Thursday, August 4, 2011

Is that you sending spam?

People hate spam. Not the fine meat product by Hormel. That's SPAM and some people like it. Including me.

No, I'm talking about UBE (unsolicited bulk email) or UCE (unsolicited commercial email). Electronic junk mail.

And people could be getting spam from you without you knowing it.

I'll clarify that statement in a bit, but let it sink in for a minute.

Okay? Good.


The first way you could be sending spam is that someone has hacked your email account and is using it to send spam.

This could be because you have a password that's too simple. A good practice would be to have a password that's at least 8 character in length, containing at least one upper-case letter, one lower-case letter, one number, and one special character (the characters that aren't letters or numbers, such as underscore, hyphen, dollar sign, and so on).

Microsoft has an online tool you can use to check passwords (either your current or possible future passwords). You can find that here.

Edit: Online tools are available for checking passwords, including this one from Comparitech.

If your password is strong, and if you don't write it down where anyone can get it, and if you don't use it on some other service that could have been compromised, then you're probably okay. But, if people are getting spam that says it came from you, you might want to look at changing that email account's password.

Viruses and other malware

Another way you could be sending spam is there is some malicious software (malware) running on your computer. Some malware can send emails (spam) from your computer without you even knowing it.

Got a Mac? It don't matter. Macs can get viruses and other malware, too. Not as likely, and not as much out there as for Windows. But, yes, it can happen. And no, I don't care what the guy at the computer store that sold you your Mac said. I've been running antivirus software on my Macs for some years now, and have been protected when it caught some stuff sent in emails to me, or on Websites that contained malicious content (through advertising services that were hacked).

If you have a Mac, I strongly suggest that you either use the App Store to find some security software, or use a good alternate utility like Sophos. I've been using Sophos for years and like it. And they make a free version for the Mac.

Got a Windows computer? You definitely need a good, up-to-date antivirus solution. There are several good ones, including Norton, McAfee, Kaspersky, Panda, and more. I use Microsoft Security Essentials on my Windows computers, but there are plenty of other free utilities, such as Avast, AVG, Avira, and more.

If your stuff if up-to-date, you're probably okay. If not, run updates. If they don't run and update, then likely you're infected and the infection is stopping updates from running properly. If that's the case, you need to clean your computer, then install security software. And keep it up-to-date.

Somebody else is the problem

There's one other possible reason you could be sending spam to people: it's not you.

Remember when I said I'd clarify that earlier statement? This is that clarification.

Could be that somebody else, possibly a friend, has been infected. The malware is on their computer, and is sending spam from their computer.

The reason it looks like it's coming from you is that it's doing something called "spoofing." That is, it's saying that you're the sender. How? Think about mailing a letter. An actual letter. Paper. Envelope. Stamps. A real old-fashioned letter.

How does the recipient know it's from you before they open it? They look at the return address.

Well, suppose you put someone else's name and street address there instead of yours? It would look like it came from that other person.

Spoofing the email sender field isn't much harder than that.

So, it may not be you. It could be some friend or acquaintance that has malware running that's spoofing your email address as the sender. All it did was look through your friend's address book on the infected computer and pick out addresses. One, it picked as the sender, and some others it used as recipients (along with any other list of recipients it has access to).

What do you do about this? Well, unless you can pinpoint which friend is the infected party, there's not much at all you can do about it. Maybe you can preach computer security to them. But other than that, not much.

Oh, and if you're wondering how I know about this infected-friend-sending-as-you thing, it happened to me for the first time several years ago. I wasn't the actual sender; rather, I was the one whose email address was being spoofed.

I got some bounces (where the email was rejected) and looked at the recipients. I recognized many of them as friends of one of my sisters. So I contacted her. Turns out she had turned off her Norton Antivirus because, as she put it, "it made my computer run slow."

And, naturally, she got infected. And the malware sent emails, making me look like a spammer.

No, I wasn't happy. I tried to explain the problem, but I'm not sure if she believed me or not. Turns out, though, that I was right. And PC World has written about similar events.


So, what did we learn?
  • We need strong passwords.
  • We need to keep our security software up-to-date. Even if we have a Mac.
  • Our friends aren't always as careful as we are.
Remember when computers were going to make our life simpler? How's that working out?

No comments:

Post a Comment

Please choose a Profile in "Comment as" or sign your name to Anonymous comments. Comment policy