The latest US-Cert Cyber Security Tip came today, it’s an introduction to spam for those who are new to email, and the associated security issues:
Cyber Security Tip ST04-007
Reducing Spam
Spam is a common, and often frustrating, side effect to having an email
account. Although you will probably not be able to eliminate it, there are
ways to reduce it.
What is spam?
Spam is the electronic version of “junk mail.” The term spam refers to
unsolicited, often unwanted, email messages. Spam does not necessarily
contain viruses—valid messages from legitimate sources could fall into this
category.
How can you reduce the amount of spam?
There are some steps you can take to significantly reduce the amount of spam
you receive:
* Don’t give your email address out arbitrarily – Email addresses have
become so common that a space for them is often included on any form
that asks for your address—even comment cards at restaurants. It seems
harmless, so many people write them in the space provided without
realizing what could happen to that information. For example, companies
often enter the addresses into a database so that they can keep track of
their customers and the customers’ preferences. Sometimes these lists
are sold to or shared with other companies, and suddenly you are
receiving email that you didn’t request.
* Check privacy policies – Before submitting your email address online,
look for a privacy policy. Most reputable sites will have a link to
their privacy policy from any form where you’re asked to submit personal
data. You should read this policy before submitting your email address
or any other personal information so that you know what the owners of
the site plan to do with the information (see Protecting Your Privacy
for more information).
* Be aware of options selected by default – When you sign up for some
online accounts or services, there may be a section that provides you
with the option to receive email about other products and services.
Sometimes there are options selected by default, so if you do not
deselect them, you could begin to receive email from lists those lists
as well.
* Use filters – Many email programs offer filtering capabilities that
allow you to block certain addresses or to only allow email from
addresses on your contact list. Some ISPs offer spam “tagging” or
filtering services, but legitimate messages misclassified as spam might
be dropped before reaching your inbox. However, many ISPs that offer
filtering services also provide options for tagging suspected spam
messages so the end user can more easily identify them. This can be
useful in conjunction with filtering capabilities provided by many email
programs.
* Report messages as spam – Most email clients offer an option to report a
message as spam or junk. If your has that option, take advantage of it.
Reporting messages as spam or junk helps to train the mail filter so
that the messages aren’t delivered to your inbox. However, check your
junk or spam folders occasionally to look for legitimate messages that
were incorrectly classified as spam.
* Don’t follow links in spam messages – Some spam relies on generators
that try variations of email addresses at certain domains. If you click
a link within an email message or reply to a certain address, you are
just confirming that your email address is valid. Unwanted messages that
offer an “unsubscribe” option are particularly tempting, but this is
often just a method for collecting valid addresses that are then sent
other spam.
* Disable the automatic downloading of graphics in HTML mail – Many
spammers send HTML mail with a linked graphic file that is then used to
track who opens the mail message—when your mail client downloads the
graphic from their web server, they know you’ve opened the message.
Disabling HTML mail entirely and viewing messages in plain text also
prevents this problem.
* Consider opening an additional email account – Many domains offer free
email accounts. If you frequently submit your email address (for online
shopping, signing up for services, or including it on something like a
comment card), you may want to have a secondary email account to protect
your primary email account from any spam that could be generated. You
could also use this secondary account when posting to public mailing
lists, social networking sites, blogs, and web forums. If the account
start to fill up with spam, you can get rid of it and open a different
one.
* Use privacy settings on social networking sites – Social networking
sites typically allow you to choose who has access to see your email
address. Consider hiding your email account or changing the settings so
that only a small group of people that you trust are able to see your
address (see Staying Safe on Social Network Sites for more information).
Also, when you use applications on these sites, you may be granting
permission for them to access your personal information. Be cautious
about which applications you choose to use.
* Don’t spam other people – Be a responsible and considerate user. Some
people consider email forwards a type of spam, so be selective with the
messages you redistribute. Don’t forward every message to everyone in
your address book, and if someone asks that you not forward messages to
them, respect their request.
_________________________________________________________________
Authors: Mindi McDowell, Allen Householder
_________________________________________________________________
Produced 2004 by US-CERT, a government organization.
Last updated July 29, 2009
Note: This tip was previously published and is being re-distributed to
increase awareness.
Terms of use
http//www.us-cert.gov/legal.html
This document can also be found at
http//www.us-cert.gov/cas/tips/ST04-007.html
