Anti-Spam Tips and Resources: Reducing the Flood of Junk E-Mail Spam is loosely defined as the trillions of unwanted e-mails, usually sent in bulk and having substantially identical content, that flood into users’ mailboxes each year. Like any technology, e-mail is double-edged: Great benefits exist along with the downsides. Spam (sometimes called junk e-mail) is definitely a downside. Spammers take advantage of the much lower costs compared to unsolicited physical mail because reproduction of the message and the mailing of it are essentially free. Spam breaks down further into sub-categories: (1) nuisance e-mails, such as solicitations to buy products or services; and (2) malicious e-mails, which often seek to trick you into revealing personal information that then can be used to defraud or damage you. While the nuisance spam is the most numerous and annoying, it’s the malicious e-mail that is potentially the most serious and which appears to be increasing disproportionately. There has been a rapid increase in “phishing” attacks in which consumers receive messages from dishonest sources disguised as e-mail from trusted retailers, financial institutions, or even government agencies. In fact, one organization found that phishing amounted to more than 4% of total spam volume. Much malicious e-mail seeks to obtain the consumer’s personal financial data like PINs and account numbers — but other kinds try to trick users into installing destructive files that will cripple or destroy the receiving computer. Not only does spam clog your inbox and overload your brain with messages — genuine and bogus — but it also raises the risk that you will fail to see e-mail that you really want. It’s easy to get so involved in filtering out or deleting unwanted messages that you will miss the important, meaningful ones. How Do They Get Your E-mail Address? Probably you have given it to them by filling out an online form, attaching your e-mail address to your personal or business web site, or by posting to Internet discussion groups. Spammers “harvest” these addresses with computer programs that collect and add the addresses to their spam mailing lists. Once these lists are compiled, they’re easily sold or rented to other spammers. What Is Being Done? The federal Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM), which went into effect in 2004, requires unsolicited commercial e-mail messages to be labeled and to provide instructions on how the consumer can opt-out. The law also requires the sender to provide its physical address and refrain from using deceptive subject lines and false headers on the messages. (For the text, see http://www.spamlaws.com/federal/108s877.html .) Further, the Federal Trade Commission (FTC) in mid-2004 began requiring all commercial e-mail containing sexually oriented content to have the label “SEXUALLY EXPLICIT” in the message’s subject line. E-mails found to be in violation of this rule face civil lawsuits with civil and criminal penalties including imprisonment and fines of up to $500,000. (http://www.ftc.gov/opa/2004/05/sexexplicit.shtm ) Consumers who receive unsolicited commercial e-mail messages in violation of CAN-SPAM and FTC rules can forward them to spam@uce.gov. (www.ftc.gov/opa/2004/07/newspamemail.htm ) See also the list of Web sites at the end of this Fact Sheet for further resources. What Can You Do? All spam is a time waster and a resource waster (potentially jamming networks and servers). Anti-spam filters have improved in recent years, and Internet hosts (like AOL) screen out spam more effectively. Even the best filters, though, are not 100% effective. They either screen out some messages you want to see … or they allow too many undesirable messages to evade the filters. Can you eliminate all spam? Probably not. Some spam always seems to evade the controls. But you can reduce unwanted spam considerably if you follow the recommendations in this Fact Sheet. Tips for Dealing with Spam 1. Never open spam messages. Unless you block HTML graphics, it’s possible that the sender will be alerted that you have opened the message. This encourages them to send more messages. Also, you may be susceptible to malicious code. 2. Never click on a URL (link) or Web site address shown in a spam e-mail. This could alert the site to the validity of your e-mail address, potentially resulting in more spam. It could also expose you to malicious code inserted on your computer. 3. Set filters in your e-mail program to allow or to block specific senders and/or specific language. Many Internet Service Providers now provide automatic spam filtering; other filters you may need to be set manually. The filters can be set to keep out certain senders, or conversely, to “white list” other correspondents by allowing their specific e-mail address. In either case, filters work by analyzing your incoming mail and attempting to decide which e-mails are genuine and which are spam. But the process — whether automatic or manual, blocking or permitting — is far from perfect. If you find that either legitimate messages are being captured in your spam filter or that unwanted messages are continuing to slip through to your inbox, you may need to adjust the spam filter settings. Many e-mail accounts offer a separate “bulk mail” or “spam” folder where suspicious messages are held. 4. Understand where rejected messages go. If you use filtering software, be sure the rejected messages are sent to a special folder other than your email “trash” basket. That way you can periodically review them to see if a message you truly want was diverted by an over-aggressive spam filter. 5. Have a backup e-mail account(s). Use a free Web-based e-mail account at, for example, hotmail.com, Yahoo.com, or gmail.com (Google) for use when subscribing to magazines, filling out warranties, posting to Internet discussion groups, or in other situations where you are not sure how your email address will be used. While this won’t reduce the amount of spam you receive, it will largely keep it out of your primary e-mail account that you use on a daily basis. 6. Use a combination of letters and numbers in your e-mail address. Many spammers employ “a dictionary attack” — bombarding the Internet with any plausible combination of letters and hoping some of those match your email address. If you use numbers and/or symbols in your address, you will likely sidestep such efforts. 7. Never respond to spam. Responding to the messages just confirms that your e-mail address is valid and that you received and read their message. It also encourages them to send more messages. Don’t respond to any “removal instructions” that might be included at the bottom of the message. And, of course, never buy anything as a result of spam you receive. Be especially alert for phony e-mails that request personal information from you. Cyber-thieves have gotten very good at mimicking legitimate Web sites of merchants, banks, and government agencies — including their logos and “official”-sounding language — and asking for your Social Security number, bank account data, or other private information under the guise of “updating” their records or “clarifying” your status as a customer. However, legitimate businesses and agencies rarely ask for such information over the Internet. So if you have any doubts — and you should — call the organization instead of responding to the e-mail and use a phone number in the phone book, not a telephone number shown in the message or on the possibly phony Web site. 8. Do not rely on spam-blocking services. Many are ineffective and may even cause an increase in the spam you receive. Yahoo recommends the following: Never sign up with sites that promise to remove your name from spam lists. Although some of these sites may be legitimate, more often than not, they are address collectors. The legitimate sites are ignored (or exploited) by the spammers, and the address collection sites are owned by spammers. In both cases, your address is recorded and valued more highly because you have just identified that your address is active. 9. Consider using disposable online addresses. You can create a unique e-mail address for each e-mail newsletter or forum you subscribe to. Then, when an e-mail address begins getting spam, you can discontinue using it and start using another. This works because the disposable e-mail addresses actually forward to your real e-mail address. For more about disposable e-mail addresses, see http://email.about.com/cs/dispaddrrevs/tp/disposable.htm . 10. Always be careful when making Internet purchases. Read online and offline forms carefully and check or uncheck boxes as necessary to make sure you are not inadvertently giving your consent to receive spam. Every reputable e-commerce web site offers information about how it processes your order. It is usually listed in the section entitled Privacy Policy. You can find out if they intend to share your information with a third party or affiliate company. Do they require these companies to refrain from marketing to their customers? If not, you can expect to receive spam and even mail or phone solicitations from these companies. 11. Remove e-mail addresses from your Web site. If you list or link to your email address, you are likely to be spammed by address-harvesting robots. If you must include your e-mail address on the site, try posting it written out in words (“example at domain dot com”) instead of example@domain.com. That way a human user can understand the correct address, but a robot may not recognize it as such. 12. Consider subscribing to a spam-prevention service. These vary in effectiveness, but some people find them helpful. Many are “challenge-responseservices,” which means they require people who send you an e-mail to respond by clicking, visiting a Web site, and/or typing in a code that only a human — not a robot — could do correctly. That puts a burden not only on scammers but, unfortunately, also on your friends and legitimate senders who may find the system onerous and rude. 13. Opt out of directories that may put your e-mail address online. For example, if your alumni association or your employer places your e-mail address on its Web site, ask the Webmaster to make sure it is disguised in some way. Always read the privacy policy of sites where you disclose your personal information or e-mail address. Determine whether they will share your information with others for marketing purposes (this will lead to spam). 14. Report spammers to their domain. Most e-mail accounts have an anti-spam requirement in their terms of service. For example, here is Yahoo’s Anti-Spam Policy: http://docs.yahoo.com/info/guidelines/spam.html Other Anti-Spam Resources Many fine web sites contain suggestions on ways to reduce unwanted e-mail solicitations. These, in turn, will lead to many more such sites. A sampling includes: www.cauce.org CAUCE (Coalition Against Unsolicited Commercial E-Mail) lobbies for legislative solutions www.scambusters.org Reader-friendly site detailing scams, many of which involve spam http://spam.abuse.net A collection of spam-abuse links and resources www.spamcop.net When spam is reported here, Spamcop then seeks to learn its origins and report it to the Internet Service Providers www.imc.org/imc-spam Internet Mail Consortium, an industry group, provides legislative news and links www.JunkEmail.org The spam-prevention Web site of www.getnetwise.org www.moralityinmedia.org Anti-pornography group gives tips on combating porn spam www.spamhaus.org An international nonprofit, based in the U.K., tracks “spam gangs ”and keeps a ROKSO database (Register of Known Spam Operations) www.junkbusters.com Helps consumers get rid of junk messages of all kinds, including spam www.webguardian.com/report.html An Internet monitor that takes reports about spam www.spamprimer.com The basics about spam, phishing, and other e-mail pests Final note: If you learn that any of the above-listed Web sites are no longer being maintained and updated, please contact us so we can remove them from this list. Thank you.