Spam to all deathers....

...or something like that. Been very busy with all kinds of things over the last few weeks -including going on holiday - but one thing that I've been looking at a fair bit recently is spam... I have to say, I don't mind modern spam all that much... it's relatively inoffensive, and with the number of tools available these days, I don't spend half my day wading through junk. In fact, I check junk e-mail folders every few days, and I actually find them more amusing that anything else. Why? Because some person / machine somewhere is churning out the funniest sounding names, titles & copy to try and get around spam filters. Recent e-mails have had the following subjects:

• Hi, self-physicking
• Re: your future., pseudo ray
• Re: your family., ex-invalid
• Re: your file., traffic-thronged
• Re: Your family., seven-point circle
• Re: your future., double-trenched

and my personal favourite, from my old friend Montgomery Sumner,

• Re: Your money., full-buttocked

:-)

Just as amusing are the names these guys come up with: Disproving A. Stomps, Mossies F. Cheated, Graciously A. Patrician, Sleeplessness K. Dispatches, Revitalization O. Subscripts etc etc. These aren't even the best of the lot, the some of the ones I got in the last two days.

Ok, but back to the main topic: Spam is obviously a major problem - it's loading up our networks & servers, it's wasting our time, and clogging up the internet with crap traffic. But from the individual / business point of view, spam shouldn't be too much of an issue. One of the nice things is that most spam tends to be TINY messages, with nothing more than a few lines of text. You hardly see any massive, image-laden, explicit e-mails full of inappropriate material - so that's one thing - actually that's two things:

Spam these days is:
1. mostly small, lightweight messages
2. much less offensive, due to the lack of graphical content.

So far, so good. Now back to the topic of how to stop it: there are SO MANY options these days. Almost every e-mail provider (be it free web-based e-mail, or your ISP / domain & hosting provider) gives you spam filtering options AS STANDARD. For FREE. If you use Microsoft Outlook, you get a VERY GOOD junk e-mail filter. For FREE. If you use Microsoft Exchange, you get the excellent Intelligent Message Filter. For FREE. And no doubt almost every other e-mail solution comes with it's own solution. And if you can't find one, I recommend trying out McAfee SpamKiller or GFI MailEssentials. If you find you need something more than all the above offer, look at a hosted or hardware-based solution. There are a number of companies that do the hosted angle, like Vlad Mazek's ExchangeDefender. For hardware solutions, I would tend to favour something that does a bit more than just spam, so I'd probably go for something like a SonicWALL E-mail security appliance, that does anti-spam, anti-phishing, anti-virus, content filtering, DOS protection & more.

I think that a well implemented anti-spam solution can easily & safely tackle about 95% of spam. Which means what? Let's say you get 100 e-mails a day - which most people DON'T. Let's say as much as 70% of that is spam (where has your e-mail address been?). Then let's say that you use any one, or combination of anti-spam solutions available, set to a level that avoids 99% false positives, but catches most spam (I find that this level is quite easy to find after a little experimentation). You should cut out about 95% of your daily spam. Which means you should get approximatel 3.5 spam messages a day. Each of which will probably take YOU about 1 second to recognise as spam, and another 1/2 second to delete. Total time spent on spam = approx 5.25 seconds/day.

Actually, this whole post thus far is quite useless. Because I started out intending to talk about another kind of spam. Or scam. Or both - the phishing spam scam (sounds like a new flavour of Ben & Jerry's). I've recently been seeing a number of phishing e-mails, claiming to come from various sources. Barclays, Lloyds TSB, PayPal, eBay and a host of others all seem to have suspended my accounts, and would like me to give them details of my credit cards, bank cards, passwords, bank accounts, mother's maiden name, father's name, spouse's name, and worst of all, details of my favourite pet. Ok then!

The thing with phishing is, it's easy to catch if it's obvious: for example, if I don't have a Barclays account, then it's obviously a fraudulent e-mail. One the other hand if I do, then what? It's usually quite easy - treat all such e-mail as suspicious.

Most companies offer a number of ways of checking whether any communication is genuine. eBay for example, will put all messages in your message inbox on eBay, or forward the message to spoof@ebay.com. PayPal operates a similar service, e-mail spoof@paypal.co.uk. Once again, most companies offer a similar service, so in all cases, check with the company first.

The most important thing to remember is this: Don't click on a link from this kind of e-mail. It's the easiest thing to make a link look like something it's not. For example, https://online.yourbank.com/AccountServices actually points to my website. This one's easy to spot, but I could have had a mock-up of your bank's website at the end of that link, and a form that asked for your credit card etc. For example, I got an e-mail the other day that points to http://www.gigsplanet.com/onlineManagement/, but pretends to point to eBay account services. If you click on the link, you can see that it's a spoof eBay site that is trying to harvest credit card details. Depending on what your e-mail client is (Outlook, web etc) there is usually a pretty simple way to check what website address a link is actually pointing to. Figure this out! And be aware, spammers / spoofers / phishers often hide behind their IP addresses. Most genuine companies would not send a link to http://123.123.123.123/AccountServices etc, so don't be fooled by the numbers.

That's it!