Your plan is naive. Obviously you haven’t done due diligence before posting it to your blog by first asking for discussion in:

news:news.admin.net-abuse.email

Firstly, the registered contact for a web site is not who *sold* your name.

Second, email to the registered contact addresses to my sites are already 99% spam themselves, thus easy to clear out.

Third, even if you stuff the mailbox, all that will happen is further complaints will bounce, and it is still the valid [required] contact address.

Should they need to use their contact address, they can simply clear out the mailbox first.

Fourth, you haven’t said anything about an URL to a site on an ISP, such as AOL. Oops, won’t help there.

It is good you are using Javascript to construct mail URLs at runtime. Most harvesters don’t run a rendering engine. But they could if the practice of using Javascript became widespread.

I read a little closer about what you meant when you said the web site sold your name. Okay, they sold your name. Ticketmaster, BTW, is guaranteed to do that:

http://politechbot.com/p-05001.html

Unfortunately, the vast majority of people are not going to be able to configure their mail server, or even have their own mail server, to do what you suggest.

What I do is slightly different: I instantiate (using my ISPs webform for my domain) a new name for purchases, such as paypal-dot-com@. Should I get spam, which hasn’t happened yet from a purchase, I would simply delete the forward to my real mailbox.

Not that regular lusers would be able to handle that either.

If you did make a purchase via a webform on say an AOL site, and it didn’t have a privacy policy stating they wouldn’t sell your name, complaining to AOL won’t get you far.

A webbug is another way of getting on a spam list. You get an email, sometimes they just generate lots of names and try them. Should you make the mistake of reading your email with image loading turned on, congratulations: you’ve just confirmed your address as valid. All the spammer need do is work a unique number into any image URL that they can then match up with your email address.

Your subscription process doesn’t involve a confirmation. I take it you’ve never been listbombed. That’s when someone subscribes you to dozens and dozens of lists that don’t have the now-usual confirmation step of a reply before adding the email address to the list. Take the time to do that with your list. Freeware called ezmlm will automatically handle this for you.

I think something basic may have gotten lost in the translation of my plan. I do not propose a plan to eliminate spam, merely one to reduce it.

You’re right, the vast majority of the Internet users out here neither possess the needed technology to take advantage of the plan (beyond the safety steps I’ve given regarding protecting their own e-mail addresses, sending mail to lists via BCC, etc), nor are they technologically savvy enough to make use of mail forwarders on a configurable mail server if they had access to one. I’m not saying that everyone can or even should follow my plan of keying addresses and sending back to the originating site any spam received to those addresses. My plan is geared toward people like you and me that do have access to that technology and the skill to use it. There are quite a few of us out here who fit that profile.

It may be a bit naive, but think about it: Retaliation against the spam senders has been proven time and again as ineffectual and a waste of one’s time. Attacking the advertisers who use spam as a means of promotion is only slightly more effective since the majority of them are small, home-based businesses running Pyramid or Ponzi scams, not larger companies who have a vested interest in promoting a good brand image.

Equally useless is any plan to go after the ISPs and service providers who enable spam because, by and large, professional spammers maintain their own servers or use disposable accounts.

So, we’ve eliminated three of the five entities in the spam process. The fourth is, of course, the recipient. The fifth is the company or individual who collects the e-mail addresses.

As you noted, I use Javascript to reduce (again, not eliminate) the instances of a listable hit upon my site. I also employ [it was a typo earlier, thank you] other systems through the blog and other places to protect the addresses of my visitors.

What I am talking about is those sites that require us to provide an e-mail address before granting us access to something we desire. Maybe it’s a small software publisher’s site who sends an activation key to one via e-mail after purchase. Maybe it’s a members-only news site like ConsumerReports.com or TheNYTimes.com. It could be anything. More and more lately, even for free content, registration is the norm. It helps sites show a provable user base for promotion, setting advertising rates, securing financing, arranging partnerships, and so on. I fully support registration… As long as the registrant’s information is kept confidential.

When it isn’t, the company with whom one has registered becomes the fifth entity in the spam chain: The pimp, if you will.

If enough of us with the ability and resources sent our spam back to the pimp who sold us out to it, that pimp will have to re-evaluate his profit versus aggravation ratio. Eventually he will ask himself: Is it worth it to make a few hundred bucks here and there when I have to keep filtering out several hundred copies of each of several hundred spam messages just to read my e-mail? How often is it worth it to me change e-mail addresses just to keep selling lists?

You stated:

Sure, they can clear out their boxes. But, just like the rest of us, if that box may contain any desired mail, they’ll need to sift through it. Automated filters, as I’m sure you’ve learned first hand, have a limited lifespan. Spammers are constantly devising new tricks to defeat our filters (my favorite is inserting random characters between letters of a common keyword, and those characters being set by HTML or CSS to not show in the rendered page). So, the pimps then have to sift through their mail, just like the rest of us–thus the frustration factor transferred from us, the intended recipient, to them, the instrument of our would-be frustration.

Further, those addresses that are required domain contacts are typically used for something important: Communication with the registrar. Many people aren’t savvy enough to mark on their calendars when a domain is up for renewal, so, lest the domain go down, the site owner will want a means of receiving reminders if nothing else.

Why delete the forward? What I suggest is, instead of deleting the forwarding address, redirect it to the individual or company responsible for the spam. By deleting the forwarder you’re acting defensively, which is what we all have been doing for years. We act in defense of our inboxes, inviting the spam industry to continue on the offensive, the easier side, working to defeat our defenses without ever taking the defense themselves.

I want to change that. The best defense is a good offense. Turn your forwarder back on the source. Make them defend against their own defense-defeating mail. As you know, it’s a simple matter to do. Once you’ve done a whois on the domain, drop a contact’s e-mail address into your forwarder, and be done with it. Such a small effort, done by a few hundred of us who can do that, would make a big effort. It would put those who would victimize us into the position of being the victims of their own actions.

There is nothing exploitative about sending spam back to these people. Mail bombing them is bad, but by sending back spam they caused to be sent, they are reaping only their own seeds. Should they somehow cause the sold address to no longer receive spam, they will no longer receive spam from it. However, should the sold address generate a dozen unsolicited messages per day as a result of the pimp’s actions, then the pimp will receive that mail. The pimp receives only what s/he causes to be sent. Nothing more, nothing less.

Right. A large company like that and you’re out of luck, with this plan, anyway. That doesn’t mean you shouldn’t fight the not-so-giant companies.

I was unaware of the workings of a webbug, though I had a pretty good idea that something of that sort was going on. Thanks for informing me.

Listbombed, yes, I have, too many times. Same thing: Spam the mail back to the site on which one has used the keyed address being listbombed.

Actually, I use NotifyList.com for my Saturday Slant list. For the subscriptions to this blog, I’ll look into ezmlm. Thanks.

Again, thanks for responding. I really hope you and the 823 unique visitors this page has logged since I put it up will join me in this plan to send the frustration of spam back to some of the sources.

I have seen almost no spam from registrations. They all seem to have an opt-out (or even better: opt-in) checkboxes. How much spam and from where are you getting hit??? Inquiring minds wanna know.

Anyone using Ticketmaster had better be ready to revoke the email address once the transaction is complete.

I’m already using unique addresses that I can revoke when I order stuff.

Where do I get spammed from? My
InterNIC registrations, mailing lists,
and Usenet.

I don’t see any global way of eliminating or even noticeably reducing spam without going to an everyone-gets-registered-to-access the Internet scheme, which of course would be horrible. They’ve got that in China.

What might I try locally?

For mailing lists, a unique address which I’ll change if I start getting spam. Unsubscribe, resubscribe.

For Usenet, I’ve found you can put an URL within the comment field where your name goes. I’ll make a web page with a form on it to send me email, protecting the email address either by turning off read permissions and leaving execute permissions, else turning off all non-owner permissions and using cgiwrap.

The address portion will be needed to do a signup with a Usenet service,
but thereafter I can just forward it to
cypher@punk.net, which is a /dev/null sinkhole everyone has permission to use. Also, there are addresses at http://www.privacy.net/email that can be used for a “go away” autoreply.

Anyone who would want to reply to me would be able to figure out to pull up the URL and enter the message in the webform.

Should it catch on (someone offer it as a service), then spammers would write client-side http scripts, but one could add random letter pictures that must be hand entered, as hotmail.com now uses to prevent automated registrations.

Same thing for web site registrations (InterNIC): use a form. It might require using a real address, then editing it to the http form address. It might need changing the colon and slashes to something obvious like dashes to pass syntax checks.

httpColonSlashSlashPath.com

If necessary, use the trick described for Usenet to put the whole URL in the name/comment portion of the address within double quotes.

“first last http://blah.com”

You might need to get a reply there, at least initially. Maybe only allow emails from your registrar and the
ISP that hosts your site, forwarding
the rest into the bit bucket.

The good thing is you can always decide to forward it back to your real email address for a while, in case, say, you need to complain about being forged. You can’t complain if you don’t own the visible email address and can receive email there.

Another option for site registration is to use the $50/year ones at Tonga, which is really in a consulate in the US somewhere.

http://homepage.to/dnsrgstr.htm

# Unlike any other registrar, nobody can query your domain name and find out who owns that name, what servers or hosting provider you are using in what country or any other information about your domain name registration. They will only tell people whether or not a specific domain name has been registered.

—-

I think I read somewhere that you are in Portland, OR. Condolences. ;-)

Also, that you have Mac OS X.

I got that OS upgrade from 9 several weeks ago, and I am planning on moving all my operations onto it. It’s fabulous.

Have you tried training its junkmail spotter? Some sort of heuristics are involved. Take your main mail address, send it to two real POP boxes, read one using Mail under Mac OS X and see how intelligent it becomes. In training mode you can click to change the status from not-junk to Junk and the udder way.

I’m splitting (forwarding) my email into three pop boxes for now. One for my regular machine, one for the iMac, and one for reading it while at work.

OS X Mail has a full filtering capability under Preferences->Rules.