JOSHUA TIME 149
This is from yahoo about spam not the food but those annoying emails...
I still get a lot of junk mail called spam so I have to click the message and then click the spam button.
I had important emails in my bulk mail folder which is a yahoo junk mail.
I HAVE JUST GOT A VIRUS FROM THE YAHOO SPAM
Spam Q & A
What is Yahoo!'s anti-spam and abuse policy?
Yahoo! is committed to preventing spam and abuse. Learn more about Yahoo!'s official spam and abuse policy.Yahoo! Newsletters
Yahoo! sends email newsletters you request to your mailbox. To adjust your subscription settings visit the Newsletter Subscriptions section of the Account Information Page:
Yahoo! will also occasionally send promotional messages, from Yahoo! or from select third parties. If you do not want to receive these offers and other marketing communications, you can adjust your marketing preferences via the Marketing Preferences section of the Account
What is spam?
Spam is any message or posting, regardless of its content, that is sent to multiple recipients who have not specifically requested the message. Spam can also be multiple postings of the same message to newsgroups or list servers that are not related to the topic of discussion. Other common terms for spam include unsolicited commercial email (UCE), unsolicited bulk email (UBE) and junk mail.
Web sites that are less reputable or have privacy policies that are less strict may sell your email address to spammers. Those who send spam typically have purchased a list of email addresses from these web sites. They send messages from numerous different - and often falsified - addresses to all areas of the Web, which makes them hard to track.
Why am I getting spam?
Spammers send unsolicited email with the hope that you will buy their products or services - it's the same concept as junk mail delivered to your house. Since it is very inexpensive to send an email, spammers can afford to send millions of them, even if only a small number of people respond by purchasing their products.
What is Yahoo! doing to fight spam?
In order to meet the Yahoo! Mail commitment to provide you with the best email experience out there, we've developed innovative, effective tools you can customize to combat spam:
SpamGuardSend annoying spam email directly to the Bulk folder.
SpamGuard PlusCustomize your filters to your preferences.
AddressGuard™Create alternate email addresses that disguise your real Yahoo! Mail address - and simply throw them away if a spammer gets hold of them.
FiltersAutomatically sort incoming messages to different folders.
Block AddressesStop receiving email from particular email addresses or domains that you select.
Image BlockingPrevents spammers from knowing you opened their email, and protects you from viewing images you don't want to see.
Yahoo! is also fighting spammers in court and supporting legislation to prevent spam.
Find out more about Yahoo!'s legal and legislative action.
What about spam that has viruses?
Many viruses are sent as email attachments, which may be sent as spam. These attachments are not a threat to your computer if you do not download them.
Yahoo! Mail is a web-based email system. Your email messages are stored on our servers, rather than on your computer. Because of this, simply viewing your Yahoo! Mail without downloading any attachments does not make your computer vulnerable to viruses.
Learn more about viruses sent by email
You are also protected from viruses in spam by using the Bulk mail folder and the "Spam" button. When SpamGuard is on - its default setting - the majority of spam messages and any viruses attached to them are automatically delivered to the Bulk mail folder. You can delete these messages without reading them or opening their attachments.
If an unsolicited email with an attachment is sent to your Inbox, you can report the message as spam without opening it. Select the message in your Inbox and click the "Spam" button above your messages. Then click "OK." In addition to reporting that message as spam, Yahoo! Mail will automatically delete it.
Learn more about reporting spam.
What is SpamGuard?
Yahoo! Mail helps you combat spam with advanced, patent-pending SpamGuard technology. Our enhanced SpamGuard uses artificial intelligence to automatically detect and direct spam into your Bulk folder. With SpamGuard, your Inbox stays clear for your important personal and professional messages.
To check if SpamGuard is on (the default):
Click on "Bulk" in the left navigation bar.
Above the list of messages, if any, you will see a notice that says SpamGuard is ON or OFF.
If SpamGuard is OFF, click the text to the right that says "Edit Settings."
With SpamGuard turned on, most spam will go to your Bulk folder instead of your Inbox.
What is SpamGuard Plus?
SpamGuard Plus is an advanced spam fighting system that is completely customized according to your individual preferences. You tell the filter what you want and what you don't and over time, this feature learns to deliver the mail appropriately. SpamGuard Plus is only available to Yahoo! Mail Plus subscribers.
How do I use SpamGuard Plus?
You train the filter by clicking "Spam" (in your Inbox) or "Not spam" (in your Bulk folder). If a message is directed incorrectly, tell us by clicking the appropriate button.
If a spam message is delivered to your Inbox - click "Spam."
If a non-spam message is delivered to your Bulk folder - click "Not spam."
The system records your preferences and keeps your own personal database of rules to reject spam. (This is called a Bayesian filtering system.)
Smart filtering is turned on by default for Mail Plus users. You can turn it off by changing the settings in the Spam Protection section of the Mail Options page, but we strongly recommend you leave it turned on for the best anti-spam protection.
What is the Bulk folder?
When SpamGuard is on, messages that trip its "spam alarm" are automatically directed to the Bulk folder - which reduces the amount of spam you receive in your Inbox.
Messages will be removed from your Bulk folder periodically. You may choose to delete messages from your Bulk folder after 1 month, 2 weeks, 1 week, or immediately. Messages in your Bulk folder do not count toward your mail storage quota.
The Bulk folder doesn't generate spam, and you won't receive any additional mail as a result of this folder. The system only diverts from your Inbox incoming messages that appear to be spam.
Why are messages I want occasionally directed to my Bulk folder?
Yahoo! makes a concerted effort to deliver solicited commercial and personal email directly to your Inbox. If you believe that a message delivered to your Bulk folder is more appropriately delivered to your Inbox, please select the message(s) and click the "Not spam" button above your messages.
What is AddressGuard?
If you're ever worried about giving out your email address on a web site, AddressGuard is for you. Instead of leaving your address open to spam, you can use a disposable email address, while still accessing all your mail in one place.
You can create up to 500 disposable addresses with Yahoo! Mail Plus. Use these when you want to give an email address to a site that you suspect might share or sell it. Create several if you shop at different places and want to have a different email address for each store. You can view messages sent to each of your disposable addresses in your Inbox or a folder that you designate.
Each disposable address has two parts: a base name and a keyword.
Base name
The base name is the same for all your disposable addresses but it's different from your Yahoo! ID. By using this profile, you can keep spammers from guessing your Yahoo! ID and your primary email address.
Keyword
The keyword identifies what you are using the disposable address for. You can use the name of the company to which you are providing the disposable email address, or another word that you will remember.
All disposable email addresses will take the form basename-keyword@yahoo.com.
Example:
Your Yahoo! ID: johnmichaeldelaneyYour base name: dairyman88 (so spammers cannot figure out your real email address)Keyword: Widget Designs (based on the store to which you want to give the address)Your Disposable Email Address: dairyman88-widgets@yahoo.com
If Widget Designs shares or sells this disposable email address and it begins receiving spam, you can simply shut down dairyman88-widgetdesigns@yahoo.com without affecting your primary Yahoo! Mail address or any of your other disposable addresses.
To shut off a disposable email address, click the Mail Options link in the upper-right corner of your Inbox. Select AddressGuard from the list of options. Select the address you want to turn off and click delete. You will no longer receive any messages sent to that address. If you still wish to communicate with Widget Designs, you will have to create another disposable email address.
For more information about the AddressGuard feature, take the tour. (Requires Macromedia Flash Player.)
Can I view only those messages from people in my Yahoo! Mail Address Book?
You can access several different views of your Inbox by using the View command above your messages. Click the arrow to reveal a menu with the following choices: All Messages, Messages from My Contacts, Messages from Unknown Senders, Unread, and Flagged.
Messages from My Contacts:
When you choose "Messages from My Contacts" from the menu, you will see a view of your Inbox that displays only messages sent from people whose email addresses are in your Address Book.
However, in this view you will not see messages from your contacts who you have not yet listed in your Address Book. This may result in some missed messages that you want to read. To see all the messages sent to you, select "All Messages" from the menu.
To add people to your Address Book so that you are able to see their email messages in the "Messages from My Contacts" view, open a message from one of them and click on the link next to their name: "Add to Address Book." You can also click the "Addresses" button on the Yahoo! Mail toolbar to add addresses anytime.
Messages from Unknown Senders
When you receive messages from those not in your Address Book that are not snagged as spam by SpamGuard and directed to the Bulk folder, they will appear in the "Messages from Unknown Senders" view of your Inbox. These messages may not be spam, but the sender's email address is not in your Address Book.
To add a sender to your Address Book, open the message and click "Add to my Address Book" at the top of the message or use the "Addresses" button on the Yahoo! Mail toolbar. Future messages from that sender will appear in your "Messages from My Contacts" view.
How do I add names to my address book quickly?
Another easy way to add names into your Address Book is QuickBuilder. QuickBuilder setup allows you to search your Yahoo! Mail messages for contacts and add them to your Address Book. It's easy and fast!
Use Address Book QuickBuilder
How do I view all my messages?
To see the all the messages in your Inbox, click the "Inbox" link in the left navigation bar. This will show you a combination view of "Messages from My Contacts" and "Messages from Unknown Senders."
How can I avoid spam?
Never respond to unsolicited email. To those who send spam, one response or "hit" from thousands of emails is enough to justify the practice. Additionally, it validates your email address as active, which makes it more valuable, and therefore opens the door to more spam.
Never send your personal information (credit card numbers, passwords, etc.) in an email. Spammers can fake the format of Yahoo! and other trusted sites. Yahoo! will never ask you to send your password or credit card information by email.
Never follow a spam email's instructions to reply with the word "remove" or "unsubscribe" in the subject line or body of the message unless you trust the source. This is often a ploy to get you to react to the email. Not only will spammers fail to unsubscribe you, they will have even more incentive to sell your address - which you've validated with your response.
Never click on a URL or web address listed within a spam email, even if the message tells you that's how you unsubscribe. This also alerts the sender that your email address is active and can result in more spam.
Never sign up with sites that promise to remove your name from spam lists. Although some of these sites may be legitimate, most are actually address collectors. If a collector records your address, they will value it more highly because it is active.
What is a "phishing" scam?
Phishing is a type of online fraud where the perpetrators attempt to acquire personal, financial, and/or other account information (such as user IDs, passwords, credit card numbers, PINs, etc.) from unsuspecting victims. This type of fraud is typically initiated by sending an unsolicited but official-looking email claiming to be from a reputable company, such as a bank, a credit card firm, or an online establishment. The fraudulent email usually contains an urgent message that tries to lure the recipient into providing sensitive information. To avoid being victimized by phishing scams, below are several useful tips:
Do not respond to emails asking for any personal or financial information. Legitimate companies will never ask you to verify or provide any confidential information in an unsolicited email.
