The Campaign to Stop Junk Email
Preventing Junk Email
An ounce of prevention is worth a pound of cure.--Ben Franklin
This document teaches you what you can do to minimize the amount of junk email you receive, and to dissuade people from sending you junk email in the first place.
On This Page
The truth is, there's not a heck of a lot you can do (without seriously cramping your net.style) to prevent people from getting your email address and sending you junk email. The most effective means of cutting down or eliminating the junk email you receive is to change public attitudes or laws about junk email. That said, there are some specific things you can do to minimize the chances of your address ending up on a junk emailer's list.
I want to say up front that I don't believe in the "do-not-mail list" model of preventing junk email, mostly because it shifts the burden to the recipient, doesn't actually work, and most importantly, because it legitimizes the idea of junk email as acceptable. I really can't, in good conscience, recommend something that, in the long run, is going to make the problem worse.
This is not to say that I don't support petition-type drives that indicate a large number of people prefer not to receive junk email.
There are some 7 million potential junk email victims on America Online, and AOL email management tools are particularly cumbersome, making it that more annoying. On the plus side, due to customer complaints, AOL has really gone to bat against junk email.
I used to get a lot of junk email sent to my America Online account, even though I never posted news or sent mail from there. Sometimes the mail originates from within AOL, but surprisingly, it mostly comes from outside. I believe this is because junk emailers use those ever-spiffy free AOL diskettes to abuse the Member Profile Search services and use it to generate a mailing list of people who have similar interests, (or rather, who have the same key words in their member profiles--what does a junk emailer care if the interests really match?). Then they use the list to feed a junk-email script on a Unix system. I deleted my already minimal member profile to see if it would decrease junk mail to that account. If you are an AOL member, you can do the same by selecting "Member Directory" from the "Members" menu, and then hit the "Delete Your Profile" option.
I was still getting loads of junk email there (It's probably too late if you are already on their lists), so I also recently completely blocked all email from my AOL address (which I don't use for email anyway). I had enough trouble keeping up with the junk email in my regular mailbox. To reject all mail addressed to your AOL account, you need to sign on under your master screen name (the one you created when you first opened the account) and go to keyword "Mail Controls." For each screen name on the account, you have the option to block all mail, block all mail that originates from addresses or hosts you specify in a list, or only allow mail from addresses in that list. Obviously, if you want to receive legitimate email at your America Online account, blocking all mail is not an option.
Now that the court injunction has been lifted (see news), AOL has implemented PreferredMail, which blocks mail from a "regularly updated" list of known junk email sites. AOL's press release says that "the sites on the PreferredMail list have consistently sent large volumes of unsolicited junk e-mail and have been the subject of numerous member complaints over a short period of time."You don't need to do anything to have this feature turned on--it is enabled on all accounts by default. Note that this is only going to protect you from known junk emailer addresses--it can't stop junk mail from new sites, nor junk mail forged cleverly to look like it came from a different site. AOL users should forward any junk email they receive to screen name TOSemail1 (or TOSemail2 if mailbox TOSemail1 is full). If you want to receive mail from those sites (maybe you don't trust AOL's judgement, or you are just sick and love junk email, I don't know) you can go to keyword "PreferredMail" to turn it off.
If you subscribe to automated mailing lists (LISTSERV, LISTPROCessor, etc.), you should be aware of the ability of junk emailers to acquire your email address from these sources, and what you can do to prevent it.
Most mailing list software allows pretty much anyone to issue a command by mail to display the names and email addresses of all subscribers to that list! Since the mailing list administrator removes bad addresses in response to bounce notifications, the address list contains all valid addresses--a gold mine for junk emailers. With most mailing-list software, you can send a command to prevent your address from appearing on these lists. I recommend doing this for all mailing lists you subscribe to. The method to accomplish this depends on the type of mailing-list software. When you originally subscribed to a mailing list, you got a message from the server that summarized commands gave instructions for getting off the list and changing options. This message should tell you on what kind of software the list is running.
Important: Note that the address you send these commands to is not the address to which you send messages for the list. It is the address where you originally sent your "Subscribe" command.
If your mailing list software is LISTSERV, anyone who signs up to the list can issue a REView command to display the names and email addresses of all subscribers to that list. If you want to test this, send an email message to the LISTSERV command processor (again, not the address where you send messages to the list for distribution) with only this command in the body text: REVIEW
To prevent your name and email address from appearing, send a message to the LISTSERV command address (the same address you sent the "SUBSCRIBE" command to) with this command in the body of the message:
SET listname CONCEALIf for any reason you change your mind and want you name and email address to be available to the REView command, send SET listname NOCONCEAL. Note that a complete list of members is always given to list owners and LISTSERV administrators regardless of this option.
If your mailing list software is ListProcessor, aka LISTPROC, a similar command for listing subscribers is available, in the form REView list-name SUBscribers (obviously, you put the name of the mailing list in place of "list-name"). To suppress your name, you need to send an email message to the ListProcessor command address (again, not the address where you send messages to the list for distribution) with this command in the body text:
SET list-name CONceal YES
Obviously, put the name of the list to which you are subscribed where the words "list-name" appear above (When you subscribed, you sent the either the command SUBscribe list-name your-name or JOIn list-name your-name.) Use the SET list-name CONceal NO if you want to make your name and address available again.
The Majordomo mailing-list software uses the who listname command to list the subscribers of a mailing list. Unfortunately, there is no way for an individual user to suppress display of their email address.
Majordomo supports "public" and "private" lists; "private" lists don't respond to the who command. So, if the who command sent to the Majordomo command processor works (again, not the address where you send messages to the list for distribution), you need to get the administrator to change the list from "public" to "private." (In fact, the administrator needs to have direct access to the system where Majordomo is running.)
Every time you post a message to Usenet, you are making your email address available to everyone else on Usenet. It is trivial for a junk emailer or mailing-list vendor to get a news feed, and then grab several thousands of email address from the Usenet news headers. This is, in fact, the source of most junk email list addresses.
Unfortunately, there's not a heck of a lot you can do about it. Your only option is to not put your real email address in you news reading software. Of course, entering a bogus address prevents people from responding to your posts via email, severely crippling communications (one more irritating effect of junk email).
Some usenet users have taken to entering their address as user[at]host.com or other similar variations, which should fool automated address slurpers, but allow humans to respond by email after manually editing the return address. If you are going to use this method, I recommend picking something uncommon, and changing it frequently. For example, if you email address is firstname.lastname@example.org, use joeblow@isp.YEAHRIGHT.com, and put a notation in your .sig file (appended to the end of your Usenet posts) to delete "YEAHRIGHT" from the address when replying. Then change it next week. I have seen many variations on the them of joeblow@NOSPAM-isp.com, and I figure it's only a matter of time before list vendors start automatically removing this sort of predictable strings from the addresses on their lists.
Filling out Web forms and providing your real email address is asking for junk email. I do it with large, reputable companies like Adobe, but you shouldn't just give it to every page that asks. Lots of pages require it before granting demo and freeware demos. Pictorius, who provide a freeware Web and ftp server for the Macintosh, and I provided them with my email address on their download form. Pictorius has junk emailed me three times with advertisements for their commercial products, including a message with a 320K acrobat file attachment, despite my repeated complaints. (Of course, all the information they sent me was readily available at their Web site.)
Given this sort of behavior, I recommend not providing an email address on Web forms. If you really want try a product, and the Web form won't let you proceed without an email address, I recommend entering a fake one like postmaster@the-Web-site.com.
One of the biggest sources of email addresses for spammers is the Web. Spammers use "address harvester" software that crawl Web pages looking for email addresses. If you are a Web author, and wish to put email addresses on your Web pages (to provide ease of contact to legitimate users), you can encode the mailto links with URL-form-encoding This may fool the address harvesters, and the mailto links will still work fine with broswers. Robert Graham provides a tool for email encoding on his site, www.robertgraham.com. For additional protection, you can similarly encode the visible text versions of email addresses using the character entities.
Anonymous FTP is used to download publicly-accessible files from sites on the Internet, without requiring an individual account or username on the remote system. The traditional way to do so is to sign in to the FTP server as username anonymous (spell it correctly!) and then give your email address as the password. Therefore, "anonymous" file-transfer protocol (FTP) sessions can be anything but. This tradition was developed back when the Net was young, and long before the advent of the Web or junk email.
You may not even be aware that you are providing your email address this way. A link on a Web page may take you to an anonymous FTP site without you even noticing until it is too late (you will notice an ftp:// instead of http:// in the location area of your browser). Your Web browser or FTP software may helpfully provide your email address as your ftp password automatically, without your intervention or knowledge. This technique could be used by a junk email address collector to snatch your address from a link on the collector's Web site.
It is also traditional for anonymous ftp to accept "guest" as the password. Some systems insist on an email address; in this case, if you don't trust the owner of the server, you could provide a bogus address (anything in the format email@example.com).
Personally, I do provide my real email address as ftp password if the site is a reputable one (like the Info-Mac archives or a university site) and it requests it. If I you don't know anything about the ftp site, I recommend using "guest" or, failing that, a bogus address.
|Back to Top|
Thursday, September 26, 2002
at 7:26 AM by JCR