O'Reilly Hacks
oreilly.comO'Reilly NetworkSafari BookshelfConferences Sign In/My Account | View Cart   
Book List Learning Lab PDFs O'Reilly Gear Newsletters Press Room Jobs  


 
Buy the book!
Windows XP Hacks
By Preston Gralla
February 2005
More Info

HACK
#63
Slam That Spam
You don't have to be bedeviled by unwanted mail. Use this hack to kill as much as 90% (or much more, in my case) of your spam

Contributed by:

[09/03/03 | Discuss (5) | Link to this hack]

If you have certain body parts that you'd like enlarged, expect Nigerian strangers to shower several million dollars upon you, favor spending boatloads of money for semiworthless goods, and enjoy vile, pornographic come-ons littering your email box, then you're a spam lover.

Everyone else, like you and me, hates the stuff.

While there's no foolproof way of stopping all the spam that makes its way into your mailbox, I've found ways to block at least 90% of what I don't want headed my way. To get that effective a blocking rate, you'll need to use downloadable software; the antispam features built into Outlook and Outlook Express simply don't cut it. (However, if you're bent on trying to use Outlook and Outlook Express's antispam features, head to the end of this hack to learn how.)

There are two primary kinds of software you can use to block spam. One type sits between your email program and the mail servers where you pick up your email. It checks your mail, marks email that it considers spam, and then (depending on the program) lets you handle that spam in a variety of ways, such as automatically deleting it, letting you manually delete it, or marking it in a way that will alert your normal email program that it's spam—and letting the email program filter or kill the spam. In all cases, you'll be able to read the messages before they're deleted, if you want.

The other type of software integrates directly into Outlook or another email program and kills spam from directly within the program. I favor this kind, because it's a simpler, one-step process. But I've used both types, and both work well.

For the kind of spam killer that sits between your email program and your mail server, I suggest the free program MailWasher (http://www.mailwasher.net). It imports your existing email server account settings so that you don't have to set them up from scratch, and it lets you read and preview messages before deleting spam. I especially like its bounced mail feature; it will send a false "address not found" address to the sender so that it will appear your email doesn't exist. While not all spammers bother to clean up their list of addresses, there's at least the possibility this could lead to less spam ultimately coming into your mailbox. As with most spam killers, you can add addresses to a list of known spammers, though spammers so frequently spoof their addresses, this may or may not be of much help. You can also create filters with specified words or groups of words that MailWasher will look for in email, and if it finds them it will consider the message spam.

A more powerful, for-pay version of the program is available for $29.95. Its primary benefit is that it will check multiple email accounts for spam; the free version will check only one. If you need to check only a single account, stay with the free version.

One of the tricks that spammers use is to target a site and send a dictionary attack to many potential email accounts on a server. They will send to "bob", "nancy", etc., as well as "asmith", "bsmith", "csmith", etc. Most of the emails will bounce, but the spammer doesn't care. They encode the email in HTML with an embedded <IMG> tag. The tag has information encoded within it to uniquely identify the valid email addresses. For example, say cjones@mycompany.com gets an email in HTML format. Inside the email is:

<img src=83.48.123.74/img/jojo_jpg_cjones_mycompany_com.jpg>

The web server at 83.48.123.74 will load the image named jojo.jpg to an email in cjones' email program. When the user sees the advertisement for herbal Viagra or whatever, she will delete it. However, the damage has already been done. The spammer knows that cjones@mycompany.com exists because they know the image was downloaded. The user cjones will soon be getting more than just offers for herbal Viagra.

One way to prevent this type of attack is to turn off displaying HTML in emails. Unfortunately, there's no direct way to do this in Outlook, but there's a hack that will do the trick for you. When you're in your inbox, turn off Outlook's Preview Pane by choosing View → Preview Pane. (To restore the pane, choose View → Preview Pane again.) HTML email will grab pictures from web servers only when you've opened the mail or viewed it in the Preview Pane, so all you have to do is delete spam without opening it—by using spam killers as outlined earlier in this hack—and you'll be safe. In Outlook Express, you can do the same thing by choosing View → Layout and unchecking the box next to "show preview pane." You can also download a handy plugin for Outlook that will turn off HTML email, called NoHTML, at http://ntbugtraq.ntadvice.com/default.asp?pid=55&did=38.

TIP

In Eudora, this is done via Tools → Options → Display → uncheck "Automatically download HTML graphics" (this turns off the display of HTML email), Tools → Options → Display → uncheck "Allow executables in HTML content," and Tools → Options → Styled Text → check "Send plain text only" (this turns off the sending of HTML email, which is just a polite thing to do).

Peer-to-Peer Technology Fights Spam

I've tried quite a few Outlook add-in spam killers, and my favorite is SpamNet (http://www.cloudmark.com). I've found that it blocks well over 90% of the spam that I receive. It uses peer-to-peer technology to gather the collective intelligence of thousands of other email users in order to fight spam. When you install it, it creates a Spam folder in Outlook and routes any spam into that folder, where you can review it and then delete it. If you get spam that isn't automatically routed to the folder, you can mark it as spam. Not only is the mail then sent to the Spam folder, but SpamNet servers are also told that you consider that piece of mail spam. That information goes into a database, along with similar information from hundreds of thousands of other people who use the program. A variety of algorithms are used to determine what is spam and what isn't, and that's what ultimately blocks spam on everyone's system. It uses collective intelligence, which may be the ultimate spam killer.

You can also block and unblock messages as spam, so if mail is accidentally marked as spam it won't be blocked in the future. I've used the program for well over six months, and I've found that it increases in effectiveness over time. By now, I estimate that it blocks about 95% of spam, though that changes on a daily basis.

