Microsoft to add Blackberry-style e-mail to Exchange Server
Topic: Other Spam Filters
The upcoming version of Microsoft's Exchange Server will push e-mail directly from the server to Windows Mobile devices, offering the same service as the Blackberry.
The new Direct Push Technology will come in a Community Technology Preview (CTP) of Exchange Server 2003 Service Pack 2, with the full version by the end of the year, said Exchange product manager Martha DeAmicis.
The push technology no longer relies on SMS to notify a Windows Mobile device. Instead, it sends e-mail directly from Exchange to Windows Mobile devices, giving users a faster and more efficient way of retrieving messages.
RIM requires the use of middleware on top of Exchange to allow messages to be sent directly to BlackBerry devices, which costs businesses and end users extra licence fees. "With Windows Mobile, you can talk direct from Exchange to a mobile device with no server and no [extra] cost," said John Starkweather, group product manager for the mobile and embedded devices team at Microsoft.
It is however dependent upon the inclusion of Windows Mobile 5.0 Messaging and Security Feature Pack. An early version of this software is currently in the hands of Window Mobile OEMs, but devices that come with the technology pre-installed will not ship until early next year. However, customers will be able to buy Windows Mobile devices that can download the messaging and security feature pack from November.
There will also be new security features in Exchange SP2, such as Web-based remote wiping of applications and e-mails on a device in case it should get lost or stolen. There will also be an intelligent spam message filter, and support for anti-spam technology Sender ID.
The CTP of Exchange Server 2003 SP2 also will include a Mailbox Fundamentals feature with improvements to the way public e-mail folders can be managed and tracked, as well as an increase in the storage limit for Exchange Standard Edition customers, DeAmicis said.

How To Cut Down On The Volume Of Junk Mail, E-Mail
Topic: Other Spam Filters
Junk Snail Mail

To get your name off national mailing lists (understand that it won't stop all unsolicited mail):


The Direct Marketing Association is the "oldest and largest national trade association serving the direct and interactive marketing field." Visit these sections of their Web site for information about reducing unsolicited snail mail:

DMA Consumer Assistance: How And Where To Find Help
Getting off mailing lists/Mail Preference Service


ADVO, Inc. is the nation's "largest targeted home-delivered print advertising provider." They describe themselves as being the "force and the name behind some of the most recognizable and successful direct-mail marketing and advertising campaigns in the country." For information on removing yourself from their lists, visit advo.com.


More tips can be found on the Web site www.junkbusters.com.


Another step might cut down on unsolicited credit card offers.

"Changes to the federal Fair Credit Reporting Act took effect Sept. 30, 1997. Under one provision of the new law, consumers can call toll-free numbers to remove themselves from lists used by credit-card companies and some direct marketers to solicit them by mail. Consumers need call only one of the three major national credit bureaus to get off all such lists."

The special "opt-out" numbers are:

Equifax -- (888) 567-8688
Experian -- (800) 353-0809
Trans Union -- (888) 5OPTOUT or 888-567-8688

If you answer the questions, you can opt out of mailing lists of the major credit reporting agencies for two years.



Junk E-Mail

What about all that unsolicited e-mail? Some of the spam borders on X-rated.

Tips for reducing the amount of unsolicited e-mail:


Don't display your e-mail address in public. Spammers use automated tools to collect valid addresses from Web pages, chat rooms and online directories. Consider using a second e-mail address for public correspondence.

Consider using software to filter e-mails. Some are free, and some work better than others. Most can be customized to allow personal e-mails from family members, for example, but block many advertisements. The most prominent antivirus vendors are increasingly building spam-filter utilities into their security products.

Check a Web site's privacy policy before you submit your e-mail address to see whether it permits the company to share your address with online marketing companies; if it does see whether it's possible to "opt out" from such an arrangement.

For years, experts have discouraged Internet users from replying to unwanted e-mails with requests to be removed from future mailings because that verifies that spam was sent to a valid address. Under the new law, however, marketers are required to honor such do-not-send requests after the first unsolicited advertisement.


Here are other tips:


To try to reduce spam, you can register for free online with the Direct Marketing Association's E-Mail Preference Service.


The government wants your spam. Forward unwanted or deceptive e-mails to uce@ftc.gov, where federal regulators are creating a huge spam database to go after the most egregious marketers.

The Federal Trade Commission also offers tips for people who are trying to eliminate junk e-mail and deceptive e-mail:
FTC E-Mail Tips

Creating an antispam cocktail: Best spam detection and filtering techniques
While admins have a variety of weapons at their disposal in the fight against spam, no single weapon is capable of providing the ultimate death blow, killing all spam in its tracks. Fighting the daily torrent of spam, which (depending on who you ask) makes up 33-80% of all e-mail, requires the use of a "cocktail" approach, mixing multiple detection and filtering techniques.

An antispam strategy – whether that strategy is you or a vendor product – should incorporate three techniques, which complement each other to provide antispam defense where others fall short. Let's take a look at these three vital "ingredients" that should be part of any antispam cocktail.

Block mail from known sources of spam using lists of "bad" IP addresses compiled by companies or independent antispam crusaders. These lists are made up of addresses of systems and networks known to belong to spammers, so-called open relays and open proxies, which are poorly secured servers exploited by spammers and Web sites that host spammers or spammer support services. Two of the better known lists are SORBS – Spam and Open Relay Blocking System (http://www.us.sorbs.net/) and SpamHaus (http://www.spamhaus.org/).


Freeware antispam cocktail
One way to get a premixed version of the antispam cocktail is via the Apache Project's open source SpamAssassin, which combines all three antispam approaches. In addition to the cool moniker, SpamAssassin offers a good mixture of spam fighting techniques, clear documentation and active community support. And it's free (woohoo!). SpamAssassin is available at spamassassin.apache.org.



Spam blocking lists are easy to use. Most modern e-mail servers can be configured to perform lookups on these lists via DNS queries with just a few lines of code in the configuration file. However, when you buy into a particular list, you trust the judgment of the list maintainers to determine who should be marked as a spammer.

Block mail based on content. Unless you are in the pharmacy business (or certain other businesses that I'll leave to your imagination), your company probably doesn't receive many legitimate e-mails containing the word "Viagra." Phrases such as "make money fast," "discount dvds" and "hot stocks" may also serve as a red flag for spam. By filtering mail containing these words, you can reduce the amount of clutter in your users' inboxes. Content filtering can also look for tell tale HTML that indicates the message is either spam or malicious content.

There are two caveats here: First, the possibility of false positives, causing legitimate e-mail to be marked as spam. Second, the continuing ingenuity of spammers, who have taken to creative spelling techniques ("V1aGrA" or "V!agra"), use of html and graphics, as well as variations in spacing and punctuation to confuse and bypass such filters. This means that you'll need to keep adjusting your filters to deal with new types of spam as well as the spammers' new tricks to hide the true nature of their messages. If you are using a commercial anti spam product based on content filters, make sure that the vendor provides frequent filter updates.

Scientific content blocking. Bayesian filters use science, in the form of statistics, to identify spam. A Bayesian filter builds two tables -- one for all the words that appear in legitimate e-mails and the other for words that appear in spam -- and gives each word a score. At most companies, a word like "Viagra" is given a score that indicates that it is more likely to occur in a spam message than a word like "meeting." By looking at a message's overall "spamminess" score, the Bayesian filter can make a relatively accurate guess as to whether it is legitimate. The nice thing about these filters is that they can learn from e-mail over time. The more e-mails the filter scores, the better its scoring becomes.


Spammers have not stood still in the face of the Bayesian filters. You may have noticed strange blocks of text in some of the spam you receive. Spammers have taken to including passages of random, unusual or legitimate sounding text at the end of their e-mails in an effort to confuse Bayesian filters. The theory here is that by adding many words found in legitimate e-mail, the "spamminess" score of the message overall may be lowered.

The learning ability of the Bayesian filter is also a double-edged sword. In order to make the best use of this technology, your users need to teach the system about spam messages that slip through the filter. While this is usually a simple point-and-click process, some users may be annoyed by this task or ignore it, thereby reducing the efficiency of the system.

