Library - Tips for users
There are three main problems with receiving spam -- it's eMail that's not wanted, it wastes valuable resources, and it often covers undesired or offensive topics. Spam comes in a variety of forms, and spammers use a wide range of techniques to try to fool their victims in some way (often as part of a scam to steal money).
Fortunately there are two approaches people can take to fight spam in a positive, professional manner:
- Passive - Simple things everyone can and should (and shouldn't) do to fight spammers.
- Active - Simple and complicated approaches to taking a stronger stance against spammers.
If you would like to contribute some information, please let us know.
Passive spam-fighting approaches
Novice users should start here because a simple awareness of passive anti-spam measures can make a big difference in the war against spam. The great thing about these measures is that they don't have a hefty time requirement.
- Never unsubscribe
- This is one of "the oldest forms of trickery" that spammers use to determine if they're dealing with a real person. If you attempt to unsubscribe, the spammer may think of you as "gullible" because you believed their lies, and they will probably sell your eMail address to other spammers who will ask you to unsubscribe from their so-called "opt-in lists."
Responsible eMail lists obtain consent from all their users before activating their subscription status. Since these eMails are not spam (especially because you know that you subscribed), these are the only exception to the "never unsubscribe" rule.
- Don't buy or invest in anything from spammers
- Spammers have been known to "take the money and run" when people pay them for products or services they advertise. The best way to protect yourself from this and other types of fraudulent schemes is to not purchase anything from a spammer.
Once a spammer has your credit card number, a cheque, mortgage details, insurance policy numbers, Social Insurance Number, or other personal information about you that relates to your credit, they can easily sell it to con-artists who specialize in social engineering to commit more fraud which could cause a lot of financial problems for you.
Many people also take this one step further by not purchasing from companies that they happen to know for certain have engaged in spamming practices in the past, as a means of "voting with their wallets" because they believe it's unethical to support organizations that spam.
- Do not reply to spam
- Spammers regularly forge the sender eMail address of an innocent third party who has nothing to do with the spam, thus by replying you are actually helping the spammer by further promoting their nonsense. Spammers are thought to do this because they don't want to receive the complaints, but need a valid sender eMail address because some mail servers won't accept eMail from senders with invalid addresses.
In addition to the other reasons for not providing confirmation to spammers that your eMail address is valid, when dealing with spam the best policy is to avoid providing the spammer with any information about you.
- Use up-to-date Anti-Virus software
- There are many viruses that send massive volumes of eMail from the computers they infect. Anti-Virus software works much like a guard dog in keeping the undesirables out.
Updates are automated in nearly all Anti-Virus software nowadays. Updates are important because they enable your Anti-Virus software to accurately detect and eliminate the newest viruses.
One common myth about computer viruses is that they occur naturally; they don't, as they are created by people with a variety of [usually nefarious] intentions.
- Use up-to-date Anti-SpyWare software
- SpyWare is viewed by most as a serious invasion of privacy. Anti-SpyWare software can help you protect your privacy.
Updates are important because they enable the Anti-SpyWare software to detect and eliminate the newest threats to your confidential information.
Unfortunately there are some SpyWare applications that masquerade as Anti-SpyWare tools, and in some situations they have been known to remove competing SpyWare, and then replace it with yet more SpyWare.
- Be professional
- No matter how unprofessional the spammer behaves, always use a calm and polite tone that exhibits a totally reasonable approach to solving the problem. Requesting that all the spammer's accounts be terminated is considered to be a reasonable action among the vast majority of spam fighters, although there are some who seem to believe in the "three strikes and you're out" rule. Obviously you need to decide for yourself what "reasonable" means...
Remember -- it is important to keep in mind that when sending massive volumes of junk eMail messages, spammers are intentionally stealing your valuable time, and your internet and other computing resources.
When dealing with technical support people, being polite and respectful will go a long way in demonstrating that you are being reasonable. If you present threats of harm or legal action, or attack people personally, you will lose credibility instantly.
Active spam-fighting approaches
Intermediate and advanced users with a more technical understanding of eMail, and the internet in general, and who are willing to dedicate more time to spam-fighting, generally already practice these measures. For those who are new to spam-fighting, it provides a general idea of the things they can do to help.
- Report spam
- There are different ways to do this. The easiest is to use well-respected automated systems such as SpamCop.Net (http://www.spamcop.net/) which identifies the source of the spam and reports to the responsible ISP, and RFC-Ignorant.Org (http://www.rfc-ignorant.org/) which keeps track of systems that violate the internet standards (spammers typically disregard standards).
"Manual reporting," which means to send spam reports directly to the responsible ISPs without using an automated system (like SpamCop.Net), is more time-consuming but can sometimes result in the ISP providing you with more information about what action was taken to resolve the spam problem. Also, your complaint will probably be formatted differently from an automated system, thus requiring the ISP to dedicate even more time to dealing with your complaint.
Knowing how to interpret raw (or full) SMTP headers, which is required for reporting spam manually, can be intimidating at first because the headers tend to flow in reverse order from what most people expect. With a little bit of practice, and a somewhat better-than-basic understanding of the logic behind the relevant protocols (namely SMTP and DNS), it can easy to do this properly.
- Choose an ISP who takes the spam problem seriously
- Find out what your existing or potential ISP's policies are on dealing with spam. Here are some basic things you can ask to partially determine their level of familiarity with spam fighting:
- Ask them what happens if other customers send spam (termination of spammer accounts is always a good sign).
- Ask them if their eMail servers have ever been blacklisted (if so, find out why, for how long, and what they did to get de-listed).
- Ask them for their opinion on well-known block-listing systems such as SpamHaus.org, SpamCop.net, RFC-Ignorant.org, SORBS.net, and APEWS.org. More DNSBLs can be found here.
The Lumber Cartel believes that there will be an increased awareness about the spam problem in the business world as more people increasingly ask ISPs these types of questions. The key is asking about the block-listing systems because it encourages uninformed ISPs to start getting better informed.
- Lure spammers into traps
- Operating spam traps and/or honeypots (an "eMail server honeypot" is a system designed to track the true source of spam as well as being attractive to spammers because it is intentionally exploitable) with the intention of using the evidence to report criminal activity to authorities and/or feed blacklists is something that can cause a lot of problems for spammers.
Although there are some folks around the world who do this, it does require a lot of knowledge, dedication, expense, and hard work (many people who do this are known to have clear views on "right and wrong" and also care very deeply about the future of the internet).
- Operate a public blacklist
- Setting up and operating a blacklist is a task that requires a lot of careful planning. In particular, the following should be considered:
- If you are the type of person who can define clear criteria for your blacklist and never make exceptions to it, you have the potential to earn the trust of many spam fighters.
- If you are ready to deal with the problems of threats of violence and legal action from spammers (and anyone else) effected by someone's choice to use your blacklist, and you have the technical expertise and other resources to set up and maintain a blacklist, then this may be an option of interest to you.
- Educate others
- Spread the word to others (and don't send spam to do it) about the passive things they can do to fight spam. If they find it interesting, tell them what you know about the Lumber Cartel and encourage them to read more on this and other anti-spam web sites (see our lists of helpful organizations and helpful people for some great starting points).