How to Fight Spam Content from the guide to life, the universe and everything

How to Fight Spam

10 Conversations

Spam, or unsolicited email, can be reduced or eliminated. Most spammers use individual email accounts whose terms of use include provisions which prohibit the sending of spam. Thus, by reporting the individual spammer to his or her account administrator, the account can be closed, eliminating - at least temporarily - one spammer1. There are two major steps involved in this process, identifying the sender, and contacting the appropriate system administrator.

The Simplest Case

In a normal email, identifying the sender is trivial - most email programs list this piece of basic information, along with the subject and the date. This poses a problem for spammers, as it is then very easy to alert their system administrators to their violation. For example, if '[email protected]' has sent a spam, then forwarding the email to the address '[email protected]' with a polite note should inform the system administrator of the offending account. He or she will then close the account, or take whatever action they deem appropriate to prevent future spamming. The only tricky part is to remember to forward the spam with the full headers of the email included. Most email programs contain an option that enables the user to hide the full headers. This is the default setting because most of the information contained in the full headers, most of the time, is not necessary. However, it is critically important in tracking spam, and thus it is critically important to pass this information along to the appropriate system administrator, in this case, the '[email protected]' account.

A More Complicated Case

A more advanced spammer will avoid this by hiding his or her identity using forged headers. The header of an email is the information at the top that identifies when the email was sent, who sent it, where was it sent from, etc. Typically, email programs only display abbreviated headers:

X-Sender: john@dough (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 07 Jan 2003 11:24:55 -0500
To: [email protected]
From: John Doe <[email protected]>
Subject: blah

These headers give some basic information that the receiver might be interested in. The information given in these headers is also used by email programs to identify who the sender is, which can then be used when replying to the email.

By forging headers, spammers change the information in the above fields in order to hide their identity. Most if not all of the headers in the abbreviated list are there for convenience, and can be set arbitrarily by the sender. If an email has forged headers, it is only possible to identify its true origin using the full header.

The full headers contain a list of the computers that an email passed through on its way from the sender to receiver, as well other less interesting bits. An example of a set of full headers would be:

Return-Path: <[email protected]>
Received: from central-city-carrier-station.doe.com by po12.doe.com (8.9.2/4.7) id LAA08767; Tue, 7 Jan 2003 11:24:21 -0500 (EST)
Received: from melbourne-city-street.doe.com (MELBOURNE-CITY-STREET.DOE.COM [18.7.21.86])
_____by central-city-carrier-station.DOE.COM (8.9.2/8.9.2) with ESMTP id LAA13908
_____for <[email protected]>; Tue, 7 Jan 2003 11:24:21 -0500 (EST)
Received: from Hermain.doe.com (hermain.lms.doe.COM [99.99.99.99])
_____by melbourne-city-street.doe.com (8.9.2/8.9.2) with ESMTP id LAA21188
_____for <[email protected]>; Tue, 7 Jan 2003 11:24:21 -0500 (EST)
Message-Id: <5.1.0.14.2.20030107112448.00acbc90@dough>
X-Sender: john@dough (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 07 Jan 2003 11:24:55 -0500
To: [email protected]
From: John Doe <[email protected]>
Subject: blah
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed

In general, most of the information in the full header is irrelevant to the basic user. It doesn't matter which computer received the email, or at what time. However, when the headers have been forged, this section can be used to figure out the true originating computer that the email was sent from.

Headers are composed of a number of different fields. In the example above, the first field is 'Return-Path', and the value of this field is '[email protected]'. The second, third and fourth are 'Received'. The 'Received' field lists the computers that the email passed through. The computers are listed by their domain names and their IP addresses. Although the spammer has the ability to change the domain names in 'Received', he or she is unable to change the IP addresses. The IP address contains the true information on the identity and location of the spammer.

The IP addresses in the 'Received' fields list sequentially the computers that have handled the email before it was received at its destination. There can be a variable number of 'Received' fields, since a variable number of computers can handle any given email transmission. However, since the list is sequential, the last and lowest 'Received' field will always list the originating computer's IP address. In the above example, this computer's domain name is apparently 'Hermain.doe.com' and its IP address is '99.99.99.99'.

