Saturday, February 19, 2011

Tips on reducing/eliminating spam mail

Spam is a common problem that we all live with. Here are a few things that I have found to work for me when dealing with spam. This blogpost is an attempt to share some of them.

Spammers just need an email address to get started. Here are a few common ways in which they collect them.

  • Brute Force : they will send out a mass email with various variation of common names/phrases. eg jane@com through jane9999@xyz.com are very likely to be valid email address.
  • Buy them : they will buy the email address from other sites etc (aka share your info with business partners in the privacy statement)
  • Collect them : they run “promotions”/”lucky draw” and collect info from your
  • Seduce you : Hackers sometime set up “honey pot” sites offering something of perceived value and encourage users to register. They get your email address and more importantly the passwd. Large number of users 80-90% use same passwds for most sites. they now have your email address and a passwd too.

Once the email address is collected its verified by one of the following techniques:

  • email addresses that bounce are removed
  • emails that user respond to are validated
  • links in email that user clicks validates the email address
  • pictures or media that autoloads or autoplay validates the email address (most spammers use 1px by 1px images so you don’t even know it autoloaded)

Our spam defending scheme starts with not revealing our email address :

  • bugmenot.com. There are a large number of sites that force you to register with them, just to browse it. bugmenot provides us a valid userid/passwd of large number of such site. So just “borrow” a valid id and your are in. No need to reveal your email address

  • mailinator.com mailinator is an amazing service, no need to register with them, just create an @mailinator.com address on the fly then go to their site and check your email, no passwd required. emails usually remain for about a day and are clean. They get all the spam not us. I usually use them if bugmenot doesnt help me

  • disposable email: There are cases when we have to give out a real email addres to a site that has not “established” the trust with us. In such cases I give them an alternate email address, linked to my real email address. I use filter rules to filter emails to alternate emailaddress to an folder. I still only log into my primary email address, and emails from the alternate id show up in folder that I check periodically, my inbox doesn’t get cluttered

  • email alias: Google provides a very cool way of creating email aliases by attaching identifying tags or by inserting or removing dots to the primary google email address. We can then you can filter on these aliases.

    eg. fname.lname@gmail.com = fnamelname@gmail.com = fname.lname+tag@gmail.com

    you get the idea when you register with abc.com just use email address fname.lname+abc@gmail.com. create a filter to move all emails arriving at this address to a folder called abc. If you find spam coming to that email address you know abc.com betrayed you.

    Some sites dont recognize email addresses with “+” as a valid email. in such cases you can just take off the dot or introduce a dot eg fnamelname@gmail.com or f.name.l.name@gmail.com

If you end up getting spam here are a few things you can do to still protect furthur damage.

  • bounce the email if you can : Mac Mail client allows you to simulate a mail bounce. some spammers will take off your email address if they get a bounce
  • never respond : many spammers will ask you to send an email to a unsubcribe@spam.com. dont do that
  • never click on link : if the email has a link/ dont click on it. Most links have tracking information and will validate your email address. In some cases links can point to a fraudulent site.
  • turn off the setting to autoplay/auto display images. at the min for the emails from addresses that are not in your addressbook.

some other things you can do

  • educate your friends and family to not enter your primary email addresses any any site (eg. to send ecards, invites, share a story/link i) etc. Every time the email addresses is entered on a “rougue” site it can be exposed to spam. Point them to this article. so in future if they get an urgue to do it they will atleast use an gmail alias :)

I hope this helped. Will appreciate your comments.

No comments:

Post a Comment