Please enable javascript to view this page in its intended format.

Queen's University
 

What is spam?


Last Updated: March 28, 2002


Unsolicited advertising e-mail, referred to as "spam" in Internet jargon, is a significant nuisance to many organizations with Internet e-mail service. Spam typically offers some dubious product or service, like a get rich quick scheme, phone sex, or fantastic health remedies. Spam senders spend relatively little to distribute their messages, leaving most of the time and resource burden on receivers and carriers.


Where did it come from?


The From: address rarely indicates the true sender and is essentially useless in tracing the source or complaining about the message. Most times a throw-away Internet account or an invented address is used. There are message heading lines, normally not displayed to you, which contain details that may indicate a source.


How did they get my address?


Email spam targets individual users with direct mail messages. Address lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching Web pages for addresses. Despite claims that you were specially selected to receive the mailing, it is unlikely that you were personally targeted.


Why is my address not on the message?

Special "bulk e-mail" programs are often used to distribute spam. Your address was used on the message "envelope" to have it delivered to your mailbox, but does not need to appear on the message "contents" -- just like a form letter.


What can be done about it?

Spam is a behavioural problem, and is about as easy to counteract with technical methods as littering. ITS systems staff continue to look for good mechanisms (after all, spam annoys them too!), but do not believe there is a "silver bullet" answer out there.

In March 2000 we began using DNSBLs (see: http://en.wikipedia.org/wiki/Dnsbl for details). These databases list Internet addresses of systems that are known spam origins, that have been used by spammers to route their mail, and dial-up ports that have no legitimate reason to be sending mail directly to us in the first place. Mail from addresses listed in these databases will be refused.

No tool is perfect. Not all spam will be blocked, and it is possible that legitimate mail will be refused along with spam -- for example, if a particular Internet Service Provider (ISP) is a known spam source, all mail to Queen's -- spam or not -- will be blocked. We will ensure, however, that all mail that is blocked will return an error message to the sender. This message will describe why mail was refused and will point to documentation that the sender can use to understand why his mail was blocked and how to fix the situation.

We do not believe that this will be a common situation, but if you have correspondents that suddenly cannot send mail to Queen's, they should look in their returned mail for error messages similar to:

Mail from 202.96.240.8 rejected;see http://mail-abuse.org/rss/

They should read the Web page in question and show the error message to their system administrator, support person, or ISP. It has information about how to fix the mail system and get removed from the database.

There are several options available directly to recipients.


Option 1: Ignore it.

It gets pretty easy to spot after you have seen a bit. Just delete the message, and don't let yourself get drawn into reading it or fretting about it. Unless you are getting ten or more a day, this is really the most effective solution.

Option 2: Send a complaint to the Internet service used by the sender.

Many Internet services have acceptable use policies which forbid sending of bulk, unsolicited, advertising e-mail. Do not expect to see much effect from a complaint, however. Spam senders often use throwaway accounts, and just go get another when one is cut off.

The difficult part is determining the place to direct complaints. From: addresses are almost never the actual sender, to divert complaints. The Received: lines in the header of the message have to be examined closely to determine the submission point. E-mail programs such as Eudora and Pine do not normally display these lines. In Eudora you have to click on the "Blah Blah Blah" button to see them. In Pine you use the 'H' key, but you have to change a Setup option called "enable-full-header-cmd" to make it work. In Queen's Web Mail, click the "Headers" option in the "View Style" block at the bottom of the message page, and then click the Update button. For other mail programs, see the instructions provided at SpamCop. Details on what to do from this point can found at

http://spam.abuse.net/userhelp/howtocomplain.shtml
SpamCop offers a free service to build and send complaints.
Option 3: Use a filter.

Several e-mail programs have ways for building filters that automatically file or discard mail. Eudora has one, but it really is only good for simple cases. Another commonly mentioned is procmail, but it is complicated to use even if you know a lot about Unix. Some other drawbacks:

  • You have to be careful not to discard "legitimate" mail.
  • It takes a lot of work to build a filter and keep it effective. Spammers are always trying new tricks to get their messages through.


For some details on procmail filters, see


http://spam.abuse.net/userhelp/


What about the "Remove List"?


The "Remove Lists" are widely regarded as just as much of a hoax as many of the spam claims. Try them if you like, but don't expect the number of spams you receive to decrease. It is possible that a remove list was set up to collect addresses of people who actually read spams, for use in future spams.


Chain Letters, "Good Times" and Other Hoaxes


You may receive chain letters claiming dire consquences if you don't forward a message to your friends. These are pranks intended to waste the time and resources of as many people as possible. The Computer Incident Advisory Capability at Lawrence Livermore Laboratories publishes good advice on how to recognize Chain Letters and Internet Hoaxes.


Nigerian Bank, and variations


This is a scam which has been around for years, promising to share part of a large sum of money if you will send your bank account information. Be skeptical of letters from strangers where urgency and secrecy are key elements. For more advice, see the RCMP's Nigerian Letter Scam site. As of sping 2002, the Nigerian government also has an information site.


Viruses Through Email


Although not precisely Spam, there has been a recent proliferation of Email viruses being sent around. ITServices has attempted to increase the level of protection for computer users by putting some filtering mechanisms in place. Many of these email viruses play on the trust and curiosity of their targets and exploit Windows system configurations. They come in the guise of small video games, screensavers, and so forth. When the victim opens the received attachment, the virus quietly and automatically infects the machine.


In order to prevent this, the email systems operated by ITServices have been changed to extend the list of filetypes on attachments that are renamed (list at the end) by adding a ".txt" extension. This prevents the file from executing automatically and infecting the machine. This filtering is not a complete protection for your computer. It is vital that you are running the most recent update of your virus scanner.  Ida currently distribute Symantec Endpoint Protection (SEP) free to all Queen's users and new virus definitions are available at the end of every week.


For more information on viruses and protecting your computer from them, please see the Protect Yourself pages.


Undeliverable Mail that I didn't send!


In the spring of 2001 a new variation on Spam began arriving. Messages were being sent by people outside the University with Queen's addresses in the From: line. All the delivery error messages, and some complaints, unfortunately come back to the innocent victim here.


Further reading


Feedback


Suggestions for improving this note are welcome. Send e-mail to Andy Hooper in Information Technology Services at


Kingston, Ontario, Canada K7L 3N6 613.533.2000