Shutting 'Em Down

The correct IP address by itself doesn't indicate who the originator is, or who the appropriate person to contact is. This problem is solved using a website like UXN Spam Combat. This website provides a "whois" search engine which accepts an IP address and returns all of the relevant registered information. The information listed will include the name of the organisation that has registered the address, and the contact information for the technical officer. There are four main organisations that assign IP addresses, and this website allows you to query all of them.

It is possible to forward the spam to the tech officer, but it is more appropriate to first go to the organisation's web site, and look up the organisation's contact information. There should be an email address specifically designed for accepting spam complaints, and it is to this address that the spam message (including the full headers) should be forwarded to.

There is also an organisation called SpamCop.net which acts to eliminate spam. They provide a number of services, including a registry of known spammers. For a fee this registry can be linked to an email program, and known spammers automatically blocked. They will also help in reporting spam to the appropriate authorities.

Avoiding and Filtering Spam

There are several ways to avoid and filter spam. The most common method is to apply filters to incoming mail. Filters look for characteristic traits of spam in each incoming email. This can be a known spammer email address, a typical subject line, or some other feature that is common to spam emails. If an email is identified as spam, the filter than can take any number of actions, as designated by the user, usually simply deleting the spam, but possibly forwarding it to the appropriate authorities.

Most email programs contain built in filter systems, but these act only once the email has already been downloaded. Some websites offer services and programs which will filter email before it is downloaded - thus saving the user the time that would normally be wasted downloading spam. Three of these websites are:

Some typical actions that can compromise an email address include using the email address as a Usenet handle, leaving the address on message boards or websites, replying to spam2 and choosing an easy-to-guess address. It is possible to do this safely, by partially scrambling the email address. Most spammers use automated software to search the web for addresses to add to their database. These programs can be fooled. For example, changing an address from [email protected] to [email protected], or by putting up the address as a picture (as opposed to text) - for example, using the GIF or JPG file formats - will fool most if not all of these programs.

Another method of avoiding spam is to use multiple email accounts. In the simplest case, one email account would be designated as 'private' and the other as 'public'. For all correspondence which might be in jeopardy of falling into the hands of spammer, the public account is used. All correspondence to friends, family, and other known individuals goes through the private account. The private account can then be set up to block/delete email that is not specifically from one of the known individuals.

Two websites which provide extra email accounts for doing this are:

A variation on the multiple email accounts theme is to have one permanent account, and then one or more disposable accounts. The permanent account is the same as the private account described above. The disposable account is then used for any email that is at risk of being comprimised to spam. This account can be set up for a limited time, limited number of emails, and restricted to accept from only certain addresses. In this way, if a spammer does get a hold of the account, it may be gone by the time they attempt to spam it. Two websites which offer disposable email addresses are:

Finally...

Spam is incredibly cheap to produce, and the spammer's logic is that they will be profitable if only a very small percentage (say 0.0001%) of the people who get the spam respond positively. Against these odds, it is hard to imagine how they can ever be dissuaded from their foul practice. However, this number game can be turned against them. The procedure described above for tracking down a spammer is somewhat complicated and time consuming. Using the spammer's logic, that means that perhaps only a small percentage of those who receive the spam will know how and bother to track them down. If that percentage can be raised ever so slightly, then it will become increasingly difficult for the spammers to operate. It is in this way, that by individually going after spammers, and knowing that others are doing the same, that the overall amounts of spam can be reduced.

Further Reading

1The administrator is, however, under no obligation to close the account, or even to do it promptly. But most will at least investigate.2Trying to use the 'remove my name from your mailing list' option just lets the spammer know that they've reached a working email address.

Bookmark on your Personal Space


Edited Entry

A970913

Infinite Improbability Drive

Infinite Improbability Drive

Read a random Edited Entry

Categorised In:


Written by

Edited by

h2g2 Editors

Write an Entry

"The Hitchhiker's Guide to the Galaxy is a wholly remarkable book. It has been compiled and recompiled many times and under many different editorships. It contains contributions from countless numbers of travellers and researchers."

Write an entry
Read more