After my last post, I was bombarded with trackback spam for almost a month before I was able to get rid of the spammer. The admin of the first messageboard I contacted responded with dismay; his board had been hacked and significant content had been deleted. The violation of his website (and the loss of so much content) had him so discouraged, he wasn’t sure he was going to try to restore the board at all. The next few didn’t respond, but the spammer moved from one to the next as I alerted them, so I guess they took action when I notified them of the hacking. Then he moved on to Harvard, of all places, putting trackback spam pages in one of their subdomains. At this point, I was fed up. Six or seven spam messages every day for a month is too much. (I know, the popular blogs probably get hundreds or thousands a day, but I’m not making a living from mine yet.) I did notify the webmaster at Harvard, but I also checked the spammer’s IP address and tracked it back to his ISP. After that, the bombardment finally stopped.

I mention this because it’s up to us, the haters-of-spam, to take action to stop spam. We have to work together to take away any benefit they could get from it and block them wherever possible, whether they’re barging into our email inbox or sending messages through instant messengers or using the comment/messaging systems of your favorite social networking site. I freely acknowledge that I’m not the be-all and end-all of internet wisdom, but I’ve been around for a while, so I’ve got some advice on the subject.

First and foremost,
NEVER BUY FROM SPAM MESSAGES. Don’t even click their links. Some of them earn money based on how many people click their links, others only from actual purchases made through their messages. Don’t give them any encouragement. DEFINITELY don’t ever hire them to market anything for you. (Same goes for telemarketers – if nobody ever bought anything from them, they’d eventually give up and go do something else. Basic law of business.) Remember that a lot of the sites you will come across when searching for something will be built solely to snag search traffic and reroute through paid links. You’ll know them when you see them. Don’t click those either; it’ll be a lot of the same type of people.

Be careful what you forward. Not everything is worth forwarding, and sometimes, the pictures themselves are used for tracking. My first computer died an ignominious death due to my ignorance of the viruses embedded in the fun games everyone was passing around by email. The timing was terrible, and I lost a lot of data. There’s nothing wrong with passing along useful advice, though, as long as your friends haven’t already asked you to stop forwarding things.

Verify. Please, make sure things are TRUE before you pass them along (and remember that if anything requires you to forward it before you see the results, the person who sent it couldn’t have seen the results to tell you it worked). Learn to recognize the common methods of tricking people into giving away financial information, so you can protect yourself. Amber alerts without names or contact information are fake, companies do NOT give awards or donations based on the number of emails forwarded, financial institutions will not send important account closure/verification messages to you through email, virus warnings are sometimes treacherous in themselves, hitmen don’t email their targets to offer them a chance to buy their way out of being murdered, and random people with a horrible grasp of English grammar are not going to send you multi-million dollar windfalls just to help them transfer it into the US. Snopes.com is a pretty good first step, and if you still can’t tell, try contacting a friend who’s been around the web a few times.

Use copy/paste. Your friends will be grateful you didn’t send Russian nesting dolls or collections of angle brackets, and if you’re trying to forward the text of a message without useless (or potentially sneaky, data-mining) images, you can paste it into Notepad (or whatever text-only application you have handy) to strip out the non-text data. (Saving the whole message as a text file should do the same thing, if you prefer.) I hate having to scroll back and forth to read short bits of oddly truncated sentences interspersed with >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>, don’t you? Forwarding email as an attachment usually avoids the angle brackets, but then you end up with an attachment to an attachment to an attachment to an attachment… I’ve received emails a dozen layers deep, and that’s just annoying. Please, don’t do that.

Block external images from unknown senders. Many email clients will default to this setting for your safety, so take advantage of the feature. Some of them will even let you bounce the message back at the sender as if your email address doesn’t exist. Doesn’t always stop them, but some ISPs pay attention to how many messages bounce back at a sender, which raises suspicions that the address is being used to send mass messages to unconfirmed addresses – in other words, spam.

Blind Carbon Copy is your friend. Spammers love those mass-forwarded emails because they tend to gather a huge list of valid email addresses, but if you use BCC, there won’t be a list of email addresses added to the top of the message every time it’s sent. This prevents perfect strangers from collecting your personal email address when the message comes their way

Pay attention to where you give your email address. Sometimes what you consider spam is a recurring email list to which you subscribed, whether you realized it at the time or not, and accusing people of spamming you when you asked them to send you email is rather rude. In addition, it makes the tech support people skeptical of all spam claims, because they have to wade through so many complaints that turn out to be legitimate lists, which makes it that much harder to convince them that a spammer is violating the rules. If you remember subscribing, use the unsubscribe link at the bottom of the email. If there is no unsubscribe link, try contacting the sender directly. If that doesn’t work, THEN you can start crying spam and use the other anti-spam methods listed here. If you never subscribed, though, don’t click the unsubscribe link; you’ll only verify your email address for them.

Cooperate with others. Report scams to the financial institutions being spoofed, and report private messenger spam to the site admins. Sometimes you can get their webhost to pull them, sometimes you can get help from their affiliate manager, and sometimes you can go straight to their web connection. Techie types may be able to help you track down the ISPs and get the spammers shut down. Inform your friends and family of the strategies against spam, so they can help you fight it. To that end, you may forward this entry IN ITS ENTIRETY (or quote parts with attribution on your blog) as long as you a) follow the advice in it for sending forwards, and b) include the link to this entry: http://www.chrystalline.com/2008/06/fighting-spam/

Copyright Chrystalline Lauryl
June 1, 2008
www.Chrystalline.com
redistribution permitted only as described above