Wednesday, May 25, 2005

so, who's trawling for spam today ?

Stop Spam Harvesters, Join Project Honey Pot
Spam is a funny thing. No-one really wants it yet it still keeps turning up. It may be selling V-i-a-g-r-a or phishing for our credit card details or (my favourite) anti-spam services and we (hopefully) delete it straight away (or better yet, report it to SpamCop).

Spam works because they seem to have a robot army as large as the Google web crawlers just out there looking for idiots who post their email addresses in public or sign up with companies who they know nothing about - and never read their privacy policy (and then wonder why they get swamped with spam).

The good folks at ProjectHoneyPot are hoping to add accountability to the various spiders and spammers by seeding tracable email addresses. I've installed HoneyPots on a number of sites I work on with some interesting results. Every little bit helps !

Of course this doesn't help protect you from the friends who don't know how to protect their machines yet include your email address on every funny email they send out (haven't you heard of mailing lists and BCC yet guys) - all it takes is one of those to get an infection that trawls for email addresses to share with the spammers... (don't get me started on why everyone without an active and up-to-date firewall and anti-virus installation shouldn't be allowed on the web !)

There are some very good services that offer 'disposable' email addresses. My personal favourite is SneakEmail - they allow you to set up multiple forwards and tag the generated email address with when you created it, why you set it up and where you used it... the if someone spams the address just throw it away (and never do business with the site you used it for again !). You can trial it for free or pay for a (very cheap) subscription to help support the service.

SpamCop, mentioned above, offer a fairly complete service - a filtered email account that you can access via POP3 or IMAP4, and that is able to suck mail in from your existing accounts. It cleans your inbox using several blacklists, and helps automate the process of reporting complaints to ISPs hosting the spammers (sometimes they even listen !)

Bluebottle offer a different solution by only allowing mail through to you after a user has responded to a challenge (only once - if they jumo through the hoop the first time mail is clear to get to you, or you can pre-approve them by sending a mail to them from the Bluebottle server or giving them a secret PIN to include in the subject line of the first email they send you). Some people don't like the idea of generating challenge-response emails but if your mailbox is out of control it can help reduce your problem (although Joe Job victims suffer).

You can also spoil spammers days by using an anti-phishing toolbar - stops you falling into one of their traps.

Hopefully the moves to provide assured safe email frameworks will reduce the problem... but for now.... you need the tools to fight back !

No comments: