Fighting Spam Part IV

(by Dan Butler)

This issue I want to clarify a few issues that have come up in past "Fighting Spam" articles. Specifically I want to discuss how spammers hide their true address and why email ends up in your mailbox even though it is not addressed to you.

First things first. Many have written wanting to know where to find the earlier articles on fighting spam. You'll find a link to them on my page at TheNakedPC.com website:

http://www.TheNakedPC.com/dan/

Let's start with how spammers hide their true address. This is really easy. They use a forged address. I know, you expected something a bit more complicated. But that's really all there is to it. The fact is that it isn't that hard to fake an email. One more reason to use something like PGP to make your important email verifiable. There is a link to my PGP series on the page above as well.

The frequent use of forged addresses or even forged email headers makes it difficult to trace where spam originates from. Notice I didn't say impossible. You can get caught up in all this and spend a great deal of time tracking down spammers. Is that a productive use of your time? Only you can decide that. Personally I'd rather play with my kids.

A common tactic spammers use is to sign up for a throw-away account at Yahoo!, Hotmail, or some other free email service. Then they send their spam using that address. The key is this -they never check the account. The mail just accumulates until the account is closed due to spam complaints. The spammer opens another account and the process continues. Or they just put a randomly chosen Yahoo! address as the "From" address and don't worry about the rest.

You can usually spot a spam that uses fake headers. Somewhere in the email they will give a different address for you to respond to. Or an phone number to call for their offer. If the address inside the mail and the "From" address are from different domains you have a good chance that the headers are forged.

Think about these two techniques and you'll realize why responding to the emails or even "bouncing" the mail as undeliverable is a shot in the dark at best. Some software will try to create proper bounces for you but you are relying on the spammers to deal with your mail properly. And we know they don't do that.

If the spammer forged the "From" address responding to the email does no good. The emails will be ignored. They are just looking for orders that come to the contact information in the body of the email. If they are using the responses to build a "live list" the headers still may be forged. The information on how to supposedly remove yourself from their list may be the only accurate address in the email. And you already know that responding doesn't always remove you anyway.

How come you don't see your address on mail sent to you? The primary reason is the use of Blind Carbon Copy or BCC mail. Most modern mail readers have this feature and it is useful when you don't want to expose the addresses of all the people you are emailing.

If you are going to forward the latest email joke to fifty of your closest friends at least use the BCC feature of your email to hide their addresses. See our previous article on how not doing so could land your friends on spam lists. Better yet -think twice before you forward that joke around.

Next time I'll tell you how spammers can get your email address without you responding to an email. Until then check up on the previous articles and don't respond to any spam emails!