Be cautious when clicking on links within a suspicious email.Most phishing emails contain a link that leads to an official-looking web page which requires the recipient to log in or enter some personal information. Though the web page may contain official logos and look exactly the same as the legitimate company's web site, any information submitted via these spoofed web page(s) will be sent to the perpetrators of the scam.
If you have any doubt regarding the authenticity of a web site you have been directed to in an email, we strongly recommend that you open a new browser and type the known URL of the company in the browser yourself, or call the company directly via telephone.
Never log in or enter private information in a pop-up window.Clicking on links within phishing emails may direct your browser to a legitimate web site while, at the same time, opening another pop-up window wherein you are asked to enter your information. This makes it appear like the pop-up window is part of the legitimate site when, in reality, it is not.
(Note: Yahoo! offers a Pop-Up blocker in our free Yahoo! Toolbar that blocks most unwanted pop-up windows from appearing.)
Be alert for suspicious emailsIt is easy to forge an email and make it appear like a legitimate company sent it. When dealing with emails that pertain to information that is sensitive in nature, it is best to err on the side of caution. Below are a few signs indicative of phishing emails:
Urgent account notifications that are not addressed to you personally but which require action on your part relating to your account(s).
Customer notifications that contain incorrect spelling or poor grammar.
Account/billing email notifications from credit card firms or other financial institutions that do not reference the last few digits of your account number, or that contain no specific details pertaining to your account/billing information or activity.
Account notifications that are delivered to your Bulk Mail folder.
(Note: While we do our best to deliver legitimate email to your Inbox, we may occasionally deliver legitimate email to your Bulk Mail folder. We encourage you to check your Bulk Mail folder periodically for legitimate email and, as always, practice caution when dealing with questionable or suspicious emails.)
What do I do if I get an email asking for my personal information?
If you have received a phishing email asking you to verify and/or provide information regarding your Yahoo! account, please forward the email to mail-spoof@cc.yahoo-inc.com. We will investigate the email and take appropriate action.
If you have received a phishing email referencing a non-Yahoo! website, email address, or service, we encourage you to report such incidents to the appropriate provider or company involved. They will be in a better position to take appropriate action. You may also wish to report the phishing email to the Federal Trade Commission (FTC) by forwarding it to spam@uce.gov. For additional information and tips on protecting your information online, please visit the Yahoo! Security Center and the FTC's Identity Theft web site.
Common Spammer tricks and tips to avoid them
Here's how you can avoid some of the tricks spammers use to get your email address.
Common Spammer Tactics
Tips to Prevent More Spam
Common Spammer Tactics
"Help! My Inbox is being overrun with spam! How do spammers get my address?"
Some of the most common questions we receive from our users are about spam. People feel it is getting worse, and they want to know why. Spammers are employing more advanced tactics and getting more aggressive in their spamming techniques. To understand how to stop spam, you should learn some of the tricks that spammers use to gain access to your Inbox.
Dictionary attacks:
The spammer takes a "dictionary" of common words and names, combines them, and sends email addressed to all different variations such as johndoe1@example.com, johndoe2@example.com, johndoe3@example.com.
Spammers typically do this at leading email providers that have a large base of users. Yahoo! Mail's enhanced SpamGuard can identify and prevent many dictionary attacks.
Email spoofing:
The spammer trick of choice these days, email spoofing, uses a faked email header that makes an email message look like the message came from someone or somewhere other than the spammer. It's fairly easy to make an email appear that it's sent from your own address or a seemingly credible source. Spammers use spoofing to get you to open and respond to their mail. Remember, you should never respond to unsolicited email - instead, report it by clicking the
"Spam" button in Yahoo! Mail.
Spoofing Yahoo!
Many spammers try to spoof or imitate Yahoo! in the hope that you will submit your personal account information. Please be aware that Yahoo! will never ask you to email your personal information such as Yahoo! ID, password, social security number, credit card numbers, etc.
If you receive an email appearing to be from Yahoo! asking for this type of information, it's spam. Please report this email abuse by clicking the "Spam" button.
Social engineering:
This ploy tricks users into opening the spam by pretending to know the person or trying to lure the person with a "personal" subject line. Typical subject lines include "Hey how are you?," "Urgent and Confidential," "We need to meet," "I have money for you," or "It snowed again." Avoid this trick by never responding to unsolicited email, reporting it by clicking the "Spam" button, and setting up blocked addresses.
Mining message boards and chat rooms:
Do not post your email address in public places -- treat it like you would your phone number. If your email address appears on a message board, in a chat room, or any public place, spammers can use automated robots, or "bots," to search the Internet and grab your email address. We recommend using one of your Yahoo! Mail disposable email addresses - available only to our Yahoo! Mail Plus customers - when visiting message boards and chat rooms. With a disposable email address, you can monitor spam coming into that address and delete it if it gets too much spam.
Open proxy, third-party servers:
Open proxies are third-party servers that allow spammers to send mail while hiding their true identities and Internet locations (IP addresses). Many spammers use these open proxy servers to help maintain anonymity. Yahoo! Mail's patent-pending SpamGuard technology proactively protects you from this technique.
Web beacons:
An email may contain an image that is invisible to the recipient -- this is sometimes called an "invisible GIF" or "web beacon." Once the email is opened, the spammer is alerted that your address is "live." Yahoo! Mail advises that you don't open email messages if they appear to be spam.
To report a message as spam without opening it, click the box to the left of the message and then click the "Spam" button. The message will be deleted and reported as spam.
Additionally, Yahoo! Mail has an Image Blocking feature that prevents HTML graphics from loading until you determine the message is from a trusted sender. To set up Image Blocking, go to Mail Options and click on "Spam Protection."
Inserting random strings of text and characters:
To try and get through spam-control filters, spammers will insert random strings of text throughout the email to make the spam appear unique from other email. Sometimes they do this with email headers by adding spaces and characters like this: V_I_A_G_R_A. You can help fight this type of spam by not opening or responding to it and by reporting email abuse via the "Spam" button.
Chain Letters:
Many of us receive chain letters that invite you to forward the message on to your friends. Sometimes it will say you will get five cents for every email or bad luck if you send to less than five people. These are hoaxes created to promote spam. Never forward these emails thinking you will receive money for each recipient of their email.
Tips to Prevent More Spam
In addition to changing the settings on your Yahoo! Mail account, here are some other spam-fighting tips:
Protect your email address - treat it like your phone number (or use Yahoo Mail! AddressGuard™ - available only to our Yahoo! Mail Plus customers).
Use an email service that offers spam-fighting tools, like Yahoo! Mail.
Never send your password, credit card numbers, or other personal information in an email. Yahoo! will never ask you to send this type of information.
Don't post your email address in public places (e.g., newsgroups, message boards, chat rooms) where spammers mine for email addresses.
Use a Yahoo! Mail Disposable Email Address when posting online (available only to our Yahoo! Mail Plus customers).
Never respond to unsolicited email - this can alert the sender that your email address is valid.
Never click on a URL or web site listed in spam - this will also alert the sender that your email address is valid.
Never forward spam chain letters.
FUN FACTS ON SPAM
How annoyed are people about spam?
77 percent of Yahoo! Mail poll respondents said they are more aggravated by weeding through spam than they are by cleaning a dirty toilet. 1
Spam is already considered more annoying than junk postal mail and door-to-door salespeople, and it is quickly becoming as annoying as telemarketing calls. 1 Most annoying forms of spam are as follows:
Telemarketing calls
Spam e-mail
Door-to-door salespeople
Junk postal mail
Three-quarters of e-mail users think spammers should be punished, with the majority favoring stiff fines as the ideal punishment , while 8 percent think spammers should do jail time. 1
How spam affects trust
With the increase in spam, people are not comfortable giving out their primary e-mail address:
When purchasing products online: 45 percent
When subscribing to a newsletter: 56 percent
When joining an online community: 72 percent 2
As a way to control spam, one out of three survey respondents would feel more comfortable conducting online transactions with a disposable e-mail address.
How users are helping spammmers
48 percent of e-mail users still think that they can unsubscribe from spam by responding to spammers. 1 (You should only unsubscribe from a unsolicited email if you know and trust the sender.)
35 percent of e-mail users still post their addresses on message boards. 1 (Use an AddressGuard™ disposable address when posting online to protect your primary address from being harvested by a spammer.)
Why is junk email called spam? The history of spamÂ…
Unsolicited email earned the name "spam" because it resembled a Monty Python skit where a chorus of Vikings drowned out other sounds by singing "spam, spam, spam."
Early digital marketing pioneers contend that spam is actually an acronym for Simultaneously Posted Advertising Message.
The first spam email may have been sent in 1978 by a Digital Equipment Corporation salesperson to announce a product presentation. Source: The New York Times, February 9, 2003.
1. Internal Yahoo! data based on 28,000 Yahoo! Mail survey respondents, August 2003
2. Harris Interactive Survey, September 2003
FOR IMMEDIATE RELEASE
YAHOO! FURTHERS LEGAL ACTION AGAINST SPAMMERS IN CONJUNCTION WITH ANTI-SPAM ALLIANCE PARTNERS AMERICA ONLINE, EARTHLINK AND MICROSOFT
Sunnyvale, CA -- October 28, 2004 -- As part of its continued commitment to protect consumers from unwanted junk e-mail, Yahoo! Inc. (Nasdaq:YHOO - News), a leading global Internet company, today announced the filing of a lawsuit against "East Coast Exotics Entertainment Group, Inc. and Epoth LLC" for unlawfully sending sexually-explicit bulk spam e-mail messages to Yahoo! Mail users. The lawsuit was filed in the U.S. District Court for the Northern District of California in San Jose, under the federal CAN-SPAM anti-spam law. In conjunction with Yahoo!'s lawsuit, members of the industry's anti-spam alliance, including America Online, EarthLink and Microsoft also announced the filing of lawsuits against unlawful spammers.
"With today's lawsuit against East Coast Exotics Entertainment Group, Inc. and Epoth LLC, we are holding spammers directly accountable for unlawfully disguising their identity and using this practice to deceive e-mail users," said Mike Callahan, senior vice president and general counsel,
Yahoo! Inc. "Consumers trust Yahoo! to provide a safe and secure experience, which is why we take an aggressive, multi-faceted approach to protect e-mail users through legal efforts, industry collaboration and technological enhancements."
Allegations described in the complaint include direct violations of the CAN-SPAM law, as listed below. The full complaint can be found at: http://antispam.yahoo.com/.
Sent sexually explicit material in the subject lines of e-mail messages
Disguised e-mail identity by including false designations of the originating e-mail addresses
Sent from e-mail accounts obtained for the express purpose of sending spam
Contained misleading header information to disguise the origin of the messages
Falsified the transmission path, using open proxies, to disguise the origin of the messages
Failed to provide a clear option to "opt-out" or unsubscribe from future e-mails
Failed to include the physical postal address of the sender in the messages
Failed to indicate that the spam messages were advertisements or solicitations Violations were also filed under the Computer Fraud and Abuse Act, the California Computer Crime Statute and the civil conspiracy law.
Industry EffortsThis is the second round of junk e-mail-related enforcement actions filed by members of the anti-spam alliance, which was founded in April 2003 and is led by Yahoo!, Microsoft, EarthLink and AOL. On March 10, 2004, these companies collaborated to file the first major industry lawsuits against spammers alleging violations under the new CAN-SPAM federal law, which went into effect on January 1, 2004. CAN-SPAM provides strong enforcement tools and allows for harsh, new penalties against large-scale spammers who use tactics of fraud, deceit and evasion to spread their junk e-mail messages.
Information on the other Companies' lawsuits filed today follows:
America Online: America Online filed two lawsuits in Federal Court - both naming numerous "John Does" as Defendants and alleging violations of Federal and State laws. One lawsuit is the very first to expressly target "SPIM" for AOL, and the most significant "spimmer" lawsuit ever filed in the industry, as it addresses instant messenger spam and chat room spam. The next lawsuit is the first AOL enforcement action against a spammer peddling controlled substances, including Vicodin and other pharmaceuticals, which are legally available only with a physician's prescription.
EarthLink: EarthLink filed a lawsuit against numerous "John Doe" defendants who used illegal and deceptive e-mails to advertise prescription drugs available without a legitimate prescription and low mortgage or loan rates, in many cases attempting to collect and re-sell consumers' names and contact information. EarthLink's complaint charges the defendants with violating the
CAN-SPAM Act along with other federal and state statutes.
Microsoft: Today's three lawsuits filed by Microsoft allege that defendants spoofed the domains of all four Internet service providers and used open proxies to route the e-mails. The defendants
- one named and two "John Does" - allegedly sent millions of e-mails soliciting herbal growth supplements, mortgage services and get-rich-quick schemes, all in violation of the CAN-SPAM federal law. Additional details of all four companies' lawsuits are available on their respective company press web sites.
On the technical side, these companies collaborated in June to present a host of detailed best practices and technical recommendations for the entire industry in an effort to fight the scourge of spam. Their proposals recommended actions and policies for the entire online industry - and primarily focused on two key issues: helping solve the e-mail forgery problem by eliminating domain spoofing through cryptographic-based solutions and Internet Protocol (IP)-based solutions; and best practices to help prevent ISPs and their customers from being sources of spam.
About Yahoo!Yahoo! Inc. is a leading provider of comprehensive online products and services to consumers and businesses worldwide. Yahoo! is the No. 1 Internet brand globally and the most trafficked Internet destination worldwide. Headquartered in Sunnyvale, Calif., Yahoo!'s global network includes 25 world properties and is available in 13 languages.
For more information, press only: Mary Osako, Yahoo!, (408) 349-6255, mosako@yahoo-inc.com Nicholas Graham, America Online, (703) 265-1746 Alexandra Trask, Earthlink, 404-748-7267, traska@corp.earthlink.net Lou Gellos, Microsoft, (425) 707-2692, lgellos@microsoft.com
# # #
Yahoo! and the Yahoo! logo are trademarks and/or registered trademarks of Yahoo! Inc.All other names are trademarks and/or registered trademarks of their respective owners
Copyright © 2004 Yahoo! Inc. All
Spam Litigation and Legislation Yahoo! Furthers Legal Action Against Spammers in Conjunction with Anti-Spam Alliance Partners America Online, EarthLink and Microsoft: October 28, 2004
Current Anti-Spam Legislation
In December 2003, President Bush signed legislation to help fight spam email. The bill, known as the CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003), preempts many provisions of existing state anti-spam laws, except where those laws cover fraud, deception, or other computer crimes. The Act took effect on January 1, 2004.
The bills that are currently in Congress that involve spam are listed on the Library of Congress web site. To view the most current versions, follow these instructions:
Go to the Legislative Information section of the Library of Congress web site.
Enter the word "spam" in the box to search for a word or phrase.
The results will show you the current spam-related bills being considered in Congress.
Please contact your local congressional representative for state and local spam-related legislative information.
Current Spam Litigation
Yahoo! is also fighting spam through litigation against individuals and companies who have violated our policies and the law. The following are short summaries of a few cases Yahoo! has filed against suspected spammers.
Case Number C04 4555
On October 28, 2004, Yahoo! filed suit against East Coast Exotics Entertainment Group and Epoth LLC in the Northern District of California for transmitting unauthorized, unsolicited and unwanted commercial electronic mail to Yahoo! mail users in violation of the CANSPAM act.
Yahoo! Inc. v.
East Coast Exotics Entertainment Group and Epoth LLC, d/b/a Computertrends, Ipay-Epoth.com, CTBilling.com, Paidout.com, Herbal Mind, Membershangout.com, and John Does 1-5, inclusive.
Yahoo! resources:
Complaint: Case Number C04 4555
Press Release
Case Number 04 00965
On March 9, 2004, Yahoo! filed suit against Eric Head, Matthew Head and Barry Head in the Northern District of California for transmitting unauthorized, unsolicited and unwanted commercial electronic mail to Yahoo! mail users in violation of the CANSPAM act.
Yahoo! Inc. v.
Eric Head, Matthew Head and Barry Head, individuals, d/b/a Golddisk.net, Netsales Industries, Gold Disk Canada, Inc., Infinite Technologies Worldwide, Inc., Head Programming, Inc. and John Does 1-5, inclusive.
Yahoo! resources:
Complaint: Case Number 04 00965
Press Release
Case Number CO3 01942
On April 29, 2003, Yahoo! filed suit against Jonathan Donner in the Northern District of California for transmitting unauthorized, unsolicited and unwanted commercial electronic mail to Yahoo! mail users.
Yahoo! Inc. v.
Jonathan Donner, d/b/a Robert Hart,A2W Digital Communications LLC, d/b/aPoison Dragon Communications and d/b/aInfo Hosting and Does 1 through 5, inclusive.
Case Number CO3 01944
On April 29, 2003, Yahoo! filed suit against Victor Plante in the Northern District of California for transmitting unauthorized, unsolicited and unwanted commercial electronic mail to Yahoo! Mail users. On November 19, 2003, the Court entered final judgment in favor of Yahoo! Inc. and against Victor Plante and Ainet.us, Inc. Damages awarded were as follows: (1) $995,350 in statutory damages, (2) $19,546.30 in attorney's fees, and (3) $447.56 in costs for a total award of $1,019,343.46.
Yahoo! Inc. v.
Victor Plante, AINet.us, Inc., andDoes 1 through 5, inclusive
Case Number CO3 01943
On April 29, 2003, Yahoo! filed suit against PassionUp.com and its owner in the Northern District of California. Without admitting liability, the defendants agreed to settle the case. This settlement includes certain conditions regarding PassionUp.com's ongoing transmission of email messages to Yahoo! Mail users.
Yahoo! Inc. v.
Bonanzaoffers.com, Passionup.com,Optindeals.com and Free-Gift-Offers.com andDoes 1 through 5, inclusive
Case No. CO3 01945
On April 29, 2003, Yahoo! filed suit against Eddie Davidson in the Northern District of California for transmitting unauthorized, unsolicited and unwanted commercial electronic mail to Yahoo! Mail users.
Yahoo! Inc. v.
Eddie R. Davidson d/b/a Snagster.net and d/b/aSnagster Inc. and d/b/a Snagster Corp. and d/b/aDoes 1 through 5, inclusive
Civil Action No. 01-1279-A
On November 2, 2001, Yahoo! filed its First Amended Complaint against Rik Covell and BTV Industries in the Eastern District of Virginia. On March 27, 2002, the Federal Trade Commission filed its own complaint under seal, eventually obtaining a temporary restraining order against the defendants.
Yahoo! Inc. v.
Rik Covell, BTV Industries andJohn Does 1-100.
Links to Yahoo! policies
Yahoo! Anti-Spam Policy
Yahoo! Privacy Policy
Yahoo! Terms of Service
Other Online Anti-Spam Resources
FTC Anti-Spam Site
Yahoo! Search Results for "Spam Resources"
DomainKeys: Proving and Protecting Email Sender Identity
Email spoofing - the forging of another person's or company's email address to get users to trust and open a message - is one of the biggest challenges facing both the Internet community and anti-spam technologists today. Without sender authentication, verification, and traceability, email providers can never know for certain if a message is legitimate or forged and will therefore have to continually make educated guesses on behalf of their users on what to deliver, what to block, and what to quarantine, in the pursuit of the best possible user experience.
DomainKeys is a technology proposal that can bring black and white back to this decision process by giving email providers a mechanism for verifying both the domain of each email sender and the integrity of the messages sent (i.e,. that they were not altered during transit). And, once the domain can be verified, it can be compared to the domain used by the sender in the From: field of the message to detect forgeries. If it's a forgery, then it's spam or fraud, and it can be dropped without impact to the user. If it's not a forgery, then the domain is known, and a persistent reputation profile can be established for that sending domain that can be tied into anti-spam policy systems, shared between service providers, and even exposed to the user.
For well-known companies that commonly send transactional email to consumers, such as banks, utilities, and ecommerce services, the benefits of verification are more profound, as it can help them protect their users from "phishing attacks" - the fraudulent solicitation for account information, such as credit card numbers and passwords, by impersonating the domain and email content of a company to which users have entrusted the storage of these data. For these companies, protecting their users from fraud emails translates directly into user protection, user satisfaction, reduced customer care costs, and brand protection.
For consumers, such as Yahoo! Mail users or a grandparent accessing email through a small mid-western ISP, industry support for sender authentication technologies will mean that they can start trusting email again, and it can resume its role as one of the most powerful communication tools of our times.
Standardization and License TermsYahoo! Inc. (Yahoo!) is fully committed to making DomainKeys Identified Mail an open Internet standard. In conjunction with Cisco, Alt-N Technologies, AOL, Brandenburg Internetworking, Cisco, EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail Systems, Tumbleweed, and VeriSign, Yahoo! submitted two Internet-Drafts for publication with the IETF (Internet Engineering Task Force), DomainKeys Identified Mail (DKIM) and DKIM Sender Signing Policy. For historical reference, Yahoo! has submitted the DomainKeys framework as an Internet-Draft entitled "draft-delany-domainkeys-base-03.txt. Yahoo! hopes that DomainKeys Identified Mail will advance through the IETF Internet standards process and ultimately be approved as an IETF Internet Standard. Meanwhile, Yahoo! has established license terms that apply to the DomainKeys Intellectual Property (Patents and Software). The Yahoo! DomainKeys Patent License Agreement can be found here:
Yahoo! DomainKeys Patent License Agreement
In accordance with RFC2026, Yahoo! has also submitted the above license statement to the IETF as an IPR Disclosure. Have license feedback?
Reference ImplementationIn addition to the Internet-Draft, Yahoo! has developed a reference implementation for DomainKeys that can be plugged into Message Transfer Agents (MTAs), such as qmail. A version of this software has been released and is available at http://domainkeys.sourceforge.net/. Additionally, Yahoo! is working with Sendmail to develop a DomainKey implementation for their popular MTA (both the commercial and freeware versions). In fact, Sendmail, Inc. has released an open source implementation of the Yahoo! DomainKeys specification for testing on the Internet and is actively seeking participants and feedback for this Pilot Program.
How DomainKeys Works
How it Works - Sending ServersThere are two steps to signing an email with DomainKeys:
Set up: The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DomainKey-enabled outbound email servers. This is step "A" in the diagram to the right.
Signing: When each email is sent by an authorized end-user within the domain, the DomainKey-enabled email system automatically uses the stored private key to generate a digital signature of the message. This signature is then pre-pended as a header to the email, and the email is sent on to the target recipient's mail server. This is step "B" in the diagram to the right.
How it Works - Receiving ServersThere are three steps to verifying a signed email:
Preparing: The DomainKeys-enabled receiving email system extracts the signature and claimed From: domain from the email headers and fetches the public key from DNS for the claimed From: domain. This is step "C" in the diagram to the right.
Verifying: The public key from DNS is then used by the receiving mail system to verify that the signature was generated by the matching private key. This proves that the email was truly sent by, and with the permission of, the claimed sending From: domain and that its headers and content weren't altered during transfer.
Delivering: The receiving email system applies local policies based on the results of the signature test. If the domain is verified and other anti-spam tests don't catch it, the email can be delivered to the user's inbox. If the signature fails to verify, or there isn't one, the email can be dropped, flagged, or quarantined. This is step "D" in the diagram on the right. In general, Yahoo! expects that DomainKeys will be verified by the receiving email servers. However, end-user mail clients could also be modified to verify signatures and take action on the results.
Frequently Asked Questions
How will this help stop spam?
How will this help stop fraud/phishing attacks?
Won't spammers just sign their messages with DomainKeys?
What does DomainKeys verify?
Why sign the entire message?
Does DomainKeys encrypt each message?
What public/private key technology is used for DomainKeys?
Who issues the public/private key pairs required by DomainKeys?
Does DomainKeys require signing of the public key by a Certificate Authority (CA)?
How are DomainKeys revoked?
Why not just use S/MIME?
How does DomainKeys work with mailing lists?
Who implements DomainKeys?
Which mail transfer agents (MTAs) support DomainKeys?
How do I deploy DomainKeys?
I don't use my domain's SMTP server to send email. How do I use DomainKeys?
How can I send you feedback?
How will this help stop spam?
Several ways. First, it can allow receiving companies to drop or quarantine unsigned email that comes from domains that are known to always sign their emails with DomainKeys, thus impacting spam and phishing attacks. Second, the ability to verify sender domain will allow email service providers to begin to build reputation databases that can be shared with the community and also applied to spam policy. For example, one ISP could share their "spam vs. legit email ratio" for the domain www.example.com with other ISPs that may not yet have built up information about the credibility and "spamminess" of email coming from www.example.com. Last, by eliminating forged From: addresses, we can bring server-level traceability back to email (not user-level - we believe that should be a policy of the provider and the choice of the user). Spammers don't want to be traced, so they will be forced to only spam companies that aren't using verification solutions.
Back to Questions
How will this help stop fraud/phishing attacks?
Companies that are susceptible to phishing attacks can sign all of their outgoing emails with DomainKeys and then tell the world this policy so that email service providers can watch and drop any messages that claim to come from their domain that are unsigned. For example, if the company www.example.com signs all of its outgoing email with DomainKeys, Yahoo! can add a filter to its SpamGuard system that drops any unsigned or improperly signed messages claiming to come from the domain www.example.com, thus protecting tens of millions of example.com's customers or prospective customers from these phishing attacks.
Back to Questions
Won't spammers just sign their messages with DomainKeys?
Hopefully! If they do, they'll make it easier for the Internet community to isolate and drop/quarantine their messages using the methods described above in "How will this help stop spam?" Eliminating the uncertainty of "did this email really come from the domain example.com?" will facilitate a whole range of anti-spam solutions.
Back to Questions
What does DomainKeys verify?
DomainKeys examines the From: and Sender: headers' domain to protect the user and deliver the best possible user experience. Desktop mail clients like Microsoft Outlook show these headers in their user interfaces. If the user establishes their trust based on the these domains, then so should any system built to verify whether that trust is warranted.
Back to Questions
Why sign the entire message?
DomainKeys signs the entire message to allow the receiving server to also verify that the message wasn't tampered with or altered in transit. By signing the headers and the body, DomainKeys makes it impossible to reuse parts of a message from a trusted source to fool users into believing the email is from that source.
Back to Questions
Does DomainKeys encrypt each message?
