Arizona Law Office Computer Support Newsletter - draft template2


Steve Henes Computer Support Presents
Arizona Law Office Computer Support
News and Reviews of items of interest to Law Offices
Phone (602) 957-4496
Fax:    (602) 957-4414

http://www.henes.net
stevehenes@henes.net



Click here to subscribe to this newsletter
Click here to unsubscribe from this newsletter

This issue is devoted to SPAM
Spam defined
Comment on the US Anti Spam Act
The world of spammers
How your address is obtained



My working definiton of SPAM is email received as a result of a mass mailing from a source that you'd rather not receive mass mailings from.  We will look at how your name gets onto spam lists, and what solutions are available for reducing or eliminating SPAM.



United States Anti-Spam Act
First I want you to be awareofhow much more spam you're getting now than you received just a year ago.

then I want to list a criticism of the US anti-spam act, as stated by an
international anti-spam organization in Britain:
"CAN-SPAM Act of 2003 (S.877/HR 2214) attempts to regulate rather than ban the practice of spamming. We believe this is a serious mistake and that CAN-SPAM will succeed only in increasing spam volumes and the numbers of spammers. Additionally, by signalling to the world that spamming is now legal in the USA, we believe that the United States is inviting a tsunami of spam from Asia. By requiring that American citizens read through and respond to every spam to 'opt-out' of ever-more mailings they did not opt-in to, we also believe that millions will find their addresses sold on as "people who read spams" and will find themselves endlessly on yet more lists. "
Many sources have commented on various weaknesses of the act, but suffice it to say that many SPAM friendly organizations (such as Microsoft) lobbied effectively to keep spam legal and enforcement weak.



A Brief look at the Spam Industry
The
August 2002 issue of PC World tells a story of how a young man, laid off from his dotcom job got started in the spam business.  He started a job recruiting site.  After trying to promote it he decided he could maybe do better making his company focused on internet promotion instead.   He began sending emails to people charging $300 to $400 for 1 million emails.   Very soon he was sending 50,000,000 emails a week   (that's at least $1500 per week).  Next he began selling email addresses ($129 for 15,000,000 names and addresses), then set up a site where spammers could exchange targeted addresses, and now has written and sells his own spamware that harvests email addresses and manages lists.  One site that provides a lot of spam tools is bulk email toronto where many of the advertised tools advertise how to continue sending bulk email (the euphamism for spam), that is entirely within the anti-spam laws of the United States.  One such site is Ariel Software, which boasts clients such as Microsoft and Citibank.  It's worth looking at their site, just to see the features they advertise.  Here's a site that offers a list of 20,000,000 email address and various promotional materials for $25, and here's a site offerring software to extract email addresses for targeted email campaigns for as little as $90.  Finally you may want to look at this site which offers a way to get popups to happen on people's computers.  This gets around any laws (in Europe, there essentially aren't any in the US) against SPAM. It claims to be able to popup messages on all W2000, XP or NT computers in the world not using a firewall.  It includes IP ranges to "target" your messages.  These sites are just a small sample of the many out there, serving the spam community.



How they get your address
Next I'll explain some of the ways these people can get your email address.  First, every email address listed on every commercial, nonprofit, or personal home page has been harvested.  Any site you go to and leave your email address has the potential to sell that address.  If you check the privacy policy of a website and it looks very user friendly, they have the right to change that policy later.  I've had a very large free financial and portfolio site (you've heard of it) site change their policy of not providing personally identifiable information, after I'd used it for several years.  Oops!  Some sites can get your email address just by your visiting them.  There's a lot of sites set up on the web for now other purpose.  Often the opt-out (cancel) option on spam emails is used to verify your email address for future spams.  Not a safe thing to click unless you're familiar with the email source. Internet Service Providers (ISP's) have been known to sell email addresses of their subscribers.  This is rare now, but in the past, there was a reason that AOL users got more spam than anyone else. These are the most common ways of  getting your email address, and taking precautions after getting a new email address can do a lot towards avoiding that address becoming a magnet for spam.  Once your email address is obtained,iithas the poential to be shared with lots of spammers in a very short time.

Finally, do you remember all those worms that get onto people's computers and send emails to everyone in that person's address book?   These people open an attachment that came from someone they know, and they become infected, and it goes to everyone in their address book.  There have been worms that instead of doing that, just send one email to a secure address. All the addresses in that address book are sent to one person to do with what they please.  All you have to do is be listed in someone else's address book to be vulnerable.  I once had someone send emails to every possible 2  letter combination on my domain to see which went through.  There were emails to
aa@henes.net, ab@henes.net, ac@henes.net through zz@henes.net.  I've set up filters to prevent that since then.



Small Office Solutions

First of all, spam control should be viewed as a security implementation that goes hand in hand with virus protection.  Many solutions to one include a solution to the other.  Because both virus and to a lesser extent spam problems exist (1) as a result of weaknesses in Microsoft products, and (2) because so many people write code specifically to expoit Microsoft productt security weaknesses — the single most effective thing that can be done to avoid problems is to avoid Microsoft software to whatever extent possible.