Friday, May 16, 2008

Stopping Email Pollution

Do you get flooded with spam and chain messages? Often malware is carried by emails that infect when you unsuspectingly click on links or open attachments. There are simple ways we as senders can avoid contributing to this. Here is my count down of the four biggest email nuisances that we can control. The last one is the most innocuous and widespread because so few realize it, and yet it's capable of the most damage.

No. 4: Hackneyed jokes and quotes repackaged in large PowerPoint presentations. These are not only often stale but waste time to open and view. They may also carry viruses or spyware. Good jokes come across well even in simple inline text. The others seldom improve much with the addition of colors and sounds, emoticons or inane animations. Not all attachments are bad. Visual cartoons and striking pictures or video clips can be exceptions to this.

No. 3: Chain mails and online petitions. Some claim to bring luck, others are pleas for money , most have been circulating for years, and almost all are a waste of recipients' time.

No. 2: Unverified health tips, virus warnings, "true" stories and sensational pictures. Most of these are hoaxes or distortions. Before forwarding any of these we owe it to our recipients to check their veracity on sites like http://www.snopes.com/ or www.truthorfiction.com.

No. 1: Forwarding attachments or links without "signing" your message. I used to routinely forward such stuff to my grouped recipients without comment till my brother alerted me to the danger. This is the biggest menace of all so let me explain.

By now most of us know that email supposedly coming from you may actually be auto-generated by a virus program that contains malicious code. It is triggered when you open an infected attachment or click on a "poisoned" link, and is sent to everyone on your address list. If you routinely forward stuff without comment, your unsuspecting recipients will not be able to tell this malicious message apart from your other ones. It's like a case of repeatedly crying "Wolf" till your recipients ignore the danger when the real one appears. By opening it they'll get infected and spread it further.

If you send any messages or forwards ESPECIALLY those with attachments or web links, please remember to sign your messages. What does signing mean? It means typing in your name or initials or nickname, ideally something that an automatic virus program would not include. For example I sign my forwards by including my initials SM in an introductory line at the top.

Some friends of mine insert their names in the "auto-signature" feature of their email and think this is a smart shortcut. It's quite the opposite and defeats the whole purpose, since a virus program will also pick it up and send on this signature. Worse, this can fool the recipient into thinking the email has been consciously signed and sent. If you feel you must have it, then at least add the title "AUTO-SIGNATURE" (preferably in CAPs) at the top of your auto-signature content so that your recipients are warned if they receive poisoned auto-generated content from your account. And when you consciously send something, you can simply delete this word AUTO-SIGNATURE from your message.

I tend to delete without reading any unsigned messages with attachments and links and suggest you do the same unless you like playing Russian roulette with malicious code. Note that even a signed email just indicates it has been consciously sent, and is no guarantee that the attachment or link is safe from malware or spyware.

I have focused here on forwarded emails, and left out other abuses like phishing. Also omitted here is how we can protect ourselves as recipients and/or using anti-virus or anti-spyware programs.

You can educate your own circle about all this. It's partly the reason I'm creating this post so I can send this link when required. We cannot eradicate email pollution but can help by not contributing to it and protecting our own recipients.

4 comments:

kenrod said...

That's really useful, Sandip.

However, I've noticed that whenever I log on to snopes.com I get an infusion of bugs and my pc slows down considerably.

Also, my bank has warned me that not only do I have to look for my bank site, but also one that has been designated by me. So I go to BankAmerica. So not only do I go to the BankAmerica site, but it also has an oak tree which I have codenamed "From tiny acorns". They say they do this because anyone can create a Bankamerica hyperlink and phish info from you. The picture of the oak along with my code tells me I'm okay.

Sandip Madan said...

Thanks, Kenrod. I didn't notice the problem you mentioned with snopes.com but I did find the free PC Tools Spyware Doctor program useful for detecting and removing spyware. I think Google was co-promoting it.

Yes, that BOA visual icon feature is good. As a rule I don't click on the emailed links for banks precisely to avoid any phishing traps.

Anonymous said...

This is really useful stuff. Can this "spyware" stuff actually track you, steal passwords from your bank account, etc? What if someone picked up my password and got into my e-mail, then told my boss what a great guy he is? AARRGGHH!!! He's not.

Sandip, what are these spyware proliferators up to?

Jadra

Sandip Madan said...

Jadra, these proliferators are upto no good. :-) As I understand most spywares track the sites you visit and whatever you type. When you log into, say, your bank or email account, that information goes to the hacker, too.