by Tom Snyder on Nov 30, -0001


While I was meeting with one of our clients recently, the question came up about unsolicited emails. It turns out that one of their employees had been visiting a Web site of questionable moral content on the company’s computer, and while they were there, the site grabbed the company’s email address and had begun to send unsolicited bulk emails (known in the vernacular as “Spam”) as a result. At first the emails were just a weekly inconvenience because they were coming form the owner of the site that originally captured the email address. However, as time went on, they started receiving emails from other similar sites. Now they’ve begun to receive emails from every get-rich-quick, accept-credit-cards and XXX site on the Web.

And they just want it to stop.

I felt badly because the answer they wanted was not the answer I could give them. Not only can they not stop it, but it will continue to get worse.

I know from personal experience. On an average day, I receive over 150 emails. Of those, 30-40 are unsolicited emails. If you’re already inundated with Spam, it may be too late to reduce the number you get (short of changing your email address), but there are some things that you can do to prevent it from growing, and even a few things that you can do to strike back at the Spamming creeps.

How it starts

People who make sending Spam an integral part of their promotional strategy have several ways of mining email addresses.

There are programs you can buy that will search through Usenet groups for email addresses, parse them out of the posted messages, download them and add them to an email list. Spam-marketers like these because they can get a well-targeted list of addresses. If you own an auction Web site, you can go to the Usenets for antiques, collectibles, electronics, etc., and find the email addresses of people who are specifically interested in the things that typically get auctioned.

A sophisticated Web site knows how to look on your hard drive and find your email address. Unscrupulous Web site owners use that programming to capture the email address of everyone who visits their site. They can then use those email addresses to send out promotional emails for other sites they own, or they can make money with them by selling their lists to companies that buy them. That’s how your name ends up getting on so many different email lists.

Finally, you may be giving them your email address. When you go to site and fill out a form that asks for your email address, you potentially put yourself on every email list on the planet.

An Ounce of Prevention

If you’ve been to the Usenets, you may have seen email addresses in the postings that look strange… addresses like joenospamsmith@aol.com, or tsnyder@websightihatespamsolutions.com. Elsewhere in the posting, you may see the instructions: “If you want to reply to this post, remove the ‘nospam’ from my address.” By changing the return address in your email or Usenet reader before you post any messages, you’ll prevent your email address from being mined by Spammers.

Web sites that gather information about you by reading or actually creating a file on your computer can be detected by turning on “cookie” notification on your browser. You can have your browser notify you with a pop-up window and allow you to refuse such a process from happening. In Netscape, go to Edit, Preferences, Advanced, and check the box labeled “Notify me before accepting any cookies.” You’ll want to leave the accept all cookies box checked so that you can use Shopping Cart sites and Subscription content sites that use cookies to identify you for legitimate purposes. Internet Explorer also has adjustable security preferences (Tools, Internet Options, Security). You can customize these to refuse cookies, too.

After you’ve set your preferences to notify you when a site is trying to place a cookie, you’ll get pop-up notification windows when it happens. You’ll be amazed at the number of sites you go to that send cookies. Many have legitimate pruposes. But If you’re at a site that you’re not familiar with and the cookie notification window pops up, and there is no legitimate reason for there to be a cookie, tell it to refuse the cookie.

If you go to a site that asks for your email address, make sure to read their privacy policy. If they don’t have one, or if they admit that they may sell your email address to a third party, simply don’t put your email address in the box. If they require it, and you think it may be abused, just don’t fill in the form.

A Word About Replying to be Removed

Many Spams contain what looks like a removal option. By replying with the word Remove in the subject line, you are told you’ll be removed from their list. Watch out for this. Spammers have only one accurate way of gauging whether their emails are being received and read. That’s by getting a return email from someone that got it. By trying to remove yourself, you may actually qualify yourself as a person with an active email address who actually reads Spam instead of just deleting them. Reply to these and you may find your Spam quotient going up exponentially.

What to do

Many email readers have filters built in. You can designate to automatically send to the trash bin any emails with certain words in the subject line (MLM, XXX, or any phrase that you see over and over in Spam you receive). Be careful here as you may get a legitimate email from friend or client with a keyword that qualifies it as Spam. I used to put “$” as a Spam filter, until I started finding that some of my quote requests and orders were going into the trash bin!

There are also commercially available spam blocking software programs available (go to http://www.zdnet.com/downloads/, and type in spam block in the search box)

How About a Little Revenge?

In just a little more than the time it takes hit “delete,” you can hit “forward” and potentially shut down a Spammer. When you receive a Spam, check the return address, and forward that Spam to the address that that ISP has set up to report Spam (always abuse@thedomainname.com). If the email comes from spamking@execpc.com, forward the email to abuse@execpc.com. Also check to see if the email contains a link to a Web site. If they do, forward that email to “abuse” at the domain name of the Web site. Most ISP’s have an acceptable use policy that will allow them to close down the email account. You don’t need to add anything else to the email, just forward the whole thing. The ISP will know what to do about it, and if they can track it to a customer of theirs, it will mean shutting down that person’s account and Web site.

Spammers have engaged in a cat and mouse game that has made it increasingly more difficult to find the originating ISP by using a fake email address, so many of the Spam reports you send to ISP abuse departments will be returned with a message telling you that the email address was fake. But at least you gave it a shot. Even the domain names of Web sites linked to within a Spam will occasionally be masked by being replaced with a number. For instance, a recent Spam I received had a link to http://216.33.20.4/wv/freestuff5 . By removing the stuff after the first “/”, and going to http://216.33.20.4/, you’d see that the site is hosted at Angelfire, an ISP that hosts Web pages. Forwarding this Spam to abuse@angelfire.com got this Spammer’s email account and Web site shut down within a few hours.

You may also want to do do a Whois to find out who that ISP’s ISP is, and forward the Spam to them, too. By going to http://www.websightsolutions.com/domain.html and entering a domain name, you can see who is the name server. For instance, if your domain name is hosted by Websight Solutions, you can enter your own domain name in that box and when you ask to display all the owner information, at the very end, you’ll see websightsolutions.com and phoenixnet.net as the name servers. Go ahead and forward the Spam to the abuse department at any name server you can see in the offending domain name’s Whois record. It only takes a second to add another address to your “to” field.

Occasionally, you’ll find a Spam search that will result in no information about an upline ISP. If you have some time on your hands, really HATE Spam, and want to engage in the thrill of the hunt, you can run a traceroute, to physically show you every ISP that goes between you and the Spammer’s domain. Find the ISP just before the Spammer’s domain and forward the Spam to abuse at that domain name. A good traceroute tool is NeoTrace (http://www.neoworx.com/neotrace/download.asp). Probably more hassle and higher learning curve than it’s worth, but using this technique, I actually shut down an entire ISP who used Spam to promote its services. What catharsis!

The Bottom Line

The only way to ultimately stop Spam is to make it as much trouble for the Spammer as it is for the “Spam-ee.” The Internet is about efficiency. By filling your mail box with junk mail you don’t want, Spam is the antithesis of efficiency. Don’t spend too much time trying to stop them, but even a small effort can go a long way to making Spam less attractive. Don’t ever Spam. Do what you can to prevent getting Spammed. Don’t do business with Spammers. Do everything within your power to shut down Spammers.

Each of us who has their time wasted by Spammers thanks you!