The earlier version of this page was first written in 1997, and patched ever since. This is a full rewrite to bring things up to date. In 1997, the notion that people needed self-defense in their email was a novelty; now it is a widely known fact of life. A few problems have grown milder; but the problem of unsolicited bulk mail, aka "spam," has grown by orders of magnitude.
Nuisances: People who want to annoy you for some reason, or no reason. These range from one-time flames to persistent harassment and physical threats.
Forgeries: These include forgeries of your name and E-mail address in messages to others, or of other people's identities in mail to you. Both can be extremely unpleasant, or even damaging, if the recipient gets fooled. A special category of this is forged subscriptions to high-volume mailing lists. Spammers often forge their return addresses in order to conceal their activities from their service providers. Sometimes they forge non-existent addresses, and sometimes they defame people by forging actual addresses.
Mailbombers: People who send you large quantities of mail for the purpose of flooding your mailbox, forcing you to spend a lot of time getting rid of it and perhaps preventing bona fide mail from getting through.
Worms and Viruses: Unlike the other categories, these attacks are indirect; the perpetrator is normally not the person who sent you the mail. The most popular email software is often the least secure, and as a result attacks on it have become as much of a danger as personally directed E-mail attacks. These are discussed in a separate page on worms and viruses.
With spammers, start by remembering that you are dealing with thoroughly dishonest people. Spammers are scum who don't care to spend the money on a postage stamp, a phone call, or a paid ad, and want you to pay, through your Internet account, for their advertising. Any information which you give them will be used to your detriment.
Never to reply to spam. Your reply will most likely not reach the spammer, and may contribute to the annoyance of the person whose address the spammer has falsely used. If it does reach the spammer, it will only confirm that your address exists and is reachable. You will get more spam, not less, as a result. Never submit your address to a "remove" list. If spammers were willing to remove your address, they would not be engaging in tricks to defeat your filtering software. Sending your address to a "remove" list merely confirms that your address is live, and will result in your getting more spam, not less.
This doesn't mean you should "just hit delete." Some people think they are achieving a great triumph over spammers by deleting the mail when it comes in. Ignoring spam means ignoring an assault on your mailbox. You should report spam or block its source. There are a number of tools which make this easier.
An increasing amount of spam is coming from sources which have no desire to stop spammers. More than half of the spam which I receive either comes from mail servers in China or promotes websites which reside on a Chinese server. The prevailing attitude among Chinese service providers is that anything which hurts Westerners is of no consequence, and it certainly doesn't hurt the Chinese government's plans if email communication with the outside world comes to a halt as a result. Brazil isn't far behind as a spam source, with completely indifferent service providers.
Spammers resort to every trick to invade people's mailboxes and con people out of their money. They will falsely claim that you requested their mail; they will invent nonexistent laws which allegedly make it illegal for you to report spam (usually they call this fabricated law "S. 1618"); they will disguise the subject line as a personal message; they will impersonate legitimate companies; they will pad their messages with meaningless noise in an effort to defeat your filters. Sometimes they will resort to saying "This is not spam!" as if their assertion can wipe out the very fact of the mail in which it is contained.
A spammer may claim that you have consented to receive its because it got your address from a "marketing partner." A spammer's purchase of a list of addresses which includes yours does not constitute permission on your part. This is just one more example of using the Big Lie technique.
What do spammers hope to gain? They know that out of a million people, they are likely to reach a few suckers. Note that spam is usually pitched at the desperate -- those who feel sexually inadequate, who need to get a loan quickly, who are having health problems -- or at those who want to get money effortlessly and dishonestly. They want your money, or better yet, your credit card number. They don't want to provide you anything in return. In some cases, especially with medical spam, this may be a blessing in disguise; losing your money is the least of the damage a fly-by-night "drugstore" in Shanghai can do to you.
Sometimes, ostensibly legitimate businesses will hijack your mailbox for free advertising distribution. The Direct Marketing Association, which once was a respectable business organization, is playing a two-faced game, issuing spamming guidelines to its members while claiming to offer the public guidance on how to avoid the very spam it promotes. Any "legitimate business" that spams has shown it doesn't give a damn about you. Never buy from spammers.
Spammers will often use tricks to make their mail appear legitimate. They may falsely identify themselves with other companies. If you read mail as HTML, spammers can more easily hide their actual URL's, and can send cookies back to their servers to confirm that you have received their mail. They can also include Javascript which can collect additional information without your knowledge. When reading email, turn off cookies and Javascript. If possible, turn off HTML. Any email which can't be read as plain text is most likely spam anyway.
One particularly nasty scam is a mailing which says, in effect, "This is your Internet service provider [eBay, etc.]. Due to a computer failure, we lost all our passwords. Please send us your password so we can rebuild our files." NEVER give your password in an email message.
If your address is forged by a spammer or other malicious party, you can suffer damage to your career or business. Such forgeries can adversely affect your reputation among Net users and potentially even get you into legal trouble. Strong measures are necessary if someone forges your name in email to others.
Mailbombings are also very serious, but more straightforward to combat than forgeries. Don't bother arguing with the sender; immediately notify the sender's ISP and your own system administrator. Fortunately, there are software remedies to most mailbombings. You may also be able to obtain legal redress.
Spammers urge you to "just hit delete" rather than reporting their scams. This may seem like the safest course, particularly if you know little about analyzing headers and don't have the time to learn. This applies to most people, and certainly it certainly isn't a disgrace to be too busy to analyze the origin of every piece of garbage you receive; but there is a downside to just ignoring the trash. If spammers don't lose their accounts, they'll just keep sending you more junk. Even if you don't have the time to report every piece of unsolicited trash you receive, you should try to make at least an occasional report. Even one a week helps.
The naive user of email assumes that the sender is the person named in the "From:" field. In fact, almost every field of an email message can be falsified by the sender. If you consider a message to be abusive, examine its headers carefully before directing your response. Many mail programs don't give full headers by default, but most have an option for doing this. Important header lines include:
Look at the part after the "@" character (e.g. "xyzdomain.com" in "user1234@xyzdomain.com"), which is the domain name. If these don't agree in the different header fields, there may be cause for suspicion. The difference may also be completely legitimate; for instance, if a user has a private domain name on a commercial service, the ID and Received lines will show the domain name of the service provider rather than the sender. But a difference may also be an indication that the return address in the "From" line is fake. If the return address seems phony (for instance, if there's no atsign or more than one atsign), place more trust in the other lines. Forgers and junk mailers will often play with just the "From" line, since it's what people notice first.
The most trustworthy header line is the first "Received:" line, and the most trustworthy part of this is the IP address. (An IP address consists of four numbers separated by periods and enclosed in brackets, e.g., [192.168.0.1].) The user name in this line doesn't necessarily reflect the actual sender; what's important is the domain name. The domain name can be faked if the sender controls the entire sending computer, but is normally reliable. However, if you see an IP address in parentheses and the domain name outside the parentheses, the name may be faked. Example:
Received: from spoofeddomain.com ([192.168.0.1]) by...
(192.168.0.1 isn't anyone's real IP address; if you do see that, it's an address on someone's LAN, and not useful for spam tracing. I've used it in this example for the same reason that 555-xxxx numbers are used in movies.)
If you're not sure about the origin of the message, make a best guess but take extra pains to be polite when reporting the abuse; flaming the wrong person will only add to your troubles.
The Unix program "whois" is very useful in determining the actual identity of a domain and contact information for it. With the growing number of Internet registrars, the number of whois servers has greatly increased. For .com, .net, and .org domains, whois.networksolutions.com will get you at least some information. It may tell you that the actual registrar is someone else, and a whois using the registrar's whois service may provide more detailed information.
Domain registrars generally will not cancel a domain for spamming, but the honest ones will cancel its registration if it was registered using false information. If a spammer's "whois" information is clearly fraudulent, you should contact the domain registrar pointing out that fact.
abuse.net has provided a useful service for determining where to report spam. It maintains a registry of spam reporting addresses, which can be accessed either through its whois server (whois.abuse.net) or through a Web page. The whois server is the quicker way, if you have access to it. Note that the existence of an abuse address doesn't necessarily imply that the host will actually do anything about spam complaints.
The major concern of most people who use email is the steadily increasing stream of spam which they will get once their address has become known to the public. It starts with just one message, then it gradually increases to one almost every day, and eventually people find that their mailboxes are so choked with scams of every kind that it's hard to find the occasional piece of legitimate mail. In a way, the worst part of spam isn't the actual interference with legitimate communications, bad as that is, but the sense of violation as your mailbox is assaulted repeatedly by lying scum making disgusting propositions and seeking to cheat you out of your money. Spammers are fundamentally anti-reality in their thinking, knowing no use for communication except to deceive and intimidate.
The best defense against these foul humanoids is to make sure that your address doesn't become publicly visible on the Internet. If you have a private address, just for communication with your friends, this isn't much of a hardship. If you need to publish an address for people to contact, this may not be a viable approach. In this case, you may want to have both a public and a private address.
There are many options for filtering your mail to stem the tide of spam. The most common, and most useless, is to filter out "From" addresses which spammers have used in the past. Spammers use forged addresses, and keep changing the addresses which they forge, so this accomplishes nothing. However, the reverse approach -- a "whitelist" which specifies the addresses you'll accept mail from with all others being rejected outright or subjected to further filtering -- can be useful.
Content filters are also popular. Spammers can defeat these, too, by padding their messages with nonsense text to confuse the filters. Another problem is that these filters can eliminate legitimate mail simply because it contains words that resemble those in spam. This amounts to inadvertent content censorship on your own incoming mail, and may not be what you want.
In addition, the above approaches don't do anything to hurt the spammers or the service providers who connive with them. A better approach is to filter on the domain name or IP address in the "Received" line. This information is difficult to forge, and filtering out mail that is sent from unethical hosts can significantly reduce your spam while offering little danger that you will lose legitimate mail. It also sends a clear message to the spam hosts that their mail is not welcome. I have described a procmail-based way of doing this on my rogues page.
The ones who want to use your mailbox as a free advertising medium for their crooked schemes are a plague that requires constant vigilance, but much as they would like to make your email communication useless, you don't have to let them succeed.
Ignore this link. It connects to a bunch of phony email addresses to frustrate address-gathering bots.
I do not support CAUCE, nor any efforts to regulate email on the basis of content. Click here for my views on this subject.
See links page for other useful pages.More information at this site:
Return to Gary McGath's home page
Completely revised June 17, 2003
Updated November 30, 2003