from: Computing Education Programs - Education Services Group - University of Victoria 5/2004  http://web.uvic.ca/comped/online/antispam/

Outlook Express 6 vs. Outlook® 2003

Outlook Express is for e-mail and newsgroup use. It is included with Microsoft Internet Explorer 4 or newer and Microsoft Windows 98 or newer. The current version is 6.

Outlook is a stand-alone application that is part of Microsoft Office and Exchange Server. The current version 2003 integrates e-mail, calendar, contacts, tasks, notes, and journal.

E-mail Message Formats

Outlook and Outlook Express can send and receive e-mail in three different formats:

• Plain Text – is text only and the text cannot be formatted in any way, e.g. Bold. Smallest file size, only the words can supply the emotional tone.

• Rich Text Format (RTF) – is formatted text, e.g. Bold, color, font faces, etc. Cannot contain images or multimedia (video or audio) in the message body.

• MIME (Multipurpose Internet Mail Extensions some e-mail programs call this HTML) – contains formatted text and multimedia content in message body. It contains at least two or three versions of the message so if the recipient’s e-mail program cannot handle MIME it will display the message as RTF or at least as plain text. Largest file size, the formatting, but visual and auditory content help to emphasize the delivery of the text.  An S/MIME (Secure MIME) format is MIME with encrypted message support using RSA's public key encryption technology. (RSA stands for Rivest, Shamir, and Adelman, the inventors of the algorithm.)

 Which format to use? Answer these questions and then decide.

• Does your message content require RTF or MIME formatting?

o No, then reduce the file size and mail traffic by using plain text.

o Need occasionally, RTF or MIME format can be temporarily applied.

• RTF or MIME is of no use if the recipient’s e-mail program:

o Does not support RTF or MIME format?

o Is configured to not display e-mail in RTF or HTML format.

o Does not support the software needed to view multimedia content.

Spam Related Definitions

Spam comes in many variations intended to con people or be destructive:

• Annoying e-mail includes all e-mail that is disruptive or time consuming in some way but is not actually harmful.

• Offensive e-mail has content you personally find inappropriate. Each person has different levels of tolerance, so what is offensive to one is not offensive to another.

• Spoof is e-mail that appears to be from a legitimate company you deal with, UVIC, a bank, a credit card company. The e-mail, which often uses the company's graphical style, attempts to solicit credit card numbers and other financial or personal information.

• Phishing is a spoof that gets you to link to a Web site that also appears legitimate, including a fake URL that seems to be the company's real Web address.

Attachments – are files included with an e-mail message. The bad types include:

• Deceptive software – programs that look like one type but are actually another. If file extensions are hidden you see: readme.txt when the full file name is readme.txt.exe, a program that could be a virus.

• Spyware – a program that includes additional code to send out information about you or your computer use.

• Virus – a program, or script code that can be contained in an HTML formatted e-mail with the intent of being destructive in some way, such as deleting files to changing the starting page on you Web browser.

False positive - Occurs when spam blocking software incorrectly identifies genuine e-mail as spam.

 Blacklists - is a blocked listing of individual and/or domains known to send spam. A blacklisted domain can block legitimate e-mail from people using that domain for their e-mail. A domain is the e-mail address part after the @, e.g. uvic.ca.

White lists - blocks all e-mail except from senders or domains specified in a whitelist file.

Gray list - is the temporary rejection of "first contact" e-mail by the UVIC e-mail server. The sending server queues the rejected mail and tries to resend it later. The second time the e-mail is sent, it is accepted by the UVIC e-mail server. This approach is currently effective as many "spammers" do not queue rejected  e-mail, but merely try another recipient. Its use will decrease over time as this method can be defeated programmatically.

Bayesian analysis - uses statistics to assess the probability an e-mail either is or is not spam. Unlike simple filters which look for spam-like language; Bayesian analysis balances suspect word usage against the overall context of the given  e-mail.

Challenge/response - as most spam is generated automatically, a challenge/response requires each sender to get permission before their e-mail is sent through to the recipient. If an e-mail is not on the whitelist an automated challenge is sent to the sender who must reply in some way to the challenge. If there is a reply the recipient must manually add the sender to the whitelist or take other action. If there is no reply the e-mail is blocked.

