Do you remember what life was like before spam? When I got my first e-mail account, I used to get so excited when friends sent me e-mail but now it's not so fun. I have one or two friends who like to forward those superstitious "fill in this very personal questionnaire, forward it to 10 of your closest friends (with their e-mail addresses for all to see), and you will be guaranteed to win this week's lottery" chain messages. It's no wonder I'm in every spammer's little black book.
In addition to the anti-spam technologies that we deploy, we need to educate our users - like my superstitious friends - to be spam aware. But how do we do that, and what are the other effective technologies and techniques for killing spam in the enterprise? What can we do to ensure that e-mail is once again an effective and convenient communication mechanism, rather than a transport for junk?
I was thinking of how I could educate my friends about some of the tricks that spammers use, and so I hunted around the Web sites of some of the security vendors for help. Surprisingly, I could only find a few that provided educational material; many were focused on selling their products. The educational advice I did find was very useful (thanks to Sophos and Eblocs.com).
Below you'll find some of that advice, which you may want to pass on to your users:
- Never make a purchase from an unsolicited e-mail. “If spamming weren't economically viable, it would be obsolete," Sophos says. E-mail users could fall prey to a potentially fraudulent sales scheme and their e-mail addresses could be sold to spammers.
- Never respond to any spam messages or click on any links in the message. Replying to any spam message, even to “unsubscribe” or be “removed” from the e-mail list only confirms your e-mail address to the spammer. Also, it is pointless flaming the spammer as their return address could be invalid.
- When sending e-mail messages to a large number of recipients, use the blind copy (BCC) field to conceal their e-mail address.
- Sending e-mail where all recipient addresses are "exposed" in the "To" field makes it vulnerable to harvesting by a spammer's traps. Perhaps my friends could use this BCC option if they must
send those e-mails to feed their superstition.
- Never provide your e-mail address on Web sites, newsgroup lists or other online public forums. Many spammers use “Web bots” that automatically surf the Internet to harvest e-mail addresses from such outlets.
- Do not click “yes” when an Active X dialog box keeps popping up unless you know exactly what you're downloading. Active X allows users to enhance Web pages with sophisticated formatting features and animation, but they also represent serious security risks, Eblocs.com says. They keep popping up and prevent the user from going any further on a Web site. The dialog box insists that "yes" is clicked and an application downloaded. This application could be spyware, adware or Trojan horses.
- Clear out cookies and other tracking data on your computer.
- Use disposable e-mail accounts when filling out forms online.
- Don't enter any sweepstakes or contests online. Most of them capture your personal information and sell it to third-party vendors, Eblocs.com says.
- Don't fill out any Web forms asking for your Social Security Number, driver's license, e-mail passwords, bank account information, or your mother's maiden name.