Jewish World Review May 23, 2003 / 21 Iyar, 5763


How to live a spam-free life — really

By Phillip Robinson

http://www.NewsAndOpinion.com | (KRT) Do you hate spam (junk email)?

I don't.

Ouch, hey, stop kicking me. Give me a minute to explain.

It's not that I like spam, all those ridiculous offers to make a million from home, lose unwanted poundage, firm up my lust life, and draw a gazillion people to my website. I certainly don't appreciate that most spam messages try to trick me into opening and reading by faking the subject line: "Re: Your Bill is Overdue" or "Just wanted to say I love you" or some other come-on.

It's just that I get so little spam that it really doesn't bother me much. In fact, when I say "so little" I mean "none". In the past week I've received exactly 0 spams. Same for the past month. None, Zip. That's out of thousands of received emails.

And I don't use any special anti-spam filters or programs. How can that be, when something like 50 percent of all email today is spam? Is it magic? Is it my personal technical genius? A load of fancy software that I, as a columnist, didn't even have to pay for?

Well, no, none of the above.

I just follow a few simple habits. Anyone can do it. It isn't futuristic and impractical stuff like the current legal crusades against spam. And it's actually cheaper and simpler than the latest technological fixes.

It's also safer.

What about those legal steps? They'll do some good, sure, but they'll mainly drive Florida, Vegas, and Los Angeles-based spammers out of business. Korean and Russian and other offshore spammers will pick up where they left off. Tracking foreign spammers down will be extremely difficult. Suggestions that we start paying for email - say the first 500 messages a month are free and then they're a penny each after that - won't work for the same reason. Even if we could get people to start paying here in the United States, which is pretty unlikely after decades of totally free email, there's no way to force foreign Internet services to charge.

What about those technical tricks?

Most use either "filters" or "source authentication."

Filters watch incoming email and examine the body, subject, header, sender, and other details. If any of those fits the profile of "spam", the message is automatically put into a "spam" folder.

You probably already have a filter running without even knowing it. Most Internet services now filter all email for the truly obvious spams. You don't have any control over the examination keywords these filters use. You do control another filter. And without spending an extra $39.95 for a "filter" program. The latest browsers have their own filtering options, where you can specify the filter words.

But filters are flawed.

The stricter you make the examination, the more chance that a real email, a non-spam email, will fall into that spam bucket. For example, if you say that any message with the word "breast" is spam, then that reminder of the Breast Cancer Benefit will land in your spam can. If you don't check your spam can often enough, typically within 30 days, that email will be deleted without you ever having seen it. What if the Breast Cancer Benefit comment was in a work memo that also mentioned an upcoming holiday schedule? Without regular visits to your spam can, you'll have missed vital information. And if you have to visit the spam, then you haven't truly, entirely pushed it out of your life.

If you loosen your filtering rules, more spam messages will get into your regular inbox. Spammers are constantly mutating their stuff to get past filters. For example, they'll spell "Viagra" as "V i a gra" or "Vi (ASTERISK)gra". You and I know what that is, but a filter probably isn't smart enough to read it after the small changes.

The Internet service filters have a filter problem too. Many of them depend upon "blacklists" or "blocklists" or "blackholes": sites that publish a list of known spam-sending addresses. Any messages from those addresses is automatically trashed before you even see it. That cuts the spam load, but it also catches good messages accidentally. Some spam-sending addresses are also used by other businesses, legit businesses that can see their regular business emails suddenly cut off without warning. (And without recourse, since the "blocklist" sites typically don't offer any customer-service contact possibilities.)

"Source authentication" is easier to set up and more thorough in stopping spam. You pay $9.95 a year to an "authentication" service such as BlockAllSpam.com or MailBlocks.com. Any email sent to you first stops at the service, which automatically shoots a "did you really send this" message back to the original sender. If the sender confirms sending - something only a human can do, not a machine - then the original message is moved along to your inbox. Spammers can't afford to hire enough people to authenticate. But the downside of authentication is that people sending you legitimate messages may not want the extra hassle of having to confirm sending - even if they only have to do it once (the service remembers that they're bona fide senders). And any email newsletters you sign up for may not be able to get through the service without extra tinkering.

I like authentication more than filtering, though you can certainly use both.

But I don't bother with either. Oh, my Internet service filters, but I don't even turn on the filter built into my Mozilla browser.

Here's my simple recipe for a spam-free life:

First, and most important, I start fresh with an email address that the spammers don't know. If your email has already been "harvested" and sold on spamming CD lists, that is, if you're already receiving a lot of spam, you'll never be fully free no matter how many fancy anti-spam software tools you use and how much time you spend tuning your filter and explaining your authentication scheme. Plus you'll eliminate some of your legitimate emails too, which could be a big problem.

Start with an address that the spammers don't have. And your best bet is to switch to an email address at one of the smaller ISPs, not AOL, MSN, Earthlink, or the free webmail sites such as Yahoo and Hotmail. Yeah, this sounds self-serving, since I run a small ISP, but it's really true. And there are 6,994 other small ISPs you could choose besides mine. The spammers are just too comfortable with stealing, spoofing, and guessing email names at the big ISPs and webmail sites.

Second, and nearly as important, get yourself a second email address at one of those webmail sites. I like Yahoo for this.

Third, and critical, never, ever put your email address (the first one) on any website, newsgroup posting, or chat-room list. Spammers pick these up like politicians collecting corporate contributions. Soon that first spammer will sell your name to a second spammer, and your email address is mud. Only enter an address when you absolutely, positively have to, and then only use the second, the Yahoo, address. That will attract spam, but it's OK. You'll only go to Yahoo on the unusual occasions when you have to retrieve some receipt or other goodie, and you can forget about all the collected spam in the meanwhile. If you really, really have to put your email address on a website, don't put "philliprobinson@openminds.us" but "philliprobinson at openminds.us" or some other un-spelling that will defeat the nasty but dumb software robots hunting for fresh spammable addresses.

Fourth, never, ever say "Yes" to any "may we, from time to time, share your information with our other divisions and strategic partners in order to provide you with amazing deals and better service" offers when you sign up for anything, anywhere. Some are legit, too many will sell you out to spammers. If you just gotta, use that second email address.

Fifth, never, ever "unsubscribe" from an email unless you know the business and it's the big, official kind that could get in serious trouble from spamming. Unsubscribing from an IBM newsletter is OK. Unsubscribing from a "InkJetStealDeals only sent this offer for cheap inkjet supplies because you agreed to see emails, but we'll gladly unsubscribe you if you just click here" is not. Unsubscribe and they'll know you're a live one and your spam load will soon multiply.

Sixth, never, ever buy anything advertised by spam. Don't even visit the websites in spam. It just encourages them. And don't send any "bulk email" offers from your own business. They may claim to have only "opt-in" addresses from people who have agreed to receive messages, but don't trust them.

Appreciate this type of reporting? Why not sign-up for the daily JWR update. It's free. Just click here.

Phillip Robinson is founder of the $7.95 OpenMinds.us Internet service. Comment by clicking here.

Up

© 2003, Distributed by Knight Ridder/Tribune Information Services