Spam strikes fear and anger into the heart of many an e-mail user. Spam has become such a serious problem on the net that the whole industry is suffering from the effects of this plague. It costs recipients additional mail management time when they have to delete it from their mailboxes, and it makes ISPs increase their staffing levels and hardware to handle the load bandwidth, disk space, and complaints.
Just in case you may have missed all the hubbub, or you don't have an e-mail account, spam is generally defined as unsolicited bulk e-mail (UBE)-"unsolicited" because you didn't ask for it (and probably don't even know who sent it), and "bulk" because spammers send the same message to hundreds of thousands of unwilling recipients at the same time. Spam can contain everything from "make money fast" schemes to rather detailed and, for many, offensive "adult" content.
With the public's unfavorable reaction to spam, and as a result of anti-spam legislation and the development of better anti-spam software, spammers are using more sneaky methods to get you to open their mail. In the past, spammers often gave themselves away with subject lines like "FREE...56K High Speed Internet Connection" or "Make money fast." Now they are just as likely to hide their pitches behind such apparently innocent subject lines as "Re: your mail" or "Your order has been approved."
Spammers are also constantly looking for real e-mail addresses. Easy places to look are in public forums. For example, USENET (news/conferences) messages or mailing lists are fertile sources; AOL chat rooms are also a great place for addresses. Is your address on your personal website? Spammers will use automatic address-harvesting software known as web crawlers or robots to get addresses from the web.
When you post to mailing lists or newsgroups, you should consider using a tactic called address munging. Address munging changes the address that appears in the header of your posting, so that if someone tries to send to it they would first have to strip out the text you added. For example, if your address were "email@example.com," then munging it to "firstname.lastname@example.org" or "jill(AT)isp(DOT)com" would tell folks how to mail to you but would give a spammer's address-harvesting program heartburn. W.D. Baseley has suggestions on how to munge your email address in his Frequently Asked Questions (FAQs).
Another method of hiding from spammers is to use a fake or anonymous e-mail address. A fake address is one that is so strange or unusual that it is highly unlikely to be used by anyone else. Examples would be addresses with random numbers or letters in the address such as "DRCG@DKEFGEI.COM." Of course the downside of this is that folks reading your posts will have a tough time reaching you. You can always hand out your real e-mail address to your close friends. You can just bet this is what Bill Gates does.
Anonymous addresses require the use of a site that provides this service, and they only work for mailing lists or newsgroup postings. These sites are known as "anonymous remailers." Because this topic requires more explanation than can be provided in this short article, check out Andre Bacard's [NOTE TO ZDTV: There is an accent over the 'e' in Andre's name.] Anonymous Remailer FAQ for more information.
Anti-spam legislation has been passed in a number of states, but because complex issues such as technical implementation of the laws and the applicability of prior laws have yet to be worked out, many of the bills already passed or currently being hammered out have significant problems. Most of these laws have yet to be tested in court. What this means to you is that you're still getting spam and it is still very difficult to track down each spammer and do something about it.
For example, a number of shareware and freeware filtering programs are available. Unfortunately, most of these products require you to maintain a filter list of "bad" sites and/or "good" sites. If you just set up a "bad" site list, you will constantly be adding spammer addresses (as spammers use many different addresses) and also addresses that you may not want to block. For instance, if a spammer sends e-mail from the address "email@example.com," you can add it to your "bad" list, but it is pretty likely that they will change their address the next time send you something. Say they change their address to something like "firstname.lastname@example.org." You could just block anything from aol.com, but this will block "good" mail from your AOL buddies.
If you had a "good" list, you would still be constantly maintaining it and blocking e-mail from anyone that you didn't include on this list. Some folks have gotten so upset with spam that they see this as a fine solution. It's a trade-off between dealing with and deleting the spam that comes into your mailbox or maintaining "good" and "bad" lists.
There are a couple of new solutions out there that don't require downloading software, but they aren't free. For example, SpamCop is a filtering service; they require you to forward your e-mail through their system, where it filters your e-mail and forwards those messages that don't catch to your "secret" address. It does require some savvy on the part of the user to set up your e-mail to do this. This service has the advantage of a filter list that is constantly updated from spam contributions from other users. However, depending on how fast someone "contributes" spam from a spammer's mailing, it may be too late to block the "attack." You do need to maintain a "good" list for this service. They also warn users that "legitimate e-mail will probably be stopped by SpamCop. This is the price we pay for stopping such a high percentage of the spam." In terms of the other price you pay, some features will debit your "credits" that you purchase via an on-line form.
Another solution is provided by my company, Bright Light Technologies, called Bright Mail. Bright Light provides an industry-grade filtering service for ISPs and corporations, and is currently beta testing an individual form of this service. Bright Mail works by looking for spam 24 hours a day as it is being distributed in real-time via their "probe network," which creates fingerprints of the spam and then uses these fingerprints to block spam as you check your e-mail with your client. Because they distribute these fingerprints quickly, they are very effective in blocking spam, and it is unlikely that they would block any "legitimate" e-mail sent to you.
Bright Light is looking for folks interested in signing up to test and prepare their individual service for general release. If you're interested, you can sign up for the service by heading over to www.brightmail.com. After you sign up, you will need to configure your e-mail program to use the service.
Some other resources: Greg Byshenk has a great FAQ called "Help! I've been Spammed! What do I do?", in which he covers when to respond to e-mail and how to get some response.
John C. Rivard also has a simular FAQ called Dealing with Junk Email". Bright Light also is asking for donations of spam that you have received. If you come across spam that you would like to contribute, you can just forward it to "email@example.com".