web hosting and domain names registration in South Africa

Since 1999		In this article:Tips to avoid getting spammed, where spammers got your email address, how to say no to spam, anti spam tools, where and how to report spammers

Products
Web hosting 
Domain names 
Resellers 
Virtual ISP 
ADSL 
Dialup 
Fax to email 
Top info articles 

About us
Contact us 
Who we are 
Guarantee 
Newsletter 

 

Feedback...

 
Just a short note to compliment one of your staff members, Wadda. I always feel that when someone does an outstanding job and delivers excellent customer service that they deserve a compliment and a big thank you. So many times in todays world people are very quick to criticize and complain but not to compliment someone for a job well done. Wadda has been of such tremendous help to myself and my husband from the word go, in moving our website to Cozahost and with sorting out the numerous problems we had on our site. He has been patient, understanding and helpful and it has been a pleasure dealing with him. A company is often judged by the caliber of staff employed, and if all your staff are as helpful as Wadda, then I am really glad that we changed over to Cozahost and wish I had found Cozahost earlier. Please pass on my thanks to him and the rest of your team and I look forward to more dealings with Cozahost. Kind regards

Russell and Maria Chinn

Seems like you volunteered to receive spam?

You are right if you feel like spam is getting out of hand!

It did. And it is.

The well-known consultancy firm Gartner projects that SPAM (unsolicited commercial email) will increase by one thousand percent per year - and almost 70% of all email received on the internet is now spam!  This means that unless we do something, the spam problem is going to get even worse.

In this article we discuss how you got targeted by spammers and what you can do about it.

Contents

Topics covered in this article:

  • Don't help the spammers
  • Where spammers got your email address
  • Be careful when you give your email address away
  • How your address is stolen
  • Your friends may be helping spammers make your inbox miserable
  • Why ISPs find it difficult to block spam
  • Use disposable email addresses
  • Use a white list
  • Fighting back

Don't help the spammers

Spammers sends billions of email messages in the hope that a fraction of a percent of recipients will visit their site or buy their product.  Once people stop responding to these messages, there will be no point in using spam.

Of course this is an idealist point of view ("common sense is not at all that common", to quote Winston Churchill), and there will always be gullible and naive people to fund spammers and other online crooks.  This does not mean we should give up.  By educating people and helping our friends and colleagues understand spam and how it works, we hit the spammers where it really hurts - in their bank accounts. 

If you help a spammers to confirm that your email address is active, you incentivise them to send you more spam.  Spammers can track your email address (validate that it is real) when you:

  • Open an HTML spam message while online
    The message includes links to the spam web site enabling the bad guys to track the fact that you opened their message.  Now the spammer knows that your email address is valid and you will keep on receiving "offers" until you scream.
  • Unsubscribe using the link provided
    Sometimes a particular spammer might actually honor your unsubscribe request, but most will simply sell your now validated email address on tens or hundreds of other spam mail lists.  In the end you are worst off because more spammers now have your email address.
  • Reply to the spam
    When you reply in any way - even to complain, they know you are there.
  • When you buy from them
    Of course, when you buy a product advertised with spam or visit the website in the spam message you pay the spammer's salary AND his Porche.  All they need is a few hundred people per million to buy their product / visit the web site.

Bottom line: Don't read, respond to (or open) any spam message.

Where spammers got your email address

Spammers use software programs (called robots or spiders) to "read" web sites to harvest email addresses published on the web.  Once you publish your email address on any web site or discussion forum, robots may pick it up and add it to their spam list....and you will get spammed for as long as that email address stays active.

The number one golden rule is therefore to never, ever publish your email address on any web site - including your own!  (Use a contact-us form instead.  Most reputable ISPs help you with this - if not, give Cozahost a call. ;-).

If you don't have access to server based forms, or for some reason you need to display your email address, at least try to hide the "@" sign in your address.  Unsophisticated spam robot software look for the @ sign to harvest your email addresses.

A simple and mostly effective technique to fool the robots is by making your email address human readable, but difficult for software to understand.  For instance: instead of publishing your email address as neverspam@goaway.com publish the address like this: neverspam[at] goaway.com. 

This is not as foolproof as server side-forms and it might confuse some of your less astute visitors - but that's a small price to pay for spam-free email!

Other sources abused by spammers to harvest email addresses are:

  • Online directories
    Sites with online lists of telephone numbers, email addresses and contact information - including telephone directories and some specialist search engines.
  • Chain letters
    When you forward chain letters you expose your own email address and those of all the other people who got duped into perpetuating the junk mail because they are either superstitious or stupid, or both.
  • Online guest books
    When you sign an online guest book on a web site, be aware that spammers might be scanning that site for email addresses too
  • Online chat rooms
    This is a favorite hang-out for spam bots. 
  • Classified adds, online discussion forums and newsgroups
    Golden rule: if your email address is available anywhere on the web, the spammer bots will find it.
  • Contact details for domain registration
    Contact info for domain registrants must be published publicly where spammer bots can get your email address.
  • Blogs
    Do not disclose your email address when you leave comments on blogs.

