Beware... They're Everywhere

OK, I really want to know how “they” get my email addresses. “They” are every marketer, enterprising spammer, and computer system able to divine my email address no matter where I set it up. At some point, no matter how carefully you keep your email address away from online Web sites and discussion forums, you will start getting spam. It’s like the cosmic law of the Internet universe:

The amount of spam one gets is directly proportional to the age of the email address and the number of times it is used to communicate with people and Internet systems.

Even though I have asked not to get commercial email at every opportunity, including informing email portals of my noninterest (opting out) and I’ve set up a variety of systems and defenses to prevent it (to be described in a future article, by the way), the spam spigot is always on. I have even gotten the stuff in an email box that I use ONLY for business email and for purchasing business items online! Oh yes, and now that I have this email address published on ClickZ, I am starting to wonder how quickly it will grow feet and stumble onto all sorts of interesting mailing lists.

Some of the email I receive is legit — personal email and opted-in email. That stuff I can deal with, no problem. Sometimes I even enjoy it, especially the funnies like the latest Budweiser commercial, frog in a blender, or the singing bass.

But that’s about 10 percent of the email I get. The rest falls into several categories.

Pure Spam

Brightmail, a popular filtering service, has a Spam Index that reports spam volume on a weekly basis. During the week of January 22-28, 2001, it caught an average of about 11,000 pieces of spam per day, with 70 percent product or finance oriented. Somehow that doesn’t pan out for me. Until very recently it seems that much of the spam I got was appropriate for just one holiday, Valentine’s Day, if you get my drift.

These days the combination seems to be get-rich-quick schemes, music offers, and an all-new entrant into the spam field — email written in foreign languages, such as Spanish and French. I have received over 15 pieces of unfiltered, foreign-language spam in the past few months. What are these people thinking? If the average spam campaign gets a 0.1 percent response, this overseas spam must get something like a 0.01 percent response or worse. Is it really worth it? Stop and think about it. When’s the last time you got a piece of junk mail in your real-world mailbox that was written in Spanish?

And how do they get my email address? I can only imagine that they trawl Web sites for text that looks like an email address and look for email addresses on Web-based email systems such as Yahoo Mail and Hotmail. When I turned off my Yahoo Mail email forwarding, my volume of spam decreased by 50 percent.

If you want to experience a real spam fire hose in a big way, just get yourself one of these Web-based email addresses. The spam comes from seemingly untraceable email addresses that bounce back when you try to respond to them and in many cases are unblockable since the sender changes with every email sent, a subtle practice that makes it impossible to block the sender. Many times I have set up a blocked sender only to receive the same piece of spam from another sender.

Wicked.

And then there is email manufacturing, the practice of harvesting email addresses from domain name databases. Yes, you read it right. For the uninitiated, domain name databases are available with millions of fairly up-to-date .com addresses, scraped off some poor domain name registrar’s Web site and burned onto a CD for your enjoyment. Some are available for less than $1,000 a pop. And they don’t contain just the domain name, either; phone numbers, addresses, and fax numbers for the registration are part of these databases as well. Domain name registrars should take note and update their systems and privacy policies against this type of abuse. It is truly evil.

Stealth Spam

The next type of spam is email that looks legit, with clean and well-written copy, maybe even in HTML, but it’s spam nonetheless. This stuff is tricky to spot, but spammers are getting with the program. They are starting to realize that you need to put more than 10 minutes into crafting the message. These messages make me think that these spammers actually rented the mailing lists and therefore want to get some kind of return on investment (ROI).

Some of this spam is quite clever, using scripting in HTML to take you to Web sites when you open or preview the email as well as using Web bugs to track when the email is opened. Don’t open or preview this spam if you can, because doing that acknowledges back to the spammer that you’re alive and giving a millisecond of attention to that email. That’s all they need.

Unsubscribe procedures are outlined but rarely work in these emails. Often, attempting to unsubscribe from this type of email just invites more spam, since the sender who receives the unsubscribe request can take it and turn it into a confirmation that the email address works and a warm body is reading the email, responding. Don’t fall into this trap. Unless you recognize the sender, unsubscribe attempts won’t work for the most part. Just delete the message and block the sender.

Phantom Spam

Another type of spam is something I call “phantom” opt-in. The claim is that I have opted in somewhere sometime to this email through some relationship I had with a Web site where I registered. This is as close as email marketers get to traditional direct marketers, in that they identify how they got my email and allow for opt-out, which seems to work about 50 percent of the time.

The annoying thing about this type of spam is that it usually doesn’t match any of my preferences. Also the company with which I was affiliated continues to put me on its mailing list and sell/rent the lists to its partners. Just because I opted out of one campaign does not mean that the original party who owns the list learns anything. It’ll sell/rent my name again to any list customer, even the same one. This is just greed at work and in many cases poor database management techniques. And it costs the list owner, I bet. Right now, Excite is bugging me to no end, continually selling my email to the same companies after repeated opt-outs from its campaigns.

So what should you do? Keep your email addresses close to your virtual chest. Use “one-time use only” email addresses when registering to portals and other sites that ask for opting-in for third-party mailings.

And there are ways to fight back. In my next article, I will talk about some horror stories some readers have shared with me as well as some techniques that have gotten some attention. These techniques work and will keep your life (and your email inbox) a bit more sane.