We are constantly updating our virus and spam filtering features. The sad reality is that virus and spam attacks change frequently so email providers have to keep up the pace or end up disappointing their customers.

Our Newest Filters

If one of our users sends an email with a virus in it, the email will not be delivered, and the user will receive an automated response from our server that lets the user know that their machine appears to be infected with a virus and needs to be disinfected. This is still .reactive. support, I know. But I just can.t think of a good way to download the right fix for each type of computer and each type of infection and then send that to the infected user. Let me know if anyone has any ideas.

We have also improved our scanning inside of attached graphics files (.png, .jpg, .gif) for certain types of viruses that use buffer overflows inside those graphics files to infect a new system.

Why?

Most commonly an email virus makes a fake .From. address for new emails it generates. A lot of people like to reply to an emailed virus and say something useful like, .Hey, Bob, you have a virus.. But because the .From. address was forged, Bob.s computer wasn.t really infected.Bob was simply another name in the address book of the infected computer. I did this once a long time ago. Sorry, Ted.

In an interesting but only partially related note, lots of anti-virus programs would auto-reply to these virus emails and accuse good people like Bob and Ted of being infected when they really weren.t. Our system at Webmail.us has always been smart and kind enough to not bother the addressee.s in the .From. field.

Anyway, a few viruses now use the real sender's email address in the "From" field and use proper SMTP settings from the computer's email program. In our case we can see these attempts and will be letting the user know that they need to look at running some anti-virus updates.

And we needed to increase our scanner.s abilities with graphics files. Some graphic files have a little information field that indicates the total size of the graphic file. But certain viruses now put in a bad piece of data in that size field and then tack on malicious computer instructions at the end of the graphic file that act as the virus. We.re now better at catching those viruses.

The Order Of Things

We scan for viruses first. That way, if a message is infected with a virus, we can skip the spam filtering and save a little processing power for moving more legitimate email.

More To Come

I.ll give an overview of our entire virus and spam prevention approach sometime in the next few weeks for those of you who are curious.

-Kirk

I mentioned the other day that proactive customer support would be one of the things we.d be looking to implement here at Webmail.us. I thought it might be useful to explain what I meant.

Reactive Support

This is your normal, everyday technical and customer support. You realize you have a problem. You get frustrated. When you get frustrated enough, you send someone an email or pick up a phone and call.

Providing this kind of support is a necessity for many businesses. Phone-based support has earned a bad reputation.deservingly low according to many. That.s why we all wait until our frustration with a problem is greater than the frustration we think we will experience when we call the technical support line. I think that our phone-based support at Webmail.us could be stronger, but that.s not what I.m writing about today.

Proactive Support

Often a company is in a position to either predict or notice a problem in behalf of a customer. When that happens, the company can move to resolve the issue in the customer.s behalf and notify the customer about what was done. Or perhaps the company makes contact with the customer to explain what the customer might need to do to prevent or resolve their problem.

For us, this means watching our email log data. If we see a lot of sending errors from a certain IP address it might tell us that kaverett@notreal.webmail.us hasn.t set up his email program to use SMTP authentication properly.required on our system. There are a dozen other customer problems that we might detect with the right automated tools. Once we know about a problem we can contact our customer.s email administrator and give them a head.s up. We.re working now on the back-end tools that will help us be proactive. Give us a few weeks and months and you.ll hear some great stories.

Who Else Should Be Doing This?

Any company that has a product .wired. to the customer. On-Star(R) should tie in to a modern car.s computer system (using ODB-II) and call me when I.m starting to get bad gas mileage and need to get a tune-up. ISP.s should notice when their customers are infected with a virus or are acting as spam zombies and help them disinfect.

The Future

I don.t think Webmail.us will be alone in this effort. I just think we.ll be one of the very first. Someday, this type of service may be so commonplace that it will be expected in the same way we now expect a fast-food restaurant to upsell us to a large size drink.

-Kirk

For those customers who are using our API: we have updated our documentation and examples a little bit. Mostly, we changed the branding to match our Webmail.us company name change.

I also ought to mention that we have moved two functions out of beta and they are now fully supported. They are--

GetUserNumMessages() - get total number of messages and number of new messages for a user

LoginUserWebmail() - log user into webmail and return the webmail session id

-Kirk

I.m looking at a letter from a company called .ILSCORP.NET.. It is in reference to another domain name that Webmail.us owns. The notice date is February 15th, 2005. I have a customer number of CD474454XX.

.Please make checks payable to Internet Listing Service Corp. Please write your customer number on the front of your check Enclose check in the addressed envelope provided DO NOT SEND CASH.

Pretty serious stuff here, it goes on:

.To ensure listing by Feb 28, 2005, please remit payment on or before Feb 22, 2005 All listings are final.

Well, I.d better get right on this! But then there.s the text on the back that says, .This is not a bill. This is a solicitation. You are under no obligation to pay the amount stated above unless you accept this offer..

It.s too bad that the rest of the document makes it look like we owe someone money to continue a service that we already had.

