Thursday, December 22, 2005

a life without spam

I'd greatly appreciate it if you all took a moment to read this friendly piece of advice. Both for my own benefit and yours. Tired of receiving spam, I signed up for a new email account with gmail nearly a year and a half ago. Here's something I bet you can't say about your email account:

Total time in use: 16 months
Total number of spam messages: 0

And I don't mean that gmail's spam filter has caught all of it. I mean that literally zero spam messages have ever ended up in my inbox or spam folder. In contrast, my old email address receives approximately 15-20 spam messages each day. And that's only the number that get through my keyword filter. Most people, it seems, suffer to some degree from spam. And it's sad, because it's possible to avoid spam entirely. In fact, it doesn't take much work on your part.

Here's the trick: don't give spammers your email address. I know; it sounds obvious. But, you have to remember that spammers don't walk up to your door and say, "Hello. I can I have your email address in order to send you unsolicited messages?" They use in far more insidious methods. Here are a few of their tricks, and what you need to do in order to avoid them:
  • Spammers use scripts which scour the web gleaning phrases which look like properly formatted email addresses. If you have a homepage, blog, etc, don't list your email address. If you must share it, do something like "ryancox [-at-] gmail [dot] NOSPAMcom". People can figure out what your address is, but a script probably won't recognize it. Also, when you post to forums or leave comments on blogs, don't give them your email address or use it as your login name since it will be publicly displayed.
  • Spammers set up sites which offer free services like sending greeting cards, announcing events, organizing your personal contacts, or "send this page to a friend". All you need to do is put in your email address and your friends' email addresses and they give you the "free" service. It's a trap. How do you think they pay for the development and bandwidth? They sell collections of addresses. This one is the worst of all because you are not only bringing spam down on your own head, but also selling out your friends. In general, any online site which asks for your friend's email addresses is a fraud and a spam trap. Never, ever, ever, hand out a friend's email address. It doesn't matter how legitimate the company looks or how reasonable the offer sounds. You can always paste the URL into an email and send it to your friends directly. You can always send the invitation yourself. It's trivial, people. The only reason a web site would volunteer to do it themselves is to harvest the addresses.
  • Spammers use spyware and security holes to steal personal information from people's computers. Many of these spyware programs pose as helpful applications (download faster, check your computer for problems, search helpers, personal organizers, Realplayer, etc). But their real goal is to search your computer for address books and cookies and report email addresses back to a shady off-shore company who sells the list to spammers. This is why it's important to keep your computer secure and updated. Two rules to follow:
    1. Stay current with updates. If you use Windows, make sure you have XP with service pack 2. Check Windows Update frequently.
    2. Do not use applications with a history of bad security holes. Absolutely never use Outlook. And don't use Internet Explorer unless you really know what you're doing.
  • Finally, hackers have several times broken into hotmail and AOL. They gather lists of usernames and sell them to spammers. Either that or hotmail and AOL are selling the email addresses directly. Test it out. Create a hotmail account, leave it for nine months, and check it again. Ninety-nine percent of the time you'll have spam even if you've never used the account. Don't use hotmail. Yahoo is bad too, I think.
As you can see, by avoiding a few basic electronic temptations you can avoid ever giving spammers a chance to spam you. It's really quite easy. The difficult part is your friends. You are even more likely to be sold out by your friends than you are to expose your self to spam. Of course, they never realize it. They mean the best. They want to keep your in their online address book, send you e-cards, use Outlook, and so on. Well, pass on the word. Tell them to stop. When I signed up for my spam-free account I sent an email to my friends announcing the new address and politely requesting that they refrain from e-cards and not email me from a computer using Outlook. It seems to have worked. To illustrate the opposite effect, here is a story about another email account.

The same time I signed up for my spam-free account I signed up for another gmail account. I wanted to test gmail's security and policies by letting the account lie unused. I logged in regularly to check the account, but I never used it or even mentioned it to anyone. About six months later, the email account I use for work was having problems. So, I decided to send out an email from my alternate gmail account letting my bosses know that emails were bouncing. I sent one message to three people. A single message. None of them responded. But three days later my spam folder was flooded. Spam was coming from one source at first, then many. The address had been passed around, sold, re-sold, and shouted out high and wide. This happened without ever entering the address in a web form, without signing up for "free offers", and probably without my one boss even reading the message. Some weeks later I had to perform maintenance on his laptop. Sure enough, I found that he was using unpatched versions of Outlook and Internet Explorer and his computer was riddled with spyware. One or more of the spyware applications was probably checking daily for new additions to the Outlook address book and inbox. It found an email from me, slurped the address, and sent it off. This man is not the kind of person who downloads games or toys from strange places on the internet. He merely used unpatched applications with security holes. Then, through no action of his own, malicious attackers installed piles of software without his permission. And I now receive piles of spam in that email account.

So, that's the lesson for today. Keep your computer clean and send out your own invitation emails. And remember that it's not just for your own good. Your online habits affect everyone who interacts with you. Please be responsible.