How to prevent spammers getting your email address

Everyone knows this one, right? Just obey the following rules:

  1. Don’t give your email address to strangers
  2. Never post your email address on newsgroups
  3. Don’t leave your email address lying about on web pages.
  4. Don’t reply to spam – they know you’re reading it.

Unfortunately this advice is seriously out-of-date, although some emails are still harvested by spammers this way. People keep asking the question “I didn’t do any of the above, so how come I’m getting all this spam?”

What the American spammers are actually doing is using malicious software on innocent computers (installed using the normal virus channels). Amongst other things, this software searches the victim’s hard disk for all the email addresses it can find. It then sends the results back to be added to their spamming list. In order to have your email address added to a spamming list, all you need do is exchange an email with an infected PC – or a PC that becomes infected in the future.

As to item four, about never responding to spam, this is no longer the case. Spammers don’t use their real return address anyway. They track who’s reading their wares by embedding a reference to an image in an HTML email. When the message is displayed the image is downloaded from their server; when this happens they know who it was. Microsoft Outlook allows this to happen; Microsoft doesn’t appear to be in any hurry to fix it.

So what can you do? Not much! If you can, use disposable emails. For example, if you’re the secretary of a club and you correspond with a large number of people, some of whom are likely to be hijacked, make your email address ’secretary1@…’. When this is compromised, change it to ’secreatry2@…’ and so on.

A proper solution is needed, but there’s no political will to solve it. The identity of the criminals doing this is well-enough known; the American’s just let them operate virtually unhindered. Something to do with ‘freedom of speech’!