Saturday, August 19, 2006

How to deal with spam

In this second article regarding spam, phishing and Joe-Jobbing, I am going to look into ways of handling spam prevention by employing some simple techniques.

Do not respond to Chain Letters.
Do not forward the various chain letters you receive since they simply contribute to a list of forwarded users for future harvesting.

Do not reply/bounce spam messages
It is rare, if ever, that a spammer will use his own email address to spam you with - therefore, never reply to the email or use one of the various auto-bouncing programs to send the spammer a 'go away' email. You are simply then spamming some poor Internet user who happens to have been used as the sender email address.

Report spamming IP addresses
It is a fairly simple process to report a spammer's IP address to the appropriate ISP. Firstly, you need to view the 'headers' of the email. Within each email there is hidden information which identifies where the email really came from, these are the headers, and look something like this:

Received: from mail1.abc.com (mail1.abc.com [124.211.3.78]) by mailhost.abc.com (8.8.5/8.7.2) with ESMTP id LAA20869 for ; Tue, 18 Mar 1997 14:39:24 -0800 (PST)Received: from alpha.abc.com (alpha.abc.com [124.211.3.11]) by mail1.abc.com (8.8.5) id 004A21; Tue, Mar 18 1997 14:36:17 -0800 (PST)From: rth@abc.com (R.T. Hood)To: mailto:tmh@abc.com Date Date: Tue, Mar 18 1997 14:36:14 PSTMessage-Id: X-Mailer: Loris v2.32Subject: Lunch today?

The lines all mean something:

  • Received: from mail1.abc.com (mail1.abc.com [124.211.3.78]) by mailhost.abc.com (8.8.5/8.7.2) with ESMTP id LAA20869 for ; Tue, 18 Mar 1997 14:39:24 -0800 (PST)

This identifies that an email is sent from mail1.abc.com at IP address 124.211.3.78 and was received by mailhost.abc.com with and internal id of LAA20869 for user tmh@abc.com.com on Tuesday 18th March 1997 at 14:39:24 -0800.

  • Received: from alpha.abc.com (alpha.abc.com [124.211.3.11]) by mail1.abc.com (8.8.5) id 004A21; Tue, Mar 18 1997 14:36:17 -0800 (PST)

This identifies that the mail was sent by alpha.abc.com at IP 124.211.3.11 to mail1.abc.com which gave it an ID of 004A21 on Tuesday March 18th 1997 at 14:36:17

The mail was sent by rth@abc.com whose real name is R. T. Hood

The mail is addressed to tmh@abc.com

  • Date: Tue, Mar 18 1997 14:36:14 PST

The mail was sent at 14:36:14 on March 18th 1997

This is the global Message ID that is assigned to the message as it travels around the Internet. Local ID's, such as the ones above, are specific to the mail servers that it travels through prior to getting to it's destination.

  • X-Mailer: Loris v2.32

This identifies that the mail was sent using program Loris version 2.32

  • Subject: Lunch today?

The subject of the email is 'Lunch today?'

You can view email headers yourself by right clicking on an email message in Outlook and selecting 'Options'.

From Outlook Express, open the email, select File > Properties. When the Properties option opens up, select 'Details' and then the 'Message Source' button.

In the above sample, the lowest entry in the header information (i.e. the first) is the originating IP address and with this information, you will be able to report the spammer.

The next step is to simply copy all of the email header information into a new email and send it to your ISP (for example abuse@cwcrawley.co.uk). Be warned however, ISP's that I have had dealings with in the past, generally ignore these emails unless you are persistent.

If that's the case and spam starts to become a serious problem for your business, there are other prevention systems that can be employed to dramatically reduce it. Simply get in touch with me for further information.



Read more!