Fighting Spam (Junk Email)

This information can be freely reproduced in any medium, as long as the information is unmodified.

We often get queries about how to prevent spam, also known as unsolicted commercial email (UCE), or junk email. Spam is email that comes unsolicited, from a source unknown to you. Often the email header information is forged, so that it is more difficult to trace back to (and punish) the spammer.

While spam is not a computer virus issue -- and therefore we claim no particular expertise -- it certainly is a major nuisance. Below are some suggestions for how to fight spam.

Note: The information below is provided as-is. We are not responsible for handling spam, and if you forward any of it to us, or ask us for help on how to deal with your spam, we're likely to delete it without so much as a reply (though we might read it). In fact, I shouldn't say "we"; rather, I'm providing this info on my own. That understood, I hope you'll find the information below useful:

First, what NOT to do:

1. Do not reply to the sender: this merely returns your email back to your mailbox, "address unknown" (if the spammer's address is forged), or tells the spammer that your email address is a "live" one (if the sending address is a valid one).

2. Don't be fooled into replying by text within the spam that suggests that you can get your name removed from the list: see Point 1 above.

3. Don't be fooled by a claim that the email is not spam. If you don't want it, and didn't explicitly ask to receive email from the sender, then it is spam. [Except, perhaps, if you've done business withthe sender before. In that case, however, you know that they have your email address, and a polite request to be removed from their list probably will be successful.]

4. Don't be fooled by an official-sounding blurb that says that the spam is in compliance with some legislation: it is a ploy to try to convince you not to complain. Remember: the longer the spammer can keep using a particular ISP, the easier it is for the spammer... and the more spam the spammer can send.

5. Do not send abusive email to anyone about the spam. If you contact the proper authorities, please do so politely.

• You can just delete it, of course.

• Your emailer may have the ability to filter email. If it does, designing filters wisely may save you a lot of deleting.

• You can ask your email administrator to block spam. Note that this probably won't be 100% successful, but it can reduce spam by orders of magnitude

  The solutions above do nothing to prevent spam or make life miserable for the spammers; the procedures below actually take action against spammers:

• If you decide to report spam, definitely consider forwarding a copy of the spam (with full email headers) to the U.S. Federal Trade Commission (FTC) (leaving our site) -- they have been collecting spam since 1998: "The FTC uses the unsolicited emails stored in this database to pursue law enforcement actions against people who send deceptive spam email."

  As of 11 June, 2002, the FTC says it was receiving 42,000 pieces of forwarded spam per day. Help convince them that the actual amount of spam out there is a LOT more....

  I actually have defined a function key to forward email to the FTC automatically. Perhaps you can do something similar to make it equally easy for you.

• You can ask your appropriate local support to take action against the spammer -- but be forwarned: these support groups are almost always overburdened. If possible, deal with it yourself.

  Note that recently we've seen a lot of email that has forged addresses -- it looks as if the sender comes from the same place you do (e.g., U-M recipients appear to get email from somebody@umich.edu). If spam really does come from U-M, it would be proper to contact the IT User Advocate -- but usually it comes from somewhere else entirely. See the Spam FAQ link below for how to parse email to determine whether or not it originated at your site.

  [The U-M User Advocate maintains antispam information; see their CanTheSpam! pages.]

• You can report it in a fairly automated fashion. One nice method is to use SpamCop's free spam reporting system (leaving our site). SpamCop works very well for GUI email clients, but not so well for text-based one (like pine).

• If you use a text-based emailer, or if you want to learn about how spammers do their evil deeds, you'll need to understand more about spam. I suggest that you read the Gandalf's Spam FAQ (leaving our site) -- in particular, read the part about email headers -- how to display them, and how to interpret them. As an alternative, see StopSpam.org's Reading Email Headers document (leaving our site).

• If you decide to process spam by hand, you may find SamSpade online or Sam Spade for Windows useful (leaving our site).

• If you want to learn more about how spammers may have found your email address and what to do to make it less likely to be harvested in the future, see the Center for Democracy & Technology's Why Am I Getting All This Spam? page (leaving our site).

• When I send a spam complaint, I use a standard template. If you can't decide what to write in your complaint, I might loan my template to you. ;-)

I hope these tips will be helpful to you; they are by no means intended to be all-inclusive. The SpamCop site and the Spam FAQ should give you plenty of additional information and links to be able to fight spam and win.

The U-M Virus Busters Anti-Spam URL lives at <http://www.umich.edu/~virus-busters/antispam.html>.

For virus or hoax info, please see our main page (http://www.umich.edu/~virus-busters/) or go to another reputable site, like The Urban Legends Reference Pages (leaving our site).

   -BPB