Whitelists are quite possibly the single most effective form of spam protection available on the market today. They are as close as you can get to totally eliminating spam from your inbox.

A whitelist is a database of trusted email addresses, IP addresses and domains. To build the list, each one of these trusted sources is manually added to the whitelist. Only email from a whitelisted source is delivered to the user’s inbox. In fact, whitelists are so effective, that the catch-rate for spam is almost 100%.

However, the efficiency of whitelists comes at a price, because it produces a large number of false positives. This means that a lot of legitimate email goes undelivered. To deal with this problem, a challenge-response technique is often instituted.

When an email from an unknown source is received, the system will respond automatically, sending a “challenge” back to the sender. This challenge may require the sender to answer certain questions, or decipher an image that displays a series of letters and numbers. This image can only be deciphered by a human, and not by spamming software. Once this is successfully done, the email is allowed to go through the system to the inbox. The sender is also added to the whitelist. The challenge-response methodology uses a combination of human judgment and software technology to determine which email to let through and which to block.

The advantage of this method is that it is not worth it to spammers to wade through all the challenge-response emails and respond to them. They are more likely to remove the email address from their lists and go after other addresses that do not have such requirements. However, the inconvenience of having to register to send email to the whitelist user may discourage legitimate email senders from following through.

Another impractical aspect of whitelists arises when the email account user places an online order, registers for a newsletter or other service. Each of these new email sources must be manually added to the white list. If the user forgets to do this, or enters it incorrectly, important email may be blocked.

Whitelists are far more effective than anti-spam filters, because the latter work by calculating the probability that if an email contains particular words, it is likely to be spam. However, spammers easily get around this feature simply by misspelling words, or by avoiding words associated with spam. For this reason, spam filters are usually only 80-90% successful. This may be acceptable on a personal account, but not on a business account that likely receives over a hundred emails a day.

Whitelists are especially beneficial to businesses as they almost totally eliminate the waste of valuable time that would otherwise be spent wading through the hundreds of spam that are received each day. However, despite their effectiveness in blocking spam, whitelists have not gained widespread use because of the high rate of false positives. It is also virtually impossible for businesses to compile an exhaustive whitelist database of trusted email sources.

Tweet This Post

The volume of spam that is sent out every minute of the day has reached pandemic proportions. The simple reason for this is because the cost to a spammer ranges from zero to negligible. In fact, anyone with a list of email addresses and Internet access can spam thousands, even millions of people with a single click of the mouse. The cost of spam, however, now runs in the millions.

Bandwidth

Spam takes up valuable Internet bandwidth that would otherwise be used for legitimate business and personal use. Bandwidth refers to rate at which data is transmitted; it is the amount of data that can be transmitted within a fixed amount of time. The lower the bandwidth, the slower the transmission.

When spam uses up valuable bandwidth, and clogs up the system, it causes costly delays in the transmission of important, legitimate information. It forces the Internet Service Providers (ISPs) to increase bandwidth just to handle the increased volume. This costs money, and this cost is passed on to the consumer.

Viruses, Worms and Malware

It is becoming an increasingly common menace. Spammers will attach viruses to the email they send out for purely criminal or malicious purposes. Some viruses, for example, are programmed to self-install and give the spammer access to all the vital information stored on your computer. This information is often be used for identity theft purposes.

Other viruses simply do great harm to computers the world over. A Consuner Reports study estimates that the cost of repairs and replacement parts for damage done to computer systems by viruses was over 8 billion over the past two years. This does ot take into account the billions spent on anti-spam and anti-virus software.

Productivity

Spam is not only annoying, it also takes up valuable time just to go through it and figure out sort out the spam from the valid mail. For businesses that receives hundreds of emails a day, the cost in time and productivity really adds up.
The “cost of spam calculator” that is available at cmsconnect.com estimates the that spam costs almost $1000 per employee each year, with over 50 hours of lost productivity for each one.

Lost Messages and Data

As we try to battle the spammers by installing spam filters and blockers, these programs often weed out legitimate businesss correspondence. Lost correspondence from a client or supplier can easily cost businesses money, clients and goodwill

Identity Theft

The phenomenon of phishing has become more prevalent as spammers think up new ways to make a buck at your expense. Phishing involves the use of email that is designed to look like a legitimate company has sent it. It is sent out to millions of people in the hope of scamming them into revealing personal information that the scammer can use for identity theft. The cost of Phishing and identity theft to their victims now also runs in the billions.

The cost of spam is a financial drain on the economy. We pay a high price for the spammer to scam his victims. The spammer pays nothing.

Tweet This Post

Each minute of each day, there are literally thousands upon thousands of spam email messages flooding inboxes the world over. Some of that email even goes out from what appears to be your very own email address! Where on earth do spammers get your email address? There are various ways – some are legitimate, and most are not.
Typically, spammers will “harvest” email addresses from legitimate web sites, such as USENET groups, chat rooms, message boards, AOL profile pages and special interest group postings. These are sites you have visited and requested more information from, or corporate sites where you may have placed an order.

The spammers collect these addresses using automated programs called spambots. Spambots are designed to harvest the email addresses from these web sites. They scan every page on the site, collecting any text containing the symbol “@” they find. The email addresses they collect are compiled into a database, loaded into a bulk-emailing program and out goes the spam. Often, these harvested email addresses are also sold to other spammers ; once you email address makes it to a spammer’s mailing list, it will make it onto their fellow spammer’s lists.

Some websites require you to register before you can place an order or access certain parts of the site. Not all these websites will be as protective of your email address as you may wish. Newsgroups are particularly notorious for exposing their users’ email addresses to the spam gatherers. Most newsgroups do not take a great deal of care to hide the email of their users, and each and every email member email address is exposed and up for grabs by spammers. Some of the wbsites that aask you to register may also sell to spammers.

Another method commonly used by the spammers is to target a domain. They simply guess or make up every possible variation of email address based on the domain name, for example @yourDomain.com . They create a mailing list of these addresses and then spam them. Corporate emails are especially vulnerable, as their emails have a distinct format such as @BusinessName.com.

While most of the spam will bounce, it really does not bother the spammers because they can and do send out millions of this type of junk mail a day. A small proportion of the emails will actually be legitimate and will receive the spam – that is good enough for the spammer. This method of gathering email addresses is called a brute force spam attack.

One way to defend against this is to make it more difficult for the spider to harvest your email. When you place your email address on a web site, remove the @ symbol and replace it with the word “at.” This makes it far more difficult for the spam harvester to gather your address, because it cannot be gathered mechanically; it can only by read by a human who is actually reading the site. Alternatively, you should display your email address as an image rather than as text.

Tweet This Post

Never respond directly to any unsolicited email that asks you to update or verify your personal information. Banks, stores and other legitimate businesses will never ask you to give this information via email, particularly following the advent of phishing.

If there is any doubt as to whether or not the email is from who it purports to be, contact the company immediately to confirm and clarify the request for information. Be sure to call a phone number from your statement. Calling the phone number in the email is probably a direct line to the identity thief.

Never click on a link in any such email. To do so would be to risk downloading malicious Trojan horse spyware, which will install keyloggers in your computer system. This would provide hackers direct access to all the personal data stored on your computer, which they will use for their own nefarious financial gain.

Never, ever fill out forms contained in an email that request personal information. The mere request for this information should ring a loud alarm bell. Phishers are able to use HTML to design very official-looking email messages. Any information entered into these forms goes directly to the phisher

Never trust links contained in unsolicited email. Phishers have devised ways to spoof legitimate website links. Common tricks that are used include misspelling web addresses or using sub-domains that include the name of a legitimate business.

An email link can also be “masked” in such a way that it displays a very official looking text-link to a legitimate company’s website, but clicking on it will take you to the phisher’s web site.

Do not cut and paste the link contained in the message into your browser. Type the address of the legitimate company in a separate browser window, so as to bypass having to click on the link in a suspected phishing email.

Always be suspicious of impersonal email. Almost all email communication from legitimate businesses will contain some specific piece of personal information that is not readily available to anyone but you. An email from your bank, for example may include part of your account number.
Always keep in mind that here are malicious people out there who do nothing more than think up creative, innovative ways to get at your personal information.

Be sure to use anti-syware and anti-virus software, and keep these regularly updated. Anti-spam filter software may help eliminate or minimize the amount of phishing spam you will receive in your inbox.

Be very cautious of opening any emailed attachments you receive, even if they seem to be from an acquaintance.

Help catch the phishers by reporting any phishing attempts. Forward the phishing email to the company that is being spoofed. Also forward it to these email addresses as well:
spam@uce.gov and reportphishing@antiphishing.org. This information will be used by the Anti-Phishing Working Group to fight phishing. This organization is a coalition between the internet industry, and financial institutions and law enforcement.

Learn more and stay informed by visiting the Federal Trade Commission’s Identity Theft website: www.consumer.gov/idtheft.

Tweet This Post