FC: Charles Platt: "A cautionary tale about spam"

[Declan McCullagh <declan () well com>]

Three spam-proofing techniques I've tried with at-the-time virginal email 
addresses:
1. Encoding a mailto: link -- for example, A HREF="mailto:declan@&#99 
etc.  Ancedotally, this works reasonably well. After a year or so, I've 
received less than 10 spam messages at that address.
2. Using a standard mailto: link but hiding it behind a CGI script, with 
the assumption that spambots hesitante to enter a CGI thicket. After 18 
months, this does not work well, with about one or two spam messages 
arriving a day. I also have an autoreply message set for this account, 
which may encourage smarter spambots.
3. Using an image file to store an email address. After eight months, *NO* 
spam messages so far. Yes, eventually spammers may start OCRing, but they 
haven't yet.

-Declan

---

Date: Wed, 28 May 2003 11:24:52 -0400 (EDT)
From: Charles Platt <somewhere () somewhere com>
To: Declan McCullagh <declan () well com>
cc: politech () politechbot com
Subject: Spam: A cautionary tale
In-Reply-To: <5.2.1.1.0.20030528021944.0474b6d0 () mail well com>

A lighter note on the spam problem:

I have been forced to abandon my old account at panix.com mainly
because of spam. I made the mistake of posting messages to Usenet from
that account, years ago, and ended up with at least 100 spam emails coming
in each day. Various attempts at filtering were unsuccessful (panix.com is
not very good at helping users do that kind of thing). So, I moved to a
different hosting service and sent out a few hundred change-of-address
notifications.

However, once in a while I do still receive "real" email at cp () panix com,
mainly because that address appeared on every Wired feature I wrote for
about six years. I didn't want to miss those "real" messages (hey, someone
could be offering me a writing assignment!) so I set up an autorespond
message. The question was, how to word the message in a way that would be
intelligible to humans but impenetrable to spambots. In other words I was
now in the position of doing the opposite of what the spammers do. They
try to concoct subject lines and messages that spam filters will accept as
"real" email. I was trying to concoct a subject line and message that the
spammers would reject as "unreal" email.

After various ideas I thought I had the perfect solution. I included my
new email address written BACKWARD. There's no way a spambot would know
that it was backward, because it still had an @ sign in the middle, and my
new address does not end in .com.

I was really pleased with my ingenuity until, THE VERY NEXT DAY, I
received spam at my new address from a gentleman in Nigeria who had a
truly amazing story to tell, involving unclaimed millions in a US bank
account.

Yes, some poor wretch, possibly in the third world, had actually taken the
trouble to READ my autoreply, figure out the backward address, and remail
his spam to me at my new location. And now today I have my second piece of
spam, offering to enlarge my penis to truly amazing dimensions, presumably
because the gentleman in Nigeria has resold my new address for 1 cent or
so, thus recouping the time he invested decoding it.

The moral of this story: When you are up against this kind of relentless,
mindless mentality, the law is an inappropriate tool. In my long-forgotten
book ANARCHY ONLINE, 8 years ago, I wrote that antispam laws would never
work. I still believe this, because the ingenuity of spammers will always
exceed the imaginations of legislators. Of course this won't stop the
legislators from trying, and their antispam laws will have unintended
consequences that will be damaging, as Tim May points out.

My autoreply from panix.com now sends a message telling people my phone
number and asking them to call me to get my new email address. This seems
a safe strategy because of course phone calls actually cost money (unlike
email which is virtually free), and consequently telephone spam is much
less of a problem.

The conclusion is obvious.

--CP




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------