Figure 1 shows the message that the user sees in Outlook when Exchange delivers the drop file that Listing 2 shows. I used a known sender in the From field to make sure recipients open the message. The embedded beacon URL (which you can see at callout D in Listing 2) creates a connection to an IIS server, activating the spdemo.asp script, which Listing 3, page 4, shows.
Spdemo.asp reads the user's email address information from parameters embedded in the URL, generates an email message, then makes an SMTP connection to an Exchange server to deliver 10 copies of this message to the user's mailbox, as Web Figure 2 shows.
The messages contain a timestamp specifying when the recipient opened the original spam demo, as well as an explanation of the demo. The timestamp helps reinforce to users that the 10 messages were generated as a direct response to their actions—perhaps helping them understand the consequences of opening real spam.
Setting Up Your Own Beacon Demo
Creating a similar demo for your users is simple. You first need to write a script that the beacon will trigger, then place the script on a Web server. You can use the script that Listing 3 shows, with only slight modification. This script uses Windows 2000's Collaboration Data Objects (CDO) functions to send an HTML message. (For more information about using CDO to generate email messages, refer to "How to Send Rich Email Messages," March 2003, http://www.exchangeadmin.com, InstantDoc ID 37538.)
Edit the code at callout A in Listing 3 by replacing server.domain.com with the name of the SMTP server that supports your users' mailboxes. After you've edited the script, create a directory named "demo" below \InetPub\wwwroot on an IIS 5.0 or later Web server. Using Internet Services Manager (ISM), set the permissions on the demo directory to allow script execution. To do so, open ISM, right-click the demo directory, and select Properties. On the Directory tab, click the Execute Permissions drop-down list, select Scripts only, then click OK.
Next, you need to generate a drop file for each user to whom you want to send the demo. You can use the drop file that Listing 2 shows as a template. To personalize the drop file, you need to modify the seven items that Table 1 lists. (Table 1 references the code at callouts A, B, C, and D in Listing 2.) If you have many users, you can create a script to make the modifications.
Is That Spam?
The focus of the spam demo is to impress upon users that opening spam isn't a good idea. But identifying spam isn't always easy. Most spam messages have subject lines such as "The last flashlight you'll ever buy!" or "I'm spending $93 800 00 to get YOU a $$$$$ CHECK." But some subject lines offer few clues about whether a message is spam. For example, I recently received the messages that Figure 2 shows. I couldn't definitively discern from the senders and subject lines whether these messages were spam.
Fortunately, Outlook provides a way to see where the message originated without opening the message. By right-clicking the message and selecting Options from the context menu, you can view the message's SMTP header. The header contains the sender's SMTP address and information about the originating SMTP system. Figure 3 shows the headers for the "GET IT: News you can use for April" message; you can see that the message was sent from an @hp.com address. However, the sender's address can be forged easily, so you need to examine other information in the header, such as the originating server, to completely validate a message's origin. Although the senders and subject lines read like other spam I've received, it turns out these messages are all legitimate business communications sent from internal Hewlett-Packard (HP) addresses and systems. If I had deleted them as spam, I would have missed important information. So too, users need to take the extra step to validate questionable messages before opening them to avoid activating a spam beacon.
Stopping Spam
Perhaps in the future, the world's legal systems will devise solutions to stop spam so that we don't waste valuable time wading through unwanted junk mail. Technology (such as Outlook 2003's Junk Mail feature) can only slow down spam, not stop it; spammers quickly find ways around what technology blocks. Each email recipient must be part of the solution by knowing how to identify and delete spam before opening it.