It seems while the experts are meeting to figure out how to stop spam, the spammers are exploiting new ways to spam. This morning my mailbox had over 100 messages with either the subject “market report” or “eviction notice.” What headers I checked showed this was from a botnet, sent to dozens of addresses at my domains.
The wanted but unexpected email is one of the major challenges facing ISPs and filter developers. If there was never any need or desire for people to receive email from someone they don’t know, then mail clients could be locked down to only accept mail from addresses on a whitelist. It wouldn’t completely solve the spam problem, for a number of reasons, but it would lessen the problem, particularly for average email users.
But, we don’t live in a world where we know beforehand who will be sending us mail, so we can’t just whitelist correspondents and reject everything else. I think this is a good thing. Email can be used to meet new people, develop new relationships and introduce new opportunities.
While the “cold call” email isn’t much talked about I think it’s worth some discussion. What makes a good cold email? What makes a bad one? We can use two recent emails I received as examples.
Example 1:
Yesterday I posted about why the reasons a lot of people give for not unsubscribing from spam are mostly wrong. Unsubscribing from spam doesn’t seem to confirm your address and it doesn’t seem to increase your spam load.
But does that mean you should unsubscribe from spam? I’m not sure about that.
I’ve been working on a project where I am unsubscribing from every message coming into one of my email addresses. Weeks into that process I’m not seeing a huge decrease in the amount of mail that address is receiving. In some cases I’m unsubscribing from the same senders multiple times a day and have been for close to 3 weeks.
While unsubscribing doesn’t increase your spam, I’m also not sure it decreases your spam, either. But I’ll have full data and numbers demonstrating that in a few more weeks.
What can have an effect on the amount of spam you get is complaining about spam, at least according to Brian Krebs.
According to Brian Krebs the compromise of Target’s POS system probably originated with a phishing attack against one of Target’s vendors. This attack compromised credentials of the HVAC vendor and possibly allowed the hackers entrance into Target’s systems.
Interestingly, Brian mentions Ariba, a company I’ve been forced to deal by a large customer of ours. I’m not sure if there really is an attack vector where a vendor can get access through Ariba to the internal systems of the customers. However, my experience with Ariba has been frustrating and problematic, so I’ll be happy to believe their security is as broken as their email.
Email is a great way to interact with people and companies. It’s great for growing communities and businesses. But it is also a way for attackers to get access to your computer and the websites you interact with. Protect yourself, and your company, by running security software. And, please, don’t open attachments or click on links in emails and provide usernames and passwords.