Cozahost Newsletter Archive

Previous issues

A new volume of the Cozahost newsletter. 

We kick off with a special "request": We explain where spammers got your email addy and what you should do to protect yourself in future. 

Please feel free to forward this newsletter to friends or colleagues who might benefit from it.
 

 
Been a while, hasn't it?

Welcome to the new volume of the Cozahost newsletter.  If all goes well and neither the Rand nor Zimbabwe nor Ivy Matsepe-Casaburri fall on our proverbial heads, you can expect a dose of this newsletter, twice per month.  It is still free as rain and it will stay that way - you can beg to pay all you like.

We have lots to talk about: Telkom (sigh!), the new Microsoft operating system "Vista", personal productivity, web marketing, security, new internet trends, and a host of other topics.  This issue is about a special "request". So, before we kick off, I want you to picture this scene:

It was a perfect autumn Saturday afternoon in Cape Town. The rugby battle flags were hanging limp in the cool air, stirring only occasionally when gently fingered by a slight breeze.  The smoke from the braai hung like a benevolent mist in the back-yard, teasing the nose with the smell of lamb fat dripping in the hot coals.

Shadowy figures encircled a huge braai - like priests lovingly tending to an altar.  The acrid smoke forced them to squint, but they were otherwise undisturbed by the spattering of fat and billowing of smoke.  Their eyes were locked on the grid less than a meter away. Each of them were clutching a glass firmly in the right hand. 

I filled my glass (required for entry) and joined the brooding circle, fully expecting to hear a detailed dissection of our chances of winning the rugby today.  I was dead wrong.  The subject of discussion was internet security.  A bit of a girlish subject for a bunch of brutes to discuss hours before a big rugby game if you ask me.  I was about to share this opinion when I realized that they blame me for all the world's computer related problems - anywhere and of any nature.  It is my punishment for working in IT.  I decided the best course of action was to maintain a low profile and shut up.

My optimism was in vain.  The leader (the one with the braai tongs) looked up and fixed me in a stare.  The rest followed suit.  "So buddy", he asked pointedly, "I see you screwed up email too?" 

Showing weakness at this point can be a fatal mistake, so I tilted my head slightly and answered: "Nê?"

"All that bloody viagra offers and other junk you keep sending us!", clarified one of the others. 

"O.", I said, looking down at the grid, pretending to be worried by a piece of boerewors pumping a thin jet of fat ten centimeters into the air.  I let them stew a little.

A few seconds later, I sighed dramatically and said: "I'll do a bloody newsletter about it." 

One of the others grabbed the braai tongs.  The new leader turned a tjop and said: "You bloody better.", he moved the wors out of the flames and continued, "That bloody glass in your hand better not be empty..."

And that gentle reader, is why this issue of the newsletter is about spam.  And how I am not personally responsible for it. 
   

The unsolicited emails offering fantastic herbal enlargement pills, secret liaisons with ultra liberal, ultra flexible supermodels and, my personal favorite, a kind gentleman wanting to deposit millions into my bank account.

Actually the word "spam" is slang.  The technical term is unsolicited bulk email.  But I prefer the four letter word.

You are right if you feel spam is getting out of hand!

It did. And it is.

The well-known consultancy firm Gartner projects that SPAM (unsolicited commercial email) will increase by one thousand percent per year - and almost 70% of all email received on the internet is now spam! This means that unless we do something, the spam problem is going to get even worse.

In this article we discuss how you got targeted by spammers and what you can do about it.
  

 
Spammers sends billions of email messages in the hope that a fraction of a percent of recipients will visit their site or buy their product.

Once people stop responding to these messages, there will be no point in using spam.

Of course this is an idealist point of view ("common sense is not at all that common", to quote Winston Churchill), and there will always be gullible and naive people to fund spammers and other online crooks. This does not mean we should give up. By educating people and helping our friends and colleagues understand spam and how it works, we hit the spammers where it really hurts - in their bank accounts.

When you help spammers to confirm that your email address is active, you incentivise them to send you more spam. Spammers can track your email address (validate that it is real) when you:

• Open an HTML spam message while online
  The message includes links to the spam web site enabling the bad guys to track the fact that you opened their message. Now the spammer knows that your email address is valid and you will keep on receiving "offers" until you scream.
• Unsubscribe using the link provided
  Sometimes a particular spammer might actually honor your unsubscribe request, but most will simply sell your now validated email address on tens or hundreds of other spam mail lists. In the end you are worst off because more spammers now have your email address.
• Reply to the spam
  When you reply in any way - even to complain, they know you are there.
• When you buy from them
  Of course, when you buy a product advertised with spam or visit the website in the spam message you pay the spammer's salary AND his Porche. All they need is a few hundred people per million to buy their product / visit the web site.

Bottom line: Don't read, respond to (or open) any spam message.
     

 
Spammers use software programs (called robots or spiders) to "read" web sites to harvest email addresses published on the web.  Once you publish your email address on any web site or discussion forum, robots may pick it up and add it to their spam list....and you will get spammed for as long as that email address stays active.

