The CurrCon Java Applet displays prices on this
web page converted with today’s exchange rates into your local international currency,
e.g. Euros, US dollars, Canadian dollars, British Pounds, Indian Rupees…
CurrCon requires an up-to-date browser
and Java version 1.8, preferably 1.8.0_131.
If you can’t see the prices in your local currency,
Troubleshoot. Use Firefox for best results.
Monty Python did a skit where they said the
word SPAM so many times you wanted to run screaming from
the room. SPAM is either junk e-mail or junk postings in a newsgroup. Typically it is
an advertisement for some product, or scam totally unrelated to the newsgroup, e.g.
pornography in the comp.lang.java.programmer
newsgroup. People try various tactics to avoid getting on the spammer’s hit
lists. For the most part they just annoy or block legitimate correspondents.
Eventually we will invent legal or technical countermeasures, but for now it is just
a fact of life like mosquitos on a camping trip.
Spam is usually an advertisement for something, but it can be any sort of junk
mail sent without any regard for whether it would be of interest to the recipient,
such as chain letters or Kristian proselytising.
Spam is beginning to cripple the entire email system. The number of spam message
has increased 8 fold between 2000-12 and 2002-05. This is a compounding rate of 13% a
month, even faster than MasterCard interest mounts up.
Spammers commandeer mail sites and make the broadcast spam email. Going through a
commandeered mail server helps mask the spammer’s identity.
People often use
the word spammer as a general insult word in place of
shithead. It is used to chastise someone for a lame post,
an irrelevant post, an unhelpful post, a post that another disagrees with, a
slightly-off-topic post, an erroneous post, a post that mentions a commercial product
favourably, a post with a link to one’s own website, a post that answers the
It can drive you mad trying to defend yourself against the charge of spammer if you take the insult literally since those using it have no
idea of its original meaning.
Spammers use all kinds of tricks to get you to
look at their spam and click its links:
Panic you with some bogus report of some charge.
Use language a long lost friend might use.
Use your name in the subject.
Say something that makes no sense, hoping to pique your curiosity.
Spam Cop provides an unsolicited
email complaint system with access via both email and the web. They try to figure out
the responsible party or parties and send an (somewhat) anonymised complaint form to
To do the complaint yourself, use the Eudora Blah Blah icon, or equivalent in your
mail program, to display all the message headers. In there, are clues to the possible
Received: from pd2mr1so.prod.shaw.ca
(pd2mr1so-qfe3.prod.shaw.ca [10.0.141.110]) by l-daemon
with ESMTP id <0HWA001A9NPPLM@l-daemon> for firstname.lastname@example.org; Fri, Received:
from pd5mi2so.prod.shaw.ca ([10.0.121.83])
by pd2mr1so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar
15 2004)) with ESMTP id <0HWA00962NPJ0ZC0@pd2mr1so.prod.shaw.ca> for
email@example.com (ORCPT firstname.lastname@example.org); Fri, 16 Apr 2004 20:46:31 -0600 (MDT)
Received: from vega.servlets.net (vega.servlets.net [18.104.22.168])
with ESMTP id <0HWA00B2YNPO47@l-daemon> for email@example.com; Fri,
Received: from mail.inter-corporate.com ([22.214.171.124])
by vega.servlets.net (8.9.3/8.9.3) with ESMTP id TAA07545 for
<firstname.lastname@example.org>; Fri, 16 Apr 2004 19:46:41 -0700
ID MO0006B1; Fri, 16 Apr 2004 19:46:33 -0700
Received: from spooler by mail.inter-corporate.com (Mercury/32 v3.32); Fri,
Received: from someone.mindprod.com (126.96.36.199) by mail.inter-corporate.com
Date: Fri, 16 Apr 2004 19:42:55 -0700
From: Roedy Green <email@example.com>
Buried in that gibberish there, especially X-Complaints-To, are many domain names you can look up with whois and IP (Internet Protocol)
that you can look up who owns them at arin.net or domaintools.com. From that you can track down some
email addresses to complain to a telephone numbers to call, in the same manner as for
newsgroup net abuse.
When you make your complaints, make sure you include the complete text of the
email including the full header.
If the email contains a virus, there is no point is reporting net abuse. The person
it purports to be from was very unlikely the actual sender and the person who did
send it did not do so intentionally. Don’t blame the FROM: person. He is nearly always innocent! His machine is not
necessarily infected. The machine of someone with his email address in the Outlook
address book is infected.
The American FTC (Federal Trade Commission)
is still interested in email scams such as 419 (Nigerian, advance fee) spam mail. The usual scam involves someone
wanting to launder millions of dollars through your bank account.
Securing Your Mailserver
This only applies if you run your own
mailserver. Most people let their ISP (Internet Service Provider)
do that for them. There are three ways to fight back to stop spammers from using your
Refuse to forward mail unless the FROM: field is your domain. This is fairly
easy to spoof so is not very secure.
Keep a list of valid IPs from which your
mail server is prepared to accept outgoing mail.
Use POP3 (Post Office Protocol version 3) authentication.
Make people login with a user id and password if they want to use your mail
If people would stop using Microsoft Email
programs Outlook and Outlook Explorer, it would stop most virus-based spam in its
tracks. These two programs are criminally negligent in the way they deliberately aid
viruses to spread. Use something else e.g. Eudora, or some other mail
To stop email viruses and worms, you need a virus checker such as Norton Antivirus or Panda Antivirus. You are protecting not only yourself, but also your
reputation. If you are don’t take precautions you will infect everyone you send
There are 5 types of spam-blocking software:
an add-in or feature of your email client.
a program than runs on the client that gets between your email program and the
a program that runs on the client, that runs in parallel with your email
program. It takes a first peek at the mail and classifies or deletes spam, then
your mail program fetches what is left from the server.
software you run in conjunction with a mailserver.
a service you sign up for to provide spam-fee mailboxes, usually not with your
Spam Blocking Software
Spam blocking software has two problems,
recognising spam based on word patterns, without accidentally blocking real mail. It
needs fairly sophisticated logic to make those decisions.
BogoFilter: with C source for
Linux, FreeBSD, Solaris, OS (Operating System) X, HP-UX, AIX (Advanced Interactive eXecutive).
Uses a Bayesian filtering technique.
requires iMap mail server, not POP3.
Em Tec Spam Detective
spam filter that works with MAPI (Messaging API),
and SMTP3. Now called MailShield.
HashCash: free. the idea of
this is to force the sender to invest some time and money in getting through to
you, by forcing him to spend CPU (Central Processing Unit)
time to compute a key to get through. This expense should deter spammers.
Unfortunately, it will deter legit callers too. Last revised/verified:2008-07-28
per year. Works only with Outlook and Outlook Express. Server based. No software
in client at all. Last revised/verified:2008-07-28
K9: free with request for
donations. Gradually learns what is spam. It acts as a proxy mailserver. Your
mail program goes to it for mail and it goes to your ISP.
This makes it a little more complicated to set up. It does not delete any mail,
just tags it with [spam] so your email filter program
can easily identify it. Unfortunately it does not seem to handle
SMTP (Simple Mail Transfer Protocol) proxy as well, so it
requires an email program, e.g. not Eudora 6, that than configure the passwords
and servers independently for SMTP
and POP3. The manual is on the web. The program has not
even rudimentary tooltips. It is not a program you can figure out easily without
reading the documentation. It won’t delete the junk off the server for you.
You must still download it into your mail program and dispose of it there.
similar to Zaep, now owned by AOL (America Online),
but server based so you don’t have to tunnel challenge messages through a
firewall. You sign up with new email accounts at MailBlocks. Then you can do
Get people to send you mail directly to your new MailBlocks accounts.
On bended knee, ask your ISP
to forward your mail to your existing email accounts to the new MailBlocks
Ask MailBlocks to periodically pick up your mail from your old
Everyone in your address book is whitelisted. Everyone else gets a challenge
the first time they send you email. If ignore the challenge, the email is treated
as spam. If they answer, they get put on the white list. Basic service is free.
Premium service (more space to store mail, more rules for filtering) is
per year. This sounds fairly fool proof compared with Zaep. The disadvantage is
legit callers will be offended and will refuse to answer the challenge, or the
challenge will be lost and treated as spam itself.
Mailinator: Free disposable
email accounts. You are on the web, at a party, or talking to your favorite
insurance salesman. Wherever you are, someone (or some webpage) asks for your
email address. You know if you give it, you’ll be on their spam list. On
the other hand, you do want at least one message from that person. The answer is
to give them a Mailinator address. You don’t need to sign-up. You just make
it up on the spot. Pick firstname.lastname@example.org or
email@example.com — pick anything you want
(up to 15 characters before the @ sign). Obviously,
these are not secure. There are no passwords. Anyone can pick up your mail who
knows the account. Use these whenever a someone demands an email address to
download software or activate an account when you want no further mail from them
after that. Last revised/verified:2008-07-28
Use Tagged email addresses. This requires no special
software. Use a return address like this firstname.lastname@example.org that will deliver to email@example.com and allow you to see where the address came
from. For instance, if you end up getting spam from firstname.lastname@example.org and you only gave that address to
amazon.com, you know where the leak occurred. Of course
clever spammers will strip the tag.
MailWasher: free with
request for donations. Previews mail, similarly to SpamDetective and deletes it.
Lets you mark all mail as deletable or bounceable, but not the reverse. Accesses
databases of blacklisted ISPs (Internet Service Providers). I found it froze up
frequently when confronted with 1500+ pieces of Sven Worm-created junk mail.
. Uses disposable email addresses.
per year for a spam-free mailbox. They look after detecting and removing spam.
The nice thing about this service is you don’t need to install any software
on your machine and you don’t need to change your email address. What
happens is you change your email program to pick up mail from SpamArrest and
SpamArrest picks up the mail from your ISP.
Spambayes. free, open source.
Its IMAP (Internet Message Access Protocol)
proxy is buggy, though the POP3
proxy seems OK though. Open source for Microsoft Outlook. It has a more polished
commercial version called Inboxer. Last revised/verified:2008-07-28
per year. Sell spam-free email accounts and lists of spammers to feed into
blocking software. Last revised/verified:2008-07-28
SpamNix: a Baynesian filter than integrates with
Eudora. This is what I used myself for many years before I used the Thunderbird
built-in spam filter. It took about a year before it got good at discriminating
spam from gold. Free trial with nagging to purchase every time you start Eudora.
Persistent nagging is only appropriate after the advertised trial has ended. You
train it by letting it sniff mailboxes that contain either pure spam or pure gold.
This initial training process is quite slow and gobbles up all your
CPU. It must
be done with freshly compacted mailboxes. Thereafter it just does it on individual
messages it errs in categorising. CNet rates it highly. SpamNix uses some of the
SpamAssassin code. Use the junk/not junk to move spam
that gets through you manually and train in one step. All that happens if you click
accept/reject is it trains itself for the future or lets
you set up an explicit filter. The nice thing about it is it quickly gets spam out
of the in folder, which is delicate and is corrupted if the Panda antivirus program
deletes a message. I still end up reviewing every piece of spam before finally
deleting it since it sometimes make mistakes. Oddly by default it does nothing with
spam but categorise it. You can to configure it to throw spam into the junk mailbox
or trash mailboxes based on some cutoff level of confidence. It stores its list of
explicit allow/rejects in
In Windows, copy the file mailfolder\Plugins\Spamnix.ini and the
to the new computer, where mailfolderis the location of your mail files.
It stores its Baynesian training information in F:\Program
Files\Eudora\plugins\Spamnix\*.db. The file
is supposed to be there despite its peculiar name. If you move Spamnix to a new
computer, move X:\Program Files\Eudora\plugins\spamnix.ini
and everything in X:\Program Files\Eudora\plugins\Spamnix\.
SpamWatch free. This is
a built-in no-extra-cost feature of the Eudora mail program. Every time you
transfer a message to the junk mailbox, it learns its characteristics so it can
automatically detect similar spam in future. You can put junk and unjunk icons on
your tool bar for marking junk and rescuing good stuff from the junk folder.
Eudora is now defunct so this is effectively defunct oo.
Thunderbird Email free. A email
program with a built-in spam filter. The filter is almost impossible to train. I
have marked emails from some parties hurdreds of times and it still refuses to
consider them spam. It will not let me directly blacklist a given email address.
It wants to figure it out by content. Once it does get trained, it works well.
Vipul’s Razor free. open source.
Perl geeks solution to collaboratively evaluating spam.
Zaep from RhinoSoft the makers
of FTP Voyager. This works a quite
different way. The first time anyone sends you mail, they get an automatically
generated response asking them to click an url taking them to Zaep’s
webserver to confirm they intended to send you mail. After they have done that,
that mail and all subsequent mail gets through unimpeded. You don’t need to
set up a mailserver. At the client site, Zaep stands between the client email
software and any of their mailservers, local or at ISP
s, as a miniature proxy mailserver.
Hint: when you first install the default userid/password is admin/admin. You have to dig in the knowledge base to discover this.
After you change it, it is registered on the Zaep server, so it does not revert
back, even if you uninstall/reinstall.
Zaep does not currently support IMAP.
You need to configure it with a domain name or permanent
IP. If you
have a dynamic IP, you can get a free domain name that tracks it
from Dyn or DNS4ME. The spam harvesters may
at some point learn to defeat this thing, but for now it has a good chance of
getting rid of all spam.
per year. The big problem is you may miss mail from legitimate customers who
can’t be bothered to respond to the challenge, or whose own spam blocking
software throws the challenges away thinking them spam. This is a solution for
someone inundated with spam with legitimate correspondents trying hard to get
through. I am working get it going on my own machine. I have discovered it does
not work with the Opera browser for administration and does not work with
IE (Internet Explorer), on my
machine, unless I manually modify the URLs (Uniform Resource Locators)
it uses from 127.0.0.1 to localhost. It appears to support only one mailserver, but many
email accounts, possibly coming from different machines on the
LAN (Local Area Network). It is fairly complicated. You require two
internal proxy ports, one external port for accepting confirmation requests and a
fourth port used for doing configuration changes, either locally or remotely.
You must configure your firewall and router to let the confirmation port
through. You must also configure your router as a virtual server to pass through
incoming messages on the confirmation port to the particular machine you have set
up as the Zaep server. You also must be sure Windows filtering is letting the
messages through. Check out Start ⇒ Settings Control
Panel ⇒ Network ⇒ LAN
⇒ Properties ⇒ Advanced. Eudora 6.1 no longer lets you configure the
and POP3 ports. unless you copy extrastuff\esoteric.epi to the main Eudora directory.
Unfortunately, that does not give you the ability to individually configure each
of your personalities. It effectively limits you to one email server. To do that,
you must manually edit the eudora.ini file.
In version 3.0 you have the option of ignoring
the notifications from the Zaep server tunneling through your firewall and just
automatically generate the email challenges yourself when you go online to fetch
mail. Even with this simplification, I could not get it to work.
Spam Blocking Hardware
Premptive Devices né,e Tyrnstone
Systems’ Deep Six was a box that protected an entire network from spam. It
claimed to be much better at detecting spam and avoiding false positives than the
competition. It claimed to allow only 0.8% of spam through with 0.002% false
positives. It used blacklists (bad guys) and whitelists (friends). It cost
so it could be justified only for corporate use. Tynstone keep updating the appliance
automatically, though it is not clear if they are maintaining blacklists for you or
just fine-tuning their detection algorithms. Spam costs corporations huge amounts in
employee time, so even modest increases in spam-detecting efficiency are worth
pursuing. WARRANTY: 30 day device performance assurance. 90
days appliance malfunction. Extended warranty and upgrade assurance is available.
There are dozens of databases that track known
spammers. Many mail programs refuse to transport mail from or to this bad guys.
People who leave open relays allowing spammers to hijack their mail servers can
also get on this list. Sometimes people put you on such lists out of spite. To get
off, you first need to check your status, then contact the various databases to plead
Insert the IP of the site you want test after ip=, or you can key it
once you get to the dnssnuff site. Use ping to get the IP.
You can block junk snail mail (aka hard copy spam) in
Canada by writing to: Canadian Direct Marketing Association
Do Not Mail Service
1 Concorde Gate Suite 607
Don Mills ON M3C 3N6
Tel: (416) 391 2362
fax: (416) 441 4062
or in the United States:
Direct Marketing Association
Mail Preference Service
P.O. Box 9008
Farmingdale NY 11735
Tel: (212) 768 7277
You can request telemarketers and junk mailers leave you alone at iOptOut.ca.
There are at least eight classes of spammer:
Vendors trying sell you something, usually pornography.
Fanatics trying to sell you religious ideas. They believe the importance of
their divine message overrides the normal rules of courtesy.
Propagandists with a desperate political message. They may even consider what
they are doing a form of electronic warfare.
Control freaks who want to shut you up and censor your ideas by clogging your
email system and thus preventing you from communicating with others.
Bigots who seek revenge on you for holding a divergent opinion from them,
usually on matters political, religious or sexual. These types have taken to
sending larger and larger messages, so that even if you automatically identify them
as spam, they have still managed to tie up your Internet connection.
Viruses that generate gibberish mail just to annoy people, but not to persuade
them to act in any particular way. It is sort of competition to see how much havoc
the virus creator can stir up.
The Future of Spam
I had a bit of a fright in 2004-06. I thought for a while I was under another email
DOS (Denial of Service attack). I wondered if I would be able to publicly post even
my munged public email address ever again. During the Serbian war, I received
80,000 letter bombs a day from people who objected to my
pro-US stance. Pretty well anyone, even marginally more famous or controversial than
I am, can no longer maintain a public email address. The proportion of people being
cut off totally from public email access is gradually increasing.
In like manner, I can see how spammers with political, religious, pornographic,
malicious, or commercial interests will gradually make the newsgroups and standard
email totally unusable. As my Dad you used say all the time, watch the derivative.
We can’t wait like frogs in hot water until the email and newsgroups are
completely gridlocked before taking action.
I see a multi-pronged approach will be necessary:
Spamming needs to be made criminal and spammers
prosecuted, preferably by hanging, drawing and quartering. Was there ever a
better case for the death penalty? Was there a less provoked crime? However,
spammers will always find some country to harbour them. Surely some third world
country will always foster the spam industry just as the Cayman Islands harbours
crooked companies and Nigeria harbours tramp ships. With the net, they can set
up shop in SomethingIstan and effective maintain virtual storefronts in every
We must educate people to ensure spammers
don’t get whatever it is they want from spamming, be it
sales, web hits, censorship, notoriety, sense of power, malice, revenge denial of
service or attention. Refuse all mail from ISPs
that harbour spammers and let them know why you are doing that. Make sure they
are truly guilty, not just the victims of virus counterfeit spam.
The Boulder Pledge
Under no circumstances will I ever purchase anything offered to me as the
result of an unsolicited e-mail message. Nor will I forward chain letters,
petitions, mass mailings, or virus warnings to large numbers of others. This is
my contribution to the survival of the online community.
~ Roger Ebert(1942-06-182013-04-04 age:70)
I see a new email delivery system
evolving to completely replace POP3/SMTP. It will have a number of features.
Automatic encryption, compression and digital signing. The degree of
encryption has to be automatically decided based on the laws governing sender
and receiver. The basic idea is no one can send you mail without your
permission. With digital signatures, it is practically impossible to forge
email. Basically, nothing gets transported any leg of the way without a
Automatic tracking, much the way you can track what has happened to a Fedex
parcel as it wends its way. You should potentially be able to know if a message
was not delivered or not noticed.
Forwarding standard with mechanisms to inform all your legit correspondents
automatically of your new address and keep them up to date on whatever
vCard style information you want them
Full efficient use of the 8-bit transparent
channels. The current email system wastes much of the bandwidth with voluminous
human-readable headers, 7-bit characters and no default compression.
Sender-pays-receiver system so any spam that does leak through still costs
the spammer. If it costs the sender
to send an email and the receiver gets
of that, most people will break even or make money. As soon as spammers have to
pay costs comparable to junk snail mail, they will drastically cut back. As it
is now, we subsidise the spammers to pester us.
The best anti-spam thinking is built-in, suitable for technopeasants
— technology along the line of Vipul’s Razor with the geeky edges shaved off. Spam
detection has to move to the server where it can be quickly headed off even
before the entire message has been delivered.
Suitable for exchanging large files and common files, similar to
Ways to protect against denial of service attacks by presenting a united
front against the spammer, rather than leaving an individual to fend for
Designed from the ground up for technopeasants. Everything is automatic and
Anti-spam clubs that police their members. Members get time-limited digital
certificates. You can accept or reject mail based on the reputation of the
self-policing club. You can then be anonymous, uniquely identifiable, but still
have a public reputation. Spam club members either police themselves or destroy
their own reputations.
The original email system was cooked up overnight as a demo. The author
surely never dreamed his system would be used almost unmodified for planetary
email scheme. It needs a major overhaul.
There needs to be a separate system for public newsgroups like the
Group Lens where posters of
useful material are rewarded financially and those posting spam are fined.
Dealing with spam is a challenging technical problem and I don’t
think we will make much progress without an overhaul of the basic mail system.
This means we can’t wait for total gridlock before acting. The solution
is difficult both technically and politically and will take substantial time to
There should be a simple and uniform way on the Internet including websites,
blogs, email, social media, forums… to say, I don’t want to hear another
word from this turkey ever and I don’t want him posting on any of page I
moderate. To make this work, everyone needs to get an unforgeable digital id, that
has non-negligible cost. People and corporations are not permitted to have more than
one, so they cannot defeat the system by writing under many aliases. Technically
people would have two IDs, one where their true identity can be determined and one
where they are anonymous, or equivalently post under an arbitrary display name.
Dodging Spam Filters
Any time you send someone an email, their spam filter does a miniature Turing test on it and tries to decide if if came from a human, came from some bot you are interested in or came from an advertising bot.
If you are not careful, your message will end up in their spam folder.
You would not for example just send a bare link. You must pad it with typical human small talk.