 |
home | |
search | |
faq | |
contact | |
|
|
|
|
|||||||||
|
||||||||||||
|
|
|||||||||||
|
|
|
||||||||||
 |
 |
|
|||
            
Global Technology Office
|
|
Spam Control at CCCBy Russ LichtIntroduction The leadership of Campus Crusade for Christ recognizes that unsolicited email from sources outside our organization is consuming larger and larger amounts of resources and employee work time, and is exposing people to offensive language and pictures. SPAM Defined A broad definition of spam is any email from a sender you do not know and who should not have a copy of your email address. Spam also includes unwanted solicitation or advertising via email from senders who got your address from you directly or indirectly but are using it in a way you did not intend. Alarming Trends By September 2002 the volume of spam on the Internet had risen 500% from the previous year. Whereas many estimates in 2001 placed spam volume at 5 – 10% of all email, current 2002 measurements record spam volume reaching between 30% and 50% of all message traffic. Some experts predict that by the end of 2003, spam may account for the majority of all email traffic. Another alarming trend is the presence of pictures in HTML formatted spam and obscene subject lines. Pictures consume much larger amounts of computer resources than text-based messages, and are also used to expose innocent people to pornographic images. The subject lines alone are often descriptive enough to be very offensive. HTML email also affords unscrupulous spammers the opportunity to run scripted programs on your computer via the email preview pane. To make matters worse, clicking on one of the links can subscribe a person to even more spam lists, change your web browser home page to a pornographic site, and cause a flood of banner ads to pop up on your computer screen. Dangers Pornography and gambling can be just as addictive as narcotics. Personal involvement in either can damage personal relationships, destroy families and discredit a ministry. If viewing an add for online gambling or seeing a pornographic image causes someone to fall into a destructive behavior pattern then spam has become more than a nuisance, it has become dangerous! How do spammers get my email address? Buying Many sites ask for your email address to register as a user of that site, and then sell their collection of email addresses. Spam buyers don't care if the clients never intended for their email addresses to be used by an outside company. They buy your address, use it, and probably sell it off again. Harvesting Web Pages Simple little 'bots’ or ‘spiders’ that look for anything in the form of an email address (e.g. johndoe@example.com) or mailto: URL. Harvesting Newsgroups Similar to web page harvesting, automatic programs that look for anything in the form of an email address in newsgroups. Social Engineering Greeting cards sites that collect your name from a friend of yours and then keep it or sell it to spammers. Guessing If there is a johndoe at example.com maybe there is another johndoe at acme.com. The next step, to verify the address, is to send a blank or innocuous message from an anonymous sender to see if the guessed address gets delivered. Theft NOTE: Many a spouse has wondered if their mate had been visiting illicit web sites just because spam started showing up in their email box. This is rarely, if ever, the cause of spam. Illicit sites for porn and gambling thrive on credit card numbers not email addresses. They know that anonymity and money, not addresses are what drives their business. Please be assured that receiving spam does not imply guilt! Tips for Protecting Your Email Address from Spammers
NOTE: It is OK to use the “unsubscribe” address listed at the end of messages for email lists that you have asked to be added to. CCC maintains many such lists as an excellent tool for collaboration between people working on similar things in different locations. Email list servers do not fit the definition of spam since people usually have to request to be added to a list. However, if not properly protected they can be exploited as a source of email addresses for spammers. Responsibility & Response Campus Crusade for Christ recognizes two important facts. First of all we must try to diminish the flood of spam entering our corporate email systems. Secondly, no measure will be foolproof at preventing all spam, but not accidentally blocking legitimate email message traffic. Therefore we strongly recommend the additional use of spam filter software by individuals on their personal computers. In fact, since our ministry involves reaching out to people who may be struggling with pornography, gambling, homosexuality and a variety of other behaviors, it is not desirable to try and block email based solely on the words used in the messages. Only the most blatant examples of spam can be blocked at our corporate email servers. End