NOSPAM Addresses are Eeeeevil

Most modern newsreaders let you manually set the address you claim to be "From:" in your USENET posts. This has some important and legitimate uses. If the machine I was posting from didn't recieve mail, for example, I would want my "From:" line to contain a mailable address (such as "dmaze@mit.edu").

Unfortunately, the growth of unsolicited commercial email ("spam") has driven many people to abuse this feature. Posts abound bearing addresses such as NOdmazeSPAM@DONT.mit.SPAM.edu.ME, with a disclaimer in the signature saying something like "remove the capital letters to send me mail". In addition to violating the standards governing USENET posts, I maintain that this practice is nothing less than rude to the real human beings who read newsgroups.

The Problems

I won't claim that the spam problem isn't a real one. I seem to get a relatively little amount of spam, usually not more than one or two messages a week unless some unscrupuluous person realizes that they can annoy the entire MIT community by sending to public mail lists as well as individuals.

Spammers can get email addresses from a number of places. It's not that difficult to get a USENET feed, and the headers of USENET messages can then be examined to glean hopefully valid email addresses. One can also write a Web robot that looks for "mailto:" URLs in Web pages, or combine the two approaches to scan public mailing list archives or USENET archives such as DejaNews.

Given a list of addresses, either scanned oneself or purchased, one then either finds a spam-friendly ISP, such as UUNet, or gets a free throwaway email account from a service such as Hotmail. One finds an advertisement, and using their service, sends mail to every address they can possibly come up with. It doesn't matter if all or even most of the messages get through, just so long as a few people get the advertisement.

The Wrong Solution

The "nospam" solution is a simplistic one, at best. The reasoning goes something like this: spammers take addresses from USENET. They then send mail to these addresses. If I post using an address that I don't recieve mail at, and the spammer picks up that address and sends it mail, I won't get it. This is all well and good for solving the problem it was intended to solve, but it has a number of annoying consequences, and often is implemented poorly.

Annoying Consequences

Implementation Failures

How I Deal

I only post to Usenet with a valid mail address (for no particular reason, I tend to use my address on my personal machine rather than an unqualified MIT address, but it's still valid). Occasionally, less than scrupuluous people send me electronic mail advertising some product. I generally respond by complaining to the administrators at the site from which the mail came. I don't complain to my local mail administrators; there's nothing they can do, and cutting off mail service to significant fractions of the Internet once again threatens to do more damage to real humans than it could solve in reducing spam.

Unfortunately, the nature of the Internet makes it difficult to deal with some of the serious spam sources. While free email accounts are a recent invention, they seem to be quite popular, and eliminating them could be quite troublesome. (Administrators at these sites also seem to be good in general about killing off accounts that are fronts for spammers.) More annoying is the large ISPs, primarily UUNet, that deal with spam complaints by assigning each complaint a unique ticket number and summarily ignoring the problem. Even if UUNet went away, there would be nothing stopping spammers from joining together and creating their own ISP. (There was some talk of this actually happing not too long ago.)

Conclusions

Spam seems to be an unfortunate consequence of the New Digital Age (TM). There's really not a whole lot individuals can do about it, beyond complaining about individual incidents of spam.

It seems popular right now to send messages to Usenet with forged From: lines with the intent of preventing spammers from getting a valid address. Most of these tricks are easy to work around, and those that aren't tend to be hopelessly obscure. These tricks, regardless of how simple, also make well-meaning real human beings have to go through bizarre rituals to be able to send mail in response.

See Also


Return to David's home page, or go to the index; contact dmaze@mit.edu