There are many statistics
concerning SPAM so I won't bore you with them. Suffice to say I receive
10 of these messages for every 1 genuine message. The problem is the
cost per message is immeasurably small to a spammer, which means they
have no incentive whatsoever to direct their e-mails carefully.
It's
true that you can take some simple steps to protect your address
from being an obvious target and these include not posting your address
up in the clear on the internet where SPAM bots trawl sites looking
for the tell-tale @ symbol and collect what follows and SPAM
it - a process called harvesting.
- If you're going to post up your address
on the internet (e.g. newsgroups) use a "disposable" mailbox
free from the likes of Yahoo, AND change it in a way which
will make sense to those reading it like exampleATyahoo.co.uk
If it still gets compromised, you can just discard the mailbox anyway.
- Use disposable mailboxes too if you need to give an address to an
untrusted company or individual.
- If you run your own website, avoid
"mailto" links. A simple fix is to put your address up as an image
- not very convenient or friendly as people can't cut'n'paste it,
but quite effective. Also avoid obvious contact point e-mail addresses
such as info, enquires, help etc. as these might be SPAMMED anyway
- this is called a brute force attack. If you have a uk administered
domain name (e.g. .co.uk) and you're a private individual, you can
hide your details in the whois database including your contact point
e-mail. If you have a .com address, use a disposable mailbox for your
domain contact point as that will appear in the clear in the whois
database.
Unfortunately, even if you do ALL this, the fact remains
your e-mail address will eventually find its way to the spammers.
All it needs is a trusted individual or company to be less carefull
than you are with your address.
Most people accept this. I don't
- and you don't need to either as there is already a cheap and effective
solution. Alternatively you could.....
- wait for effective anti-SPAM
legislation - but you'll be waiting a long while
- wait for e-mail charging
but the opposition to this is likely to be even greater than it is
to spammers!
- waste your time joining the war against SPAM - it's already
lost
So let me introduce you to whitelist (as opposed to blacklist)
based products.
BLACKLIST products try and work out what
might be SPAM from the many message which are sent to you. Whilst
they have improved considerably, I doubt they will evolve much further
without blocking more of the messages you really do want, as spammers
are adept at making their messages appear legitimate. I see no point
in these products if you have to periodically trawl an anti-SPAM quarantine
area or folder looking for things it trapped in error. Furthermore,
the few messages that DO get through could still be offensive and/or
virus infected.
WHITELIST products (literally) turn the
problem on it's head. Think of them as a firewall for e-mails as they
work in a similar way - and thats why they are SO effective at what
they do. They simply allow ONLY the messages YOU have chosen
to permit, but they do it in a very innovative way which makes it
far easier and less painful than it sounds. Honest!
OK - I can understand you're
a little bit sceptical so I'm going to start with a statistic. In
the three years I have run a whitelist anti-SPAM product, the
score so far is:
WHITELIST E-MAIL 9795
SPAMMERS 0
i.e. my whitelist product has not let one single
SPAM message get through. My ISP does filter out a lot of the obvious
SPAM before it gets to my client, but this still shows that a
fair number of messages get passed their system.
So
what is so innovative about these products that makes them easy to
live with? Well there are three key principles here:
-
When you first
install these products, they trawl your e-mail client address book
for you and "approve" any e-mail recipients you are already communicating
with
-
If you INITIATE an e-mail communication, they automatically
permit mail back from that recipient
-
For an inbound e-mail from someone
NOT on your whitelist, they quarantine the message and "challange"
the sender in a way only a human can respond to - effectively requiring
the sender to identify themselves and seek approval to send to you.
Once approved, they can send to you as normal.
So
you're probably asking yourself what the catch is and the answer will
depend on what sort of PC user you are and what product you are using.
I'm going to refer here to the product I use which is ChoiceMail One but
the same will probably apply to other whitelist products.
If
you're a typical home PC user, there simply aren't any
significant catches at all. The only special action you need
to take is where:
-
You are expecting an automatic reply (e.g. a site
registration e-mail) but you don't know the address which will be
sending to you. You simply go into the application and manually permit
that message when it comes in OR if its not a well known domain spammers
might use, just permit messages from the whole domain.
-
You trade
on sites like e-bay where the challenge process may irritate
buyers. In this case, a good whitelist product will let you devise
some rules which permit e-mails with certain e-bay content in the
description or body of the e-mail such as question for seller, question
from member, e-bay checkout, paypal etc. These are easy to set up
in ChoiceMail.
-
You're running another anti-SPAM product either
alone or as part of an integrated security package. Disable other
anti-SPAM or you may have a conflict.
If you are a business
user and you rely on unsolicited e-mail in a competitive market, there is
a potential downside where the challenge process may put off
potential buyers. However, in the case of ChoiceMail, you could minimise
the problem by customising the message in a way which will encourage
people to respond. You could also develop rules for keywords or expressions
(e.g. a product name) which would likely crop up in an enquiry e-mail
to you.
