written by: Finn Orfano•edited by: Brian Nelson•updated: 4/13/2009
This article defines spam and offers guidelines to avoid the menace.
slide 1 of 1
The only difference between spam and junkmail is the tool used to send and receive. We receive unsolicited mail and email (correspondence we didn’t request) from family, friends, and advertisers. This is legal. If we do not want to receive unsolicited correspondence, we can tell the company to remove our information from their databases and mailing lists. This is opting-out. We opt-in when we subscribe to a newsletter, subscription, or mailing list.
When a sender of unsolicited correspondence hides his or her true identity or tries to make the correspondence appear to be from someone else, this is spam. The majority of spam is illegal advertising. It is illegal because the sender hides or tries to hide the true identity or, the email makes available illegal products, services or fraudulent offers.
The basic safety rule is not to respond to spam.
There are obvious and not-so-obvious indicators the email may be spam. If the email displays no name of the sender, only an unfamiliar first name, or a nonsensical combination of numbers and letters as the name of the sender, then it is most likely spam. Avoid any email that does not want you to know the identity of the sender. If the email requests your passwords, account, financial or personal information, don’t respond or click on a link in these spam emails. If the email makes you wonder whether you subscribed to the mailing list or not, chances are you didn’t subscribe. Don’t respond to these. You will not be removed from spammers’ mailing lists when you reply or click on the unsubscribe link or opt-out link. Instead your email address will be confirmed as valid and either sold or distributed to other spammers’ lists. If the email indicates the sender has the same product for less than a known retail store or website, don’t communicate with this sender. Don’t respond to these emails either.
Spammers use techniques to avoid the filters in anti-spam software. The "look" of these techniques can help you identify a lot of spam should they arrive in your inbox.
The only thing in the email text area is an internet address like http://www.website.com/page. Don’t click on these.
Random nonsensical words in small writing (sometimes in the same color as the background so you can not see them) with no relationship to each other or the subject or text of the email. Many times when the email itself is a picture, these nonsensical small words are after the picture.
Words in the subject line that contain letters or characters not consistent with the words. For example: d1git, $ex, or c@t.
In the HTML of the text area, which the reader can’t see, are filters. For example: the HTML code can be “some<obfu>times" but the reader only sees “sometimes". In other instances a reader will see nothing in the text area of an email but an infector has already begun to install.
Treat the email as spam or hang up the phone when you did not initiate the communication and are asked to provide your social security number, drivers license number, banking information, or your mother’s maiden name before you confirm any account details or purchase the product or service. These are phishing scams.
Avoid any unsolicited correspondence from persons you do not know in email and your text messaging program. Many persons still tend to believe something they see or read on the internet more readily than if they were to receive the same correspondence on the telephone, the street corner, or through mail. These persons get duped into believing they won a lottery or prize; are convinced they can save an unbelievable amount of money purchasing medicine, software, or other products through an email advertisement, or that someone from a prestigious organization singled them out online needing their help (most likely a Nigerian scam). The reality is that the senders of spam (not necessarily all unsolicited emails) are most likely buying bulk email lists or using software to generate random email addresses and then just waiting for responses. Unfortunately, until each internet user recognizes the fraud is spam, spam will continue to be lucrative and ongoing.
Don’t click on the opt-out link in a spam email. Unsubscribing from spam e-mails will not reduce the amount of spam you receive. In fact, it sometimes increases the amount of spam received because by using the opt-out link you are confirming the validity of your email address.
Don’t purchase a product or service through a spam email link.
Periodically check your “Sent Items" folder in your email program for any emails you did not send. If you find them, your computer can be infected. If you receive emails returned to you that you did not send and are not in your “Sent Items" folder, report this to the abuse department of your email server. Someone can be forging your email identity. You can forward these in the USA to the Federal Trade Commission firstname.lastname@example.org mentioning the forgery in the subject or text area.
