TechSmart TechBlog

Though nothing new specifically, here at TechSmart we’ve notice a pretty drastic increase in spam messages that appear to come from ourselves!

First off, no.  Your computer isn’t somehow sending spam messages to yourself (we assume, if you have current malware (virus/spyware) protection).  The way these spam messages appear to be from you is a process called ‘spoofing‘.

Understanding this fully is difficult, but the short explanation is that when the current email standards we use were developed, the thought of someone using email for marketing or malicious intent was just not conceivable.  Networks were generally very closed and frankly- operating was expensive.  So, the protocol used for sending mail, called SMTP, has no method of authenticating a message (or in other words, proving that mail from you actually came from you).  Everything in email (including attachments, by the way) is sent in basic text- there’s no built in security or method of ‘tagging’ messages to prove that they were absolutely sent by you.  The sender’s name and email are just more text that is in the stream.
So, given the right methods of writing software, it is not only possible but somewhat easy to send message that appear to come from someone else.  In fact, this is something that you can do even with most email programs- all you would have to do is give another person’s name and email address instead of your own when setting up the account.

Now, most everyone has (or at least should have) a method of spam filtering- a service or program that automatically scans each incoming message with something called a Learning Bayesian Filter.  This learns what you consider UCE (Unsolicited Email or ’spam’) and legit messages, or ‘ham’ and applies a mathematical formula to predict when messages are intended for you or not.
Normally, this method works pretty well once you have the filter ‘trained’ as to what you consider spam or ham.  However, there are a few basic issues that cause all of this learning to go right out the window.  First, a good number of spam filters bypass messages that look to be from you because many users are in the habit of CC’ing themselves on messages.  A default behavior is often to either bypass the filter completely or to assign a much lower ’spam score’ to messages appearing to come from you.  Second, Bayesian analysis works on text, but doesn’t work so well with attached images.  The majority of this new breed of spam contains words in the subject that are usually things you’d want to see, such as “Re:  Your Order” and “Account Update”; things to that effect.  The rest of the message is just an attachment.
In the age of people sending pictures back and forth, even to themselves in some cases, you can see how this becomes a nightmare for spam filters!
The final and possibly biggest problem facing email filtering is that, despite proposed methods of getting around the SMTP downfalls, such as SPF, PGP Signing and countless other proposals… have all been poorly implemented.  So, sadly, there’s still no reliable way to be sure mail is actually from who it claims to be from!

All that being said-  we have a few suggestions that may help:

1)  Use a paid external email filtering service.
TechSmart uses Privacy Networks filtering for our needs, and we even host a dedicated set of servers that are available for a small monthly fee.  We have found that for us and our customers, mail getting thru to the inbox has been cut substantially and at a much lower cost than the competition.  Therefore we highly suggest the service if you are operating your own business or have your own domain name for email.
The gotcha with these paid external services is they only work if you have control over your email domain- for example, if you use Comcast, Qwest or even free webmail providers such as AOL, Hotmail, Gmail and the like- the service doesn’t work.  However, if you are interested in getting off of those services and hosting your own email- we have dedicated servers that allow that as well- just give us a call to discuss your needs.  In addition, we highly recommend servers that require specific authentication for you to send thru them.  This is an unfortunate downfall with some services like Comcast and Qwest, etc.  If you aren’t required to login to send a message, a program you don’t know about could be sending mail out completely unknown to you.  Virus filtering is always important as well.

2)  Learn to use your sent items folder
Most email clients will keep records of email you have sent, so CCing yourself on messages is not only redundant, it will confuse your spam filter!  So, instead of sending messages to yourself, look in your sent items folder to verify your message was sent, or request a ‘read reciept’ from your recipients.
This will also help you not panic if you see a bunch of mail that appears to be from you.

3)  Use White/Grey/Black lists appropriately
A method of making things easier for the spam filters is to allow you to create lists of email addresses that you will always want, sometimes want or never want- these are commonly called white, grey, and black lists (accordingly).  These allow you to say “mail from this person is okay” but unfortunately, this allows for only one check of the message for content- the ‘from’ address.  This is usually why spam addressed as from you or from people you know will get thru.  Another very common whitelist to be aware of is ‘entire domain’ whitelists- in other words, X@y.com and Z@y.com all come thru automatically because they assume you know everyone in y.com’s domain.
A method I have been using lately to combat the ’spoofed’ mail problem is to use my ‘greylist’- this keeps everything in a kind of spam quarantine- I log into my filter server and examine the greybox, and select any messages from myself and train those messages as spam (see the next suggestion).
Another similar method if you never send messages to yourself, is to simply blacklist yourself; but please be aware that blacklisting causes a message to be immediately deleted.  There are a host of ways this can cause issues, so I suggest doing a lot of testing of your email as soon as you blacklist yourself to be sure you’re getting the messages you need to be getting.

4)  Train your email filters
This is a very often over-looked thing but any spam filter worth paying for also has a plugin for Outlook, or some easy method of training messages as spam.  I mentioned before I was having trouble with spam coming in looking like it was from me.  Here’s how I solved this issue.  I made an entry in the ‘Grey List’ for my own email address, that way, any messages coming in claiming to be from my own account were automatically caught in the greybox.  So today I logged in and selected all of these messages (there’s a handy ’select all’ button), made sure there were no legit messages in the list, and with the click of one button, trained them all as spam.  Then I removed my email address from the greylist so they would go thru normal spam processing.  Now messages appearing to be sent from me that match that profile will be tagged as spam (and I just checked- it’s working!) and never seen by me again.

