Click here for the home page 

The Xenophile Historian





THE HOLY BOOK OF UNIVERSAL TRUTHS,
K. U. P.


(Kimball's Unauthorized Perversion)





Some Tools for Fighting Spam



I'm thinking of removing the urban legends section, because I don't see as many e-mail hoaxes or chain letters as I used to. The urban legends have been replaced by a far worse nuisance--spam.

Here I'm not talking about off-topic messages or chain letters, but unsolicited commercial e-mail (some call it UCE). These are the ads for pornography, get-rich-quick schemes, untested medicines, easy-term loans or credit cards, penny stocks, and anything else that you didn't request, which sounds too good to be true.

Before I go any further, let me make it clear that I'm not against e-commerce. I have paid bills online, and bought things from companies like Amazon, Half.com and Priceline. I'm all for online business if it is done honestly. Few things run in today's world without money, and if it wasn't for the dot-coms, the Internet would still belong to a handful of computer scientists, meaning that the rest of us (including myself) wouldn't be here. The problem is that we've got a new generation of snake oil salesmen looking to make a quick buck, and they don't care who they annoy or swindle in the process. We don't want folks like that giving reputable businessmen a bad name.

Now occasionally I do get an unsolicited ad from a legitimate business, and that's all right. The case I'm thinking of is Slitherine Strategies, a computer game company based in the UK. Early in 2002 Slitherine sent me an e-mail announcing the upcoming release of a game called Legion, which simulates the battles of Roman history. The reason why this was OK is because the e-mail wasn't sent out blindly to millions--somebody had to visit this website and decide from its content that the webmaster was likely to be interested in the product. I was; in fact, I posted the announcement on one of the bulletin boards I frequent, and bought a copy of the game when it became available in my area. Perhaps a better description of spam would be automated commercial e-mail (ACE), rather than UCE.

People send advertisements in e-mail because it is cheaper than ads sent in surface mail or posted in newspapers, magazines, radio and TV. In many cases, it costs them nothing at all, once they've got the hardware and software set up. However, it does cost the Internet Service Provider to deliver them to you, and it wastes your time (and probably money) as well. Think of it this way: if a telemarketer called you collect, would you accept the call? Would you feel good about the brochures, flyers and coupons that show up in your real-world mailbox, if you had to pay for each one? Advertisements by fax were outlawed a few years ago because they drained the paper and toner of the fax machine owners. Likewise, you shouldn't have to pay for an advertising pitch in your e-mail inbox if you didn't give somebody permission to send it.

For this reason, nothing enrages some Internet users more than junk e-mail ads that they didn't want or expect to receive. It's not worth it to get one sale by angering thousands of other users. I have even heard of users ganging up on spammers, bouncing back their mail until they're forced down in a "denial of service" attack. In some places (i.e. Washington State) mass mailings are illegal.

Where does the spam come from? Those who send it out may find your e-mail address posted in a newsgroup/bulletin board, or they might get it from a form filled out for e-commerce purposes, etc. There are also computer programs like the "spiders" used by search engines; called "harvesters," these robots wander around in cyberspace, collecting the e-mail addresses on the webpages they visit. Finally, if you're applying for a password or registering software, you may be asked if you'll accept e-mail from third parties--DO NOT check that box. Legitimate e-mail ads include information on what to do if you don't want to receive mail from them anymore, and it can be stopped by following those instructions.

Unfortunately, a lot of the folks who send out e-mail ads do not play by the rules. Once one spammer gets your e-mail address, the rest of them will have it before long; they make most of their money by selling their address lists to each other. Usually they mask their e-mail addresses with a bogus one, to make it harder for their ISPs (Internet Service Providers) to shut them down. Because of that, I don't trust ads from anybody whose e-mail address ends with the name of a common ISP or e-mail service, such as aol.com, msn.com, yahoo.com, or hotmail.com. If I'm going to buy widgets, I expect the salesman to have an address like mike@widgets.com. Another giveaway is an e-mail address that contains numbers before the "@" sign, especially one that begins with a number. Worst of all are those spammers who try to get past junk mail filters (see barrier #2 below) by filling their letters with ramdomly chosen words, and use subject headings full of gibberish or deliberate spelling errors, like

"=?ISO-8859-1?B?RXZlciB0aGluayBvZiB0cnlpbmcgVihpYWdyYT8=?="
or
"Enl*arge yo`ur. p'e.n,i"s :` to;day .-*^- wikldwbqdevm."

Why anybody would buy a product from somebody who can't spell is beyond me.

Asking them to "unsubscribe" you isn't worth the trouble. In many cases you'll find that your message can't be delivered, because their inbox is already full of unsubscribe requests from others. And if it does get through to the sender, it may encourage them to send you more, because it's a signal that they've got a live address.

I wish I didn't need to say this, but DO NOT buy anything from a spammer. The typical spammer will fire out a million e-mails to get fifteen sales; you can thank those fifteen suckers for the fact that spam exists at all. Don't even click on a link in a spammer's letter, no matter how tempting it is; it can lead to a website where a hacker will install nasty adware or spyware on your computer. Maybe I'll write more about that in the future, now that spyware has become a serious problem.

I've seen a couple of webpages that talked about spam, and the authors tried to find some redeeming quality in the spammers, like, "Hey, they're probably too dumb to know what they're doing." Sorry folks, but I have an unusually low tolerance for stupidity; I see too much of it elsewhere. As far as I'm concerned, swindlers who won't leave you alone have given up the right to a clean death. Maybe those other authors don't want to really hurt spammers, but I do. And if you think that's being mean, remember where Dante had dishonest advertisers go when they're dead (hint: the Eighth Circle, Second Malbolge). I am declaring open season on spammers, so those who bother me or visit this site to find new victims will do so at their peril (see the offensive tricks below).

For a long time I simply deleted spam when I saw it, or tried turning in the perpetrator to my ISP. It's a thankless job; only once did I get a reply stating that a spammer was shut down because of my complaint. Apparently the guys managing many e-mail services won't take action until enough people complain about it--if they're serious about stopping it at all. It also looks like the problem is going to get worse before it gets better; since the end of 2002 spam has made up at least 50% of all e-mail, rendering it impossible to use some e-mail accounts. In early 2003 AOL announced that its filters had intercepted one billion pieces of junk e-mail, which can only be a tiny fraction of what managed to get through. In 2007 the Barracuda Networks analyzed the e-mail messages sent to its 50,000 customers, and estimated that 90 to 95 percent of it was spam. I can believe it, because spam forced me to abandon my Hotmail account in 2001, when the problem wasn't as bad as it is now.

The good news is that I think I finally have an effective defense against spam. It involves the following three barriers:

1. There is a list called the E-Mail Preference Service (e-MPS), and members of the Direct Marketing Association (DMA) are not allowed to bother people who place their e-mail addresses on that list. Sign yourself up, and the DMA will stop the mail from advertisers who are trying to act legitimate. Since it takes a couple of months for the mail to stop coming, I recommend you take this step first, before trying any other anti-spam method. Check them out at http://www.dmaconsumers.org/optoutform_emps.shtml.

2. Every good e-mail program has filters, including most of the web-based ones. Use them if you got 'em. In most cases you specify what address or keyword to look for, and where to put any e-mails that come in with that address or keyword. The matching mail can either go to another folder, where it won't get in the way of the mail you really want, or you can simply delete it. Again, this won't get every piece of spam, since many spammers change their addresses regularly, but it makes the job of cleaning out your inbox a lot easier, if you've got three messages waiting instead of thirty.

3. Mailwasher. I discovered this nifty program in June 2002. Download it and activate it, and it will allow you to preview your mail before it arrives on your computer. If it looks like a spam message or contains a virus, the program will tell you that. It was a little tricky to set up (I had to call my ISP to make sure I had the correct SMTP and POP3 addresses), but since then it has worked quite well. If you don't want to accept a message, you can delete it or "bounce" it. A bounced e-mail will go back to the sender with an error message, as if it went to an address that is no good. When they get enough bounced messages they'll stop sending mail to you, because it looks like you've died or moved away, so they will take your name off whatever mailing list they have. If you have a "telezapper" device on your phone to fool telemarketers, you'll recognize the thinking behind Mailwasher. The program's creator asks for a nominal fee after thirty days if you like it, which I gladly paid. So far it only works for POP mail programs like Microsoft Outlook, but future upgrades should be able to handle web-based mail, too. If you want to try it, go to http://www.mailwasher.net/.

4. It's too late for any e-mail address that is currently receiving more than a trickle of spam; the "spambots" have found it already. However, you can protect an address that isn't being spammed yet by never posting it anywhere on the Internet--do not leave it in any forum messages, and do not put it in any forms that ask for an e-mail address. Some people give the protected address only to those they want to receive e-mail from (family, friends and co-workers), and use a free address from Hotmail, Yahoo!, etc. when they have to post an address someplace. For them, the spam problem is solved, especially if they don't check what's in the inbox of the spammed account. I'll probably do this the next time my primary e-mail address is changed.

5. If you absolutely have to post an address on Usenet, a bulletin board, or a webpage, consider altering it; some call this "munging" an address. For example, if the address you are posting is janemiller@earthlink.net, you can change it to j@nemiller@earthlink.net, janemillerNOSPAM@earthlink.net, or jane-miller@earth-link.net, or even jane-miller-at-earth-link-d0t-net. Savvy Internet users are likely to know what you're up to, and will correct the address in their own e-mails before they write you, but the harvester programs won't know the difference, so the address they collect is no good.

Okay, defensive weapons are fine, but would you like to go on the offensive? I have only tried a couple of offensive tricks so far. Here is what I've found:

1. You can sue them for whatever they've got. Typically you can get $500 in a small claims court if the spammer persists, more if you can show it is interfering with your work or business. This page gives some ideas on how to do it. The good news is that even lawyers don't like spammers, and one successful lawsuit ought to be enough to encourage many of them to find another line of work. Currently I don't live in a state that prosecutes spammers, but if that changes, I may remove the filters on my e-mail, quit my day job, and live off what I can make from the spammers! It seems like there is an endless source of income here, judging from the number of ads they send.

2. If you have a website, you can poison the source for the "spambots." Webmasters with access to CGI scripting can install a program called WPoison. WPoison generates a fake page with bogus links and bogus e-mail addresses. Following a link will lead to another page like the first one, and so on, so theoretically a "spambot" can collect thousands of bad addresses if it hangs around long enough. Once a spammer tries those addresses, he'll find his inbox overflowing with undeliverable messages! WPoison has been around since 1997, but currently only has a few users, so it hasn't given the spammers too many headaches yet. Let's help it catch on! If you can't put it on your site, you can still post links to other sites that have it, like this, and get nearly the same results. Or you can try a program like it called Toxic Waste Dump.

3. You can join an anti-spam club. Currently the most popular is Spamcop. Members report spammers to one another, and those who pay for membership can use a filter on their mail to keep reported spammers out. Another is Cloudmark, which is free and runs a spam filter on a peer-to-peer (P2P) network. In March 2004 I joined FirstAlert!, the P2P service offered by MailWasher (see above). This one deletes mail from reported spammers before I even see it. Whichever club you join, it will let you take the offensive by strengthening the defenses of others.

4. If the spammer has a toll-free phone number, call it and try any phone prank that comes to mind. He's paying for the call, right?

5. If you have to write a spammer, don't use your primary e-mail address; use a free one from a service like Hotmail. Include attachments, the bigger the better! You want them to wait forever for your mail to arrive, as it keeps them from getting mail from anyone else, and the attachments will fill up the inbox more quickly. This is one case where you don't want to use a zip/unzip program to speed up delivery. The attachments can be pictures of a can of spam (the luncheon meat kind), or you can use a graphic program to type out a message, like "Gotcha, Spammer!" I've found that using Microsoft's WordArt tool, and pasting the results in an MS Paint file (saved as a bitmap, of course), will produce messages that are both pretty and bulky.

Finally, here are some links to other pages dealing with spam, to give you some more ideas. Have fun!

  1. Anti-Spam Information & Software.
  2. Anti-Spam Registration & Solution Sites.
  3. Clueless Mailers (a guide to the worst offenders).
  4. Junkbusters.
  5. A Plan for Spam.
  6. Spam.Abuse.net.
  7. The Spam Archive.
  8. StopSpam.org.
  9. 12 Simple Things you can do to save the Internet.
  10. Webmaster's Guide to Outsmarting Idiot Spammers.

Once upon a time (early to mid-1990s), I knew what e-mail was, but didn't think I would ever need it. Then I got an e-mail account, and was happy to receive mail. Now I'm inclined to groan if I've got mail. I don't see the spam problem going on forever, but one or more of the following will happen:

  1. The government will step in with stricter anti-spam laws. Probably not the best solution, because it will only affect those spammers within the same country, and a lot of them now work from overseas locations like China.
  2. Computer programmers will design more effective spam filters. Better than more regulation, but not perfect, because (A.) spammers will think of new strategies to get past the filters, just like virus programmers, and (B.) some legitimate e-mail will get caught by the new filters. For example, a filter that looks for the word "breast" will catch pornography and ads for bust enlargement that use the word, but will it also stop a newsletter about breast cancer research, or a supermarket coupon that saves you money on turkey breasts? Some people, after all, would want to receive the latter two.
  3. E-mail users will change their habits. We're already seeing this in the spam defense tactics (see #4 and #5 above). Some will abandon e-mail altogether, and go back to older forms of communication, like the telephone, "snail mail," or meeting in person. If that becomes the preferred response, spammers will have ruined the Internet for everybody, but of course they won't care.
The best proposal I've heard so far comes from talk show host Neal Boortz. In a nutshell, it's a real-life version of one of the Internet hoaxes floating around (the rumor about paying postage for e-mail). What he proposes is that every time somebody sends out an e-mail, that person's Internet Service Provider will charge him 5 cents. Then the money will be credited to the ISP account of the recipient. I like it because I don't send out enough e-mails for this fee to hurt my budget; in fact, so long as I receive more e-mails than I send, I'll be coming out ahead. If you currently pay $20 per month for Internet access, for example, 400 e-mails sent to you will be enough to pay for your service, effectively giving you free Internet use. However, the typical spammer sends out a million e-mails to get 15 sales, so having to pay postage on it will put him out of business very quickly.

Under this plan, a special exemption would be granted to those sending out e-mail newsletters, due to the unique nature of their publications. For everyone else, if you're not willing to pay a nickel to have your message delivered, it's probably not worth reading, right? Please help to spread the word on this proposal (but not with a chain letter!), and maybe it will reach somebody who can make it a reality.

If the spammers succeed in taking over the Internet, may your future be as pleasant as it is for these folks (LOL).

spam dreams coming true

Support this site!

© Copyright 2016 Charles Kimball




Return to Chapter 7

Remember to check out the rest of the content on this site.




Visitors: