Page 167 - StudyBook.pdf
P. 167
Communication Security: Remote Access and Messaging • Chapter 3 151
Furthermore, the FTC warns that many states have laws regulating the sending of
unsolicited commercial e-mail, making “spamming” illegal. Spam is considered to
be a Denial of Service (DoS) attack since it has the ability to disable e-mail servers
by overloading e-mail storage with junk messages.
E-mail users can deal with spam in a number of ways. One method is to read
the spam message to see if there is a method of removing addresses from the
mailing list. Legitimate companies will remove users from their mailing lists; how-
ever, many spam mailers use these links to verify that the e-mail addresses the mes-
sage was sent to are “live” addresses. Users may be removed from the list, but their
e-mail is almost always sold again as it has been confirmed as a “live” address.
Another method of avoiding spam is by disabling cookies. Cookies are small text
files sent by some Web sites that contain information about the user, and are stored
in a folder on the user’s computer. Cookies are commonly associated with Internet
browsers that access Web pages, but, because many e-mail programs allow users to
accept messages in HTML format, HTML e-mails may contain cookies as well.
Plaintext messages are safer than HTML messages because they are not capable of
storing cookies and other damaging content.
Users can also contact companies they routinely deal with and ask them not to
share or sell their information. Generally, privacy policies outline whether compa-
nies share or sell client information. If they do share or sell information, the user
has to decide whether or not to use those sites.
Spam filters are programs that analyze the contents of messages to see if they
have the common elements of spam. If a message does contain some of those ele-
ments, the spam filter deals with the message in a specific way. For example, users
can configure the filter to add the word spam to the subject line, so they know that
the message is spam. Many antivirus vendors and hardware vendors (e.g., firewall
and appliance like Barracuda) manufacture solutions that sit in the flow of traffic
and filter this type of threat before it ever reaches the mail server. However, before
investing in such software, users should visit the Web site of their ISP. Many ISPs
offer spam detection and elimination services, in which spam-like e-mail is deleted
on the server.This saves the ISP the cost of using bandwidth to send users e-mail
they do not want. In addition, more and more clients are “spam aware.” Outlook
2003, 2007, and Windows Mail (the replacement for Outlook Express in Windows
Vista) all utilize the Intelligent Message Filter spam detection software that is built
into Exchange servers.These filters update their “knowledge” of what may or may
not be spam not by what a user does, but by what Microsoft learns from its
Hotmail and MSN mail communities, providing a nearly enterprise-level solution
for desktop users.
www.syngress.com
