PLEASE NOTE: This document is VERY OLD, and it has not been updated in a long, long time. It is also likely that it will not be updated for a long time to come, if ever. HOWEVER, this document and its siblings are widely linked, and so I feel that it is in the better interests of the 'net to leave them up for the time being. Although the basic information contained herein is still relevant, you should be able to very easily find more up-to-date information on specific ways to hide your address, and the author strongly recommends that you do so. From: emailfaq@aol.com (Email Abuse FAQs) Newsgroups: aus.net.mail,news.admin.net-abuse.email,news.newusers.questions,news.answers Subject: Address Munging FAQ: "Spam-Blocking" Your Email Address Followup-To: news.admin.net-abuse.email Organization: Email Abuse FAQs Reply-To: emailfaq@aol.com Approved: news-answers-request@MIT.EDU Summary: A FAQ about munging, or breaking one's email address in Usenet posts in order to avoid junk email Archive-name: net-abuse-faq/munging-address Posting-frequency: weekly Last-modified: August 8, 1999 Version: 2.01 URL: http://www.lumbercartel.ca/archives/emailfaq/mungfaq.html FTP: ftp://members.aol.com/emailfaq/mungfaq.txt Copyright: (c) 1996-1999 WD Baseley Maintainer: emailfaq@aol.com (WD Baseley) Address Munging FAQ: "Spam-Blocking" Your Email Address Version 2.01 changes - Fix example addresses - New Section: 3b. Munging DOES NOT MEAN MAKING YOURSELF ANONYMOUS DISCLAIMER: This document reflects the opinions of the author. This document is provided "as is" without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in this article, the author/maintainer and/or contributors assume(s) no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. ------------------------------ Subject: 1. Table of Contents 1. Table of Contents 2. Basics 2a. Who is responsible for this FAQ? 2b. What is the purpose of this FAQ? 2c. When was this FAQ last updated? 2d. Where can I get it? 2e. Credits & Contributors 3. Definitions 3a. What does 'spam-blocking' or 'address munging' mean? 3b. Munging DOES NOT MEAN MAKING YOURSELF ANONYMOUS 4. Actions 4a. Why should I mung my address? 4b. Why should I NOT mung my address? 4c. How should I mung my address? 4d. How should I NOT mung my address? 4e. If I mung, when should I be sure to use my REAL address? 4f. What else can I do besides munging to avoid junk email? 5. Instructions for AOL members 5a. How to do it 5b. Suggested additions End of the Address Munging FAQ ------------------------------ Subject: 2. Basics 2a. Who is responsible for this FAQ? WD Baseley. Use emailfaq@aol.com to contact the author regarding this FAQ. 2b. What is the purpose of this FAQ? This FAQ is intended to be a concise discourse on "spam-blocking". Otherwise known as "munging", or breaking one's email address, this is usually done when posting to Usenet, for the purposes of avoiding junk email. It is very important to "mung" in ways that minimize possible damage to third parties. The author intends that this FAQ be understood without need of a doctorate in computer science. Those desiring more depth and/or technical information should refer to the Email Abuse Resource List. 2c. When was this FAQ last updated? August 8, 1999. 2d. Where can I get it? The latest version is always available at: It is also posted weekly to these newsgroups: news.answers news.newusers.questions news.admin.net-abuse.email 2e. Credits & Contributors The genesis of this FAQ was Gregory Byshenk's FAQ titled, "Help! I've Been Spammed! What do I do?" Sundry other folk who have discussed, harangued, badgered, cajoled, and otherwise assisted in bringing it to its present state, are held in grateful regard by the author. ------------------------------ Subject: 3. Definitions 3a. What does 'spam-blocking' or 'address munging' mean? (Both terms refer to the same thing - from this point on, the author will use the terms 'mung' and 'munging' term to refer to the practice.) Address munging is the act of modifying one's email address so that email sent to that address will not be delivered to the person doing the modifications. Typically, this is done in posts to Usenet, in order to avoid receiving unsolicited commercial/bulk/boilerplate email (UCE/UBE). The Jargon File defines 'mung' as `Mash Until No Good', probably originating at MIT; sometime later the recursive acronym `Mung Until No Good' became popular. It means 'to make large changes to a file', or 'to destroy data either accidentally or maliciously'. It was probably derived from 'munge', which is why you will see both words used to describe the practice. Then of course there are the Chinese beans. 3b. Munging DOES NOT MEAN MAKING YOURSELF ANONYMOUS Trying to hide your identity by faking your email address simply does not work; even an amateur detective can quickly identify the source of a message if the From: line is the only thing that's been tampered with. It is possible to be truly anonymous when doing almost anything on the Internet, but it takes a lot more work than simply changing the From: line. Trying to hide from spammers by changing the "name" or "real name" portion of your posted address also does not work, because that part of the address has nothing to do with email delivery. In fact, you should make it a point *not* to change your "name" if you decide to mung your address. Many people on the Internet have a consistent name or handle by which they become known. Changing this part of your identity only makes you unidentifiable to people who have come to know you on the net. ------------------------------ Subject: 4. Actions 4a. Why should I mung my address? - It is an effective way to avoid junk email. Junk emailers "harvest" email addresses from Usenet posts. Most address harvesting software used by junk emailers does not discriminate; anything with an '@' sign is considered an address. By changing what appears in the From: and/or Reply-To: headers of Usenet posts, the amount of unsolicited bulk/commercial email (UBE/UCE) received drops considerably. - It is easy to do compared to other methods of avoiding UBE/UCE. - It lowers the percentage of good addresses harvested by the address thieves. 