Recently I wrote a piece on tools for fighting spam. A reader who wishes to remain anonymous wrote in to offer advice on avoiding spam in the first place. He or she writes:
Your article focuses on fighting spam after it’s already received, which is useful when you get spam, but ignores the real issue: avoiding spam.
If you want to avoid getting spam, there are several things you can do, and they’re not very hard:
1. Create an email account that is “impossible” to guess. Nothing is really impossible, it’s just a matter of time. But the more difficult it is to guess your email address, the less likely you are to get spam.
2. Don’t share your email address with anyone who uses Windows. This may be extreme, but infected Windows machines are the greatest source of email addresses used for spam lists.
3. Advise everyone you communicate with by email that they should not include you in any mailing lists of stupid jokes, videos, or anything else, or you will block all email from them.
You might create some bruised egos with the last two suggestions, but if people are going to be good net citizens, they need to learn what is and isn’t appropriate, and be punished when it’s not. They can’t say you didn’t warn them beforehand.
And I reply:
This is good general advice, but, regrettably, it’s a little outdated as a couple of the assumptions made are based on The Way Things Were versus The Way Things Are.
In the good old days, as long as you had an email address that was difficult to guess—firstname.lastname@example.org versus email@example.com—and kept your address pretty much to yourself and your close circle of friends, you could keep most spam at bay. But spammers are far more sophisticated today.
Sure, posting your email address on a website or having it passed around on mailing lists will likely attract spam in short order, but you can follow best practices and still become a victim when spammers extract your email address from an allegedly protected client- or company database.
I’ve seen the proof. My wife followed conventional wisdom—kept her address out of public view, used a difficult-to-name address, and corresponded with a limited number of people—and, for a time, she was nearly spam-free to the point where she spurned my offers to install an anti-spam utility. Then one day— WHAM! —Spam City.
“What did I do!?” she cried.
“Not a thing,” I calmly replied. “They finally found you. It was bound to happen.”
So, if yesterday’s best practices can’t help, what can? Here are some suggestions:
Hide better Hiding can still be helpful but you have to be conscientious about it. Create an email account that is used only for your friends and family and make the address a little hard to guess. If some of those people have a history of sending jokes/pictures of their cats and haven’t the wherewithal to bcc the group, consider providing them with a different address (or, as Anonymous Reader suggests, ask that they exclude you from their online frolics).
Create a separate email account for any online transactions where you need to keep track of replies. When such an online entity asks for your email address, provide this one. Sure as shootin’ this address will attract spam so you may wish to configure your email client so it shuttles any replies to this address to a separate folder.
Create yet another account for throwaway email. For example, some places—a site’s forums or free-subscription news site, for example—require an email account where they can send a confirmation email. There’s nothing you can do to avoid having this address added to a database so make sure it’s an address you care nothing about.
Use a whitelist You can make that first “friends and family” email address even more effective by creating a filter in your email client that places mail only from those addresses in your inbox. All email clients include a whitelist feature in their filters. For example, in Apple’s Mail you can create a rule that reads:
If Sender is Not in my Address Book, Move Message to X
Where X is a folder you’ve created for suspected junk.
Switch off HTML previews Spammers will embed small bits of HTML code in their messages that signal to the spammer you’ve opened the message, thus validating your email address. To avoid sending this signal, instruct your email client to not display remote images in HTML messages.
In Apple’s Mail you’ll find this option in the Viewing preference. In Entourage you can switch off the Display Complex HTML in Messages option in the Security area of Entourage’s preferences.
Pick your ISP/email service wisely Some ISPs and email services are more vigilant about spam than others. For example, one of my email accounts is handled by the major provider of broadband DSL service in Northern California and, as far as I can tell, they provide zero spam filtering at the server level. I have another email account handled by a company in the Pacific Northwest and they offer terrific server-side filtering. I rarely see spam from this account.
Beyond your ISP, you might consider a free Yahoo or Gmail account. In addition to being free, they do a good job filtering out junk before it reaches you. .Mac was once pretty good about filtering email, but, in the last year or so, I’ve found it to be less effective than it once was.
Read the fine print Increasingly, when you shop online, the host site will demand a valid email address and, by default, enable the options that add your address to their promotional email list. Unless you really desire this stuff, before completing the transaction, uncheck the boxes that add you to the company’s promotions list.
Lie Also increasingly, sites demand an email address before you can do one thing or another—download an update or hunk of trial software or access a news site, for example. This is strictly between you and your conscience, but if you feel it’s more important that you keep the lid on spam than you provide Company X with a way to contact you (and potentially provide an email address that they can sell to a third-party) look for a way to opt out. If that’s impossible, provide an obviously phony email address such as firstname.lastname@example.org.
As I hinted, if you use email, you’re eventually going to get spam. These techniques coupled with a good anti-spam utility (and I’ve found SpamSieve to be the best one around) can help lessen its accompanying misery.