Spam What is Spam? While the legal definition may vary from state to state, country to country and even person to person, spam is junk or unsolicited e-mail. Junk e-mail, or spam, comes in a couple of different 'flavours' including unsolicited bulk e-mail (UBE spam) and unsolicited commercial e-mail (UCE spam) although the concept behind the two terms are essentially the same - that is sending e-mail to multiple recipients who have not requested it nor consented to having their e-mail address(es) included on such a mailing list. Often, spam is used to advertise (or spamvertise) services or goods of dubious, or even illegal, nature such as make money fast (MMF) schemes, multi-level marketing (MLM) or pyramid schemes, pornography, etc. How do spammers get e-mail addresses? Spammers use a variety of methods to obtain e-mail addresses but one of the most popular is to use a spambot or spider. Spambots or spiders are specialized programs that search websites, forums or newsgroups for e-mail addresses. Probably the easiest finds are via personal websites where owners list their e-mail addresses by creating hyperlinks so people can easily e-mail them or put up guestbooks that show the e-mail addresses of those who post to them. Scanning people's AIM/AOL, ICQ, mIRC and other profiles is another good source of information and addresses for spammers. Many people think nothing of posting not only their e-mail address but other real personal data such as their real name or telephone number to such profiles. Often, spammers receive e-mail addresses directly from the future recipients of their junk. When filling out forms on various websites people usually use their real e-mail address. Unless the site is very well known and you are familiar with their privacy policy you are playing a game of roulette anytime you post your personal e-mail address to the web. Also make sure when you complete a form on a website that you are not requesting further contact via a selected or checked "Send Info" box. And lastly, spammers sell lists of e-mail addresses to one another. So once your address becomes 'known' to one spammer the problem can quickly escalate beyond your wildest imaginings. Resources CAUCE Coalition Against Unsolicited Commercial Email Email 911 news.admin.net-abuse.email Spam Laws SpamCon Foundation Law Center SpamCop FAQ: Parsing And Reporting Spam The SPAM-L FAQ (includes sections on how to track/trace and block spam - not for novices) StopSpam Spam Preventing Spam There are quite a few things you can do to prevent or reduce your personal e-mail address from being spidered or collected. If you post messages to bulletin boards or forums either don't publicly post your e-mail address or use a throwaway address. A throwaway address is just what it sounds like - an address that you use for a while then discard. Such addresses are usually free web-based accounts via sites such as bigfoot.com, hotmail.com, yahoo.com, etc. If your regular e-mail address is [email protected] don't go out and set up an [email protected] for a throwaway account. Doing so makes it far too easy to determine your REAL e-mail address. And don't get too 'attached' to such throaway addresses - the intention is to use them until you begin receiving spam and then get a new one. Posting to newsgroups can be done via the web or via your ISP using a newsreader such as Outlook Express or other software. If you will be posting to newsgroups via the web use a throwaway e-mail address as indicated above. If you will be posting to newsgroups via a newsreader another option available is to edit your newsreader configuration so that our e-mail address is incorrect. Instead of your Reply-To address being your regular e-mail address, set it up to point to your throwaway address. Or you can 'munge' your Reply-To address so that instead of showing your real address as [email protected] it shows it as [email protected] or even [email protected]. About signatures..... Either remove your real e-mail address from your signatures or munge them in such a way that spambots or spiders won't readily detect them as valid addresses. For instance, instead of your signature file containing your address in the usual format, edit it to look something like 123(at)abc.net or even 123(at)abc(dot)net. Doing so means a little more work for someone who wants to send you an e-mail but it also means that a spider or spambot won't detect it as a valid address. If you have a webpage or website, don't post your real e-mail address anywhere on it. Some alternatives are to munge the address as shown above, post a throwaway address, use a bit of javascript magic to 'hide' your address, or use a form. Of these methods the javascript or the form are the most difficult to implement but they also provide you with the most security . How can I stop the spam once it starts? Prevention really is the best cure but the first thing to do is to ensure that what you are receiving really is spam. Often our children or spouses will subscribe to a mailing list without telling us or we will complete a web form and forget to uncheck the "Send Info" box. Most forms have one or more of these boxes selected by default. In such cases you are not being spammed but merely receiving mail that you have requested - however unknowingly - and you can safely follow the instructions provided to unsubscribe yourself from the list. Occasionally you may receive e-mails from someone you only met once or corresponded with briefly and have since forgotten. Again, these do not generally constitute spam. Some things to look for in determining if you have received spam: Multiple "Received:" lines in the message header Promotes a webpage on another site Directs replies to an e-mail address in another domain or on another system Now that you're certain you have received unsolicited bulk or commercial e-mail (Spam) the first thing is NOT to reply to the message or use any 'removal' addresses contained in the message. Replying to such messages or using their removal addresses is usually an exercise in futility because even if the removal address is a valid, live address (often it isn't) you are simply verifying your address is a valid one and almost ensuring that you will be spammed again. Also, do not make the mistake of assuming that any e-mail addresses contained in such e-mails, especially the reply address, is a valid one. If you're not unduly offended by the messages you can simply delete them manually or create a inbound filter that will automatically delete them. Outlook, Outlook Express, Eudora and most other current e-mail client software can be configured to perform filtering on incoming e-mails based on whatever criteria you provide. There are also many add-on utilities for a variety of e-mail softwares that will perform the same function. You will need to familiarize yourself with your e-mail software to learn how to configure filters or rules. To learn more, try using the Help command and reading the online manual or help files for your particular software and/or visit the support website. Filtering spam is not difficult but you will need to keep an eye on things and browse your deleted items folder in your e-mail software periodically to ensure that valid e-mails are not being deleted. Much better is to simply create a JunkMail directory and have filtered e-mail placed there instead of automatically deleting it. You can filter e-mail by the sender's address (these change often), the subject line (these too change) or a number of other criteria. Be careful not to implement a filter on an entire domain (such as *.cn, *.com, *.net, etc) because doing so could prevent you from receiving desired e-mail. One of the best allies in the fight against spam is your own ISP. Each one has its own policies and services but most provide support and resources to assist you. If your ISP has a search command on their website try searching for the word spam to see what information is available. If there is not search command on their website or you can't find any mention of the word spam, e-mail or call them and ask! I can't tell you how many times we've received e-mails from desperate people who are being relentlessly spammed only to go to their ISP's website and locate all of the spam info for them and refer them back to their own ISP for assistance. In most cases, your own ISP should be your first contact and will be the best source of information in terms of what options are open to you and how to properly report occurrences of spam to them to maximize their ability to put a stop to it. Many ISPs have the ability to filter spam at the server level before you ever see it. Ask your ISP if they provide this service, if it's free or costs extra, and/or if it is user configureable. Fighting back by tracing where the spam originates and complaining to their ISP is a viable option for some people but is beyond the current scope of this document. Read Our Software Solutions             CyberAngels © 2005