Spam: Pigeon of the Internet

EARN THOUSANDS OF DOLLARS WORKING FROM HOME!!! Buy Viagra without a prescription! Free iPod! Live college girls XXX!

If you use email on a regular basis you've undoubtedly seen these sorts of headlines — or worse — flooding your inbox and screaming for your attention. Despite new laws and the widespread use of anti-spam software, the amount of junk mail inundating inboxes continues to increase.

While spam can be frustrating, offensive, and downright annoying, it also slows down networks, eats up disk space, and makes it difficult to find important messages. On top of all this, this pigeon of the Internet carries disease to your computer. Viruses, spyware, and Trojan horses (destructive software that disguises itself as a benign application) embed themselves in spam-like messages.

Antivirus Software, Your First Line of Defense

Now that you're sufficiently scared, take solace in the fact that there are things you can do to address these threats to your computer and your organization. Your first line of defense is to make sure your network and computers are secured with a firewall and antivirus software. Some spam messages can contain viruses or other malignant code that can harm your system and your data.

As much as 30 percent of spam originates from personal computers infected with viruses that transmit spam without the owners' knowledge, according to antivirus company Sophos. High quality, easy-to-use antivirus software is available free or at a significant discount to nonprofit organizations on TechSoup stock and our Virus Protection Resource Page. Ideally, you should install antivirus software on your email server, but fully functioning antivirus software on the client computer (with email scanning enabled) will help to weed out viruses as well.

Though antivirus software is effective at finding many viruses, it's not the only method you should employ. The reason virus checkers aren't 100 percent accurate is because they operate under the flawed assumption that every virus will always act the same way, according to Fred Cohen, who is known as the great-granddaddy of the computer virus world and earned a Ph.D. for proving that virus-checking programs don't work.

The reason computer viruses proliferate is because we often take convenience over security. If we install antivirus programs, we are tricked into a false sense of security and open all email attachments, even those harboring viruses. This is where education and common sense come into play.

Creating an organization-wide email policy is one way to ensure that everyone follows the same rules. For help in creating your own policy, visit Emailreplies.com. Of course, rather than setting policies, a more effective approach is to train your users.

Firewalls: Lock Down Your Network

Another important safeguard is a firewall, software or hardware that a serves as a blockade to keep harmful data and unauthorized users off of your PC or network. There are a wide variety of firewalls, designed to meet different needs. Luckily, most DSL and cable routers include a basic network address translation ( NAT) firewall that is effective for protecting most small networks.

There are a large number of self-replicating worms (software that can duplicate itself across the open Internet) that can attack your computers over your Internet connection. For computers connected directly to the Internet, a software-based firewall is recommended, such as ZoneAlarm, a free — for personal and nonprofit use — software firewall. If you've got a faster connection or need additional security, a dedicated hardware firewall is a more powerful network security device.

Finally, make sure your computer's software is up-to-date. Microsoft, Apple, and the Linux community are constantly finding new security holes in their software and providing software updates. These updates are typically installed through an integrated update system. Most computers can be set up to download and install these updates automatically, which is often a good idea.

You can set Windows Update to automatically install software or manually select what you'd like to install.

Trojan Horses, Phishing Scams, and Other Unsavory Tricks

Most of the dangers of spam arise when the user engages in some action, such as opening the message. Most scammers don't want to hack into your computer. What they do want is your personal information, such as bank account numbers, passwords, PINs, and social security numbers. Using this information, an enterprising con artist can steal your money, or even your identity.

Using email and computers to get this information is referred to as phishing. The Gartner Group estimates that 1.8 million people have been tricked and that phishing spam has increased 4,000 percent in the last six months.

Usually the scam works because the scammers send email that appears to come from a trusted source, such as a bank or an online auction site, and requests information from you. The email often includes a link to a Web site, which provides a form on which you would enter your personal information. These scams can look very authentic, and often exploit security holes in the browser or operating system to allow them to masquerade as legitimate Web sites.

But there are ways to avoid being duped by phishing scams. Microsoft's Web site offers five tips for protecting yourself and your identity.

Another class of security threats is the aforementioned Trojan horses, computer programs designed to lure users into opening them. Trojan Horse disguise themselves as security updates or useful utilities, when in actuality they can install spyware, adware, keystroke loggers, network sniffers, spam remailers, and remote-control programs.

It's important to make sure that your users are aware of this danger and are skeptical of all unsolicited security warnings and software offerings. If you are using Windows 2000, XP, or Macintosh OS X, it's possible to set up users' accounts so they have limited ability to install software. Check out Microsoft's site for tips on how to do this in Windows or Apple's site for help with Mac.

In the end, viruses, phishing expeditions, and Trojan-horse programs make up only a small percentage of spam. So what to do about the steady stream of plain ol' junk mail filling up your inbox? There's hope. Some technical approaches are effective in weeding out the junk from the legitimate, and some user behaviors can help limit spam.

Antispam Filters

Most email anti-spam systems use a combination of methods, including black hole lists (lists that keep track of spammer's IP addresses and bounce emails from them), spam "fingerprint" databases (software that creates a fingerprint ID for email messages and compares each message to existing fingerprints in a databases), white lists of known good senders, and intelligent content filters. A good anti-spam system uses multiple methods, but even the best have both false-positive and false-negative results, where legitimate email gets labeled as spam and spam gets labeled as non-spam.

Setting up individual filters for each spam message takes time and isn't always effective. It makes more sense to use a dedicated anti-spam product. Plus, a number of anti-spam products have their own built-in automated spam-reporting systems.

Anti-spam software can be installed on either the email server or the client, or preferably both — though it's much easier to maintain one spam filter on the server, than several on multiple client computers. If you don't run your own server, check with your Internet Service Provider ( ISP) or mail host to see if they offer a spam-filtering service.

The biggest problem with spam filters is false-positive results, when legitimate email gets marked as spam. This problem is not a serious as it used to be, as the quality of anti-spam software has improved. Usually anti-spam tools quarantine spam, as opposed to just deleting it, so it's possible, though tedious, to go through the quarantine looking for legitimate email. Depending on the importance email plays to your organization's mission, you may need to setup formal procedures for reviewing the spam quarantine.

Other Tips to Keep Spam Away

There are a number of behaviors that can limit your exposure to spam. One of the simplest way to do this is to disguise your email address on Web pages by spelling out the words "at" and "dot" and to sign up for a free Web-based email account, such as Yahoo Mail. If you need to a temporary email address, sites like SpamHole.com and spamgourmet offer throwaway addresses that expire after a given amount of time.

These behaviors, as well as a good overview of different anti-spam products, are laid out very clearly in the TechSoup article How to Deal with Spam.

The Reality of Spam

Technology companies and ISPs have been working toward a technical fix to the spam problem, but there have been a number of political and technical obstacles. Most technical systems rely on authenticating the source of email so that there is a verifiable trail back to the source of any particular email. These extensions to the email system may be effective, but there is no single standard.

The real issue at the heart of the spam problem is the economic reality that a "free" email system allows people to send out spam at almost no cost. As long as spam doesn't cost the spammers any money, it will proliferate.

Until there's a solution that eliminates spam, the following steps will ensure a safer network and fewer unwanted messages flooding your inbox.

1. Install antivirus software.
2. Install a firewall.
3. Install an anti-spam filter.
4. Create an email attachment policy and educate your users.
5. Hide true email addresses on Web sites by using "dot" or "at."
6. Use a "throwaway" or free email address as an alternative to your usual email address.