Steps to getting spam under control

From Nick Jenkins
Jump to: navigation, search

Throwaway addresses[edit]

When you register for software or web sites or post to any forums, always use a throwaway free email address, which you can just forget about or ignore. Or better yet use a site designed for making lots of throwaway addresses - and the best site for this is spamgourmet. Also, any email address with the word "spam" in it almost never tends to get any spam, presumably because spammer think it's fake, even when it's not.

Alternatively, use:

sales@companyname.com [Let them eat their own spam]

or:

uce@ftc.gov [US govt spam reporting service]

Report Spam[edit]

Report spam, using SpamCop.

You need to register (suggest using your throwaway web-based email account or spamgourmet account for this), and then you get a URL for submitting spam. Spam must be submitted within 3 days of being sent, and you paste the full headers and the message body in to a form which processes it, removes the fake stuff, and works out where it really came from, and then sends a letter of complaint to the people responsible for abuse on that site and/or domain and/or netblock.

It's a bit of hassle to do this with every spam, but at least it lets you cause problems for the people directly or indirectly responsible for the spam.

Limit exposure to web harvesters[edit]

Prevent harvesters from getting you real email addresses.

One of the main sources of email addresses for spam are the web harvesters out there that exist just to collect email addresses for selling them in lists to spam-merchants. It's a good idea to try and prevent email addresses from being abused in this way, if you can (e.g. on your own sites).

Here's a PHP function that I use for avoiding this problem. It works with Netscape and IE 4 and up, and works because web-harvester-authors are too lazy to write a full JavaScript interpreter when there are easier pickings to be had:

function obfuscateEmailAddrToJavaScript($addr) { 
	$str = "<a href=\"mailto:$addr\">$addr</a>";
	$len = strlen($str);
	
	$res = "<script TYPE=\"text/javascript\" language=\"JavaScript\"><!--//\n";
	$res .= "document.write('";
	for ($i=0; $i<$len; $i++) {
		$char = substr($str, $i, 1);
		$oct = decoct(ord($char));
		$res .= "\\$oct";
	}
	
	$res .= "')";
	$res .= "\n//--></script>\n";
	return $res;
}

For DNS records, a spamgourmet address may be the best way to go (I'm trying this now).

Spam filtering software[edit]

Use some spam filtering software so that you don't have to manually deal with spam.

After trying it for ages, I can thoroughly recommend SpamBayes if you're using Outlook. It can take a while to set up correctly, but once that's done it will reliably move spam out of your inbox, without you having to read it.

I know that spam filtering software doesn't and won't solve the problem of spam, it just hides it, but it sure beats having to deal with it manually.

Conclusion[edit]

If you combine these approaches and stick with it, you can stop spam from getting out of control.

However, it should be noted though that the problem of spam is getting steadily worse, even using the above approaches. Frankly, if someone like me still gets enough spam to be annoying, then I shudder to think what it must be like for people who aren't so careful!