Forging - Disguise where the message came from. Spammers do this so that you won't know whom to complain to. It can be done by a variety of methods, from simply placing deliberately erroneous information in their e-mail program, to manually sending mail using Telnet to an SMTP server. The POP RFC 821 defines the three parts of an e-mail to include: Mail From: normally your e-mail address but can be faked or blank. This is the address a server would send error messages to. Rcpt To:    The e-mail address to send the data to:Data: The message body including the From, To, and Subject lines.                      Most e-mail programs copy the From and To to the Mail and Rcpt but spammers obviously use methods to not do this.

Headers - An e-mail message is divided into two parts, the headers and the body. Headers have technical information, such as who the sender and recipient are, and what systems it has passed through. Body is the actual message text, including the From, To, and Subject lines.

Heuristic blockers - a spam blocker that falls somewhere between pattern matchers and Bayesian analysis to determine if an e-mail is spam.

Pattern matching - filters to identify suspect e-mail by identifying telltale signs of spam within e-mail, subject, and sender lines of the e-mail. It extends the built-in rules of Outlook, Outlook Express and other e-mail programs,

Control Junk E-mail with Outlook Express

Junk e-mail is the term used by Outlook Express for any received e-mail that contains unwanted or undesirable content or attachments. Junk e-mail includes spam.

Controlling Junk e-mail effectiveness depends on what you need and what settings you are willing to implement. Remember:

• Spam is a moving target that is constantly changing.

• There are many solutions to control spam and often more than one solution is needed.

• View all solutions as temporary; spammers will find other ways to deliver spam.

• Be wary of solutions which give you little or no control, e.g. non-local blacklists and ISP-based spam blocking. While of value, they can also block legitimate e-mail. 

• Solutions that work for others may not work for you as:

o Everyone receives different amounts of spam

o Has different levels of tolerance for spam

o Has different degrees of time and effort to spend on controlling spam

o Implement and maintaining solutions require different level of technical skill

o How you accept a solutions giving a false positives

o How junk e-mail fits with ones life or work (e.g. research on spam) 

• Success in controlling spam is not to eliminate it but make it a tolerable nuisance. 

• Topics included in this document to control spam/junk e-mail are:

o Solutions at the mail server

o Solutions with firewalls

o Solutions with anti-virus programs

o Solutions for Outlook Express

o Solutions for Attachments

o Solutions with 3^rd party software

o Solutions for the user

Solutions with firewalls

A firewall is a piece of computer software intended to prevent unauthorized access to system software or data.

Some firewalls that control both inbound and outbound connections include:

• Norton Internet Security

• McAfee Firewall

• Zonelabs  ZoneAlarm 

A firewall that controls only inbound connections is:

• Windows XP Firewall  (It won’t stop installed spyware from sending out information from your computer, but will stop a program from trying to get into your computer.)

o To enable:

 Start – Settings – Control Panel – Network Connections

 Select then right mouse click the connection to firewall enable

 From the menu select either:

• Status – Properties button – Properties – Advanced tab

• Properties – Advanced tab

 Check the Internet Connection Firewall option

o To modify the services the firewall will allow into your computer

 Follow the enable steps then select the Settings… button

 See Start – Help and Support – Search topic Firewall for details 

• Note: The Windows XP Firewall default settings have changed:

o Original Windows XP the firewall is turned off, you manually turn it on.

o After installing Windows XP SP2 the firewall is turned on by installing this Service Pack.

To check to see how secure your computer is from hackers

• Use the free service from Gibson Research Corporation:

            o Go to http://grc.com/default.htm

            o In the Hot Spots section select “ShieldsUP”

            o Follow the instructions to run the tests.  (This site has a number of other useful tools and technical information.)

Solutions with anti-virus programs

While an anti-virus program may not control e-mail topics or words in the e-mail message that you find offensive, it does provide a degree of protection from:

• Running HTML e-mail messages containing malicious code.

• Attached programs you extract and install that may contain damaging code.

• E-mail with links that entice you to download a program with harmful code.

 E-mail protection options are in some anti-virus programs. These include:

• Symantec AntiVirus

• Mcafee VirusScan

Use e-mail scanning options with caution with Outlook Express as the anti-virus program can create problems! All messages in Outlook Express are stored in a single file. An incoming or outgoing message containing a virus can trigger the antivirus software to destruct or quarantine this file as it attempts to remove a message with a potential virus.

