Practical Computer Advice
from Martin Kadansky
Volume 5 Issue 3March 2011
In This Issue
How can I stop email spam?
It's not easy dealing with spam and other types of unwanted email. Here's my advice on how to get started.
How can I stop email spam?

If you use email (and you probably wouldn't be reading this if you didn't), it's likely that you've received unwanted messages. Some may be from legitimate companies from which you bought something, and at the time you gave them your email address. Other messages may be from strangers trying to sell you something or lure you into a scam, usually by trying to convince you to visit a web site, or call a phone number, or write to someone. At first they were so infrequent you just deleted them. However, over time the problem may have grown so much that you may be spending more time sifting through spam than legitimate messages. Recent industry estimates put spam at 80-92% of all email.

How did they get my email address?
Spammers have a surprising number of ways, including:
  • From a message you posted on a public web site, blog, discussion group, chat room, etc. where you were also required to supply your email address.
  • From information listed on your own web site, if you've created one.
  • From information in your (publicly visible) domain registration, which is a required part of creating a web site or domain email.
  • From an email mailing list you belong to, depending on the practices of the people in charge of the list.
  • From information you filled out in a form on a web site, e.g., you bought something from an online merchant, registered for a service, filled out an online profile.
  • From your listing in a professional directory, Chamber of Commerce, etc.
  • From information you filled out on a paper form and given to a company, e.g., a store, conference registration, survey, etc.
  • From online directories of names and email addresses, which compile information from various sources.
  • By gaining access to information about you, either directly from the company sharing or renting it out, by an unscrupulous employee stealing it, or by poor security practices leaving it vulnerable to theft by an unauthorized outsider.
  • From a virus that collects email addresses that may have infected your computer, or a friend's computer (whose email address book or stored messages contain your address), or a stranger's computer which happens to have a forwarded message that lists your address in its TO field or CC field or body.
  • From a virus or hacker that breaks into a computer at an ISP (Internet Service Provider, e.g., Comcast or Verizon or AOL), taps into part of the internet's email infrastructure, and scans the billions of messages flowing through it every day.
  • By guessing. Some spammers construct email addresses by combining millions of first names or initials, last names, and domain names, generating addresses like JohnSmith@aol.com, MJones@comcast.net, etc. Is your address "guessable"?
  • If you're unlucky enough to have gotten a re-used email address whose previous owner was already receiving spam.
Three types of unwanted email
I distinguish between three types of unwanted email:
  • Easy to stop: Email from a clearly identified merchant, vendor, or organization with which you've probably done business in the past. These include companies from which you've bought products or services, such as large retail chains (Sears, Home Depot, LL Bean, Costco) as well as online-only merchants (Amazon.com, eBay.com, Netflix.com).
  • Fairly easy to stop: Email from a clearly identified merchant, vendor, or organization that you've never heard of or never done business with. I get messages from time to time offering to sell me ink, toner, copy machines, and various personal and business services. Some vendors put me on their email newsletters lists without my permission.
  • Almost impossible to stop: Bulk commercial email from a sender whose identity is unclear or hidden. The most common of these offer products (cheap drugs, diets, watches, etc.) or scams (money from Nigeria, fake charities for disaster relief, etc.).
I recommend handling each of these a little differently.

What can I do to stop email from a known vendor?
In this case, where you recognize that the email you're receiving is from a legitimate vendor with which you have a past relationship, the best approach is to "unsubscribe" from their mailings. You can usually do this by scrolling to the bottom of one of their emails and following the instructions, or send a reply asking to be removed from their list if you can't find any instructions. You should not declare this type of email as "spam" in any spam filter (see below).

What can I do to stop email from an identified but unwanted vendor?
As long as the sender of these emails is a clearly identified legitimate vendor, in general I recommend also looking for "unsubscribe" instructions at the bottom of their emails, or sending a reply asking to be removed from their list. However, if you felt that the vendor used unscrupulous tactics to get your email address, or made false or misleading claims in their message, I would consider declaring such a message as "spam" in your spam filter (see below).

What can I do to stop bulk commercial email?
Unfortunately, it's not that simple. In this case, the sender's identity is unclear or hidden, so the "From" address in the message is not only completely false, emails sent by such spammers will use a different "From" address every time. Thus, adding it to your "blocked senders list" is a waste of time. Also, you should neither reply nor "unsubscribe," as both of those will only confirm that your email address is actively read by a real person, which will lead to more spam.

What can you do? Well, the ultimate method would be to delete your email address and create a new one. While this will certainly stop the spam, it's not a practical solution for most people, and in fact it may only offer a temporary solution, since you're likely to get spam on a new address eventually.

Instead, I recommend spam filtering. It's not perfect, but when it works it's a decent solution to this problem.

What is spam filtering?
A spam filter is software that examines each of your incoming email messages and decides whether it is spam or not. It may give you some options (e.g., low, medium, or high filtering), but ultimately a spam filter mechanically separates your incoming email into two categories: "spam" and "not spam."

A good spam filter should give you the following features:
  • You can turn it on or off, so you can control whether it's active.
  • Messages it considers to be spam should be put into a "holding area" (or "marked" as spam) for you to review, not deleted. It's a robot, and it will make mistakes. Would you trust a robot to permanently delete some of your email without your review?
  • When reviewing the messages in the holding area, you should be able to sort them by From or Sender so you can review them quickly and efficiently.
  • If you see that your filter incorrectly decides that a legitimate message is spam (a "false positive"), you should have some way to "declare" it as not spam so the filter will release it from the holding area and learn to do better.
  • If you see that your filter incorrectly decides that an obvious spam message is not spam (a "false negative"), you should have some way to "declare" it as spam.
Where do I get a spam filter?
Spam filters can be found in many places:
  • Your email server probably already has a built-in spam filter that you can access through your webmail. Most ISPs (Comcast, Verizon, AOL, etc.), webmail providers (Yahoo, MSN, Gmail, Microsoft Exchange, etc.), and domain hosts (Godaddy, Bluehost, etc.) have spam filtering.
  • If you use an email forwarding service (pobox.com, Bigfoot.com, etc.), it may have a built-in spam filter.
  • You may also be able to use a spam filtering service (SpamCop.net, Postini, etc.) that does its filtering "upstream" from your computer, which can give you more flexibility than your ISP's spam filter.
  • If you use email client software on your computer (Microsoft Outlook, Thunderbird, Apple Mail, Eudora, etc.), it may have a spam filter built right into the software.
  • If you use email client software (Outlook, Outlook Express, etc.), you may be able to buy an add-on spam-filtering program, such as Norton AntiSpam, McAfee SpamKiller, and others.
And, depending on how you get your email, you may have some (or even all) of these spam filters potentially active at the same time.

Ok, if I can't stop bulk commercial email, what can I do to cope with it?
Here's what I recommend:
  • First, determine which spam filtering options you currently have (see above).
  • Then, turn one of your available spam filters on, turn the rest off, and see how well it catches the spam you're receiving.
  • If you get too many false positives (or negatives), first try adjusting that filter's options to be weaker (or stronger). If its behavior doesn't improve, turn it off and try another filter. (Unless you fun this technology really fun, I don't recommend having multiple spam filters active at the same time.)
What can I do to help prevent bulk commercial email?
There are two parts to this:

To help prevent bulk commercial email from arriving in your Inbox (or to try to limit its future growth):
  • Don't reply to spam messages.
  • Don't "unsubscribe."
  • If you post comments online, "mask" your email address if possible. For example, don't type "martin@kadansky.com" but use "martin at kadansky dot com" or "martin@KADdelete_thisANSKY.com" instead.
  • Instead of giving out your real email address, use a "disposable email address" service. Google "disposable email" to learn more about this.
  • If you have a web site, enhance it to make your email address more difficult for spammers to find. There are at least three ways to do this: Wherever your email address appears on your web site, have it converted into Unicode, or obscured by JavaScript, or turned into a picture. (If you had someone else create your web site, they'll know these techniques.)
  • Any time you're asked for your email address, stop and ask yourself whether you can trust the person or organization not to misuse it.
To help prevent bulk commercial email from arriving in other people's Inboxes:
  • Use BCC when sending email to many recipients. Since your message may get forwarded to many other people, this keeps those addresses invisible to spammers and their address-hunting viruses.
  • Before forwarding an email, remove the long lists of previous email addresses from the body of the message to prevent them from getting found by spammers.
  • Keep your computer clean of viruses and malware, since many are now created and spread by spammers trying not only to collect email addresses to target with spam, but also to take control of computers they can use to send their spam.
Why do spammers do it?
Make no mistake: Spam may look silly or cute, but it is big business run by sophisticated gangs targeting people all around the world. You may have seen the "Nigerian scam," a message claiming to be from a relative of an overthrown monarch asking for your help in moving millions of dollars out of their country in return for a percentage of the money. It may sound ridiculous, but according to reports I've read from the FBI and elsewhere, those who fall for it are drawn in, first supplying documents, then money for supposed bribes, and eventually lured into traveling to Africa where they are kidnapped and held for millions in ransom.

How do spammers do it?
Most spam is sent from "botnets," groups of thousands or millions of regular computers infected with software that lets spammers control them remotely to send their spam, without the knowledge or consent of the people who own those computers. Many of these infections are "rootkits," designed to hide from regular antivirus/antimalware programs, making them very difficult to remove.

Where to go from here
If you're confused or frustrated by something on your computer, I like to say, "You can do it!" You might just need a little encouragement, or information, or change of perspective, and that's where I come in.
How to contact me:
email: martin@kadansky.com
phone: (617) 484-6657
web: http://www.kadansky.com

On a regular basis I write about real issues faced by typical computer users. To subscribe to this newsletter, please send an email to martin@kadansky.com and I'll add you to the list, or visit http://www.kadansky.com/newsletter

Did you miss a previous issue? You can find it in my newsletter archive: http://www.kadansky.com/newsletter

Your privacy is important to me. I do not share my newsletter mailing list with anyone else, nor do I rent it out.

Copyright (C) 2011 Kadansky Consulting, Inc. All rights reserved.

I love helping people learn how to use their computers better! Like a "computer driving instructor," I work 1-on-1 with small business owners and individuals to help them find a more productive and successful relationship with their computers and other high-tech gadgets.

Return to the previous page

Subscribe to this free newsletter

Go to the Newsletter Archive

 

 

To the Top


All original content copyright © 2002 - 2010 Martin Kadansky

Site designed and developed by and copyright © 2002 - 2007 ozbarron