Some Suggestions: Fighting Email Spam
Home
Opal Summit
Software
Marketing
Endorsements
Examples
Contact Us
About Us

Contact us for help with using technology to manage and grow your organization or business, whether through software, database, or event management and e-commerce..

We can also help ensure you comply with federal laws regulating all commercial emails.

Ask for a free, no obligation initial consultation.

Can You Can Your Email Spam?

Yes, you can greatly reduce spam.  Personally, I was forced to do so, and the results have been very encouraging due to the investigation and planning I carried out beforehand.  After suffering for the last year with a steadily growing volume of spam, rising to more than 200 daily, it really was necessary to take action and deal with the problem.

The biggest problems with spam can beSpam, anyone?  Have you had enough? the intermingling and the risk of loss of desired messages with garbage (I will use that word as a synonym for spam, for variety), and the distraction by receiving spam messages throughout the day as often as every few minutes.  After all, it is one thing to get three or four annoying or repellant messages daily, but it is another order of magnitude worse when one is receiving hundreds of such messages daily!  However, in either case the amount of garbage can be reduced or (nearly) eliminated through appropriate actions.  Other problems that some may experience relating to spam include virus infections contained in spam, and the occupying of limited server space by the unwanted garbage messages.  Last but not least in the negative column is the stupid and dishonest nature of nearly all of these unwanted emails; we have all experienced this aspect.  There is already enough nonsense in daily life!

First I will provide a non-technical overview, then more detailed information.  The third section will outline the specific steps I have taken to escape spam, and finally we will end with some useful links.  In some cases, you may need your technical staff member or a skilled friend or colleague to help you implement the information contained here, but most of the ideas can be carried out by anyone who gives it the necessary attention.

This article is based on observations I have made during the last seven years as an Internet professional, as well as my reading and research on the topic, and twenty years as a systems expert.  However, if you find any corrections to be made, or have valuable information to contribute, please let me know and I will distribute any worthwhile updated information, through dated updates to this article. So, here we go....

Overview of What to Do and Not to Do!

  • Do not put any important email addresses on public Web sites or in list servers and discussion forums. Examples of important addresses that should be protected are your main personal email address, and any company informational or support email addresses. The latter is one reason that the best business Web sites use forms for inquiries, and do not provide actual email addresses on their Web sites.
  • If it is necessary to put an email address in public view on a Web site, use HTML and JavaScript techniques to disguise the address by replacing some characters with their special HTML equivalents (this does not work well for mailing lists and forums) or using JavaScript for obfuscation.  There is a link to a free email obfuscation Web page at the end of this article. The site generates JavaScript, which is more effective than simply creating HTML codes as some services do.
  • Create one or more temporary email addresses that you can easily discard and replace if it/they become overridden by spam.  Use these temporary or semi-temporary email addresses whenever in doubt about your privacy being protected.  Yahoo, Hotmail, and Gmail are three of the popular services that allow creating free email addresses, and there are others.
  • Check the privacy policies of Web sites to which you provide email information, before providing your information.  Change the default settings on those sites, if they are unfavorable initially.  There is generally a "My Account" page or equivalent where you can choose your settings regarding email policies. Again, be aware that some organizations do not allow you to select complete privacy.
  • Use the unsubscribe links that some spams provide, but only for "responsible" companies.  The unsubscribe links are effective when it is a recognizable entity sending the unwanted emails; the results of unsubscribing from an unknown, unethical spammer is less predictable. However, surprising as it seems, the professional spammers are quite afraid of violating the laws that require spams to provide valid and effective unsubscribes, so there is more compliance than one might think.  The new federal law that went into effect January 1, 2004 ("CAN-SPAM") requires specific provisions in all commercial email (see below).
  • If you have a highly spammed email address, migrate yourself to a new email address, using the information contained in this article.  It is not possible to "clean" a highly contaminated email address!
  • After taking all the above steps, you will probably still receive some spam, but not much.  If you want to further restrict the spam that reaches you, there are a variety of services and methods, some free, and most very low-cost, that have different strategies to help prevent spam from reaching you.

Why Are You on Spam Lists

Clear evidence exists (see the information link at the bottom)Privacy does matter that by far the greatest cause for receiving spam is having your email address on a public Web site.  Some public sites are much worse than others, for example, if the Web site is highly visited, and especially if connected with America Online.  In short, I would advise strongly against putting an important email address in any public Web site.  Participation in some forums and mailing list groups can also lead to significant spam, but generally not as much as public Web site exposure.  You should have a second and perhaps third and fourth email address to use in lists and forums. Protection of your email privacy does matter; it allows you to effectively and productively use the valuable tool of email.

Many of us (especially Web masters and other Internet experts) have heard over the years that registering an Internet domain name will result in significant spam, but most registrars now offer private registration, which hides the email address of the registrant.  In any case, it may pay to use a "semi-disposable" email address for implementing domain registrations.  By "semi-disposable", I mean an email address that you plan to keep for a considerable period, but which you do not use for direct business or personal correspondence, so it could be discarded fairly easily if it became the target of a large amount of spam.

There is some good news in the spam wars:  nearly all commercial Web sites that claim to have privacy rules do honor those rules.  Certainly Amazon and eBay and similar large Web site companies honor their privacy rules including their unsubscribe procedures, but you need to carefully read your profile, and choose the opt-in and opt-out settings that you want.  And you do need to read carefully the privacy policies and procedures of each online company that you interact with, since some sites by default will share your information with all kinds of third parties.  Despite this unpleasant default, if you do tell them not to share your information, they will stop sharing it as well as stop emailing you.  Occasionally, a company states right in its privacy policy that it will share your information with "selected partners" no matter what preferences you indicate.  If you still want to deal with them, make sure to use a disposable email address. I avoid such companies whenever possible.

And, more good news:  as mentioned above in the overview, the unsubscribe options of reputable companies, and even many less reputable, do work, or at least do not lead to more spam.  If you are getting unwanted emails consistently from a given source, it would be worth trying the provided unsubscribe option.  Unsubscribing is most useful when you already have general spam under decent control, and you start receiving from one or two new unwanted sources of email.  Once you have a large number of companies or spammers reselling your address to multiple other companies or spammers, the situation requires more drastic action.

Getting Away from Spam

If you are receiving a large amount of garbage email that does not offer unsubscribe i.e. the worst kind of unwanted email, or a large amount of uncontrollable junk email, and you no longer want to tolerate it, you have very few choices.  The two main choices are 1) use filtering methods, and 2) change your email address.

1) Filtering

There are many filtering strategies or techniques, and there are multiple companies implementing each of those strategies;  I have not tried all of them, but have tried some of the most prominent, and I will tell you about those. In addition, there are some specialized solutions for very large companies (with many thousands of users) that I have not tried out.  The product / solution names that I mention below I have used for a significant length of time and can comment on with direct knowledge.  All are credible efforts against spam, although I make the case that a couple stand out from their competitors.

First a definition:  email spam filtering includes any method that attempts to separate desirable emails from unwanted or garbage emails as they arrive.  The methods used vary quite a bit.  One type of solution is a "plug-in" to Microsoft Outlook and possibly to other email client software as well; plug-in solutions run on your own desktop (or laptop) computer.  Plug-in solutions include SpamBayes and Cloudmark (formerly SpamNet).

SpamBayes which is free (check their official policies) uses intelligent processing on your own computer and attempts to learn the pattern of what you consider to be spam.  It learns over time, based on your responses, and eventually becomes rather accurate.  It allows you to have borderline emails placed into a holding area called "Possible Spam", where you can decide what to do.  It is very easy to use, but has two drawbacks: if you work at multiple locations, each computer needs to be trained separately; second, SpamBayes does slow down email processing.  But, some people love it.

Cloudmark, primarily client-based as far as what the end-user sees, is actually a hybrid, since it involves both a plug-in and an indirect server component.  I have been using it for two months and it is superior to SpamBayes.  People all over the world vote on what is or is not a spam message, right from their email programs.  After enough complaints, the message will then be filtered out for all remaining users.  The filtered messages are just placed in a different mailbox on your desk, so that, like SpamBayes, you never accidentally lose an email that you need due to incorrect filtering.  Cloudmark does charge a modest fee. In order to keep the filtering updated on each subscriber's client email program, Cloudmark runs servers that accumulate and share the experience of their entire community.  This is an advantage to the end-user, because the learning is done in a centralized server, even though the rules get applied at the client level.

Another solution type is the pure server-based solution.  The one I used to use is SpamArrest; the one I use now is Postini (see below).   Both do what they claim to do, and very effectively. SpamArrest allows the user to set up a blocked list and an authorized list of senders. Postini allows an authorized list and a blocked list as well, but it does not interfere with new non-spam email coming in. Postini's focus, unlike SpamArrest, is the developing of intelligent filtering at the server level; SpamArrest does not offer this since it relies on white lists and black lists. Postini on the other allows a wide variety of custom filters as well as filters that Postini itself maintains on several categories (including "Get Rich Quick", "Sexually Explicit", and others).  Additional valuable features of Postini service include email spooling (if and when your email server goes down, Postini saves incoming emails and automatically sends them to you later, after your server comes up again), and high-quality filtering for viruses in the emails (optionally incoming and / or outgoing).

The advantages of either hosted service (SpamArrest or Postini) over a client-only solution is significant, in that the spam never even gets close to your own computer.  Even if you work in multiple locations; you are setting up or adjusting a server just once no matter where you work from. You also avoid the slowdown that can be associated with processing and filtering emails on your client machine as the mails are coming in.  All the work is done by the provider's server before it reaches your email server or your computer.

I used to use SpamArrest by checking daily the accumulated questionable emaTake back your Inbox from the criminals and low-lifesils held by SpamArrest;  SpamArrest and Postini avoid constant interruption of the user when running any email client, and they store held emails on their servers. Postini is superior because most emails come right through, even if from a new sender, unless suspected of being a spam.  In my experience over more than one year, few emails have been labeled as spam that were not, but when it does happen, you can easily release them. In my opinion, Postini is superior to SpamArrest for a number of reasons, some of them mentioned above, and these include 1) no warning message about being blocked gets sent to new people sending you email, 2) Postini servers intercept viruses and denial-of-service attacks before they reach your own server, 3) Postini has a handy service whereby if you email server goes down even briefly, Postini starts to "spool" your emails, holding them until your email server comes back online, and then automatically forwarding them to you, so the senders do not see an error message and the message is not lost, 4) Postini is highly configurable, much more than SpamArrest.  Although its interface is unusual, the good news is that once set up, the maintenance of spam criteria is mostly automatic; and Postini is well set up in that it sends you messages at all critical events, such as spooling of emails for your (down) email server.

Currently, I pay for annual subscriptions to both Postini (server-based) and Cloudmark (client-based). The combined cost is about $60 per year. I probably would not be using both together except that it allows me to provide knowledgeable advice to clients, and I am always looking for the best ways to do that, which requires personal experience in many cases.

Without giving an exact number (to avoid tempting the spam pros), my level of spam has dropped dramatically, two years after implementing all these changes.

2) Moving Your Email Address

If there is no other choice, you may need to change your email address. If handled carefully, this can be less traumatic than it sounds.  No one wants to miss important personal or business emails, or lose contact with old connections whether personal or work-related.   My way of handling it requires some technical expertise, but works 100% for avoiding disruption of contact.  See the next section for details.

When changing your email address, the first important factor is to make sure that any automated emails that you have been receiving also get corrected at the source, to send either to the new email address you are creating, or to one of your free temporary or semi-temporary email addresses that you have set up at your ISP, hosting company, or at Yahoo or a similar service.  As an example of what is needed in this kind of situation, if you have set up a Web site hosting account, the annual domain renewal reminders will go to an email address you provided.  If you change that email address and you do not receive the reminder, and you forget that renewal time has come, you can not only cause the Web site to stop working, but may also lose the domain permanently if someone else grabs it after an additional time period has passed.

