Administrative Offices
Office of Information Technology return to Connecticut Community Colleges home page

Overview

Committees
ITPC
ISRAAC
ISPO Advisory Group
ISPO Working Groups
Report Incident
CCC Policies & Procedures
News
Commnet News
Alerts
Arrow - This section is ONSecurity Resources
Training
9
Contact Us
CT Community Colleges - Information Security - How to Deal With Spam
How to Deal with Spam

What is spam?

If you have an e-mail account, you have become very familiar with what spam looks like. Spam, junk e-mail, unsolicited commercial e-mail (UCE) and unsolicited bulk e-mail (UBE) all mean the same thing: it came to your inbox from someone you don't know and you didn't request it. Here's an example:

From: SteadyMonthlyPayments<xxxxxxxx@msn.com>
Subject: Earn 36% on your money ! Interest Paid Monthly !
Date: Wed, 5 Sep 2001 16:24:15
 
MAKE 36% ANNUALLY,
paid 3% monthly through Fully Secured        
Account Receivable Acquisitions.  
     
Discover what banks have been doing for decades.         
Harness the power of Fully Secured         
Account Receivable Acquisitions.       
 
There is no cost or obligation.
 
http://www.xxxxxxxxxx.com/optin/usa10k/index.htm        
for Free In-Depth Information Package. A safe haven         
making strong returns. 10K Minimum.  
      
Must be USA or Canadian Resident and over 21
********************************************************
be removed :
by sending a reply to who@whoever.com
with the word remove in the subject line.
*********************************************************

The above example is a very common spam message. One that doesn't offend you, but it is annoying none the less. Especially when you receive spam often.

Why do people even send spam like this? You'd think if someone DID want financial help, they certainly wouldn't get help from an e-mail message, right? Sending 10,000 e-mail messages is just as easy as sending a single e-mail message. So spammers send 1,000's of e-mail spam at a time knowing that a very small percentage of the recipients will respond. They will profit from that very small percentage because the spammers are not the ones incurring the cost of their advertising. The companies that provide them with Internet service (ISP) and the recipients of the spam are the ones who incur the cost of spam. More reasons why spam is bad can be found at abuse.net's website: http://spam.abuse.net/overview/spambad.shtml

Although spam itself may not be illegal (depending on what state you are in), the contents of the spam may violate a state or federal law. You can read more about this in the section "What to do about spam".

What NOT to do about spam!

  1. NEVER reply to the person who sent you the spam. You want to complain to the person's ISP, not to the person who sent you the spam. You can read more about this in the section "What to do about spam". Most likely their e-mail address is forged anyway and it will just bounce back to you in the end.
  2. NEVER reply to the "remove me from this mailing list" URL or username sometimes included at the bottom of spam messages. Spammers use this technique to weed out e-mail addresses that reach real human beings. For example, a spammer will send a spam to 10,000 people. Let's say 3,000 of them respond to the "remove name" link at the bottom of the spam. Those 3,000 e-mail addresses are now added to their spam database that will be used more often because they know it is going to reach a real person. Therefore, the more REAL e-mail addresses they have, the more REAL people they reach.
  3. NEVER threaten, retaliate, mail bomb, vandalize or hack into their site or try in any way to illegally bring down the spammer. Remember, that you may be directing your anger at an innocent third party where you think the spam came from. Spammers do not use legitimate ways of sending out their spam and they sometimes make the spam appear to come from an innocent third party on purpose to thwart anyone's attempt at identifying them.
  4. NEVER click on a URL or e-mail a user that is found in the contents of the spam. The e-mail address may be used to track active e-mail accounts in order to add you to a new spam mailing. The link you click on, even though it may appear as just a normal URL, may send additional information to the spammer that connects the action back to your username. This could also get you on an active e-mail mailing list the spammers use to send more spam. For example, you may see this in your spam:

Please visit my website: www.commnet.edu

But when you click on the above link, you actually are sending this: http://www.commnet.edu/?from=yourname@commnet.edu. Try it, hold the mouse over the above link without clicking and look in the lower, left corner of your browser! You'll see that link you clicked on includes additional, hidden information.

Are there ways to prevent spam in the first place?

There are also ways to help curb the spam that makes it's way into your inbox to begin with.

