All About Spam, Spim and Spit
Last Updated: 08-31-2010 , Posted: 08-11-2006
Spam is everywhere — your e-mail inbox, your instant messaging windows, Web site guest-books, blog and now possibly running over your Internet telephony lines. As Internet-based communication technology evolves so do the methods unscrupulous individuals use to send you advertisements. Worse yet, the numbers of spam-related messages being distributed are increasing every day.
When you hear the word spam, your immediate thoughts go to the more well-known and common form of spam: e-mail spam. However, other types of spam are found in a variety of Internet communication mediums such as instant messaging, discussion boards, mobile phones with text messaging, newsgroups, Internet telephony, blogs — basically any device or client that provides a means for communications.
This week, we take a look at the "Internet junk mail" terminology and discuss best practices for protecting your system from these unwanted communications.
All About E-mail Spam
While many Internet users have resigned themselves to the fact that e-mail spam is here to stay, there is nothing more annoying than logging in to check your e-mail and downloading or sifting through tens or hundreds (or even thousands) of unwanted e-mail advertising for some product sent directly to your e-mail address.
E-mail spam numbers have been on the rise because e-mail spam is a cheap way to garner a few sales. For the solicitor, the costs associated with spamming are minimal. All they need is time and enough money for an Internet connection and lists of e-mail addresses.
E-mail Spam: Best Practices For Individuals
Currently, there is no way to completely stop spam. The good news, however, is that individuals can take proactive steps to limit the number of incoming spam e-mails to save time, frustrations and money.
Keep Your E-mail Address More Private
To avoid e-mail address harvesting practices, it's important to not post (in text) your e-mail address in public Internet chat rooms, on any Web site, newsgroup, guestbook or blogs to which you post. If you find you need to post an e-mail address, try typing your address in a graphics program and using an image of your address in a signature file or attachment. Or, you can also replace common characters (such as the @ or .) with spaces or spelling. For example, writing your address as
"webmaster — at— webopedia —dot— com" is one way to display your e-mail address so humans can understand it, but software or script harvesters cannot grab it and add it to a spam list.
You can also consider encoding your e-mail address by using its equivalent decimal entity. To people viewing the address in a browser, it appears as normal text. The code, however, consists of character entities and unreadable to many harvesting scripts (example e-mail address encoder). If you plan to take part in online forums or newsgroups, or you plan to join different mailing lists, you can always register for a free online Web mail account. This will help filter the bulk of spam from publicly posting your e-mail address to one e-mail account that is not used for family, friends or work-related communications. It doesn't mean your other accounts won't get spam, but it will help you time-wise by enabling your other account to have less spam build-up.
Choose More Complex E-mail Addresses
Some spammers basically attack mail servers and use a method called a dictionary attack to get their junk mail sent out. Basically, the spam is sent to every combination of letters and common names at an ISP. In this scenario, spam is more likely to get through to a common, short e-mail address like "mary @insertdomainname.com" than it would "mary_washinger @insertdomainname.com".
Don't Click Links in Spam E-mail
Even if the links reads "click to unsubscribe," if that link appears within a spam message, chances are your click to unsubscribe is used solely for the purpose of informing the spammer that your e-mail address is valid and you may end up on even more spam lists. Studies indicate that the valid responses from spam is about 1 percent. Clicking any link to get more information or to make a purchase from a spam e-mail is only encouragement for spammers to continue these practices. Rather than using the links within the spam e-mail, try and find the Web site or service through a search engine or other means. Another alternative would be to find the same or similar service or product from a competitor who is not engaging in spam practices and spend your money there.
Use a Good E-mail Filter
The best proactive step you can take to limit spam mail in your in box is to use a good e-mail filter. There are many types of filters available today that will block or filter e-mail based its content, header or even language. Most e-mail programs will allow you to define your own criteria for blocking in addition to these filters. There is also a permission-based filter that means you can specify specific e-mail addresses that are allowed to send you e-mail. Filters that work at the gateway are extra beneficial in that they can also stop incoming worms and virus e-mail attachments.
Remember the Virus Scanner
The golden rule for any spam is to never open or accept files from people you do not know. Spam is rife with worms, Trojans, and viruses that can be attached as what seems to be legitimate files in e-mail messages. While the above best practices can help with lowering the number of spam e-mails you receive, only a real-time virus scanner can help with removing the risks to your system security.
All About Spam over Instant Messaging (SPIM)
In a report from the Pew Internet & American Life Project, a study last year revealed that more than one-third of the 134 million American adults who use the Internet, also use instant messaging services. Of those 52 million people, nearly a third have received unsolicited commercials through their instant messages. As more people begin to use a new communication medium, the amount of spam for IM services start to rise.
Spim (short for spam over instant messaging), is a type of spam that uses IM platforms as the transport medium. Users of different public IM systems, who use public profiles are quite likely to receive unsolicited advertising messages from spammers (when referring to spam over instant messaging, they are called spimmers) . Similar to e-mail spam, spim messages are advertisements and will usually contain an embedded hyperlink link to visit the Web site this individual or bot is marketing.
Compared to spam, spim is less common, but it is often thought to be a bigger annoyance and intrusion. When you check your e-mail, you can quickly scan the incoming messages and read only those you know are legitimate, leaving the spam for a later time (or for a mass delete). Spim, however, is sent through a real-time communication platform, which means you have to deal with spim in real-time as well. You have to stop what you are doing and deal with the spim as the IM window pops up. Spim is also considered to be more of a risk than e-mail spam because IM users expect to be on the receiving end of a message from a user in their buddy list — not a spimmer.
IM Spam (spim): Best Practices For Individuals
If you're familiar with combating e-mail spam, you'll have a head start in your fight against spim. Again, the golden rule to protection and security is to never open or accept files from people you do not know!
Private Access is Key:
The best way to avoid spim is to never open or respond to a message from a person you do not know. If you make your IM user name and contact details public, just like with e-mail spam, you are providing spimmers with the information they need to contact you. Keep your IM profile and username off public directories.
Even Buddies Can Be Harmful:
To avoid security risks, use extreme caution in opening any file or link in an IM — even if you do know the user who is sending it. The nature of Trojans and worms that spread through IM channels means your buddy's system could be infected, and the message you receive may simply be the result of a worm replicating on its own through their contact list. Even a hyperlink, can actually route you to a Web site where a download will be initiated, unknown to you. Spim is also usually designed to play on emotions (for example, the story of a lost girl is the text with a link inviting you to click to find out how you can help). Ignore these messages and all messages from unknown IM usernames.
Remember the Virus Scanner:
The golden rule for any spam is to never open or accept files from people you do not know. Spam is rife with worms, Trojans, and viruses which, in IM can seem like a harmless message from a person in your contact list. A virus scanner will go a long way in helping to protect your system from malicious spim.
All About Spam over Internet Telephony (SPIT)
According to Internet and technical publications, spit (spam over internet telephony) is already an acronym. However, when the acronym was created in October 2004, there wasn't a single reported cases of spit. Much like spam and spim, it's believed that as internet telephony becomes more popular with consumers, spit is sure to follow. In September 2004, a U.S.-based company called Qovia filed two patent applications for technology to stop spam over Internet telephony or voice-over IP (VoIP).
Similar to spam and spim, spit offers spammers a low-cost alternative to unsolicited marketing. Mass marketing using automated voice messages is accomplished literally with the push of a button. The attraction to spammers, of course, is that spit can be fully automated and is certainly cheaper than staffing a call center with people to make voice calls. Spit is seen in a variety of forms from spammers sending out automated marketing messages to pranksters interjecting words into a VoIP conversation . audible only to receiver but not the caller. And, like all spam, it has the potential to clog your network traffic and further degrade voice quality.
While spit has yet to bring a network down, security experts agree that it may be a problem in the future. Just as many spammers turned into spimmers as the popularity of instant messaging grew, spimmers may well turn into spitters.
Internet Telephony Spam (spit): Best Practices For Individuals
Understand the Risk: While spit is not nearly as common as spam or spim, it's important to identify the potential risk to your network and educate yourself about what is happening in terms of trends. Being aware that the problem exists on a small scale now will help you if and when it becomes a common spam tactic.
Encryption & Security is Key: To keep a handle on spit before any spam manifestations start, look at encrypting all VoIP conversations. Additionally, you want to protect your servers and networking hardware with both an IDS (intrustion detection system) and anti-virus software. There are also VoIP-specific products available that are worth checking out as well. For example, you can run a software that asks an incoming caller a question that needs to be answered by a human to help prevent automated voice messages from getting through.
Choose a Service Provider Wisely: To make your own security risks and maintenance easier, you may want top consider a larger, well-established VoIP service provider that has the capabilities to handle most, if not all, Internet telephony security issues for you.
Did You Know...
Despite the quantities of e-mail spam being higher in numbers, both spim and spit are seen as a more intrusive method of spam since the communications are based on real-time sending, receiving and acknowledgement.
"If you're getting 50 e-mail spams a day, you can let them sit in your inbox. Getting 50 spims a day is 50 times you have to stop what you're doing to deal with the message.. . Christopher Dean, Senior Vice President FaceTime [Source]
|Key Terms To Understanding Spam, Spit & Spim: