A Plan To Reduce Spam

Below I detail a viable and proven plan to reduce spam. This is a plan that we, nor­mal every­day peo­ple with e‑mail inbox­es, can do while we wait for our var­i­ous gov­ern­ments to fin­ish drag­ging their feet. This plan works. I’ve been doing it for years. If more peo­ple employ this plan, I sin­cere­ly believe we will force a major reduc­tion in spam for everyone.

Please, read the plan. Tell oth­ers. Pass it around (pre­ferrably as a link as I’d like to keep a live dia­log going on this top­ic). Emply the plan and save us all some inbox space.

Spammers—or, as they like to be called, “e‑mail marketeers”—get e‑mail address­es in three dis­tinct ways:

Method One: E-Mail Harvesters

First, they rou­tine­ly crawl web­sites and the sites to which they link using auto­mat­ed, search-engine-like bots called “e‑mail har­vesters” or “spam­bots”.

Harvesters just crawl around the Web (and oth­er Internet ser­vices like Usenet Newsgroups, chat rooms, instant mes­sen­ger ser­vice mem­ber direc­to­ries, etc.) look­ing for the @ sym­bol, a required part of any e‑mail address. When an @ is found, the har­vester cap­tures it and any and all char­ac­ters to either side of the @, until it encoun­ters a space, punc­tu­a­tion, or an HTML tag. So it would grab the address bob@​bob.​com from all of the fol­low­ing passages:

…to con­tact me, please e‑mail me at bob@​bob.​com any time…”

Post By: <a href=“mailto:”>Bob</A>”

…so I said to bob (<a href=“mailto:”>e‑mailBob</A>) that it was­n’t his…”

You might notice how exam­ple num­ber two is a com­mon sight on a blog. That’s from where my e‑mail address was com­pro­mised: Someone’s blog.

Your e‑mail address is not even safe in the fol­low­ing example:

…to con­tact me, please e‑mail me at bob@​NOSPAMbob.​com any time…”

It isn’t safe because this is such a com­mon trick. Inserting a harvester-fouling phrase like “NOSPAM” or “N0-SPAM” (note zero in the sec­ond exam­ple) does­n’t real­ly foul har­vesters any more. This trick is sev­er­al years old, and har­vesters and “spam-bots” are pre-programmed to strip out such com­mon trickery.

Want proof of any of this? Set up a dum­my Yahoo! or Hotmail account and use it only to post to blogs or news­groups, even with some kind of spam-bot-fouling trick­ery. Keep the account up for a few months and watch it grad­u­al­ly accu­mu­late more and more spam.

For the record, Yahoo! accounts not added to the mem­ber direc­to­ry are report­ed­ly pret­ty safe from “spon­ta­neous” spam. If you don’t use it any­where, it should­n’t accu­mu­late spam.

Method Two: Chain Letters

This sec­ond method is much small­er, though still very suc­cess­ful. The third method, below, is the most wide-spread and is respon­si­ble for the largest por­tion of spam in your inbox.

The sec­ond method employed to col­lect e‑mail address­es for spam is Chain letters.

Send this to sev­en peo­ple (after you make a wish). Make sure it is sent as soon as you read it or your wish won’t come true.” This is an actu­al quote from a mes­sage I received recent­ly. I get these from time to time, like most every­one else. The mes­sage usu­al­ly con­tains a joke or an offer for mon­ey or a plea to help some non-existent strick­en child or blah blah. They’re scams, folks. The pur­pose behind chain let­ters is to har­vest e‑mail addresses.

Look at the last chain let­ter you received. What’s in there? The main body, sure. What else? Yes. That. The address of the per­son who sent you the chain let­ter, and the address­es of every­one else to whom she sent it. Look fur­ther, below all the “>”. There are more e‑mail address­es, the address­es of those who received the mes­sage at the same time as the per­son who sent it to you… And all the peo­ple before them, and before them, and before them, and…

There is often a list of sev­er­al dozen (or more) e‑mail address­es, near­ly all of which are guar­an­teed as good and func­tion­ing because they were specif­i­cal­ly and inno­cent­ly cho­sen by the well-meaning sender. The orig­i­nal sender was not well-meaning, how­ev­er. The orig­i­nal sender is count­ing on the law of aver­ages (one per­son sends it to sev­en, each of whom sends it to sev­en oth­ers, each of whom sends it to sev­en oth­ers, and so on) to even­tu­al­ly get the mes­sage back to him or to some­one he knows. When he does get it back, he’ll have a fresh list of hun­dreds of val­i­dat­ed e‑mail address­es ripe for his lat­est XXX advertisement.

If you feel you sim­ply must pass along a chain let­ter, please, for the piece of mind of those with whom you like enough to share the mes­sage, use this very, very sim­ple trick: It’s called the BCC field. Blind Carbon Copy.

  1. Put your address in the To field. 
  2. Enter the address­es of your recip­i­ents in the BCC field. 
  3. Please also be kind enough to pro­tect those not savvy enough to pro­tect them­selves by strip­ping out the e‑mail address­es of pre­vi­ous senders. 
  4. To be extra safe and pro­tect your­self, add these very instruc­tions to the bot­tom of the mes­sage, right next to where it says “send this to sev­en peo­ple” so that your recip­i­ents will also learn to pro­tect them­selves and their friends (you among them). 

Addresses in the BCC field will not be shown in the mes­sage. Thus you will be pro­tect­ing your friends while shar­ing with them.

Method Three: Buying Lists

The third and most suc­cess­ful way spam­mers obtain e‑mail address­es is by buy­ing them as part of lists. You put your­self on these lists. Or, more accu­rate­ly, you give your e‑mail address to appar­ent­ly trust­wor­thy sites that turn around sell your address.

Often sites like IffySite​.com will sup­ple­ment their pri­ma­ry income by sell­ing the e‑mail address­es of members/customers/whatever. This is a pret­ty lucra­tive prac­tice, believe it or not, and extreme­ly preva­lent despite the pro­lif­er­a­tion of claims of pri­va­cy. Most pri­va­cy poli­cies state that sites, their own­ers, and “affil­i­ates” are allowed to send you mail they think will inter­est you. This is the clause that allows them to legal­ly sell your address to spammers.

Since I own sev­er­al domains, with the abil­i­ty to cre­ate an unlim­it­ed num­ber of e‑mail address­es, I have the lux­u­ry of doing a lit­tle more in terms of iden­ti­fy­ing from whence spam orig­i­nates. Any site on which I don’t feel safe pro­vid­ing my e‑mail address, but am required to for some rea­son, I “key” the address to the site. For exam­ple I might enter the e‑mail address of iffysite.​com@​myrealdomain.​com (where @myrealdomain.com is actu­al­ly my real domain name) when fill­ing out a form on the fic­ti­tious IffySite​.com. Mail addressed to this new address will auto­mat­i­cal­ly deliv­er to my pri­ma­ry POP3 e‑mail account unless I specif­i­cal­ly con­fig­ure my serv­er to do some­thing else with that mail. Later I’ll explain some of the things I do with those address­es… And what you can do to reduce spam.

If/when spam arrives to my new, keyed-address, I know that IffySite​.com has com­pro­mised my e‑mail address some­how. If it was used in some kind of pub­lic or semi-public posting—a forum or online pro­file, for example—then spam is be expect­ed. Anywhere e‑mail address­es appear enmasse, har­vesters will be point­ed. However, if the only place iffysite.​com@​myrealdomain.​com appears is in a sin­gle form I’ve filled out on IffySite.com—say, a reg­is­tra­tion or order form—and it gen­er­ates spam from sources not obvi­ous­ly affil­i­at­ed with IffySite​.com, I know that IffySite​.com is not a trust­wor­thy busi­ness enti­ty and sells its member/customer/whatever list.

This method of key­ing an e‑mail address is a much more accu­rate way of know­ing how trust­wor­thy a par­tic­u­lar site or busi­ness is than trust­ing in their often mean­ing­less pri­va­cy policies—many of which are often sim­ply ripped from anoth­er site.

So what do I when I real­ize that IffySite​.com is sell­ing my e‑mail address to spam­mers? I do the same thing you can do.

Depending on the sever­i­ty of the spam—one piece here and there or sud­den­ly dozen—I will take one or more of the fol­low­ing actions:

  1. Add the address iffysite.​com@​myrealdomain.​com to an Outlook rule I’ve cre­at­ed that kills all mes­sages sent to a range of addresses; 
  2. Configure my mail serv­er to auto­mat­i­cal­ly destroy all mes­sages to iffysite.​com@​myrealdomain.​com before Outlook down­loads them; 
  3. Configure my mail serv­er to deliv­er all mes­sages addressed to iffysite.​com@​myrealdomain.​com to a spe­cial mail­box I keep on the serv­er sim­ply to col­lect spam, which I often lat­er fol­lowup with a com­plaint to anti-spam groups and lists, or; 
  4. Create an auto-forwarder address on my mail serv­er that sends all mes­sages addressed to iffysite.​com@​myrealdomain.​com to the e‑mail address of the reg­is­tered Owner or Administrative, Billing, or Technical Contact for the domain name IffySite​.com.

The last option I use spar­ing­ly, but I feel per­fect­ly jus­ti­fied in it.

The last option is the crux of the plan to reduce spam for every­one.

The Plan To Reduce Spam

If my address was sold to a spam­mer, then it was a human being who made the deci­sion to sell my address. It was a human being who prof­it­ed from my frus­tra­tion. Let him deal with the spam he intend­ed for me. Let him feel the frus­tra­tion I would have felt by all this unwant­ed mail. Let him pay for the lost pro­duc­tive time and con­nec­tion charges. Let him change his e‑mail address to avoid that flow of spam. Remember: The terms of domain own­er­ship stip­u­late that the e‑mail address on file for a con­tact must be cur­rent at all times, so chang­ing that e‑mail address requires some effort and is usu­al­ly a great incon­ve­nience to the own­er… Just as it would be if I had to change my e‑mail address, as IffySite.com’s rep­re­sen­ta­tive should well realize.

What’s more, by for­ward­ing spam intend­ed for me back to either the per­son direct­ly respon­si­ble for it or at least to the per­son respon­si­ble for set­ting, main­tain­ing, and chang­ing the poli­cies of the com­pa­ny that caused my address to be sold to spam­mers, I hope to influ­ence, in my small way, the move away from prof­it­ing from sell­ing trust­ing customers’/users’/registrants’ e‑mail addresses.

Keep in mind that once one’s work­ing e‑mail address is on a spam list it will be sold and resold and pro­pogat­ed. The flow of spam will grow expo­nen­tial­ly from even a sin­gle ini­tial appear­ance on a sin­gle list. Once you begin receiv­ing spam at an address it will not stop until long after that address is proven to be inac­tive and no longer accept­ing mail. Let the per­son who made the deci­sion to sell your address suf­fer the con­se­quences of his own actions.

I encour­age every­one with the abil­i­ty to do this type of key­ing and for­ward­ing back to do it. If only a few thou­sand of the Internet’s sev­er­al mil­lion users sent their spam back to the per­son or orga­ni­za­tion that sold it, far, far few­er com­pa­nies would con­sid­er it prof­itable to sell customers’/users’/registrants’ e‑mail addresses.

Don’t try to send it back to the spam­mer. Don’t mail bomb the spam­mer with a thou­sand mes­sages. That won’t work. The spam­mer will not see it. They use bogus From address­es (yes, unlike much of the prac­tice of spam­ming, forg­ing a return address is ille­gal in the United States, but they do it any­way). Often they use the address of the next recip­i­ent on the list as the sender’s address to avoid bounced mail, thus you’ll be mail bomb­ing the next poor shmuck who, just like you, was unlucky enough to trust a com­pa­ny or indi­vid­ual who sold his e‑mail address. Instead, send all your spam back to the orig­i­nat­ing site by key­ing your e‑mail address.

I have absolute­ly no guilt about send­ing spam intend­ed for me back to the per­son who is respon­si­ble for it. I’m most sat­is­fied by the fact that I’ll nev­er see it. I don’t let Outlook do that kind of for­ward­ing work; I do it all on my mail server(s) before it gets to my inbox. It’s just a sim­ple mat­ter of set­ting up a Mail Forwarder. Your host­ing com­pa­ny can help you do it in 30 sec­onds or less.

By key­ing the address and send­ing that mail back to the orig­i­nat­ing site’s con­tact, I have reduced my spam over the years. This is a viable, proven plan to reduce spam. Nearly every­one with a vir­tu­al or ded­i­cat­ed serv­er nowa­days can do this.

If you do it too, you’ll frus­trate a few more peo­ple who prof­it from your frus­tra­tion. If sev­er­al hun­dred do it we’ll cause some busi­ness­es to stop the prac­tice of sell­ing e‑mail address­es. If sev­er­al thou­sand of us do it, then many busi­ness­es will cease the prac­tice of sell­ing our e‑mail adress­es, and we will force a reduc­tion in spam for everyone.

Dialogue: Questions? Comments?

By the way, though e‑mail address­es are required on my blog to reduce the inter­fer­ence of spam­mers, it will be pro­tect­ed pro­gram­mi­cal­ly by spe­cial cod­ing in the page. Moreover, I cat­e­gor­i­cal­ly do not sell or redis­trib­ute e‑mail addresses.

5 thoughts on “A Plan To Reduce Spam

  1. George Orwell

    [ FYI, ’employ’ is spelled with an ‘o’. ]

    Your plan is naïve. Obviously you haven’t done due dili­gence before post­ing it to your blog by first ask­ing for dis­cus­sion in:

    news:news.admin.net-abuse.email

    Firstly, the reg­is­tered con­tact for a web site is not who *sold* your name.

    Second, email to the reg­is­tered con­tact address­es to my sites are already 99% spam them­selves, thus easy to clear out.

    Third, even if you stuff the mail­box, all that will hap­pen is fur­ther com­plaints will bounce, and it is still the valid [required] con­tact address.

    Should they need to use their con­tact address, they can sim­ply clear out the mail­box first.

    Fourth, you haven’t said any­thing about an URL to a site on an ISP, such as AOL. Oops, won’t help there.

    It is good you are using Javascript to con­struct mail URLs at run­time. Most har­vesters don’t run a ren­der­ing engine. But they could if the prac­tice of using Javascript became widespread.

  2. George Orwell

    Great, I got­ta reply to myself…

    I read a lit­tle clos­er about what you meant when you said the web site sold your name. Okay, they sold your name. Ticketmaster, BTW, is guar­an­teed to do that:

    http://politechbot.com/p‑05001.html

    Unfortunately, the vast major­i­ty of peo­ple are not going to be able to con­fig­ure their mail serv­er, or even have their own mail serv­er, to do what you suggest.

    What I do is slight­ly dif­fer­ent: I instan­ti­ate (using my ISPs web­form for my domain) a new name for pur­chas­es, such as paypal-dot-com@. Should I get spam, which has­n’t hap­pened yet from a pur­chase, I would sim­ply delete the for­ward to my real mailbox.

    Not that reg­u­lar lusers would be able to han­dle that either.

    If you did make a pur­chase via a web­form on say an AOL site, and it did­n’t have a pri­va­cy pol­i­cy stat­ing they would­n’t sell your name, com­plain­ing to AOL won’t get you far.

    A web­bug is anoth­er way of get­ting on a spam list. You get an email, some­times they just gen­er­ate lots of names and try them. Should you make the mis­take of read­ing your email with image load­ing turned on, con­grat­u­la­tions: you’ve just con­firmed your address as valid. All the spam­mer need do is work a unique num­ber into any image URL that they can then match up with your email address.

    Your sub­scrip­tion process does­n’t involve a con­fir­ma­tion. I take it you’ve nev­er been list­bombed. That’s when some­one sub­scribes you to dozens and dozens of lists that don’t have the now-usual con­fir­ma­tion step of a reply before adding the email address to the list. Take the time to do that with your list. Freeware called ezmlm will auto­mat­i­cal­ly han­dle this for you.

  3. George Orwell

    I hope I am not monop­o­liz­ing replies, and thanks for not get­ting upset at my brisk atti­tude. I’m used to rougher forums, i.e. Usenet.

    I have seen almost no spam from reg­is­tra­tions. They all seem to have an opt-out (or even bet­ter: opt-in) check­box­es. How much spam and from where are you get­ting hit??? Inquiring minds wan­na know.

    Anyone using Ticketmaster had bet­ter be ready to revoke the email address once the trans­ac­tion is complete.

    I’m already using unique address­es that I can revoke when I order stuff.

    Where do I get spammed from? My
    InterNIC reg­is­tra­tions, mail­ing lists,
    and Usenet.

    I don’t see any glob­al way of elim­i­nat­ing or even notice­ably reduc­ing spam with­out going to an everyone-gets-registered-to-access the Internet scheme, which of course would be hor­ri­ble. They’ve got that in China.

    What might I try locally?

    For mail­ing lists, a unique address which I’ll change if I start get­ting spam. Unsubscribe, resubscribe.

    For Usenet, I’ve found you can put an URL with­in the com­ment field where your name goes. I’ll make a web page with a form on it to send me email, pro­tect­ing the email address either by turn­ing off read per­mis­sions and leav­ing exe­cute per­mis­sions, else turn­ing off all non-owner per­mis­sions and using cgiwrap.

    The address por­tion will be need­ed to do a signup with a Usenet service,
    but there­after I can just for­ward it to
    cypher@​punk.​net, which is a /dev/null sink­hole every­one has per­mis­sion to use. Also, there are address­es at http://​www​.pri​va​cy​.net/email that can be used for a “go away” autoreply.

    Anyone who would want to reply to me would be able to fig­ure out to pull up the URL and enter the mes­sage in the webform.

    Should it catch on (some­one offer it as a ser­vice), then spam­mers would write client-side http scripts, but one could add ran­dom let­ter pic­tures that must be hand entered, as hot​mail​.com now uses to pre­vent auto­mat­ed registrations.

    Same thing for web site reg­is­tra­tions (InterNIC): use a form. It might require using a real address, then edit­ing it to the http form address. It might need chang­ing the colon and slash­es to some­thing obvi­ous like dash­es to pass syn­tax checks.

    httpColonSlashSlashPath​.com

    If nec­es­sary, use the trick described for Usenet to put the whole URL in the name/comment por­tion of the address with­in dou­ble quotes.

    first last http://​blah​.com

    You might need to get a reply there, at least ini­tial­ly. Maybe only allow emails from your reg­is­trar and the
    ISP that hosts your site, forwarding
    the rest into the bit bucket.

    The good thing is you can always decide to for­ward it back to your real email address for a while, in case, say, you need to com­plain about being forged. You can’t com­plain if you don’t own the vis­i­ble email address and can receive email there.

    Another option for site reg­is­tra­tion is to use the $50/year ones at Tonga, which is real­ly in a con­sulate in the US somewhere.

    http://​home​page​.to/​d​n​s​r​g​s​tr.htm

    # Unlike any oth­er reg­is­trar, nobody can query your domain name and find out who owns that name, what servers or host­ing provider you are using in what coun­try or any oth­er infor­ma­tion about your domain name reg­is­tra­tion. They will only tell peo­ple whether or not a spe­cif­ic domain name has been registered.

    —-

    I think I read some­where that you are in Portland, OR. Condolences. ;-)

    Also, that you have Mac OS X.

    I got that OS upgrade from 9 sev­er­al weeks ago, and I am plan­ning on mov­ing all my oper­a­tions onto it. It’s fabulous.

    Have you tried train­ing its junkmail spot­ter? Some sort of heuris­tics are involved. Take your main mail address, send it to two real POP box­es, read one using Mail under Mac OS X and see how intel­li­gent it becomes. In train­ing mode you can click to change the sta­tus from not-junk to Junk and the udder way.

    I’m split­ting (for­ward­ing) my email into three pop box­es for now. One for my reg­u­lar machine, one for the iMac, and one for read­ing it while at work.

    OS X Mail has a full fil­ter­ing capa­bil­i­ty under Preferences->Rules.

  4. Pariah Burke

    Thanks for the well thought out feed­back, George.

    I think some­thing basic may have got­ten lost in the trans­la­tion of my plan. I do not pro­pose a plan to elim­i­nate spam, mere­ly one to reduce it.

    You’re right, the vast major­i­ty of the Internet users out here nei­ther pos­sess the need­ed tech­nol­o­gy to take advan­tage of the plan (beyond the safe­ty steps I’ve giv­en regard­ing pro­tect­ing their own e‑mail address­es, send­ing mail to lists via BCC, etc), nor are they tech­no­log­i­cal­ly savvy enough to make use of mail for­warders on a con­fig­urable mail serv­er if they had access to one. I’m not say­ing that every­one can or even should fol­low my plan of key­ing address­es and send­ing back to the orig­i­nat­ing site any spam received to those address­es. My plan is geared toward peo­ple like you and me that do have access to that tech­nol­o­gy and the skill to use it. There are quite a few of us out here who fit that profile.

    It may be a bit naïve, but think about it: Retaliation against the spam senders has been proven time and again as inef­fec­tu­al and a waste of one’s time. Attacking the adver­tis­ers who use spam as a means of pro­mo­tion is only slight­ly more effec­tive since the major­i­ty of them are small, home-based busi­ness­es run­ning Pyramid or Ponzi scams, not larg­er com­pa­nies who have a vest­ed inter­est in pro­mot­ing a good brand image.

    Equally use­less is any plan to go after the ISPs and ser­vice providers who enable spam because, by and large, pro­fes­sion­al spam­mers main­tain their own servers or use dis­pos­able accounts.

    So, we’ve elim­i­nat­ed three of the five enti­ties in the spam process. The fourth is, of course, the recip­i­ent. The fifth is the com­pa­ny or indi­vid­ual who col­lects the e‑mail addresses.

    As you not­ed, I use Javascript to reduce (again, not elim­i­nate) the instances of a listable hit upon my site. I also employ [it was a typo ear­li­er, thank you] oth­er sys­tems through the blog and oth­er places to pro­tect the address­es of my visitors.

    What I am talk­ing about is those sites that require us to pro­vide an e‑mail address before grant­i­ng us access to some­thing we desire. Maybe it’s a small soft­ware pub­lish­er’s site who sends an acti­va­tion key to one via e‑mail after pur­chase. Maybe it’s a members-only news site like ConsumerReports​.com or TheNYTimes​.com. It could be any­thing. More and more late­ly, even for free con­tent, reg­is­tra­tion is the norm. It helps sites show a prov­able user base for pro­mo­tion, set­ting adver­tis­ing rates, secur­ing financ­ing, arrang­ing part­ner­ships, and so on. I ful­ly sup­port reg­is­tra­tion… As long as the reg­is­tran­t’s infor­ma­tion is kept confidential.

    When it isn’t, the com­pa­ny with whom one has reg­is­tered becomes the fifth enti­ty in the spam chain: The pimp, if you will.

    If enough of us with the abil­i­ty and resources sent our spam back to the pimp who sold us out to it, that pimp will have to re-evaluate his prof­it ver­sus aggra­va­tion ratio. Eventually he will ask him­self: Is it worth it to make a few hun­dred bucks here and there when I have to keep fil­ter­ing out sev­er­al hun­dred copies of each of sev­er­al hun­dred spam mes­sages just to read my e‑mail? How often is it worth it to me change e‑mail address­es just to keep sell­ing lists?

