Monday, October 5, 2009

Reduce Spam

How To Reduce Spam

1. The most sure way to reduce spam is to not have an email account. I didn't think you would go for that. Then here are the steps to take in order to reduce spam. They start with things you do to the machine only once because they have to be done first but all of the steps are important and work synergetically with each other. In other words, don't omit any of them because they are all important. But do the preparation work before you get the email account, not after you get it. That comprises steps 2 through 8.

2. First, install the Firefox browser. I don't even care if you use mainly IE, Opera, Safari, or some other browser. There is one portion of this that really depends on it being there and you starting Firefox every few days to get rid of Locally Shared Objects (LSOs) which are basically Adobe Flash Player cookies. Here is the main web site for Firefox:

http://www.mozilla.com/en-US/
http://www.mozilla.com/en-US/firefox/all.html

3. Now download and install the AdBlockPlus (ABP) plug-in. Here is the URL for it:


https://addons.mozilla.org/en-US/firefox/addon/1865


4. Pick the EasyPrivacy+EasyList subscriptions. For French add Liste FR. Make sure you get EasyPrivacy somehow! Here is the web page for where they are at:


http://adblockplus.org/en/subscriptions

http://adblockplus.org/fr/subscriptions

5. Install the Better Privacy plug-in and start Firefox every day and let it remove everything at browser close / open (your choice) until you know what you must keep. By everything I mean be sure to check "On cookie deletion also delete empty cookie folders" in the Options. Here is the URL for it:


https://addons.mozilla.org/en-US/firefox/addon/6623


6. If you are sincerely interested in stopping problems, then install NoScript. You may wonder why using this measure that is primarily meant to stop malware is effective in stopping spam. It is because in addition to stopping the scripting that is behind malware injections it also strips scripting that is used to track you that frequently ends up being used to garner information including the names of your email accounts. You can do the same thing that NoScript does for Firefox with what is built into Internet Explorer. Just make the Internet Zone look like the Restricted Zone - no scripting allowed - and put only the hosts you trust into the Trusted Zone (just make sure they can use both https: and http:). Here is where you can get NoScript:

https://addons.mozilla.org/en-US/firefox/addon/722

7. Install my or somebody else's hosts file that has as part of its reason for existence a dedication to stop tracking (spying). Some in addition to the one at SecureMecca.com / HostsFile.org that does this are MVPHosts, hpHosts. SomeoneWhoCares, and Airelle's hosts.trc file. Okay, here they are:


http://www.securemecca.com/hosts.html

http://www.hostsfile.org/hosts.html (duplicate of previous)
http://hosts-file.net/ (hpHosts)
http://www.mvps.org/winhelp2002/hosts.htm (MVPHosts)
http://rlwpx.free.fr/WPFF/hosts.htm (Airelle's lists)
http://sysctl.org/cameleon/hosts (Cameleon's French file - like MVPHosts)
http://someonewhocares.org/hosts/ (Dan Pollock's file)
http://cri.univ-tlse1.fr/blacklists/ (Fabrice Prigent - Toulouse University)

8. Put on my PAC filter. It hones years of experience in detecting patterns much the same as what is done with EasyList and EasyPrivacy. But unlike either of those mine started with an effort of curbing porn first, not ads unless they had extremely bad behavior. The PAC filter always had a secondary emphasis of curbing tracking / spying. It is just that now the primary emphasis is stopping malware. Don't let that fool you. Only some of the anti-porn rules were dropped. All porn rules that are left are there not because they stop porn - they stop malware. Their count at Airelle's hosts.rsk and MalwareDomainLists hosts file were too high so they were retained. But it is a rare month that goes by that I don't add anti-tracking rules that will have an impact on lessening the spam that ends up in your email box. Okay, now we have prepared your machine. The rest of the steps are what you do all of the time to lessen spam as opposed to the one-time settings to the machine itself. Just remember to update it frequently - I am always adding new anti-tracker rules. Today (2009-Oct-09) I am adding piwik\.js (which NoScript strips). Here is where my PAC filter is at:


http://www.SecureMecca.com/pac.html

http://www.HostsFile.org/pac.html

9. If you use web-mail, use GMail. They have the best spam filtering in the business. I had to use my GMail account from library computers that didn't have all that nice stuff I just detailed in steps 2 through 8. It gets 200+ spam messages per week. All or almost all of it goes into that spam folder. I am using it to garner URLs out of the email messages that end up with the hosts inside the spam email going into my hosts file. How good is their filtration? It is better than even the Bayesian filtering in the Thunderbird POP / IMAP Mail User Agent (MUA) mail program. Thunderbird or Claws mail are the MUAs I recommend for filtering out the spam in POP / IMAP email accounts. Everybody else except perhaps Apple's Mail.App are running a distant second or third.
But your privacy drops considerably with web-mail.

10. Do not put your email address into almost anything on the Internet. Avoid answering questions in forums, using Social network services, etc. I know, it is hard to do, but not getting your email address stuck into spammer's lists in the first place helps.


11. Never respond to any spam email. The surest way to slow the flow of spam would be for everybody to not respond to it. The only reason for a spammer to have an incentive to send the stuff in the first place is because people respond to it. If we could take away all of the responses to spam it would cease. The problem is Phineas T Barnum was correct - a sucker is born every minute. They open the spam and then stupidly respond. Don't do it! Don't respond to the unsubscribe either - all that does is let them know that the email address is being used so that they can sell your email name to other spammers.

12. Don't join any news groups. By that I mean don't join any at all. Curb the impulse until after you have decided they are okay. I belong to quite a few, but all of them are in the computer / network security area. I don't have FaceBook, YouTube, or other accounts (and have no need of them). But in the beginnings I used to belong to the Firewalls and Firewall Wizards news groups before we knew what the spammers were up to. Yes, you can change your email accounts and I have. But that is so far in the past it is my current activity that may end up getting me into these lists. In case you are wondering, I practice what I preach and it does help. I sometimes go almost a week with no spam in my POP email accounts. See step 11 - it works.

13. Do not forward email from these news groups. It may seem great but most people's Windows machines are infected with malware that harvests email addresses. Also, there are reply back mechanisms within email itself that can inform the original sender with the email addresses of the people you forward something on to. I know for a fact that some of the spam in my POP email accounts came from somebody else forwarding something to me. It is bad form to forward anything anyway. Just don't do it.


14. If you have to, once all of the other things have been done here and you still have a problem, abandon your old email address and start over. But do all of these other steps first or you will end up just as bad as where you are at now.


That's it. Just do these things to slow the flow of spam. If you made a mistake and didn't do all of them at once, frequently it is best to abandon the email account and start all over. Just make sure you do the other steps here. I am sure I am missing something. If I can think of what it is I will add it later on.