Fighting E-mail Spam

Intro

Everyone knows that e-mail spam is a major problem. It affects individuals, governments, and corporations alike.

I am no exception to this rule, but in the past I took a very passive position on the issue: I had all my e-mail come into my GMail account and let the awesome Google spam filter deal with it. However, I was getting over 1200 spam messages per month, and I finally said, "Enough is enough! I am tired of these ****ing spam messages in my ****ing spam folder."

This is an account of my efforts to cut down on the spam, or at least deal with it in a more organized way. I don't know yet how effective these actions have been. Perhaps others can use this as a guide.

Action

The first thing I did in my crusade was to figure out where the spam is coming from. Spammers need to find out what my e-mail address is before they can spam it, so it must be exposed somewhere on a website.

I deactivated forwarding to my Gmail to seperate out spam to different aliases. I also did a search in my Gmail for "in:spam to:name@domain" to find spam messages that where sent to "name@domain" (once for each alias). This allowed me to see how spam differed between the different aliases.

Some interesting discoveries:

• All the spam messages for the catch-all address of a domain I own were addressed to an unused alias. I just started dropping all messages to that alias.
• A large portion of spam to my university e-mail account is coming through e-mail aliases associated with positions I hold in the Mathematics Society. Now I can address the larger problem of those aliases being exposed.

The remainder of the spam is from random sources to my main GMail address. A good way to see where your address is in plain text is to search for "name@domain" in Google. I found that my e-mail was displayed in the archives of mailing lists I used to participate in. In the future, I will be using a special e-mail account for mailing lists that requires the sender to confirm their identity (an auto-responder).

Other sources of trouble

Another place where my e-mail used to be exposed is the Whois information for some domains I own personally. I have since bought Hidden Whois service for those domains. I think it's worth the extra $5 USD / year.

Fighting Back

Sometimes I want to do more than hide from spammers; I want to take the fight to them! Fortunately, many people feel the same way and have organized SpamHelp.com as a front for the fight.

One interesting tool they offer is HarvesterKiller which generates an infinite cycle of pages with random e-mail addresses. They ask that people link to it to confuse e-mail harvesters.

The problem is that spammers can just black list this site and keep on harvesting. We need to create a simple CGI script (in Perl, PHP, etc.) that can be deployed on a website to easily generate such a spam bot trapper. Let's see them try to black list all the websites!

Resources

• Several solutions to protecting e-mails on a website: http://accessfp.net/protect-your-email-address.htm
  Emphasizes preserving accessibility while protecting e-mails.
• Test a web page for exposed e-mails: http://willmaster.com/possibilities/demo/RetrieveEmails.cgi
• HarvesterKiller: http://www.spamhelp.org/harvesterkiller/