Library Technology Guides

Document Repository

The never-ending battle against spam

Information Today [October 2002]

.

Copyright (c) 2002 Information Today

Abstract: The spam problem threatens the overall usefulness of e-mail. When one has to spend large amounts of time browsing through hundreds of worthless, unwanted, and even offensive messages just to find the few that are important, the efficiency of e-mail is significantly compromised. Some tips on how to avoid spam are presented, such as keeping e-mail addresses away from spammersí sight and offer only the essential information when conducting online transactions.


Lots of people ask me questions about technology. Lately, those I get most frequently involve unsolicited and unwanted e-mail. "What can I do to prevent all this spam that floods my in box?" is the typical query.

First of all, most folks call unsolicited email "spam," which entered the slang vocabulary following a Monty Python skit (see http://www.montypython.net/scripts/spam .html). Hormel Foods, the maker of SPAM lunchmeat, at first didn't necessarily appreciate this use of its trademarked brand name and initially fought it quite vigorously. The company has since relented. For the use of the word "spam" and Hormel Foods' position relative to its trademark, see http:// www.spam.com/ci/ci_in.html. This basically says its OK to use "spam" (in lowercase letters) to describe junk e-mail, while "SPAM" (in all uppercase letters) remains the protected trademark.

The spam problem threatens the overall usefulness of e-mail. When one has to spend large amounts of time browsing through hundreds of worthless, unwanted, and even offensive messages just to find the few that are important, the efficiency of e-mail is significantly compromised. I should know, since unwanted items in my own in box outnumber real messages 20 to one. I could write the book on how to attract spam, but instead I'll share a few tips on how to avoid it.

Flavors of Spam

Nuisance e-mail messages come in many forms and originate from many different sources. Some are clearly fraudulent, while others just want to sell you something, convince you to visit a Web site, or promote an idea. Some of the junk e-mail categories include the following:

  • Offers for get-rich-quick schemes-- These schemes can take just about any form, but the one thing they have in common is that they ask for some sort of upfront money in return for future riches. Any unsolicited e-mail message that asks you to send money in return for results that sound too good to be true is a fraud.
  • Consumer product marketing-This category represents the equivalent of what fills my home mailbox, including credit card offers, mortgage loans, time-share real estate, health products, and all other imaginable consumer goods.
  • Nigerian scam letters-These messages, which have come to be known as the "419 Scam," are part of a bizarre and massive fraud to obtain money from individuals. The letters purportedly originate from a former Nigerian official who needs assistance in smuggling cash out of the country. If only you can pay a comparatively small advance fee or transfer tax, you can keep a significant amount of the multimillion-dollar fortune. This scam has been largely successful to its creators, taking in enough fraudulent revenue to make it one of Nigeria's largest industries. This scheme isn't limited to e-mail-scam letters can also come by regular mail, fax, or other means-- and it isn't limited to Nigeria.

  • Other foreign messages-It's difficult to target spam geographically. As mass e-mail campaigns begin to proliferate in other parts of the world, significant spillover occurs. Messages from China and Korea currently deluge my mailbox-all in fonts that aren't installed in my computer. The volume of this spam category is staggering: It represents more than half of the spam I receive.
  • Enticements to visit pornography sites-In our library, this is the category that raises the most concern. "Do something to keep this filth out of my mailbox" is the common plea. Adult Web sites use very aggressive means to bring in visitors, either by enticement or deception. In many cases the enticement letters themselves contain language that many consider offensive. Contrary to popular belief, you can receive this kind of spam even if you've never visited an adult Web site.
  • Offers for mass-mailing software and lists-Part of the money that can be made in the spam industry comes from providing others with the means to generate their own spam. A typical offer describes a product that lets you send your message to several million recipients.
  • E-commerce updates-The messages originate from Web sites that I've previously interacted with. Making purchases online generally involves a registration process that asks you to divulge your e-mail address and demographic information. Even if you don't explicitly provide information about your income levels and interests, it can be inferred from your purchases.

Reducing Spam

First of all, nothing short of abandoning e-mail entirely will completely eliminate spam. You can stem the flow, however, by taking a few common-sense measures.

The key to reducing e-mail is to keep your address away from the spammers' sight. The programs and scripts that generate spain feed on addresses that are harvested from many sources. The easiest source for collecting them lies within the Web itself. Spiders and software robots scour the Web constantly and can easily identify an address by the required "@" sign. So the first step in reducing your spam intake is to hide your address from these spiders. Do not post your personal e-mail address on any Web site.

You may not always be aware when your address gets posted to a site, however. Many mailing lists, for example, are archived on the Web. Meetings and conferences often have Web pages that list presenters and attendees-and usually their e-mail addresses. Most organizations offer Web-based staff directories that provide addresses. Directories that consist of basic HTML pages are gold mines for e-mail harvesters. But with a little more work, one can extract addresses in bulk from directories that are based on a back-end database.

One trick that I've often seen to avoid unsolicited e-mail is to list an address without the @ sign. If your address must appear on a Web page, write it something like "breeding at library.vanderbilt.edu," with an explanatory note. This technique defeats the majority of e-mail harvesting engines.

Another source of nuisance e-mail uses information that you may have given out when conducting online transactions. Anytime you purchase or register a product, you'll likely be asked to provide several pieces of information. Some of that is essential to the transaction. You obviously can't have an item shipped to you unless you supply your physical address. Nor can you receive any necessary follow-up information without including your e-mail address.

Online registration systems generally go far beyond asking for such essential information by requesting data related to income, interests, and other demographics. Such details can then be used to classify you for future marketing efforts, either by the company to which you provided the information or to other companies or organizations that may obtain it. The more information you supply, the wider it will be disseminated among marketing types. My advice is to offer only the information that's essential and required for the transaction at hand. Don't fill in the optional demographic fields unless it's absolutely required.

The Downside

While keeping your e-mail address secret definitely reduces the volume of spam, it also creates a barrier for legitimate correspondence. It's just like having an unlisted phone number. Although you'll share your private e-mail address with colleagues, friends, and family, there will be others who want to contact you who won't be able to find it. This has a negative impact on your availability to legitimate correspondents. You may choose to accept the daily barrage of unwanted messages rather than deliberately make yourself impossible to find on the Internet. That's what I've done, even though it means spending several minutes each day deleting a few hundred items of junk e-mail.

Nicer Alternatives

The main reason I receive so much spam is that my e-mail address is very widely known and is posted on each of the Web sites I maintain, as well as on many other pages throughout the Web. If you operate a site or are responsible for a section of your library's Web presence, you want to provide your visitors with a convenient way to contact you. Rather than posting your address, you might consider creating a Web form to receive comments. Design a page that presents an HTML form that mimics a mail message, with fill-in fields provided for the person's name, e-mail address, subject, and comments. Next, create a CGI script to accept the input from the form and relay it as an e-mail message to your unpublished address.

Hormel Foods, which makes SPAM, once opposed using the word 'spam' to describe junk e-mail.

Keeping multiple e-mail accounts-one public and another private-might help you deal with spam. You would have one e-mail address that you never publish and that you share with only your immediate co-workers, friends, and family. This would be used for essential business that requires a timely response. Your public account is the one you publish openly. Depending on various factors, however, it may take more time and effort to manage two accounts than to deal with a higher volume of spam on just one.

Technical Solutions

A variety of products are available that intercept incoming spam. Some work in conjunction with a mail server to protect an entire network while others work with a mail client to protect a single account. These products scan incoming messages and process them according to preset rules. Most will have a database of signatures that identify spam. These signatures might include specific addresses within the e-mail header, subject lines, or even content in the body of the message.

If your library operates its own e-mail server, you might want to consider implementing an anti-spam, filter that protects your entire network. Your systems administrator can be asked to add spam-filtering capabilities on a network level. Unwanted messages not only eat into the time of an organization's members, they significantly increase the storage associated with e-mail. Software that prevents the delivery of massive amounts of spam throughout the organization's network reduces the resources needed to support mail services.

These technical solutions will never be 100-percent effective. Just as in the antivirus arena, it's a constant war between the spammers and the anti-spammers. It's very easy to forge any portion of a mail message. Any part of an e-mail address can be changed randomly, making it more difficult to detect. Most bulk e-mail is generated with less sophisticated technology and is easily filtered. So for now, the e-mail filtering products work quite well.

Don't Overreact

As with most issues I write about, I urge readers to keep a balanced perspective, Sure, it's annoying to have to deal with large amounts of spam, but it's usually a manageable task. Many of the alternatives take even more time or can keep you from receiving the messages you want. I would much rather err on the side of getting too much e-mail than miss some piece of important correspondence.

Permalink:  
View Citation
Publication Year:2002
Type of Material:Article
Language English
Published in: Information Today
Publication Info:Volume 49 Number 8
Issue:October 2002
Page(s):42-43
Publisher:Information Today
Place of Publication:Medford, NJ
Notes:Systems Librarian Column
Subject: Open source software
ISSN:8755-6286
Record Number:10345
Last Update:2012-12-29 14:06:47
Date Created:0000-00-00 00:00:00