The PhoneBoy Blog


Simplifying Telecom, Mobile Phones, Gadgets, and More!

A Simple Strategy for Deailing with Spam

A Simple Strategy for Dealing with Spam

Those who are plagued with spam and are looking for ways to minimize it's impact on your life might like this piece where I share some secrets for dealing with spam. My method involves using mail filtering software. Mail filtering software will, based on specific criteria, sort your mail into a variety of "folders" or perform actions on a particular piece of mail. For you Unix heads, there are a lot of programs you can use to do this. On the PC and Mac side, more and more email clients are being built with filtering capabilities. Mail filters are extremely useful if you are on several mailing lists and you want to be able to separate this mail from stuff that's personally addressed to you. But did you know you can also use these programs to filter out spam?

First, let's talk about some email basics. Each email message has two primary parts to it -- the actual message itself, and the "headers". The headers function much like an envelope does in the postal mail world. It has some information about where the letter supposedly came from (the "From" header), who the letter is supposed to go to (the "To" header), anyone that's supposed to get a carbon copy of the letter (the "Cc" header), and postmark-like information ("Received" headers) so you can see which computers processed the message as it made its way from sender to recipient. In the example below, you can see who the letter is from (in this case, [email protected]), who the letter is supposed to go to (in this case, [email protected]), and each machine that was responsible for delivering the message from Scott to me.

Received:      (from [email protected]) by shell3.ba.best.com (8.8.5/8.7.3) id JAA08354
               for dwelch; Wed, 16 Jul 1997 09:14:51 -0700 (PDT)
Received:      from proxy2.ba.best.com ([email protected] [206.184.139.13])
               by shell3.ba.best.com (8.8.5/8.7.3) with ESMTP id JAA08327
               for <[email protected]>; Wed, 16 Jul 1997 09:14:47 -0700 (PDT)
Received:      from people.human.com (people.human.com [165.227.247.2])
               by proxy2.ba.best.com (8.8.5/8.8.3) with ESMTP id JAA18910
               for <[email protected]>; Wed, 16 Jul 1997 09:12:53 -0700 (PDT)
Received:      from icrunch.human.com (icrunch.human.com [205.179.92.132])
               by people.human.com (8.8.5/8.8.5) with SMTP id IAA23977
               for <[email protected]>; Wed, 16 Jul 1997 08:34:40 -0700 (PDT)
Message-ID:    <[email protected]>
X-Sender:      [email protected]
X-Mailer:      Windows Eudora Pro Version 2.2 (32)
Mime-Version:  1.0
Content-Type:  text/plain; charset="us-ascii"
Date:          Wed, 16 Jul 1997 09:12:50 -0700
To:            "Dameon D. Welch" <[email protected]>
From:          Scott Deardorff <[email protected]>
Subject:       Re: Meeting tommorow.

When a friend, associate, or family member sends you an email, the header information will usually be accurate, thus facilitating easy response to an email message. It's also easy to tell that a message is directed at you because the "To" or "Cc" headers include your email address. Messages that you get from mailing lists do not appear directly addressed to you. Instead, they appear addressed to some other address. When you send the RadioNet staff email at [email protected], you are actually sending it to a small mailing list. When the staff receives messages addressed to [email protected], the "To" or "Cc" header in the email appears addressed to [email protected] just as it was sent. Once the mail is received at RadioNet's servers, the mail is blind carbon copied to each person on this mailing list. Blind carbon copies are used to "hide" each person that is getting a copy of the message. A similar mechanism is used for our RadioNet mailing list.

Spammers use special email programs that will "blind carbon copy" thousand upon thousands of people at once. Based on the email headers, the intended recipient of the email they send out appears to be a bogus email addresses. The "From" and "Reply-To" headers are intentionally given incorrect information so that it will be impossible to easily send the spammer a reply. Advanced spammers also delete or otherwise tweak the various "Received" headers so that you can not tell what servers the email traversed before it got to your inbox. All of these techniques make it difficult to track down a spammer.

With this in mind, an easy, though not completely foolproof method for filtering spam is to check for known addresses in email headers. Messages from associates, friends, or relatives will most likely be addressed directly to you. This means your email address will either appear in the "To" header or the "Cc" (or carbon copy) header. If the email address is not contained in the "To" or the "Cc" header, it was most likely sent via a blind carbon copy from some kind of mailing list. If you subscribe to mailing lists, you can usually filter these messages on the basis of the "To" or "Cc" headers as well. Once you've accounted for these sorts of messages, most everything else is probably spam. These messages can be directed to a "spam" folder of some sort or deleted altogether, depending on the capabilities of the mail filter you use and your personal preferences.

My filtering program of choice a powerful filtering program called "procmail" that allows you to process email in just about any conceivable way. I use it to filter wanted email into various folders. I also scan the email for both random and known spammers and, in some cases, I actually send an email back. This doesn't always work since spammers often use invalid return addresses, but those that do use valid addresses get email back. For those of you with Unix shell accounts, you may want to check out this link to "The Spam Bouncer," which uses a comprehensive procmail 'recipe' to filter out known spammers. I have incorporated it into my own procmail recipes that I use for my own filtering needs. The Spam Bouncer page also goes thru some basics of the procmail program, which is more geared towards intermediate and advanced Unix users.


C-List #Cybersecurity Celebrity, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.