DomainKeys does not encrypt the actual message - it only pre-pends a "digital signature" as a header.
Back to Questions
What public/private key technology is used for DomainKeys?
DomainKeys currently uses an RSA public/private key method. The key length is decided by the domain owner.
Back to Questions
Who issues the public/private key pairs required by DomainKeys?
The domain owner, or an agent or service provider acting on their behalf, should generate the key pairs that are used for their DomainKeys-enabled mail system.
Back to Questions
Does DomainKeys require signing of the public key by a Certificate Authority (CA)?
DomainKeys does not require a CA. Much like a trusted Notary Public, Certificate Authorities are used in public/private key systems to sign, or "endorse," public keys so that the external users of public keys can know that the public keys they receive are truly owned by the people who sent them. Since DomainKeys leverages DNS as the public key distribution system, and since only a domain owner can publish to their DNS, external users of DomainKeys know that the public key they pull is truly for that domain. The CA is not needed to verify the owner of the public key - the presence in that domain's DNS is the verification. However, it is possible that Certificate Authorities may become a valuable addition to the DomainKeys solution to add an even greater level of security and trust.
Back to Questions
How are DomainKeys revoked?
DomainKeys allows for multiple public keys to be published in DNS at the same time. This allows companies to use different key pairs for the various mail servers they run and also to easily revoke, replace, or expire keys at their convenience. Thus, the domain owner may revoke a public key and shift to signing with a new pair at any time.
Back to Questions
Why not just use S/MIME?
S/MIME was developed for user-to-user message signing and encryption and by design should be independent of the sending and receiving servers. We believe that DomainKeys should be a natural server-to-server complement to S/MIME and not a replacement. Additionally, since S/MIME is used by many security-conscious industries, we need to ensure that the two technologies can work together without breaking each other. Finally, S/MIME is not yet supported by many of the email services, client software, and server software used across the Internet, and in Yahoo!'s opinion, that standardization effort would be much more difficult than the standardization of DomainKeys.
Back to Questions
How does DomainKeys work with mailing lists?
Mailing lists that do not change the content or re-arrange or append headers will be DomainKey compatible with no changes required. Mailing lists that change the message and headers should re-sign the message with their own private key and claim authorship of the message.
Back to Questions
Who implements DomainKeys?
DomainKeys will typically be implemented/enabled by the team within a company, ISP, or email service provider that deploys and runs the incoming and outgoing mail servers. Some companies may have service providers that handle their email. As MTA vendors add support for DomainKeys to their products, the implementation of DomainKeys will become simpler.
Back to Questions
Which mail transfer agents (MTAs) support DomainKeys?
Sendmail has released a milter implementation for both the commercial and freeware versions of their MTA. A Qmail patch, an Exim version as well as a qpsmtpd plugin are also available. CERN, the creators of the WWW has released a C# library for use in MS Exchange 2003. Port 25's PowerMTA, Etype.net's acSMTP, ActivSoftware's XMServer, OmniTI's Ecelerity, StrongMail, and Alt-N Technology's MDaemon MTA for Windows all have DomainKey versions of their software. Finally, Yahoo! has released an open source reference implementation for
DomainKeys that can be plugged into other MTAs.
Back to Questions
How do I deploy DomainKeys?
After installing a DomainKey aware MTA, there are several key distribution options from which to choose. Once chosen, the public key portion should be published to your domain's _domainkey subdomain's TXT record, and the private key inserted into your MTA. You can test your DNS record policy and selector, and there are several autoresponding email addresses to test your implementations.
I don't use my domain's SMTP server to send email. How do I use DomainKeys?
DomainKeys relies on the domain administrator to authorize the use of the domain in an email. If you can not use the domain's authorized SMTP server because of port 25 blocking, you have a number of options.
You should encourage your domain to accept submission services on port 587. Your domain administrator should try to control authorization of the domain. Giving users a path to submit mail will help do this. Yahoo! Mail recently began offering a submission server on port 587.
You may be able to convince the domain administrator to grant you a user specific key. With a DomainKey, it should be possible to sign your messages using your mail client or any submission server. In fact, you could ask your submission service if you could give them a private key to use to sign your domain's mail.
You could consider using other headers to convey your identity. For instance, the Reply-to: header allows a recipient's mail client to choose an address to which replies should be sent. The Sender: header defines the address that injects the message into the SMTP stream. You might consider sending your message From: your domain, with the Sender: header set to the address of your submission service. Be aware however, that this strategy may be viewed suspiciously by anti-spam filters, as it may become a tactic for spammers and phishers.
Finally, you could choose to send unauthenticated mail. While this will not be a good long term strategy, it will certainly take quite a while before the vast majority of Internet email is authenticated. If you choose this path, you should carefully monitor the amount of authenticated mail over time to ensure that this strategy does not impact the deliverability of your email.
Back to Questions
How can I send you feedback?
Yahoo! welcomes your feedback on DomainKeys. You agree that Yahoo! shall own and have the right to use, without attribution or compensation to you, all feedback received by Yahoo!, in any form, to improve or modify DomainKeys or otherwise. Please use this email form to submit your comments. Note that due to the volume of emails we receive, it is unlikely that we'll be able to respond to your individual emails.
Back to Questions
SO HOW WELL ARE WE PROTECTED FROM SPAM
I GET SPAMMED ALL THE TIME SO SOME ONE MUST NOT BE DOING THE JOB
JOSHUA
0 Comments:
Post a Comment
<< Home