But there was more two come for this pair of attorneys, who represented a lengthy list of obscure over-the-counter companies, many of which had entered the public marketplace through reverse-mergers. StockPatrol.com readers already were well acquainted with Chapman and Flanagan. The two men had acted as attorneys for a series of highly touted, non-performing companies, like Infotopia, Inc. Hydro Environmental Resources, Inc., Inc. and Bach-Hauser, Inc. – often receiving stock, registered on Forms S-8, in exchange for their services.

Now Flanagan and Chapman have run afoul of regulators once more. On April 25, 2005, the SEC filed a civil action charging the two lawyers and several of their associates with orchestrating a stock manipulation and accounting fraud scam from 1999 through 2002. The lawsuit centers on a scheme to rig the market for shares of Exotics.com, Inc., a Nevada corporation that maintains its principal office in Vancouver, British Columbia,. Named as defendants in the Complaint are Exotics.com, its sole officer, four accountants, and Chapman and Flanagan. The law firm of Flanagan & Associates Ltd was named as a relief defendant because it purportedly received proceeds from the scheme.

The Commission alleges that, from 1999 through 2002, the defendants manipulated trading of Exotics.com stock in order to increase both the share price and trading volume, filed false and misleading public documents, and issued misleading press releases and promotional material about the Company using fax and spam e-mail.

According to the Commission, fraudulent trading activity was coordinated from the law offices of Chapman & Flanagan. Shares were funneled through accounts maintained by Chapman & Flanagan to further the illicit scheme. In this case the SEC says the corrupt lawyers were teamed with a series of unscrupulous accountants, some of whom prepared phony financial statements and filed false financial reports.

In essence, Exotics.com, the product of a reverse-merger – one of the specialties employed by Chapman and Flanagan – became a vehicle for these "professionals" to ride as they manipulated the marketplace.

The SEC is seeking, among other relief, to bar Chapman and Flanagan from future participation in penny stock offerings and to recover funds from the Flanagan law firm.

Pros

+ Highly effective at fighting spam
+ Easy to use

Cons

- Price
- Only supports Outlook and Outlook Express

Review

We test each spam filter by first sending 100 spam emails to a test account with the spam filter installed. If necessary, we then train the product, typically by pressing a button marking the email as spam. After the training process is complete, we then send a larger set of spam emails to the same account to determine the overall effectiveness of the product.

Installation

LashBack installed easily into both Outlook Express and Outlook 2000. When Outlook was started for the first time, Internet Explorer displayed a Flash based tutorial on how to use the product. The short tutorial was very helpful in becoming familiar with the function of each of the four LashBack toolbar buttons.

Usability

LashBack works much like other spam filtering applications. If a spam email gets into your Inbox, you designate it as spam using the 'LashBack' button and the message is moved automatically to the ‘Spam’ folder. If a legitimate email is erroneously marked as spam, simply click 'AddToSafeList' and emails from the sender will no longer be filtered.

Training

After installing LashBack for the first time, we downloaded 70 spam emails and 30 legitimate emails from our test account. The software quarantined 78 total emails of which 13 were legitimate emails. Five spam emails made it through (93% effectiveness).

The emails that slipped through the initial test were corrected using the ‘LashBack’ and ‘AddToSafeList’ buttons. We then downloaded another 283 spam messages and 17 legitimate emails. LashBack quarantined 266 emails, including 3 legitimate ones; another 20 spam emails were not identified as such. This puts LashBack accuracy up there with the other top spam filters at 94%. While LashBack was extremely effective at blocking spam, it tended to filter more legitimate emails than our #1 product, Spam Inspector.

Other Features

One feature that sets LashBack apart from the other spam filters is that it will attempt to unsubscribe you from distribution lists using an unsubscribe link, if available. While this is a nice feature, the worst spammers will not include a working unsubscribe link in their email. This could change with the advent of tougher anti-spam laws.

Summary

LashBack is easy to use and very effective at filtering spam out of your Inbox. The software is sold on a subscription ($3.99 per month, $29.99 per year) basis, which makes it a slightly more expensive product.

Price: $3.99 per month, $29.99 per year
Free Trial: Yes

Download Now!

This alert tells you how to spot different types of Internet fraud, what the SEC is doing to fight Internet investment scams, and how to use the Internet to invest wisely.

Navigating the Frontier: Where the Frauds Are

The Internet allows individuals or companies to communicate with a large audience without spending a lot of time, effort, or money. Anyone can reach tens of thousands of people by building an Internet web site, posting a message on an online bulletin board, entering a discussion in a live "chat" room, or sending mass e-mails. It's easy for fraudsters to make their messages look real and credible. But it's nearly impossible for investors to tell the difference between fact and fiction.

Online Investment Newsletters

Hundreds of online investment newsletters have appeared on the Internet in recent years. Many offer investors seemingly unbiased information free of charge about featured companies or recommending "stock picks of the month." While legitimate online newsletters can help investors gather valuable information, some online newsletters are tools for fraud.

Some companies pay the people who write online newsletters cash or securities to "tout" or recommend their stocks. While this isn't illegal, the federal securities laws require the newsletters to disclose who paid them, the amount, and the type of payment. But many fraudsters fail to do so. Instead, they'll lie about the payments they received, their independence, their so-called research, and their track records. Their newsletters masquerade as sources of unbiased information, when in fact they stand to profit handsomely if they convince investors to buy or sell particular stocks.

Some online newsletters falsely claim to independently research the stocks they profile. Others spread false information or promote worthless stocks. The most notorious sometimes "scalp" the stocks they hype, driving up the price of the stock with their baseless recommendations and then selling their own holdings at high prices and high profits. To learn how to separate the good from the bad, read our tips for checking out newsletters.

Bulletin Boards

Online bulletin boards – whether newsgroups, usenet, or web-based bulletin boards – have become an increasingly popular forum for investors to share information. Bulletin boards typically feature "threads" made up of numerous messages on various investment opportunities.

While some messages may be true, many turn out to be bogus – or even scams. Fraudsters often pump up a company or pretend to reveal "inside" information about upcoming announcements, new products, or lucrative contracts.

Also, you never know for certain who you're dealing with – or whether they're credible – because many bulletin boards allow users to hide their identity behind multiple aliases. People claiming to be unbiased observers who've carefully researched the company may actually be company insiders, large shareholders, or paid promoters. A single person can easily create the illusion of widespread interest in a small, thinly-traded stock by posting a series of messages under various aliases.

E-mail Spams

Because "spam" – junk e-mail – is so cheap and easy to create, fraudsters increasingly use it to find investors for bogus investment schemes or to spread false information about a company. Spam allows the unscrupulous to target many more potential investors than cold calling or mass mailing. Using a bulk e-mail program, spammers can send personalized messages to thousands and even millions of Internet users at a time.

How to Use the Internet to Invest Wisely

• get financial statements from the company and be able to analyze them;

• verify the claims about new product developments or lucrative contracts;

• call every supplier or customer of the company and ask if they really do business with the company; and

• check out the people running the company and find out if they've ever made money for investors before.

Here's how you can use the internet to help you invest wisely:

Start With the SEC's EDGAR Database

The federal securities laws require many public companies to register with the SEC and file annual reports containing audited financial statements. For example, the following companies must file reports with the SEC:

• All U.S. companies with more than 500 investors and $10 million in net assets; and

• All companies that list their securities on The Nasdaq Stock Market or a major national stock exchange such as the New York Stock Exchange.

Anyone can access and download these reports from the SEC's EDGAR database for free. Before you invest in a company, check to see whether it's registered with the SEC and read its reports.

But some companies don't have to register their securities or file reports on EDGAR. For example, companies raising less than $5 million in a 12-month period may be exempt from registering the transaction under a rule known as "Regulation A." Instead, these companies must file a hard copy of the "offering circular" with the SEC containing financial statements and other information. Also, smaller companies raising less than one million dollars don't have to register with the SEC, but they must file a "Form D." Form D is a brief notice which includes the names and addresses of owners and stock promoters, but little other information. If you can't find a company on EDGAR, call the SEC at (202) 942-8090 to find out if the company filed an offering circular under Regulation A or a Form D. And be sure to request a copy.

The difference between investing in companies that register with the SEC and those that don't is like the difference between driving on a clear sunny day and driving at night without your headlights. You're asking for serious losses if you invest in small, thinly-traded companies that aren't widely known just by following the signs you read on Internet bulletin boards or online newsletters.

Contact Your State Securities Regulators

Don't stop with the SEC. You should always check with your state securities regulator, which you can find on the website of the North American Securities Administrators Association, to see if they have more information about the company and the people behind it. They can check the Central Registration Depository (CRD) and tell you whether the broker touting the stock or the broker's firm has a disciplinary history. They can also tell you whether they've cleared the offering for sale in your state.

Check with the NASD

The National Association of Securities Dealers, Inc. can also give you a partial disciplinary history on the broker or firm that's touting the stock. Call their toll-free public disclosure hot-line at (800) 289-9999 or visit their website at http://www.nasdr.com.

Online Investment Fraud:
New Medium, Same Old Scam

The types of investment fraud seen online mirror the frauds perpetrated over the phone or through the mail. Remember that fraudsters can use a variety of Internet tools to spread false information, including bulletin boards, online newsletters, spam, or chat (including Internet Relay Chat or Web Page Chat). They can also build a glitzy, sophisticated web page. All of these tools cost very little money and can be found at the fingertips of fraudsters.

Consider all offers with skepticism. Investment frauds usually fit one of the following categories:

The "Pump And Dump" Scam

It's common to see messages posted online that urge readers to buy a stock quickly or tell you to sell before the price goes down. Often the writers will claim to have "inside" information about an impending development or to use an "infallible" combination of economic and stock market data to pick stocks. In reality, they may be insiders or paid promoters who stand to gain by selling their shares after the stock price is pumped up by gullible investors. Once these fraudsters sell their shares and stop hyping the stock, the price typically falls and investors lose their money. Fraudsters frequently use this ploy with small, thinly-traded companies because it's easier to manipulate a stock when there's little or no information available about the company.

The Pyramid

Be wary of messages that read: "How To Make Big Money From Your Home Computer!!!" One online promoter claimed that investors could "turn $5 into $60,000 in just three to six weeks." In reality, this program was nothing more than an electronic version of the classic "pyramid" scheme in which participants attempt to make money solely by recruiting new participants into the program.

The "Risk-Free" Fraud

"Exciting, Low-Risk Investment Opportunities" to participate in exotic-sounding investments – such as wireless cable projects, prime bank securities, and eel farms – have been offered through the Internet. But no investment is risk-free. And sometimes the investment products touted do not even exist – they're merely scams. Be wary of opportunities that promise spectacular profits or "guaranteed" returns. If the deal sounds too good to be true, then it probably is.

Off-shore Frauds

At one time, off-shore schemes targeting U.S. investors cost a great deal of money and were difficult to carry out. Conflicting time zones, differing currencies, and the high costs of international telephone calls and overnight mailings made it difficult for fraudsters to prey on U.S. residents. But the Internet has removed those obstacles. Be extra careful when considering any investment opportunity that comes from another country, because it's difficult for U.S. law enforcement agencies to investigate and prosecute foreign frauds.

Email boxes are filling up with more offers for business
opportunities than any other kind of unsolicited commercial email. That's a
problem, according to the Federal Trade Commission, because many of these
offers are scams.

In response to requests from consumers, the FTC asked email users
to forward their unsolicited commercial email to the agency for an inside look
at the bulk email business. FTC staff found that more often than not, bulk
email offers appeared to be fraudulent, and if pursued, could have ripped-off
unsuspecting consumers to the tune of billions of dollars.

The FTC has identified the 12 scams that are most likely to arrive
in consumers' email boxes. The "dirty dozen" are:

1. Business opportunities

These business opportunities make it sound easy to start a business
that will bring lots of income without much work or cash outlay. The
solicitations trumpet unbelievable earnings claims of $140 a day, $1,000 a day,
or more, and claim that the business doesn't involve selling, meetings, or
personal contact with others, or that someone else will do all the work. Many
business opportunity solicitations claim to offer a way to make money in an
Internet-related business. Short on details but long on promises, these
messages usually offer a telephone number to call for more information. In many
cases, you'll be told to leave your name and telephone number so that a
salesperson can call you back with the sales pitch.

The scam: Many of these are illegal pyramid schemes masquerading as
legitimate opportunities to earn money.

2. Bulk email

Bulk email solicitations offer to sell you lists of email
addresses, by the millions, to which you can send your own bulk solicitations.
Some offer software that automates the sending of email messages to thousands
or millions of recipients. Others offer the service of sending bulk email
solicitations on your behalf. Some of these offers say, or imply, that you can
make a lot of money using this marketing method.

The problem: Sending bulk email violates the terms of service of
most Internet service providers. If you use one of the automated email
programs, your ISP may shut you down. In addition, inserting a false return
address into your solicitations, as some of the automated programs allow you to
do, may land you in legal hot water with the owner of the address's domain
name. Several states have laws regulating the sending of unsolicited commercial
email, which you may unwittingly violate by sending bulk email. Few legitimate
businesses, if any, engage in bulk email marketing for fear of offending
potential customers.

3. Chain letters

You're asked to send a small amount of money ($5 to $20) to each of
four or five names on a list, replace one of the names on the list with your
own, and then forward the revised message via bulk email. The letter may claim
that the scheme is legal, that it's been reviewed or approved by the
government; or it may refer to sections of U.S. law that legitimize the scheme.
Don't believe it.

The scam: Chain letters-traditional or high-tech-are almost always
illegal, and nearly all of the people who participate in them lose their money.
The fact that a "product" such as a report on how to make money fast, a mailing
list, or a recipe may be changing hands in the transaction does not change the
legality of these schemes.

4. Work-at-home schemes

Envelope-stuffing solicitations promise steady income for minimal
labor-for example, you'll earn $2 each time you fold a brochure and seal it in
an envelope. Craft assembly work schemes often require an investment of
hundreds of dollars in equipment or supplies, and many hours of your time
producing goods for a company that has promised to buy them.

The scam: You'll pay a small fee to get started in the
envelope-stuffing business. Then, you'll learn that the email sender never had
real employment to offer. Instead, you'll get instructions on how to send the
same envelope-stuffing ad in your own bulk emailings. If you earn any money, it
will be from others who fall for the scheme you're perpetuating. And after
spending the money and putting in the time on the craft assembly work, you are
likely to find promoters who refuse to pay you, claiming that your work isn't
up to their "quality standards."

5. Health and diet scams

Pills that let you lose weight without exercising or changing your
diet, herbal formulas that liquefy your fat cells so that they are absorbed by
your body, and cures for impotence and hair loss are among the scams flooding
email boxes.

The scam: These gimmicks don't work. The fact is that successful
weight loss requires a reduction in calories and an increase in physical
activity. Beware of case histories from "cured" consumers claiming amazing
results; testimonials from "famous" medical experts you've never heard of;
claims that the product is available from only one source or for a limited
time; and ads that use phrases like "scientific breakthrough," "miraculous
cure," "exclusive product," "secret formula," and "ancient ingredient."