4b. Why should I NOT mung my address? - It breaks the automated 'reply by email' feature found in most newsreaders, forcing people to manually de-mung the address in order to email topical replies to your posts. - If you use the same software for Usenet and email, you will have to change the address regularly, to avoid sending regular email with a munged address. - It violates RFCs, the rules upon which Usenet is built. (It should also be noted that munging does not automatically cause messages to bounce back to junk emailers; if you are considering munging for this reason, you would not accomplish your goal. Also, depending on what and where you post, a junkster *may* take the time to manually de-mung your address, just for spite.) 4c. How should I mung my address? (AOLers! Be sure to read Section 5, "Instructions for AOL members") - IMPORTANT! Make sure that modifications to your email address do not violate any of the policies of your service provider! - Be creative with your mung, and change it often as well. These steps will prevent harvesters from picking up on patterns, and possibly changing their software to defeat them. - Make it obvious to humans. DO: yourname(AT)example(DOT)com DO: yournamZ@ZxamplZ.nZt (Replace Z with E) DO: yourname@example.invalid (use ONLY .invalid to do this!) DO: see_my_sig@for.my.real.address DON'T: yourname@foo.example.com - If you decide to add a "spamblock" to your existing address, put it on the right-hand side of the @ sign. This avoids making your provider's email server handle undeliverable mail. Also, you want your mung to affect the rightmost portion of the domain name; if you add something after the @ sign, many times the email will be delivered anyway. DO: yourname@example-REMOVE_THIS-.com (be sure to read Section 4d!) DO: yourname@example.invalid (use ONLY .invalid to do this!) DON'T: yourname-SPAMBLOCK-@example.com - Tell folks how to de-mung your address somewhere in your message. The signature (sig) that gets added to the end of each message is a good place to do this. DO: "To reply via email, remove '-REMOVE-THIS-' from my address." DO: "Real address is myrealname AT example DOT com" DO: "Replace all the Z's with E's to reply" DO: "Replace 'invalid' with 'net' to reply" NOTE: DO NOT put a directly usable address in your sig, because many harvesters collect everything with an @ sign in it. DO: "Send email to myrealname; ISP is example DOT com" DON'T: "Real address is myrealname@example.com" 4d. How should I NOT mung my address? (AOLers! Be sure to read Section 5, "Instructions for AOL members") - IMPORTANT! Do not make up domain names! Most of them actually exist, and your fakery could cause them a lot of woe. Certain domains are already virtually useless because of folks using them in mungs and forgeries. Plus, new domain names are being added all the time, and you never know if someone might want to use your mung; your actions today -do- have an effect on the future! It is almost as harmful to add something directly after the @ sign, and doing so may not prevent the delivery of messages anyway. DON'T: yourname@NOSPAM.your-isp.com DON'T: yourname@REMOVE-THIS.com DON'T: yourname@your-isp.ORG (instead of COM) DO: yourname@your-isp.INVALID (Use -only- .INVALID to do this!) - Do not use a totally faked address, especially one that looks real. DON'T: not-your-real-name@some-other-isp.com - Do not make it *too* obvious by using a 'standard' mung. Invent your own, or choose an unusual one of those you have seen. If everyone uses the same mung, it becomes easier for junk emailers to strip them out. DON'T: yourname@example-NOSPAM-.com DO: yourname@exampleDO-DO-DO.comDAH-DAH-DAH 4e. If I mung, when should I be sure to use my REAL address? - When sending email. - When subscribing to a mailing list. 4f. What else can I do besides munging to avoid junk email? - Ask your provider to give you the option of having the most egregious junk emailers blocked by them. - If your ISP/domain offers one, you can use a "spam sink" address; all email to this address should be deleted, unread, by your ISP. EX: devnull@example.com NOTE: Usenet conventions allow topical replies to posts, so if you choose this you should include a usable address somewhere in the message. - Use filters to sort email either at the server or after it has been downloaded to your machine. Most standalone email software includes filters, and some of them (notably Pegasus Mail) are free. Those who have shell accounts, or server access, can use a Unix tool called procmail to handle messages as they arrive at the server. Filtering rules can be VERY simple and still be effective. ------------------------------ Subject: 5. Instructions for AOL members AOL members can add characters to the end of their address as it appears in Usenet posts. Here's a before-and-after example: BEFORE: emailfaq@aol.com AFTER: emailfaq@aol.com.if.you.spam.me.you.suck.rocks 5a. How to do it - Go to keyword "newsgroups" (no quotes) - Click on "Set Preferences" - In the box labeled "Junk block", add the text you would like to append to the end of your address - In the box labeled "Signature, be sure to tell people how to fix your address, or what your replyable address is. (You can also add other stuff to your signature, but you should keep it to 5 lines or less in length.) EX: "My real address is emailfaq(AT)aol(DOT)com" "Remove 'p.mil' from my address to reply" 5b. Suggested additions (be sure to include the periods!) - .oops!.invalid - p.mil - monly.anti.spam - .take.a.hike.spammer ------------------------------ Subject: End of the Address Munging FAQ ------------------------------