Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

Cutting Spam out of the Email Diet

Wednesday, July 29, 2009 14:49

With the advent of email came the evolution of the junk-mailer to spam-mailer. Spam is unsolicited email, usually with the aim of selling some product or service to the receiver. Often spam can contain, or link to, malicious content with the intent of compromising the victim’s computer.

Most email providers provide some spam protection, common filtering to weed out the most common spam. Read up on how your provider’s spam filters work. Many email clients also come with basic spam filters that are configurable. Read up on your client’s filter to better remove spam from your inbox.

Avoid unfamiliar mailing lists. Often, you don’t know the maintainer of the list, so you don’t know how well the list could be protected. Also, the list could close and you don’t know what might happen with the database of email addresses that they’ve collected.

When signing up for an online service, especially with a commercial entity, be sure to read the TOS, especially their privacy policies. Though public opinion has made companies averse to the practice, selling mailing lists to third (unknown) parties isn’t unheard of, again, if the list is closed, or the business goes under, the fate of the addresses on that list is unknown.

Remember, no spam filter or service is perfect. Spammers are constantly changing tactics to try and avoid filtering. With a little work you can cut your diet of spam down considerably.

Simple steps to combat spam:

  • Don’t respond to unsolicited emails. Even to “opt out”. This just confirms to a spammer that the email address is valid.
  • Don’t click on links or open attachments in unsolicited email. More often than not this can lead to malicious compromise of your computer.
  • When signing up for online services 1) Read their privacy policy 2) Un-check/opt out of mailing lists and/or offers via email. Also, be sure to opt out of allowing the service to share your info with 3rd parties (if available).
  • Never respond to/pass on “chain letters”.