Handling Email SPAM

From Info Wiki
Jump to navigationJump to search

Some call them spam. Others call them scams. But they both amount to the same thing: unwanted e-mail, some with the potential to fool you into taking an action you might later regret.

What is Spam

Wikipedia defines spam: "Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately" The term "spam" covers many different styles of unsolicited communication.

You should be suspicious of e-mails, texts, or social media messages that arrive:

  • without a subject
  • from a sender you do not know or recognize
  • offering something too good (even $20 or $50 for a survey) to be true
  • without greeting you by name
  • containing poorly written English or typos
  • having a file attachment of any kind
  • containing a link that, when you hover over it with a mouse, displays a link that seems inappropriate in the context
  • containing a link inviting you click - unless you have a very good idea where it will lead you
  • asking for your personal details.

Also be suspicious where the "To:" list is "undisclosed recipients" but the e-mail attempts familiarity - "with the same last name as you".

When in doubt, delete.

While this page is about e-mails, don't lose sight of spam that comes from web browsing. Offers of 'free' toolbars, registry cleaners, things to brighten your teeth or reduce flatulence are to be avoided because the offerings are often not what they seem. These often come when you are installing a new app or utility. We tend to fly through such installs, and may regret this later on. Keep your wits about you.

What Can You Do About E-mail Spam?

  • Given that preventing Spam is extremely difficult, you can take steps to try and reduce the impact of spam on yourself. However nothing you do can stop it completely (unless you simply decide not to accept any form of electronic communication). Also note that the more effort you make to block spam, the more likely it is that you will also block a fraction of legitimate messages to yourself.
  • Make use of your ISP's anti-spam measures. Different ISPs employ varying amounts of spam counter-measures, depending on their resources and philosophy on to what extent they believe in "intercepting/analyzing" their user's e-mails. However, please note that whilst PCUG/TIP utilize some anti-spam measures, we do not employ spam filters that scan the message content, as this requires greater system and administrative resources than we have available. Brief details of the measures we use are given on the TIP Wiki Spam page. Or you can try:
    • Make use of the spam filtering capabilities of your e-mail client. Many e-mail clients come with spam filtering capabilities. However you need to activate and train these to make use of them. Once enabled, you need to tag messages as spam or not spam so your program learns your selection process. With sufficient training, this can help classify e-mails fairly well. The disadvantage of this approach is that this classification is done on just one system, and doesn't help if you use several systems, and/or webmail to access your e-mail.
    • Forward your e-mail to another ISP, or to a large web e-mail provider (eg. gmail, yahoo, hotmail) who have the resources to run more agressive and nuanced e-mail filters, and then access and read your e-mail from this site.
    • Use something like Mailwasher...it can stop problem e-mails even getting to you. you will need to 'train' it for what you like and don't, to avoid blocking genuine e-mails.

A short lesson in looking around for yourself...

Here's a recent e-mail that came via Outlook:

Fig. 1

Things looked pretty normal at first, allowing for the small typo. A Verizon user (Verizon is a large communication company) had created a Google document, and wanted to share it. But then I passed the mouse pointer over the link, and the popup box told me that it would take me to 'latinamericainvest.com' where the reader would be connected to a Wordpress file.

By now my suspicions were raised, so I went to look at the headers of the e-mail.

Fig. 2

This looked more useful. The rule here is to read up from the last line. Now, the things to note...

  1. The e-mail, purporting to come from Google, was written with Outlook Express - Microsoft's free (and deprecated) e-mail client. That certainly seems not to fit with what Google would use.
  2. "From" looks like the topmost line, and is just meaningless and is often a fudge because...
  3. Here is where any reply will go. It might be real, but there's no guarantee of that. But look and see if it matches the supposed sender - a mismatch should ring bells.
  4. These are the transmission 'hops', where the file gets passed along the chain to you. Not a lot of interest, but if you want to know where point 3. originated, put the URL (in this case 216.59.19.48) into something like http://whois.domaintools.com/ you will find it.
  5. Another 'hop'
  6. TIP found this came from an source unknown to it, so requested a resend. This is 'greylisting' which TIP has in place.

That's not the sum total of what you might find in a header. But if you do read one, break it up into parts and try to see just what has been delivered to you. If you find anything worth sharing, please post it here.

Finding headers

Open the e-mail you want to inspect, then:

  • In Microsoft Office Outlook, looks for Tags on the ribbon, and click the small downpointing arrow in the lower right-hand corner of the Tags panel
  • In Thunderbird:
  1. For the open e-mail, select View Source from the Other Actions menu
  2. To reveal all headers that you open subsequently, click on View in the top menu, then Headers then tick All
  • In Windows Mail, Live Mail and Outlook Express:
  1. Highlight the message of interest
  2. Right click on the message
  3. Select Properties in the context menu
  4. Switch to the Details tab
  • In Evolution, click on View in the top menu, then All Message Headers
  • In Forte Agent, tap the H key
  • In Claws-Mail, do Ctrl+H
  • In Pegasus Mail, right-click on the message and select Message headers... from the window that opens.
  • In Mac Mail, click View, select Message/All Headers

Odd things

Google's Gmail service omits the sender IP address information from all headers. Instead, only the IP address of Gmail's mail server is shown in Received: from. This means it is impossible to find a sender's true IP address in a received Gmail.

Microsoft's Hotmail service provides an extended header line called "X-Originating-IP" that contains the sender's actual IP address.

E-mails from Yahoo contain the sender's IP address in the last Received: entry.