6. Effortless income

The trendiest get-rich-quick schemes offer unlimited profits
exchanging money on world currency markets; newsletters describing a variety of
easy-money opportunities; the perfect sales letter; and the secret to making
$4,000 in one day.

The scam: If these systems worked, wouldn't everyone be using them?
The thought of easy money may be appealing, but success generally requires hard
work.

7. Free goods

Some email messages offer valuable goods-for example, computers,
other electronic items, and long-distance phone cards-for free. You're asked to
pay a fee to join a club, then told that to earn the offered goods, you have to
bring in a certain number of participants. You're paying for the right to earn
income by recruiting other participants, but your payoff is in goods, not
money.

The scam: Most of these messages are covering up pyramid schemes,
operations that inevitably collapse. Almost all of the payoff goes to the
promoters and little or none to consumers who pay to participate.

8. Investment opportunities

Investment schemes promise outrageously high rates of return with
no risk. One version seeks investors to help form an offshore bank. Others are
vague about the nature of the investment, stressing the rates of return. Many
are Ponzi schemes, in which early investors are paid off with money contributed
by later investors. This makes the early investors believe that the system
actually works, and encourages them to invest even more.

Promoters of fraudulent investments often operate a particular scam
for a short time, quickly spend the money they take in, then close down before
they can be detected. Often, they reopen under another name, selling another
investment scam. In their sales pitch, they'll say that they have high-level
financial connections; that they're privy to inside information; that they'll
guarantee the investment; or that they'll buy back the investment after a
certain time. To close the deal, they often serve up phony statistics,
misrepresent the significance of a current event, or stress the unique quality
of their offering-anything to deter you from verifying their story.

The scam: Ponzi schemes eventually collapse because there isn't
enough money coming in to continue simulating earnings. Other schemes are a
good investment for the promoters, but no for participants.

9. Cable descrambler kits

For a small sum of money, you can buy a kit to assemble a cable
descrambler that supposedly allows you to receive cable television
transmissions without paying any subscription fee.

The scam: The device that you build probably won't work. Most of
the cable TV systems in the U.S. use technology that these devices can't crack.
What's more, even if it worked, stealing service from a cable television
company is illegal.

10. Guaranteed loans or credit, on easy terms

Some email messages offer home-equity loans that don't require
equity in your home, as well as solicitations for guaranteed, unsecured credit
cards, regardless of your credit history. Usually, these are said to be offered
by offshore banks. Sometimes they are combined with pyramid schemes, which
offer you an opportunity to make money by attracting new participants to the
scheme.

The scams: The home equity loans turn out to be useless lists of
lenders who will turn you down if you don't meet their qualifications. The
promised credit cards never come through, and the pyramid money-making schemes
always collapse.

11. Credit repair

Credit repair scams offer to erase accurate negative information
from your credit file so you can qualify for a credit card, auto loan, home
mortgage, or a job.

The scam: The scam artists who promote these services can't
deliver. Only time, a deliberate effort, and a personal debt repayment plan
will improve your credit. The companies that advertise credit repair services
appeal to consumers with poor credit histories. Not only can't they provide you
with a clean credit record, but they also may be encouraging you to violate
federal law. If you follow their advice by lying on a loan or credit
application, misrepresenting your Social Security number, or getting an
Employer Identification Number from the Internal Revenue Service under false
pretenses, you will be committing fraud.

12. Vacation prize promotions

Electronic certificates congratulating you on "winning" a fabulous
vacation for a very attractive price are among the scams arriving in your
email. Some say you have been "specially selected" for this opportunity.

The scam: Most unsolicited commercial email goes to thousands or
millions of recipients at a time. Often, the cruise ship you're booked on may
look more like a tug boat. The hotel accommodations likely are shabby, and you
may be required to pay more for an upgrade. Scheduling the vacation at the time
you want it also may require an additional fee.

+ The most effective protection against spam out of all products tested.

Cons

- Some minor cosmetic glitches with the user interface on Windows XP
- More features than most users would ever use.

Review

We test each spam filter by first sending 100 spam emails to a test account with the spam filter installed. If necessary, we then train the product, typically by pressing a button marking the email as spam. After the training process is complete, we then send a large set of spam emails to the same account to determine the overall effectiveness of the product.

We tested each spam filter on Outlook Express, Eudora, and Yahoo.

Installation

Spam Inspector installed perfectly the first time. It correctly found our email clients and integrated into each one automatically. The first time we ran Outlook, it popped up a helpful screen of information teaching us how to get started. However, spam filtering did not appear to work at all the first time we ran the program … but this was our fault. The installation program instructed us to reboot our PC before running the program, but we ignored it. After a reboot everything worked perfectly.

Usability

Spam Inspector was easy to use. It installed a toolbar directly into Outlook Express with just a few, easy-to-understand buttons:

The first two buttons, “Is Spam” and “Not Spam” allow you to teach the program which email is spam and which isn’t. However, other buttons allow you to simulate a bounce message back to the sender, reducing the possibility of receiving more spam, or even report abuse to the sender’s ISP with a single-click of the button (note: this is addictive!).

