O'Reilly Android Cookbook

Get legal. Get OpenOffice.org

Humour: XKCD PHD

Best viewed with
Any Browser!

Will You Join the Fight Against SPAM?

If you don't like SPAM, and want to help fight it, there is no time like the present. Here's what you can do.

Above all else, never buy anything from a SPAM perpetrator. Not even once. As soon as you do, you become part of the problem. You have just convinced the perp that SPAM works, that it is a useful marketing avenue. Please, don't do any business with spam perps.

In fact, don't even reply, not even to be "removed from the list". Most SPAM is sent with a forged reply address. Sending an annoying complaint directly to the SPAM perp by replying to the mail, while it may feel good, is a waste of time. It may annoy an innocent third party whose address has been stolen by a SPAM perp - it could happen to you, there is NO PROTECTION in the current internet software against me sending email that appears to come from you, or vice versa. And, at worst, if the perp actually does receive it, you have just confirmed to it that your email address is correct -- get ready for more SPAM!

In the same vein, please NEVER even click on a link in any unsolicited email; some of these are set up to "validate" your address as soon as you click on them (the links with long numbers in the URL often map in a database somewhere to the address the particular copy of the SPAM was sent to).

In fact, you must also set your mail program to NOT download images imbedded in HTML mail, because even doing that proves to the SPAM perp that his garbage (most spam perps are male) made it all the way into your mailer, proving that he has a valid email address for you and ensuring that you will get more. If your mailer does not have an option to "Don't download Images", then you must immediately stop using it, or you have become part of the problem. Switch to Mozilla Thunderbird and become part of the solution.

So please:

Just Delete SPAM.

How do Spam Perps Get Email Addresses?

One of the most obvious ways is to write a program that scans all known web sites looking for addresses. The first versions looked for mailto: links, but newer ones look for anything that could be "name@domain.moc" or "name at domain". Try to avoid having these on your web site; better to use a contact form like this one which don't directly contain any addresses (and if they do, have them as disposable aliases).

Occasionally you will receive SPAM with a valid "From:" address from a small-time perp. This will usually be accompanied by a huge recipient list, some of whom you recognize. In this situation you should normally contact the person by telephone (disable call display if you can) or FAX (from a public FAX terminal), and inform him of your objection to receiving unsolicited commercial email and to his publication of your email address to so many strangers. It has been shown that that is one way that SPAM perps gather email lists.

Mailing list archives are another resource. SPAM perps constantly troll the Web looking for mailing list archives that are readable. One site accidentally left their archives readable by non-members (due to a permissions problem on the system disk), and in a matter of hours SPAM perps from Myanmar to Taiwan to Philadelphia were busily downloading them. If you're on a mailing list, check to be sure that the archives, if any, are not publicly readable. Just to prove that my lists are secure, here is a link to a randomly-chosen archive from my Java Cookbook list.


Please consider the following anti-spam resources:

Spam Blocking

If you don't run your own mail server but use an ISP, find out what your ISP does to prevent incoming SPAM. If you use a corporate internet, they probably have reasonable SPAM filtering in place, but if not, the following may be of interest.

Computers that are connected more-or-less permanently to the Internet (like desktop computers with Cable TV modems or ADSL ("Sympatico High-Speed Edition") are also vulnerable to many other attacks that contribute to SPAM and other network threats; please check out the many "desktop firewall" products if you have such a connection. Better yet, read what the bad guys know about you in the book "Hacking Exposed" by McClure et al.

If you run your own server system, consider running a secure operating system such as OpenBSD (www.openbsd.org). If you run any UNIX system (and most of the Internet runs on UNIX), consider the smtpd program (free from www.obtuse.com; it has excellent anti-SPAM capabilities, and is part of Juniper, a larger security toolkit, also free from the same site).

Also, check out the anti-spam features of whatever mail program you use. There are so many desktop email clients that I can't list them all here, but most of them have pretty good help.

On the server side, if you run the ever-popular sendmail mail server, check out www.sendmail.org for the latest anti-spam technologies.

See also the RBL (black hole list) and the Relay Spam Stoppers list, both at http://www.mail-abuse.org.

Why am I doing this? I don't get a penny from any of the products mentioned here. I don't normally send unsolicited emails, and I certify that I will not give your email address to anybody nor send you any commercial advertising.

I'm just really really really TIRED OF UNSOLICITED COMMERCIAL SPAM, and I'm trying to do my part to get rid of it.

Ian Darwin