Spam Slayer: Biggest Spam Hassles Solved

Tip of the MonthFraud Alert: Interested in tracking your tax return online? The Internal Revenue Service allows you to track your refund at its Get Refund Status site. Beware of any e-mail that claims you're due a refund or offers a way to check your refund status online. There are reports of e-mails circulating pretending to be from the IRS that sport links to Web pages that ask for your Social Security number, credit card number, or sometimes even the PIN numbers for ATM cards.

You've got spam questions, I've got answers. Each month my inbox is brimming with great questions from inquiring readers who want to know how to combat spam. This month I answer the most common and puzzling spam questions from the Spam Slayer mailbag.

Complaining about spam brings a certain satisfaction. Many readers ask where they can complain--and if anybody is listening to their gripes.

The Federal Trade Commission allows you to file complaints online and asks that you forward the spam message you are complaining about to spam@uce.gov. The FTC says it doesn't take action on individual complaints. Rather, it collects thousands of complaints and uses them to identify and go after the most abusive spammers.

Another organization that accepts spam complaints is SpamCop, which says it determines the origin of spam e-mail and reports it to the relevant Internet service providers. Be advised, however, that SpamCop is a commercial service that also sells a spam filtering service for $3 per month. By joining the SpamCop army of people who report spam you may be helping the company fight spam for its customers, but don't expect a price break for the commercial service.

Spam is an equal-opportunity annoyance. Every day new Internet users are discovering just how annoying it is. So the next most popular question I get is: "Help! Could you recommend a good spam filter?"

There are a lot of great, reasonably priced spam filters. For a close look at the latest offerings, read "Inbox Tamers," which offers a good primer on a variety of spam filters.

Personally, I like Firefox's free Thunderbird e-mail client. It does a great job of filtering out crud and adapting to my e-mail likes and dislikes.

If your spam load is considerable, and you use Microsoft Outlook or Outlook Express, you may want to take a look at Sunbelt Software's IHateSpam or Cloudmark Desktop (formerly called SpamNet), both of which we've reviewed and liked.

Many readers are stumped by AOL's anti-spam policy. They complain that the service is blocking legitimate e-mail by labeling it spam. The problem goes something like this: Someone who doesn't use AOL tries to send e-mail to an AOL member. But AOL labels the message as spam and it is blocked--never to make it into AOL's network. Unfortunately, there is no quick fix to this problem.

Because AOL has so many members, it is the ultimate spam magnet--and consequently has one of the most restrictive spam filters. The company says it blocks, on average, 2 billion spam messages each day before e-mail even reaches members' in-boxes.

AOL says that if it is blocking your e-mail, it's either because you are sending e-mail from a server or ISP unknown to AOL, you have violated AOL's unsolicited bulk e-mail policies, or members have complained that you're sending spam.

Don't bother complaining to AOL by e-mail, because your e-mail is being blocked. You can review AOL's policies in detail on its Postmaster.info page. You could also call AOL's Postmaster Hotline to ask to be removed from its Block List. You can reach the Postmaster Hotline at 703/265-4670 or 888/212-5537.

You also should be careful about what you write in an e-mail message. Excessive use of profanity and using words typically found in junk e-mail (like free and mortgage) might trigger a spam filter to block your missive.

We've all seen cryptic e-mail messages--you know, those e-mails full of nonsense words in the subject line and message body. Sometimes the e-mail contains nothing but funny-looking characters that don't look like letters. What is behind these mystery messages?

What looks like gibberish may be one of two things. Unintelligible text in a subject line or body of an e-mail is likely spam written in a foreign language. Often e-mail software chokes on foreign characters. Not able to convert foreign characters, e-mail programs display them as boxes, upside-down question marks, sun symbols, and many others.

There is no sure-fire way to block this type of spam. You might try to copy typical junk characters from one message and paste them into your e-mail software's filter rules.

