Previous Story
Spam solution
|
Posted on Oct 21 2004
Since I last wrote on the spam menace, things seem to have taken a turn for the worse, with the vast majority of email users now affected by regular offers of prescription drugs, pornography, unlikely mortgage schemes and other dubious products.
Given the laws of supply and demand, this sort of marketing method would die out pretty quickly if it failed to work. But it hasn’t died out, which implies that somewhere out there is a significant number of people responding to emailed scams, blithely giving out their credit card numbers in exchange for the promise of anti-impotence drugs, teen porn or a “too good to be true” loan offers.
What’s needed, then, is a means of identifying these people—who may be new, inexperienced users—and taking away their Internet access. Then, after a few months, the amount of spam will trail off as the spammers realize that all their efforts are a complete waste of time.
OK, that’s not a realistic option, but there really aren’t many ways of stopping spam. Just as virus writers find their way around anti-virus software on a regular basis, so the spammers will find increasingly sophisticated ways of persuading people to part with their money. Automated spam filters won’t keep up. Confirmation-based systems might help. This type of software sends a reply back to the email sender asking them to confirm that they really did mean to send the email. If there’s no response, the email is deleted after a set period of time. You can set up rules to automatically allow mail through from “trusted” users, so only unknown senders will be queried.
There’s still a problem, though. Spammers don’t use their own addresses; instead they often use other people’s, often randomly selected. So the person whose email address was used, without their knowledge, in the “From” field of a spam message may find themselves deluged with confirmation requests. Alternatively, the spammer could use a real, but anonymous email address in the “From” field and set up a routine to automatically handle the confirmation emails. Either way, we’re back to the arms race between spammers and anti-spammers.
So, what can you do? First, don’t reply to spam. If you do, you’ll simply be creating more hassle for the person whose email address was used in the “From” field. Similarly, don’t post that address on other Web sites, or send large files to it, or do anything similar. You won’t be harming the spammer in any way whatsoever; you’ll just be annoying another user and you could find your account closed by your ISP for doing so. Remember, an emailed “From” address can be forged by anyone; it’s about as reliable as a “return to” address scribbled on the back of an envelope.
Most importantly, don’t click on any of the links in a spam email. Just delete it. If the spam to an email account gets too great, request for a change username/mailbox name from your ISP. Start treating your email address as you would your phone number; don’t give it to everyone and don’t publish it on the Web. And if you really want porn, Viagra or a better mortgage, get it from a real trusted company.
* * *
Mendoza is Systems Administrator of Verizon.
