Have you noticed an increase in foreign spam recently?

Microsoft Outlook 2013 logoDuring the last month or two I have become aware of a huge increase in the amount of spam getting into my inbox from abroad. Not only is a lot of it not in English, but a lot of it even uses different character sets (such as Chinese characters).

To begin with, I kept asking myself why someone in China would want to spam me in a way that couldn’t possibly benefit them, but then I worked out that it’s probably just the same economics that make any type of spamming worth doing. What it boils down to is that the variable cost of sending a single spam email is almost zero. So much of this is so automated to set up (and virtually costless to distribute) that the only measurable cost of sending spam to 1000 email addresses is the cost of acquiring the addresses. Does it really matter if the response rate is measured in fractions of one percent if the cost of achieving that response rate is even closer to nothing?

Anyway, analysing the economics doesn’t stop the rubbish from pouring in. What can you do about it? Well, if you use what is probably the best email program out there – Microsoft Outlook – then you can block a lot of it from reaching your inbox. Actually, that’s not strictly true. The wording in the Outlook program suggests that you are “blocking” email from reaching you, but in fact it is still being delivered – it just gets automatically diverted away from your inbox and into your Junk folder.

Outlook 2013 Junk Mail Option

Click on the area circled in red to get to the Junk Mail Options menu

This won’t help at all if you don’t use Outlook and it won’t help if you collect your email on several devices – most of them not employing Outlook. Nevertheless, it seems that a lot of people work like me and have one computer, running Outlook, that is the “main hub” of their email activity, so keeping this one email “centre” clean of foreign spam might be worth a few minutes of effort.

So, how do we filter foreign email in Outlook? The example here uses Outlook 2013 but I don’t suppose the earlier versions are very different:

  • Go to the Home tab and click on the icon of the head and shoulders in the Delete group
  • Left-click on the last item in the menu that pops up (Junk Email Options)
  • Left-click on the International tab at the top of the window that has just opened

Blocked Top-Level Domain List

Outlook 2013 Blocked Top-Level Domain ListClicking on this option allows you to block all email that comes from an address that ends in the country code of the place you wish to block. So, for instance, if the sender’s email address is fred@mydomain.af and you have blocked email from Afghanistan’s top-level domain then Fred’s email will be blocked. Note that Fred’s email would not be blocked if his address didn’t end in “.af”, so mail from fred@spamsarus.com would get through even if the email originated in Afghanistan.

It takes a minute or two to work through the list, so it might be quicker to click on the “select all” button and then individually un-select the ones you don’t wish to block.

I’ve done a bit of research to see if adding an email address to your “safe senders” list would take precedence over blocking an entire country’s top-level domain. I couldn’t find a definitive answer so you would need to test it if you wanted, for instance, just one individual email address in India to get through to you.

Blocked Encoding List

Outlook 2013 Blocked Encodings ListThis option doesn’t block email addresses from specific countries, or even block email written in different languages. What it does do, however, is block email written in specific “character sets”. For example, there are two sets of Chinese letters (Traditional and Simplified) that you can block. As another example, you can also block all email written in the Syrillic script.

It would be easy to argue that these filters could be made more sophsiticated, but they are definitely better than nothing. In my own case, I think that the ten minutes I spent setting them up will be more than repaid by not needing to manually delete this foreign spam – especially if the current trend for increasing foreign spam continues.

Ever had email messages bounce back to you when you didn’t sent them in the first place?

Spoofing - pretending to be someone elseFrom time to time you may receive emails that appear to be notifications that an email you have sent could not be delivered. You may quite possibly receive several of these in a short space of time. This is a rather puzzling and disturbing phenomenon. Your first reaction is, quite possibly, to think that your email has been hacked and that someone is sending messages from your account. It is definitely worth changing your email password just to make sure that the account is still secure. If you can’t get into it because the password has been changed then you are in a spot of bother and you will need to contact your email provider (Gmail, or Hotmail, for instance, or your own internet provider if you use their mail servers).

Another possibility, though, is that your account is still intact and that what has happened is that someone is sending out emails from somewhere else and pretending that they came from you by changing the “from” details in the header of the email. This is called “spoofing”. They have “spoofed” your email address.

How can this happen? It could be that someone that you know has had their email hacked. Your email address has been stolen from that person’s email. The hacker then sends out emails to the email addresses found in the account, spoofing the sender’s name by taking one of the addresses found in the account (in this case, yours).

If the hacker steals, say, 50 addresses, and sends out emails to all of them then 10 may bounce. Those bounces will come to you and you will wonder what’s happening. The phenomenon of receiving bounces in this way is known as “backscatter“. So, “backscatter” is a by-product of someone “spoofing” your email address.

This is not the only way that it can occur. You will send your email address to many people over time. If you’ve created an account on a website, for instance, and given your email address (possibly as the username for that website) then your email address can be stolen if that website is hacked.

What can you do about it? There’s no way that you can actually prevent it from happening. After all, you don’t have any control over the many individuals and organisations that have your email address – legitimately or otherwise.

No SpamThere are some things you can do, however, to mitigate the problem. To begin with, register a “disposable” email account with someone (Gmail or Hotmail, for instance) and use that email address for unimportant logins that you could afford to lose. Then, if that account starts getting overwhelmed with backscatter (or, indeed, other forms of spam), you can just stop using it.

If you have your own website, it is a good idea to publish a contact email address on the website that is disposable. The email address I publish on my website is only used on the website. If I start getting inundated with spam to that address (including backscatter), I’ll simply change it for another one and not check for email addressed to the older one any more.

Abine - Masking Email AddressAnother thing you can do is to use the services of a site such as DoNotTrackMe. Using the email aspect of that service you can use a unique, disposable, email address when signing up for an online account. Email to that address is forwarded to you and the sender never knows your real address. If you start getting spammed or get backscatter you simply stop the emails to that address from being forwarded to your real address. I’ve been testing this for a month or two and it seems to work. I must confess, though, that I feel a bit queasy about it as I’m depending on the service provider always being there and continuing to forward masked email to my real address.

In practice – although I can’t understand why this should be the case – it seems to be usual for backscatter to happen only occasionally. You would think that the problem would get worse and worse as the bad guys keep re-using your email address, but it doesn’t seem to happen that way.

It could be that just understanding what is happening when you get backscatter will be enough for you to accept the minimal nuisance of it happening to you, without getting too paranoid about your cyberlife. In other words, just doing nothing except deleting backscatter as it arrives may be the best policy.

Ok, I don’t deny that I can be a bit pedantic at times (the rogue apostrophe, for example), but shouty emails irritate lots of other people as well as me, and even seem to have got at least one person the sack – see this item in The Telegraph, for instance.

Shouting
What’s a shouty Email?

ONE THAT’S WRITTEN IN CAPITAL LETTERS AND OFTEN WITH FAR TOO MANY EXCLAMATION MARKS!!!!

Ouch.

Email is much less formal than, for instance, writing letters. Nevertheless, you don’t have to be as pedantic as me to be put off by emails that irritate, confuse or upset the recipient by the way in which they are written. There are some “rules” (or, shall we say, “guidelines”) that have grown up around this subject and they go under the name of “netiquette”. Here’s a link to a web page that says it fairly clearly – Email Netiquette by David Tuffley

And it’s not just a case of violating netiquette. Spam filters treat manic capitalisation and punctuation as indicators of spam so, ironically, your efforts to really get your point across by SHOUTING could undermine the chances of the message even being delivered.

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha