Home » E-Mail

Spam

Submitted by admin on Thu, 2006-08-10 14:50.

Identifying and avoiding e-mail traps and annoyances

About spam:
The first thing you should know is that you will get spam. it's unavoidable. There's simply no way to stop it all and the odds are stacked in the spammers favour. When the systems we use to tranfer e-mail back and forth were conceived, no one gave any thought to the idea that it would ever be used in such a way. And, as a result, the method created was very simple. As such, it's very easy for spammers and virus distributors to use your e-mail against you.

Spoofing:
Spoofing/faking the e-mail From: field is, unfortunately, very trivial. All the spammer needs is the right software and a mail host to send the mail. Compromised Windows machines can be made to do the spammer's bidding; infected with previously inserted viruses, worms or trojans the systems are taken over and turned into zombies which do the bidding of their devious new masters. And since we tend to operate our groups, names and organizations very similarly across the spectrum of computing environments, be it corporate or academic pursuits, the spammer need only use some basic tools, a bit of time and forethought to craft an e-mail. All he or she needs is to make it look 'real' enough. And usually the first step is to use addresses people know and might believe as having some validity or authority. We all have websites, so most companies have a 'webmaster'. Most places have an in-house IT department, so 'it' or 'admin' or 'support' are likely to be in use. Making someone believe that an e-mail is legitimate is step one for the successful e-mail spammer no matter if they're phishing for your credit card details, trying to sell you something, or hoping to trick you into opening an attachment containing a malicious program.

  • Why is e-mail so broken and why don't they just fix it?
    If it were that simple, it would have been done long ago. But in order to truly fix it everyone has to agree, en masse -- every last one of us, to stop using our existing e-mail programs and methods and begin using a new system. I'll wait for you to stop laughing... ... ... OK. The underlying mechanisms which make up e-mail as we know it simply cannot be 'fixed' without completely breaking and stopping the flow of e-mail around the globe. So we, IT professionals, fight a losing battle to outsmart the spammers by implementing tools to identify and stop spam, viruses, worms, trojans, Nigerian scammers, phishing and those pesky 'enhancement' offers and all the while keeping legitimate mail flowing. And given that 'legitimate' is hard enough for the human being receiving the e-mail to discern... well, it's leaps and bounds more difficult for computers to do. We stop literally thousands of messages each day at the server. This is as it should be; transparent to you the user. But it also tends to obfuscate the enormity of the problem. Trust me... if we turned off the protections that are in place, each Physics user would see their spam increase by at least a factor of ten (if not higher). And every day we're met with a new challenge, a new twist or virus or scam...

Identifying spam*
The best spam detector in the world is still the wet computer: you. We can (and do), for instance, force each email server which relays mail to our users to answer back to prove that the system identified as the originator in the e-mail actually exists (Spammers often fake that part too. It is only a text file routed through an simple 'hand-off' system, after all.) This stops a great deal of junk from getting through. But when a spammer has control of an army of zombie Windows boxes all over the world, machines which will happily reply to our server and say "yep, that's me!", then the job becomes harder. Since the spammer has 'stolen' this machine out from under you or your neighbour or the company up the street, he's not concerned if this box eventually gets shut down. There are plenty more where that one came from. Keep this in mind the next time one of us disparages Windows out loud. We have some very good reasons for doing so.

The next line of defense is a suite of tools to scan e-mail as it arrives and look for signs that might tip our server off that a message is spam (or contains a virus - we block dozens to hundreds of virus/trojan/worm email attachments each day). These tools can be taught some basic rules and some learn over time, but they're not perfect and never will be. We can (and do) also block known spam havens or servers and mail administrators share lists of 'bad guys' which can be filtered out and, hopefully, not take out any legitimate mail in the process. And then there's the grunt work. Each day we sift through the headers of rejected or returned or otherwise suspicious e-mail trying to keep ahead of the hordes of spammers out there. We track down bounced e-mail to make sure that it was indeed bad and not a legitimate message that needs to find its owner. Again, computers can do only so much and the human is still the best spam detector on the market.

What to look for. How not to get taken.
There are some basic guidelines to follow which can help you avoid falling prey to the nasties that lurk on the Internet. Most of these apply equally to home and work/school use.

  1. Never ever give anyone your password or financial details based on an e-mail. Period. If someone genuinely needs them, there's a proper mechanism somewhere else for you to supply it to them. E-mail is not in any way shape or form secure!
  2. Make sure that any links you click from within an email take you where you genuinely wish to go. You're hitchhiking with the sender and he can take you where he wishes. Better yet, copy and paste the URL into your browser yourself and look at it before you hit enter. www.ebay.someguys.com is obviously not really eBay's website. And never, ever, ever trust an IP address ( like 62.55.123.121/signup?now ) as a URL. You have no idea where it leads.
  3. Know that we here in Physics Computer Services (and please note that name, we most often identify ourselves by our actual names and we do no identify ourselves as 'Physics Support Team' or 'Customer Service', be wary of any message that purports to come from us and uses any other name) will always send e-mail from our personal acocunt when notifying you of something. The only exceptions are: our trouble ticket system which uses the "helpphysics.harvard.edu" address and the mailer-daemon which returns undeliverable mail to you. Verifying the legitimacy of mail from these addresses should be easy enough as they will contain content which is relevant to you and which you originated or are aware of (for instance, the help ticket will concern some computer or building issue you are concerned with - a returned e-mail would have the body of the message you sent).
  4. Messages with overly vague or generic greetings or comments could be junk. If it says 'Dear Grad' or 'Dear Staff' or addresses you by your username ("Dear Tsu12") it's probably not from a legitimate source. Read the contents carefully and if you have any question as to the validity, take your time and consider very carefully before opening an attachment or visitng a URL link.
  5. If you're not expecting the attachment contained in an e-mail or if it's not readily apparent as to why you'd be receiving such a file, don't open it. Computer Services will never send you a file out of the blue asking you to run/open it. if you do receive an attachment of some sort from us in the future, it will clearly state what it is and you will already have been in contact with us regarding the issue involved. And it will always directly from one of us and not a faceless account ('admin', 'mail, 'it', etc.) This is especially true if it is an issue of importance. If there were some need to contact you regarding your account, for instance, we would be very clear and specific as to what the issue was. We won't for instance, send e-mail saying we've reset your password unless we've previously contacted you regarding such a need.
  6. Conversely, when you send e-mail to others (especially with attachments) you should always include some text in the subject and body to make it clear that it's really you and what your intention is. If your e-mail looks like junk/spam, it may be deleted. And who could blame them, right?
  7. Be diligent and be skeptical. Everyone has to deal with spam, so we all have a duty to not make it worse (and protect ourselves and our interests!) If you receive an e-mail which is poorly constructed or otherwise suspicious looking, you have every reason to be skeptical. If that means that there will be one mail from someone who did not do their job properly which you end up deleting as spam, remember that's not your fault. We all must do our part. On both ends.

    8. Junk/Spam Filtering
    For instructions and information about setting up Junk/Spam filtering in Mozilla thunderbird, go to our Thunderbird section.

    Additional help
    If you just can't decide what to do with an e-mail of questionable origin or intent, contact Computer Services and we'll do our best to advise you.

    * - The Hormel Foods corporation, makers of SPAMâ„¢ have graciously consented to allow us (IT professionals, maker of anti-spam software, etc.) to refer to 'unsolicited e-mail' as "spam" as long as we agree that only they may use the capital "SPAM" for which they own a trademark.