Junk E-mail or "SPAM"
While industry analysts are still trying to figure out how to make money on the Internet, the spam artists think they've found the answer, and are busy churning out junk e-mail. So the bad news is that junk e-mail or spam is a growing problem, but the good news is that the Internet community is rising to the challenge. We hope that the following information may help you answer any questions you may have had regarding spam.

Prevention Information can be found at: http://www.onguardonline.gov
http://www.getnetwise.org/.

Frequently Ask Questions regarding SPAM

Why am I getting e-mail not addressed to me?

It is an unfortunate circumstance that the "From" header of an e-mail message is so easily faked that it is usually not reliable in tracing its true source.

However, spammers often forge the "To" header of an e-mail message, which is an attempt to confuse the true recipient of the message. One of the problems with the way e-mail works is the "To" header on messages (the line that normally contains your e-mail address, assuming it's a legitimate message) does not really determine where the message gets delivered. What does determine the recipient of the message is a command (or commands, if there are multiple recipients) sent to the mail server telling it where to send the mail. Unfortunately, these commands are ultimately hidden from the recipient's view, and do not show up anywhere in the mail headers once the message is finally delivered. (A sender can make use of this feature with a "Bcc", or "Blind Carbon Copy," to his or her recipients.)

Blind carbon copying can be useful if you are creating a mailing list, and you wish to ensure that the address of each of your recipients is kept private from the others. (These days, it is an unfortunate circumstance that the publication of your e-mail address will almost inevitably mean you become the target of unsolicited junk mailers. So a mailer can set the "To" header to be anything he or she wishes; for example, "To: Mailing List Recipients." He or she can then silently tell the mail server, by using the "Bcc," who the actual recipients are.

Unfortunately, this feature can also be used for illegitimate purposes —for example, in cases of spammers using bogus "To" and "From" headers to disguise their identities. This enables them to send out spam to numerous recipients and protect their anonymity. In cases like these, only a thorough examination of the message's full headers will reveal the source of the message . . . and even then, this will only reveal the source network or Internet provider. It will not reveal the specific identity of the spammer.

Where did the spammer get my email address? Does ComSouth Services sell my e-mail address?

In the interest of ensuring your privacy, ComSouth does not, in any way, publicize your e-mail address or any other subscriber information -- all such data is kept strictly confidential. This is not only our own internal policy, but a requirement of federal law as well.

I got spam that's targeting an alphabetical list of ComSouth.net & Cstel.net customers. If I don't publicize my Comsouth.net & Cstel.net addresses, why do I still get spam? There is a variety of software that permits a bulk mailer to send messages to a large number of recipients on a particular Internet provider, even if they do not know their specific addresses. The software attempts to send a message to every address on that domain (starting with aaa, aab, aac, etc.), not caring about the number of "undeliverable" messages that will be generated from all the incorrect guesses. We believe some spammers may then track which addresses came back as undeliverable, and remove those addresses from their lists. These mailing lists are then sold to other spammers.

This may explain why sometimes you see spam which appears to be targeted at an alphabetical list of customers, or why you receive spam at an address which you may not have publicized.

We do have systems in place which catch a great deal of these attempts as they arrive, before the messages reach any valid addresses; however, no system such as this is 100% effective, and we are constantly working on improving the "intelligence" of our spam prevention methods.

Is there a security problem with your mail server?

The security problem extends, unfortunately, to the e-mail protocol itself. Mail administrators are required to return, as undeliverable, any messages addressed to an invalid address on a particular network. This opens up the possibility for abuse by spammers running software that attempts to send messages to as many different addresses as possible.

Is there a security problem with my web browser?

There have been some security issues identified in the two most popular web browsers, Netscape Navigator and Internet Explorer. In one case, a problem with Javascript was identified as potentially allowing websites to capture a visitor's e-mail address without their knowledge.

You may also want to visit these links for more security information about:

• Java and Javascript
• Microsoft Internet Explorer
• Netscape Navigator

Do cookies have something to do with this?

Cookies are short pieces of text, stored on your computer, which are placed there by websites you may have visited, so that those websites can remember who you are (or preferences you may have selected) the next time you visit. Although this can be convenient when making frequent trips to the same site, there are also well-known concerns regarding their use.

What is ComSouth doing to stop this? Can't you filter this stuff?

Some service providers have attempted to address the spam problem by blocking mail from other providers who are known to distribute spam. Although this method is somewhat effective, it eliminates only a fraction of spam. For example, many network abusers will set up an account with a reputable provider such as America Online or AT&T. No one blocks these providers because there is a great deal of legitimate mail coming from those systems.

