I have been working with email systems for a little more than a year now, and in that time I’ve picked up some very useful and practically applied knowledge, which I want to share with you. So here’s How to stop email spam, in plain English.
Q: Why have I not heard this before?
A: Well that’s simple. There are a couple reasons. First, email services, which are websites like Yahoo and Hotmail, like to brag about their superiority at filtering spam. They attract customers by pretending that email spam is an unstoppable force, and then they tell you about all the things they are doing to filtering spam. They won’t tell you how to really stop the spam from coming in the first place, because that way they won’t make any money. Yes, even though getting an email address at Yahoo is free, they are making money through the advertisements that they show you.
But there’s another reason, and this one isn’t as scary. Many people suspect that email spam is not their fault, nor their responsibility to solve. Instead, they want automatic spam filtering software like Gmail’s spam folder or Office Outlook’s spam filter to sort out what is spam and keep what is real email. In summary, email services prefer to filter your spam instead of stopping it, which is why you have not heard this before.
Q: Then why is spam still a problem?
A: Haha, good question. One big problem is, how do we know what is spam? There is email that is obviously spam, like advertisements for free government grants and augmenting drugs. But what about TIME Magazine Newsletter or an information email about Conservative No-fun-at-all University of the South? Often times, what you call spam is actually legitimate email. The problem is, TIME does not know that you don’t want it. Gmail does not know that you don’t want it. The way email works today, there is no way for them to know one way or another.
Q: Haha, who cares? Nobody uses email anymore.
A: Ouch. That’s a problem. However cool and hip you think social networking is, the fact remains that email is still used by important and powerful people everywhere. It has been around for almost 30 years now, and it is here to stay. That’s why it is a good idea to have a functional email inbox, one that isn’t flooded with spam, and to check it often.
1. Protect your email
Every year that goes by, it seems the Internet is used less for reading, and more for writing. All the time now, unimportant people like you and me are writing emails, blogs, tweets, and maybe even websites! Now that you can write for the Internet, you have to be careful about where you put your email! Bad people can use the Internet just like you can, and by searching for things that look like an email address1, bad people can find your email quickly and sell it to advertisers.
Now, ten years ago, you were probably taught not to give out your email address to strangers, as if it were as secret as your social security number. But that just doesn’t work today. You have to provide your email for everything from Twitter to TIME Magazine. But no problem! Protecting your email address is still possible. Just keep these three important points in mind:
- Bad people will not spend time looking at websites on the Internet to find email to sell. That is too slow. Instead, they will make special programs (known as email crawlers) to harvest emails automatically. Anti-virus scanners will not find them, but that’s okay. They are much easier to fool.
- Don’t make your email look like an email address! If you are blogging, tweeting, or writing anything that is publicly see-able, don’t just type out your email! That makes it too easy for bad people to steal your email address. Instead, you can write it out like roger at rogerhub.com. When people need to email you, they know how to put in the @ sign themselves2.
- If you are using a big website like Twitter or Facebook, don’t worry about them! Website makers have good sense when it comes to emails. They will take extra precaution to protect your email address from spam robots, but be sure to check your settings to make sure.
The bottom line: As long as your email does not really look3like an email, it is safe to put online.
2. Don’t just delete. Unsubscribe!
It would be great if you knew step #1 from the beginning, but chances are, your email address is already in the hands of many bad people and you get lots of unwanted email. No problem! There’s an easy way to stop the spam. Businesses and advertisers are required by law4 to let you take yourself off (unsubscribe) from their email list. When you unsubscribe, you prevent advertisers from ever emailing you again. Most of the spam you get is really from nice guys who don’t know that you don’t want their email. Being respectable guys and all, they will always include a link to use if you don’t want to get their email anymore. Use it! Don’t just delete spam emails, or they’ll keep coming.
But sometimes, unsubscribing doesn’t work. Evil people will not put a unsubscribe link. Or maybe the link won’t work and they just keep emailing you. If you notice that a lot of your spam emails look the same and are coming from the same person, there’s one more thing you can do.
3. Fight back.
This last solution is a bit extreme. Before you begin, wait at least 10 days after you unsubscribe5 before trying this.
Fortunately, the guys who made the Internet were good guys, and predicted that not everybody would play nicely. They designed email and the Internet so that you can find out a lot about who is sending you email. Let’s get started.
Email comes with a lot of extra data that you never see. This data has stuff like the subject, who it was from, when they sent it, and who else it was sent to. This data is collectively called the email headers. Now, when someone sends you an email, that message gets passed around from one computer to another computer until it gets to your email service: Gmail, Yahoo, Hotmail, etc. Every time the message changes hands, the computer that has the email adds some more email headers to the email. This means you can find the first computer that had the email. That is the computer your spammer is using to send you spam. Here’s how:
- On Google Gmail - Open the spam email. Look to the right where you see the words “show details” and the time. Next to the Reply button, there’s a drop down menu. Open that, and click “Show Original”. A new tab will open with the headers.
- On Yahoo! Mail - Open the spam email. Look to the right where it says “Compact Header”. Change that to “Full Header” and a modal window will pop up with the headers.
- On Hotmail and Microsoft Outlook - Right click the email from your Inbox and press “View Source”.
- There is a more detailed guide on how to open email headers here.
Email headers are a bunch of lines that look this.
Received: by 10.20.30.40 with HTTP; Wed, 21 Sep 2011 18:00:00 -0700 (PDT)
Received: by 10.20.30.50 with HTTP; Wed, 21 Sep 2011 18:00:00 -0700 (PDT)
Received: from [220.127.116.11] (helo=badspammer.example.com) by
youremailserver.example.com with esmtp (Exim 4.69); Wed, 21 Sep 2011 20:09:34 -0500
Received: from [127.0.0.1] by badspammer.example.com with ESMTP (TLSv1:AES256-SHA:256)
id HASH-??????????????; Wed, 21 Sep 2011 18:00:00 -0800
Date: Wed, 21 Sep 2011 18:51:43 -0700
Subject: Fwd: Fwd: Fwd: Fwd: Fwd: Crap taken from Tumblr
From: Friend <email@example.com>
To: You <firstname.lastname@example.org>
Content-Type: multipart/alternative; boundary=bffec521577143cac104ad7defce
They look very intimidating. You want to look down the last line that begins with “Received:” and contains a (helo=????) mark. Typically, the email only has this once. Got it? You’ve got it:
Now that you know where the spam is coming from, you can look up the computer in a public directory known as the WHOIS database. The database contains contact information for the people responsible for every website in existence. Look for a report abuse email or a website, and take action! Somewhere out there, there is a responsible and hardworking somebody whom you can contact to shut down spammers, not just for you, but for everyone else too.
Send them an email. Copy and paste the headers and the WHOIS information you used to find them. Explain your concerns about their client’s unfair business practices, and the ass-whooping will begin shortly.
It’s not impossible to stop spam. Not impossible at all. With good email practices and precautions, you can effectively get your inbox back before you know it.
The majority of the content here is my personal opinion. I don’t know what goes on within the walls of our major online email providers. The best I can do is present meaningful and educated conjecture. My advice here is not to be understood as anything more than a fun thought exercise to reevaluate your interactions with electronic mail.
- A diligent programmer can write programs to search for something that looks like an email address in huge amounts of text data. The driving force behind such routines is a concept known as Regular Expressions. ↩︎
- Referring to the United States Federal Trade Commission’s CAN-SPAM Act, available for you here. ↩︎
- The FTC technically gives 10 business days for email advertisers to stop emailing you. During that time, some particularly despicable advertisers will continue spamming you. ↩︎