Be careful when you give your email address away

Many legitimate web sites ask for your email address in order to send you information or in exchange for a free newsletter or software.  (As we at Cozahost do.)

This is not necessarily a bad thing, because most web sites are legitimate businesses willing and able to supply you with information and advice.  The thing is that there are bad apples too, and therefore:

Before you supply your email address, make sure that:

  • You read their terms of use and privacy statement
  • The site is indeed reputable and can be trusted
  • You understand exactly why your email address is needed

Even after you verified the above, it's still better to give them one of your disposable email addresses rather than your primary address.  (more about disposable email addresses later)

Watch out for covert address collection

Beware of dirty-tricks-department schemes:

  • The mailto: link
    When you click on a mailto: link (your email client opens a new mail message like this) not only will you be sending email, but you will also reveal your own email address.  Unless this is a web site you can trust, be aware that you might be volunteering to receive spam.
  • Ftp links:
    Some sites offer free downloads of software via an anonymous ftp server.  Unless your Internet browser software is setup correctly, your email address will be revealed to the ftp server. 

Gifts from friends you can do without

One big problem remains - your friends and business contacts: unless all the contacts and people with access to your email address are educated, they are almost certainly going to blow your cover and unwittingly subscribe you to the spam-list-from-hell.

Sure fire ways for your friends and contacts to unknowingly "betray" you are:

  • E-cards
    Have you ever received an e-card for your birthday or a special holiday?  Chances are that's how you landed up on a spam list to begin with.  While there are many reputable e-card companies that is in no way connected to spammers, your friends just need to send one card from a website that is not reputable - and voila - you're in spam hell!
  • Promotions and gifts
    Friends or contacts may send you "special free gifts" of information they found somewhere on the web. 
  • Chain letters
    Yup, the famous forward this to 10 of your friends caper.  Eventually every single address on that chain letter will land up on a spammer's list.

So, how do you overcome this threat?

  • Educate them
    First and foremost make sure that your family, friends and contacts understand about the dangers of giving their own or other people's email addresses away.  (As a start, send them this article)
  • Use disposable email addresses
    Sooner or later someone is going to do one of the things we warn about in this article and your email address will land up on a spam list.  It might take a year, two years or just a few months.  Make peace with the fact and don't grow too attached to your email address - you might have to dispose of it later.
  • Tell your friends to use your public email address when 3rd parties are involved
    Ask your friends to always use your "public" email address when they feel an uncontrollable urge to send a e-card or other information via a 3rd party to you.  (More about disposable email addresses later)

Why is it so difficult for ISPs to block spam?

Spammers deliberately use techniques to make it difficult (almost impossible) for ISPs to block email.  Their favorite tricks include:

  • False sender address
  • Constantly changing subject lines
  • Random words in the message to confuse scanners
  • Relaying (sending) email via security holes in legitimate but unsecured email servers
  • Rapidly changing web sites for the product they "advertise"
  • Random words and snippets in the spam message to make pattern matching very difficult
  • Weird spelling taht is hmuan raedbale, but nonsnese to comupetrs

What we at Cozahost are doing to block spam:

  • We delete all known viruses and worms as they arrive on the server
  • We do reverse lookups on the servers sending email and reject email from servers using false registration records
  • We try to contact the alleged sender domain to check whether the sending server is authorized
  • We check against several separate and independent backlists to refuse email from hundreds of thousands of KNOWN spam servers
  • Our clients can "teach" the mail server how to recognize spam, so it can learn to become more and more effective at spotting junk
  • And more defensive measures are coming shortly..

Even with all these hi-tech defenses in place, there is no way an ISP can effectively block ALL spam (yet). 

A recent CNN article reported that AOL (large ISP in the USA) is blocking up to 2.3 billion spam messages a DAY - and still their members are being flooded with spam!

The only way to stay completely spam free is to keep your email address off the spam lists!

(More info on how ISPs try to block spam...)

Spam list hell

Spammers invest in software to harvest email addresses online.  They buy address lists from less reputable web sites and newsletters. They also buy and sell email address lists from each other.  

These email address lists are sold on CD and other forms.  (You can buy a few million email addresses for a fraction of a cent per email address!)

So let's say you managed to stop the the infamous Viagra spammer from sending you junk.  Think your problems are over?  Think again, because your name is on a list that was sold to ten other spammers all falling over their feet to send you junk ranging from anatomy enlargement herbs to pornography.

Once your email address is compromised to even a single spammer, you will never get rid of spam on that email address again.

Disposable email addresses

How do you get your inbox (and sanity) back once you are on that spam list or your address is on a CD of email addresses sold to spammers?

There are only two ways out: 1) you have to delete the compromised email address and start using a new one or 2) you have to subscribe to a white list service.  (More about white lists later)

For most people changing their email address is a traumatic and counter productive.  So much so that they would much rather live with the spam than deal with the pain of changing email addresses.

Unless...

Imagine the compromised email address is only one of a few you use and it only affects a small portion of your email volume.  Imagine you can notify senders to the deactivated email address automatically of your new email address - so that you don't loose any email.

These are called "disposable" email addresses: At the outset you know that your email address will be compromised sooner or later and you plan accordingly:

This will significantly reduce the "trauma" of  disposing of a spammed email address.  (For instance, tell your friends to use your first name email address for personal communication, eg: joe@nospam.com, but, for e-cards or any other communication where a 3rd party is involved, use your formal address with your full name, eg: joesmith@nospam.com)

As soon as you start receiving spam on your joesmith@nospam.com address, simply dispose of it and tell your friends to use joesmith2003@nospam.com (2003 = current year) for communication via a 3rd party instead; in other words:

When an address is compromised, you simply set up an auto responder to handle incoming mail, and delete the address. The auto responder will tell the sender that you now have a new email address and that they should update their records.  If a human read the message (as opposed to a spammer's software) the person will update their records.

To set up disposable addresses:

  • Create a number of email addresses with your ISP
    (Cozahost clients: login at your control panel http://helm.your-domain-name to and create a new POP account.  Please see the online guide for more info.)
  • Use different email addresses for different tasks
    Use one or more email address for your friends, one for each subject area of the newsletters you subscribe to, an email address you only give to your clients, etc, etc.
  • Use a free web service for disposable email addresses
    Use free, disposable web mail services like WebMail or Hotmail for non-essential or casual email.

Now ask your ISP (or login to your control panel) to set up an auto responder for the "disposed" email address so that anyone sending email to a disposed address will receive an automatic response notifying them of your new email address. (Spammers routinely forge reply addresses so they will almost never get your auto reply)

A tip for creating a disposable address: Try to pick an email address late in the alphabet because many spammers process their lists alphabetically and will often be shut down before they get to zzzJoeSmith@nospam.com.
(Conversely aaaMarySmith@nospam.com may be one of the first to be processed.)

If you are currently receiving a lot of spam on your existing email address - consider disposing of it right now and adopting the advice in this article. 

If you think that's too painful - consider the prospect of receiving 1000% more spam every year for the rest of the lifetime of that email address!

Email white lists

An email white list is the opposite of a black list. A black list is a list of all email senders that are banned, ie you do not want to receive email from them.

The problem with a blacklist is that spammers use false names and change them very often, so just black listing viagra@spammer.com will at best stop a single spam mail. 

The opposite (and much more effective) approach is therefore to say that ALL email addresses are banned unless they are specifically approved by you, or if the sender demonstrated that it is a human - ie not spammer software.

One of the best known and most respected white list providers is Spam Arrest.

This service allows you to block 100% of spam instantly, with no false positives.  They do this by allowing you to upload your Outlook address book (this becomes your list of approved senders) and from then on anyone that sends you an email has to prove that they are human by logging on to a web site and supplying a verification code.

The verification process takes only a few seconds and it has to be done only once - from that moment on that sender is considered to be legitimate and email will be allowed into your inbox.

Setting up the service is very easy:  You login to the Spam Arrest server and enter the login details for your email account (as provided by your ISP).  The Spam Arrest server will now login to your mailbox on your behalf zap all the spam - before you see it.

Try the free 30 day trail to see if it will work for you.  The full service costs only cents a day.  Just in time and frustration saved alone, the service pays for itself within days.  Highly recommended.

Fighting back

If you want to fight the spammers directly (we all should), here are some resources that will help in the good fight:

In closing...

Spam is a fact of internet life  - it most assuredly will not go away.  Only by educating internet users (our clients, friends and contacts) and by using all the technology at our disposal can we hope to turn the tide.

We are all in this fight together - lets start claiming our inboxes back!

Do you want more quality  information like this?

You will find more of the same in the Cozahost newsletter.

About the author

This article was compiled by Cozahost for our newsletter in the interest of happy and productive Internet computing and with the belief that education is our best defense against spam and other forms of internet abuse.

(c) Cozahost, 2006. All rights reserved.
Use our site map to find information or please contact us if you have any questions.