Oh, no - it's SPAM!

[There's been some spam getting through a e-mail list I *cough* host, by forging the addresses of subscribers. In an attempt to stop the riot of 'his computer got hacked' before it starts, I wrote this e-mail.]

Do not panic.

Wondering how spam can make it to the e-mail list? Then read on. Don't care? Then move along, nothing to see here.

Spammers collect addresses, then they both send e-mail to those addresses and use those addresses in the 'from' field. Just because spam appears to be from someone you know does not mean that the spammers 'took over' that person's computer - if fact, they probably didn't. Forging the 'from' e-mail address is incredibly easy, you can do it in most e-mail programs - and there's no verification that you own the address you send from.

Once a spammer has a list of addresses, they pick some to send e-mail to, and one to be the from address. So when you get an e-mail "from" your friend that is spam, don't think he's sending it, he could have just as possibly gotten the same spam appearing to be from you. Yeah, how's that feel.

So how do they get the lists of addresses? It could be spyware - malicious programs that are installed without your knowledge, along with other programs, or perhaps disguised as something else - sifting through the files on your computer, looking for e-mail addresses. If could be a less than reputable company, selling the addresses it has (customers, contact, etc.). It could be programs that search the internet for addresses on web pages.

Of course, it doesn't need to be *your* computer for your address to fall into a spammer's hands. If Aunt Matilda installs the latest cool screen saver from dontdownloadthis.com, and your address in on her computer (because you do keep in touch with Aunt Matilda, just not as much as you would like), it's now collected and more than likely sold to other spammers.

But Aunt Matilda is smarter than that, so there's nothing to worry about.

Until one day she forwards that extra funny e-mail she got (because she doesn't just forward anything, only the extra funny), and your address is on the to line right along with Matilda's friend Gertrude. Gertrude isn't too computer savvy, but now your address is only as safe as her actions. Scary.

Or maybe you send that extra funny e-mail to Aunt Matilda, and she just sent it to all her friends (because she doesn't forward to everyone, just her friends), but she left your address at the top of the e-mail, because that's how her e-mail client formats forwards. And now your address is only as safe as any one of Matilda's friend's computers.

Really scary.

Sigh. It's a tough life for our e-mail addresses.

The bottom line is this - other people control who has access to your e-mail address. So one day, the chances are, a spammer somewhere will find it.

But how does spam get on the e-mail list? The same way it gets to your inbox appearing to be from someone you know, or some company you know of. Some how the list e-mail address was found (an infected subscribers computer, an e-mail someone sent to the list and other recipients, a list e-mail that was forwarded to someone else) and spam was sent to it.

That isn't a big deal, in fact the list gets plenty of spam every day; however, when the spammers also have the address of someone subscribed to the list, and they make the e-mail appear to be from that address, the list allows the e-mail through.

If they send enough e-mails, sooner or later that right combination will happen. Discussion lists (as opposed to announcement or broadcast lists) are particularly hard to keep spam out of, because there are so many addresses (all the subscribers) that should be able to post.

Now before victory is declared for the spammers, there are other things the list can do to identify spam, and I'll try to implement some of that soon.

In addition, some of you are probably wondering why this e-mail has been sent because you're e-mail provider or e-mail client already filtered the spam that made it through to the list. Because your filters are just that good.

Tim Lytle [05/06/09 16:49:14] | 0 Comments | Stream