    You stat­ed:

    “Third, even if you stuff the mail­box, all that will hap­pen is fur­ther com­plaints will bounce, and it is still the valid [required] con­tact address.
    “Should they need to use their con­tact address, they can sim­ply clear out the mail­box first.”

    Sure, they can clear out their box­es. But, just like the rest of us, if that box may con­tain any desired mail, they’ll need to sift through it. Automated fil­ters, as I’m sure you’ve learned first hand, have a lim­it­ed lifes­pan. Spammers are con­stant­ly devis­ing new tricks to defeat our fil­ters (my favorite is insert­ing ran­dom char­ac­ters between let­ters of a com­mon key­word, and those char­ac­ters being set by HTML or CSS to not show in the ren­dered page). So, the pimps then have to sift through their mail, just like the rest of us–thus the frus­tra­tion fac­tor trans­ferred from us, the intend­ed recip­i­ent, to them, the instru­ment of our would-be frustration.

    Further, those address­es that are required domain con­tacts are typ­i­cal­ly used for some­thing impor­tant: Communication with the reg­is­trar. Many peo­ple aren’t savvy enough to mark on their cal­en­dars when a domain is up for renew­al, so, lest the domain go down, the site own­er will want a means of receiv­ing reminders if noth­ing else.

    “What I do is slight­ly dif­fer­ent: I instan­ti­ate (using my ISPs web­form for my domain) a new name for pur­chas­es, such as paypal-dot-com@. Should I get spam, which hasn’t hap­pened yet from a pur­chase, I would sim­ply delete the for­ward to my real mailbox.”

    Why delete the for­ward? What I sug­gest is, instead of delet­ing the for­ward­ing address, redi­rect it to the indi­vid­ual or com­pa­ny respon­si­ble for the spam. By delet­ing the for­warder you’re act­ing defen­sive­ly, which is what we all have been doing for years. We act in defense of our inbox­es, invit­ing the spam indus­try to con­tin­ue on the offen­sive, the eas­i­er side, work­ing to defeat our defens­es with­out ever tak­ing the defense themselves.

    I want to change that. The best defense is a good offense. Turn your for­warder back on the source. Make them defend against their own defense-defeating mail. As you know, it’s a sim­ple mat­ter to do. Once you’ve done a whois on the domain, drop a con­tac­t’s e‑mail address into your for­warder, and be done with it. Such a small effort, done by a few hun­dred of us who can do that, would make a big effort. It would put those who would vic­tim­ize us into the posi­tion of being the vic­tims of their own actions.

    There is noth­ing exploita­tive about send­ing spam back to these peo­ple. Mail bomb­ing them is bad, but by send­ing back spam they caused to be sent, they are reap­ing only their own seeds. Should they some­how cause the sold address to no longer receive spam, they will no longer receive spam from it. However, should the sold address gen­er­ate a dozen unso­licit­ed mes­sages per day as a result of the pim­p’s actions, then the pimp will receive that mail. The pimp receives only what s/he caus­es to be sent. Nothing more, noth­ing less.

    “If you did make a pur­chase via a web­form on say an AOL site, and it didn’t have a pri­va­cy pol­i­cy stat­ing they wouldn’t sell your name, com­plain­ing to AOL won’t get you far.”

    Right. A large com­pa­ny like that and you’re out of luck, with this plan, any­way. That does­n’t mean you should­n’t fight the not-so-giant companies.

    I was unaware of the work­ings of a web­bug, though I had a pret­ty good idea that some­thing of that sort was going on. Thanks for inform­ing me.

    Listbombed, yes, I have, too many times. Same thing: Spam the mail back to the site on which one has used the keyed address being listbombed.

    Actually, I use NotifyList​.com for my Saturday Slant list. For the sub­scrip­tions to this blog, I’ll look into ezmlm. Thanks.

    Again, thanks for respond­ing. I real­ly hope you and the 823 unique vis­i­tors this page has logged since I put it up will join me in this plan to send the frus­tra­tion of spam back to some of the sources.

Comments are closed.