HOME  |  Syllabus  |  Downloads  |  Resources  |  Contact
 

Protect yourself against Spam and Viruses

When using public newsgroups or websites that post directly to public newsgroups, be careful not to reveal your real E-Mail address.

The Horror Story

Once, while doing some research for the company I worked for at the time, I posted a question to a Microsoft dotnet newsgroup using my work E-Mail address. Before I could think about the mistake I was making, the message had already been sent.

Within minutes of sending my posting, I was receiving over 400 emails per minute, all with insidious viruses attached, claiming to be the 'Latest Microsoft Security Patch'. Spam filters and virus scanners could only do so much. It was to the point where the volume was so much, that it disrupted the rest of the company. As a result, my company E-Mail address was shut down and I was given a new one.

One of the nasty little tricks spammers use to obtain your E-Mail address is to simply download every message in a public newsgroup (just as your Outlook Express news reader could) and crawl the text looking for the '@' sign. Sounds easy enough, doesn't it? Microsoft newsgroups, in particular, are frequently subject to attack.

How do I avoid this?

Using Outlook Express

Click to see larger image.

If you are using Microsoft Outlook Express as your news reader, as you create new accounts, break up your E-Mail address with nonsene words such as NOSPAM. This creates a non-legitimate E-Mail address. One that spammers can't use programmatically, but human readers can see and can remove. If you use this method, it is courteous to leave instructions to human readers as to how to derive your real E-Mail address.

Click to see larger image.

A step above that is to not enter any part of your true E-Mail address, but a correctly formatted, completely non-legitimate address. When I sign up for newsgroups, I use NOSPAM@NOSPAM.com. From Outlook Express' point of view, it is a valid address because it is correctly formatted. No one can reply directly to my address from a newsgroup, but I also don't run the risk of getting thousands of spam and viruses.

Using Newsgroup-based Websites

Some websites which post messages directly to newsgroups, such as Google Groups require you to sign up with a valid E-Mail address (so they can verify your identity, send you notifications, etc.). When you post messages through the site, the E-Mail address you use to sign up is sent as part of the message.

Using a dedicated E-Mail address such as a hotmail account just for posting to newsgroups is a popular method. This way, you don't need to worry about spam and viruses getting mixed in with your regular E-Mail. The spam filters and virus scanners take care of most, if not all, unsolicited mail.

If you own your own domain, typically you can set up multiple E-Mail accounts. Setting up an account just for newsgroups is common practice. For example, if I owned www.foo.com, I could set up an address named msnewsgroups@foo.com. I could even have specific accounts for each news group I post to. If I start receiving spam like in the 'Horror Story', I could easily shut any of those accounts down.

Dev Dex is a site that not only has its own internal forums, but posts directly to newsgroups. They require you to sign up using a legitimate e-mail address. As a step to prevent the situations described in this document, Dev Dex allows users to choose an alternate name/e-mail address when sending messages to newsgroups. Most sites DO NOT do this.

Conclusion

Protecting yourself from spam and viruses is proactive. Spam filters and virus scanners don't always catch everything. Spammers are very clever and regularly practice outwitting the masses. Once your E-mail address is out on the internet, it's like trying to remove pee from a swimming pool. It ain't gonna happen.

An ounce of prevention beats a pound of cure.