Home
>
Email Safety and Security Tips
Email Safety and Security Tips
The State Bar provides this information in an effort to help
members better understand email spam and viruses and how to manage
their azbar.org email accounts. This information is meant to be
helpful but not authoritative. You may wish to consult a
professional for questions or solutions to your electronic
needs.
Questions/Comments about
this page
What the State Bar does about spam
The State Bar does not filter email on its azbar.org email service
for members. Attorneys handle a variety of clients on a wide
variety of subject matters. The Bar has no way of knowing what each
individual attorney considers to be spam, and does not want to
mistakenly block legitimate messages you wish to receive.
In an effort to help you identify possible spam, the Bar's email
system does flag certain messages as "!SPAM!" rather than deleting
them. Our server flags messages partly on content (does the message
contain certain words?), and partly on origination (is it coming
from a known source of spam?). However, to avoid deleting
legitimate messages, the message is delivered: only the subject
line is flagged with "!SPAM!" to let you know it could be a spam
message.
How this can help you
With this configuration, you will still get the messages suspected
of being spam. However, it provides you with one important tool:
something specific to identify in your own computer's filter. You
may choose to configure your computer's email system to move
anything with "!Spam!" in the subject line to a separate folder for
your later review.
Does the Bar sell my email address?
The email addresses of members are used by the State Bar and the
Bar's Foundation. We do NOT sell or give away
email address lists to anyone else.
What you can do about spam
While it is not possible to avoid spam completely, there are steps
you can take to protect your Inbox as much as possible.
- Consider using a secondary email address for correspondence
with the public. Spammers use automated tools to skim email
addresses from web pages, chat rooms and online directories.
- Use a secondary address also for online purchases, because many
online businesses sell their email lists to other companies.
Spam you already get
Requesting that you be removed from spam email lists is not always
advisable; but there are some other ways to fight the problem.
- Report it. Forward unwanted or deceptive emails to uce@ftc.gov, where federal regulators
are creating a spam database to go after the most egregious
marketers.
- Don't EVER respond to spam. The reason spam is profitable is
that people actually conduct commerce with spammers.
- Click "Remove Me" at your own risk. Experts discourage Internet
users from replying to unwanted emails with requests to be removed
from future mailings, because that verifies that spam was sent to a
valid address. Under the new CAN-SPAM law, marketers are required
to honor such do-not-send requests after the first unsolicited
advertisement. However, be aware that the Act is a federal law in
the United States; many spammers are outside of the country, so
this law will not protect you from foreign spammers.
AzbarMail webmail users: Using the azbar.org !SPAM!
designation in Inbox rules:
There are different ways to handle suspect messages in your
AzbarMail Web account, but this is probably a good route:
- Create a separate folder to where you will move suspect
messages. Click "Folders" above Inbox, and then choose a folder
name in the following dialog. Hit "Create." This gives you a
destination for the messages.
- Under the Options and Styles dropdown, choose
Filters. You will most likely see a message saying "You
have no processing filters on file." Click Add.
- Choose "Subject" from the "Select Field" dropdown, and then
click "contains"; then type simply !SPAM! (be sure to include the
exclamation points on either side of the word). Click the "Add
Condition" button below.
- In the "Move message to this mailbox:" line, type the name of
the folder you created. Click "Finish."
Outlook Express users: Using the azbar.org !SPAM!
designation in Inbox rules
For most versions of Outlook and Outlook Express, you should be
able to use the Rules Wizard under Tools (Called "Message Rules" in
Outlook Express) to walk you through creating a rule to move
messages with "!SPAM!" in the subject line. The idea is the same:
create a Junk folder, then create a rule to send messages there
that contain "!SPAM!" in the Subject line.
Other Spam-fighting Options
Please note that while the State Bar cannot and does not endorse
specific products, there are some we are aware of that may be worth
your investigation. There are other products and services that may
be viable as well.
Some of the products and services listed below are free, others
are not.
https://www.barracudanetworks.com
http://spamassassin.apache.org/
http://www.qurb.com
http://www.spamarrest.com
http://www.spamcop.com
http://www.spamrival.com
A definition of spam
The easiest definition of spam is unsolicited bulk email. Please
note there is a difference between spam, spyware, and viruses,
though the lines are blurring. Though the definitions vary, most
people tend to refer to spam as any junk mail that is designed to
conceal its true origin, or to make it difficult or impossible for
you to get off of their mailing list.
Most reputable businesses that use email lists to contact you
will be businesses with whom you've already transacted, and will
give you an easy way to get off of their mailing list. The
originating addresses will also generally be very clear. Whereas
spammers often (though not always) use addresses like
"wsgqxj124ss@mflrjgsa.ru", email from businesses you might actually
WANT to do business with will have addresses like
"lists@amazon.com," "specials@buy.com," "sales@outpost.com," and so
on.
What's the difference between blacklists and
whitelists?
Blacklists are lists of spam sources or lists of words
to filter out. Messages are evaluated against the
blacklist criteria, and if they match, they are discarded. Though
basic blacklists can be beneficial, they have two key
weaknesses:
- The possibility of false positives. For instance, if
obnoxiousISP.com is identified as a spam source by a blacklist,
which then kills any messages from that Internet Service Provider
(ISP), you will not get the spam that comes from that server... but
you may also not get messages from legitimate senders who just
happen to use that ISP as well.
- Spammers know about blacklists. As such, they attempt to hide
not only the content of the messages, but whence they originate.
This is why so much of the spam you may see deliberately misspells
words, or inserts random nonsensical characters in the text.
Whitelists work on the opposite principle: only messages
that are on a guest list of sorts can make it to your
Inbox. The chief benefit of this approach is that while
spammers are incredibly adept at dodging blacklists and their
filtering criteria, whitelists ask only one thing of each message:
"Are you on my list of approved senders?" If so, the message goes
through. If not, the message gets quarantined in a separate folder
for closer scrutiny. Whitelists are possibly a stronger defense
overall than blacklists, but they too have some considerations:
- The possibility of missing a message you may actually want.
These could include newsgroups, store ads, etc. for which you
registered. If you are using a system that uses "challenge"
messages, which send a confirmation message to a sender to make
sure it's a real person, be aware that email lists cannot respond
to them. It is necessary to stay on top of the messages in
Quarantine to make sure none of them are things you need. This is
significantly easier once your whitelist is fully built up with the
people with whom you most often correspond.
- Spammers will often send spam to you with YOUR address in the
"From" line. Though it is sometimes inconvenient, this can be
prevented by removing your email address from the list of approved
senders. Programs like Qurb (www.qurb.com) can check "friendly
name" and actual email address together. If those two fields don't
match, the message is quarantined.
Though whitelists are potentially more effective, they are not
practical for everyone. If you deal mostly with a set group of
people, with occasional to moderately frequent "others," a
whitelisting approach works. If the email account you're trying to
protect is used to correspond with many different people, or to
answer questions from the public, whitelisting is not a practical
approach.
What the State Bar does about viruses
The State Bar Web Services Team maintains virus protection on all
its servers that contain information about or send information to
members. The software is set to check for updates every two
hours. This ensures that we will be getting definition updates
for new virus threats as soon as they become available.
All messages, incoming AND outgoing, are checked for viruses
before they are delivered. If a virus is present in a message, it
will be stripped from the message before delivery. Although the
message itself is not deleted, it will no longer be a threat to
your system.
What you can do about viruses
The single best thing you can do to protect yourself against virus
attacks is to have up-to-date antivirus software on your system,
and make sure it is set to get updates automatically. Many of the
new viruses can launch on your system by simply opening an email
message. There are many vendors of antivirus products, including
Symantec's Norton Antivirus, and McAfee. You may certainly wish to
check others.
One other very important step is to suspect all
messages with attachments that you receive, even those that purport
to come from someone you know. Most of the newest viruses travel by
compromised address books, so it is actually more likely
that you'd receive an infected attachment coming from a name you
recognize vs. a stranger. If you receive an attachment you weren't
expecting, it is worth it to simply respond and ask the purported
sender if they meant to send you whatever it was. If they did,
you're probably safe. If they didn't, it's probably a virus.
The difference between spam and viruses
Though the lines are blurring, and though both can be damaging to
your system or your privacy, spam and viruses are nevertheless
different. Here are the primary ways:
- Viruses are malicious code designed solely to cause damage and
confusion
- Spam is a marketing vehicle
- Viruses attack address books, and send copies of themselves to
others with someone else's name
- Spammers often also try to make messages look like they're from
a legitimate sender
When reporting spam or viruses, it's important to distinguish
between the two. Spam is always trying to sell something,
ultimately. Messages containing viruses try to get you to open an
attachment for various reasons--to "validate" your email account,
restore "disabled" access, to see a photo, etc.
Most antivirus programs, at the time of this writing, do not trap
spam because spam messages technically aren't malicious code. But
that is changing as the threats evolve, and as spammers have in
some cases toyed with using viruses as a vehicle to get their
information disseminated more easily.
The email I received appears to be from the State Bar,
but is it real?
Many newer viruses are attached to an email that purports to be
from the administration of a domain, such as: "Administrator of
azbar.org," "The Cybertrails.com Team," etc. The false message
usually says that there is something about your account that needs
your attention - that it has been or will be deactivated, will be
suspended, or something similar. Regardless of the message content,
the goal of the text is always the same: to get you to open the
attachment, which is the virus. Clicking on the attachment will
deploy the virus if you are not protected by up-to-date antivirus
software.
Never click on an attachment unless you are
confident of its authenticity. If the State Bar does send an email
message to azbar.org users, it will always contain a State Bar
staff person's name and a phone number so you can call to verify
the authenticity of the message. In addition, if you are unsure of
the validity of an email from the State Bar, click on your "reply"
button and send us a message. The State Bar will respond and
confirm its validity. If the message is from a spammer, it is
likely you will get no response or you will get an "undeliverable"
message.
The difference between viruses and
adware/spyware
As with viruses and spam, the lines are blurring between viruses
and adware/spyware. But there is still a difference. Viruses are
written simply to wreak havoc. Adware/spyware is written to find
out information about you that will help them know what kinds of
spam or popup ads you're likely to respond to. The problem with
adware/spyware is that it is often so poorly coded that it can
cause as many problems for your system as a virus can.
Ways to combat adware/spyware
There are several free programs available to help combat adware
and spyware. It is not a bad idea to use both, since there are
technical differences between adware and spyware.
Two of the most popular free programs are AdAware, and SpyBot Search & Destroy. Clicking those
two names will take you to a download page on Download.com for each
respective program. You can find other spyware-killing applications
on that site, as well. Microsoft also has an anti-spyware
application Microsoft Security Essentials that you can get
directly from Microsoft. Again, you may wish to consult an
independent professional to determine what's best for your
needs.