How to avoid the evil eye

There are a few ways to evade spammers, but most will limit your reception of other mail too.

Published April 21, 2000 4:00PM (EDT)

I doubt anyone would sign up for dozens
of daily e-mail messages promoting
strange herbal remedies and CD-ROMs that
contain 55 million e-mail addresses. But
when it comes to avoiding spam, your
options are, unfortunately, limited.
Many of the most effective techniques
for protecting your mailbox from spam
have the side effect of limiting the
ways that you can use the Internet.

There are two fundamental ways to keep
spam out of your in box. The first is to
prevent spammers from getting your
e-mail address in the first place. The
second is to filter out the incoming
spam from the e-mail that you actually
want to see.

Go stealth

If you are going to try to keep your
e-mail address from the spammers, you'll
need to apply constant vigilance.
Spammers have written programs that
harvest e-mail addresses from
practically every location you can
imagine: Web pages, Internet provider
directories, chat rooms and mailing list
archives. These robots are silent and
extremely effective: A friend of mine
who is a school teacher in Los Angeles
visited the "Parent Soup" chat room on
America Online; two days later, her
mailbox was filled with messages pushing
pornographic Web sites.

The easiest way to hide your e-mail
address is to withdraw from Internet
communications: Don't visit chat rooms,
don't post, don't participate on mailing
lists and don't put your e-mail address
on your Web page. Follow these
techniques and you'll get little spam;
unfortunately, you probably won't get
much other mail, either.

A simple variant of the stealth
technique is to cycle your e-mail
addresses -- get a new one every two or
three months. Naturally, this is easier
to do if you own your own domain. Alas,
a constantly changing e-mail address
will be difficult on your
correspondents.

A less anti-social technique is called
"address munging." With this technique,
instead of participating in online
discussions using your real e-mail
address, you use an e-mail address
that's not valid, but from which your
correct e-mail address is easily
discerned. For example, if you were
President Clinton, instead of using
president@whitehouse.gov, you might use
president@remove-me.whitehouse.gov, or
president@whitehouse.nospam.gov. Address
munging throws off the current
generation of address-scraping robots,
although it's only a matter of time
before spammers have their robots
automatically prune out the most common
munging names.

If you do choose to go stealth, make
sure that your e-mail address doesn't
appear in online directories, like Bigfoot or the America Online membership
pages. Many of the early spammers built
their vast collection of e-mail
addresses by milking UNIX servers at
universities and businesses.

Unfortunately, stealth techniques won't
help you if you have a common e-mail
address. That's because spammers are
increasingly resorting to what's called
"dictionary attacks." Instead of trying
to find a valid e-mail address, the
spammers simply guess which e-mail
addresses might work. For example, the
spammer might send e-mail to
tom@hotmail.com, dick@hotmail.com and
harry@hotmail.com, without knowing that
those addresses actually exist. A more
creative spammer might try
toma@hotmail.com through
tomz@hotmail.com, and so on throughout
the dictionary of first and last names.

Try filtering

Since ultimately there is no way to
prevent the spammers from sending
messages to your mailboxes, many people
have turned to filtering -- automated
techniques for identifying spam and
sending it to the trash can without
human intervention.

Filtering is somewhat error prone.
Filter the words "business opportunity"
in the subject line and you'll can a lot
of spam messages, but you're likely to
also throw away the e-mail about that
new job offer. Throw away e-mail that's
in ALL CAPS and you're likely to miss
the HAPPY BIRTHDAY e-mail from your
grandmother, who still doesn't really
understand the Caps Lock key.

Some filters work on domain names in the
"From:" address. You can't go wrong
blocking e-mail from annoy.com, a Web site which was
created to send out annoying e-mail. On
the other hand, a lot of spam that gets
sent shows a return addresses from
popular services like AOL.com, Yahoo.com
and Hotmail.com; block those and you'll
be blocking a lot of legitimate e-mail
as well.

You could filter messages based on the
IP address of the computer from which
they originate. The Mail
Abuse Prevention System
maintains
three Internet blacklists. The most
widely used is the Realtime Blackhole
List (RBL), which lists known
"spamhausen" --- computers with
high-speed
Internet connections that have been
known to originate millions of messages
at a time. Many ISPs subscribe to the
RBL and automatically block any e-mail
originating from one of the blacklisted
computers. Other ISPs simply add a mail
header to e-mail that is received from
blacklisted sites, so that customers can
filter on these as well.

One of the most technically
sophisticated filtering systems is
maintained by a company called
Brightmail. Brightmail has set up
e-mail boxes all over the world that
exist solely to receive spam. When these
mailboxes get a message, the message is
sent back to Brightmail's 24-hour
operations center. A person looks at the
message, identifies it as spam and
constructs a special-purpose filter for
that message. This filter is then
distributed to all of the businesses and
ISPs that subscribe to the Brightmail
service. The theory behind Brightmail is
that spammers tend to send the same
message to millions of different
mailboxes; once a message is identified
as spam, that message won't bother any
Brightmail customers.


By Simson Garfinkel

"Simson Garfinkel is a frequent contributor to Salon, the Chief Technology Officer of Sandstorm Enterprises, and the Chief Scientist of Broadband2Wireless, Inc."

MORE FROM Simson Garfinkel


Related Topics ------------------------------------------