logo
Home
About
Documentation
Create Free Account

Login

How to Protect Your Email Address

[ For a free Mailgw account which allows you to track and disable spam email, check out Mailgw.com. ]

For most Net citizens getting spam messages each and every day is a fact of life. Even with various state and federal laws, and spam filtering software this barrage seems to be never ending.

There are ways to fight spam by filtering and other mechanisms, many of which provide excellent coverage. However there are always the ones the sneak through and there is also the worrying prospect of the important message classified as spam. One of the foolproof mechanisms for having a spam-free inbox involves starting with a "fresh" email address and protecting it aggressively. This means dropping the address you have currently, getting a new one, and letting your contacts know about the switch. Once you are on a spam list, it is basically impossible to ever get off. The "mail here to unsubscribe" are almost always fake and will do more harm than good.

Before we start, it is very important for you to never act on an offer that you receive via unsolicited email. People send spam mail because it works. If all people immediately deleted spam without ever reading or clicking on the links, then it would not be productive for the spammers to use it. Spammers have ways of tracking what messages generate the most interest. Even clicking on a link in a spam message helps them refine their trade.

I found recently this spam tool which people can buy to help spammers harvest email addresses from the web. It is an example about what we are up against and why you should heed the following recommendations.

Rules to Protect Your Email Address

  1. Never publish your email address online. Don't put it on your home page, your online resume, or on a contact page. There are spiders which crawl the net specifically looking for email addresses to add to spam mailing lists. I use a WebMail form on my Mailgw account to have people contact me. Another option, although not as good as a form, is to create an image of your email address and post that to your web pages instead of the address. Email spiders usually cannot read images. For those people who convert their email into "john at foo dot com", I contend that it is trivial for the mail address spiders to convert and record addresses in this form. If you do feel the need to post your true email address, then make sure to use a throwaway one or an address from your Mailgw account.
  2. Never participate in an online discussion list or forum if they post your email address to their site. If you find a discussion list which does not disguise the addresses, then complain to the site administrator. Tell them that they are helping by serving email addresses to spammers.
  3. Never type your true email address into a web form. Use the Mailgw service to give a temporary email address every time you buy or sign up for things.
  4. Never use the "Mail this Document to a Friend" web forms. By typing a friend's email address into those forms, you are giving their address to that company. Most browsers have a "Send This Page" or "Send this Link" commands built into them. There are many sites out there whose sole purpose is to get email addresses for spam mailing lists. Even if it is a legitimate company, there will always be some database administrator who wants to make a quick buck by selling the email dump to a spammer. This happened to AOL. Recently myself, my wife, and my brother all started receiving spam mail on our Garden's Alive Mailgw email addresses -- addresses specifically and only given to that company. I don't think the company sold their email list to a spammer but someone did.
  5. Whenever you send mail to a large group of people, always use the Bcc (Blind Carbon Copy) address field instead of the To: field. When you use the To: field, everyone who gets the message sees the addresses of everyone else whom you sent it to. Bcc addresses are not seen in the message. This is very important for those people who forward humor email to a group of friends. Remember, it is your responsibility to protect the email addresses of your friends as well as you protect your own.
  6. Make sure that you remove extraneous email addresses from forwarded mail -- especially forwarded email headers. This means that you should trim down a funny message before you forward. If person A sends you mail and you forward it to person B, then you have just distributed person A's email address without their consent. Make sure you only forward the content of the funny message, not the headers. This also means that you do not bury the funny content and so your readers don't have to search through all of the headers to find it.
  7. Do not include your email address in the signature of your message in mail that you send. Your recipients can get your email address from the header and if it gets reposted with the headers removed, your email address will not be distributed.
  8. If you run a web site, police it to make sure you have not posted anyone's email address inadvertently. Watch for quotes you've collected, cool links you've listed, interested facts, etc.. If you need to credit a person for some content, then put a link to them instead of posting their email address. If you need to put someone's email address, then protect it like you would your own and use a web form, javascript obfuscation, or address image.
  9. Watch the address that spammers are mailing to you with. Your email provider should be able to add to the email addresses that you get which address they used. The To: address in the email headers is actually not the address which is uses to deliver the message. I've configured my mailer to add a X-To: header which is the inbound address that was used. If you get mail and neither the To:, CC:, or Bcc: headers contains an address for you, then call your technical support people and insist that they tell you what email address was used. If they can't then escalate the issue until they get that important capability.
  10. Never send mail to an address asking that you be removed from their list. This only helps spammers because they can take your originating email address and verify that there is a human behind it. If they give you an URL, never enter your email address into a form for the same reason. If you know the company, however, and the URL in question has your email address coded in it, then I don't see any reason why you can't click on it and opt out of the spam.
  11. It is my understanding that it is hard for a site to get your email address while you are just surfing them. There may still be javascript or java security holes however. I would make sure that your browser (Mozilla, IE, Netscape, Opera, etc.) is configured with a Mailgw or otherwise bogus email address that you can rotate to another one at will spam. You certainly should never configure your primary email address in your browser.
  12. As a point of information, here is a fascinating article from Wired.com about Spam's Allure.
  13. I've also republished this fabulous research from MSNBC on the trail of spam.

I wish you the best of luck in your personal war against the enemy.

[ For a free Mailgw account which allows you to track and disable spam email, check out Mailgw.com. ]

Please consider donating money to the cause, putting a link to us on your page, and spreading the word about Mailgw.
Copyright 2023 by Gray Watson     Contact us.

Android ORM   Simple Java Magic   JMX using HTTP   Great Eggnog Recipe