We did notice a few minor cosmetic issues on Windows XP, but this may be due to the fact that we are using an LCD display rotated at 90 degrees. Unlike most other vendors, the makers of Spam Inspector paid great attention to aesthetics down to the most trivial of help screens and it shows.

Training

Immediately after installing Spam Inspector for the first time, we downloaded 96 spam emails and 4 legitimate emails from our test account. It quarantined all 96 of the spam messages and allowed the 4 legitimate emails to pass through … 100% accuracy!

There was nothing to train, so we then imported an additional 291 spam email and 15 legitimate emails. Spam Inspector quarantined 289 of them (99.3%) and allowed the legitimate emails to pass through. This was the most impressive effectiveness of any of the products we’ve tested, and far better than Yahoo, AOL, or Hotmail’s built-in spam filters. This was even more impressive considering that SI achieved this accuracy with the “out-of-box” settings (ie: no training). Presumably with training, the accuracy would have been even higher.

Other Features

Spam Inspector has few flaws, but we did feel that the sheer number of features can be confusing. Unlike most of the products we tested which have too few features, Spam Inspector allows you to exert control over every aspect of the program, and this can make the options screen a little daunting for some users. Fortunately, they’ve tucked this functionality away so the average user will never be bothered by it.

Other features include friend and enemy lists, abuse reporting, and automatic update. One feature we found helpful that is not found in any other spam filtering program is that Spam Inspector maintains a list of known opt-in email newsletters. If you attempt to block an opt-in email, the program will alert you, letting you know that it comes from a reputable source.

Summary

Spam Inspector was by far the most effective spam filter we could find. While jam-packed with features, its unobtrusive and easy-to-use interface and competitive price make this your best bet.

Price: $29.95 $19.95 for SpamReviews readers (Enter discount code SPAMFIGHTER)
Free Trial: Yes - Click here to download

Pros

+ Very good protection against spam.

Cons

- Light on extra features, such as reporting spam abuse
- Leaving messages on server causes them to be re-downloaded on every refresh

Review

We test each spam filter by first sending 100 spam emails to a test account with the spam filter installed. If necessary, we then train the product, typically by pressing a button marking the email as spam. After the training process is complete, we then send a different set of spam emails to the same account to determine the overall effectiveness of the product.

If applicable, we tested each spam filter on Outlook Express, Eudora, and Yahoo.

Installation

SpamNet installed perfectly the first time. It installed seamlessly into both Outlook and Outlook Express.

Usability

Like other good spam filtering applications, SpamNet was very easy to use. It installed a toolbar directly into Outlook Express with just two buttons, “Block” and “Unblock” (it also had an options button):

We did have a very big technical problem with SpamNet. We use our email accounts from both work and home, and in order to ensure that we have access to them at both locations, we’ve configured our email clients to leave the messages for five days on the server instead of removing them. SpamNet would download the same messages each time from the server. This product would be much better if it remembered which email it had already checked.

Training

After installing SpamNet for the first time, we downloaded 96 spam emails and 4 legitimate emails from our test account. It correctly quarantined 50 of the spam emails (52%) and allowed the legitimate emails through.

We then selected the 46 spam messages and clicked on the “block” button. This sends information about the spam emails back to Cloudmark. Each time you block an email, it counts as a vote. When a spam email gets enough negative votes from users, SpamNet will then filter it from everyone’s email inbox. At least, this is how it works in theory. The real test came next.

We then imported an additional 291 spam email and 15 legitimate emails. Spamnet quarantined 238 of them (82%) and allowed all of the legitimate emails to pass through … much better than the initial test. It allowed some spam through, such as a faked Yahoo forum newsletter, several Viagara ads, mortgage solicitations, as well as an ad for an adult website.

Other Features

SpamNet does little more than filter spam. It doesn’t give you the ability to report spammers, and while there is a “whitelist” feature that lets you tell SpamNet which addresses to always allow, it is very basic. For instance, you can’t allow or disallow certain domain names or servers.

Summary

SpamNet provided very good protection, although not perfect. It lacks any additional features beyond spam filtering and it is higher priced than our top picks.

Price: $39.95
Free Trial: YES

Pros

+ Near perfect protection against spam
+ Lots of useful added features, such as abuse reporting.

Cons

- A bit higher priced than other products.

Review

We test each spam filter by first sending 100 spam emails to a test account with the spam filter installed. If necessary, we then train the product, typically by pressing a button marking the email as spam. After the training process is complete, we then send a different set of spam emails to the same account to determine the overall effectiveness of the product.

If applicable, we tested each spam filter on Outlook Express, Eudora, and Yahoo.

Installation

SpamKiller was a pain in the butt to install. The McAfee website makes use of an ActiveX installer and pop-ups. It took us awhile to figure out that we had to disable our anti-spyware tool (Webroot's Spy Sweeper - click here for a review) and our pop-up stopper before the software would install properly. However, once we got around this issue, the software installed without any further difficulties. SpamKiller detected our existing email accounts and imported our address books automatically.

Usability

Spam filtering software generally comes in two flavors. The first kind is embedded entirely within your email client. The second runs in the background and periodically polls your email server and removes spam when you find it.

SpamKiller is a hybrid. One portion of the program locates each of your email accounts and then runs in the background, removing spam. The other is embedded in your webbrowser, giving you an easy way to block spam that has made it through the filter from directly within your email client.

The user interface for Spam Killer was very pleasing. As with all of their products, McAfee devotes considerable attention to design.

Training

After installing SpamKiller for the first time, we downloaded 96 spam emails and 4 legitimate emails from our test account. It correctly quarantined all of the spam emails (100%) and allowed the legitimate emails through. This was a perfect result!

We then added our second test account to Spam Killer. This account had 291 spam emails and 15 legitimate ones as well. Spam Killer quarantined 268 of them (92%) and allowed all of the legitimate emails to pass through. These results were the second best of all the products we tested.

Other Features

SpamKiller has many additional features, including a nice reporting interface. Like Spam Inspector, Spam Killer allows you to report spammers to their ISPs, although this functionality isn’t as nice or as complete as Spam Inspector. Spam Killer also has a very easy to understand rules interface that can allow you to easily customize your filtering should you so desire.

Summary

SpamKiller provides near perfect protection against spam and many additional useful features. It is a little more expensive than Spam Inspector and the purchase price only includes a one-year subscription, but we found it to be the best alternative.

Price: $24.95
Free Trial: No

Buy Now

Pros

+ None!

Cons

- Below average protection against spam
- Does not integrate into email client
- Minimal functionality

Review

We test each spam filter by first sending 100 spam emails to a test account with the spam filter installed. If necessary, we then train the product, typically by pressing a button marking the email as spam. After the training process is complete, we then send a different set of spam emails to the same account to determine the overall effectiveness of the product.

If applicable, we tested each spam filter on Outlook Express, Eudora, and Yahoo.

Installation

SpamButcher installed perfectly the first time. After we installed, it asked us for our email address and automatically configured itself. SpamButcher requires your password to auto-configure, but this information is not accessible by anyone else.

Usability

SpamButcher does not integrate into your email client. Instead, it runs in the background and periodically checks your email, removing any spam it finds. Like other spam filtering programs that utilize this approach (as opposed to direct integration into your email client), this can cause problems for you if you use the same email account from different locations, especially if you need to locate a legitimate email that was blocked accidentally.

This product had one very annoying feature. You have to click on the system tray to examine your spam, because it doesn’t appear in the task bar, nor can you alt-tab to it.

Training

After installing SpamButcher for the first time, we downloaded 96 spam emails and 4 legitimate emails from our test account. It quarantined 35 spam emails (36% accuracy) and also blocked all of our legitimate email. Not a good start.

After recovering our blocked email, we then imported an additional 291 spam email and 15 legitimate emails. SpamButcher quarantined 122 of them (42%) and allowed 11 of the legitimate emails to pass through. This wasn’t nearly as good as other products we tested.

Other Features

The product was light on features. It does not have a community feature nor some of the more advanced algorithms that our other top ranked products have.

Summary

Spam Butcher provided average protection against spam. It is a light on features and higher priced than other more effective products.

Price: $39.95
Free Trial: YES

There are a few tools that you'll need before you launch your anti-spam campaign:

1. nslookup, which translates an IP address into a domain name,
2. whois, which gives you domain address and contact information, and
3. traceroute, which tells you the path by which your machine reaches another.

How Do We Start?

First, we need to determine the proper places to send our complaint. Forget about sending a nastygram directly to the sender. That information is easily forged, and there is a better than average chance that your nastygram will result in your being added to another mailing list. (While I'm on the subject, never respond to the "do this to remove your name" offer. All that will do is verify your address and get you on more mailing lists.)

All e-mail, even that from spammers, must enter the Internet someplace. It's our job to figure out where that happens. Most Internet services providers dislike spam almost as much as we do since it bogs down system resources, and most will take action against an offender as soon as we tell them about it.

We start by examining the header, that arcane mess that precedes the actual message body. To do that, you'll have to set your mail reader to display the full header info, rather than the four-line default. Check your mail program's manual or online help to learn how.

Before we begin, it is necessary to learn a bit about where e-mail comes from. Although many people think that a message goes directly from my computer to yours, a typical piece of email goes through at least four different computers during its journey. For example, suppose I drop Computer Bits editor Paul Heinlein a note. When it leaves my desk, the header looks something like this: To: Paul Heinlein <editor@computerbits.com> From: Gary Shuster <papabear@ix.netcom.com> Subject: Possible anti-spam article

By the time Paul gets it, the header will look somewhat different: Return-Path: <papabear@ix.netcom.com> Received: from dfw-ix13.ix.netcom.com (dfw-ix13.ix.netcom.com [206.214.98.13]) by macbeth.computerbits.com (8.8.5/8.8.5) with ESMTP id KAA22220 for <editor@computerbits.com>; Mon, 17 Nov 1997 10:57:12 -0800 Received: (from smap@localhost) by dfw-ix13.ix.netcom.com (8.8.4/8.8.4) id MAA19835 for <editor@computerbits.com>; Mon, 17 Nov 1997 12:56:49 -0600 (CST) Received: from prt-or4-29.ix.netcom.com (207.220.32.157) by dfw-ix13.ix.netcom.com via smap (V1.3) id rma019807; Mon Nov 17 12:56:45 1997 Message-Id: <3.0.5.32.19971117105643.007ac3b0@popd.ix.netcom.com> X-Sender: papabear@popd.ix.netcom.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Mon, 17 Nov 1997 10:56:43 -0800 To: Paul Heinlein <editor@computerbits.com> From: Gary Shuster <papabear@ix.netcom.com> Subject: Possible anti-spam article In-Reply-To: <3.0.32.19971114160055.00a67bb0@macbeth.computerbits.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"

Each computer which handled my message added something to the header, and it is this additional info we can use to help track spam back to its source. We'll be paying particular attention to the Received: lines. These lines show, in reverse order, the domains through which an e-mail went getting from sender to recipient. In fact, the Received: lines are the only parts of the header useful to us since spammers can easily forge everything else.

A good rule of thumb is never to believe any part of the header other than Received: lines, and never believe any Received: line you can't verify. Just assume everything else is forged.

Received: lines use a distinct syntax: Received: from <one system> by <the next system> on <date and time> (time expressed in hours from GMT). The rest of the verbiage contained in the Received: line can be ignored.

In our example, the top Received: line is pretty typical: Received: from dfw-ix13.ix.netcom.com (dfw-ix13.ix.netcom.com [206.214.98.13]) by macbeth.computerbits.com (8.8.5/8.8.5) with ESMTP id KAA22220 for <editor@computerbits.com>; Mon, 17 Nov 1997 10:57:12 -0800.

Demystified, this says that a mail server called macbeth at computerbits.com received a message from a mail server calling itself dfw-ix13.ix.netcom.com on Mon, 17 Nov 1997 at 10:57:12 local time, which is eight hours behind GMT, or PST.

Notice I said "calling itself." We don't know yet if the domain is real or bogus. Have a look at the phrase in parentheses. The receiving computer automatically logs the IP address of the sender, and some will also do a reverse lookup to verify the domain name. If the two agree, you can be reasonably certain that the domain is legitimate. In this case, it says that the IP address logged really is a server at Netcom. In cases where the IP address resolves to something else, always believe the IP address.

Now is a good time to note that the actual domain name is ix.netcom.com. The dfw-ix13 is a specific computer within the domain, and may be ignored for our purposes.

If the mail handler doesn't have the automatic lookup feature, you'll have to track this information down yourself using nslookup. nslookup will handle either domain names or IP addresses, and when we run it on 206.214.98.13, we get

Host name: dfw-ix13.ix.netcom.com
IP address: 206.214.98.13
Alias(es): None

In other words, that Received: line wasn't lying: 206.214.98.13 really is dfw-ix13.ix.netcom.com.

A Word About Relaying

Before the Net became as all-encompassing as it is today, it was considered good netiquette for a server to relay messages from a domain on one network to a domain on another. Because relaying is no longer needed, many ISPs, especially those in the US, have blocked access to that facility (They are "closed," to use industry parlance.)

However, there are still "open" servers elsewhere in the world, and once spammers have located such a server, they route their trash through it, in a process known as either hijacking or pirating.

Hijacked servers are easy to spot, because they have no relationship to either the sender or the recipient. Legitimate e-mail generally goes from one mail handler to another in a fairly organized process, which is easily followed by looking at the Received: lines. If you are examining a header and run across a line which says it was sent to you from hauptstadt.penzberg.de or some such, you can be pretty sure that the server was hijacked.

Let's Get Serious

The header information for a typical unsolicited message looks something like this: Return-Path: <scarevi78@msn.com> Received: from marketbiz.com ([207.159.141.4]) by ixmail1.ix.netcom.com (8.8.7-s-4/8.8.7/(NETCOM v1.01)) with ESMTP id KAA08287; ; Sun, 7 Dec 1997 10:52:42 -0800 (PST) From: scarevi78@msn.com Received: from marketbiz.com (port15.plea.prodigy.net 204.237.182.15]) by marketbiz.com (8.8.7/8.8.5) with SMTP id KAA07188; Sun, 7 Dec 1997 10:51:42 -0800 (PST) Received: from mailhost.webtrak.com(alt1.delphi.com(218.2.61.29)) by delphi.com (8.8.5/8.6.5) with SMTP id GAA05357 for ; Sun, 07 Dec 1997 13:43:41 -0600 (EST) Date: Sun, 07 Dec 97 13:43:41 EST To: Friend@public.com Subject: Make $$$ Fast Message-ID: <71940249278.SWA08874@delphi.com> X-PMFLAGS: 34078848 0 X-UIDL: n67dc78bvc34fv90mbaz67kn3cx5vs28 Comments: Authenticated sender is <ritz78654@delphi.com>

The first Received: line can't be forged since it's added by the receiving computer. Thus, the message really did originate from a computer whose IP address is 207.159.141.4. Whether or not it really is marketbiz.com remains to be seen.