• Because of possible loss of all Outlook Express messages, consider turning off the email scanning option. The antivirus software is already protecting your system and if you attempt to open a message attachment containing a potential virus, the antivirus software will recognize that you are attempting to infect your system, and will block you from doing so.

Your level of protection is only as good as the last update!

As viruses change over time it is essential that your anti-virus program be updated with new virus definition files. Your anti-virus program may be configured to do this automatically or it may be done manually. 

When installing programs, sometimes anti-virus programs control is so restrictive that it will prevent you from installing a program unless the anti-virus program is turned off. Doing so mean your computer is no longer protected. If your anti-virus program prevents installing a program then:

• Download the file to install and save it in a known location. Do not select the install option.

• Run a virus scan check on the downloaded file.

• Turn off your anti-virus program. Look for a shut-down, exit, stop, disable, halt command.

• Install the software.

• Turn the anti-virus program on again.

• Verify the anti-virus is running. Don’t assume a re-boot turns your anti-virus software back on.

Solutions with Outlook Express

All references in this section refer to Outlook Express version 6:

• If you use an older version you will have to take the following differences into account when implementing the solutions presented here:

            o It may have different wording in menus and selection of dialog options.

            o It may have fewer (or no) spam control features.

Outlook Express includes some ways to handle spam but requires that you manually determine what spam is and then block future spam based on that. As spam comes in from so many different email addresses and includes so many different subject lines, it's difficult to control spam this way. 

The topics in this section include:

• Add, Edit, or Remove a sender or domain from in the Blocked Senders List

• Set security zones

• Ignore a conversation in an e-mail or newsgroup

• Turn off the Outlook Express Preview Pane

• Read messages as plain text

• When sending e-mail

• Create your own rules

• Applied Paranoia

• To Add, Edit, or Remove a sender or domain in the Blocked Senders list:

o Tools - Message Rules - Blocked Senders List

o To add: Click Add then type in the email address or domain to block. (Domain is the part of the address after the @ symbol – do not type the @)

 Alternate method: Select a message in the e-mail Inbox or newsgroup list of messages - Message menu, click Block Sender 

 Blocking applies to POP3 e-mail only. It does not apply to HTTP e-mail or IMAP messages.

 New e-mail messages from the blocked address or domain are automatically sent to the Deleted Items folder.

 Newsgroup messages are not displayed.

 Caution: check for false positives.

o To edit: Select the name - Click Modify – make the necessary changes.

o To remove: – Select the name - Click Remove.

• Set security zones Outlook Express security zones enable you to choose whether or not active content, such as ActiveX Controls and scripts, can be run from inside HTML e-mail messages.

• OE 6 default uses the Restricted Zone. OE 5.0 and 5.5 used the Internet zone, which enable most active content to run.

• To customize your settings: Tools – Options - Security tab.

o In the Security Zones section, select an Internet Explorer security zone:

 Choose Internet zone for standard (less secure) use.

 Choose Restricted sites zone to create a more secure environment. 

o Close Outlook Express

o Verify these security settings apply to Outlook Express and Internet Explorer.

 Start Internet Explorer, select Tools - Internet Options - Security tab.

 Click Custom Level for the security zone selected in Outlook Express.

• Ignore a conversation in an e-mail or newsgroup A conversation includes the original message and all its replies.

o In the Inbox or newsgroup message list - Select the conversation to ignore - Message menu - Ignore Conversation. 

 If the message list's View – Columns - Watch/Ignore is checked, an ignore icon appears next to all messages of an ignored conversation. 

 To reduce clutter, hide ignored messages: View - Current View – select Hide Read or Ignored Messages. 

 Variation: hide ignored messages and keep read messages visible: Select the Hide Read or Ignored Messages above then View - Current View - Define Views dialog - New - enter in 1 “Where the message has been read”, in 2, “Show/Hide” and “Show messages”, in 3 type a name for this view, and click OK. 

o To remove re-select Message - Ignore Conversation.

• Turn off the Outlook Express Preview Pane  Convenient but it also means any scripts contained in an e-mail will be automatically run, and if they are bad the damage is done before you can blink your eyes.

o View – Layout – uncheck Show Preview Pane  This also turns off display of the To, From, and Subject columns.

o Add a toolbar button to quickly turn the Preview Pane on and off:

 In Tools – Options – General tab  – uncheck “When starting go directly to my Inbox folder.”

 Right-click an empty bit of the Toolbar and select Customize

 Locate the Preview icon and double click it to add it to the toolbar.

 To use: Start Outlook Express – click the Preview button to turn it off – Download all your e-mail – Delete the spam without opening them – Right click questionable e-mail and select the Properties to see if the email should be deleted or opened - click the Preview button to turn it on – Read your email (Caution: “safe” email may not be “safe.”)

• Read messages as plain text Tools - Options – Read tab - check "Read all messages in plain text"

o This option appears only with IE6 SP1 or Win XP SP1 and higher installed.

o This prevents validating of your e-mail address by the spammer's server,  e.g. download an image.

o This also prevents malformed or malicious HTML code from executing.

 If the message is worth viewing as HTML, then go back to  Tools - Options – Read tab - uncheck this option - reopen the message. 

• When sending e-mail you may enable protection from spam you receive. But are the people you sending e-mail to doing the same? If not they can expose your e-mail address to spammers if they have a spyware that collects and uses e-mail addresses found on their computer. Protect yourself and others when sending e-mail by:

o Using BCC to send e-mail to multiple recipients, recipients do not see the other e-mail addresses (in the message select View – All Headers.)

o Don’t send e-mail to e-mail address you do not recognize.

• Create your own rules  While often used to manage “good” e-mail it can also be used to control spam

o 1) Message – Create Rule from Message…  2) Select the condition – modify the identifiers to target the condition  3) Select the action to take when the identifiers match 4) Modify the rule description (click each underline to open a dialog)      a) Select People – add the people to match, multiple entries are “or’d”      b) Select the Options button to qualify if selected people are to be           included (IS) or excluded (IS NOT) in this rule           multiple entries add options to switch from OR to an AND condition 5) Give the rule a name 

o To edit or remove a rule: Tools – Message Rules

 Select the Mail or New to select which rules

 Uncheck the rule to temporarily turn it off

 Select one of the buttons:

• New – create a rule that is not based on any specific message

• Modify – edit the conditions of this rule

• Copy – makes a copy if a new rule is similar

• Remove – permanently deletes the rule

• Apply Now – runs the rule immediately on existing messages

• Move Up/Down – sets the order in which rules are applied

o Some Rule Creating and Editing Guidelines:

o Outlook Express applies rules automatically only to incoming messages. To apply a rule later requires manual processing:  From Tools – Message Rules – uncheck the rule(s) then click Apply Now. 

o Messages are checked against the first rule in the list, then the second, then the third, etc. until it encounters the end of the list or the Action "stop processing more rules". A message can match more than one rule!

o The type of mail server account may influence how well the rule works, e.g. default POP3 gets entire message while default IMAP gets just header.

o The UVIC mail system scans all mail and adds Spam Assassin header details, At least three headers can be used with rules to control spam:

 X-UVic-Spam-Status: Yes, Probably, Suspected, or No 

 X-UVic-Spam-Level: followed by 0 to 40 S’s  

 A spam score and keywords may be added, such as: X-UVic-Spam-Score: 7.759 HTML,DATE_IN_PAST_06_12,  

 For more information on these headers, see http://helpdesk.uvic.ca/software/applications/e-mail/spamassn/account.html  These values may change over time so your rules may become invalid in filtering spam!

 Values from these headers used in a rule will require experimenting, e.g. a spam level of “SSSS” may work for some while others need “SSSSS” or even higher

 Three methods to view headers: Open a message then either:

• File – Properties – Details tab.

• Right-click in a message - Properties – Details tab

• Ctrl + F3

o List delete message rules first in the rules list for them to work as expected.

o Mail rules are applied to mail; create separate rules to filter newsgroups.

o Move message rules should include the Action "stop processing more rules" otherwise it is checked against any following rules and is never moved.

o Be careful:

 Delete message rules can be too general and delete legitimate e-mail. Consider move instead of delete so wanted e-mail can be recovered.

 Rules using individual words may be too restrictive, e.g. deleting on “Viagra” alone for the Computer Help Desk would also delete messages with “Help me get rid of Viagra e-mail”, use other test conditions to uniquely identify the good from the bad messages.

 Combining too many test conditions in one rule, e.g. Subject contains 'funny game' or 'new game' won’t catch variations like “funny new game.” Try making separate rules with an “AND” between test words.

 Boolean “AND” and “OR” conditions note: “AND” requires both conditions to test as true for the Action to occur. “OR” requires that only one of the test conditions test as true,. e.g. “UVIC” AND “COUS” vs. “UVIC” OR “COUS”.

