Aardvark Weekly
New Zealand's Leading Weekly Net-News Online Publication
You really should use a Java-capable Browser!

Add this ticker to your page
ASB Bank
Please support Aardvark - CLICK THE AD!
Enabled Are YOU Aardvark Enabled?

Have Your Say

New Sites

Contact Me

Click HERE for DAILY Net News

Commentary for: 12 January 1997

Those Bloody Spammers!
award logo The Christmas and New Year's holiday was great for at least one reason - even the junk mailers seemed to take some time off and the signal to noise ratio in my email box was greatly improved as a result. Alas, after a break of just a couple of weeks they seem to be back and my mailbox is again receiving unwanted, unsolicited and generally completely irrelevant junk mail.

So what can we do about this rubbish?

Well I've noticed an interesting trend. Just 12 months ago, only the email addresses I'd used in usenet newsgroups were receiving unsolicited commercial email (UCE). In the past three or four months though, these addresses have been receiving less than normal (possibly because I've stopped using my email address in newsgroups) but those addresses which I use on Web pages are receiving an increasing amount.

I suspect therefore that the junk mailers have twigged to the fact that most usenet users are now posting with bogus addresses and that there's far more lucrative pickings to be had from the Web when building junk-mailing lists. This is further verified by checking the server logs for my many Web sites. They show that email address extraction programs are spidering those sites with increasing regularity. So what do we do?

Well here's how I deal with junk mail...

1.Hide your email address!
The first and most obvious thing for those who use newsgroups is never to include your true email address in a posting. Most newsgroup users have already twigged to this and either alter their address through the inclusion of the words NOSPAM or similar, or simply use a totally bogus address.

A couple of points about trying to disguise your email address though:

  • Don't just add the words 'NOSPAM' to your proper address. It appears that some of the more sophisticated list generators automatically remove those words from any email address which could mean that if you used joe@NOSPAMhotmail.com then they'd still extract the proper address of joe@hotmail.com. The same goes for using the word 'dot' in place of the '.' and 'at' instead of '@'.

  • Don't think you can just use your email address in your .sig or in the body of the email. A growing number of list extractors now scan the entire email body and latch onto anything that looks like an email address.

  • If you're making up a bogus address - just check first and make sure that the domain you create isn't already in use. For example don't use the address spammers@goaway.com as a bogus address - there really is such a domain and I'm sure they won't appreciate the referrals! You can use the Who Is service at the InterNic site to check to see whether a US domain name is registered but it's better to play it totally safe by using a completely bogus name such as p.off@dont.want.any

Hide, don't run!

Use forms not mailto's
2. Don't use 'mailto' tags
If you have a Web site, don't use the mailto tag to provide email links. Yes... I know, I'm using them myself but I'm about to replace them with a form on all my sites.

Most Web-hosting organisations will provide you with a CGI script that can be called to handle the conversion of the form contents into email messages and using this technique effectively conceals those valuable addresses from the junk mailers.

As I mentioned above, the spammers seem to be using lists generated from the Web in preference to those generated from newsgroups these days so it's silly to advertise your address in this way.

3. Don't Respond!
As it becomes increasingly hard for junk mailers to create effective lists from usenet and the Web, they'll be working harder to ensure that the lists they use and sell to others contains a reasonable percentage of valid addresses.

At present the number of valid addresses to bogus addresses is dropping rapidly as people follow the steps I've outlined above so the spammers are going to be increasingly reliant on one of their "tricks" to validate those addresses.

How do they do it? Well they surely don't receive and use the bounces created by bogus addresses to maintain their lists. It is very seldom that UCE contains a valid return address so the spammers never get to see what email addresses were invalid - and they probably wouldn't want to anyway. In a mailout of a hundred-thousand addresses, there's probably going to be at least 20,000 bounces produced and these guys aren't interested in dealing with that amount of traffic.

Instead, they rely on gullible recipients to follow the instructions that are often included in junk mail these days. You've seen it.. "To be removed from this list..." What ever you do, don't respond to this offer. Chances are that by doing so you will actually be placed on the "high value" list of names which have proven to be valid - and even better, they can claim that the recipients at these addresses don't use filtering on their email and they actually read the junk-mail they receive. This makes those email addresses very valuable to the spammer.

Don't be a sucker!
Don't just sit there - do something!
4. React!
What? Didn't I just say "don't respond"?

In this case I mean you should get into the habit of forwarding all junk mail to the only people who will really be in a position to take action against it.

That is of course, the The Federal Trade Commission in the USA.

Forward copies of any UCE promoting pyramid schemes to pyramid@ftc.gov

Forward copies of other unsolicited junk email to uce@ftc.gov to remind them just how much of a problem UCE really is becoming.

Of course the FTC won't have the resources to follow up ever reported pyramid scheme and have no legal obligation or right to do anything about UCE but if they're reminded of the magnitude of the problem on an ongoing basis you can bet they'll be far more appreciative of the costs this stuff represents to bona fide Net users.

Actually the FTC site has some excellent material on the subject of UCE. Here's a page particularly worth reading.

If the spammer is local and you've got the time, report it by sending a copy (including headers if you can) to the address which is commonly reserved for such complaints. It's usually something such as "abuse@ispdomain".

5. If You're Really Mean
A while back I started building a mailing list of junk-mailer's addresses and every time a new junk-mail was received, I tracked down and added that address to the list. The list itself was connected to the mailbox I'd set aside to collect email and all email received at that address was forwarded to those people on the list.

So, anyone who spammed me automatically got copies of all the other junk mail I received. It took several weeks before the people on that list realised what was going on and started bouncing the mail from that list - a small victory :-)

Another thing you can do if you know how is to get spammers talking to each other by faking emails to their autoresponders using the address of another autoresponder in your header. Although this used to be a very successful way of tying up their systems, these days most autoresponders are smart enough to figure out what's happening and break the loop.

If you find the email address of a habitual spammer, add it to the signature on your newsgroup postings. Say the address was spamford@wallace.com then you'd just put a line at the bottom which says: I've got spam from spamford@wallace.com A word of warning - 99% of UCE comes with faked addresses in the header. Just because it says it's from "joe@yourfriend.com" doesn't mean it is. Unless you know how to check these things - better give this idea a miss, you don't want to penalise some poor guy who is totally innocent.

Of course, when the other spammers scan your postings they'll add that email address to their list and that spammer will start getting some of what he's so keen to give.

You can use this tactic on your Web pages also. Embed these addresses in "mailto" tags at the bottom of your page using text which is the same colour as the background. This approach is even more likely to become effective as the spammers increasingly turn to the Web as a source of addresses.

Sometimes I'm just plain Evil!
Net Flaws
Will Windows Ever Be Net-Safe?
As reported in today's Aardvark Daily it appears that there's yet another Internet-related flaw in Microsoft Windows (95 and NT). This is a bad one - allowing almost anyone to bring down a Net-connected Windows system very easily and no doubt it will rekindle the ongoing debate as to whether it's better to use Unix or NT for Net-based applications such as mail servers and Web servers.

A reliable source also informs me that we should watch out for another major Internet bug/security-related story out of the USA sometime early this week.

Time to stoke those firewalls folks!

Odds and Ends
The guys at Yahoo Aust/NZ included Aardvark Weekly in their Picks Of The Week section last week. Thanks guys - I'll have to rush off and see what effect this had on the number of visitors that edition got!

Last year I was a bit premature with my predictions but it seems that this year they're starting to come true a bit earlier than I thought. Netscape's stock has already dipped significantly on the back of lower than anticipated earnings and at least one state in the USA is working hard to push through Anti-spam legislation that may have an impact on the entire country. This just goes to show that it's not hard to predict the what just the when.

A long time ago I reviewed Harvest Cider. No, not the Web site, the drink. Since then I've become very fond of this little beverage and often have a glass with my dinner. Well recently I was surprised to find that a couple of bottles I bought had failed to keep their fizz so I dropped into the Harvest Cider Web site and sent them an email reporting my problems.

Boy was I surprised to get a reply (during the holiday break) in which they said they'd send me out replacements. True to their word, two replacement bottles (with the prerequisite amount of "fizz") duly arrived. Full marks to Harvest for not only having a great cider but also really understanding the importance of responding to email and keeping the customer satisfied. I now expect all Aardvark readers to go out and try some of this stuff - such a positive attitude to the Net and the customer should be rewarded!

I caught one of our larger Web Design companies trying to submit a list of existing sites to the Aardvark New Sites page this week. Just a reminder that this page is only for New or Rebuilt Web sites, it's not a place to get some free advertising. It appears that in this case it was an ill-informed employee so I've decided to give them the benefit of the doubt and not publicly castigate them for their impudence - sometimes I'm just too nice!

And don't forget about the Aardvark Win a Home on the Net Competition. An entry-form will be online from the 2nd of February.

Yahoo, Predictions and Cider
That's it!

The Great Kiwi Holiday
Where has everyone gone?

Have you noticed how so many people in the Net industry have just disappeared for the first half of this month? This has been particularly noticeable when you look around at local Web sites.

The Plug has gone to sleep until "mid January", NetGuide only has its "Daily Feed" operating, @IDG is flying on auto-pilot, only carrying stuff from the IDG USA newswire and in fact, apart from a couple of exceptions such as SODA and some news sites, the whole local content industry seems to have grabbed their sunnies, and togs then hit the beach.

I wonder when content providers will realise that despite the fact that the target market is local, the Net is global and there's still some value in keeping things going over the break. For example, when the ODT's Web server went down last week I received several emails from ex-pats overseas asking if I knew what the trouble was. They were most disappointed that when it came back up, the News hadn't been updated over the break.

Come on people - the Net spans the globe and for a lot of ex-pats in northern hemisphere countries, Christmas and New Years are just a few short days off - not the great Kiwi holiday!

This Week's Featured "Aardvark Enabled" Site

The Bewildered People's Party of NZ

Get your own site Aardvark Enabled
and you too could appear here!

The I.C.B.I.T Award
I Can't Believe It's True!

What can I say about this site? For a start - it forces the user to have their Javascript enabled despite the security alert which is still in place with respect to Javascript. Those who "play it safe" will be stuck at the front page - unable to contine. Secondly, for some reason (in Netscape anyway) it tries to start NOTEPAD.EXE - why? and should we be worried that if you allow it to load - nothing seems to happen?

Finally, this is supposed to be showcase site for their Web Design services but it just looks butt-ugly! Those graphics (the ones which aren't "borrowed") are just plain awful and the whole thing smacks of amateurism.

Web Focus or Web Folly?

I notice that the site appears to be hosted on the server at the Eastern Institute of Technology - I hope they're not teaching this level of design there!

Right of Reply.

Nothing This Week

New Zealand News Wires

New Zealand News headlines from the best News sites on the NZ Web, all on one page to save you time, money and frustration - updated every 15 minutes.

All the nation's news on one page!


WorldWires - World news headlines

On TV Today
Turn on your Java!
Add this Remote to your own pages!

Aardvark Daily is a publication of, and is copyright to, Bruce Simpson, all rights reserved
Aardvark's logo created by WebDesign,