How to fight spam
Instructions for email users and for web sites.

Akos Szoboszlay. Original 10/29/00; Updated 3/9/07.

Best way to eliminate spam.
This is my recommendation for virtually eliminating spam. It’s not difficult, but you should know how to set up filtering for messages. Other (somewhat easier) methods are in the next section, below the horizontal line, and another section for those creating websites.

The best way:
To start, you obtain your own "domain name" --what goes after the "@" of the email address-- which is very easy and very cheap. (Instructions are below.) This gives you an infinite number of email addresses, at no cost for every one you add.

Then you give all businesses, organizations, and non-personal contacts a unique email address (for example, pcconnection@smith.us if your domain is smith.us). You use another email address for friends and family (such as john@smith.us). If any business sells your email address to spammers, you simply set up a message filter to automatically trash all messages "to" that email address. This filtering is done either by your email client program (such as Eudora or Outlook) or on the server by the server computer. For the later, the spam does not even get downloaded to my computer for those email addresses that I designate as getting spammed.

Another advantage: automatic mailbox sorting:
I use additional codes for category as part of the email address, so that the email client (e.g., Eudora or Outlook) sorts them to proper mailboxes. For example, when ordering from LL Bean, you can have order-llbean@smith.us for the email and automatically have it transferred to the 'order' mailbox. This is done by first creating a new mailbox in your email client (e.g., Eudora or Outlook) , called "order". Then, set up a message filter to have all email "to or cc" or "receipient" (also catches bcc) containing 'order' transferred to the 'order' mailbox.

Message filtering:
If an email came from a spammer, another filter would be set up to transfer messages from that exact email address to the 'spam' or 'trash' mailbox. Example of what you may enter is:
For "to or cc" or "receipient" (also catches bcc) "is" "order-amazon@smith.us" transfer to "spam". This causes all email from amazon.com, which sells email addresses to spammers, to be moved to the 'spam' mailbox.

Your own domain name:
You can use your name, nickname, or anything else and tack on ".us" meaning you live in the USA --unless it's already taken. (Most domains ending in ".com" or ".org" are already taken.) It gives you an infinite number of email addresses, as well as your own website URL. It costs about $10 per year, which is insignificant compared with the monthly Internet charge. The other advantage to obtaining your own domain is that you can change ISPs (Internet Service Providers, such as Earthlink, ATT Worldnet, etc.) without changing email addresses and website URLs (what you enter into Internet browsers such as FireFox, Safari or Internet Explorer, for example www.smith.us). It's yours for life, no matter who you obtain service from.

How to get your own domain name:
You obtain your domain name by registering the name you desire --they'll tell you if it was already taken-- by following instructions from a company that does "domain registry". Just go to their web site, check out their rates, which varies a lot. After deciding which one to use, registration is similar to shopping on the Internet. Option settings: use a "catch-all email address" so all emails in your domain will be forwarded to the ISP you use. For example, johntybmvyxxz@smith.us gets forwarded to johnxxqwtyz@att.net if your domain is smith.us and your ISP is att.net. Notice that extra random characters were placed in these secret email addresses --don't give these out-- to foil spammers. If you have a website, set the URL on your ISP. For example www.smith.us or just smith.us gets forwarded to http://home.earthlink.net/~smithswebsite/ or http://smithswebsite.home.att.net/ . The domain-registry company I use is godaddy.com since it's cheap and it allows me to filter my messages using their server --an email server feature-- which is optional.

Using your own domain name:
Spammers have found a new trick. They can get hold of a domain, then use that to send out spam, but they vary the email address portion before the @ sign, for every single email-spam they send out. You know they have done this if you get inundated with returned email such as "Undelivered Mail" or "Delivery Failure" or "Failure notice", assuming you use a catch-all mailbox on your domain (which I do recommend). ("Catch-all" means all email that doesn't specifically match an email address you set up, before the @ sign, but does match your domain, which is after the @ sign).

But, there is counter-trick. The solution is to use extra characters before the @ sign that you can also use to sort email into mailboxes. For example:
job-motorola@domain.com
shop-barnesandnoble@domain.com

Add as many categories as you like. Then in your filter, transfer (move) the emails depending on which category (the characters before the - sign) it contains. You can also have specific short emails such as: john@domain.com or society@domain.com which you filter into you misc-in mailbox. Anything left over, you transfer to trash or junk. See two quoted articles for details.

About AOL:
AOL is the worst ISP, by far, and it is the most expensive. And it has tremendous file transfer problems and formatting problems for emails, such as inability to translate HTML emails --the norm now. It's also non-standard for sending files compared to all other ISPs and email clients. And it's been that way for about 10 years. Apparently, they want to force everyone to switch to AOL who needs to talk to anyone using AOL. That's monopolistic, and something that no one should cave into.

Broadband:
I recommend getting broadband Internet for most users, either DSL, which uses phone lines, or cable-modem, which uses cable-TV lines. The cheapest good service now (in California) is DSL from SBC-Yahoo. (Earthlink is also good, advantageous for overseas dialup.) My DSL is very fast, 2 Mbaud, but 1 Mbaud is more usual (still plenty fast). Speed depends on how far you are from the phone company switching "office", formerly done by patchcords.

