As junk e-mailers get more resourceful, so must you
By some estimates, spam now accounts for 80 percent of all e-mail sent. I believe it—in the past two months, 73 percent of the messages I’ve received have been junk. And that’s not counting messages that my ISP filtered out before I even saw them. This is no mere annoyance; it’s a serious problem that demands serious action. Even if you’ve taken steps to curtail spam in the past, you may need to adopt some new strategies to keep your inbox under control.
Although some of the time-tested techniques for stopping junk e-mail still work, spammers have adapted their methods in order to outsmart junk-mail filters and other countermeasures. (You know those odd messages you get with quotations from novels and no sales pitch? Their purpose is to trick adaptive spam filters into putting more “good” words and phrases onto their “bad” lists, thereby decreasing the filters’ overall accuracy.)
Take the usual precautions
Before you do anything else, make sure you’re following a few fundamental pieces of advice you’ve probably read before. (For additional ideas, see Win the Spam War.)Never Respond to Spam Never means never. Don’t click on an unsubscribe link in a spam message. Don’t write to tell a spammer to leave you alone. Don’t even use your e-mail program’s Bounce command to fake out junk senders. When you respond to an unwanted message, you let spammers know that your e-mail address is valid.
Use Your Junk-Mail Filter Apple’s Mail, Microsoft Entourage, and most other popular e-mail programs include spam filters. Make sure you’ve activated yours and enabled all applicable options. And if your spam filter makes a mistake, you must correct it every time—if all bad messages are marked as junk and all good messages are marked as not junk, your filter will be much more accurate. (Typically, an e-mail program’s toolbar has buttons for this purpose.)
Try a Third-Party Spam Filter The filters built into Mail and Entourage aren’t bad, but some add-on tools are much more sophisticated. My favorite is Michael Tsai’s $30 SpamSieve 2.5. It has been more than 99 percent accurate in my tests and offers numerous ways to customize and improve its results.
Zap image spam
One of the biggest new spam trends is putting message content into an image—or, more frequently, into several pieces of an image that your e-mail program assembles when you view the message. That way, there’s no text for a spam filter to work with. Some spam filters (including SpamSieve) can identify image spam, but if your e-mail program can’t, it’s time to set up a rule. (Rules check your messages’ content, subject line, sender, and so on for certain conditions, and then filter out those messages as you specify.)
The Telltale Signs For starters, image spam often contains GIF attachments. The GIF format is much less common in legitimate mail, so it’s a good target. Likewise, most image spam includes a hidden Content-Type header with a value of multipart/related, which is rarely used otherwise. (It tells your e-mail program to combine multiple graphics into a single large image.) A rule can look for either or both of these characteristics and move matching messages into your Junk mailbox or folder.
Apple Mail Rules To create an image-spam filter in Mail, choose Mail: Preferences, click on the Rules icon, and then click on the Add Rule button (see “Eliminate Image Spam”). Type a name, such as Image Spam, in the Description field, and choose All from the If (Any or All) Of The Following Conditions Are Met pop-up menu. Choose Edit Header List from the first condition pop-up menu. In the dialog box that appears, click on the plus-sign button (+), type in Content-Type, and click on OK. Now choose Content-Type from that same pop-up menu and enter multipart/related in the Contains text field. Click on the plus-sign button next to the condition you’ve just created, and use the pop-up menu to set up a second one: Sender Is Not In My Address Book. Click on the plus-sign button again and add a third condition: Sender Is Not In My Previous Recipients.
Now, under Perform The Following Actions, set the pop-up menus to Move Message To Mailbox: Junk. Then click on OK. (Don’t have a Junk mailbox? Choose Mailbox: New Mailbox, use the pop-up menu to choose where the mailbox will go, give it the name Junk, and click on OK.)
Finally, create a second rule that’s almost identical to the one you just made, with the exception of the Content-Type condition. Instead, this rule’s first condition should be Any Attachment Name Ends With .gif. You’ll get better results if you use two separate rules to look for these image-spam traits—together, they’ll be able to catch any messages that contain either or both conditions.
