Protecting Yourself from Spam
Part 1: Keeping Your Email Address Private

Okay, you got the point, spamming is a Bad Thing. How do you prevent it from happening to you, you are now wondering? There is no guaranteed way, but there are five general approaches. I will cover the first approach in this article. That is, to prevent spammers from getting their slimy paws on your address in the first place. Ways to at least lower the chance of this include, in order of decreasing effectiveness:

• Don't put (or let anyone else put) your email address, in plain text, in or on a Usenet post. This includes the headers (even the "hidden" parts), and the body, including the signature (where many people put it, thinking it's safe). Spammers run programs, usually called "harvesters", that look at Usenet articles and search for anything that looks like an email address.

  To combat this, you can "munge" your address in the From line. That is, to change it in such a way that a harvester will not get a valid address, but a human (reading your post and wanting to respond) can easily change it in order to send you email. Most newsreaders (programs used for reading Usenet newsgroups) allow you to set your From line, including both the email address and "real name" fields, to anything you want. For instance, my Usenet posts usually say:

  From: davearonson@xgeocitiesx.com (Dave Aronson (remove x's to reply))

  Note how the munged part is the domain, not the username. That means the spam won't even reach Geocities and soak up their resources. Also note the instructions; many ISPs frown on munging unless accompanied by clear and simple instructions, placed prominently. Another common form of instruction is to reveal the true address in the signature but not in standard form, such as "foo (at) bar (dot) com".

  Do not, however, munge your address when sending email! If munging causes your domain to be invalid, your email will be rejected by many sites.

• Don't put (or let anyone else put) your email address, in plain text, on a web page. Notice how there are no mailto links on my web site, that point to me. Geocities has a CGI script to email the owner of the page, so I use that instead. (Sure, someone could use that to send me ads for something I don't want, but it wouldn't be worth their while, compared to spamming millions of people at once.) If they didn't provide such a thing, I could at least reveal my address in a mangled form, as above.

• Some online services, most notably America OnLine, make it fairly easy for anybody, including spammers, to download the entire membership list. Make sure your online service or ISP doesn't allow this. On some, they may even be able to grab a "profile" that says where you live, what your interests are, etc. -- in other words, solid gold for marketers.

  (Note that it is generally easy to grab the user list for a BBS, but only by members of the BBS, and BBSes are generally highly spam-resistant in the first place, so spammers wouldn't bother going to all that trouble.)

• Some ISPs allow anybody on Internet to see who's on that ISP at the moment. Make sure yours doesn't allow this, though it's OK if they allow checking for individual users. Spammers can set up programs on their own computer, to check lots of ISPs every once in a while and compile the results.

• Don't confirm your email address. Some of the common ways that spammers get confirmation are to ask you to tell them your email address in order to be taken off their lists (it's a lie), and to use "web bugs" in the email they send you. Web bugs are bits of HTML that essentially call home to say "email #725375926 was opened". This tells them that the address it was sent to is valid. To avoid accidentally activating a web bug, do not read your email in HTML! If you must, do it in "offline" mode in Netscape, or configure your program not to load anything from the Internet in order to display email. (How to do that is beyond the scope of this document.) Above all, do not use Outlook's Preview Pane! This is a major source of viruses as well.

Unfortunately, once these scumbags get hold of your address, they will not let go. My BBS still receives spam for users who have not been on in five years or more.

Next: How to Filter Out Spam.