The Email Hoax and SPAM (self propelled advertising material) Page

My take on E-mail hoaxes

>The "Win a holiday" message  is a hoax - it is one of any number similar sounding hoaxes that are floating around the internet.  While it is true that Bill Gates is a very rich man, he isn't going to send you to Disneyland, or Acapulco, or even to Redmond, Washington; simply if you read or forward his E-mail. Likewise, the American Cancer Society isn't going to donate $.03 to a little girl who is dying of concer if you forward this E-mail.

On the other hand, virtual petitions and other calls to political action might be legitimate. Individual decision makers are individuals, and each one measures the power of a list of thousands of E-mailers differently.

E-mails and viruses

It used to be that E_mail was text, and you read it. Then, somebody invented a way to encode binary files for transmission by E-mail (not Microsoft). Then somebody else (again, not Microsoft) invented a method of compressing data and combining several files into a single file. So far, no problem: you had to decode and decompress a file you received before you could do anything with it. So computer experts, including myself, were comfortable making statements like: "While it is possible to get a virus via E-mail (especially if you are running Microsoft Outlook), it is not possible to get a virus simply by opening the E-mail.  You have to execute something, you have to run something, in order for a virus to infect your machine.  Otherwise, you can actually inspect a virus in complete safety, so long as you don't run it, and you don't run E-mails, you read them."

Now, if somebody were to send you a binary file as an attachment (either UUencoded, MIME encoded, or BinHex encoded), I would delete the attachment.  This is true for Word for Windows documents, Excel spreadsheets, .EXE and .COM files and ACCESS databases.  If you feel you must send one of these structured datatypes, send it as an ASCII file or an RTF file (If you don't know what this means, send me an E-mail and I will explain). In general, you shouldn't need to send binary files.

If you are really and truly concerned about viruses on your computer, then to the extent that you can, replace Microsoft systems with other systems: use Netscape instead of Internet explorer, use Eudora (you can get Eudora light for free) instead of Outlook or Exchange.  If you can, replace windows with Linux or freeBSD - secure, reliable operating systems.  The Microsoft world view puts a premium on features without thinking about possible adverse consequences.

I get about 3 or 4 E-mails a week on the subject of E-mail hoaxes - it is a matter of some concern.  Some are hoaxes, some are legitimate.  About the best advice I can give you in the future is, when you receive a virus warning, find a computer expert you trust and ask him or her for their opinion on what the virus is and what should be done.  Then, and only then, should you forward the mail

What do computer experts do about this problem?

If you are a computer expert, then here are some clues that a virus warning is legitimate.

  1. If you read about it in CERT's website or at Microsoft's website, then it is legitimate.  It is possible but unlikely that either Microsoft or CERT would let their sites get hacked, so these are reliable places to go.  The problem is that both of these sites have so many things they are working on, it is hard to find what you want to know.  The CERT has a FAQ (Frequently Asked Question) list, and a page on hoaxes.
  2. If the virus warning ennumerates which platforms it works on, then it might be legimate; but if it doesn't ennumerate which platforms it works on, then it probably isn't legitimate.  Remember that a Windows virus probably can't run on Linux, and vice versa.  A Windows virus can't run on a Macintosh (unless you have a windows emulator).  A Macro virus can only run on the programs with that macro language.
  3. If it explains the technical details about how the virus works, then it might be legitimate.  Warnings that are vuage on the details about how the virus works are probably faked.  The "Win a holiday" hoax is vague and self-contradictory - first it says there is nothing you can do, and then it says to take precautions.  "Take precautions" in an of itself is vague - specifically what should you do?  Examples of specific instructions include:
  4. If the warning discusses the security flaws in the MS-Windows security setup - there are so many flaws in the MS-Windows system that there is no point in discussing them.  If you are relying on your Microsoft operating system for security - you need help.  That's not to say you can't have secure data on MS-Windows; just lock the doors at night.
Finally, remember that diversity in nature is one of the defenses against viruses (other animals don't get AIDs, humans don't get Feline leukemia - both diseases are caused by Viruses).  Diversity in computers is also a defense against viruses.  Windows/95, Windows/98, and Windows/NT are not diversity.  But the computer world is remarkably diverse: Linux on PC, Alpha, PowerPC, MIPS, SPARC, Merced, M68xxx, PDP-11... is diversity.  OS/360 and its EBCDIC speaking descendents are diversity. MPE, RSTS, RSX-11, CP/M, openVMS, MacOS, be, Mach, BSD, system V, QNX, IRIX, Idris, Apollo, pick are all diverse operating ssytems. For secure, highly reliable applications, where failure is not an option, don't use Microsoft operating systems.

If you have any questions, please E-mail me at home:

Other E-Mail Hoax websites.

The "Win a Holiday" email is a HOAX!!!    SEE:  for more information.
The "Little Girl Dying of Cancer email is a HOAX!!!  See or for more information
Bill Gates is not going to give you money for sending an E-mail. Bill Gates won't even honor the guarantee that comes with Windows/98, and that's a legal obligation!

Other good hoax sites include:

Check them out!  Don't be fooled again!!

SPAM (self propelled advertising material)

In Washington State, it is illegal to send SPAM, and it is illegal to send SPAM to a Washington citizen.  See the enabling legislation.

What you can do about it

Legally and morally

You can E-mail them and ask them to stop sending you E-mail, but that's always a dubious proposition because now they know that they have an E-mail address that's actually used.

E-mail them to mail you more information using snail mail, er, I mean, the U.S. Mail. Then, don't respond to their mailing. It costs a significant amount of money (about $.20) to send a real mailing. If everybody did that, then the marketing costs would kill them. Eventually.  

Legally but of dubious morality

Call their 800 number.  Not once, but many times....

Illegally but effectively

Wanna take out SPAMMER?  Alright, you can do it because of an intrinsic design flaw in TCP/IP: the security functions are near the top of the OSI model.  So we bypass the higher level functions and take out the lower level stuff with things like mail bombs and bad TCP connections. A "mail bomb" is a program that takes out a mail system - there are several ways to do it. My favorite method is a special program that connects to the victim's E_mail port and starts the process of sending a mail message, but never finishes it. Repeat over and over again. This is especially effective on Exchange server, because of a design flaw inside it. SPAMmers traditionally use Microsoft operating systems because they are too stupid to master something that takes a little thought (if they could think, they would get legitimate jobs).

Technically, a mail bomb is illegal because it is a form of wire fraud. It might also be construed as an act of vandalism. However, it is hard to prove in court, before a jury of peers. And the defendant would be asked why he or she might do such a thing, at which point the victims' actions would be introduced. It's always hard to predict what a jury will do, but they have been known to stand up and cheer the defendent.