Spam Holiday! Where is Hallmark When You Need Them

I am happy to report some good news on the spam front. After several weeks of investigation by the Washington Post, two Internet service providers, Global Crossing and Hurricane Electric, pulled the plug on McColo, a notorious hosting service responsible for housing as many as 70% of the spam email operations on the Web. As reported by the BBC:

"It is an unprecedented drop but will be a temporary outage as the networks move from North America to places where there is less scrutiny," said Jason Steer, a spokesman for Ironport.

The Washington Post has been gathering data on McColo for the past four months and passed the information to its Internet service providers, Global Crossing and Hurricane Electric.

Both decided to pull the plug on the firm on Tuesday.

It is believed that it hosted gangs running botnets - networks of computers that have been taken over by criminals to send malicious software and spam.

According to MessageLabs, botnets are responsible for over 90% of spam.

Ironport, an anti-spam company, has seen spam email levels drop by 70% since McColo was taken offline on 11 November. This isn't the end of spam, however. It is merely a respite. Given that spammers can make a profit on 1 response in 12.5 million emails, you can bet that they won't be down long. As Steer said in a piece by the BBC, watch for these operations to go to hosts overseas, to countries where the oversight and concern are considerably less than they are here in the US.

Spam and Malware

Spam does more than simply fill up your inbox with offers of male enhancement, quick riches in the world of multi-level marketing, true love and, of course, free laptops for filling out a simple questionnaire and completing certain credit card offers. These can be nullified by following a simple rule: If it shows up unasked for in my email or rides in on a pop-up window, then it is a scam. Delete it. True, not all of them are scams. Some are real businesses with mindless, ham-handed marketing techniques that sap their credibility by allowing them to come across as scams. If that is the case, then I don't want to do business with them anyway.

As irritating as these can be, spam is also a vector for one of the most pernicious maladies of the modern age: Malware. Viruses and trojan horses, spyware and adware and worms and all manner of little nasties that can corrupt your data, spy on you, turn your computer into a zombie, steal personal information, and since many of these spammers are actually criminal organizations running scams, the chances of them trying to infect your machine to their own purposes is really pretty high. The primary use of malware in spam? To take over your machine so that it sends out spam, too.

The technology community is beginning to take action—and it has only taken them fifteen years to do it—but if governments around the world don't get involved to eliminate these problem organizations, then they will be able to skip around those places with real regulation and find safe-harbor in places where the government has other things to worry about and stopping scam operations is a low priority.

What YOU Can Do

It is sad but true: The only one you can rely upon in your fight against spam is yourself. It is useful to be able to identify spam email, but there is also some free technology that you ought to have handy. Firefox 3 and Opera 9.5 are the browsers of choice here in that they use constantly updated blacklists of malicious websites to warn you when you are about to encounter trouble. This is a personal opinion, but for my money, Gmail has probably the best anti-spam protection available. Accounts are free and once you configure your email client to download Gmail, you won't see the spam their system catches, and it gets most of it.

All the technology in the world, however, is no protection if you don't follow some common sense rules of Internet safety. The following list comes from Sophos, a Web security firm that caters to business.

To help combat spam, email users should follow these recommendations:

  • Never make a purchase from an unsolicited email
    If spamming weren't economically viable, it would be obsolete. Not only can an email user fall prey to a potentially fraudulent sales scheme, but his or her email address can also be added to the numerous email lists that are sold within the spamming community, further compounding the number of junk emails received.

  • If you do not know the sender of an unsolicited email message, delete it
    While most spam is usually just annoying text, a spam email message could actually contain a virus and/or other exploit that could damage the computers of all who open it.

  • Never respond to any spam messages or click on any links in the message
    Replying to any spam message, even to "unsubscribe" or be "removed" from the email list only confirms to the spammer that you are a valid recipient and a perfect target for future spamming.

  • Avoid using the preview functionality of your email client software
    Many spammers use advertising techniques that can track when a message is viewed, even if you don't click on the message or reply. Using the preview functionality essentially opens an email and tells spammers you are a valid recipient, which can result in even more spam.

  • When sending email messages to a large number of recipients, use the blind copy (BCC) field to conceal their email addresses
    Sending email where all recipient addresses are "exposed" in the "To" field makes it vulnerable to harvesting by a spammer's traps.

  • Think carefully before you provide your email address on websites, newsgroup lists or other online public forum
    Many spammers utilise "web bots" that automatically surf the internet to harvest email addresses from public information and forums.

  • Never give your primary email address to anyone or any site you don't trust
    Share it only with your close friends and business colleagues.

  • Have and use one or two secondary email addresses
    If you need to fill out web registration forms, or surveys at sites from which you don't want to receive further information, consider using secondary addresses to protect primary email accounts from spam abuse. Also, always look for a box that solicits future information/offers, and be sure to select or deselect as appropriate.

The Bottom Line

Like gun control, anti-spam laws have mostly affected the law-abiding. It was through the direct action of the industry itself that we have seen a victory and so can take a breather from much of the spam we have been forced to deal with. That, however, is all it is—a breather, a time to take a good look at our anti-spam efforts—that all important combination of technology and best practices—and make some changes to minimize the deluge when the spammers are up and running again. The spammers will be back. Will you be ready?