As you can see, each of the ingredients in this antispam cocktail adds its own "kick" to the recipe. By combining and tuning these techniques, the savvy sys admin can reduce the level of spam on their network to a trickle instead of a torrent.

Email Delivery & The War Against Spam
Topic: OE Spam Filters
The war is afoot between legitimate senders of mass email and spammers. There is an ever-increasing number of tools, in the form of algorithms and list management tools. These tools will affect email delivery and reduce the amount of spam that has hijacked the email industry.

As reported from the New Scientist, a team of researchers from IBM, and Cornell University developed a new algorithm for detecting spam in emails, called SMTP Path Analysis. The algorithm works by examining the path information (probably by looking at the Received headers), and detects patterns that are likely to be the route of a spammer. ?...the algorithm is not meticulous enough to efficiently catch spam on its own, but works well in combination with content filtering tools. "And it catches stuff that content filters can't,"

Engineers at ActivSoftware recently announced their new algorithm called 'slow start outbound connection ramping.' This new server technology attempts to avoid becoming flagged as spam by automatically monitoring delivery success and failure rates and adjusting simultaneous connections to an email service provider based upon those parameters.

It begins with a very low number of simultaneous connections to any one ESP for any one IP address. It monitors delivery failure to success ratios and slowly ramps up the number of connections to that ESP from that particular IP.

In another recent attempt to help legitimate email senders avoid becoming flagged as spammers, researchers at ActivSoftware, using a bayesian spam filter, sifted through over two hundred thousand words flowing through their email servers and itemized the top 50, or so, words most likely to trigger spam filters. The words are organized by their spam to ham ratio, or illegitimate to legitimate email ratio. The team analyzed many factors within this data, but the most compelling was the spam to ham ratios.

Words such as click and here don't rank as high, since they are used often in legitimate email. Whereas words like madam, rarely found in legitimate email, while readily found in spam email, had very high ratios. Using this method the team created, what they deemed, ?A superior list of spam words.?

The top twelve words follow:

- homeowner

- discreet

- madam

- materially

- unclaimed

- anticipates

- soma

- preapproved

- unconditionally

- beneficiary

- refinance

- intercourse

AOL to Give Away Spammer Stash
Topic: OE Spam Filters
One spammer's misfortune could be an Internet user's dream as AOL plans to give away a fully-loaded Hummer H2 and nearly $100,000 in cash and gold bars. The online service received the loot through a provision in the CAN-SPAM act, which allows courts to seize property obtained through profits from the sending of unsolicited e-mails.

In addition to seizing the spammer's assets, AOL also won a $13 million judgment against the company, and will donate the seized computer equipment to schools in Northern Virginia.


The property will be given away through the AOL Spammer's Gold Sweepstakes, which will begin Wednesday and will run through August 19. Participants will be able to enter once per day by answering a question on computer security and safety.

Every day during the period a $1,000 prize will be awarded with the grand prize drawing at the end of the contest. The grand prize winner will receive the 2003 Hummer H2 and nearly $85,000 in cash and gold bars.

All of the loot was seized from a then 20-year old man in New Hampshire following a successful campaign to shut down and sue the spammer. At his height, AOL claims the man had 40 computers sending out millions of spam e-mails per day.

In on day in January 2004 alone, the spammer generated 100,000 complaints from AOL members.

"The safety and security of our members is Job No. 1 at AOL, and that means taking aggressive action against spammers and scammers. I am delighted that our efforts are paying off, literally, with the seizure of these assets and the sweepstakes," Jon Miller, Chairman and CEO of AOL said in prepared remarks.

Miller pointed to statistics that show an 85 percent drop in spam on the service, announcing that spam filters now block 1.4 billion messages per day as opposed to a high of 2.4 billion messages in one day in 2003.

AOL also issued a terse warning to spammers sending unsolicited mail to the service. "AOL will find you and sue you. And AOL will do everything it can to make sure its members end up with any money you made as a spammer."