"How
to Eliminate The Nuisance of
Spam"
Complete
Transcript of
Tron
Black - Blue Squirrel Interview
on
Let's Talk Computers
August
18
2007
Host Alan Ashendorf
Alan: If you have a computer and you use email, one thing is for
certain. You're going to get Spam - lots and lots of Spam. How can we
eliminate this nuisance? Our guest today, is Tron Black, CEO & President
of Blue Squirrel. Welcome back to Let's Talk Computers, Tron.
Tron: Thank you, Alan.
Alan: It's bad enough that we get all this unwanted, unneeded email.
And worse, some of this email can really do us harm, can't it?
Tron: It really can. There's some that's just a waste of time, but
there's some that are really dangerous. They are trying to use your email box
to get into the door and get something running on your computer that then turn
your computer into a Zombie and become a Spam Agent that actually makes the
problem worse. Or, sometimes they are just looking to get something on your
computer that can look for financial files or passwords or things that they
can use to do real damage to you, financially.
Alan: I hear this all the time, "I don't have anything they really
need; why pick on me?"
Tron: I don't think they picking on you specifically. I think they are
looking to send out
Hundreds, thousands, millions of messages and take the small percentage - it
may even be less than 1% - but when you're talking about the millions or
hundreds of millions of messages, that small percentage really adds up. If
they find enough victims, then it really wrecks a lot of people's financial
future.
Alan: We are seeing that the sophistication of these email attacks is
just getting to be unbelievable. We get a letter from eBay or from PayPal or
even from our bank and it looks so legitimate: If we don't do something right
now with our bank or don't do something with PayPal we are going to lose all
of our privileges. And we usually get that say, about 5:00 on Friday
afternoon, where we really can't call anybody to verify it.
Tron: And that's intentional. The "call to action" is "we need to
verify your information immediately" or, "If you don't do this, you PayPal
Account will be cut off. It's just the way to get your attention and get you
to do it right away.
If you ever do get something like that and really believe that it's
legitimate, don't just click on the link. Type in the url of your bank and
verify it to make sure that your browser at the top says "https:"
Alan: The best way to treat all these Spams and these unwanted
notifications is just don't get them in the first place. And we have to stop
them before they get into our inbox, because once they get into the inbox and
we click on them, we could have set a whole thing in motion where we then get
more Spam and more notifications.
Tron: In addition to the ones that are really financially dangerous,
there are other ones that are just asking you to enter your email. Some of
them - if you unsubscribe, they may not send it to you - but they may sell the
list of unsubscription emails to people who
who have "actually looked at their emails". They can sell that to somebody
else and them spam you and you try to unsubscribe from there; and they you're
on that list and they sell that list and it's really bad.
Alan: You have a Program called Spam Sleuth and it stops a lot of these
emails, "dead in their tracks". It has all different kinds of ways of doing
that, because, you can't just rely on one way. For instance, you just can't
rely on "blacklisting" everybody, can you?
Tron: We have a Product, called Spam Sleuth that does a great job of
stopping Spam. It does use really a ton of different ways of looking at the
messages. That's one of its strengths, is that it has so many different ways
of looking at the messages. There are some anti-Spam programs out there and
because a lot of people have them, Spammers will look at them in different
ways and they will test their Spam against that program and they will look at
it two or there different ways.
They may have blacklists; they may have a central database for known Spammers.
Well, obviously, the Spammers are trying to get through to as many people as
they possibly can, so they'll run their Spam through there and as long as it
passes, they will start sending it out. A lot of Spam will get pass programs
that look at just a couple of different ways.
We look at it a thousand different ways. We are looking for keywords; we're
looking for known Spammers; we are looking for Spammers that are on known IP
blacklists. We can look at it and actually analyze and keep a statistical
database of words that are more common in Spam. And that's part of a learning
mechanism, so it can learn to become smarter to the Spam that you are getting.
Alan: Some of the Spam that we get, they get misspellings; they pretend
to be an actual company, like Microsoft or HP, who are trying to sell you
something. It's anything and everything and you have to trap for those.
Tron: It changes, over time. One of the things for a while as "pirated
software", (software that you can get for $19) and later on it might be
different pharmaceutical type drugs, and more recently, it's been stock Scams,
(sort of pump and dump scam), where they try to get a whole bunch of people to
buy the stock and then they sell it before everybody else does. It just seems
to change, for instance around Christmas time, there will be some hot toy or
some knock-off of some hot toy that they start trying to sell really cheap. It
seems to change every couple of months.
Alan: We get emails that are nothing more than HTML emails or maybe it
is just a subject and a header and one big graphic in it. And those are things
really hard to catch and stop, but you manage to stop them, don't you?
Tron: Not all, but most. They do get more sophisticated. Some of them
that are more difficult to stop are ones where the company doesn't need to be
contacted, directly. The stock ones, fall into that category. They don't need
you to contact them, so they don't need to put their information, their url.
All they need to do is put the stock symbol in and convince you that it's a
great buy.
The problem is that the stock symbol is fairly unique. It would be easy to
stop the Spam if they had left that intact, so they don't; they put in a
graphic. Basically, it's possible to read the picture to determine what text
is in there, so they made it by going one step further and put cross hatches
and lines and dots and pixels and things that make it difficult to do optical
recognition on that picture and stop it that way. These are some of the more
difficult ones to stop.
Alan: You use a unique system, called "Scoring" so that you don't say
that this is a bad email or this is a good email. You look at different pieces
of it and you give it different scores, like bad words, for instance or maybe
a "web bug"; maybe it has too much HTML Code in it or maybe not enough HTML
Code in it. You look at all kinds of attributes of an email and then you score
each type. You have like a break over point that we can set that says;
"Anything above this is bad and anything below this, pass it along to us".
Tron: It's a way to adjust, saying that, "Yeah, I get emails that have
HTML in so that's fine, let that through" - but if it has a large yellow
bright red fonts", say I'm in a business environment and I don't expect
something to be 30 points and that sort of thing. So, you can basically detect
for loud HTML that looks like a great big ad, coming in - things like that.
So, you can adjust and say, "I'm never going to get those", so I can make that
a very high score, which says that it's very probable, not absolute, that this
is Spam.
And as the scores add up or they pass your threshold, you can with one number
you can adjust your threshold and say, "yeah, I'm willing to accept a little
bit more Spam, but I want to make sure I get all my legitimate messages".
Or, you can tighten it up and say, "Unless they are on my "White List" and are
talking about my subject matter, and unless they are on those types of
things," I'm going to push this down and I'm going to get some messages that
may get through are going to be legitimate - and it may catch a couple of
"false positives" every once in a while, but the important part is we also
keep those.
Keeping Spams seems kind of strange, but it actually keeps it for any many
days as you specify. You don't have to look at it, but it's there. You can
look and if somebody says, "I send you a message", and you can look at it and
say, "Here it is, it's been caught and you can unspam it - which does two
things: 1) it moves it into your inbox and 2) it marks that person to say,
"Hey, this is a legitimate user; let it in next time." It has this capability
of storage that will catch one that should have made it through. It's there
for at least how every many the default is (30 days). You can make sure that
when you do accept it, that you get email from that person in the future - so
that's part of its learning.
Alan: You can set your email so that it pulls out Web bugs; it pulls
out HTML links. You can set it so that I'm going to score it if it's coming to
a known person in our family; if it's going to somebody that we don't know
about, but it's still using our address - you can score it higher that way.
There's all kinds of ways that you can look at the email and decide whether
it's going to be good or bad.
Tron: And one of the other things that you can do, is set "Good Words",
"I'm in the tire business," for example and emails come in from Bridgestone
and Firestone, all the different tire manufacturers. "Let it through", it's
probably not somebody advertising prescription drugs. And so that helps.
Depending on what your industry is, you would of course have to add that list,
yourself, because it wouldn't know. But you just throw those words in and it
says, "Okay, let them through".
But, it's also important that it's not an absolute. You can say, "Increase its
probability of getting through," but it's not like some one can put the word
Bridgestone in the prescription drug ad and still get it through. It works
very well that way. You do have what we call "white lists" or "friends" who
are people who you can just add all of the people who are on your Outlook and
it will just let those through. You don't need to worry about not getting an
email from somebody you know. That's a simple problem to solve.
But, you can also "black lists" all the people that you just say, "Hey, I
never want an email from this thing, again." You can do it with wild cards, as
well - like something, spam.biz - it doesn't matter what the first part of the
email is, "I don't want anything from spam.biz" You can put that in and you
will never get them again.
You really do need the rest of the scoring system. It's not a simple problem
to solve; but since we have solved it so many different directions and it's
very configurable - it works very well out of the box. You install it and it
just starts removing Spam, but if you want to tune and tweak it so that you
spend a little bit of your time and save lots of time in not looking at Spam -
all the options are there for you.
You mentioned Web bugs. Web bugs are a thing that marketers and Spammers use -
it's basically just graphics. And what happens is in any email program that
shows you pictures or graphics in an email is that the email firm is sending
your request back to the server, back to the spammer's server, or marketer's
server, (legitimate companies use this as well). It says, "Hey, you have
opened your email. We know, because your email program said, 'I need this
graphic so download this'". And sometimes, it's just a graphic, but most of
the time, it's actually putting into their database to say that this person
looked at our email".
That can increase the amount of Spam that you get or even marketing materials
that you get, because they know that you are actually opening up and reading
it. But, we can strip those out before it gets to your email program. It says,
"Hey, this graphic looks a little fishy". Spam Sleuth just takes it out. And
so, you might see a little missing square in your email, but the nice part is
that you're not notifying somebody that you are looking at the email.
Alan: Well, talking about all the options - you even have the options
as you say to tailor it as you go. You seen an email that you know is Spam and
you don't want to get anything from this place again, you can actually send
them a simulated "bounced message" that says, "Nobody home".
Tron: We do have that. It works great if you run it for about three
weeks. What it does is that it tricks the sending servers into thinking that
your address is not valid, anymore. The advantage to that is that some of them
that are cleaning up their lists and really do want to send to legitimate
people will take you off.
You don't have to do anything. The Program bounces back, "Sorry, nobody home",
because it detected that it was Spam. Sorry this email address does not exist
anymore. They take you off their list and so if you run that for a couple of
weeks, it will get rid of some of the Spam, permanently so that you're no
longer on those list. It actually decreases the amount of stuff that's coming
in.
Alan: Well, what are we looking as far as the price of this great
Program?
Tron: It's only $29.95. It's pretty inexpensive and will save you a ton
of time; it pays for itself very, very quickly.
Alan: If somebody would like to find more information about Spam Sleuth
and all of its features, where would they go?
Tron: It's
http://www.bluesquirrel.com
You can also go to
http://www.spamsleuth.com
Either one will get you to Spam Sleuth.
Alan: Tron, it's been our pleasure to have you as our guest here on
Let's Talk Computer, talking about how we can get rid of this annoying Spam
that we're getting tons of. And we hope to have you back on the air, talking
about your other great products.
Tron: Well, thank you very much for having me, Alan. I appreciate it.