IT Department

Spam Mail

Almost every email user encounters many unwanted advertising emails, etc. in their mailbox every day. In the Internet world, all such messages sent without the recipient’s consent are called SPAM. Spam was actually a canned food brand sold in England in the late 1960s. In 1970, in the famous British television comedy program Monty Python, a couple who did not want to eat processed food could not find anything on a restaurant menu other than products containing Spam and were forced to eat it. Inspired by this very popular sketch at that time, unwanted advertising emails also began to be called Spam.

Today, spam messages constitute more than 70% of the world’s daily Internet mail traffic. Spam senders usually send emails trying to persuade recipients about topics such as Viagra-type drugs, copies of famous watch brands, money transfer requests from the exiled king of an African country in difficulty, etc. It is generally determined that these emails come from the Far East, Eastern Europe, and North America. According to statistics about spam, approximately one in a thousand people who receive spam messages believe these messages and do what is asked. Considering that spam is sent to millions of people at once, this means a very large customer base. It has been observed that some spam senders who were caught as a result of various legal investigations gained millions of dollars in this way.

It may not be correct to describe spam messages only as messages intended for fraud. Many local or foreign individuals or companies send mass emails in order to promote their products and services to people in the quickest and cheapest way. However, both the lack of reliability of messages received in this way and the fact that, one way or another, they come without the recipient’s consent cause them to be evaluated in the same category.

Technically, in email messages, it is possible to show the sender’s name and address falsely in any way. For example, a message in which your name and address appear as the sender at first glance may be sent to any other person without any connection to you or the institution you are affiliated with. Even if the details of the message header are examined specifically and the IP address from which it was sent is found, expert hackers can connect from their location to other places and from there to other places again, and send messages with false addresses from there; detecting these may be practically almost impossible. For this reason, the sender of spam can easily hide their real identity and location if they wish.

The source of nourishment for spam senders is the email addresses to which spam will be sent. The more email addresses a spammer has, the greater their potential customer base is. For this reason, email addresses have also become a commercial value that is bought and sold separately. In fact, CDs containing hundreds of thousands of email addresses are even sold under the counter; moreover, their advertisements are also made through spam messages.

 There are various ways to obtain email addresses. However, most of the time, these addresses are unconsciously delivered to spammers by the address owners themselves:

1."Free Membership" sites: Many websites, from song lyric sites to forums, state that their use is free, but that membership with only an email address is required. If the site does not clearly state that it will not give the email address it has specifically obtained to anyone and will not use it for spam purposes, this address will most likely be stored in a database to be sold to spammers. In fact, even if some sites clearly state this, they still use the addresses they collect from users for spam purposes.

2.Email Forwarding: Sometimes, a message, joke, picture, etc. received by email from an acquaintance is greatly liked, and the user immediately forwards it to their own acquaintances. While forwarding, the addresses of previous senders also accumulate within the email. Eventually, these messages, which pile up like a mountain, fall into the hands of a spammer. This may happen through spyware found on any recipient’s computer, or the recipient themselves may even be someone who sells addresses to spammers in exchange for money. Some messages are prepared especially to exploit users’ emotions. For example, claims that a very popular product is actually carcinogenic; requests to vote in order to protest websites that contain insults against national and moral values; requests for help for a girl with cancer who does not actually exist; messages that are made to be believed to bring good luck; and many others can be examples of this.

3.Websites: There are robot software programs that browse websites around the world and collect data. These programs scan websites and try to find email addresses within them. The character they try to capture the most is the “@” sign. For this reason, on some websites, email addresses are written in the form of “someone (at) something.com” so that they are less likely to be caught by such robots. 

4.Computer viruses: A virus that enters a person’s computer and is designed for this purpose can, without the person’s knowledge, collect addresses from the address book of the email program (Outlook, etc.) and even from all accumulated emails, and send them to spammers over the Internet.

Although there is no complete formula for protection against spam, taking at least some precautions may be effective in reducing their number:

1.Obtain a separate address from a provider that offers free email addresses (GMail, Yahoo, Hotmail, etc.) and provide this address as your email address to websites that require membership. From time to time, log in with this address and delete all accumulated emails in a single step, since this is not your regular address and no useful email is expected to arrive there.

2.Some written forms also ask for an email address. If it is not a very trusted place, the same procedure above can be applied to these as well. 

3.Edit the content of incoming messages that you want to forward to other people, delete any other email address headers they may contain, and write the email addresses of the people you will send the message to in the “BCC” line instead of the “To” line. The address of a person to whom an email is sent with BCC (Blind Carbon Copy) will not be seen by other recipients. This will prevent the spread of addresses.

4.Do not let the spammer know that you exist. Any unwanted message you receive may contain a statement such as “if you do not want to receive this message, click here or send a message here.” Responding to these by following the instructions will not remove the recipient of the spam from that list; instead, it informs the spammer that the address is truly valid and actively read, and this further strengthens your place in the spammer’s address book.

5.Check the accuracy of the content of incoming messages before “forwarding” them to someone else or to a discussion list. For example, the site mentioned in a message claiming to contain hostility toward Atatürk and saying something like “do not enter the site and increase its counter, click here to protest and send it to those around you” may not actually exist, or it may have been opened and closed years ago. Such messages are called “hoax,” “scam,” “con,” etc. Popular search engines can be used to check whether they are true. For example, if the words “hoax checking” are entered in Google, it is possible to reach websites related to “urban legends” circulating by email.

8.Do not install or run illegal software or software of unknown origin. Most password crackers, cracked programs, illegal programs, and games are Trojans. In other words, their hidden function is to cause harm in some way. They may also work to send your address and the addresses of people in your address book to spammers. Since you install and run these programs voluntarily, they are not considered viruses, and antivirus programs do not warn you.

Pamukkale University Information Technology Department performs spam control on email addresses with the @pau.edu.tr extension, and suspicious messages are moved to the “Junk Mail” folder. This folder is also automatically deleted at certain intervals due to quota problems.

Although it is easy for a person to understand whether a message is Spam or not, the situation is not the same for a computer. Automatic scanners look for some popular keywords in the message, such as Viagra, try to determine whether the name in the “from” line of the message has sent messages to an abnormal number of people, and even try to connect to spam databases located at certain points around the world to obtain new keywords and perform their checks using them. Spam senders, on the other hand, write keywords in distorted forms in order not to be caught by these scanners, such as “/ | A AA GG rA,” or they write the text inside an image file instead of as normal text and send that file as an attachment, or they discover completely different methods that would not come to mind. This technical battle continues mutually. For this reason, no spam scanner can filter such messages one hundred percent.

Although the solution to the problem seems to lie in countries making legal regulations regarding spam, it is equally important for individuals to protect themselves against harmful software such as viruses and spyware, to think twice before giving their email addresses to free websites, and not to run programs of unknown origin.

PHISHING

This word, derived by distorting the word “fishing,” which means catching fish, is used on the Internet to mean sending emails to users regarded as “fish” and directing them in order to gain benefit or cause harm.

These types of email messages try to make users harm themselves by taking advantage of their lack of knowledge. For example, a message such as “On this date, such-and-such virus will attack all over the world through the Internet. Do not turn on your computers on that date!” would do nothing more than voluntarily deprive you of using your computer that day. Or, worse, an email such as “Attention! If you see a file named such-and-such.dll under your computer’s Windows/System directory, it means that your computer has been infected with such-and-such virus. Delete that file immediately and restart your computer!” may succeed in making your computer unusable by having you delete, with your own hands, a file that may actually be necessary for your system.

Apart from these, it should not be forgotten that no serious institution, especially banks, attempts to obtain or change your personal information by email. They do not send an email saying “click here to change your personal information.” With technical tricks, the link you are asked to click inside the email may indeed be made to look like the address of the real bank. However, when that link is clicked, it may actually redirect you to a completely different address that imitates the real bank’s web page, and the user may not notice this. In such cases, the best method is to call the relevant institution and confirm the situation.

Credit card numbers, personal information, and all kinds of passwords, including email passwords, should never be sent openly by email. Technically, an email passes through many points before reaching its destination. At these points, it is always possible for the content of emails to be “listened to.”

Especially in areas where wireless Internet is used, websites such as banks should not be accessed unless necessary, and transactions involving credit cards, passwords, etc. should not be carried out, regardless of where they are related to. Signals in the air can be listened to by third parties. Even if the signals are encrypted, it should not be forgotten that all encryption methods are secure only until they are broken.

You can access your emails that have been filtered and marked as spam in the email system from here...

(To proceed past the security warning, select “Advanced” and then “continue.” Enter your email address in the User Name / Username field and your Pusula password in the password field. You can choose your Language preference at login. Spam emails are available for the last 14 days.)