The most effective thing you can do to block spam is not divulge your email address to third parties. If they don’t have your address, they can’t send you email. The following tips can assist.
- Name change. The most effective way of blocking spam is to change your email address to something not easily guessed, such as <firstname.lastname@example.org> or <email@example.com>, and then be very selective about sharing your address with others. However, that means notifying all your friends to update their address books, might mean throwing away an address you’ve had for awhile and prefer to keep, and could only be a temporary stop-gap if somehow your new address gets on a spammer’s list again.
- Shhhh… Never reply to any spam email, especially if it is an offer to remove you from their mailing list. Particularly watch out for surreptitious connections: always delete spam email without the preview window open, because if you preview a spam email and it has an image link you are verifying your email address just the same as replying to a fake remove address, and invites even more spam.
- Disguise. Never enter a chat room or post to the newsgroups without disguising your email address by either camouflaging it with nonsense words or using a temporary, throw-away address.
- Remailers. For specific applications you can use a remailer to disguise your true address.
Filtering services can provide powerful spam blocking through automatic processing techniques. There are four basic approaches:
- ISP. Your first line of spam blocking should be at your Internet service provider. If they don’t already use a spam blocking service, you should ask your provider to join one. These blocking services use a variety of signature based schemes to identify spam and trap it at the email server, and can be reasonably effective at blocking most spam before it gets to your mailbox.
- Commercial. There are a number of well-recommended commercial spam blocking options, such as the peer-to-peer spam blocking service Cloudmark.com which leverages the power of the Internet to enable people to share information — it collects information from its users as they identify spam email, and then blocks those spam for all other users connected to the service.
- Encryption. There is at least one application, the Tagged Message Delivery Agent (TMDA), which blocks spam with cryptographic methods to confirm the legitimacy of unknown senders, although these approaches introduce a layer of complexity that not everyone is willing to accept.
- Application. As a last resort, you can block spam with your own application spam filter built with your email application’s built-in filter capability. Be forewarned that this approach requires set-up and regular ongoing maintenance to remain effective, and should be used only when other protective measures cannot be taken.
There was a time, a brief period in the late 1990′s, when responding to spam email might do you some good – maybe you could get their ISP to close their account. Today, if you want to respond to spam, you first have to ask yourself if it is worth the effort since there are so many more productive things you could be doing instead. Second, consider that there are so many spammers, so much spam, and so very, very little you can do to change the tide. Third, remember that response to a spammer themselves will only get you on many more spam lists and boomerang a hundred-fold, so you need to be careful only to respond to legitimate umbrella organizations supporting the spammer’s business.
If you nevertheless feel moved to proceed despite the considerable risk, essential futility, and enormous effort required… then there are a few options available depending on the information the spammer has revealed:
- Offline reply. If the spam email requests feedback through off-line means such as paper mail, phone number, or fax, then almost certainly all of the rest of the information in the email is faked. You can choose to respond by the offline means, but don’t reveal any return information, don’t phone any expensive long distance phone numbers, and don’t expect any lasting effect. I do know of one fellow that used to phone 800 numbers he found in spam email and try to sell whoever answered discount carpet cleaning, which he said was fun, although he never made a sale.
- Email address. While return addresses are almost always faked, sometimes the body of the email will request a response to a temporarily legitimate email address such as <firstname.lastname@example.org>. If the address is hosted at a legitimate provider, they usually have a team to address violation of their terms of usage such as spamming, and you should be able to find an address or response form at their web site to report the problem. They will often close the account, directly depriving the spammer of any further revenue.
- Web site. Sometimes everything in a spam email is fake except a link to a web site where the scam resides. If that page is part of a larger site like a community home page site, then you can complain to that site’s administrators — they will often close the user’s account, depriving the spammer of further revenue. If the web site is used solely for the spam and there is no legitimate contact, then only the most determined experts should consider one of the remaining options described below.
- Domain name. You can look up the site’s domain name in the Internet whois database to find out who manages it. If it can be confirmed that the contact is not the spammer themself, then you can email them requesting resolution.
- Name servers. Domain name contacts for spammer sites are often the spammer or fakes like <email@example.com>, neither one of which you want to contact. You can sometimes follow the trail one level deeper by contacting the administrative contacts for the domains listed as the name servers. If you even considering this, you should already be familiar with the role of a DNS administrator and their workload.
- IP address. If you can decipher the originating IP address from the full header listing (see Header tracing below), or the spam contains a web site address in the form of an IP address alias in an attempt to shield it from domain name attacks, then you can look up the address in the Whose databases and let the upstream owner of the larger block of addresses know one of their users might be violating their acceptable use terms. If you are even considering this…
- Header tracing. Long ago, back in the twentieth century, the art of locating people by following the trail they left behind was called “tracing”, and its equivalent in spammer pursuit today refers to analysis of email headers to follow the originating email server or IP address back to its source. This is a detailed activity best left to experts, although there are some online resources available to assist.