home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

Spam Rules

Yeah, man, Sp4m RuL3z! —No, wait a minute, that isn’t what I meant — what I mean to say is: here are a few practical rules for you to follow in dealing with the spam you get. This is my own compliation and is not to be confused with the “official” rules published by the news.admin.net-abuse.mail usenet news group (although the two sets do intersect a good deal).

Many people who write in to ask me about spam seem to be under the mistaken impression that most spammers are simply pushy if misguided business people. If there were a “rule zero” here, then, it would be that spammers are criminals. Almost all of the other material on this page follows quite logically from this simple observation.

1. DON’T believe anything spammers tell you

More than likely, the spammer has forged technical information in the message header and provided a bogus return address, and the message itself is probably full of dubious or even illegal claims. So, with this as a precedent, why should you trust anything else he has to say?

1a. Any offer made via spam is automatically untrustworthy

It is possible (and has happened many times) that a well-meaning soul with something to sell will try to advertise via spam because of its low cost and high coverage. However, such folks are in the negligible minority compared with the usual swindlers, crooks, and con-artists who check their scruples at the door in order to use spam. Therefore, even if you can’t find anything else particularly wrong with a spam offer, and even if the offer is for something you very much want or need, the simple fact that it is a spam offer should set off your personal bulls*it detector.

2. Bulk delivery + unsolicited = spam

If the message was delivered to you as part of a bulk delivery (i.e., it went out to hundreds or even millions of others at the same time), and you didn’t give explicit prior permission for it to be sent to you, the message is spam — end of discussion. Don’t be bamboozled by statements like “you signed up for this,” or “we got your address from so-and-so.” Don’t let the spammer tell you it isn’t spam; use this rule and decide for yourself.

3. DON’T ever reply to spammers

You may be tempted to respond directly to spammers by means of return e-mail. DON’T. You will either reach no one at all, or else you will reach someone who had nothing to do with the spam. In all likelihood, the return address given in the spam is non-existent, and any replies will simply bounce; if the address is deliverable, it probably belongs to some completely innocent third party who doesn’t want to read a bunch of abuse (i.e., the spammer stole this address from his lists and forged it into his mailings as a form of camouflage).

On the other hand, if in fact your replies do get back to the spammer, he won’t care about your abuse at all. He will, however, note that he has reached a real, live person and will be sure to earmark your address for further spamming by himself or by others to whom he sells his “laundered” list.

4. DON’T play the “opt-out” game

Some spammers (fewer and fewer these days) still include some sort of e-mail address, web link, or telephone number in their messages that (they tell you) can be used to remove your address from their lists. Don’t use these. Despite what spammers, or even certain members of the United States Congress might say, there’s no reason why you should be obliged to remove yourself from a mailing list when you didn’t ask to be on it in the first place. It’s just too likely that the spammer uses the “removal” feature as a means to compile lists of known-deliverable e-mail addresses, and you could simply wind up getting more spam for your trouble. Remember rules #1 and #3 (also see my page about opt-in and opt-out).

5. DON’T retaliate in kind

Many people immediately go “postal” (become irrationally enraged) when they get annoying spam, and start sputtering threats about “mail bombs” (real or virtual), website cracking, denial-of-service attacks, exposure of the spammer’s private info, or worse. I’m pretty sure that most of these folks wouldn’t have the slightest idea how to go about this sort of revenge, but if they did know, and if they acted, they’d stand to get into even more trouble than the spammer. Providers don’t like spammers, but they hate crackers even more. The cops hate them as well.

Also, there’s a small risk that you could end up on the wrong side of a civil suit if you are not careful with such activity; on occasion, when a spammer becomes the target of intemperate threats and attacks, he will use these as a means to take an opponent to court, presenting himself as an “honest businessman” under savage attack by internet kooks. These cases seldom stand, but while they are in progress they do require the sued party to expend his time and money in his own defense. This is an excellent reason never to make public threats against particular spammers. See the next rule!

6. DON’T get emotionally involved in spam

Most minor annoyances we encounter in life don’t deserve to be fussed over. When weeds appear in your garden or your lawn, you don’t get vindictive about it, you just pull them or kill them. When your car gets dirty, you don’t shake your fist at the heavens, you just wash it. For many people, however, spam seems to evoke visceral, reflexive, and ultimately unproductive anger.

When they finally get fed up with spam, some folks get really fed up and go off on a tear. They file all manner of complaints (sometimes improperly directed) and become livid when these do not achieve immediate results. They make wild, uninformed, and highly-speculative accusations against everyone from Google to Microsoft to the Trilateral Commission. They often think up “new” techniques for fighting spam that are impractical, unscalable, poorly targeted, ineffective, or inappropriate, and they get very angry and even more suspicious when experienced hands point out the shortcomings of these measures. Invariably, in the last stages of their madness, many of these folks burn out and give up the struggle, concluding that no one else cares about their efforts or is doing anything about the problem. This is unfortunate, because bringing spam under some sort of control wll require consistent, careful, and patient effort by as many of us as can manage it, for as long as we can manage it.

When dealing with spam, then, you should adopt a dispassionate, businesslike attitude. It looks as though spam is going to be with us for the forseeable future, so you might as well not burn up a main bearing over it. Report your spam if you can, filter it or delete it in any case, and then move on to the next life-problem.

7. DON’T post your e-mail address “in the clear” on websites or Usenet.

Spammers get many of their target addresses by harvesting or “scraping” them from websites or from usenet postings and public (web-accessible) mailing list archives or bulletin boards. If you use any of these, make sure you protect your address by disguising it or by providing alternative means of reply.

8. DON’T give out your e-mail address indiscriminately

Often, you’re asked by strangers to provide your address as a condition for various kinds of services (like online greeting cards, web bulletin boards,etc.). You should weigh this request very carefully, since you can seldom be sure what will be done with your address afterward (even if the requester swears that he won’t use it for spam or give it to others).

If you like, you can give a phony e-mail address on such occasions (assuming you don’t expect or want to hear back from them), or you can create a “throwaway” address (at yahoo, hotmail, etc.), or an alias address, just for such use — if spam comes in to this addresses afterward, you can simply shut it down.

9. DON’T open spam messages you don’t intend to analyze or report

As you can read elsewhere, spammers can sometimes set traps for the unwary. They can force web pages to “pop up” unbidden by you, or they can secretly confirm the availability of your address for more spam. All of this can happen when you do as little as open the message or bring it into view with your mail program. In extreme cases, spammers can implant software that will spy on your network activities or even turn your computer into a spam relay.

Unless you use a net-based filtering service to detect and hold your spam (so you can examine the message’s contents beore it reaches your computer), you can’t tell beforehand whether opening a message will cause any of this to happen. Therefore, if you know for sure that a message is spam, and unless you’re interested in examining it or reporting it (at the risk of having all of the little tricks work), drag it immediately to the trash WITHOUT opening it.

You can render your mail program somewhat safer by following some of the techniques below in rule 13.

10. DO trace and report spam e-mails to the providers involved.

The best way for individuals to fight spam is to report it to the providers whose resources were used to transmit it. This includes those responsible for mail servers that sent the spam, but it also includes those who host websites advertised in the spam, or otherwise used by the spammer (e.g., for remove lists). If a provider receives enough complaints about one of his customers, he’ll eventually take action against that customer, or may take other steps to reduce the volume of spam passing through his servers (e.g., by buttoning down open relay hosts, or blocking or mopping up zombie computers).

Reporting spam requires that you analyze it to trace its origin (which is almost never the “from” address that you see onscreen). Then, you look up the proper e-mail address for reporting spam or abuse originating from that point. The process is not terribly difficult after a bit of practice, but you can also find automated alternatives if you want them.

Of course, many providers don’t seem to care about your complaints. I’d say that, as long as it won’t end up getting you more spam (due to “know-nothing” ISPs handing your complaints over to the spammer), it never hurts to complain; if nothing else, this will give them a taste of what it’s like to recieve hundreds of unwanted e-mails. And, eventually, their practices will catch up with them when they end up on some block list or other.

11. DO review privacy policies of websites and online businesses with which you have dealings

When legitimate firms ask for your e-mail address, they’ll generally tell you why they want it; or else, they’ll point you to a comprehensive privacy policy that they’ve posted. It never hurts to review this policy to see what they say they will (and won’t) do with your address or other information you provide. Look particularly for any language about providing your information to third parties.

Of course, anyone can post a privacy policy and then proceed to break it, and often company A can buy out company B and then proceed to weaken or abandon the original company-B privacy policy, but few firms who respect your privacy and want your continued interest and business would find it prudent to do so.

12. DO check all those “don’t send me mail” boxes on web forms

Whenever you are asked to register online for some product or service, look the form over carefully for checkboxes or buttons asking for permission to send you marketing materials. You may choose to accept e-mail from the company itself if you like, but you should certainly stop any mail from “our affiliates,” or “certain outside companies,” or other third parties. Otherwise, it’s just too easy for your address to fall into the hands of a spammer who can then make a tenuous claim that you “opted in.

13. DO tighten up the security of your mail program

Ideally, a mail program would permit you to make the following security settings:

You should study the documentation for your own mail program to find out how many of these settings you can make. These will help to protect you from web-bugs, popups, and other spammer tricks. Unfortunately, I can’t be of much assistance here, since I don’t know much about most of the mail clients available today (particularly those for Windows).

If you find that your big-name browser mail program is deficient in one or more of these areas, consider shopping for a freeware or shareware alternative that caters more to the spam-averse (Mozilla Thunderbird is a popular choice these days).

Last but most important ... 14. DON’T trade with spammers

If you do nothing else about spam, you should surely follow this very important rule for your own sake as well as for the rest of us who suffer with the pestilence of spam: DO NOT DO BUSINESS WITH SPAMMERS!

I have a full page elsewhere that goes into more detail, but the basic message is this: by trading with spammers you will (1) expose yourself to all manner of cheaters, swindlers, and criminals, and (2) help make spam profitable, thereby perpetuating it.

If nobody bought anything from spammers, I imagine that spam would drop to very small levels very quickly. The fact that spam isn’t shrinking, but growing and diversifying, suggests that many people don’t follow this simple rule. Don’t you be one of these, please!



 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   


(c) 2003-2008, Richard C. Conner ( )

02946 hits since

Updated: Sun, 08 Jun 2008