Fighting Back Against Spammers!

If you post to mailing lists, or if your email address is available in webpage "mailto:'s", sooner or later your email will be picked up and become subject to receiving spam, often numerous and objectionable in nature. I refuse to allow these scumball spammers to control how I use the Internet. This is the approach I have adopted:
- I have regretfully concluded that it is not practical to try to keep the same public email address indefinitely.
- I never divulge my main email address. I obtain other email addresses that I can change. Actually I use several different email addresses for different purposes, but that would not be for everyone.
- I no longer use email addresses that differ by a single digit from my previous ones. Spammers have figured out how to guess your new email address from older ones. Since my domain name is jrshelby.com, any new email address chosen is jxxxx.jrshelby.com. I use this site (4 characters, letters and numbers, lower case, no punctuation, no similar characters) to select the characters for "xxxx" . This provides 4 random characters from 810,000 possibilities. Dropping one of the x's would result in 27,000 possibilities which would actually be adequate.
- Since I have my own domain name, I set the mail so there is no "catchall" address. This means that mail to the domain must be to an existing address or it bounces.
If you have access to your own domain name (or several) as I do, it is fairly easy to create another email address, either as a mailbox or as a forwarding address. Some other places you can get additional email addresses:
- Most internet service providers allow you to have several mailboxes or email addresses. Check the support page for your service provider.
- Hotmail. Like most such, this is webmail but it is very workable. 2mb mailbox, 1mb max message (larger with $ services) For those who would like to use it with Outlook or Eudora (both send and receive), there is a free program Hotmail popper that will allow you to do this.
- Yahoo mail. Like Hotmail, this is intended to be webmail (and is very workable as such). 4mb mailbox, 3mb max message (larger with $ services). For those who would like to use it with Outlook, Eudora, etc., there is a free program YahooPOPs! which allows you to do so.
- Netscape mail. Webmail. 5mb mailbox, ? max message size. No known way to use with Outlook, Eudora, etc.
- Mail.com. Webmail ($ plans available) 10mb mailbox. Max 2mb message. This would be a great choice except that I have found it to be very slow.
Whenever the spam level reaches the annoying level (despite all the other things I am doing to reduce it), I change my public email address. It was stunning the first time I did this. My spam dropped to nothing immediately and reduced my incoming email by over 90%! The first time I did this it took a full work day to change it all the places it had to be changed. The last time I did it it took two hours. I believe that I can get it down to an hour with some re-organizing:
- I have made a listing of all the places (url's) my email requires changing, which address is used there, and any passwords involved. I did this in the form of an html table with links to the places I'd have to go. This listing includes family members, associates, and various mailing lists to which I am subscribed.
- I have replaced dozens of mailto's to my email address in my various webpages to a link to a single file, which is the only place now requiring a change.
- To make it a bit easier for others to keep up with me, I often add a signature to my emails that looks like this:
  Email address subject to change. Find new one at http://tinyurl.com/rhkr or http://FreshAddress.com
Some places you can register your old and new email addresses.
I have registered at ones marked *. FreshAddress is my current preference. I liked the interface because it seemed relatively simple to add multiple old addresses and to periodically update your current address (what I intend to do). But the others likely will work fine, also.
I discovered that I was getting flooded with spam because I was inviting it. . The welcome mat has been pulled inside!
- Go here: Google advanced search
- Select "100 results"
- Search for jr1jrshelby [You can "copy&paste" that but you'll need to insert the "@" and the ".com".]
- Page down to the bottom and click repeat the search with the omitted results included.
- I got 30 webpages (all within my control) listed showing my email in plain text. I could call up each of these webpages, use control-f and search for the email address and sometimes found multiple instances on the page. This would not have picked up additional instances where it was embedded in a "mailto:" link.
- My solution for this was to place all my html pages in subdirectories under a single subdirectory. I have long used UltraEdit to write my webpages (as well as many other purposes, programming, etc.). I used it's "find and replace in files" feature to find all instances of the email address (in the top subdir and all subdirs beneath it) and replace them with one of the search-proof/resistant versions described elsewhere on this page. This must be done very carefully. I then used my old 2.6 version of CuteFTP to upload all .htm pages showing that day's date.
- While the email address still shows up in Google searches, I can confirm that it is no longer visible by going to each page in the search and using control-f to search for it. If a lot of webpages are involved, the Sam Spade program (link below) is more effective for testing pages for exposed emails, including those embedded in "mail-to's".
- There is not much more I can do to hide this current email address, but when I next change my email address, it will effectively be cloaked to such searches.
- When I use this method to search for my previous email address jr@jrshelby.com, one I had used actively for several years, it showed up on 342 different webpages, with multiple instances on many. Only about the same 30 of those would have been under my control. This is the address that was receiving over 90% spam when I was finally forced to abandon it.
- When I use this method to search for the email address jr@shelby.net, which I used for an even longer period, it showed up on more than 800 web locations! (Google stops counting at 799).
- I am sure that countless spam is still being sent to these two dead addresses, but it is simply going down a black hole. But anyone knowing them could use FreshAddress.com and still get up with me.
- You can try the above methods to find what exposure you have with your email addresses. You can also check your former email addresses and see where they still exist (although they will cause you no problem unless they are still active).
- Admittedly, mine is a more extreme case than most would have with spam. However, if these methods are effective with my extreme case, some of them can certainly be expected to be effective for lesser degrees of exposure and smaller amounts of resultant spam.
I have a lot of webpages and they used to have a lot of "mailto's" all over the place, which I am now removing.
- I have replaced all those email links to me with this link: John Robertson.
- As I revise my webpages, I am removing all mailto links to others and replacing them with such as the following:
  - johndoesome, or or or , etc.
  - johndoe or or or , etc.
- You can no longer click on these and automagically pop up in your mail client with a pre-addressed email. They require that you jot down the email address and enter it manually. But they are much less likely to result in the address becoming a target for spam.
- Sam Spade is a powerful free program. One of its capabilities is to "crawl" your own webpages looking for email addresses "in the open" or concealed in "mail-to's". This is a very effective means of determining when you have removed all exposed email addresses from your webpages. It could also be used to determine if your email address is exposed on specific webpages belonging to others.
Some ways you can manage spam before it gets to your mailbox:
- www.POBox.com $ A mail-fowarding service that removes most spam from your mail in the process. You can check the discards to retrieve any that shouldn't have been removed. Plans start at $15.95/yr. I've tried this and am impressed with price/features.
- Mailwasher. A free program that you can download to your computer that screens your mail while still on your server, using a number of tools for removing email. For $29.95, you gain the option of accessing multiple mailboxes including Hotmail. Some blacklists used, considered, or yet to be tried for use with MailWasher:
  - SpamCop bl.spamcop.net Preconfigured in MailWasher. I found this one to be overly aggressive, marking too many good messages as bad, and have unchecked it for use for now.
  - ORDB relays.ordb.org Preconfigured in MailWasher. I continue to use this one.
  - SpamHaus sbl.spamhaus.org I am currently using this.
  - NJABL dnsbl.njabl.org I am currently using this.
  - CBL cbl.abuseat.org I am currently using this.
  - DSBL
    list.dsbl.org I am currently using this.
    multihop.dsbl.org Not yet tried.
    unconfirmed.dsbl.org Not yet tried.
  - SORBS dnsbl.sorbs.net This one called several "good" messages "bad" (for which I could find no record in their database), and I turned it off for now.
  - SPEWS. Source of many of the above. A lot of others here I'll likely never get around to trying.
My current preference is MailWasher, because I prefer a more hands-on approach to screening my email.

Send any comments or suggestions to:
John Robertson

Other "mailto" obfuscation methods here.