Anti-Junkmail

Way back in 1996, Bill Barnes of Slate Magazine wrote an article about SPOOFED Email. This article is still relevant today. He wrote:

"Like a well-paid courier, SMTP just passes along what it was given. I tell Outlook my e-mail address, but neither it nor the SMTP server provided by my Internet service provider has any way to verify that it's true. Just this minute, I changed my Outlook settings to say that my name is Mork, e-mail address mork@ork.planet, and Outlook happily sent more mail to my wife, who is tiring of my little shenanigans. ISPs smarter than mine configure their mail servers to be more restrictive about the e-mail they'll accept, attempting to verify the veracity of the sender's address, but a determined spoofer usually knows how insert e-mail further along the transmission chain."

Please go to guide.netfronts.com on how to spot the telltale signs of spoofed e-mail.

Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report:

Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as "spam." Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address?

In the summer of 2002, CDT embarked on a project to attempt to determine the source of spam. To do so, CDT set up hundreds of different e-mail addresses, used them for a single purpose, and then waited six months to see what kind of mail those addresses were receiving. It should come as no surprise to most e-mail users that many of the addresses CDT created for this study attracted spam, but it is very interesting to see the different ways that e-mail addresses attracted spam -- and the different volumes -- depending on where the e-mail addresses were used.

The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam.

Please go to Center for Democracy & Technology and read the entire report and results of the Experimental Anti-Spam Measures.

NEW YORK (AP) An America Online software engineer stole a list of 92 million customer screen names that was eventually used to send massive amounts of e-mail spam, federal prosecutors said Wednesday.

Jason Smathers, 24, was arrested at his home in Harpers Ferry, W.Va., and was charged with conspiracy.

Smathers, working at AOL offices in Dulles, Va., stole the list and sold it to a Las Vegas man, Sean Dunaway, who used it to promote an Internet gambling operation and sold it to spammers, a criminal complaint said.

Dunaway, 21, also was arrested at his home and was charged with conspiracy.

Read more at CBSNEWS.COM ...........

v.) Pronounced “fishing,” the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.

Get complete information about PHISHING at Webopedia - The online dictionary and search engine for computer and Internet technology definitions.

The number and sophistication of phishing scams sent out to consumers is continuing to increase dramatically. While online banking and e-commerce is very safe, as a general rule you should be careful about giving out your personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations that you can use to avoid becoming a victim of these scams.

Go to How to Avoid Phishing Scams for details.

Be aware of Recent Phishing Attacks.

Scam call to action:
"We want your online experience to be enjoyable and worry-free. That's why U.S. Bank Internet Banking uses various security procedures... Change your U.S. Bank Online Password often. The current password for your U.S. Bank accounts has not been revised for a long period of time and needs to be changed within 72 hours. Therefore, we urge you to do it today. You can do this quickly and easily by signing on and going to the Account Servicing area..."

Interspersed among the junk mail and spam that fills our Internet e-mail boxes are dire warnings about devastating new viruses, Trojans that eat the heart out of your system, and malicious software that can steal the computer right off your desk. Added to that are messages about free money, children in trouble, and other items designed to grab you and get you to forward the message to everyone you know. Most all of these messages are hoaxes or chain letters. While hoaxes do not automatically infect systems like a virus or Trojan, they are still time consuming and costly to remove from all the systems where they exist. At CIAC, we find that we spend much more time de-bunking hoaxes than handling real virus and Trojan incidents. These pages describe some of the warnings, offers, and pleas for help that are filling our mailboxes, clogging our mailservers, and that generally do not have any basis in fact.

Please visit the Hoax Busters http://hoaxbusters.ciac.org/.

The Internet Society's motto, for many years, has been "The Internet is for Everyone." As the Internet continues to penetrate into every corner of human society and of the economy, members of the Internet Society (ISOC) have a responsibility to demonstrate the standards of behaviour that are appropriate to continued growth and beneficial use of the Internet. People designing, building and operating Internet services, or simply using the Internet as a major tool in everyday life and work, need to adopt standards of behaviour like those of any profession. We build bridges and buildings to stand for at least 100 years, resisting natural and man-made disasters as far as possible, and to be useful for applications beyond their original design. Despite its rate of change, the Internet should be the same. Also, it should be deployed for the benefit of individuals and society, and Internet professionals have a consequent personal responsibility. Similarly, people simply using Internet services have a corresponding responsibility to avoid misuse.

The purpose of this code of conduct is to indicate the standard of professional behaviour to which ISOC members aspire, and which is intended to be an example to Internet professionals as a whole. It can be used by members to measure their own behaviour, and as a reference when considering the behaviour of others. The items in the code are intended to be as close as possible to observable or measureable behaviours, rather than requiring subjective or ethical judgement.

The Code of Conduct

Experts are surprised people fall for the Nigerian scam even though it has received extensive media coverage. The Nigerian scheme is over ten years old but "spiked" in 2000 with the scam picking up more variations from more countries.

Nigerian scheme evolves, still claiming new victims.

The 45-year-old school bus driver expected to collect $50 million if she allowed three times that amount to be transferred to her bank account for "safekeeping."

SCAM: The Nigerian Advance Fee Scheme

The Nigerian Advance Fee Scam has been around for quite awhile, but despite many warnings, continues to draw in many victims. In fact, the Financial Crimes Division of the Secret Service receives approximately 100 telephone calls from victims/ potential victims and 300-500 pieces of related correspondence per day about this scam!

Indications are that the advance fee fraud grosses hundreds of millions of dollars annually and the losses are continuing to escalate.

Sample of NIGERIAN SPAM E-MAIL.

In and of itself, chain letters are not illegal, but they are very annoying, and very wasteful of whatever medium is used to carry them. When a chain letter asks the recipient to send money to people through whom the letter passed before, with the promise that the recipient will receive money from those that the letter reaches after he sends it, then it has become a form of a pyramid scheme.

The enrolled (final) text of S. 877 as it was passed by the Senate on November 25, 2003, and agreed to by the House of Representatives on December 8, 2003, appears below. The bill was signed by the President on December 16, 2003, and takes effect on January 1, 2004.

Please go to 'CAN-SPAM Act of 2003' for the full text of the Law effective January 1, 2004

The use of the network is a privilege, not a right, which may temporarily be revoked at any time for abusive conduct. Such conduct would include, the placing of unlawful information on a system, the use of abusive or otherwise objectionable language in either public or private messages, the sending of messages that are likely to result in the loss of recipients' work or systems, the sending of "Chain letters," or "broadcast" messages to lists or individuals, and any other types of use which would cause congestion of the networks or otherwise interfere with the work of others..

Please go to NETIQUETTE website for links to various guidelines.

In the past, the population of people using the Internet had "grownup" with the Internet, were technically minded, and understood the nature of the transport and the protocols. Today, the community of Internet users includes people who are new to the environment. These "Newbies" are unfamiliar with the culture and don't need to know about transport and protocols. In order to bring these new users into the Internet culture quickly, this Guide offers a minimum set of behaviors which organizations and individuals may take and adapt for their own use.

Individuals should be aware that no matter who supplies their Internet access, be it an Internet Service Provider through a private account, or a student account at a University, or an account through a corporation, that those organizations have regulations about ownership of mail and files, about what is proper to post or send, and how to present yourself. Be sure to check with the local authority for specific guidelines.

Please go to NETIQUETTE GUIDELINES RFC 1855 to read complete document.