• More rule ideas: Outlook Express Help – Index or Search tab – enter Rules

• Sample rules: http://insideoe.tomsterdam.com/tips/rules.htm or http://www.mindspring.com/~oe_oh/message_rules.htm

• Applied Paranoia: Use or don’t use as it meets your spam control needs:

o Tools – Options - Connection tab

 Dialup – check “Ask before switching dial-up connections” Also disconnect your modem if not using it.

 Internet Connection - click the Change button and verify if any of the settings have been changed.

o Tools – Options - Maintenance tab

 Check “Empty messages from the Deleted Items folder on exit” If other have access to your computer this removes messages.

 Check “Purge deleted messages when leaving IMAP folders” If an IMAP account, not a POP3 account, this deletes messages from the server. Be sure you do not want to access messages later or from a different computer.

 Uncheck “Compact messages in the background”  Not spam related but deleted, moved or marked as read message in an OE message file (dbx) creates wasted file space. Use the Manual Clean Up button as background compacting slows down your system, while it is active and if the process is interrupted then the entire message file can be corrupted.

o Tools – Options - Compose tab – Business Card section

 Uncheck both Mail and News so you do not accidentally send personal information from your Business Card.

o Tools – Options - Send tab

 Uncheck “Send messages immediately” In case you are redistributing spam or a virus to others in your address book. You control when to send e-mail.

 Mail Sending Format and News Sending Format Select Plain Text unless you have a need for HTML formatting. If you distribute spam then at least the URL links are not click able. While this may not affect you it does reduce mail traffic and could be helpful to the recipient who may not be as spam savvy as yourself.

o Tools – Options - Receipts tab – Returning Read Receipts

 Select the “Never” or “Notify me” options to prevent a spammer from being notified that curiosity got to you and you read some spam mail.

o Tools – Options – General tab

 Uncheck “Automatically log on to Windows Messenger.”

 Default Messaging Programs. Don’t send e-mail without your approval is the default if OE 6 is configured as the default mail handler (or simple MAPI client.) Some viruses use this method to spread by sending copies of e-mail messages containing the virus to your contacts. Outlook Express 6 displays a dialog asking you if want or not want to send the e-mail message.

 The US Can-Spam Act went into effective 19 May 2004 requires anyone sending sexually oriented material to add a Subject line warning of "SEXUALLY-EXPLICIT:” Spammer may bypass this US law simply by not sending spam from or to US e-mail addresses.

Solutions for Attachments

 Many e-mail file attachments are good, but for those that are not, then consider:

• Keep your anti-virus software and definition files updated

• Run spyware detection and removal tools. Note remove spyware may cause some software (ad supported software) to stop working. Two free tools include:

            o Spybot http://www.safer-networking.org/microsoft.en.html

            o Ad-aware http://www.lavasoft.de/ms/index.htm

• Spy ware info: http://grc.com/oo/spyware.htm and http://www.spychecker.com/

When e-mail contains attachments, considerations:

When e-mail contains attachments there are four things to consider:

1. View the file extension, Windows default is to hide known extensions

• Know what you are opening, see file extensions: My Computer – Tools  - Folder Options... - View tab - Uncheck “Hide extensions for known file types.”

2. Outlook Express controls what attachments can be opened

An attachment can contain a virus, worm, or Trojan that can infect a computer when opened. Installing Internet Explorer 6 Service Pack 1 (SP1) or Windows XP SP1 changes the Outlook Express default to block all attachments:

• The Tools – Options – Security tab - Do not allow attachments to be saved or opened that could potentially be a virus option is checked (before SP1 this option was unchecked by default.)

            o If un-checking this option then save the attachment to disk first and then scan it with your antivirus software.

            o If checked, then Outlook Express uses the Internet Explorer unsafe file list and the Folder Options - Confirm open after download setting to determine if an attached file is safe. Any e-mail attachment with a file type that is reported as "unsafe" is: a) not downloaded, b) the Save Attachments command is unavailable or missing from message and File menus, and c) an alert is displayed at the top of the e-mail message:

3. For Outlook Express 6 from the default file extensions that are blocked you can add additional file types to be blocked or remove file types that should not be blocked by: 

• In Windows XP: Start - Settings - Control Panel

• Select Classic View or View All Control Panel Options

• Open the Folder Options control panel.

