Recently, several members have complained about receiving unsolicited commercial email (UCE), commonly known as SPAM, through their IEEE email aliases.  There was even some concern that IEEE or the Huntsville Section might have sold addresses from the email list.  Let me assure you this is not the case.  IEEE carefully guards all email addresses, and very few members of the Huntsville Section Executive Committee (ExCom) even have access to the list.

So why are we getting spam that appears to be coming from other IEEE members?  Spammers, like virus writers, are employing "human engineering" to proliferate their wares and avoid detection.  Spammers know that you are much more likely to open an email from someone you know or from an organization you trust, so they attempt to "harvest" such information from a variety of sources.  Spammers have even been known to use brute force tactics like sending every possible character combination to a domain in an attempt to find valid email addresses.

Email is a very simple, robust and open protocol.  It was devised in the early days of the Internet, before security became a major concern.  As such, it is easy to spoof.  Every email is a text file that consists of two parts.  There is a highly formatted section, called the header, that contains routing and delivery information, and there is an unformatted section that contains the body of the message.  Attachments were an afterthought and must be encoded to text (UUEncode and BinHex) before they can be appended to the unformatted body section of the email text file.  All the spammer has to do is properly format the header section of an email text file and leave it in the right place for the mail server to pick it up and forward it to the recipient.

By analyzing the header section of the email, we can attempt to determine the origin of an email.  The following is an analysis of one offending email received by a member of the ExCom that appears to have originated from another member of the ExCom.  The header for this message appears below.  I have highlighted significant sections with a bold red font.  Each server that handles the message inserts a "Received" line at the top of the header.  Tracing the "Received" information back to the origin makes the message appear to originate from a block of addresses assigned to the Internet Assigned Numbers Authority (IANA) in California, but the message ID appears to originate at Keio University in Japan.  This appears to be a forged address.  Although the "From" and "Reply To" fields appear to be someone we know, they actually point to a server in Austria.  This email is carefully crafted to make it look like it originated from an IEEE member to give it validity when sent to other IEEE members.

Received: by ant.hiwaay.net (mbox jameswa)
 (with Cubic Circle's cucipop (v1.31 1998/05/13) Wed May  5 19:12:51 2004)
X-From_: nphliw@plus.at Wed May  5 08:14:23 2004
Return-Path: <nphliw@plus.at>
Received: from ruebert.ieee.org (ruebert.ieee.org [140.98.193.10])
 by mail.hiwaay.net (8.12.11/8.12.11) with ESMTP id i45DELMj678256
 for <jameswa@hiwaay.net>; Wed, 5 May 2004 08:14:21 -0500 (CDT)
Received: from hormel2.ieee.org (gemini3.ieee.org [140.98.193.188])
 by ruebert.ieee.org (Switch-3.1.0/Switch-3.1.0) with ESMTP id i45DEKRw000164
 for <james-w-anderson@ieee.org>; Wed, 5 May 2004 09:14:21 -0400 (EDT)
Received: from hormel2.ieee.org (localhost [127.0.0.1])
 by hormel2.ieee.org (Switch-3.1.2/Switch-3.1.0) with ESMTP id i45DDwus000912
 for <james-w-anderson@ieee.org>; Wed, 5 May 2004 09:14:21 -0400 (EDT)
Received: (from defang@localhost)
 by hormel2.ieee.org (Switch-3.1.2/Switch-3.1.0/Submit) id i45DD3qg000078
 for <james-w-anderson@ieee.org>; Wed, 5 May 2004 09:13:04 -0400 (EDT)
Received: from c-24-129-223-38.se.client2.attbi.com (c-24-129-223-38.se.client2.attbi.com [24.129.223.38])
 by hormel2.ieee.org (8.12.9/8.12.9+MIMEDefang) with ESMTP id i45DCmuS029869; Wed, 05 May 2004 09:13:04 -0400 (EDT)
Received: from 174.44.154.168 by 24.129.223.38; Wed, 05 May 2004 17:08:30 +0300
Message-ID: <SPMSYHETOIBVBYUPKYHAIIVS@doi.cs.keio.ac.jp>
From: "Wiley Fitzpatrick" <nphliw@plus.at>
Reply-To: "Wiley Fitzpatrick" <nphliw@plus.at>
Subject: university degrees for sale!
Date: Wed, 05 May 2004 13:04:30 -0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="--A8BE2259ECB3DB7D105"
X-IP: 20.48.96.200
X-Priority: 3
X-UCE-Filter-Settings: jameswa redirected to 90_OPT_OUT
X-Scanned-By: IEEE UCE Filtering Service
X-Spambayes-Classification: ham
X-Spambayes-MailId: 1083802378-2

So how do we avoid spam?  The Center for Democracy and Technology did a study of spam and published their results in March 2003 (http://www.cdt.org/speech/spam/030319spamreport.shtml).  I don't fully agree with all of their recommendations, but I do recommend the following:

• Don't use your real email address when posting to the Usenet or newsgroups.  This is a popular source of email addresses for spammers. Use a disposable address.  You can get free, disposable email addresses from many organizations like Yahoo.com.

• Beware of online forms collecting email addresses.  Be sure you know how the address will be used, and check the websites privacy policy.  If you are unsure of the website, but need a real email address, consider using a temporary address from a source like SpamGourmet.com (http://www.spamgourmet.com).  Unfortunately, some sites are now blocking these addresses.

Spam is a serious problem on the Internet, and a study by San Francisco-based market research company Ferris Research estimated that spam cost U.S. corporations $8.9 billion in 2002.  Unfortunately, we will just have to deal with it.  No amount of Government regulation is going to stop it.