But I could hardly have a site called ascandal.com without at least a page about one of the most annoying scandals that affects internet users daily lives today. They aren't even satisfied with clogging our email boxes - they use any dishonest trick in the book to make us open their mail and read it, even as low as playing on our sympathy after disasters. Following these simple rules against spam will also help prevent some fraud attempts, viruses and trajans. But for effective protection against viruses, trojans and spyware you really need programs to detect them and get rid of them. The advice below is NOT enough. See also my page on computer security against Viruses, Trojans and Spyware.
I am not associated with any program or company to either prevent spam (or promote it), but there are things you can do about it.
This brief guide is divided into four parts, What NOT to do, What you CAN do including a free anti-spam program that works, Warnings to bear in mind about anti-spam programs and Anti-spam resources
The laws to prevent spam simply don't work. The Act that was supposed to prevent spam from the U.S. is rightly referred to by spammers as the Can-Spam Act. Apart from making millions of people think that spammers are operating legally (which often they aren't), it has helped tirck millions into giving their email addresses to spammers by using the opt out links, which may get you opted out from ONE spam campaign, but makes you a nice confirmed email address which may be used by the same company or sold to other spammers.
Anti spam rule #2: - NEVER click on the remove link in spam emails.
European law is no better. It specifically refers to personal emails, although as Justin from SpamAssassin says "Actually, this is based on the transcription of the laws in each country; I think we may have fixed this in the Irish transcription. at least, when a business receives spam, the recipient may indeed count as a "person" hence make it prosecutable.
Of course, none of the governmental agencies in any of these countries can afford to spend much on enforcement. lobbying is still required there."
When I suggested that we should all forward spam to the US government to force them to change their spam laws, Justin also gave me this useful piece of information: "Regarding US govt addresses -- indeed, the FTC operates such an address, and prosecutes based on spam forwarded to that. www.ftc.gov for more info..."
FRAUD
Some spam is actually an attempt to defraud you. Anti spam rule #3: - NEVER click on a link in an email which says it's from your bank, or paypal or anything like that. It's quite possibly a fraudulent email using a technique known as PHISHING - to trick you to go to a fake site to give your personal or credit card details.
It you want to go to your paypal - go to www.paypal.com NOT whatever address is in the email, which can also be faked to make it LOOK like it's the real address.
Spam prevention rule #1: - SET your email program to TEXT not HTML unless it can stop remote loading images. One program which can is Thunderbird and it's free. You can download it here: www.mozilla.org/products/thunderbird/
The emails sent to my site are screened by a program, Spam Assassin, provided by my host, so I don't have to pay for it. You can go to their site here: http://spamassassin.apache.org/index.html
Spam prevention rule #2: - If your provider or host provides Spam Assassin - USE IT - you may have to choose to switch it on. - if they don't ask them why not? But seem our warning
I find the built-in anti-spam filter in the Thunderbird/ email program is NOT very effective, so until I discovered that my host allowed me to use SpamAssassin (I just hadn't switched it on!), I used a free program called K9: If you use Outlook Express it will configure your mail account(s) automatically. Within a day it was correctly detecting over 99% of the 500 or so spam email I receive every day. Within a week it was over 99.95% correct. You can download it here: http://keir.net/k9.html
Spam prevention rule #3: - If your provider or host DOESN'T provide Spam Assassin - download a reputable anti-spam program.
You can even use K9 with blocklists of known spammers, which blocks emails sent from anyone on that antispam list. It comes preprogrammed with one such list, sbl-xbl.spamhaus.org operated by the highly reputable www.spamhaus.org. Just go to "advanced" and put a tick in "Blackhole lists". Another reputable blackhole list is bl.spamcop.net operated by the equally reputable www.spamcop.net
If you prefer to let someone else do all the work, why not subscribe to a spamcop email address? http://www.spamcop.net/ces/individuals.shtml. I am told that they are really easy to use.
WARNING #2: If you or your ISP or host (who you received email through) uses a blocklist, it is POSSIBLE that some legitimate emails won't get through. This is unlikely with the Spamhaus (sbl-xbl.spamhaus.org) or Spamcop (bl.spamcop.net) blocklists, though Spamcop recommend that people use it's list only to TAG email, not to reject it because it is an aggressive list.
Some blocklists (like the one operated by http://ordb.org/) block all known open relays - these are vunerable servers which are open to abuse by spammers, but may also be being used by legitimate customers (i.e. you!). They issue this warning: "While we try to limit that connectivity loss to only IP-addresses that are currently running open relays, sometimes a spammer hides in and amongst nonspammers in order to share a more positive fate with those nonspammers. What actually happens is that the nonspammers share an unpleasant and negative fate with spammers in that case. In other words, if you are not willing to accept occasional blockage of legitimate email, then ORDB is not for you. That being said, it would probably be worth having a look at our testimonials page."
WARNING #3: While most anti-spam blocklist are legitimate, there is at least one anti spam blocklist (SPEWS) which deliberately targets non-spammers.
At the time of writing SPEWS blacklisted over 900,000 people in the UK because some people who used the same Internet Service Provider are/were spammers. As they don't block emails themselves, they might seem unimportant except that some Internet Service Providers DO use their list and some people are foolish enough to use an anti-spam program with SPEWS enabled. If so, you could lose important emails.
CHECK with your ISP Do they use the SPEWS blacklist (as opposed to more reputable ones)? If so they may block important emails sent to you which you want (or in some cases NEED to receive.)
Spews choose to target whole ISPs, and call the innocent millions affected (900,000 in that one case alone) as "collatoral damage" - their words not mine. It is their policy to use their attacks on the innocent to blackmail ISPs into getting rid of the spammers. They also provide NO WAY to contact them except through a newsgroup populated (at least in part) by the same kind of extremists as they are. Use that newsgroup if you've been blocked falsely and you will probably suffer abuse and possibly be threatened with everything from physical attacks, hacking, or denial of service attacks. In my case, even though NO reputable blacklist listed me (and even SPEWS didn't claim that I was a spammer) some idiots from that newsgroup made allegations which had my sites taken down. Being legally trained it only took me a short time to convince the host to restore them, others might not be so lucky. Unlike SPEWS, who hide behind addresses in Russia, most hosting companies ARE answerable to the law.
We all think spammers should be ousted, but is it ethical to knowingly and deliberately attack the innocent and to use them as a weapon? No. This is why few reputable anti-spam organisations have anything to do with them.
As Justin of Spamassassin said "nobody who understands spam filtering would use them (SPEWS) to filter real email. Even our own mailserver is blocked by SPEWS"
I would like to congratulate Catherine of Spambouncer. Although we are both against spam, we had a rather bad-tempered diagreement about Spews in which we were both probably partly at fault. In spite of her saying that she wouldn't read anything I had to say, I can only assume that she has as she, like most reputable anti-spam sites, no longer recommends spews.
K9 anti spam program (FREE) http://keir.net/k9.html
SPAMCOP spam free email http://www.spamcop.net/ces/individuals.shtml
Maintains the bl.spamcop.net blocklist. They were also very helpful in taking time to answer some of my questions.
www.spamhaus.org operates the sbl-xbl.spamhaus.org blocklist. You can support this voluntary organisation here: www.spamhaus.org/donations
http://ordb.org/ runs a list of vunerable open relays. You can support this voluntary organisation here: http://ordb.org/donate/
http://spam.abuse.net/ is a great site for information about spam and what to do about it, for users: http://spam.abuse.net/userhelp/ and for system administrators http://spam.abuse.net/adminhelp/. It even has some advice for genuine marketers who don't want to spam people http://spam.abuse.net/marketerhelp/.
Anti spam resources at PC world (Their home page is here: www.pcworld.com)
I cannot recomend spam-pal because they list SPEWS as one of the blackhole lists for their customers without warning them of spews unethical practices.
See also my page on computer security against Viruses, Trojans and Spyware.
Back to main page of www.ascandal.com