SpamNet runs as a small toolbar in Outlook, as shown in . A nice little touch is the message bar that tells you how much spam the program has blocked, how much time it's saved you, or how much spam it's blocked in a day. Depending on my mood, when I see the total amount of spam it's blocked, I'm either depressed that there's so much spam in the world or pleased at how much spam I've been able to avoid.

Figure 1. SpamNet running on the Outlook toolbar

When SpamNet was in its extended beta period, it was free, and beta users can continue to use the beta for free. But for Version 1.0 and above you'll have to pay $4.99 a month. That's admittedly a hefty price for a spam killer, considering that others are available for free. But if you get enough spam, you may consider it worth the money.

Slam Spam Before It Starts

The best way to fight spam is to make sure it never gets sent to your email box in the first place. So, how do you end up on spam lists? There are many ways, but the most common, according to a comprehensive study done by the Center for Democracy & Technology, is that your email address is harvested by spammers who use programs to automatically scan web pages and gather email addresses from them. Those addresses are then sold to other spammers, so you could end up on dozens of lists.

There might be many reasons why you need to have your email address on a public web site, so removing your address from sites might not be an option. However, there are ways to hide your address from spammers, even when it's in plain view.

One way used to be to spell out your email address—for example, post "preston at gralla dot com" instead of preston@gralla.com. Automated harvesting programs won't be able to grab your address that way.

At least you used to be able to use that trick. Some spammers have figured it out by now. My new favorite trick is to use a bit of inline JavaScript to generate your email address at page load time. Harvester bots see a <script> tag, but users see bob@bob.com.

<script type="text/javascript" language="javascript">
<!--
    {     document.write(String.
fromCharCode(60,97,32,104,114,101,102,61,34,109,97,105,108,116,111,58,98,111
,98,64,98,111,98,46,99,111,109,34,62,98,111,98,64,98,111,98,46,99,111,109,60
,47,97,62))
     }
//-->
</script>
<noscript>
<a href = "mailto:%62%6F%62%40%62%6F%62%2E%63%6F%6D">email me</a> 
</noscript>

I got the JavaScript generator from http://www.u.arizona.edu/~trw/spam/spam.htm. You feed it your email address, and it generates the javascript.

Another solution is to use HTML characters for your address rather than plain text characters. That way, a person who visits the page can see the email address, since HTML translates the underlying code into a readable address, but an automated harvester won't be able to read it. To use HTML characters, you need to use the ANSI characters and precede each character with &#. Separate each HTML character by a ; and leave no spaces between characters. For example, in HTML, the preston@gralla.com address is:

&#112;&#114;&#101;&#115;&#116;&#111;&#110;&#64;&#103;&#114;&#97;&#108;&#108;&#97;&#46;&#099;&#111;&#109

Keep in mind, though, that if you use HTML characters to spell out your email address, you won't be able to put automated HTML "MailTo" links; that requires the text to actually be spelled out rather than using HTML characters.

lists the common ANSI codes you'll need for most email addresses.

Table 1. Common ANSI codes

A

65

J

74

S

83

b

98

B

66

K

75

T

84

c

99

C

67

L

76

U

85

d

100

D

68

M

77

V

86

e

101

E

69

N

78

W

87

f

102

F

70

O

79

X

88

g

103

G

71

P

80

Y

89

h

104

H

72

Q

81

Z

90

i

105

I

73

R

82

a

97

j

106

k

107

r

114

y

121

3

51

l

108

s

115

z

122

4

52

m

109

t

116

@

64

5

53

n

110

u

117

.

46

6

54

o

111

v

118

0

48

7

55

p

112

w

119

1

49

8

56

q

113

x

120

2

50

9

57

For a more comprehensive list of ANSI codes and special HTML characters, go to http://www.alanwood.net/demos/ansi.html.

There are several other things you can do to keep your address out of spammer's hands. When registering at a site, always read the fine print to see whether you're also signing up to get unsolicited mail. I also suggest using multiple email addresses, including those from free mail services like HotMail and Yahoo, and to use those addresses when registering at sites. That way, any spam will be sent to them rather than your normal mail address.

Viewing Mail Header Information in Outlook and Outlook Express

As a general rule, spammers spoof their email addresses so that you won't be able to find them. However, not all do, and if you examine email header information you may be able to trace spam to its source. Once you find the originating mail server, you can send a message to the ISP's administrator, asking to block mail from the sender. It might not always work, but it's worth a try.

The problem for Outlook and Outlook Express users is that those programs don't show mail header information—information such as the original sender of the message, the original mail server, and relay information in your messages. However, there is a way to view it.

In Outlook, right-click on the message whose header you want to view, and choose Options. Header information appears at the bottom of the screen, as shown in . You can scroll through it and copy and paste from it. You can also view this information if you're reading a message, by choosing View → Options.

Note that if you use logic when trying to view header information in Outlook, it won't work. If you choose View → Message Header, for example, you won't see your header information. Instead, that option toggles the To:, cc:, and Subject: lines on and off.

Figure 2. Header information in Outlook

In Outlook Express, right-click on a message, choose Properties → Details, and you'll see header information, as shown in .

Figure 3. Displaying header information in Outlook Express

See also:

  • The Center for Democracy and Technology's report on
    how spam is generated and how to avoid it, at
    http://www.cdt.org/speech/spam/030319spamreport.shtml.

  • SpamPal (http://www.spampal.org) is a free spam
    fighter that marks email as spam before it gets to your email
    program. You then use your email program's filters
    to filter out the resulting spam.

  • An excellent resource for news and information about spam, and what
    you can do to stamp it out, can be found at
    http://spam.abuse.net.



O'Reilly Home | Privacy Policy

© 2007 O'Reilly Media, Inc.
Website: | Customer Service: | Book issues:

All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.