GroupWise Anti-Spam FAQ
Frequently Asked Questions about Spam and GroupWise
(and their Frequently Given Answers)
- Why did I get this junk mail?
Somehow, someone got hold of your e-mail address. This could be because there's a Web site with your address on it, you've put your business card in a fishbowl for a contest, or because someone to whom you've sent e-mail has (inadvertently) forwarded it to a mailing list broker. It's even possible that your e-mail address was a lucky guess. At any rate, now that your e-mail address is known to spammers it's very likely that it will be sold numerous times, and you'll receive more spam from different sources, on different topics ("Make Money Fast", "Free The Taliban", and so on).
- I don't know the sender of this junk mail!
Sometimes the From: address is "spoofed", or falsified. That's an intentional obscuring tactic, because the spammer does not want to receive complaints. Even if there were an apparently valid address, subsequent spam would most likely use a different (and probably spoofed) address. In this case the sender's address is a "disposable" address - most likely it's already been detected as a spam source, and been shut down. However, since free e-mail addresses are readily available it'll only be minutes before the next one is created to spam again.
- Why don't I just unsubscribe?
Replying to spam or clicking on any link in the message just proves to the spammer that someone is actually receiving the message. It makes your address more valuable and more likely to be re-sold to other spammers. That just increases the amount of spam your receive.
Worse, since much spam is created by viruses, clicking on a link or opening attachments can infect your computer with a virus!
- My co-worker says I've been sending junk mail!
- I've been getting junk mail from myself!
Much spam is created from computers infected by viruses, which look through the addressbooks of the infected computers for e-mail addresses. The virus then sends hundreds or thousands of infected messages containing that virus with the To: field harvested from the infected computer, and the From: field created from another harvested address. If your co-worker's home computer is infected then both of you could receive spam or viruses.
When spoofed messages are sent with your e-mail address in the From: field, you're said to be the victim of a "Joe Job".
- I'm getting errors for messages I didn't send!
Mail servers receiving Joe Jobs will often "bounce" or reject the messages. The Joe Job victim then receives hundreds of delivery failure notifications. Worse, badly configured mail servers (or ignorant postmasters) may believe that the Joe Job victim is the actual spammer, and blacklist all e-mail coming from the Joe Job victim's mail server.
While there are several proposed methods for identifying spoofed sender addresses, they are currently "experimental" and none have been adopted as standards.
- My bank wants me to verify my account.
Don't do that. "Phishing" is a variation of a Joe Job. Phishing misrepresents a corporation, and tries to get the recipient to divulge personal financial information or to run malicious software. This is generally a spambot to send out tons more spam...
"Spear Phishing" misrepresents an official of a corporation, and targets employees within that company. For municipal employees it could be a message appearing to be from the Mayor or the City Manager asking the employees to open an attachment or visit a Web site.
- What else do spammers do?
Spammers use many tricks to fool victims and their anti-spam filters. A list of current spamming techniques is published on the The Spammers' Compendium.
- How can I fight this scourge of the Internet?
Activate the GroupWise Junk Mail Handling feature; instructions are on the Novell Documentation site. An anti-spam gateway will identify most spam, which GroupWise will automatically move to the Junk Mail folder if Junk Mail Handling is enabled.
For spam that is incorrectly identified as legitimate (this kind of error is known as a "False Negative"):
- Don't open messages that are obviously spam (ridiculous From: or To: addresses, nonsensical subject lines).
- Don't click on links or reply to the message.
-
Be sure that you
view messages in plain text mode, not HTML. To
set the view to plain text:
- From the GroupWise menu select Tools, Options, Environment, Views.
- In the Default Read View section select Plain Text.
- Check the box beside Force.
- Click OK.
Many spam messages will contain HTML Web bugs that can track when the message is opened, how often, by which IP address, whether the message has been forwarded or bounced, &c. The results will then be used to harvest those e-mail addresses in order to send more spam.
Don't automatically delete and empty suspected spam. Spam detection is not perfect, and some legitimate messages may be identified as spam (this kind of error is a "False Positive"). If false positives are automatically deleted you'll never know your rules need to be fixed, and even if you're told by the sender that a message has been deleted you can't examine it to determine how to fix your rules.
- I do not know this "spam" of which you speak.
"Spam", "Junk Mail", "Unsolicted Commercial E-mail" (UCE) or "Unsolicted Bulk E-mail" (UBE) refers to e- mail messages that are both unsolicted and unwanted, often selling commercial products. Some definitions require spam messages to be sent in bulk, but recipients of spam don't care how many others received it, they just want spam to go away.
Legitimate mail that is not spam is sometimes referred to as "ham".
The word "spam" was first used in 1993 to refer to multiple postings in a Usenet Newsgroup. These postings were created by a poorly written computer program, which, ironically, was designed to eliminate duplicate postings.
SPAM is canned Spiced Pork And Ham, manufactured by Hormel Foods. While Hormel used to discourage the use of the word "spam" to refer to UCE, they now find it acceptable as long as the name of their food product is spelled in all capitals ("SPAM"), and the reference to UCE is spelled with lower case letters ("spam").
And, yes, the e-mail variety of spam really did get its name from the Monty Python sketch in which the Vikings overwhelm the restaurant patrons by singing "Spam, spam, spam, spam."