Managing and dealing with spam

This was a message posted on the thelist, a mailing list devoted to web development and run by evolt.org

Hey all —

Gotta love the internet at times.   Someone threatened to sign me up for about a bazillion SPAM e-mails … and lo and behold, their spam terrorist attacks have now worked … I am getting roughly 60-70 SPAM e-mails per day and am spending all my time deleting those little buggers.

My questions:   (1) Is there any way to remove myself from any of these lists rather than one at a time?   and (2) At first I just let sleeping dogs lie … after several days of this I’m just royally IRKED … is there a way to sign THIS person up for some spam?

(PS. Don’t bother writing nasty mails to me or the list telling me this is “wrong” … you try having your mailbox overflow with garbage every singe hour of the day … I’m angry.)   If you’d rather not send this information publically, contact me privately.

I found this very interesting as I’ve been dealing with spam for many years. So I took the time to write a long reply. Here’s what I wrote (quoted text is indented):

My questions:   (1) Is there any way to remove myself from any of these lists rather than one at a time?   and (2) At first I just let sleeping dogs lie … after several days of this I’m just royally IRKED … is there a way to sign THIS person up for some spam?

Tch,tch. They don’t call it spam for nothing. It usually means that they’re not interested in the “honourable” way of doing things like subscribing you only when you “opt-in”.

RULE no. 1 of managing spam
Asking them to remove you or following their “unsubscribe” instructions is the worst thing you can do. This merely confirms that your email address is “live” and you will then be bombarded with even more spam. Instead, contact the ISP whose mail server it has come through and ask them to take some action (the [email protected] address is usually the one to use if you can’t find it on their site). Never resond directly to spam.

RULE no. 2
Expect that the “From:” email address will be bogus or worse, belong to some innocent user. It’s trivial to forge “From:” headers. By retaliating, you might be punishing Joe User who possibly had nothing to do with it. For example, I get spam from ZDNet India that comes from an email address that bounces mail. 

RULE no. 3
You can never totally rid yourself of spam unless you never sign up for an email account. Even if you don’t tell *anyone* your email address, spammers might run a automated mailing attack where they try millions of combinations of email addresses at yourhost.com (that’s why Hotmail and Yahoo accounts get so much spam. There’s a good chance that any username exists on those services)

(I’m sure there are more rules, but I consider these the most important 🙂

(PS. Don’t bother writing nasty mails to me or the list telling me this is “wrong” … you try having your mailbox overflow with garbage every singe hour of the day … I’m angry.)   If you’d rather not send this information publically, contact me privately.

Try it? I’ve had much more than that. I’m sure many of the people on this too have had to handle lots of spam. What do you think happens when you put a “[email protected]” link at the bottom of thousands of pages on a popular site? All the bloody spambots crawl and pick it up. 🙁

What kind of spam are you receiving? Is it “regular spam” or simply things like subscriptions to newsletters that don’t have a “double opt-in” process? You recognise regular spam by subjects like these:

1) credit card processing for your site!
2) You can be a millionaire NOW!
3) Add inches to your penis
4) Get cheap home loans
5) This scheme really works!!!!!!!!!!
6) University diplomas
7) Find Information About Anyone
8) Grow Younger 20 Years
9) Hot XXX pictures!!!!!!!!!!!!!!!!!!!!!!!!!!! (yeah, they usually have that many exclamation marks 😉
10) LOSE WEIGHT WHILE YOU SLEEP
(and several variants of the above)

And lastly, the surest way of telling “regular” spam is if there’s a footer or header vehemently denying that the mail is not spam (e.g., “THIS MAIL IS NOT SPAM!!!!”). And they sometimes also point to the “US Unsolicited Electronic Mail Act of 2000, which states that mail cannot be considered spam if it contains contact/removal information, which this mail does.” and points you usually to this URL: http://spamlaws.com/federal/hr3113a.html

(The Act was never enacted, so it’s all bullshit)

I’m sure most people on thelist get crap like this regularly. Not much you can do there but complain to the ISP(s) involved. If it looks like a real content newsletter from a credible site, it may be worth trying to unsubscribe from their mailing list.

What can you do about filtering spam? Here are some ideas:

1) If you’re using a Hotmail, Yahoo, etc. account, they usually have a “spam filter” feature. Activate this from your account preferences screen.

2) If you’ve got a regular POP account, see if you can configure your mail client to flag messages that are not directly addressed to you. Outlook 2000 can do this, I’m sure. You can then delete stuff that’s spam (Caveat: messages from mailing lists like this one will also get caught in the filter). If you want more help on using filters with your email client to stop spam, check out this article: http://www.pcworld.com/howto/article/0,aid,47324,00.asp

3) Consider using a program like MailWasher that lets you filter the mail before downloading it, saving bandwidth. Mailwasher lets you check the headers of a message, delete them directly from the server if it’s spam, and even bounce messages. You can download it at: http://home.xtra.co.nz/hosts/nickbolton/download/mailwasher.exe

4) Keep a spare account Yahoo/Hotmail/[any web mail] for giving out to people you don’t know well, subscribing to newsletters, or registering with sites. Despite their privacy policies, some sites *do* rent out your personal information. Give your “secure” address only to a few trusted friends and colleagues. This also lets you deal with important mail first before reading all the newsletters and e-zines in your other account.

5) Avoid putting your email address on your web site (if any) in a form that spambots can harvest. Create a contact form and use a server-side script to handle the emailing. If you *have* to put your email address on a site, put it as “you at example dot com” (people can read this but bots can’t) or hyperlink to “mailto:you%40example.com” (spambots won’t find it but your email client will handle it fine).

6) Check out the Google directory on spam at: http://directory.google.com/Top/Computers/Internet/Abuse/Spam/ for tons of resources on the topic.

Hope that helps.

Madhu

Since writing that mail, someone pointed me to an absolutely wonderful service called SneakMail that provides you with disposable email addresses. For example, you can use something like [email protected] to subscribe to a newsletter that you think might spam you. If that indeed happens, you simply discard that address and create a new one. Outstanding idea! I’m going to use it – a lot.