|
|
Fight Spam FAQ |
To give you an idea of the volume of mail we receive and spam we block, here are the
We estimate that over 90% of all incoming messages are spam (unsolicited e-mail). It may not seem like it sometimes but EasyStreet fights spam on several fronts: open-relay blacklists, internally-maintained lists of offending domains and IP address, and some content filtering. (As an anti-virus measure, we also block messages containing specific attachment types. See our E-mail support section for details.)
Our most potent defense are various 3rd party blacklists. We currently use the following blacklists:
Next in line are internal lists of offending domain names and IP addresses. If spam gets through the blacklist block and we can uniquely identify the source, we add them to our list. This catches another 10-15% of the spam. We also occasionally use content filtering. Content filtering scans each message looking for specific text strings such as "XXX". For certain types of spam content filtering can be very effective. It places a tremendous load on the mail server however since each character of every message must be tested. Due to this limitation, we use content filtering sparingly.
Overall, our defense seems only 60-70% effective. Spammers often use techniques that make it difficult or impossible for us to block and we need to be careful that we don't block legitimate messages. One person's spam could be another's legitimate message. We tend to err on the side of letting the message through.
If we can't block the spam itself, we can block the web source of any images. EasyStreet is also now blocking web access to many of the web sites mentioned in spam and phishing emails. You can see the current list of sites blocked for spamming/phishing here.
Yes. Check out www.spamfilterreview.com for recommendations.
Check out Brad Templeton's Origin of the term "spam".
In most cases, deleting the message is the best action. Trying to get removed may validate your email address to the spammer and ensure you'll get MORE spam. Just hit "DELETE".
If you really hate spam and want to be effective at reporting it, use the SpamCop reporting service. SpamCop will decode the various pieces of the header and find the appropriate email addresses to send complaints. SpamCop can be a bit hard to use but it gets the right info to the right people.
There are many people supplying lists of email address for sale. We've seen spam advertising "20 Million fresh addresses on CD for only $29.95." How do these lists get your address?
Three basic methods:
1. Harvesting - Special address harvesting programs scan web sites, newsgroups, chat rooms, mailing lists and membership directories looking for anything resembling an email address. If your address is visible anywhere on the Internet, it is almost guaranteed to be on a harvesting spam list. Search on your email address in Google. If there are any hits, you know a spammer also has your address. See the Federal Trade Commission's study on email harvesting.
2. Guessing - Starting with an electronic dictionary, a phonebook and a list of ISPs, they simply guess addresses. These are called "dictionary attacks." We've seen spam lists with john@aol.com, john@easystreet.com, john@mindspring.com. Then they try johna, then johnb, etc. Then john1, john2, john3, etc, etc. Then john.smith, john.jones, etc. For each domain. Hopefully you get the idea. They run through as many combinations as they can. The spammer generally uses bad reply-to/from addresses so they don't have to deal with any bad guessed addresses; they go for quantity over quality.
3. You gave it to them - Many web sites ask for your address for various reasons. It goes on their mailing list. Depending on their privacy policy, they may share or sell their list to a direct email marketer. This is called an opt-in list. We know of one email marketer who proudly says he gets his list from 200 different web sites. His list contains over 20 million addresses. If you don't like spam, be sure to read the privacy policy for any web site asking for your email address.
If you're on a harvested or guessed list, there's no way to get off it. All you can do is remove your address from any visible place on the Internet or change your address to something obscure. There are obscure mailboxes here at EasyStreet that rarely get spam (examples: we3play, jbcom03, hijosec.)
If you are on a direct email marketing list, there's a chance that following the remove instructions will get you off their list. The risk is that by responding, you are validating your address and they may just put it on some other list. There is no federal law in this area. Some states have passed anti-spam laws requiring email marketers to remove users upon request. Oregon does not have an anti-spam law.
It's hard to tell but here's a rule-of-thumb that seems to be valid. If your email address is on the To: field and they mention your name ("Hello John.") then you are on an opt-in list and there's a good chance that following the remove instructions will get you off the list.
If you don't see your address on the To: field, it's from a harvested or guessed list. Removal will be unlikely.
