|
|
|
|
SPAM – Unsolicited Emails
1.0 Introduction
It is unlikely that you have not heard of SPAM and if you use your email address when registering for products, on newsgroups or forums and discussion boards or have a catch-all email address set up for your domain it is likely you have been a victim of SPAM.
My company, Positive-Change Creations Ltd runs a busy mail server for our clients and have used various strategies to tackle the many thousands of SPAM emails we receive each day and have advised both end users and corporate companies on how to deal with the costly problem of SPAM.
I have written this article to help both end users and administrators of email systems to understand some of the issues and present some solutions that have worked for us.
I have linked to various publicly available documents to explain concepts in more detail or to provide further reading around the subject.
2.0 What is SPAM and why does it exist?
SPAM is another word for unsolicited emails or junk mail. This means emails that are sent without the permission of the recipient and are usually sent on mass to thousands or even millions of users.
The reason SPAM exists is because companies or other organisations (including criminal ones) want to target people in a very cheap way. This may be to sell products or to entice users to a website or to trick the user into doing something they don’t want to do.
It has been suggested SPAM is also a tool for terrorism as SPAM costs the economy an estimated $US50 billion worldwide.
Source:
Information Week
MX Logic - PDF
3.0 Why do I care if I get SPAM or not?
If you are not sure of the answer to this question then most likely you don’t get many SPAM emails or you have the patience of a Buddhist Monk or perhaps you have not yet calculated the cost of SPAM to your organisation.
3.1 Cost of SPAM
SPAM costs money both in hardware and software as well as the recipient’s time in deleting the emails.
3.1.1 Hardware
Running a busy mail server requires that the hardware is fast enough to process all of the emails that are coming through the server as well as the mail server software. The more emails that come through the system the more powerful the hardware has to be and hence the more the cost.
Even if you do not run your email server yourself, the cost of the service provided to you will most likely have gone up due to SPAM.
3.1.2 Software
At Positive Change Creations we have just upgraded our email servers and SPAM filters (which is what prompted me to write this article). This was an expensive software cost as well as engineer cost to install, configure and test the servers.
We recommend to all of our clients that they have SPAM filtering software on their PC’s as well as server side filtering. There are various different spftware solutions for end users, some are detailed here:
E-Trust Anti SPAM:
Amazon Link to E-Trust Anti Spam Software
Nortons Anti-SPAM
Amazon Link to Norton's Anti Spam Software
Mcafee
Amazon Link to Mcafee Anti Spam Software
3.1.3 Staff time
There are many calculators on the internet for calculating the cost of SPAM and I have included a few links to some of the more exotic ones, however it is quite a simple calculation.
Cost = Number of SPAM emails X Average Time taken to read or Delete X Average Hourly Rate of Staff
An example would be (with no SPAM filters):
80 SPAM emails a day X 10 seconds per email = 800 seconds / Day
An average of 242 working days in the year (based on bank holidays and 4 weeks holiday)
800 seconds X 242 days = 193600 seconds or 53.7 Hours (Over 7 work days)
53.7 Hours X £20 / hour = £1075.55 per year per employee.
This does not account for heat, light and electricity or depreciation of computers etc while staff are engaged in managing their inboxes.
List of Calculators
http://www.mxlogic.com/resources/spam_calculator/
http://www.tmisnet.com/~strads/spam/costcalc.html
4.0 The global impact of SPAM and other statistics
- The total global cost of SPAM is estimated at $US 50 Billion
- Estimated 346 Billion SPAM emails sent worldwide each year
- 70% of all Internet email traffic is SPAM
Sources:
Ferris
Information Week
MX Logix - PDF
Tech Republic
If you are interested in the exact cost of SPAM nationally and globally I would recommend downloading the PDF and excel spreadsheet from Ferris from the link above.
5.0 What can I do about SPAM?
There are several steps that you can take to reduce the amount of SPAM you receive.
5.1 Administrators
The mail server administrator can install anti-SPAM software on the server to filter out emails before they get to the user’s inboxes. This will reduce the amount of email and internet traffic from the mail server to the end users computer.
This will also benefit the users by decreasing their download time when collecting their emails especially if they are still using a dial up or more frequently now mobile technology.
Another good idea is to remove the ‘Catch All’ addresses to domains. See below.
Make sure all anti-virus patches are up to date to ensure end users do not have SPAM sending software on their machines.