The number one golden rule is therefore to never, ever publish your email address on any web site - including your own!  (Use a contact-us form instead.  Most reputable ISPs help you with this - if not, give Cozahost a call. ;-).

If you don't have access to server based forms, or for some reason you need to display your email address, at least try to hide the "@" sign in your address.  Unsophisticated spam robot software look for the @ sign to harvest your email addresses.

A simple and mostly effective technique to fool the robots is by making your email address human readable, but difficult for software to understand.  For instance: instead of publishing your email address as neverspam@goaway.com publish the address like this: neverspam[at] goaway.com. 

This is not as foolproof as server side-forms and it might confuse some of your less astute visitors - but that's a small price to pay for spam-free email!

Other sources abused by spammers to harvest email addresses are:

• Online directories
  Sites with online lists of telephone numbers, email addresses and contact information - including telephone directories and some specialist search engines.
• Chain letters
  When you forward chain letters you expose your own email address and those of all the other people who got duped into perpetuating the junk mail because they are either superstitious or stupid, or both.
• Online guest books
  When you sign an online guest book on a web site, be aware that spammers might be scanning that site for email addresses too
• Online chat rooms
  This is a favorite hang-out for spam bots. 
• Classified adds, online discussion forums and newsgroups
  Golden rule: if your email address is available anywhere on the web, the spammer bots will find it.
• Contact details for domain registration
  Contact info for domain registrants must be published publicly where spammer bots can get your email address.
• Blogs
  Do not disclose your email address when you leave comments on blogs.

 
Many legitimate web sites ask for your email address in order to send you information or in exchange for a free newsletter or software.  (As we at Cozahost do.)

This is not necessarily a bad thing, because most web sites are legitimate businesses willing and able to supply you with information and advice.  The thing is that there are bad apples too, and therefore:

Before you supply your email address, make sure that:

• You read their terms of use and privacy statement
• The site is indeed reputable and can be trusted
• You understand exactly why your email address is needed

Even after you verified the above, it's still better to give them one of your disposable email addresses rather than your primary address.  (more about disposable email addresses later)
 

 
One big problem remains - your friends and business contacts: unless all the contacts and people with access to your email address are educated, they are almost certainly going to blow your cover and unwittingly subscribe you to the spam-list-from-hell.

Sure fire ways for your friends and contacts to unknowingly "betray" you are:

• E-cards
  Have you ever received an e-card for your birthday or a special holiday?  Chances are that's how you landed up on a spam list to begin with.  While there are many reputable e-card companies that is in no way connected to spammers, your friends just need to send one card from a website that is not reputable - and voila - you're in spam hell!
• Promotions and gifts
  Friends or contacts may send you "special free gifts" of information they found somewhere on the web. 
• Chain letters
  Yup, the famous forward this to 10 of your friends caper.  Eventually every single address on that chain letter will land up on a spammer's list.

So, how do you overcome this threat?

• Educate them
  First and foremost make sure that your family, friends and contacts understand about the dangers of giving their own or other people's email addresses away.  (As a start, send them this article)
• Use disposable email addresses
  Sooner or later someone is going to do one of the things we warn about in this article and your email address will land up on a spam list.  It might take a year, two years or just a few months.  Make peace with the fact and don't grow too attached to your email address - you might have to dispose of it later.
• Tell your friends to use your public email address when 3rd parties are involved
  Ask your friends to always use your "public" email address when they feel an uncontrollable urge to send a e-card or other information via a 3rd party to you.  (More about disposable email addresses later)
   

 
 Spammers deliberately use techniques to make it difficult (almost impossible) for ISPs to block email.  Their favorite tricks include:

• False sender address
• Constantly changing subject lines
• Random words in the message to confuse scanners
• Relaying (sending) email via security holes in legitimate but unsecured email servers
• Rapidly changing web sites for the product they "advertise"
• Random words and snippets in the spam message to make pattern matching very difficult
• Weird spelling taht is hmuan raedbale, but nonsnese to comupetrs

What we at Cozahost are doing to block spam:

• We delete all known viruses and worms as they arrive on the server
• We do reverse lookups on the servers sending email and reject email from servers using false registration records
• We try to contact the alleged sender domain to check whether the sending server is authorized
• We check against several separate and independent backlists to refuse email from hundreds of thousands of KNOWN spam servers
• Our clients can "teach" the mail server how to recognize spam, so it can learn to become more and more effective at spotting junk
• And more defensive measures are coming shortly..

Even with all these hi-tech defenses in place, there is no way an ISP can effectively block ALL spam (yet). 

A recent CNN article reported that AOL (large ISP in the USA) is blocking up to 2.3 billion spam messages a DAY - and still their members are being flooded with spam!

The only way to stay completely spam free is to keep your email address off the spam lists!

(More info on how ISPs try to block spam...)
      

