Handling Email SPAM

From Info Wiki
Revision as of 09:10, 9 August 2013 by Pblair (talk | contribs) (Created page with " Some call them spam. Others call them scams. But they both amount to the same thing: unwanted e-mail, some with the potential to fool you into taking an action you might later r…")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Some call them spam. Others call them scams. But they both amount to the same thing: unwanted e-mail, some with the potential to fool you into taking an action you might later regret.

If you want a quick list of things to look for, go straight to #Spam

But first...

Let's dispel a myth. Provided that your e-mail client is not configured to download linked images with incoming mail, no e-mail that lands in your Inbox is instantly harmful. It is what you do with it that can lead to problems. But your careful attention to detail will help you avoid them.


Scams, especially via e-mail but also via social media, are an ongoing problem. Everyone needs to exercise a high degree of awareness about them and their potential to be harmful.

The point of a scam is to somehow gain an advantage from you. It may be remittance of money, or just simply giving away personal details. But if you look at an incoming e-mail and it is correctly addressed to you, then you are already on a list somewhere that is being distributed or sold. Apart from abandoning that particular e-mail address, there little you can do about it.

PCUG clearly states that we will never ask you for sensitive details (login, passwords, etc) via e-mail. If there is ever a problem with your account, we will ask you to ring or drop-in at the PCUG Centre to resolve it, where both we and you can confirm who you are working with.

Most reputable organisations (banks, credit unions, trade unions, clubs etc) have similar policies of never requesting sensitive information to be supplied electronically, as it is just too easy for spammers to forge such messages.

A few PCUG members have fallen for such scams. As a result, their accounts were used to send many thousands more SPAM e-mails, which resulted in PCUG being placed on blacklists for a time, thus blocking some e-mail delivery for all users. So please exercise caution, as carelessness by one member can inconvenience and disrupt usage for all!


For some guidance on how to avoid being caught by scams, see:

  • Stay Smart Online,[1] the Australian government site, or report a scam [2]
  • ACCC Scamwatch free book [3] or report a scam to them [4]
  • Financial scams recorded by ASIC [5]
  • AFP information [6]
  • Wikipedia's lists [7] and [8]

(as at 8 Aug 2013)

Scam Warnings

Most scams use well-known brands to try to convince you of their trustworthiness - the Australian Government and its agencies, ANZ, NAB, Westpac and Commonwealth banks, Woolworths, Coles and the list goes on. If you are in doubt about any company-branded email, find their real site and visit it. Most have gotten over their shyness about scammers trying to steal their identities, and are quite up front about the attempts being made to con readers.


Wikipedia defines spam: "Spam is the use of electronic messaging systems to send unsolicited bulk messages, especially advertising, indiscriminately" The term "spam" covers many different styles of unsolicited communication.

You should be suspicious of e-mails, texts, or social media messages that arrive:

  • without a subject
  • from a sender you do not know or recognize
  • offering something too good (even $20 or $50 for a survey) to be true
  • without greeting you by name
  • containing poorly written English or typos
  • having a file attachment of any kind
  • containing a link that, when you hover over it with a mouse, displays a link that seems inappropriate in the context
  • containing a link inviting you click - unless you have a very good idea where it will lead you
  • asking for your personal details.

Also be suspicious where the "To:" list is "undisclosed recipients" but the e-mail attempts familiarity - "with the same last name as you".

When in doubt, delete.

While this page is about e-mails, don't lose sight of spam that comes from web browsing. Offers of 'free' toolbars, registry cleaners, things to brighten your teeth or reduce flatulence are to be avoided because the offerings are often not what they seem. These often come when you are installing a new app or utility. We tend to fly through such installs, and may regret this later on. Keep your wits about you.

What Can You Do About E-mail Spam?