Random nonsense text in e-mail subject lines like "Hello v13uopn9tt5n22 Yes U can!" and misspelled words are also designed to trick spam filters. By using misspelled words, like "best m0rtgage qu0te!s," spammers hope to evade filters that use keywords to identify spam.

Today, more than 80 percent of all spam worldwide comes from zombie PCs, experts say. Zombie PCs are computers that have been infected by malicious code that allows spammers to use them to send e-mail. And these computers could be owned by anyone--businesses, universities, and average users

Quite often zombie PCs are associated with botnets. The word botnet typically refers to a group of zombie PCs. The term zombie PC refers to one of the PCs in a botnet, though in some cases a zombie PC may not be tied into a botnet.

You can reduce your PC's risk of becoming a zombie by installing a personal firewall and antivirus software, and keeping your copy of Windows up-to-date. For a list of free antivirus and firewall tools, go to "101 Fabulous Freebies" and scroll down to the section on security.

You should also be aware that a Trojan horse may have disabled firewall or antivirus software that usually launches automatically. To make sure that your security apps are still running, try to launch them yourself.

Symptoms of a zombie PC include a suddenly sluggish broadband connection, excessive hard drive activity, an unresponsive mouse or keyboard, or bounce notifications in your inbox from people you never tried to contact. But these symptoms do not guarantee that your PC is a zombie.

Read my June 2005 column, "Slaying Spam-Spewing Zombie PCs," for more tips.

Fed up and frustrated with spam, many people often ask if there is a way to segregate the e-mail they receive from their friends from all the other e-mail and spam they get. The idea is that e-mail from friends is important, so why risk having it get lost in a sea of crud in one huge inbox folder.

Here is how to do this in Outlook Express: First, create a "Safe Mail" or "Friends" folder. Then right-click on Local Folders and select New Folder. Next, select Tools, Create Rules from Message, and pair your address book and any other trusted e-mail addresses with your Safe Mail or Friends folder. In theory, spam will never make it into your Safe Mail folder--only messages from senders in your address book.

This trick also works with Outlook, Netscape, and various other e-mail programs.

At least once a week I receive an e-mail from a dumbfounded reader wondering how someone is sending spam with their e-mail address on it. Another burning question: Why they are getting undeliverable mail notices for e-mail they did not send?

Unfortunately, there is nothing you can do to prevent someone from sending spam using your e-mail address as the return address--just as you can't stop someone from mailing a letter using your street address as the return address. The good news is that spammers usually borrow an e-mail address for a short time and move on to another victim quickly.

To be sure a virus isn't camped out on your PC and using your account to send e-mail, you should update and run antivirus software. Worms and Trojan horses sometimes pull data from address books and "spoof" the e-mail address and subject line of a message so it appears to come from you. Spoofed e-mail that fakes your address as the sender goes out to hundreds of e-mail addresses. Some of those e-mail addresses don't exist, and messages are bounced back to the address listed as the sender: you.

Spoofing a return address is illegal. Online retailer Amazon.com has filed 11 lawsuits against online marketers in the U.S. and Canada, alleging that they misuse the Amazon name when sending e-mail advertisements. Earthlink shut down the notorious Buffalo Spammer after he sent 825 million messages in a year using a spoofed reply e-mail addresses.

For many people, deleting the spam they get is just not enough. While you may never be able to tell who sent the e-mail to you, most of the time you can determine what computer was used to send you spam. Armed with this information, you can complain directly to the Internet service provider that the spammer used.

To sleuth out a spammer's IP address you need to examine the e-mail header information. Most e-mail clients hide header information, however. To view header information in Outlook or Outlook Express, for example, right-click the message subject line and select Properties, Details.

Now work your way from the bottom of the e-mail header up and keep a keen eye out for the first instance of the phrase "Received: from." This line reveals the IP address of the mail server that actually sent the e-mail.

Next you'll have to perform an IP lookup at a site like Sam Spade or Network Solutions to see who owns that IP address. That's who you report the spam to.

Good luck and happy spam hunting.