Use a “disposable" email address as your public address such as Your2Name004 at Yahoo! or Hotmail. These are relatively easy accounts to create and discard. Use only email servers that have spam filtering options before email reaches your inbox. When an email address gets overwhelmed with spam, get rid of it and create another. Try to check your email at the website of your ISP or email server so the filters they offer are available to you. Report spam to your email provider so they can improve their spam filtering service. Other options include using a disposable forwarding address service such as Spam Motel http://www.spammotel.com, a proxy server such as http://www.anonymizer.com or obscuring your email address http://www.wbwip.com/wbw/emailencoder.html.
Try not to download email to the email program installed on your computer unless you have spam filtering software installed and know how to adjust the filter settings. Instead, check your mail at the website of your email server so the filters they offer are available to you.
Save your email address from your internet service provider as your private email address reserved for family and business. Use disposable email addresses for all online activities like text messaging, chatrooms, forums, website postings, online games, mailing lists, opinion polls, social networking communities or any other publicly accessible resource.
If you must publish any email address at a website, put it in a picture or write it like this:
instead of email@example.com. Don’t link the picture to your email address. This helps avoid your email address being added to unauthorized databases.
When creating the username for your email address, try to use a long name with creative combinations of letters and numbers without revealing your age, gender, religion, a prominent characteristic or race. The reason for this is that spammers use different methods to find valid email addresses. One method is when they find a valid joe_doe at isp.net, they will try joe_doe at aol.com, joe_doe at hotmail.com, joe_doe at yahoo.com, etc till they find other valid addresses to add to their databases and mailing lists.
Spammers try to steal customer and subscriber lists and databases from websites, companies, internet service providers. They also try to steal personal information directly from internet users using malware and phishing scams. Spammers also scan chatrooms, forums, websites, social networking communities, text messaging services, WhoIs registries and newsgroups for email addresses. They write an email specifically designed to avoid known spam filters and send it to all the collected email addresses. The addresses of returned email are typically removed from their lists. Then they usually send an email to the valid addresses with a picture that is downloaded from their server that has an unsubscribe link in the email or has a return receipt. The reader who clicks on the unsubscribe or opt-out link actually returns a confirm receipt. The reader who views the email long enough to download the picture has just validated their email address for the spammer. These confirmed email addresses are then added to lists and databases that can be sold to other spammers instead of being removed from their lists, the reason unsuspecting email recipients clicked on the opt-out or unsubscribe link. This is why you should not allow your email program to automatically display emails and pictures. The Federal Trade Commission in the USA has a more thorough explanation of email harvesting at http://www.ftc.gov/bcp/menus/consumer/tech/spam.shtm.
Try not to confirm receipts of email unless there is a definite legal reason for you to confirm. Not only does your confirmation of receipt of the email confirm the validity of your email address but it can also include your browser information, approximate location, and the day and time you read the email.
You can use the unsubscribe link in unsolicited email from reputable companies and advertisers. These senders value their reputation and respect your option to opt-in or opt-out.
Unless you subscribed to a mailing list, ignore and do not respond to products or services offered in email for much less than the typical retail price. Many times the links in spam emails take you to a website where a Trojan will automatically download and install itself without your knowledge or consent. Other times links in spam emails will take you to a website where you are pressured to download a “free trial" that includes a Trojan. Reputable software companies offer “free trial" downloads so you can test the product or service before you buy. Reputable companies do not automatically download and install a program on your computer without your knowledge or consent when you visit their website. Reputable companies also do not pressure you into downloading a “free trial". They prefer you to buy their product.
Don’t open email from senders you don’t know. Spam is an effective vehicle for malware, infectors, identity theft, and fraud. Watch out for emails in another language. Simply delete these. Since you can’t understand the subject line or the text, you can’t recognize an infectious attachment or know if an infector is in the text area of the email.
Be cautious of the email that looks like it is from any reputable company or bank asking you to confirm or provide your personal account, username, password, or financial information. These are phishing scams. They usually explain the need to update your information as a temporary security problem. Don’t click on any link in these emails. Telephone the company or open a new browser window to logon to the website in your usual fashion to check your account and confirm that this email was not sent from them. Reputable companies and government agencies do not request personal, financial or logon information through email.
Try to send and receive plain text emails instead of those in the form of a webpage with HTML language. By doing this, you can reduce the size of the email, avoid indecent pictures, and substantially reduce your risk of a hidden infector imbedded in the HTML code automatically installing itself.