How do I fight spam?

Ah, yes, one of the most irritating aspects of today’s online world, spam makes everyone’s day just a little worse.  It’s not something that you can completely avoid, of course, or there’d be no money in it and spammers would stop doing it.  But the cost is small and so spammers don’t need much of a “hit rate” on their clickthroughs and scams to support the business.  It’s not easy to fight off, and there are some sophisticated services dedicated to just that.  If you’re a business looking for a way to clean up your incoming mail, I’ve had good luck with Google’s Postini and would highly recommend it.  If you’re an individual user looking for a cleaner inbox, read on.

It’s not always possible, of course, but the simplest way to fight spam is to avoid giving out your email address.  If a web site asks for it but doesn’t use it to authenticate you, and you don’t completely trust them, give them a fake address like If they do require you to click on a link, but you still don’t trust them, use a free temporary mail service like or and then forget about it.  Only if you trust a service and/or really want to receive ongoing mail from them should you give them your real email address.

Should you need to post your email address online, try to make as difficult to read with machines as possible.  This is getting tougher, as the bots that grab email addresses online are getting more sophisticated; old tricks like “name at server dot com” don’t really work anymore.  The closer you can get to a natural language description, the better.  E.g., write “My address is my first initial and then my last name at Gmail”, and then give your name.   It’ll be at least a couple of years before Skynet can parse that.

There’s an old trick buried in the way that email works that helps at least track where spam is coming from, and it’s in how you enter your email address.  The plus sign (+) signifies to a mail server that it should ignore whatever comes next until it finds an “at” symbol (@), which allows you to lengthen your own email address with whatever you like.  Say your address is “” and you’re donating to a political candidate.  Sign up with the email address “” and mail will come back to you with that extended address at the top.  What’s nice about this is that if that candidate’s campaign sells your email address to someone, or hands it to someone else in the same party, you’ll know because you’ll start getting incoming mail with the extended address from them, as well.  You’ll be able to use mail rules (which we’ll cover another time) to filter or even immediately trash any unwelcome mail.

Almost all email clients and servers include a method of marking mail as “junk” or “spam”.  This doesn’t just throw the message away; it also alerts the system that this is a message that you didn’t want.  This allows your client or your server to use that message to seed its algorithms, and makes it less likely that similar messages will get to you in the future.  It’s how modern spam-fighting systems are built; they’re fed as much spam as possible until they start recognizing the differences between that and wanted mail.  Your mail provider probably also has an address to forward spam to, which serves a similar purpose; contact your provider or your IT department to find out what that is.

You can take that last tip a step further and actually report unsolicited spam to the FTC by forwarding it to the address This allows the US government to track spam patterns and potentially find the senders and charge them with a crime.  Spam is illegal if it violates the provisions of the CAN-SPAM act, or if it involves otherwise illegal activities, like fraud—the infamous “419” scams were always illegal and didn’t need a special law to make them so.

These are just a few quick tips, and of course there are others.  If anyone has their own, feel free to post them in the comments.