This new weekly online column chronicles the spam wars and offers advice. Send your spam gripes and questions to firstname.lastname@example.org. As always, your comments and suggestions are welcome. Return to the SpamWatch page for more articles.
The unnerving reality about spam is that it works. Somehow, enough people answer e-mail about bogus university degrees, Nigerian cash transfers, and herbal aphrodisiacs to keep the whole nauseating industry revolving.
When people buy items advertised in spam pitches, they do the virtual equivalent of throwing gasoline on a fire. Some of the spammed have the excuse of being victims of online con artists. But others have no excuse except for not quite catching on.
The situation warrants a strict antispam defense: Don't answer spam under any circumstance. And urge your correspondents to do the same.
Tip of the WeekDon't even open suspected spam in your e-mail program's preview pane. Many spammers can verify your e-mail address by including images in e-mail. These so-called "Web beacons" alert the spammer that the message was opened, and you get more spam.
Don't Ask, Don't Answer
If nobody answered spam, spammers would have to resume their previous occupation of sniffing glue full-time. But people reply to even the most despicable spam.
That's right, some folks actually fall for those pitches. The Nigerian "investment" scam is expected to gross $2 billion in 2003, making it that country's second-largest industry, according to security vendor MessageLabs.
And people even answer those bawdy pitches for male anatomy enlargement pills.
A recent report by New Hampshire Public Radio gives a fascinating glimpse into the New Hampshire firm Amazing Internet Products. Its accidentally exposed order log reveals that 6000 people in a four-week period paid $50 for a bottle of the herbal supplement Pinacle.
The purchasers aren't 6000 heavy breathers. They include a mutual fund manager, at least two company presidents, a restaurateur, and a veterinarian. Apparently none of these hopeful customers was fazed that Amazing's Web site has no phone numbers or mail or e-mail addresses, according to NHPR reporter Brian McWilliams.
"When it costs next to nothing to send 100,000 e-mails, all you need is one gullible recipient to make spam worthwhile," says Jared Blank, a Jupiter Research analyst.
Just Say No to Spam
Filters are getting much better at winnowing legit e-mail from spam. But technology is no more a solution to spam than it is to water pollution, says Jason Catlett, president of the antispam advocacy group Junkbusters.
The right approach is to stop the polluters and spammers, rather than getting consumers to clean up the mess, he says.
"Obviously, if nobody responded to spam, spammers would eventually stop," Catlett says. "But educating the masses is like trying to abolish world poverty."
Tell your friends and colleagues to slam the door on spam by deleting it without reading. Don't even click on the hypertext link embedded in a message, as it alerts the spammer that you're there.
Question: Someone is sending spam using my e-mail address. I am getting undeliverable mail notices for e-mail I did not send. How do I fight this problem? Earthlink support is of little help.
Answer: Unfortunately, there is nothing you can do to prevent someone from sending spam using your e-mail address as the return. It's impossible to prevent this, just as you can't stop someone from mailing a letter using your street address as their return address. The good news is that spammers usually borrow your e-mail address for only a short time and will move on to another victim quickly.
To be sure a virus isn't camped out on your PC and sending e-mail using your account, you should update and run antivirus software. Another tip is to report this abuse to the Federal Trade Commission or your ISP's abuse team. Contact Earthlink's abuse team at email@example.com. To stop the return e-mail messages, use your spam filter software to create a personalized ban on the nuisance messages.
Spoofing a return address is illegal. Online retailer Amazon.com has filed 11 lawsuits against online marketers in the U.S. and Canada, alleging they misuse the Amazon name when sending e-mail advertisements. Earthlink shut down the notorious Buffalo Spammer after the spammer sent 825 million messages in a year with spoofed reply e-mail addresses.
Question: Why can't Microsoft incorporate a security fence around the address book in Outlook and Outlook Express so no program can access the address books without a user-assigned password? Surely this would not be much of a programming problem.
Answer: Address books are targets of many viruses, such as the recent BugBear worm that forwarded itself to anyone in a victim's address book. Even a password-protected Outlook or Outlook Express in-box cannot prevent viruses from hijacking your addresses.
However, a company called Sentrybay says its $20 product ViraLock prevents these types of worms from biting you by locking up your address book so no program or person can access an e-mail address without permission.
ViraLock encrypts your Outlook and Outlook Express address book, as well as any e-mail addresses in a message's header information or in its body.
If you only want to protect your address book from snoops, you can password-protect both Outlook Express and Outlook. In Outlook, right-click on your Outlook Today e-mail folder and go to Properties. Next, click on Advanced, then Change Password, and set a password.
Password-protecting Outlook Express is trickier. First, go to File, Identities, Add New Identity, and select a password. The catch is you must create a second identity, even if it's a nonfunctional one. That's because in order to log off from an Identity on the File menu, Outlook needs multiple identities defined.