Spammers use several techniques for "harvesting" e-mail addresses to compile their huge mailing lists. If you can avoid having your e-mail address harvested by a spammer, that's less spam in your inbox. Keep in mind the steps listed above under "What NOT to do about spam". Those tips are great ways to avoid being put on more spammer's mailing lists in addition to these:

  1. When you visit websites, don't jump at the chance to give them your e-mail address if they ask you to fill out a form. There are some websites out there that sell the names they collect to spammers. Think hard about whether you want that business to contact you and if the business is legitimate or not before giving them your e-mail address.
  2. Some websites you visit also include "opt-out" options on the form. Make sure you read the on-line form carefully! Some websites want you to SELECT a checkbox not to be included in their mailings, others want you to DESELECT a checkbox not to be included in their mailings.
  3. Normally, professional websites do not sell their lists to spammers and usually include "opt-out" options on their on-line forms. If you are doing personal surfing of the Internet, do not use your commnet.edu e-mail address. Sign up for a free, personal e-mail account such as yahoo.com or hotmail.com and use that e-mail address if you want to be sent information from a company or be put on their mailing list.
  4. Be aware of the dangers of using chat rooms and newsgroups. Many spammers "harvest" their e-mail addresses from people who post to newsgroups or use chat rooms. Use a free, personal e-mail account from yahoo.com or hotmail.com for these purposes. Another idea is to change your e-mail address to something that people can easily figure out but is difficult to automatically harvest, such as jschmoe@HIDESPAMcommnet.edu. Someone reading your post and wanting to respond to you can figure out that your real e-mail address is jschmoe@commnet.edu. Programs that automatically harvest e-mail addresses won't know that that's not your real e-mail address and that will be added to their spam list instead of your real e-mail address.
  5. If you have a personal web site that contains your personal information, use the same yahoo.com or hotmail.com e-mail account, not your primary business e-mail address as your contact information. Many spammers will scour Internet pages for e-mail addresses and use those to create their spam mailing lists.

What to do about spam: easy solutions.

  1. Anti-Spam software - CT Community Colleges has in place at the Internet gateway, an anti-spam solution. This will considerably reduce the spam you are sent to your inbox by quarantining email messages that the anti-spam filter believes is spam. You are then sent a daily End User Digest showing you what is in your spam quarantine.  In order to not falsely label a real email as a spam, the spam filter takes a conservative approach when classifying email as spam. This means that even with an anti-spam solution in place, spam can still make it's way into your inbox. Visit the CT Community College's anti-spam website for more information.
  2. Just delete the spam - Sometimes spam just goes away. This could be because you've followed the directions above in "What NOT to do about spam!" and have not replied to the spammer in any way. They may figure your e-mail address is not useful and your email address is no longer on their spam list.

Combining the tips in "What NOT to do about spam", deleting any spam you do get and following the suggestions below in "Are there ways to prevent spam in the first place?" are great ways to keep on top of spam. This will not guarantee that you won't get any spam; that's impossible. Spammers are out there and they want to get their ad in your inbox. These tips should help you not to increase the amount of spam you get.

What to do about spam: the not-so-easy solution.

If deleting or filtering spam is not an option for you either because you are offended by the spam and want to stop it or you are tired of the junk mail, then you do have other options. Be aware that these options do require a lot more work on your part.  Determining who to properly complain to and why you are complaining is a lot more difficult than just deleting or filtering the spam.

  1. Keep the spam and gather Internet headers - Once you choose to do something about the spam, do not delete the spam message. You'll need the full Internet headers in order to trace where it came from and you'll need to also include the body of the content in your complaint. Create a folder to keep the spam separated so that it doesn't clutter up your inbox.  

    This link contains the appropriate steps needed to get the Internet headers from some of the more common e-mail clients being used. If your e-mail client is not listed, send an e-mail to operator@commnet.edu requesting steps be added for your e-mail client in order to obtain Internet headers. Make sure you include the name and version of the e-mail client you are using.

     

  2. Determine who to complain to - Once you copy the Internet headers, forward the spam and the Internet headers (in the same e-mail) to abuse@commnet.edu.  NOTE: This service is provided only for CT Community College faculty and staff who receive spam in their commnet.edu e-mail account. Based on the Internet headers, we will help you determine who the appropriate people are to send your complaint to. Because Internet headers may be forged, it is sometimes difficult to determine who the appropriate person is to complain to without knowing what you are looking for and how to determine what is forged and what is real. We'll take a look at the headers for you and reply with a list of the appropriate people you can send your complaint to.   

    NOTE: Please do not flood this e-mail address with every spam you receive, use this service only for spam that you will be following through to the end. If you wish to complain to a lot of spam, then it may be reasonable for you learn how to read Internet headers yourself. There are a lot of resources out there to help you learn this. You can request this information by sending a note to security@commnet.edu.

    NOTE: If you've already deleted the spam, nothing can be done about it. When complaining to someone about spam, do not just send the content of the spam. The useful information is not included when you forward the content. You must get the full Internet headers before anything can be done to trace the true source of the spam. Most administrators will disregard the complaint if it does not contain full Internet headers.

     

  3. Send complaints - Once you have the list of who to complain to, you'll need to send complaints to those people. Here are some resources you'll need:

Additional Spam references:

http://www.junkbusters.com/

http://www.cauce.org/index.phtml

http://spam.abuse.net/spam

    © Copyright Connecticut Community Colleges 61 Woodland Street Hartford, CT 06105 860-244-7600