RE: Those that use Spamfighter advice. NVFRC

Guess it's gonna be a long winter!

Oh, I fixed the subject line so those folks who filter NVFRC won't have
to be subjected to this...

> Or a better and simpler spam filter?

Spider, no spam filter is perfect. The more effective it is, the more
chance there is of collateral damage, and the more time you may spend
double-checking it to see if it ate an important email. So as you
evaluate spam filtering software or services, just keep that in mind.

One of the gadgets I like to use is SpamBayes, but if you're a Windows
user the price of admission is the real, honest to goodness, hand some
money to Microsoft, Outlook client, not Outlook Express. But if you get
an enormous volume of spam the routine need to scrutinize what it has
classified as spam and delete the mess before it grows out of hand, can
grow tiresome.

For me, SpamBayes is actually a second-line defense. I run my own mail
server, and it checks all the incoming email against seven blacklists
before it even makes it to my own mailbox. While that's not practical
for most of us, I'll say that a service like SpamCop can be hugely
effective. But I have to reiterate the warnings about collateral
damage.

Because my first-line defense is really good I don't follow the
client-side software that much. Hopefully someone else can chime in
with some other suggestions.

Now T...

> I disdain people who have to use gimmicks such as spamblocker
> and who expect other folks to jump through hoops to contact them.

Absolutely!

> never EVER give out your email address except to those that
> absolutely have to have it.

Generally good advice, but of really limited usefulness. So many people
rely on email and so many businesses use it for perfectly legitimate
purposes, it's tough to keep it reigned in now.

> Do not allow friends or family to send you *anything* by putting your
> email address into a site, including American Greetings.

Also generally good advice, although there's no evidence that American
Greetings and its ilk have abused the email addresses of any e-card
recipients.

The problem of fake, virus-laden greeting card emails is another subject
entirely.

> Conversely, do not forward /anything/ unless you have
> trimmed off all the extraneous email addresses of other
> recipients. Teach others to do this.

That definitely is an act of kindness, mostly to limit the extent of
damage if one of the recipients is compromised by software designed to
steal data from your contacts list. Plus it's good for privacy in
general.

> Next, have a number of different email accounts for different

If you're paying for each address this can get expensive. Even if you
don't, it can be rather unwieldy. At this point one has to start
thinking about which approach is more of a hassle.

I personally can't be bothered. But I understand the reasoning
perfectly and don't disagree with it.

> Small detail to keep in mind; most spammers that auto-generate
> spam use dictionary generators. The vast majority of these DO
> NOT USE A PERIOD!

Most spammers are using purchased lists. Some of the people generating
those lists run systems that will pick a popular (or not-so-popular)
domain, then using a dictionary-style attack will try address after
address, and anything that doesn't immediately bounce is considered
"good" and added to their database, which is later sold. Periods used
to help defend against this but the attacks have grown more
sophisticated.

This would be a good time to mention that if you ever purchase a domain
and have the smart-ass idea of setting it up so that email to /any/
address in that domain will reach your mailbox, DO NOT DO IT. Think
about what happens after that domain gets a dictionary SMTP attack.
I've seen it happen and the result is several spams per second 24 hours
a day. Not pretty.

In my experience the #1 absolute fastest way to get your email address
abused is to use it on Usenet, by the way. Literally days between
posting and abuse. Putting email addresses on web pages can take months
to get onto an spam database.

> Avoid using Yahoo Mail or HotMail, the companies running
> them actually make money by selling your email address to
> third parties. (Didn't you ever wonder why it's 'free'?)

I don't know about Hotmail personally, but I created an account on
Yahoo! Mail ages ago and never gave out the address or used it for
anything. Since the day I created it I have never received any emails
to that address except for the welcome message. Just checked it now -
no spam, no nothing. It IS always a good idea that if and when you sign
up for such a service, the first thing you do is to find the preferences
page and opt out of everything you can. If the service does scarf up
your address that should at least limit the damage. As for why it's
free, yes, they can make money from your email address but they can
actually make more money from advertising and data warehousing too.

> If you need additional email accounts that don't cost anything,
> go to gmail.com and sign up. It's been my experience that it
> works well and NO ads delivered to your inbox.

Speaking of data warehousing!

There are those who believe that data warehousing is even more sinister.
I'm on the fence about that, but shiver when I get emails from gmail
customers and find myself reflexively cautious with what I put in
replies. YMMV.

> Using Outlook Express as your email client is asking for TROUBLE
> Every code monkey on the planet looking to send mal-formed mail
> codes for it, simply because most people use it because it's 'free'.

I'd say that whatever software you use, make sure it's kept up to date,
either automatically or by signing up for the product's software update
email notifications. The motive model for hacking has changed
drastically over the last decade or so, and the practices have changed
accordingly.

Hacking used to be for fun, challenge, mischief, peer competition, etc.
Looking for the biggest target had the best chances of causing the most
damage. While all that is still true, recent hacking is now motivated
by profit. As a result, security through obscurity is becoming less
effective as the hackers seek to improve their margins by reaching a
wider market. Stay vigilant!

Happy new year,

-Brad

_______________________________________________
vfr mailing list
vfr@xxxxxx
For subscription and delivery options:
https://lists.cs.wisc.edu/mailman/listinfo/vfr