M
mole
Guest
Some of you may know that I've been trying to rid myself of the spam that's been flooding my primary email account. It's become a little hobby of mine now. I've tried all kinds of software and methods, BUT it seems I keep getting even more spam. 
I decided to go to the dark side and learn the techniques of spammers to find an answer. Here's my new learnings (may be old hat to some of you guys)
Things you should know besides the normal advice
-----------
1 - HTML spam can contain scripts that silently sends back a verification to the spammer that your email is live, even if you just use the preview pane in your Outlook to peek at them. I used to blindly open the spam mail to get to the header and HTML source for reporting purposes. That's a no no.
2 - Spammers can use scripts to embed your email or email identifying code into the title and the body of the email (besides the remove code). This can also verify your email is live if you complain even if the headers are munged of your identity (what SpamCop reports will do). Sometimes the website involved or even the ISP could be involved in a spam cartel to trawl in emails from such complaints. Worse, some malicious spammers will take your email and send it to spam harvesters, so instead of one spammer, you start dealing with many more.
3 - If you have Norton Internet Security, activate the privacy protection feature and add in the emails you want to be protected from being unknowingly transmitted out without your knowledge by sneaky scripts. But make sure you temporary disable NIS before doing your legit email correspondences otherwise you will be bugged to death by alert prompts
Live emails are very valuable to spammers and can be sold for a much better price. And they will try to improve the quality of their names using increasingly sophisticated methods. Some people think that the spammers don't bother nor have the time to manually delete from their list emails that bounce or complaints are made. Modern software today makes it automated, so list cleaning isn't that difficult.
-------------
Here is the approach I'm now using to deal with the problem.
1 - Bounce all spam email back as though your account was dead. But you need to do this ON YOUR MAIL SERVER, not after its been downloaded. The best bounce solution I've come across is Mailwasher. The latest version is 2.018b as is a vast improvement over the original version and contains algos to determine how best to bounce back accurately without sending live alerts to spammers. It's a free solution.
2 - Never, ever even peek at your spam email through your mail client. MailWasher allows you to do so without triggering any feedback scripts.
3 - If you have the time, report spam using Spamcop's reporting facility BUT always ensure your reports are always scrubbed of any possible email identifier cleverly buried by spam scripts in the title or body. Use MailWasher to extract the headers and body for you. But body reporting only works if its a text-based email. HTML body gets all gibberish and Spamcop can't process it. Never mind, something is better than no reporting. Don't be tempted to download that HTML spam email to your mail client to get the source code. It does more harm than good. Leave that to other Spamcoppers
I know some members here get literally hundreds of spam a day because of the countless sites with mailto: addys just waiting to be harvested or endless self promotion of email contacts via forums like this or newgroups. Many email accounts are probably unsalvageable nor worth the time to salvage. In such cases, just use a Spamcop email account which extracts all your email from your original POP server every 15 min - 1 hr to theirs where it is scrubbed clean before download by your email client http://www.spamcop.net ($30 a year). SpamCop scrubs mail with up to 12 blacklists, so its squeeky clean. Just make sure that initially, you get your whitelists all sorted out. You need to set your account to download from the SpamCop POP server.
But you don't have to encourage even more.
1 - Always use disposable email addresses (DEA) like http://www.spamex.com to give out to anyone other than your close friends, families and business associates. The rest should all be DEA addresses, preferably with an identifier tag so you can immediately identify the culprit who compromised your email contact eg. I use [email protected] for my email contact here. If spam on that addy becomes a nuisance, just shut it down forever (Spamex offers 500 email addys for $10 a year)
2 - Never use mailto: on your webpages in order for people to contact you. Use a secured mail form script instead. mailto: is just begging for spam.
Don't worry about being seen as paranoid because you do this. Options 1 and 2 is becoming increasingly socially acceptable. Spam estimates now comprise 40% of all internet email. And expected to top more than half early next year.
Help the worldwide fight against spam and help legitimate internet email commerce survive!
I decided to go to the dark side and learn the techniques of spammers to find an answer. Here's my new learnings (may be old hat to some of you guys)
Things you should know besides the normal advice
-----------
1 - HTML spam can contain scripts that silently sends back a verification to the spammer that your email is live, even if you just use the preview pane in your Outlook to peek at them. I used to blindly open the spam mail to get to the header and HTML source for reporting purposes. That's a no no.
2 - Spammers can use scripts to embed your email or email identifying code into the title and the body of the email (besides the remove code). This can also verify your email is live if you complain even if the headers are munged of your identity (what SpamCop reports will do). Sometimes the website involved or even the ISP could be involved in a spam cartel to trawl in emails from such complaints. Worse, some malicious spammers will take your email and send it to spam harvesters, so instead of one spammer, you start dealing with many more.
3 - If you have Norton Internet Security, activate the privacy protection feature and add in the emails you want to be protected from being unknowingly transmitted out without your knowledge by sneaky scripts. But make sure you temporary disable NIS before doing your legit email correspondences otherwise you will be bugged to death by alert prompts
Live emails are very valuable to spammers and can be sold for a much better price. And they will try to improve the quality of their names using increasingly sophisticated methods. Some people think that the spammers don't bother nor have the time to manually delete from their list emails that bounce or complaints are made. Modern software today makes it automated, so list cleaning isn't that difficult.
-------------
Here is the approach I'm now using to deal with the problem.
1 - Bounce all spam email back as though your account was dead. But you need to do this ON YOUR MAIL SERVER, not after its been downloaded. The best bounce solution I've come across is Mailwasher. The latest version is 2.018b as is a vast improvement over the original version and contains algos to determine how best to bounce back accurately without sending live alerts to spammers. It's a free solution.
2 - Never, ever even peek at your spam email through your mail client. MailWasher allows you to do so without triggering any feedback scripts.
3 - If you have the time, report spam using Spamcop's reporting facility BUT always ensure your reports are always scrubbed of any possible email identifier cleverly buried by spam scripts in the title or body. Use MailWasher to extract the headers and body for you. But body reporting only works if its a text-based email. HTML body gets all gibberish and Spamcop can't process it. Never mind, something is better than no reporting. Don't be tempted to download that HTML spam email to your mail client to get the source code. It does more harm than good. Leave that to other Spamcoppers
I know some members here get literally hundreds of spam a day because of the countless sites with mailto: addys just waiting to be harvested or endless self promotion of email contacts via forums like this or newgroups. Many email accounts are probably unsalvageable nor worth the time to salvage. In such cases, just use a Spamcop email account which extracts all your email from your original POP server every 15 min - 1 hr to theirs where it is scrubbed clean before download by your email client http://www.spamcop.net ($30 a year). SpamCop scrubs mail with up to 12 blacklists, so its squeeky clean. Just make sure that initially, you get your whitelists all sorted out. You need to set your account to download from the SpamCop POP server.
But you don't have to encourage even more.
1 - Always use disposable email addresses (DEA) like http://www.spamex.com to give out to anyone other than your close friends, families and business associates. The rest should all be DEA addresses, preferably with an identifier tag so you can immediately identify the culprit who compromised your email contact eg. I use [email protected] for my email contact here. If spam on that addy becomes a nuisance, just shut it down forever (Spamex offers 500 email addys for $10 a year)
2 - Never use mailto: on your webpages in order for people to contact you. Use a secured mail form script instead. mailto: is just begging for spam.
Don't worry about being seen as paranoid because you do this. Options 1 and 2 is becoming increasingly socially acceptable. Spam estimates now comprise 40% of all internet email. And expected to top more than half early next year.
Help the worldwide fight against spam and help legitimate internet email commerce survive!