On a more common level, if your Amazon.com (or BarnesandNoble.com!) order confirmation comes to an invalid email address, you will not see it, and you may lose track When you've got to move, you've got to moveof what is happening with that order.  There are other, more significant (but less obvious) examples as well.  So, early on, you should change all the long-term profiles you have with online retailers, mailing lists, etc., deciding on a case-by-case basis whether they should have your primary email account, or some other account, in their records.  My recommendation is to give your main address only to people whom you know, and not to give your main address to any Web site; but how you handle this is a "personal" decision, and depends on how much you want to trust these third-party Web sites.

How I Made My Email Address Change

Some of the steps below are rather involved, but most are simple, and I believe that the procedure is thorough and avoids disrupting one's use of email.  Here is what I did to successfully move to a new email address:

  • Create a new email address with which I am comfortable
  • Change all long-term email addresses (online financial firms, online retailers, Web hosting registrations, etc.) to either the new address or to another durable but non-primary email address
  • Change the Outlook, Eudora, and other email clients anywhere I work to use the new email address for correspondence, in both the source email address and the reply-to address (normally these are the same, but check that you do not have something else in the reply-to box)
  • On the email server, have all the old email address traffic automatically forwarded to the new email address.  You may need a technical person to do this for you.  All the email providers I have worked with allow for email forwarding, and it may be easy enough to do it yourself.  It is possible that some email providers will not allow you to forward emails
  • Export from the Inbox all activity from the last few months, and massage the data to be sure only real people get the notification message; you want to be sure that no spammer email addresses are in your notification list.  You may need a technical person for this step.
  • Compose a clear message and send to all the people in the list. I used a simple program that I wrote to send to each person an individual email; or you can use BCC (blind carbon copy) so not everyone sees everyone else's address
  • After about two months, I did a search for all emails that came in to the old email address during the two month period; I could easily see which emails were forwarded from the old address by searching the message text contents for the old email address (in Outlook, depending on the version, use the Advanced Find method).  At that time I found a few incoming non-spam emails from people who either were never notified, or who one way or the other forgot to implement the new address. I will emailed or called each of them to politely ask them to update their address information
  • Finally, after about two more weeks, I changed the old email address so it now gives an auto-reply instead of forwarding (again, most email providers allow for this).  In this way, I will no longer receive the emails to my old email address at all.  The auto-reply say something to this effect:  "Hello, thanks for your email.  I changed my email address recently due to an excess of spam.  But you can contact me by calling at (nnn) nnn-nnnn or by going to my Web site contact page.  I would really like to hear from you, so I hope you will overlook this small inconvenience.  Of course once I receive your email and I reply, you will have my new email address."  If they do go to the Web site link, they see a contact form which sends me an email, but which does not let the visitor know what that email address is.

Useful Links for Information, Filtering, and Notification

Well, that is it.  Below is additional information that could be useful. There are also other information articles (some more accurate than others), spam filtering services, and contact services with which I am not familiar, and you may want to search out some of them as well if you would like to weigh all your choices.

Information

Good article about the source of spam i.e. "Why am I Getting All This Spam":
http://www.cdt.org/speech/spam/030319spamreport.shtml


Some Effective Spam Filtering Options
           (a partial list in alphabetical order):

CloudMark - client-based:
http://www.cloudmark.com/ 

Postini - hosted service
http://www.postini.com

SpamArrest (from Spam Arrest LLC) - hosted service
http://www.spamarrest.com

SpamBayes - client-based
http://spambayes.sourceforge.net/

JavaScript Email Obfuscator
http://w2.syronex.com/jmr/safemailto

 

Thank you for reading this article.  I hope it helps you in the war against spam.


by David Alexander
     President, Opal Computing


    Copyright © 2006 Opal Computing. All rights reserved.
     

    [Opal Summit] [Software] [Marketing] [Endorsements] [Examples] [Contact Us] [About Us]