I use Thunderbird and the email address supplied by my ISP. I have a couple of anti spam programs (Kaspersky and Cactus). They successfully put my spam in my junk folder, which I find necessary because, very rarely, a genuine email is classified as spam, so I need to retrieve it.
I have been getting the same or very similar spam emails for years. In the past few weeks, the volume of spam has increased, but the number of senders hasn’t. For example I get a lot from aim.com who seem keen to supply me with Viagra. I also get a fair number from spammers from me (from my email address). How do they manage to hijack my email address, and should I be worried about it?
My daughter uses hotmail and gets no spam, and isn’t aware of loosing any genuine emails. How do hotmail do it, and why can’t I?
So: there isn’t anything I can do to actually stop receiving spam, is there? Voodoo curses, exorcisms…I’ll try anything.
Let me start with something simple you mention: An email “from yourself”. Email headers are trivially forged. I can send you an email from BObama[at]whitehouse.gov no problem. Spammers send email “from you” as it is unlikely you want to add yourself to a spam blocking list. (So you can receive bounced emails, notes to self, etc.) There are methods for “certifying” an email message is not faked, however…
There are thousands of different email clients and servers. Each and every one would need to incorporate a certification check. Given the major competing groups in software, ain’t going to happen among the big players, let alone the little ones.
And that’s just making the header trustable. There’s dozens of other issues not involving headers that are part of the problem.
Keep in mind that one person’s spam is another person’s genuine email. I am on the mailing lists of dozens of companies who I have not had anything to do with in years that still think that sending me weekly emails is exactly what I want. Any general effort to label these things spam will never happen. I know it’s spam, you know it’s spam, but the companies don’t think it’s spam. And since the companies have $, any system-wide method that stops it is impossible.
It is also international, so laws are less than effective.
ftg is right about the email from yourself. Do you use Outlook Express? When you (or whoever) set it up, it asked you what your name is and what your email address is. It did nothing to verify those details, it just accepts whatever you type in. At any time, you can update and change those details to something completely different and it will accept that too. That’s how simple it is to fake the apparent sender of an email - just tell it whatever you like when it asks who you are and what your address is. It doesn’t mean that they can access your mail account or intercept/receive your mail because a password is required for that part, but the display name and address are whatever you say they are.
Spam was always going to be a tough thing to fight. Once spammers have your address, you’ll never be free of them because they on-sell your address to other spammers. The only thing you can do is abandon an over-spammed address and get a fresh one. Choose something that’s long and oddly-formatted if possible - a lot of spammers guess addresses and will try a bunch of different words @yourdomain dot com. What do they care if they guess non-existence addresses? The cost of sending each message is so trivial as to be non-existent, and they never use their real address as the reply address so they don’t get bombarded with bounce messages (in fact, as a bonus for the spammers, they often put the email addresses of people they don’t like as their return addresses, rendering their addresses and often domain unusable because of the amount of bounce traffic and abusive emails that hits them. It’s called a Joe Job).
You want to avoid spam as much as possible? Pick an email address they are unlikely to guess - longer addresses, with numbers in random places within the address rather than just at the end. Then be very secretive with it. Do not use it on websites that you don’t entirely trust - get a disposable address for things you’re not sure about (Gmail, Yahoo and Hotmail give email addresses away for free - take advantage). Blast your friends for not using BCC when they send out group mails until either all your friends comply or you run out of friends. Never post your address on the web if it will appear in a form that could be harvested by a bot that just reads the page and looks for things in the general form of (something)@(something).(com). Also remember that some spambots look for phrases like NOSPAM and strip them out of things that appear to be email addresses, so be creative when disguising your address.
Hotmail receives millions of emails per day. They can spot when thousands of users get the same (or substantially similar) emails, and they get classified as spam.
Spam cannot be stopped. But it could be substantially reduced. Most spam is generated by botnets - large networks of compromised home computers controlled by criminals (based overseas). These computers have residential IP addresses and connect using ISPs all round the world. To reduce spam, ISPs can block outgoing unauthenticated SMTP at their gateways. This would stop most botnet generated spam immediately, and there are technical solutions for those on residential ISPs who need outgoing SMTP capability. When the control servers for one major botnet were recently closed down, spam levels dropped significantly. Unfortunately, the botnet had a repair facility built in and the system re-established itself shortly after - I believe that the attempts to shut the botnet down are continuing.
I guess your daughter does not have an easily guessable address like commonfirstname.commonlastname@hotmail.com, has not published her e-mail address anywhere on the Web, and has not given her e-mail address to any site that sells their customers’ e-mail addresses to spammers.
I’ll note that when you use G-mail, spam problems drop precipitously. (To be more accurate, the problems shift from the receiver to the shoulders of the smart folks at Google, who do an excellent job).
I’ve read of proposals whereby delivery of an e-mail would cost the sender something like $.001, paid to the receiver, with the receiver able to elect to waive the payment in the case of wanted e-mails. This would be a trivial financial burden except in the case of those sending millions of unwanted e-mails a day.
I must admit I wasn’t aware that they just guessed email addresses. Mine is very plain. (To the extent that I was recently speaking to a technical support person who was astonished that my email address was so simple).
The only web sites (that I can remember) where I have posted my address have been ones that claim they don’t distribute them: like here and other reputable forums and shopping sites. But I guess it only takes one mistake, and that’s it - you’re in their clutches for ever.
As I noted above, no spammer uses their own servers and bandwidth to send emails (they would be cut off or blacklisted immediately) - they hijack other peoples computers and use them. So micropayments can not and will not work.
It is the volume of traffic that Hotmail and Google get that gives them the ability to identify spam, plus they have lots of optimised hardware to throw at the problem. An ISP does not have the same level of resources to throw at the problem.
Google actually ‘reads’ the contents of the email. They analyze it for keywords so that the ads you see are targeted based on the content of the email. That’s how they make money on Gmail. I believe this also gives them an advantage in detecting spam, which is why Gmail’s spam detection is so good.
Oh, I see. So all spam goes in to a spam folder like any ISP? I somehow had it in my head that Google somehow was actually better than them. My anti-spam doesn’t stop spam, but detects I’d say 99% of it and redirects it to another folder. So Google and Hotmail are just the same?
They work on a classification system. If an email hits all the correct triggers, it will be classified as really spam and deleted. If it triggers very little, it goes in the inbox. Everything inbetween goes in the spam folder.
Not to push this, but if a friend who hasn’t previously emailed me sends me an email recommending me the Viagra he used last night, and where he bought it from, I wouldn’t get it - at all?
Disclaimer: this post in no way implies anything at all about my, or my friends’ sexual prowess.
ISPs blocking outbound SMTP. This would be a bad thing for me, as I use it legitmately. Of course not every home user has a PhD in Computer Science, but I object strenuously to any control on any port. When I buy an Internet connection, I want the whole net.
When Gmail started, I got a secondary address. I soon started getting spam, lots of spam. The only place I had given that email address to was the local library. Most likely an employee is selling users’ email addresses to spammers. This is a great way of making money. (A bit less likely is that an outsider broke their security and is skimming their database.)
Keep in mind that you not only have to trust an organization with your email, but also trust its employees. (Yeah, right.)
(Meanwhile my tertiary Gmail account gets zip spam. Nada. Never.)
The the email disappears and you probably never know it was gone. Unless the sender asks about a particular message you will probably never know if things got lost.