Email spam

Spam is bulk, unsolicited, junk email, also called UBE. A spammer is someone who sends spam.

How to give your email address to spammers

• Email addresses on the web will receive many spam messages every day.
• All messages to some email lists are put on the web for all to see.
• Some people, businesses, and organizations sell or share with others the email addresses you give them.
• Some web communities and email lists are easy to join and obtain email addresses of members via lists or posts.
• Email addresses configured to reply with a vacation message providing alternative addresses can be used by spammers.
• Every domain name's registrant, technical, and administrative contact email addresses are public.

Other ways spammers obtain email addresses

• Viruses can find email addresses in email address books and email messages, and give them to spammers.
• Your email recipients, or viruses on their computers, can give addresses in your email to spammers, or forward your email to one that does.
• Email to discontinued addresses under domains owned by spammers can be harvested for email addresses.
• Spammers guess email addresses such as "contact" and "info".
• Previous owners of an email address may have let the address be obtained by spammers.
• When spam is redirected to another address which bounces the email, the resulting email gives that address.
• After spammers and viruses obtain an email address, it'll receive spam forever.

How you tell spammers your address is valid

• You receive spam, and reply with a request to stop sending email.
• You reply to spam as valid email.
• Email from a spammer contains an image which is retrieved from the spammer's website.
• Email from a spammer contains a script which communicates to the spammer.
• Spammers try many addresses at a domain, and the ones that are not rejected are assumed valid.
• Your email client is configured to automatically tell senders that you received their email.

Spam laundering: hiding the origin

• The "from" address is usually faked when an email is not legitimate, such as spam or virus.
• You spam if you bounce spam to their "from" addresses, such as for email sent to nonexistent addresses at your domain.
• Some viruses allow the computer to be used by other computers to send spam.
• Some web form processing software can be tricked in sending spam to any address.
• Some SMTP servers on the Internet allow anyone to send email to anyone.

When you report spam sent to your email address and redirected to another, the initial recipient is reported as the spammer, unless you told whoever you report the spam not to do so, and they are capable of not doing so.

Alternatives to email addresses on the web

• Your forms on the web allow visitors to send you email without revealing your email address, but you'll receive form spam.
• Put a link to a web page for contact and other information.
• Email addresses in print are usually okay, because addresses there can't be collected by spammers automatically.
• On the web, describe your email address without writing it out exactly as it is.

Don't help spam

• Use anti-virus software and keep it updated.
• Use an email client or firewall that does not allow email to communicate with the web.
• Use firewall software to block unwanted communication into and out of your computer.
• Avoid doing business with spammers.
• Don't bounce spam to its "from" address, including spam sent to a nonexistent address at your domain.
• Don't allow anyone to use your Internet server to send spam.
• Report spam, but be careful to whom you report it.

Sender authentication

With email sender authentication, when an MTA is asked to deliver an email, the MTA can check the sender's domain name DNS for records that limit which IP addresses (sender IP) are authorized to send email.

There's also email message authentication, such as the DomainKeys specification by Yahoo, whereby the "sending" domain provides a public key to decrypt a value in the email header. If the result matches a standard calculation based on the email content (header and body), then the email was sent by the domain.

The authentication methods above help email recipients and domain name owners.

Message sources

• Email client on a PC sending email via SMTP
• Email system on another computer, possibly via the Web.
• Form in a web page.
• Server managed email list.
• Domains that redirect email to other email addresses.
• Open relay or computer virus.
• Undeliverable email bounced back.

In each case, "from" and "reply-to" can each be the same or different from the domain name of the computer sending the email.

Filter spam

• Obtain email addresses that can be discarded when they receive too much spam.
• Have another address that you protect from spammers, and that has no spam filtering.
• Use email sender authentication to verify the IP address is allowed to send email from the domain.
• Choose uncommon addresses that, if used as a message greeting, help indicate the email is spam.
• Use spam filtering software or service. (No spam filtering system is perfect; it won't block all spam, or not block all good email.)

Email list privacy

• Care is needed when configuring and using lists to protect privacy and avoid spam.
• Before an address is added to any list, send an email to the address, and require a response to verify the address is correct.
• In the instructions to subscribe and unsubscribe, include the privacy policy for the list.
• When an address is added to a list, tell its owner where the address was obtained, and how the address will be shared.
• Remind list recipients to check their computers for viruses which can read addresses in incoming email.
• Discontinue sending posts to invalid addresses.

Writing email, considerations not spam related

• Avoid message formats that can't be used by all recipients. Plain text is good.
• Provide documents in a format usable by others and not requiring costly software or a certain operating system.
• Some email software create clickable links out of Internet addresses but only when email is plain text, not HTML.
• Avoid large attachments. If it's on the web, link to it instead.
• Avoid line breaks inserted automatically by your email software or service. Let the recipient choose line length.
• Avoid automatically adding the same signature/footer lines to every email you send.
• Avoid anything, such as advertisements, inserted by your email service provider.
  (When your outgoing email contains advertisements, your recipients pay for your email service.)
• Be careful that no virus is attached to email you send and receive.
• For a professional look, send "from" an email address that ends with your organization's domain name.
• Recheck your email body and header before sending it.
• When transferring files to others, zip them with comments, so file dates can be compared, and origin determined.
• Set "reply-to" only if you don't want replies to go to your "from" address.
• Set your time zone and your computer's clock, so your email gets correct time stamps.
• Read How To Ask Questions The Smart Way, by Eric Raymond.

Where you might provide your email addresses

• In print for people who already have a relationship with you (your newsletters, postal mail)
• In print for potential relationships (outreach literature, business cards)
• Your website
• Your contact forms on your website
• Other websites
• In "from" field of email you send
• In messages of email you send
• Lists to which you are subscribed
• Registrations with others
• Internet standards (abuse, postmaster)
• Obvious, common, guessed addresses (info, contact)
• Domain name whois report

Spam effect

• Spam wastes enormous amounts of resources, time, and money.
• Spam makes people reduce the availability of their email addresses, hindering communication.
• Spam causes suffering, and reduces the time people can spend helping the world.
• Spam is a huge detriment to society.

More elsewhere

• More email advice on this website.
• StopSpamAlliance.
• Spam topic in Open Directory.
• Search the web for "spammers obtain addresses" using Google.
• Search the web for the word "spam" using Google.

This page's 15 sections: top, give, obtain, laundering, confirm, alternatives, relay, authentication, sources, filter, lists, writing, where, effect, elsewhere.