Tuesday, October 09, 2007


no at sign!I've been spamjacked! For a few days now, my primary email address (not my webmail addresses) has been spewing out nothing but spam. Everybody receives some junk email of course but not all junk is technically speaking spam. However, when you suddenly start receiving much larger (I'm talking hundreds, even thousands) of email messages from addresses hitherto unknown to you, as well as shed loads of 'rebound' emails (emails that have bounced of someone else's spam filter and have been redirected to your email address), then you know you've been spamjacked.

In principle this is nothing a good old spam filter can't solve. And if the email address is a primary, non-webmail (not so-called hot tail), usually provided by your ISP or hosting company, then usually the provider will allow you to change settings to solve the problem.

But as with any problem, prevention is better than the cure. Spamming is of course due to a lucrative but often illegal (or semi-legal, it's a bit of a grey area) world-wide trade in email address lists. The latter are built, used and traded by wannabe-netpreneurs who seem to believe that spamming unsuspecting recipients will somehow make the latter more amenable to buying their products or signing up to their programs or newsletters. Probably over 99% of spam sent world-wide gets caught in ISP spam filters or desktop spam filters, and 99% of the remaining balance gets deleted unopened. And those who occasionally do open spam emails out of annoyance are probably put off for life by Viagra, penis-enlargement kits and shady "business opportunities".

Shop the Digital Marketplace

But still the lure of large numbers persists. I believe that to many starting netpreneurs the idea of being able to "reach millions at the click of a button" is still very appealing and that many of those beginners don't even realise that the mass email campaigns or mailing lists they buy often (but not always) aren't bona fide.

So how do these "list builders" get such lists? Well, while some of the real amateurs simply manually trawl the Web's millions of sites, looking for published email addresses, which they then add manually to their lists, the professionals have moved on a long time ago. The "Pros" use email address harvesting software (email harvesters, for short), openly for sale on many a website. This software is nothing but an Internet spider (or robot, or bot, for short), not dissimilar to the kind of spiders that major search engines like Google and Yahoo! use to find new Internet content. Spiders read the content and bring that information back to HQ where algorithms decide what to do with it.

Email harvester spiders are similar but only look for email addresses. And looking for email addresses isn't hard because all email addresses have something in common: they all contain the famous @ sign. All email addresses are essentially character strings of the format: something@somethingelse. So when a malicious email harvester spider finds a character string in that format, the spider can be 99.9% certain that the string is an actual, functioning email address!

And in that vulnerability also lays the cure, or rather the prevention. Here are a few things you can do to protect yourself from prying spiders if you do feel the need to publish your email address on your blog or other web pages:

  • Avoid using the @ sign. Publish your email address (something@somethingelse) as something at somethingelse

  • Code your email address: instead of using something@somethingelse use s o m e t h i n g @ s o m e t h i n g e l s e or s*o!m*e!t*h!i*n!g*@!s*o! m!e*t*h!i*n*g*e!l*s!e. Tell visitors how to "decode" the address.

  • Best of all: publish your email address on a button or small banner (*.gif, *.jpg or other): spiders can read but they can't see; a graphic button means nothing to them whatsoever!

None of these measures will protect your published email address from a determined manual trawler of course but the chances of being found by a manual email harvest collector are quite small.

Good spam fighting!


At 5:21 PM, Blogger Eitan Ha'ahzari said...

OK gotcha. I'll use the address you've provided till you get your regular one going again.


Post a Comment

<< Home