Stamp out spam emails

Fed up with unsolicited email? We’re going to show you how to reduce that flood of spam to a trickle

Every now and again, new technology throws something unimaginably irritating into the mix of modern life. People playing music through their mobile phones on the bus. Those self-scan checkouts in supermarkets that never recognise the last item in your trolley.

And, for those of us who use email: spam. No, we’re not talking about the canned luncheon meat, we’re talking about the emails you didn’t ask for – and don’t wish to receive – from companies and individuals offering discounted Viagra, touting get-rich-quick schemes or stock market scams, sending offensive messages and advertising pornography.

Spam is now so widespread that it accounted for an estimated four in every five emails sent worldwide at the end of 2006. Spam is up there with pop-up adverts on every web surfer’s list of most-hated things.

In this feature, we’ll explain why we receive spam and what you can do to stem the flow of junk into your inbox.

Why spam poses a danger
So how does spam find its way into your inbox? People who send spam – we’ll call them spammers – collect email addresses in different ways. One way is by good old-fashioned guesswork. This is more high-tech than it sounds, using specially developed software to generate likely email addresses by putting together known forenames and surnames, often using webmail domains, such as @hotmail.co.uk.

Using this method, the likelihood of sending emails to addresses that don’t exist is high, but as spammers don’t have to pay postage costs to distribute their unwelcome correspondence, there’s little to discourage this.

Another type of software beloved of spammers uses technology similar to that used by search engines. Instead of picking out keywords, it scours the web for email addresses posted in newsgroups and on websites. They may also buy email address lists from other spammers or from unscrupulous companies that misappropriate personal information users provide online when they sign up to a service. This is illegal in the UK, but proving where a spammer obtained an address is nigh-on impossible.

OK, so it’s annoying to have to delete a load of old tosh from your inbox every time you want to check your email, but is there anything really sinister about spam? Well, yes. Spam can contain and spread computer viruses. It may – and frequently does – contain offensive material and images. It can contribute to online fraud, including phishing scams, where an email that appears to have been sent from the recipient’s bank, for instance, asks them to ‘confirm’ their account number or email. We’ll look at how spammers can successfully assume the identity of a legitimate company via email in just a moment.

The tactics of spammers
To effectively identify and protect yourself from spam, it’s important to know why it’s sent and what its hallmarks are. Spam emails usually try to sell you something that usually sounds fairly improbable. Beware of emails from senders that you don’t recognise offering things such as discounted medication or cheap software.

Some spam messages appear to be complete gobbledegook and are often little more than strings of random words that convey no coherent message. This is because some spam is sent to check if your email address is real and in use. These typically contain a tiny image embedded somewhere in the body of the message that isn’t visible to the recipient.

The image is stored on the spammer’s website and when the message is opened or viewed in the preview pane of an email application, that email application visits the website to retrieve the image. This tells the spammer the message sent to your email address has been viewed and that the address is active. Once an email address is known to be real, it becomes valuable to the spammer, either to use or to sell on to other spammers.

It’s also possible to harvest email addresses from email chain letters. As well as emails promising luck if you send them to five friends within the hour, there are those promising a free iPod if you forward them to 10 people, as well as those warning of fictitious viruses and improbable personal safety warnings. As the forwarded email addresses become embedded in the email’s history, this will provide a bumper crop for the spammer behind it.

How to spot spam
Identifying spam amongst legitimate emails is made trickier because spammers commonly use a technique known as spoofing to retain their anonymity.

Spoofing makes it appear that an email has been sent from a completely different email address to the one it has really been sent from.

The spammer changes the information attached to the email – called the header – that shows where it originated from to make it look like the email has been sent by someone else.

Sometimes this email address is non-existent, but sometimes the spammer will have guessed at an email address that is actually in use. So the first the real owner of the email address knows about it is when they receive irate, and often not particularly polite, messages from strangers demanding they stop spamming them.

