- Daddy, why did they name their canned meat after unwanted emails ?
No one is quite sure when the first 'spam' message was sent, some think it was in 1994 when two lawyers hired a programmer to post an advert to every newsgroup on USENET. As the same message was repeated across many newsgroups it got labelled 'spam' after the Monty Python sketch where every meal served in a cafeteria has some degree of spam in it.
Many years later, its more than just a nuisance, its now doing serious financial harm to many people and companies with viruses, spyware and identity stealing programs like key-loggers.
This article describes how you are getting all this unwanted mail, how to reduce the amount and with a bit of planning, how to drop-off the 'spammers' radar all together.
Email address harvesting
- You reap as you sow
Some times it easy to figure out how some companies have acquired your email address, you may have signed-up to one of their mailing lists, but for the most part many of the companies 'spamming' are unknown to you. So how did they get your address ?
The first thing to realise is that wherever you go on the Internet you leave a digital trial. Every website you visit will have your IP address, your ISP (Talk Talk, Sky, BT Internet ...), the date, time and even the web page that you were on before you got there.
The second thing to realise is not all 'web bots' ( small programs that scan the Internet for new web sites ) are working for Google, Bing or Yahoo, quite a few are working for the spammers. Unlike normal 'web bots' these 'spam bots' couldn't give a damn about the content of your website, all they care about are the email links that people use to send you an email from your site. Every email address they find goes into a huge database ready for the next bombardment. They can even guess your email address from your website or ISP, just replace www.your-domain.com with firstname.lastname@example.org, or email@example.com, or even firstname.lastname@example.org,
The third thing to realise is some email programs can be made to report back to the spammers when you read their email thus confirming that your address is active.
The last thing to realise is that once your email address get on that database, it will not come off and will certainly get passed around other databases. When this happens you are at the mercy of the spam filters. The best solution is not to get on it at all.
The backlash against the backlash
- Damned if you do and damned if you don't
Another frightening twist has surfaced in recent times. Companies developing anti-spam and anti-spyware software being sued by those same people sending this stuff out. One man got so frustrated he threatened the employees of a 'spam' company, he now faces 5 years AND a $250,000 fine.
Could your ISP be next battle ground ? Is it possible for an ISP to be coerced into removing a particular 'spammer' of their blacklist ? Hard perhaps but not impossible.
This just re-enforces my previous advice, stay off their radar screens all together. They can't spam you if they don't have your email address.
Non technical ways to avoid 'spam'
- I'm pink, therefore I'm spam
Any half-decent ISP will have spam filters by now so your first layer of defence is make sure it is enabled.
Don't respond to any spam emails, even the ones that offer to remove you from their database ? It just confirms that your address is active, and they will send you even more spam.
Don't respond to chain-letters, it does not take much programming expertise to extract all those email address in one email after it has been 'forwarded' around the Internet hundreds of times.
If you must sign-up to a mailing list use a disposable address like gmail, hotmail, yahoo or if possible, set-up temporary address with your ISP.
Many email programs like Outlook Express will try to display any images by default. Often these images are fetched from a remote server thus confirming your valid email address. Turn this off.
Careful web site design
- The best way to solve problems is by not having them in the first place
If you own a web site you have an interesting problem; how to stay interesting to Google, Yahoo or any other search engine but how to stay totally uninteresting to spam-bots. Here some techniques used by us on all our web sites :-
When you are setting up your mail boxes try to avoid easy-to-guess names like 'info', 'sales' or your first name.
Try to avoid 'catch-all' mail forwarding where email@example.com gets sent to your normal address.
Don't use email links anywhere on your site. By this, I mean things like this Email me here
Use a contact form instead. These can be written in PHP, ASP or Perl with the following specs :-
1. Make sure your email address is not visible in the coding.
2. Make sure the form will only accept postings from its self not from automated scripts on other servers.
Spamming has become a big, no-scruples business, expect the arms race to get nastier and the collateral damage to increase. Hopefully the advice mentioned here will keep you out of the cross-fire for as long as possible.
References and Inspirations
Origin of the term "spam" to mean net abuse