Our customers say...

" ... hassle free. In the ten years Virtual has provided a service to me, not once have I had cause to complain, Why go elsewhere? "


Dealing with unwanted Email Print

Junk email, often referred to as SPAM and is probably one of the biggest frustration points about Internet usage. It's also one of the areas perhaps least understood by most Internet users. We hope that the following information will help you to understand how "spam happens", what you can and should do about it.


What is SPAM?


Let's start by defining what we're talking about. Spam is better named as UCE or UBE.


UCE: Unsolicited Commercial Email

UBE: Unsolicited Bulk Email


The key point in either of these definitions is unsolicited. Some people incorrectly classify email from mailing lists, or legitimate announcements and mailing lists that they have subscribed to as "spam". For a message to be defined as spam, it MUST have been sent to you without your consent.



SPAM Myths and Legends


Before we talk about combating spam, it's important to dispel some MYTHS AND LEGENDS:


1. Your ISP is responsible for blocking SPAM


Some people believe that their ISP is responsible for blocking unwanted email. This is simply not true. As an ISP, our responsibility is to receive email addressed to you, and deliver it to you. To our mail server, spam is just another message, and it's treated as such. In fact, if we did block spam without your permission, you'd have grounds for complaint against us!

Note that this isn't to say that we don't provide a way for you to block spam - WE DO!


2. Your ISP gets SPAM delivered to you or divulges your email address to SPAM senders


While we cannot speak for all ISPs, Virtual Access does not provide your email addresses to external parties, except under strict conditions. Such conditions would be cases where you have requested to be connected to a service provided by one of our 3rd party partners. In these cases, any information that we provide is covered by commercial agreements that strictly restrict the appropriate use of your details to only delivery of the services you have requested.


So why do I get SPAM? How did these people get my email address?


There are a huge number of ways to collect email addresses, but let's start with some popular ones:


SPAM breeds SPAM: If you get a spam message, we recommend that you NEVER reply to it or use "unsubscribe" links in the email unless you're absolutely sure that they are legitimate. The only reason that you would try to unsubscribe a particular email address is because that email address exists. BY ATTEMPTING TO UNSUBSCRIBE, YOU CONFIRM THAT YOUR EMAIL ADDRESS IS WORKING - THAT MAKES YOU A GREAT TARGET FOR MORE SPAM.


The only time that we would consider the use of an unsubscribe link is the case of a company that you know and trust, and even then with caution. One disturbing trend in recent months has been an increase in spam from well known Australian companies - totally unsolicited.


Also... Consider this. How often have you received an email that says "This is a one-time mailing. To unsubscribe, click here." Somebody's not telling the truth here, wouldn't you say? If it's really a one-time mailing, you don't need to unsubscribe. Either the claim is false, or the purpose of the link is to collect valid email addresses.


Harvesting: If your address appears online (eg on a web site), it can be easily "harvested" by web crawling software. If you have ever posted messages to newsgroups or mailing lists, your email address may be accessible from sites that archive those discussion groups.


Lurkers: If you participate in email lists or newsgroups, your email address is also sent to all recipients of them. There may be "lurkers" on those services, there simply to collect email addresses for spamming. (In a recent case, an ISP made a posting to a mailing list about spam blocking techniques, and immediately noted a significant increase in attempts to circumvent his security measures!)


Partner marketing: You have provided your email address (usually via web sites) to companies who disclose it to others for profit (who may in turn disclose it to others who ... you get the picture). While most companies operate reputable businesses online, others do not. Be careful to always look for options such as "Send me information on related offers" in the forms that you're filling in, and turn them off wherever that's appropriate. These options usually have default values that permit passing on your details to other companies.


Well Intentioned Friends: Your friends send you emails (jokes, virus warnings - usually hoaxes, surveys, etc) that you forward on to others. They forward them on to others and ... eventually they end up in the hands of one person who collects and sells the email addresses. While it's true that your address doesn't always get revealed in this way, it often will. The simple advice on these kinds of emails is: DON'T FORWARD THEM. If you must, do your friends a favour and use the BCC address field instead of TO or CC - and TELL THEM TO DO THE SAME! (If you don't know what we're talking about, see Introduction to Email. To check out whether the virus warning you're reading is legitimate or not, try the F-Secure Virus Hoax List, Hoax-Slayer or Fraud Watchers)


Mail Probes: ISP email servers can be "probed" to track down valid addresses. While it is possible to make life difficult for people doing this kind of probing, it's impossible to stop. It's not until their probe is complete that it becomes clear that it was not a legitimate attempt to send an email message. Common names are most at risk of this kind of probe, and so choosing an email address comprising something more than just your first name may help reduce your exposure to this risk.


As an experiment, several years ago we established a dial-up account with another ISP. Within a few months of opening that account it started to regularly receive spam, even though we have NEVER advertised or spoken about the email address we have there. The account details were probably discovered by this kind of "probe".


And these are just a few - mostly ways that you are responsible for!



So why is SPAM so hard to stop?


The problem here is that while it's obvious to a human reader what is junk and what isn't (through deductive reasoning), programming a computer to do the same task (through logic) is not straight forward. There are a number of programmatic ways to detect what might be spam, but each also has the side-effect of either missing a lot of spam, or rejecting a lot of legitimate email. No single programmatic technique that we have seen is "just right".


Based on our own experience, and that of many other ISPs, we believe that the best approach is to use MANY programmatic tests for each message to be tested. Some tests are more indicative of spam than others, and each receives a weighted score accordingly. Each message then passes or fails these tests and achieves an overall score. This score can tell us with a fair degree of accuracy whether a message is spam or not.



I get mail that's not addressed to me... why?


The key to answering this question lies in understanding that there are THREE addressing fields on an email that could contain your email address - TO, CC (Carbon Copy) and BCC (Blind Carbon Copy).


The address list contained in both the TO and CC fields is delivered to EVERY recipient of the message, intact. The contents of the BCC field is NEVER DELIVERED to ANY RECIPIENT of the message. If your address was listed in the BCC field of the original message, you'll receive a copy that apparently wasn't addressed to you. In fact it was, using BCC. For more details on the BCC field, see Introduction to Email.


It is common for a single spam message to be addressed to multiple recipients in the same email domain (eg @virtual.net.au) as this makes for much more efficient delivery, and reduced chance of the spammer being detected.



So what can I do about it?


 Visit the My Mailbox option at www.virtual.net.au and login to access our spam filter.  Look for the instructions for setting it up just after you login.



Should I use my own SPAM filter?

Honestly, after playing around (and subsequently ditching) a number of offerings, we cannot recommend a solution that you can install on your PC. To be able to accurately identify SPAM, the whole message still has to be downloaded to your PC, therefore a filter doesn't save you any time.