Spam is everywhere — your e-mail inbox, your instant messaging windows, Web site guest-books, blog and now possibly running over your Internet telephony lines. As Internet-based communication technology evolves so do the methods unscrupulous individuals use to send you advertisements. Worse yet, the numbers of spam-related messages being distributed are increasing every day.  When you hear the word spam, your immediate thoughts go to the more well-known and common form of spam: e-mail spam. However, other types of spam are found in a variety of Internet communication mediums such as instant messaging, discussion boards, mobile phones with text messaging, newsgroups, Internet telephony, blogs — basically any device or client that provides a means for communications. This week, we take a look at the "Internet junk mail" terminology and discuss best practices for protecting your system from these unwanted communications. All About E-mail Spam While many Internet users have resigned themselves to the fact that e-mail spam is here to stay, there is nothing more annoying than logging in to check your e-mail and downloading or sifting through tens or hundreds (or even thousands) of unwanted e-mail advertising for some product sent directly to your e-mail address. E-mail spam numbers have been on the rise because e-mail spam is a cheap way to garner a few sales. For the solicitor, the costs associated with spamming are minimal. All they need is time and enough money for an Internet connection and lists of e-mail addresses. E-mail Spam: Best Practices For Individuals Currently, there is no way to completely stop spam. The good news, however, is that individuals can take proactive steps to limit the number of incoming spam e-mails to save time, frustrations and money.

Key Terms To Understanding Spam, Spit & Spim: spam Electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. e-mail Short for electronic mail, the transmission of messages over communications networks. spim A type of spam sent over instant messaging services. IM Short for instant message, a communication service that enables you to communicate in real time over the Internet using text-based messaging. spit A type of spam sent over Internet telephony services. Internet telephony A category of hardware and software that enables people to use the Internet as the transmission medium for telephone calls.

Keep Your E-mail Address More Private
To avoid e-mail address harvesting practices, it's important to not post (in text) your e-mail address in public Internet chat rooms, on any Web site, newsgroup, guestbook or blogs to which you post. If you find you need to post an e-mail address, try typing your address in a graphics program and using an image of your address in a signature file or attachment. Or, you can also replace common characters (such as the @ or .) with spaces or spelling. For example, writing your address as
"webmaster — at— webopedia —dot— com" is one way to display your e-mail address so humans can understand it, but software or script harvesters cannot grab it and add it to a spam list.

You can also consider encoding your e-mail address by using its equivalent decimal entity. To people viewing the address in a browser, it appears as normal text. The code, however, consists of character entities and unreadable to many harvesting scripts (example e-mail address encoder). If you plan to take part in online forums or newsgroups, or you plan to join different mailing lists, you can always register for a free online Web mail account. This will help filter the bulk of spam from publicly posting your e-mail address to one e-mail account that is not used for family, friends or work-related communications. It doesn't mean your other accounts won't get spam, but it will help you time-wise by enabling your other account to have less spam build-up.

Choose More Complex E-mail Addresses
Some spammers basically attack mail servers and use a method called a dictionary attack to get their junk mail sent out. Basically, the spam is sent to every combination of letters and common names at an ISP. In this scenario, spam is more likely to get through to a common, short e-mail address like "mary @insertdomainname.com" than it would "mary_washinger @insertdomainname.com".

Don't Click Links in Spam E-mail
Even if the links reads "click to unsubscribe," if that link appears within a spam message, chances are your click to unsubscribe is used solely for the purpose of informing the spammer that your e-mail address is valid  and you may end up on even more spam lists. Studies indicate that the valid responses from spam is about 1 percent. Clicking any link to get more information or to make a purchase from a spam e-mail is only encouragement for spammers to continue these practices. Rather than using the links within the spam e-mail, try and find the Web site or service through a search engine or other means. Another alternative would be to find the same or similar service or product from a competitor who is not engaging in spam practices and spend your money there.

Use a Good E-mail Filter
The best proactive step you can take to limit spam mail in your in box is to use a good e-mail filter. There are many types of filters available today that will block or filter e-mail based its content, header or even language. Most e-mail programs will allow you to define your own criteria for blocking in addition to these filters. There is also a permission-based filter that means you can specify specific e-mail addresses that are allowed to send you e-mail. Filters that work at the gateway are extra beneficial in that they can also stop incoming worms and virus e-mail attachments.

Remember the Virus Scanner:  The golden rule for any spam is to never open or accept files from people you do not know. Spam is rife with worms, Trojans, and viruses that can be attached as what seems to be legitimate files in e-mail messages. While the above best practices can help with lowering the number of spam e-mails you receive, only a real-time virus scanner can help with removing the risks to your system security.

Recommended Reading: "Did You Know... Getting Rid of Spam" "Did You Know... All About Phishing" Webopedia's Electronic Mail Category

All About Spam over Instant Messaging (SPIM)
In a report from the Pew Internet & American Life Project, a study last year revealed that more than one-third of the 134 million American adults who use the Internet, also use instant messaging services. Of those 52 million people, nearly a third have received unsolicited commercials through their instant messages. As more people begin to use a new communication medium, the amount of spam for IM services start to rise.

Spim (short for spam over instant messaging), is a type of spam that uses IM platforms as the transport medium. Users of different public IM systems, who use public profiles are quite likely to receive unsolicited advertising messages from spammers (when referring to spam over instant messaging, they are called spimmers) . Similar to e-mail spam, spim messages are advertisements and will usually contain an embedded hyperlink link to visit the Web site this individual or bot is marketing.

Compared to spam, spim is less common, but it is often thought to be a bigger annoyance and intrusion. When you check your e-mail, you can quickly scan the incoming messages and read only those you know are legitimate, leaving the spam for a later time (or for a mass delete). Spim, however, is sent through a real-time communication platform, which means you have to deal with spim in real-time as well. You have to stop what you are doing and deal with the spim as the IM window pops up. Spim is also considered to be more of a risk than e-mail spam because IM users expect to be on the receiving end of a message from a user in their buddy list — not a spimmer.

IM Spam (spim): Best Practices For Individuals
If you're familiar with combating e-mail spam, you'll have a head start in your fight against spim. Again, the golden rule to protection and security is to never  open or accept files from people you do not know!

Private Access is Key: The best way to avoid spim is to never open or respond to a message from a person you do not know. If you make your IM user name and contact details public, just like with e-mail spam, you are providing spimmers with the information they need to contact you. Keep your IM profile and username off public directories.

Even Buddies Can Be Harmful: To avoid security risks, use extreme caution in opening any file or link in an IM — even if you do know the user who is sending it. The nature of Trojans and worms that spread through IM channels means your buddy's system could be infected, and the message you receive may simply be the result of a worm replicating on its own through their contact list. Even a hyperlink, can actually route you to a Web site where a download will be initiated, unknown to you. Spim is also usually designed to play on emotions (for example, the story of a lost girl is the text with a link inviting you to click to find out how you can help). Ignore these messages and all messages from unknown IM usernames.

Remember the Virus Scanner:  The golden rule for any spam is to never open or accept files from people you do not know. Spam is rife with worms, Trojans, and viruses which, in IM can seem like a harmless message from a person in your contact list. A virus scanner will go a long way in helping to protect your system from malicious spim.

Recommended Reading: Think Spam Is Tough? Try Fighting Spim Webopedia's Chat Category

All About Spam over Internet Telephony (SPIT)
According to Internet and technical publications, spit (spam over internet telephony) is already an acronym. However, when the acronym was created in October 2004, there wasn't a single reported cases of spit. Much like spam and spim, it's believed that as internet telephony becomes more popular with consumers, spit is sure to follow. In September 2004, a U.S.-based company called Qovia filed two patent applications for technology to stop spam over Internet telephony or voice-over IP (VoIP).

