Email Spamming

by Clevin Wong

What is "spam"?

"Spam" can be regarded as a synonym of "junk mail". It refers to unsolicited commercial email (UCE) and unsolicited bulk email (UBE). Email spam is an annoying problem faced by most of the email users on the Internet. No one wants his/her mailbox fills up with unwanted messages. However, spam spreads everywhere on the Internet nowadays, we get it almost every day and the condition is getting worse.

Senders of spam are known as "spammers". They send spam to advertise products/services and recruit victims for scams. The following are some common examples of spam:

  • "Get rich quick" or "make money fast" schemes
  • Foreign bank scams or advance fee fraud schemes
  • Pyramid schemes, including multilevel marketing
  • Offers of mortgage loans
  • Offers of credit reparation
  • Offers of software or service for collecting email addresses and sending spam
  • Scams on health products and remedies
  • Offers of illegally pirated software
  • Chain letters
  • Pornographic materials
  • Unsolicited political materials
  • Others types of unsolicited commercial advertisements


How can spammers get my email address?

It is really an unhappy experience to find your mailbox filled up with spam. Most victims of spam will ask "how can spammers get my email address?" Spammers collect email addresses in many ways. For example, they regularly use some search engines to harvest email addresses automatically from web pages, newsgroups, bulletin boards, directory services ... on the Internet. They may generate random sequences of characters, hoping to match a few valid addresses. They can buy email addresses from other spammers. Moreover, sometimes people may be required to submit their email addresses on the Internet (e.g. before downloading some software), and these addresses may be released to unknown persons.

In order to avoid spamming, you are advised to safeguard your email address. For example, you should not disclose your email address when filling questionnaires from unknown organizations.


What should I do when I receive spam?

First of all, you should never buy/use/enquire any products and services advertised in the spam. Otherwise, you will encourage more spamming and you may become one of the victims for scams (please refer to http://www.ftc.gov/bcp/conline/pubs/alerts/doznalrt.htm for the most common scams in spam).

You should not open any files attached with the spam, because these files may contain computer virus or indecent material. You should avoid clicking any links (including the "click here to unsubscribe" links) or pictures in the spam, because spammers may use these links to verify that your email address is active. You should not send replies or "remove me" messages to the spammers because this will also inform them your email address is active. Once they know your email address is active, they may send more spam to you and give your address to other spammers.

Besides deleting the spam manually, you can set up client-side email filters in your email clients to file/delete the spam mail automatically (please refer to http://email.cityu.edu.hk/faq/filteremail.htm for the detailed procedure). Moreover, you can directly complain to the site administrator if you know the actual originating site of the spam. Or, you can report the case to CSC using the email address spamrpt@cityu.edu.hk.


What has CSC done to reduce spam?

Up to now, there is no perfect solution to completely stop all spam. The following are some of the major difficulties:

  • The sender address of the spam may be fictitious. Spammers can fake any sender addresses.
     
  • Spammers can employ the "hit and run" strategy. They create ac-hoc accounts solely for sending spam and send the spam from different network locations.
     
  • Some Internet Service Providers do not response to complaints of spamming from their customers.
     
  • Automatic identification of spam mail is complex and difficult. Unlike virus scanning that can use exact pattern matching; there is no exact pattern for spam. Moreover, in order to avoid being identified as spam, spammers may use special software to disguise the spam by sophisticated techniques: generating spam with dynamic subjects and contents; using non-English character set; misspelling some keywords by intention; displaying the messages as graphics; scrambling the message source with HTML comments ... etc.
In order to reduce spam, the Computing Services Centre (CSC) has implemented the following mechanisms:
  • All our email servers have installed with anti-relaying control to prevent them from being used by non-CityU machines for sending spam.
     
  • We have made use of the some well-known public databases to block email connections from black-listed spamming sites.
     
  • We have implemented control scheme to detect spam automatically by traffic volume. The sender sites will be blocked automatically once the predefined volume threshold is exceeded.
     
  • Sometimes the spam may come with virus-infected attachments. To protect our users, we have installed virus-scanners on the mail servers to scan all email messages automatically.
     
  • We have created a special email account spamrpt@cityu.edu.hk to receive spam reports from our users. Mailing sources that are frequently found sending spam will be blocked.
     
  • We have developed a web-interface for users to setup their server-side mail filters. Server-side filters are usually more efficient than client-side filters. A pilot-run of this utility will be launched in the near future.

Besides the above, we are evaluating different hardware and software technologies on anti-spamming. We also keep on exploring more effective ways of dealing with spam including experience sharing among experts in this field and in academic institutes.