Below is an article I wrote years ago on how to fight spam, which I've updated with new tricks. The best trick I've learned so far is using Boxtrapper to create whitelists (it's the last trick at the bottom). For example, before installing my own whitelist with Boxtrapper, I had 38 emails yesterday morning, and 95% of them were spam. This morning, I had 2 emails, and neither of them was spam.
"Imagine if you could bum one cigarette off of each person in the world?" Will said. "You could have a billion cigarettes!"
"True," I said, "but what if each person in the world bummed one cigarette off of you?”
“Yeah," he said with a frown, "that would suck.”
Spammers are ‘bumming cigarettes’ off of all of us. For them, it’s “just one more cigarette”, but for us, they're the 10,000th person asking for a cigarette.
I’ve made all the mistakes that got me spammed. So I did the only reasonable thing I could have done—I changed my email. And for four years, I lived a blissful spam-free existence. And yet, one day, I started getting spam... on an email I wasn’t willing to change. What now?
Many battles wage throughout history, e.g., cryptography vs. cryptanalysis, freedom vs. security, and the battle against spam falls within that context: business rights vs. consumer rights. Though some spam does come from legitimate businesses selling their products, it's the years of door-to-door salesmen, Jehovah's Witnesses, Mormons, and unrelenting telemarketers than have forced our governments to approve legislation to keep people away from our home. Emails should be no different. So why do we still succumb to a daily barrage of worthless emails? We shouldn't succumb, of course, but the power of email lies in its global reach... which also means national legislation can't stop international spammers. Microsoft says 97% of all email is spam, so if you can't kill the beast, how do you contain it?
HOW TO STOP SPAM
A Quick Glossary
- ISP Internet Service Provider, the company whom you pay every month to have access to the web, i.e., sbcglobal.net, aol.com, earthlink.net, though not necessarily the company in charge of your email if you use manage a domain.
- IP Address An IP number is a unique number for a server, always listed as four paired numbers separated by three periods, i.e., 22.214.171.124
The best cure of all is prevention—the basic tricks listed here can be applied by anyone, but the advanced tricks are mainly for webmasters or for those willing to spend sometime talking with their ISP.
Basic Tricks: SETTING UP EMAIL
- Create a new personal email. Tell only friends and family about it. Though obviously drastic, this one trick will eliminate all your spam immediately. Tell everyone not to bandy about your email with impunity.
- Use a long and/or complicated email address. Even new emails will eventually get spammed because spam programs systematically guess until they find a valid email. So use a long email address, with more than one word, with numbers and/or underscores to throw them off the trail.
- Choose a reputable ISP, like SBCGLOBAL.NET, to retrieve your email. Cheaper ISPs are often lax about their anti-spam policies, meaning they may not use spam filters and also complaints to these ISPs will likely go unheeded. Most ISPs, like AOL, give you both net access and manage your email, However, they don’t have to be the same, so be clear who manages your email.
- Create a web-based email (Yahoo or Gmail, not Hotmail). If you already have a personal email, then use this web-based email for promotions and “proof of working email” when creating usernames and passwords for new websites. The big companies are pretty good about weeding out spam for you.
Basic Tricks: RECEIVING SPAM
- Don’t even open spam. Do you recognize the sender? Does the subject line start with “ADV:”? Is there an attachment with an extension of “.pif”, “.scr”, or “.vbs” (these attachments are usually viruses)? HTML spam use an image link that, when the HTML emails are opened, track which images are viewed and that in turn tells spammers which emails are “live”. In some email programs, you can actually disable the “auto load images”, which solves the spam issue, but not for viruses: on PCs, if an email attachment has a “.vbs” extention (Visual Basic Script), you can infect your computer simply by opening the email.
- Never reply to spam. Some spammers are hoping you reply because that tells them your email is “live” and then they can sell your email to email marketing companies. Virus-writers will always put a bogus email in the “Reply-to” field (which can be different from the “From” field), so your irate reply will either go nowhere or befall some innocent bystander.
- Never try to unsubscribe from spam. Same as above.
- Never buy anything through spam. One paying customer out of 10,000 bulk emails is enough to pay for 20,000 more spam emails. Don’t do it.
Basic Tricks: EMAIL USAGE
- Never post on Newsgroups with your home email, only with your Yahoo! Mail account. Spammers use “spiders” to collect emails on the net and newsgroups. Post on Newsgroups with phony text in the email itself: jake@DELETETHIShotmail.com. Because spiders search for the @ symbol, nother common shorthand is jakeAThotmailDOTcom.
- Uncheck those “newsletter” checkboxes. When signing up for something online, look carefully for the small check boxes at the bottom—these are for promotional “newsletters” that you will almost certainly not want. Don’t complain to ISPs about these emails—if you left these boxes checked, you asked for those emails!
- Ask others to BCC: your email on mass forwarded emails. A friend forwards you a joke—or a chain letter or the infamous Disney/Microsoft hoax “asking” for emails—and 100 other people, then you do the same, and so on; each time the email is forwarded, all the previously forwarded emails are included in the body of the email by default. The moment that email falls into the hands of a spammer, every email on the list will get spam, forever. Forwarded jokes aren’t inherently evil, but including someone’s email without their permission is evil. You wouldn't hand over your phonebook to thousands of strangers, would you? If someone must forward you jokes and chain letters, politely ask them to start putting your email in the BCC: field (“Blind Carbon Copy”)—you’ll still receive their jokes but no one will have any trace of your email. Likewise, as a courtesy to others, don’t forward jokes without 1) removing all emails in the body of the email and 2) putting everyone’s emails in the BCC: field; the only TO: recipient to the email should be you.
- Google your own email. A lot of emails are already out there for spammers to find; if your email is in the public domain, track it down by doing a search for it at www.google.com. Then, contact the webmaster for the webpage where your email is listed and ask to have it removed. Finally, contact Google and do the same. Otherwise, you’ll just have to accept that your email will be bombarded with spam forever.
Advanced Tricks: FILTERS, ALIASES & WHITELISTS
- Use Spam Assassin. This app is loaded on your ISP's server and identifies spam before it even gets into your in box. Depending on how vigilant you want to be, you can even enable "Auto delete spam", but that might accidentally delete real emails.
- Use your ISP’s Spam Filters. Good ISPs have good spam filters, so ask your ISP how to use their filters. Though this approach is somewhat effective if you can’t or won’t change your email address, it still only blocks spam coming from one IP address and it doesn’t stop spammers from emailing you from other IP addresses or selling your email to other spammers.
- Use a local spam filter. My Mac's email client is Eudora, so I installed Spam Sieve which screens all my incoming mail and puts all spam into its own folder. Most of the time, I never even know I've even received any spam there.
- Use multiple aliases and discontinue the offending aliases. If you're using your own domain, you can create emails like email@example.com, firstname.lastname@example.org, and email@example.com, which can be forwarded to one email address because they are an “alias”. At the first sign of trouble, any of these aliases can be instantly discontinued.
- Use a Whitelist & Blacklist. Some ISPs offer killer applications like Boxtrapper, which lets you list all friendly emails on a "whitelist" so that only those emails are forwarded to your local email client's in box. As you meet new friends, you simply add their emails to your whitelist (sometimes it's as simple as sending them an email, which Boxtrapper interprets as implicit approval to communicate with that email) and none of the other junk email gets through.