  • Given that preventing Spam is extremely difficult, you can take steps to try and reduce the impact of spam on yourself. However nothing you do can stop it completely (unless you simply decide not to accept any form of electronic communication). Also note that the more effort you make to block spam, the more likely it is that you will also block a fraction of legitimate messages to yourself.
  • Make use of your ISP's anti-spam measures. Different ISPs employ varying amounts of spam counter-measures, depending on their resources and philosophy on to what extent they believe in "intercepting/analyzing" their user's e-mails. However, please note that whilst PCUG/TIP utilize some anti-spam measures, we do not employ spam filters that scan the message content, as this requires greater system and administrative resources than we have available. Brief details of the measures we use are given on the TIP Wiki Spam page. Or you can try:
    • Make use of the spam filtering capabilities of your e-mail client. Many e-mail clients come with spam filtering capabilities. However you need to activate and train these to make use of them. Once enabled, you need to tag messages as spam or not spam so your program learns your selection process. With sufficient training, this can help classify e-mails fairly well. The disadvantage of this approach is that this classification is done on just one system, and doesn't help if you use several systems, and/or webmail to access your e-mail.
    • Forward your e-mail to another ISP, or to a large web e-mail provider (eg. gmail, yahoo, hotmail) who have the resources to run more agressive and nuanced e-mail filters, and then access and read your e-mail from this site.
    • Use something like Mailwasher...it can stop problem e-mails even getting to you. you will need to 'train' it for what you like and don't, to avoid blocking genuine e-mails.

A short lesson in looking around for yourself...

Here's a recent e-mail that came via Outlook:

Fig. 1

Things looked pretty normal at first, allowing for the small typo. A Verizon user (Verizon is a large communication company) had created a Google document, and wanted to share it. But then I passed the mouse pointer over the link, and the popup box told me that it would take me to 'latinamericainvest.com' where the reader would be connected to a Wordpress file.

By now my suspicions were raised, so I went to look at the headers of the e-mail. (Tell how to get them in assorted clients)

Fig. 2

This looked more useful. The rule here is to read up from the last line. Now, the things to note...

  1. The e-mail, purporting to come from Google, was written with Outlook Express - Microsoft's free (and deprecated) e-mail client. That certainly seems not to fit with what Google would use.
  2. "From" looks like the topmost line, and is just meaningless and is often a fudge because...
  3. Here is where any reply will go. It might be real, but there's no guarantee of that. But look and see if it matches the supposed sender - a mismatch should ring bells.
  4. These are the transmission 'hops', where the file gets passed along the chain to you. Not a lot of interest, but if you want to know where point 3. originated, put the URL (in this case into something like http://whois.domaintools.com/ you will find it.
  5. Another 'hop'
  6. TIP found this came from an source unknown to it, so requested a resend. This is 'greylisting' which TIP has in place.

That's not the sum total of what you might find in a header. But if you do read one, break it up into parts and try to see just what has been delivered to you. If you find anything worth sharing, please post it here.

Finding headers

Open the e-mail you want to inspect, then:

  • In Microsoft Office Outlook, looks for Tags on the ribbon, and click the small downpointing arrow in the lower right-hand corner of the Tags panel
  • In Thunderbird:
  1. For the open e-mail, select View Source from the Other Actions menu
  2. To reveal all headers that you open subsequently, click on View in the top menu, then Headers then tick All
  • In Windows Mail, Live Mail and Outlook Express:
  1. Highlight the message of interest
  2. Right click on the message
  3. Select Properties in the context menu
  4. Switch to the Details tab
  • In Evolution, click on View in the top menu, then All Message Headers
  • In Forte Agent, tap the H key
  • In Claws-Mail, do Ctrl+H
  • In Pegasus Mail, right-click on the message and select Message headers... from the window that opens.
  • In Mac Mail, click View, select Message/All Headers

Odd things

Google's Gmail service omits the sender IP address information from all headers. Instead, only the IP address of Gmail's mail server is shown in Received: from. This means it is impossible to find a sender's true IP address in a received Gmail.

Microsoft's Hotmail service provides an extended header line called "X-Originating-IP" that contains the sender's actual IP address.

E-mails from Yahoo contain the sender's IP address in the last Received: entry.