Similar to spam and spim, spit offers spammers a low-cost alternative to unsolicited marketing. Mass marketing using automated voice messages is accomplished literally with the push of a button. The attraction to spammers, of course, is that spit can be fully automated and is certainly cheaper than staffing a call center with people to make voice calls.  Spit is seen in a variety of forms from spammers sending out automated marketing messages to pranksters interjecting words into a VoIP conversation . audible only to receiver but not the caller. And, like all spam, it has the potential to clog your network traffic and further degrade voice quality.

While spit has yet to bring a network down, security experts agree that it may be a problem in the future. Just as many spammers turned into spimmers as the popularity of instant messaging grew, spimmers may well turn into spitters.

Internet Telephony Spam (spit): Best Practices For Individuals

Understand the Risk: While spit is not nearly as common as spam or spim, it's important to identify the potential risk to your network and educate yourself about what is happening in terms of trends. Being aware that the problem exists on a small scale now will help you if and when it becomes a common spam tactic.

Encryption & Security is Key: To keep a handle on spit before any spam manifestations start, look at encrypting all VoIP conversations. Additionally, you want to protect your servers and networking hardware with both an IDS (intrustion detection system) and anti-virus software. There are also VoIP-specific products available that are worth checking out as well. For example, you can run a software that asks an incoming caller a question that needs to be answered by a human to help prevent automated voice messages from getting through.

Choose a Service Provider Wisely: To make your own security risks and maintenance easier, you may want top consider a larger, well-established VoIP service provider that has the capabilities to handle most, if not all, Internet telephony security issues for you.

Recommended Reading: "Did You Know... What Can VoIP Do for You?" Webopedia's Internet telephony Category

 

Did You Know... Despite the quantities of e-mail spam being higher in numbers, both spim and spit are seen as a more intrusive method of spam since the communications are based on real-time sending, receiving and acknowledgement. "If you're getting 50 e-mail spams a day, you can let them sit in your inbox. Getting 50 spims a day is 50 times you have to stop what you're doing to deal with the message..  . Christopher Dean, Senior Vice President FaceTime [Source]

Vangie 'Aurora' Beal
Writer, www.Webopedia.com
Last updated: August 11, 2006

Webopedia's Did You Know... All About Phishing
It is becoming increasingly common to tune in to the news or load your favorite news Web site and read about yet another Internet e-mail scam. An e-mail scam is a fraudulent e-mail that appears to be from a legitimate Internet address with a justifiable request . usually to verify your personal information or account details.

Internet Research Task Force: Anti-Spam Research Group (ASRG)
The Anti-Spam Research Group (ASRG) investigates tools and techniques to mitigate the effects of spam. The focus of the ASRG is on technology solutions, although it may consider tools and techniques to aid the implementation of legal and other non-technical anti-spam measures.

RFC 3098: How to Advertise Responsibly Using E-Mail and Newsgroups
(or - how NOT to $$$$$ MAKE ENEMIES FAST! $$$$$). This memo offers useful suggestions for responsible advertising techniques that can be used via the internet in an environment where the advertiser, recipients, and the Internet Community can coexist in a productive and mutually respectful fashion.

E-Mail Marketing Services Fit Your Needs and Budget
For most small firms, your best potential customers are the ones you already have. New clientele is always nice, but repeat customers will make your business sustainable. Cultivating those relationships, while simultaneously reaching out to new prospects, is an ongoing challenge that can quickly overwhelm your marketing budget and bandwidth.

Is Spim Spinning Out of Control?
Much like spam, the most common form of spim are annoying IMs advertising anything from cheap Viagra to pre-approved home mortgages. It may sound harmless, but imagine being in an IM conference with co-workers and trying to meet a deadline as annoying IM marketing screens continue popping up.

VoIP to Fuel Plague of 'Dialing for Dollars'
Voice over IP (VoIP) promises to radically change the way companies do business, but one side effect of less expensive communications threatens to give the whole ecosystem a black eye.

Enterprise VoIP Planet  
The IT Manager's Guide to Voice over IP.