Anti-Spam Picture

Don't you just love getting spam mail? You log into the Internet and you have 20 messages! Boy, you are really popular, everyone wants to send you e-mail. However, after you start sorting through the e-mail you just received, you notice that only 3 of the e-mails are from friends or relatives. The rest are all from people wanting to sell you something or have you go visit their XXX rated web page. Just exactly how do they get your e-mail address?

Well, there are several ways that they can get it and I'll list several methods for you.

E-mail lists: Boy, you just received this great joke in the e-mail today and you want to send it to all of your friends and relatives. So you blithely "forward" the email to everyone in your contact list and mail it "To" them. They in turn send the same joke out to all of their friends! Before you know it that joke has travelled far and wide. What is the harm in this you may ask. Well, have you ever noticed all of those e-mail addresses that are quoted in that joke? Hundreds of private e-mail addresses are gathered this way. Even spammers have friends who forward them jokes. They gleefully harvest your e-mail address out of the e-mail and put you on their mailing list and then proceed to send you junk/spam e-mail.

How do you avoid this type of address harvesting you may ask? Well, it is quite simple but it takes teamwork from EVERYONE involved. Instead of "Forwarding" the e-mail, either edit it as "New" or "Compose" a "New" e-mail. Strip everyones e-mail address out of the letter, remove the > (quote) mark. Now when you get ready to send the "new" e-mail, instead of sending it "To", send it as "BCC" instead. BCC stands for Blind Carbon Copy. A BCC means that whomever receives the e-mail does NOT see everyone elses e-mail address. It appears that the e-mail was sent to them personally and no one else ever saw the e-mail. If everyone whomever forwards e-mail would do this, it would go a LONG ways in cutting down on spammers harvesting email addresses. Those of you who receive jokes and letters from me will have noticed that starting about 2 months ago, you no longer see everyones e-mail addresses in the e-mail. Even if I send the e-mail to one of my lists, you will only see "your" e-mail address and no one elses. Please clean up all e-mail that you are going to forward.

Another item to watch is to make sure that your browser (Microsoft Internet Explorer, Netscape, Mozilla etc) isn't handing your e-mail address out to any web site that asks for it. One way a web site asks for your e-mail address is they code their web pages to send you their pictures via ftp instead of http. When a picture is sent via this method, it uses a process called anonymous ftp. The user name that your browser sends is "anonymous" but when the web site asks for a password, your browser defaults to sending your e-mail address as your password. Voila, the spammer now knows what your e-mail address is. Look through your preferences/options in your browser and insert a fake e-mail address in that section if you can. If your browser doesn't allow you to change the anonymous ftp email address, consider getting another browser.

Another method that spammers use is getting into newsgroups and running a program that goes through and searches for all e-mail addresses and processes them into a database. They do the same thing for mailing lists. Consider using a throwaway e-mail address if you are going to post on newsgroups or into a mailing list.

One of the most nefarious ways they get your e-mail address is via cookies. You log into an innocent looking web site and that site will send your browser cookies. Turn off cookies if you can. You will need to turn them on occasionally if you are shopping on the Internet, but other than that, there is no reason in the world to have them turned on. There are several methods of gaining information from your browser through the use of cookies.

The spammers verify your email address by several methods. One of the most common is that they will send you an email in html format that loads images. They add a few extra pieces of code so that the referrer information for that server contains your email address. This way they can verify that a person actually read the email and that your email address is valid.  Just by opening up the email you have done half their work for them.  If an email address never shows up in their log files, then they remove it from future mailings. This way they can keep an up to date database of valid email addresses. I've been wondering what would happen if I slightly polluted their database by editing the html in the email that they send me. I could change my email address to something a bit more interesting, say, like their ISP's abuse email address, the Federal Trade Commission, White House, Secret Service, FBI and maybe a few more interesting email addresses I have. I'm sure that those groups would LOVE to be on that spammers mailing list. Who knows, they may even pay them a visit...

I have touched on only a few of the methods that spammers use to gather e-mail addresses. I'm sure that there are a lot more ways that I am not aware of but if we all follow the above rules, we will go a long ways in hiding our e-mail addresses from the nefarious bastards.

For those of you who are interested in knowing how to trace where the spam email comes from and who to send complaints to about spam mail, here are a few guidelines.
  1. Never respond to their email's, more than likely the return address has been faked and will just bounce.
  2. If the email doesn't bounce and they actually receive it, you have just verified your email address for them.
  3. Before reading or opening any spam mail tell your browser to go into "offline" mode. If you don't know how to do this, check your browser documentation. Both Microsoft Internet Explorer, Netscape Navigator and Mozilla have this feature. Just remember to turn it back to online mode after you delete the spam mail or you won't be able to browse web pages or receive email.
  4. NEVER, EVER click on the "Unsubscribe" link they put in those spam mails. I would venture to say that 90%, if not more, of those links are not used to "Unsubscribe" you. Instead, they are used to verify that your email address is valid so that they can send you more spam mail.
  5. If you MUST read spam mail, don't forward it to your friends, I'm sure that they don't want to be put on the spammers mailing list.
  6. If a spam mail asks for email referrals, DON'T DO IT! All they are doing is harvesting more email addresses to send more spam mail to.
I bet your next question is going to be: "How do I get off of spam mailing lists?"

Well, it's not easy and is a very time consuming task. The bad thing is, you will never, ever get off of 100% of their mailing lists. All you can hope to do is to get it down to a dull roar. It takes between 1 to 5 minutes to track down where each spam mail came from and complain to the proper authorities. This doesn't guarantee that you will be removed from their mailing list but will notify their ISP's that they have a spammer on their system. Sometimes the mail server that is sending you the spam has been hijacked by the spammers. They are an innocent third party who has no idea they are sending spam. The way this happens is that when they configured their mail server they didn't turn the email relay feature off. This could be an oversight on their part or they thought it was a "plug and go" mail server.

Ok, I can hear a few of you saying "Tell me how to trace this spam mail, I want to complain to someone about this bastard!"

Tracing spam mail is not for the faint hearted and requires you to have a few Internet utilities on your computer. Most operating systems come with the following programs.

Windows & Unix: ping
Unix and NT: traceroute
Windows 95/98: tracert
Unix: whois
Unix: fwhois

Alas, the only operating system with enough built in utilities to actually trace spam is unix. Microsoft did not supply all of the needed tools. But don't despair! There are utilities available for Windows! The utility that I recommend for Windows is called NetLab95.zip . It gives you most of the utilities that you get from unix.


Click here to go back to our home page.