Junk email filtering

What is spam?

Spam is the term used to describe unsolicited bulk email. People who send these large quantities of email out are called spammers. They know that out of millions of email messages that they send, they have a good chance of getting results from one email. Unfortunately, spammers try to use the cheapest bandwidth possible, so each spam that they send will often cost the receiver more than the sender.

How do spammers get my email address?

Spammers are very resourceful when it comes to getting more email addresses. Email addresses are often collected by automated programs that surf the internet called spiders. If your email address is posted on a web site in a form that spiders can read, it can be added to a database that may be used by spammers.

Spammers can often buy databases of millions of email addresses at a low cost to save themselves work.

Spyware and viruses can also harvest email addresses. They don't have to be on your computer to help spammers harvest email addresses. All it takes is one person who doesn't have careful computing practices who has your email address to make your email address possible for spammers to harvest.

Spammers use a wide variety of ways to gather email addresses. They'll use programs to automatically find email addresses. Whether they keep testing random email addresses until they find valid ones. What's automatic for spammers isn't always automatic for internet users. They can also have forms designed to collect email addresses on a tell-a-friend page, a signup form, or a guestbook.

The only absolutely sure way to prevent spammers from ever getting your email address is to not have an email address in the first place. All you can do is take steps to make it less likely for a spammer to find your email address.

What kinds of spam filtering are available?

There two implementations of spam filtering available. There is client-side spam filtering and there is server-side spam filtering. Both use similar techniques to filter spam. Whether you use a client-side or a server-side spam filtering solution, similar algorithms will be used to differentiate between email that is spam and email that is not spam.

Some algorithms make use of Bayesian probability to determine the probability that a message is spam based on some of the key words, or other patterns that it contains. Some algorithms determine that a message is spam based on the network address that it comes from being stored in a recognized database of spammers' email addresses. Some also determine that a message is spam based on the email address that it comes from. None of these spam tests are perfect, however. Depending on the spam filtering solution that you use, either too much spam will still get through, the occasional valid email address will be blocked (called a false positive), or some combination of those factors.

No spam filtering solution is perfect, but when you consider how much work it would be to manually sift through every email to determine whether it's valid or not, a small percentage margin of error is quite acceptable.

What is client-side spam filtering?

Client-side spam filtering is blocking junk email messages using software installed on your own computer, and working in conjunction with email clients such as Outlook, Outlook Express, Eudora, or any other email clients that are out there.

The advantages of client-side spam filters are that since they run from your computer, you can set the rules of what gets blocked and what doesn't. When spammers adjust their techniques to overcome the limitations of your spam filter, you are in the position to perform the necessary upgrades. A client-side spam filter can also work in conjunction with a server-side spam filter for more effective spam prevention.

The main disadvantage of client-side spam filters is that they still will download the unwanted junk email messages onto your computer. It also is another piece of software that you are responsible for maintaining to ensure the reliable operation of your computer.

What is server-side spam filtering?

Server-side spam filtering is done by using an email service that runs a spam filter for you. Server-side spam filtering uses programs such as SpamAssassin in conjunction with email server software such as Sendmail, Exim, PostFix, Communigate Pro, or any of the many other solutions available.

The advantages of server-side spam filtering include that it prevents junk email messages from ever arriving on your computer. You also will no longer have to worry about keeping your spam filter up to date because your email service provider will do that for you. It also can be one less program that you have to worry about running on your computer to prevent spam, or it can coexist well with client-side spam filtering solutions.

The disadvantage of server-side spam filtering can be with how it deals with false positives (legitimate and sometimes important email messages which are erroneously flagged as spam). If the server-side spam filter is set up to simply delete junk emails on arrival, it may also delete the occasional legitimate email with them. A better server-side spam filter will move junk email messages into a folder that you can access by WebMail and confirm for yourself if something is spam or legitimate. Talk to your email service provider and find out how their server-side spam filtering works to see if it's right for you.

I have spam filtering in place, but spam is still getting through. What can I do about this?

Unfortunately, spammers continue to get more resourceful. Spammers know about spam filtering software too and they have plenty of time to test it out to find ways around it. Often, entire passages are written in a text colour that very closely matches the background colour on a webpage. These passages will get through detection by the spam filter. The words that the spammers want you to see will remain in a readable colour. It is not easy to find the perfect solution that will block all spam messages. All you can really do is wait for better spam-filtering software to become available and better laws against spam to become easier to enforce.

How do I prevent spammers from getting my email address?

Each time you send an email out, or tell anyone your email address, you increase the risk of a spammer finding your email address. The best way is to educate everyone with whom you keep email contact about how they can develop safer and more spam-free computing habits. Also, when filling out forms on webpages with your email address, you might want to set up a second email address just for that purpose so any junk email gets sent there rather than to your primary email address. Instead of posting your email address within webpages, you may also prefer to use feedback forms because they can't be read by spiders that are designed to look for email addresses. While you use internet email, you run the risk of spammers finding your email address. But, you do have some control over which email address they will find.

What steps can be taken to punish spammers?

Anti-spam laws are in place, and becoming more common all the time. Unfortunately, the legal process doesn't always work as quickly as it should. The best way to punish spammers is to make it unprofitable. If someone tries to spam you, simply don't buy their products, and tell your friends not to support spammers too. All that's done when buying products from a spammer is making it more profitable for them to continue spamming. There are also ways to report spammers to the many databases to help make spam filters more effective.

What happens when you open a spam email?

Sometimes, email containing spam will contain links that they want you to click on, or images. If either of these are on a server that they control, simply by opening a spam email, you can confirm to them that you have a valid email address. By clicking on a link within a junk email especially, you can confirm for them that they have found a valid email address. They will then sell your email address to other spammers, or give it higher priority themselves when they send out junk email messages at the very least. If you know that it's spam before opening the message, you're best off deleting it without reading it.

What happens when you click on a link in an email to remove yourself from their mailing list?

Some junk email messages have instructions to remove yourself from their mailing lists. Unfortunately, these are no different from other links within their messages. Each time you click on one of these links, you could simply be confirming that you have a valid address that they will believe that they can profit from spamming.

What would you recommend as the most effective way of dealing with spam problems?

Safe computing habits including carefully controlling how your email address gets distributed, a good combination of spam filters, and educating people who you keep email contact with about safer computing habits are the best start to deal with spam problems. Unfortunately, the only really permanent solutions are to render spamming unprofitable and to continue to work towards making spam illegal.

Article by Herman Hanschke
©2005 Vimar Computer Services Inc. This article may not be duplicated without permission.

(2 Questions, 0 New) - Log in if you would like to ask a question about this topic.

Forum  -  About Us  -  Trade Links