5.2 Recipients
Recipients can install their own SPAM filtering software (see above). This software automatically filters out SPAM or Junk email and can put the emails into a Junk folder for later review or deletion. The latest version of Outlook comes with a SPAM filter built in.
It is also a good idea have two email addresses, one you use for your main email account and another you use for buying things or publishing on the web. I have set up a hotmail account for this purpose which is constantly full of SPAM but I never expect this account to receive any useful emails. I scan through the mails once a week and delete everything in one bulk delete.
Never reply or click on a link from a SPAM email. This will most likely tell the person who sent the SPAM that you have a valid email and you will receive much more SPAM. Either delete the SPAM or mark it as SPAM so that your filter can use it to clarify what you consider SPAM - see Bayesian Filtering below.
Removing ‘Catch All’ addresses will also reduce SPAM.
Install anti-virus protection with the latest updates to ensure your computer is not being used to send SPAM or important data onto the internet
5.3 Senders
Don’t send bulk emails with all the recipients in the To: or CC: Fields. Put the email addresses in the BCC field. If the email gets forwarded onto to other people and eventually finds its way to an email harvester then all the addresses in the CC or To Fields will be added to the SPAM database.
Publishing email addresses on your website and other sites
Sometimes it is necessary to put your email on the web. An increasingly popular way of preventing SPAM harvesters from reading your email and adding it to their database is to add a space or other character into the email address and telling readers to delete the character manually.
5.4 What are others doing about SPAM?
Some service providers are proposing charging for emails, hoping to increase the cost of SPAM emails until they are not worth sending.
Source:
http://news.bbc.co.uk/1/hi/technology/4684942.stm
5.5 Further Reading on SPAM prevention
http://en.wikipedia.org/wiki/Stopping_e-mail_abuse
6.0 Catch All Email Addresses
A ‘Catch All’ email address is an email account that can receive emails from anything@yourdomain.com. It is an account that receives all emails sent to your domain that don’t have a specific account. So if my email is simon@positive-change.co.uk and someone sends an email to simonclark@positive-change.co.uk, the email will be received by the catchall account.
6.1 Why is a ‘Catch All’ account a good idea?
A ‘Catch All’ account can help when your valid customers misspell your email address or if they are not sure what your actual email address is but they know your website address.
6.2 Why is a ‘Catch All’ account a bad idea?
’Catch All’ accounts are targeted by spammers who don’t know your actual email address but have your domain in their dictionary. They send emails to addresses such as sales@positive-change.co.uk or bob@positive-change.co.uk in the hope that either you have a ‘Catch All’ or they get a genuine email account.
6.3 Conclusion on ‘Catch All’ Accounts
The benefits of a ‘Catch All’ are now very small, with most customers or clients either knowing your email address because it is in their personal address book or clients who are clicking on a link on your website. The volume of SPAM that ‘Catch All’ accounts receive in our opinion is not worth the time it takes to sort out the SPAM from ay occasional good email.
If a user does send an email to an account that does not exist due to spelling mistakes or not knowing the correct account, the email will be bounced back to the sender and they will know you have not received it. They are more likely to phone or visit the website for the correct address.
7.0 How SPAM filters work
The difficulty in detecting SPAM comes because what one person might consider SPAM another person may consider a valid email. If SPAM filters are too aggressive genuine emails may be stopped and business could be lost.
Most SPAM filters have to be trained. This means that the organization or individuals have to tell the filter what they consider to be good or bad emails. The filter looks through these emails and keywords the content.
Using a Bayesian Algorithm the filter then works out the probability whether any new emails are SPAM or not. The more test cases in the Good and Bad folders the more accurate the filters can be. This is why service providers such as hotmail and also Outlook have the function to ‘Mark as SPAM’. This adds the email to either the Good or Bad list.
You can find out more about Bayesian Filters Here:
http://en.wikipedia.org/wiki/Bayesian_filtering
8.0 Further Information
SPAM is not so tasty on the email menu
BBC article - Read More >>
Why one SPAM could cost $50
BBC Article - Read More >>
BBC used to entice cyber victims
BBC Article - Read More >>
China close to being top spammer
BBC Article - Read More >>
Spam's Cost To Business Escalates
Washington Post Article - Read More >>
Wikipedia’s definition of SPAM emails
Wikipedia - Read More >>
Article written by: Simon Clark MCP,MBCS, Director of Positive Change Creations Ltd
Positive Change Creations Website
Back to top
|
