honoluluadvertiser.com

Sponsored by:

Comment, blog & share photos

Log in | Become a member
The Honolulu Advertiser
Posted on: Tuesday, June 19, 2001

Wired In
Living a spam-free existence

By Vicki Viotti
Advertiser Staff Writer

Gannett News Service
Kane'ohe resident Ed Slavish, like many of us, was curious about who was sharing his e-mail address with "spammers," those companies that blanket the Internet with unsolicited e-mail. So he tried an experiment: He changed his name slightly in filling out forms that require an e-mail address. It might be "Edgar" on one registration form, even "Edwina" on another.

Then he just waited for the spam to arrive in his e-mail inbox. Depending on how his name appeared, he could tell which company had sold his e-mail address to solicitors.

"I got a couple spam hits from a name I put on a rebate form from a scanner purchase, and another from a shareware company," he said. "Last time I ever pay them for anything."

Those of us with an e-mail address (and that seems to be most of us, these days) are well acquainted with the problem of spam, e-mailed advertising we didn't ask for and generally don't want. "How did they get my e-mail address?" people wonder. "I didn't fill out any requests on the Web."

Although there are ways hackers can break into computers online and read records from hard drives, they'd more likely be searching for credit-card accounts, not e-mail addresses if that happened. More likely, people bothered by spam have contributed toward their own torment, in some way.

They get a joke e-mail from a friend, and then forward it along to more friends, leaving all the recipients' e-mail addresses that appear in the message (when you forward an e-mail, you can erase such things).

They fill out a form that includes their e-mail address. There are so many such opportunities (sweepstakes entries, rebate forms) that it's easy to forget you've done so. A recent postal mailing by NovaParenting.com that arrived in Hawai'i mailboxes included 15 ads and promotional brochures, and a third of those required e-mail addresses.

Or, they pick an e-mail ID that includes their first name. Then, if their Internet service provider (ISP) is unscrupulous about security, a simple query can reveal addresses that include the name. This query is a program called "finger," which runs on many ISPs.

Michael Wise, a systems administrator at the local ISP LavaNet, said providers that run an unprotected version of the program will release a list of everyone with the name in first- or last-name position.

"Having an e-mail address like 'michael@example.com' leaves you open to something known as a 'dictionary attack,' where the spammer tries throwing a dictionary of e-mail user names at your domain and noticing which ones stick," he added.

The conclusion of Wise and most other people following this issue is that consumers have little institutional backing to protect them and are left largely on their own to protect themselves.

A handful of anti-spam measures before Congress have met with opposition on all fronts; some say the bills are too draconian, and other say they're not stringent enough. For example, the Unsolicited Commercial Electronic Mail Act of 2001 (HR 718), has been passed by the House Energy and Commerce Committee, but unhappiness persists. The bill includes some requirements that would hinder an ISP in blocking e-mail from spammers and limits consumer rights to legal recourse, elements opposed by anti-spam groups.

Internet service providers have some recourse for fighting spam, including subscribing to the Mail Abuse Prevention System (MAPS), a nonprofit California organization that compiles a list of spammers that the ISP can then block from sending e-mail to any of its customers.

But in these days of diminishing Net profits, consumers can't always trust their provider to keep their interests, rather than sales, topmost in mind. Experienced Hawai'i Netizens like Bryan Villados have learned various means of battling junk e-mail. One of his weapons: going into his e-mail program and disabling the acceptance of e-mail written in HTML code. These are the kinds of messages that often look like Web sites themselves; they contain images and highlighted links that the reader can click and be brought to a Web site.

"Spammers send (HTML) e-mail, each with an image file specifically coded for the e-mail address it was sent to," he said. "If they detect the image being accessed, then they know it's a good e-mail address."

There are other strategies subscribers can use. And although it seems impossible to defeat the ingenuity of the truly determined mass marketer, such tactics can help.

Vince Bergen, a member of the Hawaii Macintosh Users Group, said he uses a fake or a real, alternate e-mail address whenever a Web site or other solicitor requests an e-mail address.

"Then, I carefully consider if the download, or whatever, is worth the risk of being put on a spam list," he said. "If it is felt to be important, then I give out my real alternate address, and not my Roadrunner address. I have not received any spam (on my main address) for more than a year."

How to handle unwanted e-mail

Fighting off spam, the junk mail of the Internet, can become a full-time job. Few of us have the patience for that. But there are a few precautions that might make the spam flood a little easier to take. Here is a sampling:

  • If nothing else, simply delete the unwanted mail. Don't follow instructions to be removed from a list ("reply with 'remove' in the subject line ..."). Most of the time, all this accomplishes is to confirm your address as valid, a commodity that can be sold to other spammers.
  • Get a free Web-based e-mail account (Hotmail and Yahoo are popular options). Use these if it's essential to leave an e-mail contact. Once the immediate purpose is accomplished, you can abandon the account and start a new one for the next time.
  • Choose an e-mail name that defies attempts at robotic guesswork. In other words, bulk advertisers can use software that generates e-mail names composed of common dictionary words. A name that combines words and numbers, for example, can evade some of these efforts.
  • Avoid posting messages to Web site guest books, chat groups and Internet newsgroups that include valid e-mail addresses. These are harvested by automated programs that seek out the "@" character or the ".com" expression. That's why you see addresses there disguised, such as "name(at)internetservice(dot)com."
  • Disable the loading of HTML or Java scripts in e-mail, both of which can be used to track the delivery of the message. In most e-mail programs, these settings are located in "preferences" or "options" menus.
  • There's no shortage of online advice who want to take things further. Among the sites: SpamCop (www.spamcop.net), SamSpade (www.samspade.org) and the Mail Abuse Prevention System (www.mail-abuse.org).