A Pox On Spam

[ Home ]


A Pox on Spam

That curse probably won't work, but there are things that can be done to significantly reduce the quantity of spam, or unwanted commercial Email, that collects in a mailbox. SPAM is an idiom for unsolicited and unwanted commercial Email. The US Congress has made ineffective stabs at controlling spam, but it hasn't worked. Few spammers are scrupulous enough to follow all the rules because it makes their messages so easy to eliminate. Their business is to bombard you with often dubious offers. Anything that gets in the way of that business needs to be worked around or ignored.

Spammers will often declare that their messages are not spam at all by some obscure definition. For the purposes of this page, a spam message is ANY commercial message that is unsolicited.

Spammers come in four flavors. Each has a role to play in putting a spam in your mailbox.

As can be inferred from the interests of the main players, there is no financial incentive to limit the distribution of spam just to people that actually want it. Since it costs virtually nothing to send the messages, the wider it gets distributed, the better for the spammers. Little things like laws and regulations shouldn't stand in the way. Further, many spammers are offshore or use addresses that are defined offshore and don't have to comply with US law.

The way our email systems are set up, there is virtually no cost to send a message. The costs are carried by the network companies that have to transmit, store and forward the messages. The end recipient has to spend time sorting through the garbage and deleting it. If these guys had to pay for what they do, the quantity of spam would drop dramatically. But then, everybody would probably be billed for sending mail and that wouldn't go over well either.

Spammers change their own Email addresses more often that most of us change our underwear. They may only keep an address long enough to blast out a hundred thousand messages or so and then start up with a new address. They have to have their ISP's cooperation to do this. Any address that looks like somebody rolled their fingers across the keyboard is virtually guaranteed to be a spammer. Addresses with a large number following a name, such as superman6724 is also likely to be a spammer.

Some spammers also forge their message headers to look like their message came from somebody else. Anybody who is willing to do this doesn't want to be found and obviously cannot be trusted. Forging message headers is blatantly illegal in the US but it happens all the time because virtually nobody gets caught.


Dealing With Spam

There are several things that you SHOULD DO and things that you SHOULD NOT do in dealing with spam. Since there is no real way to tell how scrupulous any given spammer is, you should assume that ALL spammers are dirtbags or worse and treat them as such.

DO NOT REPLY to any spam message, even if the message offers to take you off the distribution list. You do not know who you are dealing with and if the spammer is a mailing list compiler, you have just confirmed that your Email address is a real live address. In any event, the spammer will figure that a large percentage of his messages will get bounced due to bad email addresses and few will look at the returns unless they are compiling more lists. Flaming them by return Email won't do much good either, most won't care how you feel.

DO NOT OPEN ANY ENCLOSURES in a message that looks funny, even if it came from somebody that you know. Some really mean viruses and trojan horses have been distributed this way and they will be usually be automatically forwarded to you from somebody that you know when THEY got infected.

DO NOT CLICK ON ANY LINKS IN THE MESSAGE. Clicking on a link will take you somewhere you probably don't want to go. You might be redirected to other sites as well. I was foolish enough to click on a link one time just to see what it did and I got redirected to dozens of porn sites faster than I could close the windows. After that, I got a flood of porn spam that took months to die out.

DO REPORT SPAM to all reputable ISP's if the spam appears to originate from such an ISP. Most major ISP's will take action if the spam actually came from their site. Often all they can do is shut off the offending spammer's account, but he's probably gone anyway and is using a new address. When you report a spam, forward the message WITH FULL HEADERS to abuse@theispname. This will usually get the message through. Be sure to include the full header information, there is probably an option somewhere in your Email software to display full headers. Without this information, the ISP cannot trace the message.

DO USE A SPAM FILTER. Many ISP's and Email packages have spam filters. Some ISP's compile their own lists of reported spammers and filter incoming mail for you so that you will not get bombed by that particular spammer again. This doesn't work too well when the spammer has changed his address, but it is a start. You can often compile your own list of spam filters. See the next section for some suggestions as to how to define filters.


Spam Filters

Spam filters are rules that you can define in your Email software to automatically handle messages. The rules can usually apply to the all or parts of the message name or sender. There are often other filters that can be defined, but just dealing with the subject, sender name, ISP name or domain is sufficient. Filtered messages can be immediately trashed or routed into some folder for later examination. The more draconian that you make your filters, the more that you should route the filtered messages to a folder for scanning at some infrequent interval. Occasionally a desired message will fit a filter and get identified as spam. Sometime you just have to scan down the list to pick out the ones that were misidentified but at least you don't have to do this every day.

A spam filter list is a living list. As you get new spam, look at the title, sender, ISP and domain to see if any part of it would make a good filter and then add it to your filter list. A hundred or so items is very effective in filtering most spam.

Addresses. Since most spammers change their Email address so often, filtering on the names is usually less than effective. However, there seem to be some names that pop up over and over.

ISP names. There are ISP's that seem to tolerate spammers and these can be filtered. Hotmail, excite.com and others seem to gush spam.

Domain names. Entire domains can also be filtered. I have found that any address that ends in .xx is usually spam. These are new domains created for foreign countries and since I get little mail from overseas (except .uk, .cn and .au) filtering on these domains is very effective. Spammers go to ISP's in those domains to get around US law. The spammers themselves can be anywhere in the world.

Titles. Another effective filtering technique is to filter keywords and phrases in the message title. Its not too often that I get a message with "insurance", "sex" or "credit" in its title that I actually wanted.

The following table is a list of some of the filters that I have found to be especially effective. Depending on the kind of spam that you receive, you may find that the table needs to be tightened or loosened. Spam that gets through indicates that you ought to add something. If too much desired mail gets filtered, then you might need to loosen up your criteria somewhat.

Filter Type Filter Selectivity Filters
Title Filters Finances Subject Contains money, cash, loan, currency, credit, invest, wealth, debt, stock, finance, mortgage, gold, insurance
Porn Subject Contains nude, frisky, sex, XX,
You can use your imagination here. Any name for any bodily part or orifice or any sexual activity is fair game
Misc. Subject Contains career, guarantee, business, music, free!, PCS, for sale, merchant, final notice, advertising, work at home, retire, viagra, drug
Eye Catchers Subject Contains AD:, ADV:, $$, $ $ !!, ! !, **, * *, SS
Sender Names Sender Contains blue, dsf, messenger, bra, iambatman, velvet, wealth, prosper, info, drug, gold, abbey
Sender Names Sender Is Mary
ISP Filters Sender Contains china.com, doar.net, post.com, excite.com, hotmail.com, mailasia, india, mailroom, flashnet, soon.com, nicaragua, sunpoint, portugal, email, hivnet, mailbag, arabia.com
Domain Filters Sender Ends With .lu, .hk, .nl, .tw, .ac.uk, .ru, .se, .hr, .be, .fo, .nu, .fr, .pl, .de, .it, .mx, .jp, .cl, .es, .fi, .ar, .il, .no, .br, .kw, .sk, .ch, .dk, .cz, .ua

[ Home ]
This page has been accessed hit counter times since 25 Jun 00.

© 2000-2002 George Schreyer
Created June 25, 2000
Last Updated September 21, 2002