John R. Goodman Consultant/Trainer-Web Security and Exploits Home

The Latest on Email Snooping and the Big Brother Effect

The latest on Email snooping is not only are there people out there trying to monitor your email for criminal reasons, the Big Brother syndrome has kicked in. Now many Internet Service Providers, or ISP's, which provide you access to the Internet and Email capability, are possibly also watching you and me.

First, a brief tutorial:

The mail system in use for Internet or Email uses 2 fundamental elements, which have been around in a form since the beginning of the Internet. One is what is called the POP protocol (language), or Post Office Protocol 3. This is how you receive mail.

The other is SMTP, or Simple Mail Transfer Protocol. This language or protocol is the method we use to send mail to another person. These languages or protocols are implemented by what is known as a Mail Client on your machine. That sounds complicated, so let's make it easier. That Mail Client program is Outlook Express, for an example, or Thunderbird, or Eudora.

The Email Dilemma

To really keep it uncomplicated at this point, let me clearly state it is relatively easy with advanced technical knowledge and capabilities available today either legally, or unlawfully, to monitor Email as well as surfing habits of virtually any individual in the world. The internet, to the average individual, is not a private or secure medium. There are services you can use with the Internet where the Internet is merely the carrier, Voice over internet phones, encrypted email (PGP) and such. The average user may or may not want to try to make an open community like the Internet private enough to satisfy their security concerns.

The Point of this Article

What prompted this brief article is my own ISP blocked my outgoing Email over the traditional outbound access through his servers.

The terminology ISP's use for access from my computer, and Mail Program, to his server and then the world for Internet or mail, is called PORTS. The traditional port to send mail on is 25. The traditional port to receive mail on is 110.

Well, out of the blue my ISP sent me an Email message to his Web mail program (which I never use or check) saying my computer was being used by programs called Zombies that take over a computer through back door tactics and then begin to send bulk emails for whatever reason, advertising and so forth. I had no knowledge or awareness of such activity as I use programs that scan for such frequently and in an ongoing manner. Ultimately, without any discussion, further communication or warning my port 25 (send mail) access was BLOCKED by my ISP. All of a sudden, I could not send mail! I scanned all my machines, found them Zombie and virus free. Question mark here? Incidentally FYI, if your hard drive light is continually flashing, your computer gets deadly slow and you start getting all kinds of weird off the wall inbound mail, you may have one of these email viruses or zombies.

After being blackballed and shut down on sending mail, I made a couple of calls to my ISP, and we worked out sending on the alternate port. They allegedly use this port for rerouting outgoing mail from suspected spammers exploiting the simplicity of the Email system as it stands today, or individuals that have "exhibited abnormal email patterns" on the standard port 25. The ISP's standard answer is "we are not accusing you of the spamming activity, we just see activity that is abnormal for a residential service coming from your computer through our modem and equipment"

Internet forum scuttlebutt has it this port is much more easily monitored by the ISP, as it is a specific reroute used for suspected spammers or others exhibiting the "patterns of mail use" that trigger the port blocker to close port 25 on the ISP end. I certainly do not utilize mail any differently than any average person. I refrain from using email for subscriptions to newsletters and such, send mostly small emails, maybe a picture or letter as an attachment now an then. I just do not see the grounds for this. Incidentally, they will not remove the block on port 25. Apparently I have been tried in the ISP's court, found guilty and sentenced to potential scrutiny as long as I am the ISP's subscriber.

Cautions and Suggestions about Email, PC Maintenance precautions:

First of all, remember, nothing you do on the internet is 100% private, period.
Yes, I know there are secure web pages for online orders and business and they work pretty well. But if the right hacker with the right agenda gets involved, just about no system on the planet is 100% secure.

So with that in mind, pattern your email use within these broad, general guidelines and maintain your PC well against Internet attacks:

Do not use email for very personal matters, very sensitive or personal identity information transmittal. Remember, email is just as available for tampering as a piece of mail flowing through the postal system. Confidential, intellectual property, sensitive financial matters and such should be handled by some format where paper moves with say a Fed X or USPS Express mail. This is probably a lot safer method for sensitive or confidential matters.

Never respond to messages that are allegedly from your bank giving some reason you must immediately send your social security number, user name and password as a response to the bank. That is 99% or more of the time a scam to defraud you. Call your bank or go visit a branch face to face. Take the email with the alleged request for personal info with you and confront the bank. This applies to virtually any or personal information inclding user name, password, mother's maiden name and so forth that may be requested in an email allegedly sent from a credit card bank and/or a regular financial institution such as a bank or credit union. Those emails should be handled just like the bank emails previously described. If a visit to the credit card issuing bank is not practical, pull up the bank's website or pull a recent statement. Get the contact number for the credit card bank off a recent statemen or from the bank's web page. Do not use contact numbers on the email you recieved. it is probably a bogus number. You will probably save yourself and the local bank or credit card issuer or both a lot of misery.

Use of a non-ISP specific web mail service such as gmail (Google) or Yahoo mail may be a better alternative if you are concerned your ISP is tempted to snoop. remember, however, if you don't want the world to possibly read the message you are about to send, get out your typewriter or word processor on your PC and type the letter. Send it via FED X or USPS Express Mail.

Maintain your computer(s) well. Run a good antivirus. Avast and AVG have really good free for personal use products. Buy the pro version, though, of whichever you do buy because they are better if you surf a lot. 2 year subscriptions are like in the $60.00 range for the 2 years. Run a 3rd party firewall (Zone Alarm Pro has been good for years) with spy ware detection and scan capability. You may need help with setting up any 3rd party firewall software, so don't do it unless you are comfortable setting it up. Bad settings can kick you off the Internet or block your print and file sharing. Set up your antivirus to scan daily, set it up for automatic updates and maintain vigilance and awareness of the performance of your PC. If your PC slows down, the hard disk light is flashing constantly for hours at a time, you may have a virus or one of many other internet exploits invading your computer. Seek the help of a PC professional, well versed in Windows and internet security to help you if these problems arise.