Any message (spam or not) originates from a mail server somewhere and gets delivered to your mailbox. Some spammers scan the Internet looking for mail servers they can hijack. These are called open relays. Open relays are generally unintentional. Running a mail server can be quite complex and many server administrators inadvertently configure their servers incorrectly. The spammer sends their spam through the open relay often without the server administrator being aware of it. Fortunately blocking messages from open relays is relatively easy. EasyStreet uses several open relay blacklists to prevent such spam from getting to you. This blocks the spam at the source no matter what its content. This is very effective. 20-25% of our incoming mail is blocked by these open relay blacklists.
There are also many companies who allow spammers to use their servers. Often these are overseas. We see a lot of spam coming from Korea and sources in China. Unfortunately these servers look like normal mail servers so it is very difficult to block the source. They look like legitimate servers. The ISPs for these companies are usually not interested in preventing the spam so complaints have little impact. The only way to block this spam is by looking at the message content.
If you got it, it made it through our blocks. There are two ways to block spam: reject the source or reject after receiving it based on the message content. Our open relay blacklists block at the source so the message never gets delivered.
EasyStreet has experimented with a content filter that scans messages before they get to your mailbox. The filtering software looks at the content of every message and tries to tell if it's spam or not. Aside from some obvious cases, we've found there is a very blurry line between spam and many legitimate messages - particularly those using HTML or rich text formats. One person's legitimate message is another's spam. Everyone's rule set will be different. Plus spammers are very tricky in making their messages look like legitimate ones. As soon as we put in a filter, they will reword things to get around it. Content filters are a losing battle.
Currently our content filter technology does not allow for individual rule sets. We do not believe that we can craft a single rule set common to all of our users that would not filter some legitimate mail. We can filter some obvious spam but this is a small portion of the total. Luckily there is now anti-spam software available for user computers.
No! EasyStreet does not sell or make available addresses to any 3rd party. We respect your privacy and we hate spam as much as you.
In the past spammers would put a bogus address in the From: field. Some mail servers are now checking for From: address validity before accepting the message. So, the spammers have started putting a random address from their list in the From: field. Unfortunately, if you are that unlucky person, that makes the spam look like it comes from you and you'll get all the bounces. It's a nasty spammer trick. (We can tell from the full headers that the source is not really you.)
There are currently no Federal laws prohibiting someone posing as you and from putting your address in the From: field. Several states have enacted false mail identity laws; Oregon is not one of them.
Spammers often put non-email addresses in the To: or From: fields. You'll see "Undisclosed.Recipients" or "Spetic.Tank.Owners", etc. Our mail server does not like addresses without a domain name. It thinks they are local so it adds an "@easystreet.com". Unfortunately this makes it look like EasyStreet is somehow involved. We aren't! Your email address was in the BCC (blind carbon-copy) field (along with probably many others). The only way messages get into your mailbox is if your email address is in the To:, CC: or BCC: fields. Spammers almost always use the BCC: field.
There are two possible causes for this. First, if you are getting lots of bounces, a spammer used your address in the From: field of their spam and you're now getting all the invalid address bounces. It's a nasty thing to happen but there's not much that can be done about it.
If it's only one or two bounces, it's probably a Klez virus infected computer. Once a computer is infected with Klez, it pulls random addresses from the infected address book (and Internet cache) and puts them in the To: and From: fields of a message containing an infected attachment. If your address is in the From: and if the To: address isn't valid, you'll get the bounce. There's not much that can be done unless the bounce happens to include the header information from the original message. The header info would point to the infected computer. Unfortunately most mail servers do not include original header info with their bounces.
WHEW.COM - Dedicated to ending spam.
CNET Self-Defense against spam - good advice for not getting on lists.
The Federal Trade Commission has a nice spam overview.
Coalition Against Unsolicited Commercial Email
It MAY be illegal given the new Federal anti-spam law however finding the spammer and prosecuting them is a different story. Much of the spam comes from overseas and therefore not subject to our Federal laws. For an excellent overview of Federal and state laws, see Anti-spam laws.
Copyright © 2000-2005 EasyStreet Online Services, Inc. All rights reserved.
EasyStreet and the EasyStreet logo are registered trademarks of EasyStreet Online Services. Certain other names, logos, designs, titles, words or phrases on this site may constitute trademarks, servicemarks or tradenames of EasyStreet or other entities which may be registered in certain jurisdictions.
