Department of Information Technology | Security Tips: Living with Junk e-mail (spam)

| Metro State Home | Information Technology Home |

Services
Help Desk
Training
MetroConnect
Procurement
Faculty Services
Web & Instructional Technology
MetroNet
Policies

Computer Labs
Information
Services
Hours
Policies
Contact

Security
Information Security
MetroProtect
Security Policies
Security Forms
Virus Alerts

Office of the CIO
Chief Information Officer
Management Team
Staff

Security Tip: Living with Junk e-mail (spam)

Everyone who uses e-mail eventually has to deal with unwanted e-mail or junk e-mail (often times called spam.) E-mail isn't the only target of spam; spam is also sent to fax machines, text pagers, via Instant Messaging and posted on Blogs and Wiki's. A 2004 survey estimated that the loss in productivity caused by spam cost businesses over $20 billion annually. This estimate does not include the costs of network bandwidth, storage capacity for InBoxes or spam filtering technology.

This past week (Oct 19, 2007 - Oct 25, 2007) Metro State's spam filters processed 2,037,977 incoming e-mail messages, but only 561,001 messages were passed through to users' InBoxes. That means that 72.5% of all incoming e-mail this past week was blocked by the College's spam filters! It's not possible to filter out all spam mail - some of it will always slip through.

Spammers send junk e-mail because it is both effective and because there is very little cost to them. But, junk e-mail is more than just annoying, much of it is very offensive by most standards, and some of it is actually dangerous. Spam is used by pornographers to advertize pornography for sale, fraudsters to commit financial fraud, identity thieves to commit identity theft, spread viruses and worms, and to infect more computers with spamming software (spam BOT).

Spammers use a variety of methods to collect e-mail addresses. Many companies sell or trade the e-mail addresses of their customers. Spammers will join e-mail list servers to collect the e-mail addresses of people posting to the lists. They run programs called "spiders" that search through Web sites and collect e-mail addresses found on Web pages. A particularly hideous technique is to infect peoples' computers with malicious software that searches the infected computer for e-mail addresses and sends the addresses back to the spammer!

Most spam e-mail is sent from computers that have been infected with malicious software generically called a "spam BOT" (robot). The most prevalent spam BOT software in 2007 is called the "Storm Worm". Computers that are infected with a spam BOT are remotely controlled by the spammer (called a BOT herder) without the knowledge of the computer owner. Spam is also sent from free e-mail accounts such as Hot Mail or Yahoo Mail. These accounts are used once to send out spam mail then they are abandoned. The FROM e-mail address on spam mail is almost always a phony e-mail address or a forged e-mail address. The FROM address of spam mail is vary rarely the real address of who sent the message.

It's not possible right now to eliminate all junk mail. Spam mail is going to stay with us for some time to come. There are a few simple precautions you can take to help protect your e-mail address and your computer from spam.

Be cautious when giving out your e-mail address. Know who you are giving your e-mail address to, why they need it and what it will be used for. Ask about their privacy policy and opt-out policy.
Ask your Internet provider if they offer a spam filtering service.
Many newer e-mail programs such as MS Outlook and Thunderbird have simple spam filtering capabilities built into them which can be enabled. Some Web based e-mail services also have basic spam filtering features that can be enabled.
Set your e-mail program to not display images (pictures) when they are embedded inside e-mail messages.
Disable JavaScript and ActiveX in e-mail messages.
Always be very cautious of e-mail attachments. Generally you should not open an e-mail attachment unless all of the following are true:
- You know the sender and have received legitimate e-mail from them in the past.
- The subject line makes sense to you.
- The text of the message makes sense to you.
- You were expecting the sender to send you a file attachment.
- You know what the file attachment contains and why it was sent to you.
- You have a good quality, up to date anti-virus scanner installed and running on your computer.
Never reply to junk e-mail. Never click on any links in junk e-mail. And never call any phone numbers found in junk e-mail.
Train yourself to recognize junk e-mail in your InBox and delete it without opening it. Spam mail should just be deleted.
Use a second e-mail address from a free email service when signing up on Web sites, answering on-line surveys, or posting to news groups or Blogs. You can abandon the second account when it becomes deluged with spam. Many Internet providers give you the option to create an "e-mail alias" for such a purpose.