However, as part of ComSouth's commitment to providing first-class service to its customers, we continue to filter incoming mail from domains known to harbor spammers. Copies of complaints sent to abuse@comsouth.net will be taken into consideration as we update our antispam filters. This will give both ComSouth and our customers greater control over the mail entering our system and our customers' mailboxes.

We have also configured our mail servers to automatically notify our mail administrators whenever certain "patterns" are recognized in any large number of incoming mail messages. For example, a large number of messages with substantially the same Subject header, or of the same length, or numerous groups of messages all sent to the same number of recipients... all are flagged as potentially "spam" and are either accepted or rejected based on their content. By allowing the server to watch for such patterns, we hope to be able to stop a good deal of unwanted e-mail from reaching our customers.

Can you block all messages not addressed to me?

Conceivably, ComSouth could prevent any mail without a legitimate "To" header from reaching our customers at all. We have actually debated this idea seriously for quite some time. However, the downside of this plan is that there is a potential for much legitimate mail (i.e., mailing list messages addressed to "mailing list recipients" rather than a specific comsouth.net address) being blocked. Furthermore, to program our mail servers to scan through every incoming mail message and verify that its "To" header matches that of its intended recipient would significantly degrade the overall performance of those servers.

Therefore, while we have a mail software upgrade planned for the near future, the unfortunate cost of having to wait is that much illegitimate mail will reach our customers for the time being. Our top priority, though, is that none of our customers legitimate mail be bounced simply because some automated process we were running mistook it for spam.

I want to stop this . . . Should I "reply to remove"? I've tried to reply but the message is returned to me.

As you may have noticed with much of the spam messages you receive, the "From", "Reply-To", and "To" headers point to addresses that are obviously fake. In many cases, trying to respond to the address in the "From" header results in your message being "bounced" back to you as undeliverable.

In other cases, you may discover that you are able to reply to an unwanted message. In fact, the message may actually give you "removal instructions" or invite you to "reply to be removed" from the spammers' mailing list. However, replying to spam, or even following the sender's instructions for "removal," may actually increase the amount of spam you get in the long run. By letting the spammer know that you've received the message, even though you are expressing disapproval at receiving it, you are confirming for them that your e-mail address is valid and that you read messages sent to that address. Unfortunately, many spammers do track which addresses write them back (regardless of the content of the reply) and use this information to update their mailing lists. Some even then turn around and sell these lists to other spammers.

In short, avoid attempting to reply to or contact the spammer by e-mail.

I want to report this to its origin.

ComSouth also recommends reporting the receipt of spam to the Internet provider at which it originates. Your best bet in determining the true source of an e-mail message is to look at its "Received" headers (you may have to set your e-mail client to "Show all headers" to be able to see them). As stated above, the spammer will have often forged the "From" and "Reply-To" headers, making them largely unreliable in determining the true source of the message.

Can I filter this stuff from my inbox?

Depending on your e-mail program, you should also be able to control which messages are visible in your Inbox through the use of "filters." The most recent version of Netscape Communicator offers filtering capability, as do Eudora, Pegasus and Microsoft Outlook. Unfortunately, Netscape Navigator 3.0 and earlier versions do not have filtering features, so you must upgrade to Netscape Communicator if you want to use Netscape Mail and take advantage of filtering.

We recommend you create a filtering rule in your e-mail program which deletes (or sends to the "Trash") any e-mail message not specifically addressed to you in the "To" or "Cc" headers.

Fortunately, ComSouth provides technical support for setting up filters; with our "Glitch Guys" .

I thought this was illegal, but I got spam that says it "complies with federal requirements." What does this mean?

Currently there is no federal legislation either supporting or prohibiting the sending of unsolicited e-mail messages. However, you may have noticed that some spam messages include the following language (or something similar):

This message complies with the proposed United States Federal requirements for commercial e-mail. For additional information see:

http://www.senate.gov/

Current information on the status, text, and summary of Title 3 of S. 1618 and H.R. 3888, its companion bill, can be found by using Thomas, the legislative information system run by the Library of Congress.

Or:

This message complies with the proposed United States Federal requirements for commercial e-mail bill, Section 301. Per Section 301, Paragraph (a)(2)(C) of S.1618, further transmissions to you by the sender of this e-mail may be stopped at no cost to you by sending a reply to this e-mail address with the word "remove" in the subject line. For additional info, see:

http://www.senate.gov/

As you can see, there are no simple solutions to the problem of spam. In any event, ComSouth hopes that some of the information and resources contained in this page will help you reduce the number of unwelcome messages in your inbox.