Tips on Minimizing the Amount You Get and Dealing With It When You Get It
Spam is the junk mail of the Internet. If you're like most e-mail or newsgroup users, you've probably received your fair share. And like the paper equivalent, it is difficult to stop. However, there are some things you can take to minimize the amount of spam you get.
How did they get my e-mail address?
Spamming has generated a whole "business" sub-culture. There are "harvesters" who scan webpages, Usenet groups or mailing lists looking for e-mail addresses. This process is automated so that a harvester doesn't actually have to read webpages to extract the information. Sometimes lists are purchased from legitimate businesses that sell customer lists or stolen by hacking into computers.
These lists are then sold to anyone who wants to "sell" a product (often of dubious value), get-rich-quick schemes, quasi-legal services, medication or drugs, "instant" mortgages, or pornography. No doubt the price of a list is measured by its "quality".
There are companies that sell software that will try to conceal (in the message header) the true location of the computers that are sending out spam. This makes it harder to find someone to complain to about spam you receive.
Product sellers do not usually send out their own spam (just like bricks-and-mortar companies do not own high speed printing presses or newspaper distribution systems to do advertising). The list and the "message" are often sold to a spam "mailer" who has the hardware and the network connectivity to push the messages quickly. (Mailers may reduce costs by becoming their own harvesters).
Mailers often purchase the services of (or set up their own) off-shore servers to avoid legal issues in their own country. Because the process is highly automated, sending out millions of e-mails costs very little. Since the product or service is usually of dubious quality or purpose, the number of people who respond to a spam is very small-usually less than ˝ of 1%. However, if a mailer sends out a 10 million emails, and even a small number of those who respond actually "purchase" the product or service, this can generate a significant amount of money.
If there wasn't any money to be made from spam, it would have stopped-or at least be greatly diminished-a long time ago.
Short of disconnecting from the Internet completely, changing your e-mail address frequently, not participating in any electronic discussion groups, or not making online purchases, it's unlikely that you'll ever be able to completely stop spam from arriving in your inbox. However, there are a few things you can do to minimize you (e-mail address) exposure from e-mail harvesters.
Things You Can Do-Prevention
Things You Can Do Once the Spam Arrives
Filtering Spam in MS Outlook
The sender's e-mail address will be added to the filter and when messages from that e-mail address are read into your in-box they will be automatically moved to the Trash folder. You can edit your filter rules by choosing Message Filters... from the Tools menu.
Filtering Spam in Netscape
The sender's e-mail address will be added to the filter and when messages from that e-mail address are read into your in-box they will be automatically moved to the Deleted Items folder. You can edit the addresses included in your junk e-mail filter by going to For more options click here.
Filtering is not supported in Microsoft Outlook Express.
Things You Can Do-Complain About SpamMany spam messages contain at the bottom of message something to the effect: "If you want to be removed from this list…" This rarely works (although see the discussion below). Spammers know which addresses are valid (i.e., those that don't bounce). Responding to the request to be removed from the list only confirms that your account is active (as opposed to an active but abandoned account).
You can try contacting the ISP that is processing the spam and ask them to deactivate the account of the spammer. However, tracing down the true ISP can take some effort. Spammers can forge message headers to try to hide the original source. Spammers usually have many Internet accounts so closing down one rarely has a major impact on their operations.
Some spammers use "open relays"-systems that permit anyone to send messages through them. This is becoming less of an issue as many open relays are being closed down and those that are still operational are blacklisted. These lists are widely publicized and hence can be blocked.
In the United States, several attempts have been made to pass federal laws that, while not preventing spam, will at least make it easier to identify the true sender of the spam. Furthermore, the laws will include provisions that require the bulk mailer to remove your e-mail address from their lists if you make the request. It is not clear how these laws will apply to someone from outside the United States receiving spam coming from inside the United States. Individual states have passed laws that address spam. See a summary list at:
Of course, determining which state the e-mail is originating from can also be time consuming. Some spammers are already moving to servers outside of the US to avoid these issues.
If you still wish to complain, send a copy of the spam including the full headers of the message to Computer Security Administration at firstname.lastname@example.org. Timely reporting is essential - if you decide to report you need to do it right away as the trail can get cold very quickly.
Links To Other Spam Sites
All contents copyright © University of Toronto 2000-2003
This Site is maintained by the Computer Security Administration Group
Comments & Questions