Be aware that it’s not just the name at the start of an email address – the Joe.Bloggs bit – that can be spoofed. Looking for a credible or recognised domain – the bit after the ‘@’ – in the From: line of an email isn’t enough to guarantee its authenticity. Spammers are also able to spoof domains, which is why in a phishing scam, the fraudster can pose as a company the recipient does business with.

However, there are various hallmarks of spam emails that can be used collectively to help identify spam. In unsophisticated cases, the email address in the From: field is often a bit of a mess, containing an email address that is often just a random string of letters and numbers followed by a webmail domain.

For instance, sf3ffwr23w@hotmail.com. Let’s face it, that wouldn’t be your first choice when signing up to an email service. Also look out for email addresses that appear to have been sent from different email addresses, but have identical subject lines or ones that make no sense.

While the majority of email programs have built-in spam blockers, there will be the odd piece of digital junk that repeatedly breaches security and makes it into your inbox. In this case, the most effective means of prevention is to block emails arriving from a specific sender or domain, also called a fixed address. To do this in Outlook Express, click on a message from the sender that you want to block. Then, in the Message menu, click Block Sender. Now any email you receive from this sender will automatically find itself in your Deleted Items folder.

Adding names to the Block Sender list in Outlook produces the same result, but requires a slightly different process. Click Options within the Tools menu and, on the Preferences tab, under E-mail, click Junk
E-mail. Now click the Block Sender tab and then Add. Within the box ‘Enter an e-mail address or Internet domain name to be added to the list’, type in the offending email address, then click OK. Alternatively, right-click the unwelcome email and click Junk E-mail to add the sender to the Block Sender List.

Get your settings on-side
Thunderbird users can also customise how junk email is received and dealt with. If the Junk filter is enabled (go to the Tools menu, then Account Settings, then Junk Settings, then ‘Enable adaptive junkmail controls for this account’), all suspicious email will carry a green junk icon, leaving you the choice of deleting it, or clicking the button ‘This is not Junk’.

In the case of the latter, future emails from that sender won’t be treated as spam. Within the Junk Settings menu there are further options to move new spam to a Junk folder (recommended) automatically and to delete junk mail older than a specifiable amount of time. To prevent trusted emails being marked as junk, there’s also the option to ‘Not mark mail as Junk if the sender is in your personal address book’.

It’s also possible to train Thunderbird to identify what’s spam and what’s not. To do this effectively, you’ll need to mark all mail as either Junk or Not Junk by right-clicking the message and selecting the corresponding option from the list. The associated keyboard shortcuts are J for Junk and Shift and J for Non Junk. And the more you teach Thunderbird, the more Junk will automatically find its way into the Junk folder. Don’t forget to check the Junk folder occasionally to ensure it’s doing its job properly.

Outlook Express can also be trained, but in a different way, using Message filtering. Rather than simply blocking a sender, as discussed earlier, you can instruct Outlook to deal with certain email in a certain way.

Within the Tools menu, click Message Rules, then Mail. Create a new ‘rule’ for the program to follow by clicking the New button and selecting certain conditions and actions. For example, you could select the following Condition: ‘Where the Subject line contains specific words – loan, Nigeria, increase’ and the following Action: ‘Move it to the specified folder – Junk’.

But there’s no need to settle for the spam filters built in to email applications such as Thunderbird and Outlook. Most of the main internet security suites, such as AVG Internet Security, Norton Internet Security, McAfee Internet Security Suite, Panda Internet Security and even Tesco’s budget Internet Security suite, include anti-spam tools.

Some ISPs also offer a spam filter, either run by the ISP itself or using elements of the packages offered by the big names in PC security. These check incoming mail for spam and separate these messages from legitimate mail before they even get to your inbox. You’ll often have to pay extra for anti-spam tools. Tiscali, for instance, charges £5.99 a year for its spam filter. Contact your ISP for details of the protection it offers.

Safeguarding webmail accounts
There are plenty of ways to protect your webmail account from spam, too. We’ll take a moment to look at the spam filtering tools offered by three of the most popular webmail services: Windows Live Hotmail, Yahoo and Google Mail.

In Windows Live Hotmail, select Options, More Options. Click on the Filters and confirmation link to select a level of spam filtering and other spam settings. Click the Save button to apply your preferences. By clicking on the Safe and blocked senders link, it’s possible to construct a list of approved senders whose mail will always be allowed through the spam filter, draw up a list of senders from whom mail will always be blocked and, if you subscribe to newsletters, specify which group mailings should be allowed through.

Windows Live Hotmail will automatically send suspected spam to the Junk folder. Click on this to check which messages have been quarantined and restore any that have been misclassified using the Move to, Inbox option. To report a message in the Inbox as spam, check the box to the left of it and click the Junk button.

With Yahoo and Google Mail, it’s possible to report spam, check on quarantined messages and restore wrongly quarantined emails in much the same way. Yahoo Mail has its own spam blocker called SpamGuard. To specify any email addresses you never want to receive mail from, select Mail, Mail Options and click Blocked Email Addresses. Next, enter the addresses one at a time in the Add a blocked address textbox and click the Add button.

Upgrade to Yahoo Mail Plus and you can protect your email address from spam using disposable email addresses to sign up to new services. If a disposable address starts to attract spam, delete it. Any future messages sent to this address will be bounced back to the sender.

When using Google Mail, it’s also possible to create a bespoke rules-based filter to send emails from certain addresses containing certain keywords, or that have attachments, directly to the Trash folder. To do this, click on the Create a filter link located to the right of the search textbox on any Google Mail page. Enter email addresses you don’t want to receive emails from, subject lines of emails that should be sent straight to Trash or keywords Google Mail should use to block messages. Click the Next Step button and on the next screen check the Delete box, then click the Create Filter button.

Safety in numbers
You might have been brought up to believe that it’s not nice to gang up on an yone but let’s pull no punches here – spammers deserve it. The good news is that there are several online anti-spam initiatives that take a collaborative approach to raining on the spammers’ parade. You can join in the fun at Spamcop (www.spamcop.net), a website that determines where unwanted emails have been sent from and then alerts the relevant internet service providers to the fact that their networks are being used by spammers. Spamcop also has its own email service, which costs $30 (£15) a year.

Cloudmark Spam Net (www.cloudmark.com) is also based on a collaborative approach to spam filtering, relying on users to report junk emails to update its ever-expanding database of known spam.

Know your rights
You’ll be pleased to know that there are laws governing what companies can and cannot do when it comes to sending marketing information by email. These laws are set out in the terms of the Privacy and Electronic Communications Regulations, which state that an organisation must obtain your consent prior to contacting you with any unsolicited information about its products or services.

This consent may have been obtained when you previously bought a product from the organisation, but you must be given the opportunity to unsubscribe in every email you’re sent – typically via an unsubscribe link. If you have asked to unsubscribe, or ‘opt out’, and the organisation fails to comply, then you can complain to the Information Commissioner’s Office.

As the regulations only cover email marketing within the EU, and as most spam originates from outside the EU, we’d advise you to think carefully before checking the box that says you are happy to receive email marketing from ‘carefully selected third parties’ whenever you buy something online.

Zombies!
It might not be as gruesome as the name suggests, but if you fail to protect your computer from hackers, you run the risk of spammers hijacking it to send out junk mail, entirely without your knowledge. In fact, a large proportion of spam these days comes from so-called Zombie computers.

With always-on broadband connections becoming ever popular, infections have become all the more common. To stay safe, equip your PC with a Firewall and ensure it’s regularly updated with the latest software definitions. If you’re using an older computer, check its firewall is up to date ­ the more protection you can give it, the better the chance of it staying uncontaminated and your internet connection running at full speed.

All black and white
It’s worth making sure that any messages from people you do want to hear from get through all of those spam countermeasures.

That’s why it’s a good idea to set up a whitelist of addresses you definitely want to hear from, as well as a blacklist of addresses that have sent you spam.

If you want to find out more about these, take a look at our feature on black and white lists.