Tips for Avoiding SPAM
What is "spam"?
"Spam" is the common name given to unsolicited commercial e-mail.
It is somewhat analogous to direct mail advertising (AKA "junk mail")
but
with several important differences:
- it costs almost nothing to send spam, so "spammers" send
out
billions
of messages every day. This increases the cost of running the
Internet
and e-mail sites, and it wastes countless hours of time for Internet
users,
who must wade through and delete the unwanted messages.
- much spam is directed toward "phishing" identity theft scams and other forms of fraud. See Identity Theft and How to Avoid It for more information.
- much spam is pornographic or otherwise highly offensive in nature.
- no efforts are made to "target" spam to persons who might
actually be
interested
in the products being sold. As a result, an 8-year-old girl is
just
as likely as an adult to receive pornographic spam.
- the spammers don't care whether you are offended. Any
efforts you
may make to remove yourself from spam mailing lists are likely to increase
the amount of spam you receive.
Is spam illegal?
Yes and no. Congress passed the CAN-SPAM Act of 2003 in December
2003, and it was effective January 1, 2004. The Controlling the
Assault
of Non-Solicited Pornography and Marketing Act requires unsolicited
commercial
e-mail messages to be labeled (though not by a standard method) and to
include opt-out instructions and the sender's physical address.
It
prohibits the use of deceptive subject lines and false headers in such
messages. The FTC is authorized to establish a
"do-not-email" registry but has decided not to do so at this time (see
why in next paragraph). Violating the rules is illegal, but it
is
certainly possible to send spam that complies with the law. Many
states also have spam laws, some of which are supersceded by CAN-SPAM.
Unfortunately, many spammers are located overseas, and many of those
in the U.S. use "spam and run" tactics that make them almost impossible
to catch. Many people are afraid that a "do-not-e-mail" registry
would be a goldmine of addresses for those spammers who stay beyond the
law. It remains to be seen whether anti-spam laws have any effect
who-so-ever, and no one expects them to completely eliminate spam.
"Spoofed" Return Addresses
One of the more annoying characteristics of spam is the "spoofing"
of legitimate return addresses. That is, the spammer sends a
message with a return address that makes it look like it is coming from
a legitimate e-mail server, even though it isn't. There are two
technical solutions, both of which require cooperation from operators
of e-mail servers:
- use an e-mail service that incorporates "Sender
ID": legitimate web sites can register the Internet
address(es) of their e-mail servers with the domain-name system
(DNS). E-mail servers receiving mail can then verify that the
e-mail came from the indicated return address and reject any that
doesn't.
- use an e-mail service (such as Yahoo!) that incorporates "Domain Keys":
same concept as Sender ID, but the sending e-mail server information is
sent in the form of an encrypted digital signature. This is
believed to be more secure than the Sender ID approach.
Unfortunately, neither of these can stop someone from setting up a
legitimate e-mail server, registered with Sender ID or Domain Keys, and
then using it to send out spam. But, at least you can tell the
message's source from the return address. This can be used in
combination with a "white list" to allow only e-mail from known trusted
sources (if your e-mail supports white listing). Also
unfortunately, it is not possible to implement either of these on a
wide scale with current Internet technology.
What you can do:
If you use e-mail on the Internet, you will receive spam:
it is as unavoidable as death and taxes. However, the following
steps
will usually reduce the amount you get:
- never respond to a spam message. Some spammers
send
out messages
with randomly-generated e-mail addresses trying to find new
targets.
If you respond, you get added to their list! With great caution,
you may follow directions in a message to "unsubscribe" from a list if
and only if you are sure that the sender is a legitimate
business
whom you trust and not a spammer.
- in fact, don't even open a message that appears to be
spam.
Some spam comes with built-in code that will notify the sender that
your
address is legitimate if you open the message.
- if your e-mail program has a "preview pane", disable it
(same
reason
as above).
- avoid using an "auto-reply" feature when you can't answer your
e-mail.
Although it might seem desirable to tell people sending you e-mail that
you are on vacation, a reply tells a spammer that your address is
legitimate.
- keep at least two e-mail accounts. Give one address
only
to
family and close friends; give the other to on-line sites that require
an e-mail address. Giving your e-mail address to an on-line site
is a sure way to be targeted.
- when you set up your e-mail accounts, use names that are highly
unusual.
For example, replace jsmith2 with j8mith99t3. The more complex
the
name is, the harder it is for spammers to "guess" it.
- avoid giving your e-mail address in a chat room. If you
have to,
use the "other" address per above.
- avoid putting your e-mail address on a public web page.
Spammers
use special software to harvest such addresses and add them to their
mailing
lists.
- never buy anything from a spam message. A high
percentage
of spam messages are scams, and patronizing even the legitimate
businesses
who use spam encourages them to send more.
- do not sign up for a "do not spam" list. At
present,
there
is no known way to prevent law-breaking spammers from using such lists
to harvest e-mail addresses.
- do not forward chain letters, petitions, or virus
warnings.
These are often used by spammers to collect e-mail addresses.
- use an e-mail service provider that includes spam filtering,
preferably with the anti-spoofing technology discussed above. SFA
faculty, staff, and students receive some filtering from the Meridius
program. Be sure to read the periodic notifications from Meridius
and click on the link to view the suspected spam, since legitimate
messages sometimes get caught by the filter.
- use e-mail software that includes spam filtering. Be sure
to check your "junk" mailbox (or whatever the program calls it)
periodically, since legitimate
messages sometimes get caught by the filter.
- install a firewall program (automatically activated with Windows
XP Service Pack 2 or later).
- if your account is being bombarded with excessive amounts of spam
in
spite
of your best efforts, close it and open a new one under a different
name.
Some material in this page was adapted from "E-mail Spam: How
to Stop it from Stalking You," Consumer Reports, August 2003,
and from "New Ways to Nab Spam," PC Magazine, November 7,
2006.
Note: our server is Unix-based, so all url's are case
sensitive.
Send comments and corrections concerning this page to:
wfisher@sfasu.edu
Last updated March 6, 2010