  
How do you get your inbox (and sanity) back once you are on that spam list or your address is on a CD of email addresses sold to spammers?

There are only two ways out: 1) you have to delete the compromised email address and start using a new one or 2) you have to subscribe to a white list service.  (More about white lists later)

For most people changing their email address is a traumatic and counter productive.  So much so that they would much rather live with the spam than deal with the pain of changing email addresses.

Unless...

Imagine the compromised email address is only one of a few you use and it only affects a small portion of your email volume.  Imagine you can notify senders to the deactivated email address automatically of your new email address - so that you don't loose any email.

These are called "disposable" email addresses: At the outset you know that your email address will be compromised sooner or later and you plan accordingly:

This will significantly reduce the "trauma" of  disposing of a spammed email address.  (For instance, tell your friends to use your first name email address for personal communication, eg: joe@nospam.com, but, for e-cards or any other communication where a 3rd party is involved, use your formal address with your full name, eg: joesmith@nospam.com)

As soon as you start receiving spam on your joesmith@nospam.com address, simply dispose of it and tell your friends to use joesmith2003@nospam.com (2003 = current year) for communication via a 3rd party instead; in other words:

When an address is compromised, you simply set up an auto responder to handle incoming mail, and delete the address. The auto responder will tell the sender that you now have a new email address and that they should update their records.  If a human read the message (as opposed to a spammer's software) the person will update their records.

To set up disposable addresses:

• Create a number of email addresses with your ISP
  (Cozahost clients: login at your control panel http://helm.your-domain-name to and create a new POP account.  Please see the online guide for more info.)
• Use different email addresses for different tasks
  Use one or more email address for your friends, one for each subject area of the newsletters you subscribe to, an email address you only give to your clients, etc, etc.
• Use a free web service for disposable email addresses
  Use free, disposable web mail services like WebMail or Hotmail for non-essential or casual email.

Now ask your ISP (or login to your control panel) to set up an auto responder for the "disposed" email address so that anyone sending email to a disposed address will receive an automatic response notifying them of your new email address. (Spammers routinely forge reply addresses so they will almost never get your auto reply)

A tip for creating a disposable address: Try to pick an email address late in the alphabet because many spammers process their lists alphabetically and will often be shut down before they get to zzzJoeSmith@nospam.com.
(Conversely aaaMarySmith@nospam.com may be one of the first to be processed.)

If you are currently receiving a lot of spam on your existing email address - consider disposing of it right now and adopting the advice in this article. 

If you think that's too painful - consider the prospect of receiving 1000% more spam every year for the rest of the lifetime of that email address!
      

  
An email white list is the opposite of a black list. A black list is a list of all email senders that are banned, ie you do not want to receive email from them.

The problem with a blacklist is that spammers use false names and change them very often, so just black listing viagra@spammer.com will at best stop a single spam mail. 

The opposite (and much more effective) approach is therefore to say that ALL email addresses are banned unless they are specifically approved by you, or if the sender demonstrated that it is a human - ie not spammer software.

One of the best known and most respected white list providers is Spam Arrest.

This service allows you to block 100% of spam instantly, with no false positives.  They do this by allowing you to upload your Outlook address book (this becomes your list of approved senders) and from then on anyone that sends you an email has to prove that they are human by logging on to a web site and supplying a verification code.

The verification process takes only a few seconds and it has to be done only once - from that moment on that sender is considered to be legitimate and email will be allowed into your inbox.

Setting up the service is very easy:  You login to the Spam Arrest server and enter the login details for your email account (as provided by your ISP).  The Spam Arrest server will now login to your mailbox on your behalf zap all the spam - before you see it.

Try the free 30 day trail to see if it will work for you.  The full service costs only cents a day.  Just in time and frustration saved alone, the service pays for itself within days.  Highly recommended.

Fighting back

If you want to fight the spammers directly (we all should), here are some resources that will help in the good fight:

• SpamCop:
  Free site where you can report spammers for action / prosecution:
  http://www.spamcop.net/anonsignup.shtml
• Junkbusters
  Shows you how you could sue spammers if they really, really get on your nerves:
  http://www.junkbusters.com/spam.html
• MailWasher
  This is software that runs on your PC.  It's freeware (the author requests a "tip" if you find it useful), but a professional version (cost +- R 234.00 ) is also available.
  http://www.mailwasher.net/
   

In closing...

Spam is a fact of internet life  - it most assuredly will not go away.  Only by educating internet users (our clients, friends and contacts) and by using all the technology at our disposal can we hope to turn the tide.

We are all in this fight together - lets start claiming our inboxes back.
      

At Cozahost we help small companies and professionals tame the internet so that they can concentrate on making money.  We take care of the technical stuff so that they can take care of business.  Here are some of our products and services:
 

The Cozahost newsletter is available as an RSS feed: http://news.cozahost.com/newsfeed.xml
 

Thanks for reading this newsletter and we hope you enjoyed it!  Please contact us if you have comments, suggestions or questions - we would love to hear from you!