Wednesday, April 25, 2007

Where does spam come from? (08/2006)

Q. So where does junk email come from, anyway? Jamie from Killen

A. An organization called the “Center for Democracy and Technology” (CDT) published a report on this subject a while back. According to their website, the CDT is “a non-profit public policy organization who is dedicated to promoting the democratic potential of today's open, decentralized global Internet.” Yeah, I don’t have any idea what that means, either, but they did produce a valuable study that effectively answers your question.

The CDT found that the majority of spam results from having your email address posted some website somewhere. For example, if you visit my company’s silly little website you will see my email address posted prominently because I want both my readers be able to easily find me. Greasy spammers employ little digital robots called “harvesters” that scour websites like mine looking for addresses. When it finds them, the robot adds that address to a database of perhaps millions of addresses. The spammer can then go sell that list to other spammers and so on. As a result, I get tons of spam.

Most people assume that once an address was “out there” in spammers databases, your email address was ruined forever. The CDT study, however, found that removing or disguising your address posted on a website will actually reduce the amount so spam you receive in the future. If you must post your address to a website or forum, you can decrease the amount of spam received by disguising your address. For example, try to use “Bob ‘at’ TimesDaily ‘dot’ com” instead of” wherever possible. By the way, website and email addresses can be entered in either upper or lower case. I use to make it easier to read but the computer still sees it as

Website authors can disguise addresses by transforming their email address text into its decimal equivalent and posting that equivalent as HTML into their websites. Most browsers will automatically translate the decimal address and display it in the original text format. This decimal disguise will effectively “hide” the address from robots. The explanation is a little complicated so I have link to a site that will show you how to do it on my website under “Helpful Links.”

Some spam is generated through attacks on mail servers or other methods that don't rely on robot harvesting. In "brute force" attacks and "dictionary" attacks, spammers send spam to every possible combination of letters at a domain or to common names and words. Spam generated by these attacks will generally be directed to shorter e-mail address such as before it is directed to longer addresses such as

If your address is already inundated with spam, you can purchase effective spam filtering software from any major retailer. The latest version of Outlook has a built-in spam filter. If you are currently using Outlook Express, you may wish to take a look at Thunderbird instead. Thunderbird is a free program that more stable and secure than Outlook and also has a built-in spam and phishing filter. I have a link to that on my website as well.

No comments: