Stop Spam Secrets Episode VII

[mole]

Some of you may know that I've been trying to rid myself of the spam that's been flooding my primary email account. It's become a little hobby of mine now. I've tried all kinds of software and methods, BUT it seems I keep getting even more spam.

I decided to go to the dark side and learn the techniques of spammers to find an answer. Here's my new learnings (may be old hat to some of you guys)

Things you should know besides the normal advice
-----------
1 - HTML spam can contain scripts that silently sends back a verification to the spammer that your email is live, even if you just use the preview pane in your Outlook to peek at them. I used to blindly open the spam mail to get to the header and HTML source for reporting purposes. That's a no no.

2 - Spammers can use scripts to embed your email or email identifying code into the title and the body of the email (besides the remove code). This can also verify your email is live if you complain even if the headers are munged of your identity (what SpamCop reports will do). Sometimes the website involved or even the ISP could be involved in a spam cartel to trawl in emails from such complaints. Worse, some malicious spammers will take your email and send it to spam harvesters, so instead of one spammer, you start dealing with many more.

3 - If you have Norton Internet Security, activate the privacy protection feature and add in the emails you want to be protected from being unknowingly transmitted out without your knowledge by sneaky scripts. But make sure you temporary disable NIS before doing your legit email correspondences otherwise you will be bugged to death by alert prompts


Live emails are very valuable to spammers and can be sold for a much better price. And they will try to improve the quality of their names using increasingly sophisticated methods. Some people think that the spammers don't bother nor have the time to manually delete from their list emails that bounce or complaints are made. Modern software today makes it automated, so list cleaning isn't that difficult.

-------------
Here is the approach I'm now using to deal with the problem.

1 - Bounce all spam email back as though your account was dead. But you need to do this ON YOUR MAIL server, not after its been downloaded. The best bounce solution I've come across is Mailwasher. The latest version is 2.018b as is a vast improvement over the original version and contains algos to determine how best to bounce back accurately without sending live alerts to spammers. It's a free solution.

2 - Never, ever even peek at your spam email through your mail client. MailWasher allows you to do so without triggering any feedback scripts.

3 - If you have the time, report spam using Spamcop's reporting facility BUT always ensure your reports are always scrubbed of any possible email identifier cleverly buried by spam scripts in the title or body. Use MailWasher to extract the headers and body for you. But body reporting only works if its a text-based email. HTML body gets all gibberish and Spamcop can't process it. Never mind, something is better than no reporting. Don't be tempted to download that HTML spam email to your mail client to get the source code. It does more harm than good. Leave that to other Spamcoppers

I know some members here get literally hundreds of spam a day because of the countless sites with mailto: addys just waiting to be harvested or endless self promotion of email contacts via forums like this or newgroups. Many email accounts are probably unsalvageable nor worth the time to salvage. In such cases, just use a Spamcop email account which extracts all your email from your original POP server every 15 min - 1 hr to theirs where it is scrubbed clean before download by your email client http://www.spamcop.net ($30 a year). SpamCop scrubs mail with up to 12 blacklists, so its squeeky clean. Just make sure that initially, you get your whitelists all sorted out. You need to set your account to download from the SpamCop POP server.



But you don't have to encourage even more.

1 - Always use disposable email addresses (DEA) like http://www.spamex.com to give out to anyone other than your close friends, families and business associates. The rest should all be DEA addresses, preferably with an identifier tag so you can immediately identify the culprit who compromised your email contact eg. I use dnforum@spamex.com for my email contact here. If spam on that addy becomes a nuisance, just shut it down forever (Spamex offers 500 email addys for $10 a year)

2 - Never use mailto: on your webpages in order for people to contact you. Use a secured mail form script instead. mailto: is just begging for spam.

Don't worry about being seen as paranoid because you do this. Options 1 and 2 is becoming increasingly socially acceptable. Spam estimates now comprise 40% of all internet email. And expected to top more than half early next year.

Help the worldwide fight against spam and help legitimate internet email commerce survive!

[RMF]

I had a guy sending me viruses. I contacted his ISP, and they shut him down about 2 weeks later. Haven't had any problems since (At least to that email account )

As for spam, a lot of times when sign up to stuff online, I use a seperate email account. That way I know if they're selling my email address or sending spam to it.

RMF

[888]

Mole, thanks for the detailed post, I see some good tips there.

I just have two tips to share. First, I have selected the "read all messages in plain text" option in Outlook Express, this can reduce the chance of email virus infection and sending signals to spammers using HTML email. Also, spammers are more afraid of ISP admins and the like, so I often use a more scary email alias like webmaster@, hostmaster@, admin@, etc.

[mole]

Originally posted by 888
Also, spammers are more afraid of ISP admins and the like, so I often use a more scary email alias like webmaster@, hostmaster@, admin@, etc.

Hi goh, how about i_will_sue_your_sorry_ass_if_you_spam_me@

I hear that that the email most feared by spammers is @spamcop.net eg 888@spamcop.net

[888]

Originally posted by mole

i_will_sue_your_sorry_ass_if_you_spam_me@

YES, that IS scary. And it is scary to customers and spammers alike. :swg:

[mole]

I agree LOL

A mail form is always the best, example

http://www.nucem.com/contactus.htm

[GeorgeK]

Mole: how about embedding the email address in Flash on a page? I have that on some of my domains, and they've not been harvested by spammers, yet.

[mole]

Don't know how to publish Flash, K. But good idea!