Below are some simple things you can do to reduce the amount of Spam you receive:
- Choose a non-obvious Email Address
As spammers can guess email addresses, use something that can't be easily guessed. For example, instead of email@example.com, use firstname.lastname@example.org.
- Be careful with your Email Address
Never give your email address to a company you do not trust entirely. If in doubt, open a free email account with a provider like hotmail.com or yahoo.com, and use that address for communicating with the less trusted organisations and for posting on forums etc. That way, if they do spam, you can close the account and you've only lost a free email account you weren't using for anything else. Never allow your email address to appear on a website in its true form, including on web-based discussion boards. Instead use Contact Forms or “munge” your address.
- Address Munging
"Munging" is the act of mangling your email address so that it can still be read by a human but cannot be automatically harvested by spammers. For example, the email address email@example.com could be munged into any of the following:
Set up your mail account so that some given word or string of characters must be in the subject line for any mail to be accepted, and then you explain this in any newsgroup postings and webpages containing your address. This way people can respond to you, but spam will be deleted from the server without you having to spend time downloading and reading it. This works especially well with web pages, e.g. use:
<a href="mailto: firstname.lastname@example.org?Subject=FRIENDLYMAIL: Comments about my webpage">Send me email!</a>. Then just 'auto-delete' any mail that doesn't have FRIENDLYMAIL: in the subject line and download the rest.
- Challenge-Response Tools
Challenge-response systems, also known as "Reverse Whitelisting" or "Permission-based" filtering, take a different approach to traditional spam-filters. Where traditional filters start from a stand-point that all mail is good then try to detect the spam, Challenge-Response systems start by assuming all mail is spam then only let through people on a "whitelist". If the user receives mail from someone not on a whitelist, the system "holds" the mail and sends a "challenge" message to the sender. If the sender responds to the “challenge” message, the original message is released and allowed into the user's mailbox, and the sender is whitelisted so any future emails will be allowed through. The theory is that spammers won't bother to reply to the "challenge" - most of them are using forged email addresses anyway so they won't even receive the "challenge".
Unfortunately the challenge-response solution has a number of problems:
- Mailing lists, especially discussion lists. If a message is sent to a mailing list with 1000 subscribers, would you receive 1000 challenge messages? Many Challenge-Response systems allow the user to whitelist a mailing list automatically, but this can be unreliable.
- Automated mailings generated by a computer have no human sender who can respond to the challenge message. This immediately breaks things like password reminder messages, confirmed opt-in mailing lists, cron job notifications etc. Again, these things could be whitelisted manually - but you would have to guess the email addresses they will be sent from, which would be difficult.
- Forged sender addresses. Spammers often forge the addresses of random individuals as the senders of their spam - if a spammer forges the sender address for 1,000,000 spam emails, the poor person whose email address was used could receive a "challenge" message from each recipient.
- Using a tool to send fake "bounce messages"
There's a school of thought that says that if you send fake "bounce messages" in response to the spam you receive, spammers will remove you from their mailing lists and you'll get less spam in the future. To this end, there are various tools - the most well-known being MailWasher, that generate such "fake" bounce messages.
The general consensus is that this is a bad idea, and here are a few reasons why:
- There is lots of anecdotal evidence that suggests spammers as a rule are not interested in removing dead email addresses from their lists.
- The return address in almost all spam messages is forged, so any "fake bounce" you generate probably won't reach the spammer anyway. Your "fake bounce" will either hop around between mailservers consuming resources before being quietly dropped, or it would end up in the mailbox of some entirely innocent third-party.
- By examination of the headers and included information in a bounce message, it's possible to make a reasonable inference as to whether it is real or fake. So even if your bounce message did somehow reach the spammer, his systems may well figure out that it's fake and ignore it anyway.