It.s always in the fine print

OK, the print is pretty legible, but it is clearly a font size or two down from the rest of the doc. And it.s on the back page when the front page already looks like a complete document.

The art of deception

There are a few subtle but convincing touches that scams such as this use to close deals and make money.

-- They use real information about you or your company --

In this case, they used our domain name. If you own a domain name then the billing address for your company and the names of contacts at your company are available through a standard Internet service known as WHOIS. Using this information allows them to customize their attack.

-- They create the impression that you are already a customer --

The customer number at the top of the .bill. seems legit. If I have a customer number, maybe I really did send these people money before.

The solicitation itself appears to be a bill. It has 3 major sections: .How to make payment:., .Website address listing includes:., and .Payment information:.. It shows me how much to pay and where to send my check.but, .Do not send cash..

-- They create a sense of urgency --

Because .All listings are final., I need to hurry and send them a check. They give me a due date of Feb 22. This sense of urgency might get me to respond before I look things over carefully.

-- Online risks --

It seems that being a domain name owner makes you a target for this and related scams. Having your WHOIS information freely available to the entire world is a double-edged sword.

And the more we all do business online, the harder it is to remember the names of businesses we use on an infrequent basis. It.s easy to make a mistake.

Other common scams to watch out for

Domain name slamming: you get an email or a letter telling you that your domain name will expire soon. The letter explains that in order to protect your domain name a check needs to be sent to company XYZ who can keep your domain name safe. The problem is that the letter doesn.t come from the company you used to register your domain.

Phishing: you get an email asking you to go to your bank or online retail store in order to update your contact information or to check on an order. The only problem is, that the links provided in the email don.t go to Amazon.com or whatever site you intended to visit. Instead, you end up at a site that closely mimics the real site and you might mistakenly hand over a username and password or perhaps even credit card information.

Nigerian email scam: this is an absolute classic. Read about it on Snopes.com. If you.ll front some money to a wealthy but helpless stranger, they.ll send you millions.

How to protect yourself

Keep good records! Knowing whether or not something is legit can be as easy as walking to a file cabinet and looking for a name that matches the letter or email you have received. Congress, with the Sarbanes-Oxley Act, is encouraging (enforcing?) record-keeping policies for businesses in the United States.

Pick up the phone and make a call. Or send an email. ILSCorp's letter to me and their website are both lacking a phone number-- a red flag in itself. Their website says I may have to wait up to 2 days for a response to the email I sent them this morning asking about their service and my domain name. I'll let you know when they get back with me. ;)

Email scams can generally be caught by good anti-spam filters. Yes, like the ones we use for our customers. But I don.t know a good way to filter snail mail except through a little extra time and attention to detail.

And, as always: if it seems too good to be true, it probably is.

-Kirk

Our CEO, Pat, just blogged about our anti-virus tool and I thought I might add just a bit more for conversation.   For a long time we.ve kept up an anti-virus testing tool on our website.   Because we.re all about email here at Webmail.us, the tool sends an email with a fake virus to an email address that you punch in (and no, we don.t spam you later).

A virus can be pretty tricky.   There are a lot of ways that a virus can disguise itself, and our little tool will let someone test out pretty much every way an email virus might try to sneak through.   We recently added scanning for double-zipped email viruses and viruses inside zip-files that have been .mangled. so that an anti-virus program might skip over the file and not scan.   The current count is 27 tests and I can only see that number getting bigger as virus writers get more inventive.

Why do we give it away?

Obviously, we put the tool up because our email servers catch all these disguises!   Who doesn.t want to look good?   But we get enough hits on the free tool to know that most of the people who use it are testing out their own computer.s anti-virus program or someone else.s mail filters.   Which is a Good Thing.   When there are fewer successful viruses out there everybody wins.   And our mail servers filter not just mail destined to our own users but mail going out from them as well.

What can you do about viruses?

Here are some of my general recommendations about preventing computer viruses:

1. Get a decent anti-virus program for your computer.  Google for .anti-virus programs. and you.ll find plenty of choices.  Google for .anti-virus reviews. for advice on which program might be right for you.  There are even a couple of good programs out there that are free right now!
2. Keep your anti-virus program up to date.  New viruses come out all the time and anti-virus programs need updates in order to identify and clean these viruses properly.  We update every day, but most users could get away with updating weekly.
3. Don.t open attachments you weren.t expecting to receive.
4. Be careful about where you download files from on the Internet.  Some download sites are very good and do lots of virus checking of their own.  Peer-to-peer (P2P) networks can be especially bad for carrying viruses.
5. Don.t leave floppies or CD.s with unknown programs on them sitting in your computer when you reboot.  I know this one seems strange, but trust me.
6. Look for ways to add a 2nd or 3rd layer of anti-virus testing.  In our case, we scan emails for our customers as a way to augment what they should already be doing with a desktop anti-virus program and it saves them inbox space and time to boot.

Want to know more about stopping viruses?  Check out our page of practical advice for business owners and regular computer users alike.  And please go ahead: use the tool to see how your anti-virus programs are working. -Kirk