Sunday, August 23, 2015

Mitigating Spamming

I've had yet another person get stuck with a spammer using their contact list and sending spam task though they were the person. It happens so much, and the Internet seems to have so many different answers, I figured I'd send this consolidated list over to him, and share here.

Short answer

A few big spam companies get your email list from finding the email addresses of your friends on Facebook that publicly list their email address. They also get it from forums you post to, your blog (emails are often listed there) and forwarded messages from someone else. Those spammers then sell the email lists to other people.
  1. Change your password often. It’s not foolproof, but is a good idea. Also make your email password different from all other passwords you use on the web.
  2. When registering for sites, use a throw-away email address and some password.
    1. Or make your current email a throw-away and make a new email account that you tell your friends to use (I made my Yahoo a throw-away that I check at most a few times a week and have friends email me at Hotmail).
  3. Encourage your friends to not make their email available publicly (ideally not even to friends) on Facebook.
  4. Where possible, send messages using the bcc field instead of the normal "To" field
  5. Additionally, set Facebook so that people who are not your friends can see your friends.
    1. In Facebook hit the Security icon
    2. Select See More Settings
    3. Select Followers
    4. Set Who Can Follow Me to Friends
    5. In Timeline and Tagging make sure everything is set for Friends
    6. In Privacy
    • Set Who Can Look Me Up to Friends of Friends  
    • Set Do you want other search engines to link your timeline to No 
    • This will make your profile harder to find. Since yours is really public, you may not want to make the changes I mentioned in privacy.

Detailed Answer

So, here’s some information that explains how the spamming works, both how they get emails, and how it looks like it came from you.
  1. The very easy way spammers get emails to send from (and send to)
    1. http://krebsonsecurity.com/2011/04/where-did-that-scammer-get-your-email-address/
  2. Possibly the worst formatted page, but explains how a spammer makes an email and puts in your “from” address.
    1. http://askbobrankin.com/spammer_using_my_email_address.html
  3. You’re emails already hacked, but here’s some advice on how to handle keeping your account safe in the future.
    1. https://askleo.com/how_do_i_protect_my_email_address_book/
    2. The best recommendation here is to change your password at least once a year
  4. This is how the scammer lists in item 1 get your email. We have tried to make your email more obscure on the website, but that doesn’t stop the other places you subscribe to.
    1. http://www.cnet.com/forums/discussions/how-do-spammers-get-another-person-s-email-address-and-172427/
Peace,
Tom

No comments: