spam

Fighting against the spam invasion

You've got mail... sort of.

Unsolicited Commercial Email (UCE) or spam, as it is commonly called is becoming an expensive waste of our lives. My 7 year old does not need an inexpensive source for Viagra or a way to consolidate all his debt! But the ads keep coming, wasting countless thousands of hours for corporations, government workers, educators, and individual email users regardless of age, nationality, or gender.

Imagine… you are taking a group of children on an outing to a nearby park. Along the way, some older kids are goofing around and begin throwing rocks at you and your kids. How do you go after them?

If you could whip out your magic cell phone and identify each of the troublemakers, with name, address, and phone number for parents, school administrator, and supervisor at work, you’d be able to bring quite a bit of pressure on each of them to knock it off.

Rewind to the pile of spam you received in your mailbox last week. If you could figure out where it came from, and who is trying to profit by sending you all the unwanted ads, you might be able to bring enough pressure on them to remove your name from their database of chumps.

Let me stop here for a moment and say that there is “anti-spam” software that many Internet Service Providers (ISPs) install on their mail servers to block unsolicited commercial email before it gets to your box. The problem is that sometimes it removes good mail, and you never find out… until your Aunt calls you to ask why you never came to the reunion.

There are ways to combat spam without using spam filtering software. Here are a few strategies. You can get really carried away, as you’ll see after item 3:

1 - Install spam filtering anti-virus software on your PC

I run Trend Micro's PC Cillin product which comes with a spam filter for my inbox. This doesn't work for my mailbox if I use something like MSN or Comcast webmail. But it works great if I use a POP3 mail client like Outlook Express or Outlook.

The way it works is that every piece of mail passes through the antivirus software's spam filter before getting dropped in my local Inbox. If it matches the spam filter's criteria, then the word "SPAM:" is affixed to the front to let me know this is probably spam.

Next, I created a mail rule (use help in your mail client if you don't know how to create rules) that looks for "SPAM:" in the subject line. If it's there, the rule directs the message to a Junk Mail folder I created (use help in your mail client if you don't know how to make a new folder).

Once a day, I scan through the Junk Mail folder to make sure something I really care about didn't get filtered by the antivirus software. If it did, I go into the email section of the AV software and add that name, or the whole domain to the "Safe Senders" list. If it's all junk, then I hit CTRL-A to select all, and then Delete.

It's a lot easier than picking the junk mail one by one out of my Inbox.

2 - Protect your primary email address
Open a mailbox for public identification (registrations on websites). Consider it your spam mail box and go in to clean out the garbage every week or so. If you get mail there you care about, forward it to your private (real) mailbox. Hotmail and Yahoo both offer free email accounts. (When you register there, you will need to give them your real email address, as they will want to be able to contact you.

Never use your private (real) mailbox to register for services on the web, or on warranty registration cards. Unless you know the organization and trust that they will not sell, rent, or divulge your email address, only give out your public (spam) mail address.
If you have a website, and want people to be able to send to your email address, you are opening yourself up. The spammers have software that scours web pages looking for valid email addresses. It used to be that you could use a "mail-to" link, such as – Email to: Jon Richardson – and embed a link to your address behind the name, to made it more difficult to harvest valid addresses. But spamming tools have evolved. It will make things a little more difficult for this software to collect your mail address. To safeguard you and your co-workers, you should look into address hiding software, such as that listed on the spam.abuse.net website. If an employer posts an open web page with the email addresses for all staff in plain text (addresses all spelled out), it will be very easy for spammers to populate their databases and begin spamming everyone on staff.

If you've "really had it" and want to get serious about combating spam, read on.


3 - It’s too late baby… they’ve got me on their lists in China, Turkey, and Orlando!

Remember the teenagers, the rocks, and the magic cell phone? You can track these spammers down and make their efforts to spam you more expensive. They have to have an ISP of their own, and they have to agree to abide by that ISP's terms and conditions, which usually includes not using the ISP's network to send out spam.
Tracking and Complaining: When I get spam in my real mailbox, I hold two things in mind: “the ISPs are not at fault” and “all I want is my name removed from all mass mailing lists.”
Message header: depending on your mail client, you may or may not see the actual message header by default. It shows you the path the message took to get to your mailbox. This leads you to who sent out the spam in the first place. Check out the UXN site to learn more about interpreting the message header.

Websites advertised: these are the people who hope to profit by sending out the spam. This is the magic cell phone part where you put on your Sherlock Holmes hat and go after the teenagers with the rocks. The UXN site can help you here too!
Use “Traceroute”: Once you know what mail server the spam came from and what web server they are advertising, you can figure out who the ISPs are that provide service to the spammers. A simple tool to use on a Windows platform computer is a DOS command called “tracert” To run this command, you open a DOS window, and type
tracert computername (there is a space after tracert)

computername could be the IP address of the mail server or the webserver’s URL name

Traceroute shows you the path to get from your computer to the spammer’s mail server or webserver, whichever you entered. Usually, the last entry just before the end is the address that belongs to the spammer’s ISP. (You have an entry in the magic cell phone). Do this over for the other addresses you have.

Back on the UXN spam tracking page, when you entered the IP address for the mail server that sent the spam to your ISP, you got an “IP WHOIS” report. Copy this information in your spam complaint letter. Send email to the address identified as the administrator for that server. Repeat this step for the other contacts you dug up.

Compose your SPAM COMPLAINT and send it on its merry way. Following is an example of a spam complaint notice that I reuse every time I get spammed:

“You are receiving this spam complaint because the original UCE message either originated from, passed through, or is associated with an email/web account on your network. Remove me from all mass mailing lists. Enforce whatever acceptable use policies you have in place and stop this spammer from sending messages to my mailbox.

Thanks for your help.”

You may not have asked for the assignment, but you're now "Fighting against the spam invaders."

Limiting Spam (Tips) from the NY Attorney General's Office

Keep in mind: The ISP’s are not the problem.

Author's note: A lot has changed since I wrote the original version of this article in 2002. There are other methods used now (such as): enslaving home PCs and turning them into de facto spam servers (zombies) without the legitimate owner's knowledge. And you thought your computer was just getting old! You can still use method 3 if you feel so inclined, or enlisted.