• On the File Types tab - select the file type to block or allow - Advanced. If the file type is not listed then select: New In the Create New Extension dialog - enter the file extension - Click OK

4. Check Confirm open after download. Note for some file types checked is a permanent option, it cannot be unchecked. 

“Unsafe” file extensions often blocked by corp. systems in Outlook 2003 and Outlook Express 6:

.ade    Microsoft Access project extension 

.adp    Microsoft Access project 

.app    Visual FoxPro Application

.asp    Active Server Page

.asx    Windows Media Audio / Video

.bas    Microsoft Visual Basic class module 

.bat    Batch file 

.chm    Compiled HTML Help file 

.cmd    MS Windows NT Command script 

.com    Microsoft MS-DOS program 

.cpl    Control Panel extension 

.cer    Public key certificates 

.crt    Security certificate 

.dll    Dynamic linked library

.exe    Program 

.fxp    Visual FoxPro Compiled Program

.hlp    Help file 

.hta    HTML program

.inf    Setup Information 

.ini    Initialization file

.ins    Internet Naming Service 

.isp    Internet Communication settings 

.js    JScript file 

.jse    Jscript Encoded Script file 

.lib    Library file

.lnk    Shortcut 

.mda    Microsoft Access add-in program 

.mdb    Microsoft Access program 

.mde    Microsoft Access MDE database 

.mdt    MS Access workgroup information 

.mdw    MS Access workgroup information 

.mdz    MS Access wizard program 

.msc    MS Common Console document 

.msi    MS Windows Installer package 

.msp    MS Windows Installer patch 

.mst    MS Windows Installer transform; or MS Visual Test source file 

.ops    Office XP settings 

.pcd    Photo CD; MS Visual script 

.pif    Shortcut to MS-DOS program 

.prf    Microsoft Outlook profile settings

.prg    Visual FoxPro Program

.pst    MS Outlook personal storage file 

.reg    Registration entries 

.scf    Windows Explorer command

.scr    Screen saver 

.sct    Windows Script Component 

.sh    Shell file

.shb    Shell Scrap object

.shs    Shell Scrap object 

.sys    System file

.url    Internet shortcut 

.vb    VBScript file 

.vbe    VBScript Encoded script file 

.vbs    VBScript file 

.vsd    Microsoft Visio file type 

.vst     Visio file type 

.vss    Visio file type 

.vsw    Visio file type 

.vxd    Virtual Device Driver

.wmd    MS Visual Interdev98 Templates, Web Project Items File

.wms    Windows Media Skin File

.wmv    Windows Media File 

.wmz    Windows Media Compressed Skin

.ws    Windows Script & Some games

.wsc    Windows Script Component 

.wsf    Windows Script file 

.wsh    Windows Script Host Settings file

For Outlook Express 6 from the default file extensions that are blocked you can add additional file types to be blocked or remove file types that should not be blocked by: 

• In Windows XP: Start - Settings - Control Panel

• Select Classic View or View All Control Panel Options

• Open the Folder Options control panel.

• On the File Types tab - select the file type to block or allow - Advanced. If the file type is not listed then select: New In the Create New Extension dialog - enter the file extension - Click OK

• Check Confirm open after download. Note for some file types checked is a permanent option, it cannot be unchecked. 

 Solutions with 3rd party software:

 Two types of 3^rd party software can block spam.

• One sits between your e-mail program and the mail server. It checks and marks e-mail that it considers spam, and then lets you handle that spam in ways the program allows.

• The other integrates directly into Outlook Express or another e-mail program and kills spam from directly within the program.

Use a 3^rd party program to control spam e-mail:

• If it offers additional features such as parental control options, the ability to set different levels of control for multiple accounts, or a feature is not available in Outlook Express,

• If it offers the same features as Outlook Express, but with an easier to maintain interface. Make sure you turn off the Outlook Express option to avoid duplication and conflicts.

• Some 3^rd party programs may be much better or much worse at managing spam than the settings already available in Outlook Express. Check reviews carefully.

• Some 3^rd party programs if used in addition to UVIC E-mail spam filtering and Outlook Express can create conflicts. If using a 3^rd part program evaluate its performance very carefully as “more control is not always better.”  For example it is reported that programs such as "Mail Washer" tries to imitate the "message undeliverable" auto-responses generated by UVIC's mail-server. The imitation is imperfect, and the spammer can distinguish between "true" and "imitation" error-messages.