Running a DNS Lookup tells us that 207.159.141.4 is really something called lightrealm.net. So let's use whois to see if marketbiz.com is real or not:

ACS Hi-Tech Media MARKETBIZ-DOM
3615 Halekipa Place
Honolulu, HI 96816
US

Domain Name: MARKETBIZ.COM

Administrative Contact:
Cabanilla, Flor M FMC12 funix@JUNO.COM
808-737-3064
Technical Contact, Zone Contact:
DNS Administrator DA352-ORG dns@LIGHTREALM.COM
tel.: 206-827-0900 fax.: 206-827-8244 http://www.lightrealm.com
Billing Contact:
Cabanilla, Flor M FMC12 funix@JUNO.COM
808-737-3064

So it is a real domain after all, and appears to have something of an incestuous relation ship with lightrealm.com.

The second Received: line says that Lightrealm got the message from Prodigy. This, too, checks out when you run DNS Lookup.

However, the third Received: line is a phony. You can tell quickly by looking at the timestamp. "-0600 (EST)" is incorrect. EST is five hours behind GMT, so it should say, "-0500 (EST)." You can safely ignore the rest of the header, since once you find one forged line its a safe bet that all lines below it are phony. (By the way, any IP address containing a number greater than 255 is also a phony.)

So, what do we know? We know that this piece of mail went from Prodigy to Lightrealm to me. What we don't know is whether or not Lightrealm is guilty of complicity or simply an innocent bystander. Let's find out.

A good place to start is the domain's Web site. (Use http://www.domain.name, in this case http://www.lightrealm.com/.) Most mainstream providers will have stated in their Policies and Procedures that spamming is grounds for termination. Lightrealm appears to have no such policy, which may mean that as far as it's concerned, spam is OK.

What about marketbiz.com? Hmm, it doesn't appear to have a Web site. Now what?

Using traceroute

traceroute tells you the Internet route by which one computer can contact another. It should be used only on the domain which actually passed the message to your server. A traceroute from my computer back to Lightrealm provides the following information:

Trace 207.159.141.4 ...

165.236.129.1 RTT: 144ms TTL: 0 (prt-or-gw1.netcom.net)
165.236.138.57 RTT: 169ms TTL: 0 (h0-024-stl-wa-gw1.netcom.net)
163.179.232.54 RTT: 306ms TTL: 0 (h4-0-1-scl-ca-gw3.netcom.net)
163.179.232.62 RTT: 189ms TTL: 0 (h4-0-mae-west.netcom.net)
198.32.136.11 RTT: 182ms TTL: 0 (sl-mae-w-F0/0.sprintlink.net)
144.228.10.45 RTT: 183ms TTL: 0 (sl-bb2-stk-2-0-T3.sprintlink.net)
144.232.4.69 RTT: 172ms TTL: 0 (sl-bb11-stk-4-2-155M.sprintlink.net)
144.232.8.30 RTT: 181ms TTL: 0 (sl-bb4-sea-5-0-0.sprintlink.net)
144.228.90.6 RTT: 196ms TTL: 0 (sl-gw4-sea-0-0.sprintlink.net)
144.228.96.6 RTT: 197ms TTL: 0 (sl-televar-1--T3.sprintlink.net)
207.159.128.17 RTT: 202ms TTL: 0 (sea-core1-f500.lightrealm.net)
207.159.141.4 RTT: 216ms TTL:242 (No rDNS)

What we can tell from that information is that Lightrealm connects to the Internet using Sprint (hence the many hops though sprintlink.net).

This means that our complaints should go to three places:

1. Prodigy, the message's earliest legitimate point of origin

2. Lightrealm, the administrative contact for Marketbiz, and

3. Sprint, the company providing Internet access to Lightrealm.

Sending a Complaint

Once you're ready to complain, for a list of complaint addresses. If you don't find the domain you're after, address your complaint to postmaster@the-domain. All domains must have a monitored address called postmaster so if you get an undeliverable message bounce-back from the first letter of complaint, send the second to postmaster. You can also run whois and notify the administrator.

Make sure that you forward the entire header. Without it, the ISP can do nothing. You can safely delete the message body, although if the spammer has included a Web reference or contact e-mail address, you should pass it along. (In spite of arguments to the contrary, junk mailers are human. I have seen spam in which the mailer took great pains to disguise the header -- then used his real e-mail address in the body.)

A couple of notes on getting a helpful response to your complaint:

1. Be polite. It's possible the domain to which you're complaining is also an innocent victim, and it won't do your cause any good to talk disparagingly about his ancestry or eating habits.

2. Be patient. Many ISPs are inundated with spam complaints, and replies can be spotty. Sometimes you'll get an automatic reply; sometimes nothing. Sometimes you'll get a personal note that the offender's account has been terminated. That makes all the extra work worthwhile.

A rough definition of spam is any unsolicited email sent against the interest and knowledge of the recipient, usually with no intention of a response other than to visit a website or sell a product. These emails are usually sent out in large numbers to many recipients. However, it is important to differentiate between unsolicited email which can be labeled as spam and solicited email. Solicited email my have the same goals as unsolicited email, but you may receive a solicited email that the sender has deemed to be in your interest, or related to a previous interest. spam email, however, is usually sent without any knowledge or consideration of the recipients interests, and is sent out only with the desired result in mind. ]]> 2004-06-07T23:53:08Z 2004-06-07T23:52:44Z tag:www.spamreviews.com,2004://1.15 2004-06-07T23:52:44Z