From the minute users log onto their e-mail system, they encounter a deluge of unwanted e-mail that flows into their mailboxes all hours of the day and night. The billions of unwanted email messages circulating across the Internet disrupt email delivery, clog up computer systems, reduce productivity, waste time, raise the cost of Internet access fees, irritate users and erode their confidence in using email. Many spam messages also contain material that is offensive or fraudulent, and spam is sometimes used to spread computer viruses.
Spam presents three major threats:
*
Overwhelming message volume. Spam drains employee productivity as workers waste time reading, deleting or even responding to spam e-mails. Additionally, the sexually explicit nature of many spam messages poses potential liability for organisations.
*
Phishing. Phishing is a specific type of spam message that solicits personal information from the recipient, such as social security, credit card and bank account numbers.
*
Spoofing. Spoofing is a deceptive form of spam that hides the domain of the spammer or the spam's origination point. Spammers often hijack the domains of well-known businesses or government entities to enhance the validity to their commercial message or scam. An example of spoofing is an e-mail that appears to come from a known e-mail address that requests a credit card number to confirm the order of goods.
So what can businesses do to help cut down on spam?
Implementing these basic policies and strategies can help cut down on spam:
*
Get a spam-filter. Your ISP may offer a filter service. If not, you may wish to buy filtering software. There is a wide choice of anti-spam software that offer a free trial period. Remember that one size does not fit all and obviously the best product for a desktop user or small business would not be appropriate or adequate for meeting the needs of a large enterprise.
*
Establish written guidelines for how corporate e-mail addresses and Web browser are to be used by employees.
*
Educate users to never respond to an e-mail when the sender is unknown, even to remove themselves from a mailing list.
*
Be careful about disclosing your e-mail address. Follow these tips whenever you can:
Set up an e-mail address dedicated solely to Web transactions.
Only share your primary e-mail address with people you know. Avoid listing your e-mail address in large Internet directories.
Don't even post it on your own Web site.
Disguise (or "munge") your e-mail address. Use a munged address whenever you post it to a newsgroup, chat room, or bulletin board. For example, you could give your e-mail address as "
[email protected]" using "0" (zero) instead of "o." A person can interpret your address, but the automated programs that spammers use cannot. Another example is me@(nospam)isp.com.au where you advise users that they need to delete the (nospam) element of the address.
Watch out for checked boxes. When you buy things online, companies sometimes add a checkbox (pre-checked!) to indicate that it's fine to sell or give your e-mail address to responsible parties. Click the check box to clear it.
*
Encode corporate e-mail addresses posted on company Web sites in Javascript or HTML to hinder a spider’s ability to recognize them. (The e-mail address looks normal and acts normal [to Web site visitors], but from the back end you just see code.)
*
Even if you’re using anti-spam software, urge users to report spam that sneaks through to a corporate e-mail address for further analysis.
*
Decide how much control your company wants over e-mail that’s been deemed spam, and whether end users or the network administrator should manage it.
*
Educate your end users to identify and report any spam that does get through, and alert them to e-mail fraud. One clue to detect spam is if the sender’s e-mail address differs from the company’s name in the message.
*
Limit Web surfing on company PCs; an easy way for spammers to find live e-mail addresses is by lifting them from sites where visitors have input their address.
*
Adjust your Internet Explorer security settings to help prevent unwanted intrusions when you go on the Web. See Working With Internet Explorer 6 Security Settings for detailed directions.
*
Review the privacy policies of Web sites. When you sign up for Web-based services such as online banking, shopping, or newsletters, review the privacy policy closely before you reveal your e-mail address. If a Web site does not have a privacy statement posted, be cautious and consider contacting the site owners before sharing sensitive information.
*
Don’t open emails that appear to be from a dubious source. It is not wise to open any email message that appears to be from a dubious source. However, if you have already opened the message, don’t click on any links, including the unsubscribe facility – often spammers just include fake unsubscribe facilities in order to confirm that your email address is a real address. If you click ‘unsubscribe’, you may open yourself to a deluge of spam, both from that spammer and from others to whom they sell your email address. Note that for legitimate commercial electronic messages (those that have been sent with your consent), the unsubscribe facility must work, and it should be safe to use the facility.
*
Don't reply to e-mail asking for personal information. Most legitimate companies will not ask for personal information via e-mail. If a company you trust (e.g., your credit card company) writes to ask for personal information, call—do not write—and report it. Be sure to use a number you found yourself, either through the yellow pages, a bank statement, a bill, or other source. (Don't use a phone number provided on the e-mail.) If it's a legitimate request, the phone operator should be able to help you.
*
Watch out for spoofed mail. "Spoofing" refers to duplicating a legitimate e-mail, such as a company's newsletter. These spoofed mails may be used to trick you into downloading a virus or sending personal information, such as a credit card number. When in doubt, contact the company you think sent the e-mail.
*
Don't buy anything from a spam mail. Some spammers make their living on people's purchases of their offerings. So resist the temptation to buy their products if you don't want to take the chance of getting on more junk e-mail address lists.
*
Be careful when downloading Adware, Freeware and Shareware. The process of downloading such software often requires you to provide your email address which may be used to send you advertisements, viruses, more spam or even download secret files into your computer which can compromise your PC's security.
* Never, ever contribute to a charity from spam mail. Unfortunately, some spammers prey on your good will. If you receive an appeal from a charity, treat it as spam. If it is a charity you would like to support, call them and find out how you can make a contribution. Never send your information via e-mail, however.
*
Never respond to popups by clicking on links.
* Think twice before opening attachments, even if you know the sender. If you cannot confirm with the sender that a message is valid and that an attachment is safe, delete the message immediately, and run up-to-date antivirus software to check your computer for viruses.
*
Don't forward chain e-mail messages. Chain mails may be hoaxes, or even a virus delivery system. Plus you lose control over who sees your e-mail address. Additionally, there are reports that spammers use chain letters to gather e-mail addresses. To check on the legitimacy of a chain letter or potential hoax, go to Hoaxbusters.
Conclusion
The best defense against Spam is to be pro-active, and ensure that you use common sense when using email and the Internet.
David Furlong is a qualified and experienced IT specialist and Technical Trainer. His list of credentials includes MCSE, MCSA, Dip IT, and he is one subject away from completing a Masters in Networking and Systems Administration.
He is manager of the computer consultancy firm, Axiom Networking Solutions, and promotes AVG Anti-virus through his on-line store
http://www.avg-antivirus.com.au.
