Well it happened again on Sunday.

Spam emails that is. A heap of them from a number of Telecom Xtra accounts.

having an ISP email address is a barrier to changing your ISP
It has been a regular occurrence over the past year.

Some get through my spam blocks. Over 90% do not.

The ones that do get through, do so because the sender’s email address is known to my systems. Having done business with them previously their address details are legitimate, even if the email content is clearly not, and so clear the spam filters.

telecom-xtra-yahooThat XtraYahoo spam is getting through indicates a serious issue for both Telecom and their email service provider, Yahoo.

This is not the first time that Telecom customer’s email accounts have been compromised. Hundreds of thousands of accounts were reported hacked in February 2013 but it seems that the issue had been going on for some time before that.

At the time, Telecom advised that the Yahoo vulnerability had been fixed and that affected users should change their passwords. Whilst it appears that at least some users who did change passwords have subsequently had repeat issues, it is not clear whether the email servers have again been hacked or whether downloaded address books are used in spoofing attacks.

To say that spam emails are common is a serious understatement.

Kaspersky Labs, developers of internet security products, published their latest spam data last month. They note the proportion of spam in November 2013 amounted to 72.5% of total email traffic, almost 10 percentage points higher in a year. China is the biggest source of spam emails with the US in second place, itself accounting for nearly 20% of global spam messages.

Many online articles covering spam, point the finger of responsibility at users.

What can we, as users, actually do to reduce the volume of email spam? Not a lot. Yes we can and should avoid indiscriminately putting our email address about. Yes we can ensure that firewalls are in use and that our email client has up-to-date spam filtering enabled. And yes we can and should regularly change passwords on our ISP’s email account. But such measures have not prevented the Telecom Xtra email accounts from being hacked and spam generated.

This particular spam issue is one for Telecom and Yahoo to sort out. There are many things they could do.

One thing they have not done, is to advise users to do one thing that will stop this source of spam: to have a non-ISP email address. That is, to replace me@xtra.co.nz addresses with me@myname.com.

Free email services like Google Mail (myname@gmail.com) work well, have excellent spam filtering and, as far as I know, have not yet been hacked. It is in those providers best interests to ensure that spam is dealt to before it gets to our inbox.

There are two other good reasons to have your own, or company, name as your email address.

First, having an ISP email address is a barrier to changing your ISP. Many of us have a lot invested in our email address and changing it is not so easy. Which means that many will avoid changing ISP just because of that investment in the ISP-based email address.

Second is about professionalism – it is less than professional to run a business under a brand name but use a generic email address.

In terms of minimising the opportunity for spammers, I also have addresses like paypal@myname.com, workflowy@myname.com or feedly@myname.com. These addresses are usernames for sites that are subscribed to and enable me to track and deal to, the source of any spam that spoofs my name.

The trick with ISP-based email addresses, is to redirect emails from that address to a gmail (or what ever) account to take advantage of the superior spam filtering. QED. Need help in setting this up? Call John now on 021 46 36 86.