Winning the War On Spam

Winning the War On Spam

by Michael Southon



For years I didn't worry much about spam.



But lately it's got out of control. Over half of my email

is now spam, and it was growing by the week - until I took

action.



This article shows you some strategies for winning the war

on spam.



------------------------------------------------

How Do They Get Your Address?

------------------------------------------------



In the old days, spammers got their addresses mainly from

Newsgroups - if you didn't post to Newsgroups, you were

reasonably safe. But they're now using a much more

efficient method to build their lists - email harvesters.



Email harvesters are robots that roam the Internet

collecting email addresses from web pages. Examples are

EmailSiphon, Cherry Picker, Web Weasel, Web Bandit and

Email Wolf, to name just a few.



How can you protect yourself from email harvesters?



By 'munging' (mung = 'mash until no good') or cloaking your

email address.



There are many ways of munging your address - the easiest

technique is to use ASCII code for the punctuation in your

email address (instead of symbols).



For the colon after mailto use : and for the @ symbol

use @ and for the period use . . With this method,

your email address would become:



mailto:yourname@yourdomain.com



but it will display as:



mailto:yourname@yourdomain.com





Your email address will appear exactly as it did before,

and it will still be 'clickable', but email harvesters will

ignore it and move on.



There are also JavaScript's that you can insert into your

web page that will make your email address visible to

humans but invisible to harvesting programs. Here's one

that works very well:

http://pointlessprocess.com/JavaScripts/anti-spam.htm



-----------------------------

How To Fight Spam

-----------------------------



The most important thing is never, ever, reply to spam.



Most spam contains an innocent-looking 'remove me' email

address. Do not use it. Here's why:



Spammers typically buy a CD containing a million or so

email addresses, but they have no idea how many of those

addresses are active. So before beginning their marketing

campaign in earnest, they send out a 'test message' to the

entire list.



The test message contains an email address for removing

yourself. When you reply to that address, it confirms to

the spammer that your address is active and therefore worth

spamming.



Worse still, the spammer may be distilling from that CD a

list of confirmed active addresses that he will then sell

to another spammer.



The key to dealing with spam is to report it to a 3rd

party: (1) the affiliate program that the spammer is

advertising, (2) the spammer's web host, or (3) the ISP the

spammer used to connect to the Internet.



When you report spam to a 3rd party, remember to be polite

- they didn't send the spam and they're probably just as

anti-spam as you are.



(1) Reporting to Affiliate Programs



Many spammers are affiliates advertising someone else's

products or services. So look for a website address that

contains an affiliate link, something like this:

www.affiliateprogramdomain/841526



Then just send an email to the affiliate program

(abuse@affiliateprogramdomain.com), informing them that you

are receiving spam from one of their affiliates.



Most affiliate programs have zero tolerance for spamming

and will remove an affiliate spammer without warning.



Now, affiliate spammers don't want you to see their

affiliate link, so many of them send their email as HTML.

All you see in the message are the words 'Click Here and

Order Now'.



But in your browser just click on 'View Source Code' and

search for the letters 'http'. That will take you to the

spammer's affiliate link.



(2) Reporting to Web Hosts



If the spam doesn't contain an affiliate link, it's likely

that it is coming from the owner of the domain name. In

that case you'll have to report it to the spammer's web

host or their ISP.



To make a report to the spammer's web host just go to

Whois, the directory of registered domain names:

http://www.netsol.com/cgi-bin/whois/whois



Type in the spammer's domain (the website address that

appears in the spam) together with the extension (.com,

.org, .net etc).



The host for that domain will usually be listed as the

Technical Contact in the Whois record and there will be an

email address for contacting them.



(3) Reporting to ISPs



To report a spammer to his Internet Service Provider,

you'll have to look at the spam's 'extended headers'.



Extended headers show the servers that the message passed

through in order to get to you. The instructions for

viewing extended headers will vary depending on what email

client you are using.



=> In Pegasus Mail, open the offending message and then

right-click and choose 'Show raw message data'.



=> In Eudora Light, click on 'Tools' in the top menu

bar, and then 'Options', and then select the

checkbox option that says 'Show all headers (even

the ugly ones)' and click OK.



=> In Outlook Express, open the offending message,

select 'Properties' from the File menu and then

click the 'Details' tab.



Reading and understanding extended headers is quite a

detailed subject. Here's an excellent free tutorial on how

to decipher extended headers:

http://www.doughnut.demon.co.uk/SpamTracking101.html



As an alternative to these reporting techniques, you could

use a web-based spam reporting service such as SpamCop

(www.spamcop.net). SpamCop deciphers the spam's message

headers and traces the mail back to its source.



Wishing you every success in the fight against spam!