Tuesday, 28 April 2009

How does spam find it's way into your inbox?

Having recently been plagued with a swathe of spam, I decided to investigate how and why I was receiving these unwelcome messages.

People who send spam - spammers - collect email addresses in different ways. One way is by good old fashioned guesswork. This is more high-tech than it sounds, using specially developed software to generate likely email addresses by putting together known forenames and surnames, often using webmail domains such as @hotmail.co.uk. Another type of software beloved of spammers uses technology similar to that used by search engines. Instead of picking out keywords, it scours the web for email addresses posted in newsgroups and on websites. They may also buy email address lists from other spammers, or from unscrupulous companies that misappropriate personal information users provide online when they sign up for a service. This is illegal in the UK but proving where a spammer obtained an address is nigh-on impossible!

Spam often contains offensive material and images and can contribute to online fraud, including phishing scams (where an email that appears to have been sent from the receipient's bank, for instance, asks them to "confirm" their account number or email). To effectively identify and protect yourself from spam, it is imortant to know why it is sent and what its hallmarks are. Often they try to sell you something fairly improbable and beware of emails from senders you don't recognise offering things like discounted medication or cheap software!

Some spam messages appear to be complete gobbledegook and are often little more than strings of random words that convey no coherent message. This is because some spam is sent to check if your email address is real and in use. These typically contain a tiny image embedded somewhere in the body of the message that isn't visible to the recipient. The image is stored on the spammer's website and when the message is opened or viewed in the preview pane of an email application, that email application visits the website to retrieve the image. This tells the spammer the message sent to your email address has been viewed and the address is active. This is valuable to the spammer, eithe to use or to sell on to other spammers.

It is also possible to harvest email addresses from email chain letters. As well as emails promising luck if you send them to five friends within the hour, there are those promising a free iPod if you forward them to 10 people, as well as those warning of fictitious viruses and improbable personal safety warnings. As the forwarded email addresses become embedded in the email's history, this will provide a bumper crop for the spammer behind it.

How to spot spam

Identifying spam amongst the legitimate emails can be quite difficult because spammers commonly use a technique known as "spoofing", to retain their anonymity. Spoofing makes it appear that an email has been sent from a completely different email address to the one it has really been sent from. The spammer changes the information attached to the email - called the header - that shows where it originated from, to make it look like the email has been sent by someone else. Sometimes the email address is non-existent, but sometimes the spammer will have guessed at an email address that is actually in use. The first time the real owner of the email address discovers this is when they receive irate messages from strangers demanding that they stop spamming them.

Be aware that it's not just the name at the beginning of an email address - the John.Smith bit - that can be spoofed. Looking for a credible or recognised domain - the bit after the '@' - in the From: line of an email isn't enough to guarantee its authenticity. Spammers are also able to spoof domains, which is why in a phising scam, the fraudster can pose as a company the recipient does business with.

There are, however, various hallmarks of spam emails that can be used collectively to help identify spam. In unsophisticated cases, the email address in the From: field is often a bit of a mess, containing an email address that is often just a random string of letter and numbers folowed by a webmail domain, eg
sf3ffwr23w@hotmail.com. Also, look out for email addresses that appear to have been sent from different email addresses, but have identical subject lines or ones that make no sense. While the majority of email programs have built-in spam blockers, there will be the odd piece of digital dirt that repeatedly breaches security and makes it into your inbox. In this case, the most effective means of prevention is to block emails arriving from a specific sender or domain. See how to do this.

How to filter your email.

No comments: