The Mini Token Blog

It is reported that 60%+ of internet traffic on mail servers are spam messages. If you run a website, you can be sure that you are (or will be over time) receiving a tremendous amount of unsolicited email messages. If you haven’t started a website yet, remember that an ounce of prevention is worth a pound of cure. There are safeguards you can use to minimize the number of unwanted messages you receive.

WHOIS data: When you register a domain name, you are required to provide contact information for the WHOIS database, which can later be harvested by spammers for e-mail addresses. To protect yourself from such unscrupulous people, I suggest using a dummy account with a free email provider such as Yahoo or Hotmail (don’t forget to check it at least once a month) - if you’ve already registered your site and have listed your primary email address in the WHOIS contact information, it is highly recommended that you update the information with a new dummy email address. Your host and registrar will have your primary email address on file - you simply need to remember to keep your information with them up to date. If this seems like too much work for you, you can always use a WHOIS privacy service such as the WhoisGuard service provided by www.namecheap.com ($4.88 - which is a great value).

Your web pages: One of the first things I do when creating a website is create a contact form with the email address embedded in the mailer script such as PHP or ASP. Why? There is a lot of software floating around out there designed solely to crawl website harvesting them for valid email addresses (some will even ignore the robots.txt file completely). Once you’ve created your forms, you can then begin to include your email addresses in your web pages for those who wish to email you directly from their email clients - you can write your email address as yourname[at]yourdomain.com and instead of using the ‘mailto:’ link - hyperlink it to your contact form. You may also include a note for your visitors to replace the [at] with the @ sign. Make sure you remember to do this with all the email addresses within your site.

Newsgroups/forums/subscriptions: It’s a hard pill to swallow, but these areas are not safe from email harvesting either and even worse, some newsletter publishers don’t even adhere to their own privacy policies (very rare, but it does happen). Be careful where you post your email address and don’t make it a habit to sign up with every forum you should come across. Make sure you find the information useful to you and that you trust the website first. For extra protection, use a an email address other than your primary one for all your subscriptions (ex: subscriptions@yourdomain.com). If you wish to post an email address in the forums for the readers to contact you, try to use the format described in the previous section with a note to replace [at] with @ and hyperlink it to the contact form on your website.

Unrouted email messages: An unrouted email message is a message addressed to an email with your domain name that does not exist - i.e. admin@yourdomain.com, only you never created an admin@yourdomain.com account. The default setting is to have these messages delivered to the root email account. Many webmasters don’t realize this and the webmail for the root account never gets checked - I came across an account with 75 pages of unrouted email messages (roughly 14,000 messages) and taking up about 15MB of their of webspace. Believe it or not, some spam software is designed to create plausible names (i.e. admin, contact, customerservice, webmaster, abuse, etc. @yourdomain.com) and just go for broke and hope the account exists.

If you are using CPanel, you can check your default email account by clicking on the “webmail” icon from your control panel home page. You can also set what your unrouted messages will do by clicking on the “mail” icon and selecting “default address”, then “set default address” - you can then choose to blackhole unrouted messages (just let them disappear into cyberspace - my personal favorite), fail messages (bounce them back to sender) or you can specify an email address you want them forwarded to. If you are afraid someone simply misspelled your email address and you want to sift through the unrouted messages, set up an email account specifically for them (ex: unrouted@yourdomain.com) and remember to check it every week or so.

SPAM filters: I consider spam filters to be a final line of defense if all others fail. Currently, I use Mozilla Thunderbird as my email application and it comes with a built in spam filter which can be trained to catch unsolicited email. There are also many other SPAM filter software out there for email clients such as Outlook, Outlook Express, Eudora, etc. which are worth a look. To find out more information on the available spam filters, check out www.spamfighter.com (for Outlook and Outlook Express - free) or do a quick google search for “free anti spam software” for your platform.

A special note for AOL users: While I have nothing against AOL and they are trying very hard to combat spam, they are slowly, but surely losing the battle. I’ve had two email accounts opened with them, and before I even had a chance to sign up for anything or even tell my family about it - I received spam. I do not know why they are so prone to spam, but something tells me it has a lot to do with their member directory. My advice, get another email address - just remember to check your AOL email every once in a while to delete the messages. I’ve also noticed that a lot of other subscription services are declining to email AOL users due to their new “report spam” button being far too close to the delete button and webmasters of legitimate email lists are getting warnings from their ISPs.

In closing, I have managed to keep my current primary email spam free (literally) for over a year using these methods, and before that I kept my primary email address spam free for just over two. I will plainly admit that I have no sympathy for spammers, and I make sure to hunt down anyone who sends me spam and report them until their site is either shut down or their ISP is added to a block list.

If you want to learn more on fighting this spam war, there are many valuable resources online such as www.spamhaus.org which hosts a blacklist of known spammers and www.spamcon.org which has a wealth of information on protecting yourself against spam.

Will other spammers take heed? Don’t count on it. Jeremy Jaynes was on top of the world. By age 28, he owned a million-dollar home, a high-class restaurant, a chain of gyms and countless other toys. Yet those were only the spoils of his main line of business, which was swindling innocent people out of their money through email scams. From an unassuming house serving as his company’s headquarters in Raleigh, NC, Jaynes sent an estimated ten million messages a day pitching products most recipients didn’t want, amassing an estimated $24 million fortune in the process. Using aliases such as Jeremy James and Gaven Stubberfield, Jaynes spammed his way up to the #8 position on Spamhaus’ Register Of Known Spam Operations (ROKSO) and grossed as much as $750,000 a month, allowing him to live like a king.

However, Jaynes ran head-on into an information superhighway road block when a Virginia judge sentenced him to nine years in prison for his November 2004 conviction on felony charges of using false IP addresses to send mass email advertisements (some just call it spamming). The conviction was a landmark decision, as Jaynes became the first person in the United States convicted of felony spam charges. Though his operation was based in North Carolina, Jaynes was tried in Virginia because it is home to a large number of the routers that control much of North America’s Internet traffic (it’s also the home of AOL and a government building or two).

He should’ve Used the Privacy Software During the trial, prosecutors focused on three of Jaynes’ most egregious scams: software that promised to protect users’ private information; a service for choosing penny stocks to invest in; and a work-from-home “FedEx refund processor” opportunity that promised $75-an-hour work but did little more than give buyers access to a website of delinquent FedEx accounts. Sound familiar? Anyone with an e-mail address has received countless messages originating from Jaynes’ operation. (If you’re still waiting on your privacy software to show up, it’s probably safe to stop checking the mailbox.)

Jaynes got lists of millions of email addresses through a stolen database of America Online customers. He also illegally obtained e-mail addresses of eBay users. While the prosecutors still don’t know how Jaynes got access to the lists, the Associated Press reported that the AOL names matched a list of 92 million addresses that an AOL software engineer has been charged with stealing.

When Jaynes’ operation was raided, investigators found that the house from which he ran his operation was wired with 16 T-1 lines (a large office building can get by on a single T-1 line for all its users). Investigators also entered into evidence to-do lists handwritten by Jaynes. Take a look at Jeremy Jayne’s meticulously detailed lists at:

* www.ciphertrust.com/images/jaynes_notes1.JPG * www.ciphertrust.com/images/jaynes_notes2.JPG * www.ciphertrust.com/images/jaynes_notes3.JPG

Good Work if You Can Get (Away With) It The economics of spamming makes Jaynes’ decision to build a career of it understandable, though not noble. Spammers work on the law of averages, which would seem like an odd strategy considering that the average response rate for a spam message is just one-tenth of one percent. However, once you do the math even this miniscule response rate can make one very wealthy very quickly. If a spammer sends one million messages pushing a product width a $40 profit, a response rate of 0.1 percent works out to 1000 customers, or $40,000 per million messages sent. Since each message costs only fractions of a penny to send, and Jaynes was sending literally billions of messages a year, it’s easy to see how he pulled in $400,000 to $750,000 a month, while spending perhaps $50,000 on bandwidth and other overhead.

The fact that spamming can be such a profitable undertaking means that the profession is not likely to go anywhere in the near future. Spammers have financial motivation to come up with innovative ways to avoid detection, and they have begun to join forces. While the landmark decision handed down in the Jaynes trial may serve as a deterrent to some would-be spammers, it is unlikely that the threat of prosecution will keep future spammers from refining their trade. For now and the foreseeable future, the answer still lies in technology, not law enforcement.

Standing out at a Career Fair can make a difference in your career search. Job Fairs are starting to pick up, and a major job search company is running some nice ones, called Targeted Job Fairs. At a Silicon Valley Job Fair in January, 10 companies as showing up, and a major job search company has 82 career fairs scheduled for this year across the US.

How do you rise above the crowd at a Job Faire? The rivalry can be considerable, but you can help yourself jump out from the herd with early homework. At AA-Careers, we have a simple step-by-step process to get ready. Planning to go? Here’s how to prepare:

First, research the companies that are going and pick your objectives. Use the web to check out the companies that are there before you even decide to go. Go to their websites and see if they have their openings listed. Pick a small number to target, and get ready to spend up to an hour researching each one. It’s hard to do more than 8 in a day, and four or five is a much more reasonable target. For each company, you want to know: key product lines, recent news, and executive names. Try to see if you know anyone at the target companies. You should end up with a page or two of research for each company/job.

Second, if there are job openings on the web, read them to see what the hiring manager is looking for. Create a mapping of your achievements and skills to the requirements of the job. Make the terminology match. If the hiring organization calls customers "clients", your resume should do the same thing. The achievements should be written in the style of the hiring company.

Third, create a ‘mini sales pitch’ for each potential company/position combination. Write down a 90 second ‘thumbnail’ that you can repeat out loud showing why you are a special candidate for that job. You’ll use this in your resume and when you meet the team from the company at the job kiosk.

Fourth, modify your resume for each job type. The objective on your resume should exactly match the position you’re targeting. The executive summary should be a written form of your “mini sales pitch” for the job. Then choose the achievements and skills that most clearly match the job prerequisites. Especially at a Career Fair, the purpose of your resume is a sales tool for you – to get you on-site job interviews. It should be very easy to see that you’re a match based on your resume.

Fifth, dress and prepare as if you’re doing on-site interviews. Dress nicely and be properly groomed. Don’t overdress (this isn’t a date!) and don’t underdress (no jeans or t-shirts, no matter how much you paid for them). Avoid strong cologne or perfume.

Finally, rehearse your ‘mini-sales-pitch’. Collect your research and the resume for each opportunity - bring a couple of copies for each – and put each in a intelligibly marked folder. Keep them in a lightweight briefcase or folio.

Remember to smile, and good hunting!