  read  this  policy  before
       submitting your email address or any other personal information so
       that  you  know  what  the  owners of the site plan to do with the
       information.
     * Be  aware  of  options  selected by default - When you sign up for
       some  online  accounts  or  services,  there may be a section that
       provides you with the option to receive email about other products
       and  services. Sometimes there are options selected by default, so
       if you do not deselect them, you could begin to receive email from
       lists those lists as well.
     * Use  filters  -  Many  email programs offer filtering capabilities
       that  allow  you to block certain addresses or to only allow email
       from  addresses  on  your  contact  list.  Some  ISPs  offer  spam
       "tagging"   or   filtering   services,   but  legitimate  messages
       misclassified as spam might be dropped before reaching your inbox.
       However,  many  ISPs  that  offer  filtering services also provide
       options  for  tagging  suspected spam messages so the end user can
       more  easily identify them. This can be useful in conjunction with
       filtering capabilities provided by many email programs.
     * Don't  follow  links  in  spam  messages  -  Some  spam  relies on
       generators  that  try  variations  of  email  addresses at certain
       domains. If you click a link within an email message or reply to a
       certain  address,  you are just confirming that your email address
       is valid. Unwanted messages that offer an "unsubscribe" option are
       particularly  tempting,  but  this  is  often  just  a  method for
       collecting valid addresses that are then sent other spam.
     * Disable  the automatic downloading of graphics in HTML mail - Many
       spammers  send  HTML  mail with a linked graphic file that is then
       used  to  track  who opens the mail message--when your mail client
       downloads  the  graphic  from  their  web server, they know you've
       opened  the  message.  Disabling  HTML  mail  entirely and viewing
       messages in plain text also prevents this problem.
     * Consider  opening an additional email account - Many domains offer
       free  email  accounts. If you frequently submit your email address
       (for  online shopping, signing up for services, or including it on
       something  like  a comment card), you may want to have a secondary
       email  account to protect your primary email account from any spam
       that  could  be generated. You should also use a secondary account
       when posting to online bulletin boards, chat rooms, public mailing
       lists, or USENET so that you can get rid of when it starts filling
       up with spam.
     * Don't  spam  other people - Be a responsible and considerate user.
       Some  people  consider  email  forwards  a  type  of  spam,  so be
       selective  with the messages you redistribute. Don't forward every
       message to everyone in your address book, and if someone asks that
       you not forward messages to them, respect their request.
     _________________________________________________________________

     Authors: Mindi McDowell, Allen Householder
     _________________________________________________________________

     Produced 2007 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST04-007.html>
 

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRh0sJexOF3G+ig+rAQJjCQgAkqLoMWZIWfjjLTp0hUMuhmpawzt+Nfi6
cNTXjHr8JBPUjMccKR9Z7By2reiNOtCfyOzD0ZlKlDLm2gYVoMIRZW/T4L0PM1lT
TWI8a3hWxVBh6mpEvTbZs4meJ/b0e/cZn1ZlxDj1cHoNFHlUX4g8WHxB7BhAhi/B
Jwenvqe3Cns9k3dNJ0y94Q19YWOaMznrtY9Vs3uofiMYSDIRuLF/mygtbHs7xUzW
4wRTjrao220bnpn5J62R/FaFblaCNAcAZUWwK6eQvgPlakCZWyFRPdHJyqF0XOay
ADVb/EdDpNmMyEyLvMng50aPk6HRtZV1IShug7/rwIcX//4ViE5gnQ==
=6mwa
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20080417/966c8c2f/attachment-0004.html 


Google

More information about the Hidden-discuss mailing list