users must be the finally judge of what messages they do or do not want to see. Email filter software that allows that choice without displaying offensive graphic content is available and should be used. Recommendations Any software products mentioned in this article only reflect what could be found at the time of the writing. While some techniques for blocking spam may remain valid, the effectiveness of any one product as compared to it competitors will certainly change as this is a rapidly evolving field of technology. Likewise, spammers work hard to defeat whatever measures stand in their way. Email Filters for Individual Computers IhateSpamby Sunbelt Software (See http://www.sunbelt-software.com/product.cfm?id=930) Spamnet by Cloudmark (See http://www.cloudmark.com/) SpamAssassin by Deersoft (See http://www.spamassassin.org/index.html) Email Filters for CCC Email Servers First, a word about techniques for blocking spam. Early in the war against spam, some people began compiling lists of Internet addresses that they deemed to be possible sources of spam. These ‘blacklist’ owners became emboldened by their early successes and turned into Internet vigilantes who exercised power without accountability. Many legitimate addresses were subsequently blacklisted including ccci.org. For this reason, we don’t recommend the use of blacklists for blocking email unless someone is assigned the task of scanning all blocked mail for possible ‘false positives’. Having someone sift through all the garbage looking for something accidentally discarded is not a very healthy job, so make sure to think carefully about this option. Software companies have recently recognized that they could employ techniques similar to software virus filtering to also stop spam. They have developed spam signature databases that are constantly updated not only by the software provider, but also by users who submit examples of spam as it reaches them. In virus prevention, heuristics is a term used to describe looking for virus-like behavior when trying to identify a new threat not listed in the signature database yet. Looking for spam-like characteristics is a similar process. However, unlike virus checking software, spam filters have evolved to allow the administrator to fine tune what the filter considers to be ‘spam-like’. This process is often referred to as ‘developing intelligent rule sets.’ At present, two products that do a good job of compiling intelligent rules sets and spam signature databases for use on email servers are: SurfControl by SurfControl (See http://www.surfcontrol.com/) Personal Accountability It is important to note that none of the technology solutions mentioned here are a substitute for having a personal accountability partner. If someone struggles with recurring sin it is important for them to form a bond with a fellow believer who does not share the same struggle and who can pray for and hold the other accountable for their actions through regular personal meetings. Technology Aided Accountability There are, however, technology solutions that can help provide mutual accountability by recording a log of one’s Internet activity for review by a trusted friend. Covenant Eyes (www.covenanteyes.org) is one such solution.
Appendix A: For Those Truly Determined To Defeat SPAM (By I personally tend to be very paranoid about both security and privacy, hence I follow certain procedures that protect me against both virii and spam. As a result I actually only receive about one or two pieces of spam per month! Yes, you read correctly. 1. At websites I give out my email address EXCEEDINGLY sparingly, and NEVER without first checking the site's privacy policy. A few exceptions are organizations that I already trust, like CCCI or FOTF or BGEA, etc. You get the picture. 2. I use the Opera browser, since both IE and Netscape have numerous security holes that can leak your personal data -- including email address -- to a cleverly crafted website that takes advantage of multiple vulnerabilies to steal that information. Also, I never fill in the default information in ANY browser, so there's nothing to steal. 3. I NEVER use the Outlook preview window. Disabling this prevents any unauthorized attachments -- both spyware and virii -- from running. 4. I look at any suspect mail offline, since reading an HTML-formatted note with non-embedded graphics online immediately notifies that sender that he's "hooked a live one". This is more important than most people ever realize, since I believe a 5. I maintain my address book outside of Outlook, so there are no 3rd-party email addresses to steal there. Yes, it's a bit of a pain, but I feel the security is worth it. 6. I set security to HIGH in Outlook and disable scripts from running. |
|
|
|
 |
home · about us · from the cto · web marketing · security · tntmpd · global connexion · eministry · knowledge center · stories · opportunity · contact
|
