Just don’t do it. Ever. There is nothing to be gained from responding to spam email at all. By now, most of us know that spammers speculate when they send us spam, by guessing thousands of email addresses. Most of the spam they send ends up nowhere as they are addressed to mailboxes that don’t exist or are stopped by anti spam filters. However, when spam messages do get the past spam blocker, and does get through to our mailboxes, one of the most surefire ways to confirm to spammers that they have found a live email account, is to send them a reply of any sort.

So don’t reply advising them that they must have got the wrong address (they didn’t) and definitely don’t try to unsubscribe from their fake email list. These actions will just get you more spam as the only thing it does is confirm your address is live. The spammers will then sell this information to other spammers at a premium, and you’ll find that more of their spam heads your way.

So does that mean you should never unsubscribe from email lists? Well, no. We’re just saying that if you don’t remember signing up for that particular newsletter then, chances are you didn’t. It’s another trick of spammers and anti spam agencies have been advising email users about this for many years. The best thing you can do with spam is just delete it. Better if you can delete it without even opening the message. Better still is to tag it as spam if your email programme supports this. Doing so tells the anti spam software that the message is spam and trains it to better detect it as spam the next time it arrives

If you are a webmaster or manage your own domain, one of the easiest things you can do quickly and cost effectively to reduce spam, is to stop using catchall email forwarding on your domain. Catchall mailboxes receive such high volumes of spam for two reasons;

1) Spammers take guesses at email addresses on your domain. They use dictionaries to prepend any word or name to your domain name as well as other methods where they employ clever tools to guess at other possibilities such as james.smith@yourdomain.com or jsmith@yourdomain.com. These tools can also generate countless other variations of an email address before then sending several thousand spam emails to your email server.

2) They also send spam messages to other people supposedly from guessed mailboxes on your domain. When these messages are bounced they end up coming back to your domain and if you keep catchall forwarding on, they ultimately arrive in your inbox. This technique is one of several forms of ‘backscatter`, a phenomenon which has been annoying and puzzling many email account owners for years.

Of course, the address the spammer tried to send a message to was probably also an invalid address, so this server may also bounce back the message, ensuring that the message continues to loop around causing endless backscatter. You can considerably reduce the amount of spam you receive by disabling catchall forwarding and thereby only receiving email sent directly to the addresses you have setup on your domain. A message sent to an address which you haven’t expressly setup is returned to the sender advising them that the address does not exist.

This is the correct functionality and prevents the increase and spread of spam.

In the old days computer viruses were computer viruses and antivirus programs protected your computer against them. In that bygone era spam was spam and was filtered by anti spam filters and software. And never the twain did meet. Today, as spammers constantly conjure up more sophisticated and cunning schemes to get into our mailboxes and convince us to open their messages, the lines have become extremely fuzzy and the two forms have merged.

Spammers now send us spam containing viruses in order to infect our computers with their spam bots, the intention being to turn our computers into zombies which then send out more spam on their behalf, courtesy of you and me. It has indeed gone full circle. Spammers spam us with viruses which in turn spam us with more viruses. And so it continues ad infinitum. 

In the latest of these techniques spammers have developed a new trick where their spam email appers to come from Microsoft, advising us of a new important Windows security update. By opening the attached .exe file we can supposedly quickly patch our computer and protect ourselves from the new Windows vulnerability. Not so. In fact, the .exe file contains the Win32/Haxdoor Trojan which proceeds to steal passwords and private details such as financial information and personal identifiable data, sending them to the criminal spam gangs. Christopher Budd, a spokesperson from the software giant responded by reminding users that the software giant never delivers Windows updates via email, these are only distributed through the Windows Update tool built into the Windows operating system itself.

“As a matter of company policy, Microsoft will never send you an executable attachment… If you get an e-mail that claims to be a security notification with an attachment, delete it. It is always a spoof”

Remember the good old days when spam just tried to sell us anatomy enlarging pills or pump & dump stocks? How I long for those days again because now, spam has mutated. Today, spam is bent on infecting our computers and stealing from us. How times have changed for the worse! 

Antivirus software always comes with a scheduler and usually these are set to update automatically straight out of the box. Yet some users actually turn this feature off, sometimes when troubleshooting an issue, and often forget to turn it back on. We can’t stress enough how important it is to keep your antivirus software updated, especially as a spam prevention measure.

So today’s lesson? Remember to keep your antivirus software updated, preferably opting for daily updates and at a time of day when you are likely to be using your computer. And crucially, don’t open attachments ending in .exe. Nobody really sends them anymore and most email programmes won’t even let us attach them meaning that if you get one, it’s unlikely that a real person has sent it. Even if it appears to have been sent by somebody you know, delete it without opening it. Don’t say we didn’t warn you!

One of the most effective techniques spammers use to gather email addresses is to scan the Internet with programs called spiders (or bots). These spiders crawl the Internet looking for email addresses on web pages and online services. We all use Internet services on a regular basis and very often find that we’re required to sign up with an email address to gain access to a service we want to use. The problem is that some of these services then publicise our email addresses for others on the Internet to see. Why not give this a quick test; search for your email address in Google and If it turns up anywhere, then you can be pretty certain that spammers have already scanned that web site and retrieved your email address. Whether you’re a webmater that has your email address on your web site or in whois, or a normal web user with an account on facebook, myspace or linkedin, the chances of your email address being published somewhere is very high.

So what can you do about this? Well if you’re a webmaster you have a little bit more control than the normal web user as you’re able to make changes on your web sites. Some social networking sites are now employing techniques to protect their members’ email addresses, while others are dragging their heels to do so.Even if your social networking sservice doesn’t provide any protection technique, most do atleast allow you to set your email address as private so that only people you have accepted as friends can see it. You should be able to find this option in your account settings.

One of the methods being used more widely now is email address image conversion. This involves converting your email address into an image file such as a jpg or gif and uploading it to your web sites. The automated robots that spammers use to crawl the internet for addresses can’t read the text on image files very easily (at the moment) and this means that they won’t see your email address sites they crawl. Take a look at the following example,

The example above for the address you@yourdomain.com was generated by SafeMail which goes one step further, providing you with automatically generated links which allow you to paste the image code straight into your web page. The best thing about this technique is the simplicty of it. There are now several web sites available to do this automatically for you. We have suggested our favourite for you below.

• SafeMail

SafeMail makes it very simple to convert your email address in seconds and then download the resultant image file. SafeMail carries a declaration that they will not abuse your email address.

Just to ensure that your email address will be safe with this serviceswe tested it with a specially created email address and monitored it for 2 weeks to see if it received any spam. After all, you’re giving your email address to these sites to convert it to an image, who is to say they won’t store it and send you spam? We didn’t receive any spam in the 2 week test and are pretty sure (at the time of writing) that your address will be safe with SafeMail. If this changes, we will let you know.

We can’t say it enough times. Sometimes we’re in such a hurry to complete the sign-up process that we don’t stop to read the warning signs. Personally, I can’t remember the last time I actually read the terms and conditions before clicking the submit button. However, it’s often the terms and conditions that determine whether or not you are going to receive marketing spam from this company at a later time or not.

Having said that, most reputable companies do conform to the industry standard of allowing registrants the option to opt-in or opt-out of their email subscriptions. In actual fact, the industry has been moving away from the opt-out method as an acceptable form of registration and now most services are requiring opt-in. Confused?

Well the key thing here is to remember to check for the tick boxes which either sign you up or sign you out of receiving emails from the company whose web site you are currently on. The trick is to carefully read the text next to the tick box as some will ask you if you wish to be added to their mailing list whereas others will ask you if you do NOT want to be added to their mailing list. To confuse you even more, sometimes the box will already be ticked and other times it will be empty. There is no standard convention, so you can’t just assume that it’s working in your favour.

Here at Remote Anti Spam we would like to see a situation where web sites agree to conform to a single form of sign up with a single approach understood by everybody. All forms should simply ask

• ‘Do you wish to receive our products newsletter?’ 

The options should simply be to tick either of the Yes or No boxes. The default option should be ‘No’ so that users have to opt-in to receive messages.  If the company wants to offer to send you carefully selected offers and news from their partners (i.e. other people’s spam) the wording should be as simple as

• ‘Would you be happy for us to pass on your email address to our partner companies?‘

Again the default option should be ‘No’. While it is unlikely, however, that this position is going to be arrived at anytime soon, we are writing this guide to advise Internet users to carefully read the wording before clicking that submit button. Remember that the definition of spam hinges on the fact that an unwanted message you receive is ‘unsolicited’. If you got the tick box wrong, i.e. if you misread the wording, or didn’t understand it, and selected the wrong option, you may have unwittingly opted-in to receive spam messages from that company. In that case, the message(s) you’re receiving are not technically spam, even if they are heavily encouraging you to buy non prescription, endurance delivering, erotic drugs from their online pharmacy in Hanoi.

In the first of this 10 part series, we will be providing some advice about how to prevent your email address getting into the hands of spammers. Prevention is better than cure so it’s always a good idea to practice safe browsing online and get into some good habits early on to safeguard your privacy and identity online. 

Now we all like to receive a few funnies in our inbox from time to time. Photos, jokes, funny video clips or hilarious song mashups and even the odd good luck charm to give you a lift on a dull Friday afternoon. But did you know that forwarding these messages onto everyone in your address book is one of the best ways to guarantee your email address ends up on spam lists? Yes, it’s true.

The fact is that no amazing good luck will happen to you by sending that message to 15 people you love within the next 5 minutes, no matter how convincing the sender makes it sound, and don’t believe their promises that it happened to them. Yeah right! You are not going to win a free iPod by sending that viral marketing email to everybody you know who listens to music. This one is excellent actually because, who do you know that doesn’t listen to music? That email petition going around is not going to prove or change a single god dam thing! In fact, email petitions are probably the worst type of spam gathering email you can get yourself involved in (more on this later). And for the last time, it does not take guts to say Jesus! See, I just said it!

The sole purpose of these messages is to get you to send them on to everybody in your address book so that eventually, this huge great list of live and valid email addresses ends up with the spammers. Luckily, there is a way you can keep yourself and your friends out of most of these email spam traps – except for the email petition which, as mentioned before, is particularly nasty. If you really do feel compelled beyond rational rhyme or reason to forward that message on to everybody you know, then instead of adding all their names in the TO box, add them to the BCC box instead.

BCC means Blind Carbon Copy and what it does is hide the names and email addresses of everybody who is in that box. So you can forward your latest antivirus alert hoax onto all 200+ of your eager contacts safe in the knowledge that not only will they take immediate responsive action by promptly deleting your message for wasting their time, but also that they won’t secretly chastise you for exposing their email address to spam! Now, when you’ve added all your friends’ email addresses to the BCC box, just add your own in the TO box before clicking Send, as some email programmes don’t like to send messages without at least one address in the TO box. They think it looks like spam.

All well and good, but this advice doesn’t work with email petitions because people filling these out actually type their names and email addresses into the main part of the email message, known as the email body. Imagine how thankful spammers are when such messages, full of several thousands of self annotated email addresses, land in their inboxes. It’s Christmas come early. If the cause for which you’re petitioning is a just and worthy one, no doubt they will have a web site where you can go to sign their online petition or contribute in some other way. These online petitions will generally have safeguards to protect your identity and email address from being abused.

So the lesson learned today? Use the BCC field to send or forward jokes and amusing, non important stuff to your friends and contacts, if you really have to send them at all. They’ll thank you for it.

To put this into practice, why not send this article to your friends using the BCC field now. Let’s start to pread the word.