To remove or not to remove? That is the first spam question. A majority of spam messages now begin with the "remove" proviso: Theoretically, all a recipient has to do is type "remove" in the subject line of the message, return to sender and presto, no more spam -- at least from that particular source. The IEMMC (Internet E-mail Marketing Consortium), a front group for CyberPromo and several other bulk e-mail distributors, even maintains a so-called "global remove" list at its Web site. Again, theoretically, anyone can add their name to the list and expect to be bothered no more by all the members of the IEMMC, including all 11,000 CyberPromo clients.
In practice, it's far from clear that the remove function works, despite repeated avowals from bulk e-mailers stating that no one wants to send messages to people who don't want to receive messages. I added my address to the IEMMC remove list and, if anything, my spam load increased, including daily messages from CyberPromo clients. There's also the problem that many spammers use fake return addresses; there are few things more irritating in the world of spam than a bounced remove message.
Anti-spammers declare that the main purpose of a remove message, from the spammer point of view, is to confirm that your e-mail address is indeed valid, and will only serve to ensure that you get more spam, not less. It's a hard thesis to prove. But one thing is undeniable -- taking the time to type "remove" means that you have bought into the spammer premise: that it is OK to send unsolicited e-mail as long as an exit function is included. WENET's Scott Mueller believes that accepting such a premise "legitimizes spam." He won't do it.
Proactively attempting to prevent spammers from obtaining your e-mail address in the first place is another attractive defense mechanism -- but it's not easy. The best advice is to do nothing. Don't post to Usenet newsgroups or mailing lists. Don't put your address on a Web page. Don't do anything public at all. Bulk e-mail software specializes in extracting lists of e-mail addresses from a variety of sources -- online providers like AOL or CompuServe, Usenet and the Web. 1997, in particular, has seen a proliferation of "spambot" programs whose sole function is to roam the Web, search for e-mail addresses and then automatically send a message to each address it finds. If you must post publicly, do so from an e-mail account that is not your primary account. (Password-protected discussion sites are safer, particularly from spambots, but no site is airtight.)
As far as technical solutions go, there are two main approaches -- client-side and server-side filtering. Client-side filtering means that you, the end-user, instruct your mail program to block messages from certain addresses or containing certain kinds of content. One could, for example, set a Eudora filter to shunt all messages containing the word "remove" into a special in box, and thereby avoid having to see a huge proportion of the current spam-load. The problem, however, is that keeping your filters up to date is a lot of work, and you always take the risk of missing something you actually did want to see if you set your filters really tight.
Server-side filtering takes place at the mail server computer owned by your Internet service provider. Ron Guilmette's Deadbolt is one example. System administrators tend not to be crazy about server-side filtering -- the process increases the "load" on mail server computers and can slow down system services for everyone. But most large Internet providers already use some form of filtering, and are considering more.
The Web is chock-full of anti-spam resources, for both the geek and the novice. The Junk E-mail Page, Fight Spam on the Internet! and The Stop Spam FAQ are good places to start. But the most basic defense of all is the simplest. Just press delete.