Costs:
The domain-server (godaddy.com) is set up once and paid once every (up to) 10 years, about $90 for 10 years. If you optionally want to use their email server (as I do), it's another $20 or so per year (not per month). DSL is a broadband Internet that uses portion of the normal telephone lines. It is paid monthly (usually, 12 month minimum), about $28/month for SBC. As you can see, the domain-registry and optional email server cost is negligible. For those not wishing to have broadband, the best (most reliable) dial-up provider is ATT World-net, about $17 per month. Again, the price differential of $11 per month for broadband is well worth it for most people. I use both Earthlink (for DSL and world email) and ATT (for no delays in delivering email within USA, costing only $6 per month if you already have broadband).


Simpler method to fight spam for Email users (and new spammers' trick)

Use two email addresses (at least). One for safe emailing and the other for risky emailing. You can further divide risky by having a separate email address for ordering, organizations, chat, newsgroups and miscellaneous risky. If you have one email address and now are on the spammers mailing lists, you would need to get new email addresses.

Risky is whenever your email address would be put on a list, as follows:

How to get free second (or more) email addresses:

New spammers trick: They have random syllable generators, plus they commonly add on one or two random letters and/or several random digits (since people commonly add initials and/or numbers). For your email addresses, to prevent random spams, select at least 8 characters, with four random-looking characters in series (e.g., john-mzyx@att.net). Also, combinations of first and last names, unless rare, will be spammed. Alternatively, if you prefer an easily remembered, but longer, email address, add three random words to your originally preferred name (e.g., john-tall-fable-big@att.net). Exception: if you use a domain that few people use (for example, moderntransit.org) compared with ISPs (having thousands to millions), then it is not worth the spammers effort to "harvest" it using random syllable generators because they will won't find but a few valid email addresses.

If you get all your email boxes received (downloaded) in one operation, you should still be able to tell which email box was used by an email message. If not, use another email program. It's important to identify which of the two or more email boxes a spam was sent to. (There's probably an option to display "header" information.)

When you get too much spam in your risky mailbox, start another risky email box. Then either

a) use a filter on your old risky mailbox (or existing spammed mailbox) to only allow those who you want email from to get through. See filter instructions below. However, when you apply a filter, it becomes impractical to use this email address for new people or new ordering online because you would have to add them to the filter every time you give out your email address.

or

b) let valid users of this email address know your new email address: inform them of your new risky or original safe email address, then delete the old email address. But keep it for a month or so of overlap, to see if you didn't inform anyone of your new email address, or if they forgot to change their address book.

MTS takes a further step in protecting the database by encrypting it when sending a file (always within MTS) for mailing label generation.

When you get too much spam in your safe mailbox, you need to start another one. However, you should be able avoid spam for years if you are meticulous in following these procedures. Remember, it only takes once for the spammers to get your email address. Then they just multiply, selling it to each other, until you end up often with multiple copies of the same spam.

DO NOTs

How to use filters

Filters can be used to completely eliminate spam in specific situations. These are described above and usually rely on looking at the email message subject, the sender and/or the header to see if they contain certain words or character string(s). They work when you set them up yourself after examining valid email messages that you do want to get through. Look for text that will probably be constant, even in the future. The subject, sender, or header is quicker to analyze than the message body, and less likely to change.

Separate from this technique, there are also generic spam filters which use an algorithm or criteria to determine what is spam. These, like porn filters, are not as reliable because they can block valid email while letting some spam through. Another technique, used by att.net (they call it a "screen") and probably by others, is to keep a list of spammer's addresses.

Filters can be applied either in your email program (all of them), or by your ISP or web-based email provider (most of them).

Web sites: If you have your own web site or are a webmaster, read this:

Putting your and anyone else's email address on a web site means "web crawlers" will find it and you and they will get spam. This happened to the MTS email address (we missed placing the trick below on our "webmaster" page, and we had to get a new email address). The trick MTS now uses is to place an extra character in the email address and a note to remove it. Additional tricks, like changing color, further confuse web crawlers. See example. Another method, is to make a gif file of the email address so it is an image instead of ASCII text. The effort to do optical character recognition is not worth their trouble, so far.

Precaution: Don't make your email address name the same name as the user ID for your web site. For example, if your web site is at www.isp.com/~name or name.home.isp.com, don't use name@isp.com for your email address. Otherwise, it's easy to figure out what your email address is. Pick another name.

Don't forget about hidden email addresses. If you use a form mailer, that information is sent from one computer to another, but still using the email protocol. (The trick here is to have the email forwarded to an email address that's not used for anything else. Then, use the subject line to filter it.)

If you use MAILTO, they obtain the email address from that. Eliminate MAILTO unless you are willing to tolerate spam to that email address. While you can also include subject line key word(s) and then use a filter, some senders may change the subject line. I simply eliminated all MAILTOs.


home page | about MTS | Cashout | HOV lanes | Bay Bridge | Solution | Allow Pedestrians! | AGT | letters | webmaster