5)  Adjust your spam score settings
Once you have trained your filter as to what you consider spam, if you’re still getting mail coming thru, try adjusting your filter to be more aggressive in what it moves to your Greybox or quarantine.  This will very from filter to filter, but typically higher numbers indicate more likelihood of being spam.  So, if you want more messages to be in the quarantine instead of your inbox, increase the number (SLOWLY!) of your greybox and trashcan.
IMPORTANT NOTE:  When you increase your spam score settings it becomes very important to monitor your greybox/quarantine for messages that are legit.  If your filter offers it, I suggest using a ‘ham training’ button for good messages, that way the filter can learn good and bad.  Most will offer an option to “forward and whitelist” which will send the message to your inbox and add a whitelist entry, always assuring that mail claiming to be from that sender should be sent thru.  If you don’t watch this list when you increase your score- you could start loosing legit emails, which is also why I highly recommend setting no more than 1 point score difference each week.

6)  Choose a longer email address.
I’m guilty of this, I like having a simple email address (dj@domain.com, for example) to give out to people, but often that is an easy guess for spammers and spoofers.  Often it’s better to choose a longer username (djthepcmaster@domain.com, for example) so that it’s much harder for these programs to guess.

I would guess that spam is always going to be an issue and there is always some new trick up their sleeves.  As always, if you weren’t expecting a mail, even if it looks completely legit, don’t click on links or open attachments unless you’re 100% sure the mail is safe.

If you have more questions, please don’t hesitate to contact us!

A host of information on this issue is available-  One authority in this area is CERT.  Keep in mind that the majority of spam actually comes from overseas sources or from people failing to have virus protection on their PCs.

Before you bring your TV, Monitor, Computer or other electronic component to the dump, or simply drop it off at a ‘free recycling’ place- we encourage you to view the following:

http://news.cnet.com/8301-11128_3-10092317-54.html?part=rss&tag=feed&subj=GreenTech

For almost a year now, TechSmart has committed to helping to solve this global crisis.  We partner with an EPA Certified recycler that ships 0% of it’s components overseas and recycles every component it receives.  No, this isn’t a cheap process, and we do charge $5-$10 per component; but we believe it to be a small price to pay when you see what is at stake.

We believe that as leaders in the field of technology, it is our duty to lead by example and not wait for government mandates on this issue.  Technology is an investment, and that investment doesn’t end with the initial purchase.  We believe it is our responsibility as technology users to assure that what we use isn’t destructive to the world around us after we are done with it, as well as think forward of what investments will leave the smallest footprints for the next generation.

We don’t offer gimmicks or tricks.  Just the truth- if you are concerned about what will soon be a global crisis and want to do something about it- start at your company, at your home.  We’ll be there to help.

If you have questions, don’t hesitate to call us at 498-0808

Many users have been seeing a lot of emails apparently coming from msnbc or cnn, claiming to be breaking news stories, usually involving several pop-culture figures.

This represents one of the most well-crafted scams of all time, and it’s getting worse.

The link directs you to a website that will use a Windows Internet Explorer exploit to install what appears to be ‘anti-virus’ software, or to install a ‘codec’ to view a video.  One variant even tries to get you to install an unsigned ‘flash’ viewer.

Never before have we seen such a well crafted scam, and most basic ’spam filters’ will not do well with these types of emails because they seem to come from legit sources and don’t have the usual signs (spelling errors, profanity, etc) of Un-Solicited Email (UCE) or Spam.

Below I have a picture of what the email looks like in the msnbc variant.

There are a few things that give this away as spam. First off- look at the From address. Obviously not from where it claims to be from. Also, if you mouse over the links (DO NOT CLICK THEM, just hover your mouse over it), most email software will display the actual destination of the link. Notice that it’s very different than where it claims to go.

These are some of the basic ways you can tell. Obviously if you see these messages, just delete them.

If you use our Privacy Networks email filtering, you may see Privacy Posts that look like this:

You’ll notice that these messages will more than likely end up in your greybox, and some messages may even get thru- DON’T panic. The Greybox will empty itself eventually or you may log into your Privacy Networks account on our server and purge the messages yourself, but no interaction from you is required.

Getting Spam Filtering (that works)

We’ll be honest- we didn’t see this for what it was until pretty late, because our spam filters were catching this early. If you don’t have our privacy networks filtering, we highly suggest you call us about getting it! Call us at 970-498-0808 and ask us if we can help you reduce your spam and take back your inbox.

What to do if you are infected

This infection spreading is what causes more of the emails to go out. If you get messages that your antivirus filter has detected several thousand viruses, please give us a call at 970-498-0808. In many cases, we can resolve this issue with you over the phone using our exclusive Remote Support options- in most cases, you won’t even have to bring in your PC, we can help you right over the phone (all you need is an internet connection).

If you are a customer that is able to use our Customer Support Portal, we ask you to please log a ticket using that system as our phones are very busy as we deal with this issue.

Getting Anti-Virus Software

We always recommend having good antivirus software. For home users, we recommend Norton from Symantec or AVG (which is free for home users). In your office, please talk to us about installing Symantec Corporate edition, or a host of internet content filters that can help prevent these issues.

If you’d like us to answer any questions you have, please go to our website and click “contact us” to send us a message.  We’ll get back to you as soon as possible.