Some 3^rd party programs that can control spam e-mail include (partial list May 2004):

• Spambayes http://spambayes.sourceforge.net (limited “rules” support)

• Choice-mail One http://www.digiportal.com/ 

• Cloudmark Spamnet http://www.cloudmark.com/products/spamnet/ 

• Ella http://www.openfieldsoftware.com/ 

• iHateSpam http://www.sunbelt-software.com/product.cfm?id=930 

• K9 http://www.keir.net/k9.html 

• Mailwasher http://www.mailwasher.net/ 

• Mcafee Spamkiller http://us.mcafee.com 

• Qurb http://www.qurb.com/ 

• SpamSubtract http://www.intermute.com/spamsubtract/ 

Solutions for the user to reduce your eMail address exposure

• Limit where you post your e-mail address

o Consider any e-mail address on a web site can be harvested by a spammer.

o This includes the http://www.uvic.ca  Find People directory.

 To edit: http://www.uvic.ca/directories/  select the Change/delete/add a directory entry

• Your Netlink ID and password are needed.

• Consider removing your e-mail address, or select the Unlisted or Campus options instead of Global. 

• Disguise (or "munge") your e-mail address when posting to a newsgroup, chat room, bulletin board, on a web page, or other public places

o For example, substitute 0 (zeros) for “o” (ohs), 1 for l, spell out @ as “at” and dot instead of “.”, and add additional spaces when typing your e-mail address so a person can interpret your address, but a spam harvesting program cannot.  

• Use multiple e-mail addresses for different purposes

o With two or three e-mail addresses; one is used for personal use, another for work, and another as a “throw-away” that you don’t care if it gets spam.

o These e-mail addresses can be from ISPs that allow your account to have more than one e-mail address or use sources that offer free e-mail accounts. If using free accounts like Yahoo, or MSN be sure to log-in and clean out accumulated e-mail occasionally to show that your account is active. 

• Review the privacy policies of Web sites

o Before filling in a form with personal information and your e-mail address review the privacy policy (aka "Privacy Statement," "Privacy Policy," "Terms and Conditions," or "Terms of Use.")

o If it is not clear how your personal information is to be used then consider not filling in the form with your e-mail address and personal information.  

• Watch out for check boxes that are already selected

o When buying online, or filling in any form before clicking the Submit button:

 Scroll and read everything – and be sure you agree with what you read.

 Watch checkbox wording and “pre-checked” checkboxes Should the check box be checked or unchecked:   E-mail me with special announcements    Don’t e-mail me with special announcements 

• Don't reply to spam Don't even reply to unsubscribe unless you know and trust the sender. A reply tells the spammer that your e-mail address is live, that you read it! 

• Don’t respond if e-mail to ask for personal information  Most legitimate companies do not ask for personal information in e-mail. It could be a spoofed e-mail meant to look like a legitimate one to "fish" for your account number and passwords. If it is from a company you do business with; call the company, but don't use the number in the e-mail; use one from directory assistance, a bank statement, a bill, or other source to make sure it is a legitimate one. 

• If selecting or changing an e-mail address consider a long address Short e-mail addresses, me@.... Are easier for spammers to guess and these are more likely to receive a greater number of spam than a longer more complex address. 

• Don't make a charitable contribution based on an e-mail request  Spammers can prey on your good will. If it is a charity you want to support, find their number elsewhere and call them to find out how you can make a contribution. 

• NEVER purchase anything advertised in an e-mail  You don’t know if it is “spoofed” (made to look like the real company or not.) Use a supplier you know and trust.   

• Don't forward chain e-mail  It may be a hoax, and when forward to others it continues the hoax. It distributes your e-mail address by having others forwarding it to people you don’t even know. It creates more Internet/network traffic, slowing down delivery of important items. 

• Delete suspect E-mail without opening it  if it is a legitimate, uninfected piece of mail, the sender will surely contact you again. 

• Assess your own gullibility and curiosity levels

o Look as how you handle unwanted mail delivered by Canada Post and Campus mail, it may give you insight.

o Be aware of when you are a sucker (easily fooled or tricked) as spammers will try any means they can and eventually will hit upon your weak spot.

o Be aware that “I just wanted to see what spam looked like” can be all that is needed to make a spammer very happy.