Microsoft Entourage Rules Entourage’s rules can’t see an attachment’s name, but they can look for the Content-Type header. To create an image-spam filter in Entourage, choose Tools: Rules. From the New pop-up menu, choose your account type (POP, IMAP, Hotmail, or Exchange). Name the rule and then create the criterion Specific Header Content-Type Contains multipart/related. For the actions, choose Change Status and then Junk E-mail, and if you wish, choose Move Message to Junk E-mail.
Whether you use Mail or Entourage, check your junk-mail folder periodically, in case legitimate e-mail gets snagged.
Use undercover e-mail addresses
Let’s say you’ve purchased something online and given the retailer your e-mail address (so you can get shipping confirmation). Later, when the spam starts rolling in, you suspect that this merchant gave away or sold your address—or that it was stolen from the merchant’s servers. If you’ve used the same address at many sites, you’ll never know for sure.
Worse yet, if you used your main e-mail address, getting rid of this spam-saturated account will involve a lot of hassle. A better idea is to give merchants a unique address that feeds into your main e-mail account. You will not only have a pretty good idea where spammers got your information, but also be in a good position to do something about it.
Use Modified Addresses Many mail providers, including Google’s Gmail, let you use a special trick to track down the source of unwanted messages. For instance, if your Gmail address is examplegmail .com, simply add a plus sign and other text (such as the name of the site that’s asking you to enter your e-mail address) between your user name and the @ symbol—say, example+macworld.com@gmail.com.
When Gmail receives a message sent to that address, it ignores the +macworld.com part and delivers the message to your regular inbox. But you can see the full address in the To address field in any message you receive, so you can tell at a glance where you gave out that address. (To see if this works with your e-mail provider, send yourself a test message.) If that address starts receiving too much spam, just set up a filter to delete messages addressed to it. With Gmail, click on the Create A Filter link, put the problematic address in the To field, and click on Next Step. Then select the Delete It option and click on Create Filter.
Use .Mac Aliases If you’re a .Mac member, the service offers a special feature designed to help curtail spam— e-mail aliases to use whenever you post to a forum or register with a site. The mail sent to these addresses goes to your existing .Mac inbox, but it’s easy to cancel an alias if it becomes flooded with spam. (Your main e-mail address remains untouched.) You can even use a color label—or, in Mail, a rule—to easily identify which messages were sent to which address.
Go to www.mac.com, click on the Mail link, and log in. Then click on the Preferences link at the top of the window and click on Aliases (see “Disposable Addresses”). Click on the Add Alias link to create a new alias (up to a total of five); make sure you click on the blue Save button at the bottom of the window when you’re done.
When you want to ditch an alias, come back to this page and delete it. Click on the X button to the right of the alias you want to get rid of. Click on the Save button at the bottom of the window when you’re done.
Use Disposable E-mail Addresses For people who don’t use .Mac but do like the idea of having disposable e-mail addresses that feed into a main address, numerous companies provide a way to create unlimited disposable e-mail addresses, sometimes for a small annual fee. Examples are spamgourmet (free), Spamex ($10 per year), Sneakemail (free; premium account, $2 per month), Emailias ($20 per year), and the SpamCon Foundation’s SpamCon (free; premium accounts, $20 per year).
Spam Tracking’s Limitations Using modified e-mail addresses is, unfortunately, not foolproof, so don’t jump too hastily to the conclusion that a Web site has given away your address without permission. Some spam robots—programs that use, in some cases, thousands of hijacked computers at once to do nothing but send spam—try sending messages to every possible address at each domain.
Report spammers
If you have a .Mac account, do yourself and other .Mac members a favor by forwarding any spam you receive to a special account at Apple. This enables Apple to improve its server-side spam filtering, so similar messages will not appear in your inbox in the future.
Before you forward spam to Apple, you must display the message’s full headers, to provide enough information to track the message. In Mail, choose View: Message: Long Headers and then forward the message to spam@mac.com. In Entourage, choose View: Source, and then copy the entire contents of that window into a new message addressed to spam@mac.com.
If you have a non-.Mac e-mail account, you can still report spammers to your ISP and theirs (for one way to do this, see “Report the Rascals” on the next page). Although this might not do much to shut down a spamming operation, it can certainly give system administrators information that will help them filter e-mail more effectively.
No comments:
Post a Comment