CIS Home > Security > News & Services > Dealing with Spam

Dealing with Spam: Dos and Don'ts

Spam, or unsolicited bulk email, is a common annoyance on the Internet today. WHOI community members have expressed to CIS concerns that the amount of spam they're receiving is growing, and we'd like to take this chance to offer some guidelines for dealing with this bothersome abuse of the Internet's email facility.

Don't reply directly to spam.

In general, it is a bad idea to respond directly to spam messages. Most spam is forged, meaning that the address it appears to be from is not the actual address of the person sending it. Spam may appear to be sent from an address which is entirely bogus (nonexistent), or from an address of an unrelated third party. In those few cases where spammers use their own addresses, responding to spam merely indicates to them that you receive and read it -- so they will send more.

A related guideline: Many spammers include in their messages a line like this: "To be removed from this mailing list, email removeme@spammer.com." In general, it is not a good idea to send email to "remove me" addresses. While legitimate mailing lists do respect your desire to be removed, spammers do not. They use your removal request as a confirmation that your address is actively read, and thus send you more spam.

Do report spam.

Sending spam is a violation of the terms of service of all legitimate Internet service providers. While not every ISP is as responsive as it should be to reports of spam, many will take steps to remove spammers from their networks if they are reported. You can report spammers yourself (by learning to read email headers), or use a service such as SpamCop to report it automatically.

If you are receiving repeated spam from a particular sender, or with a particular subject line or other common feature, WHOI CIS can block it at the mail server. This will protect you from further spam -- and also cut down on the spam problem for other WHOInet users.

How to report spam to CIS:

  1. Turn on full headers in your email reader. In Netscape Messenger, select the menu option View->Headers->All. If you don't use Netscape, take a look at this SpamCop page for instructions for over 20 different email clients.
  2. If you can, forward the message as an attachment. Some mail clients will mangle your message if you forward it "inline". In Netscape, select the menu option Message->Forward As->Attachment. Note that forwarding as an attachment is not always a good idea for day-to-day use, but it helps us when dealing with spam.
  3. Forward to spam@whoi.edu. Please don't send spam to Helpdesk or to individual CIS technicians. The spam@whoi.edu address has been set up to deal especially with spam.

Don't do business with spammers.

Spamming is a dishonest tactic, and "businesses" who spam are generally not honest businesses. Many are outright frauds, selling products which do not even distantly live up to their claims. Some are fly-by-nights which have no product at all -- they take your money and run.

Even if a business which spams is otherwise legitimate, buying from it will encourage it to spam more. Several large mainstream businesses have tried spamming as a marketing tactic and rejected it after complaints and boycotts have made it clear that it is unacceptable. If spamming repels more customers than it attracts, then legitimate businesses will reject it.

Do protect your mail client.

Recently, spammers have started taking advantage of security weaknesses in graphical mail clients like Netscape Messenger and Microsoft Outlook. Because these programs act like Web browsers, spammers can use cookies and Web bugs to track the recipients of spam. With this information, spammers can confirm that you have read their messages, validating your email address as a target for future spam.

In Netscape, turn off JavaScript in mail and news. In the Netscape preferences, select the Advanced category and uncheck the Enable JavaScript for Mail and News option. (If you have JavaScript disabled entirely, this setting will be grayed out as redundant.)

It is also a good idea to disable the automatic display of attachments, since attachments can bear hostile code or Web-bug references. To do this in Netscape, uncheck the menu option View->View Attachments Inline.

Other mail clients may have similar settings; consult the documentation for details.

Don't spam.

We don't expect WHOInet users will have any problem with this item! Nevertheless, we mention it for completeness, and for anyone else who may have come across this page.

Spamming is not just rude. It is a criminal offense in many states, and spammers have been prosecuted or held civilly liable for their abuses many times. Although Massachusetts does not (yet) have laws against spam, you can be prosecuted in Washington or West Virginia (among other states) if you send spam into those states. Even in states that do not have specific anti-spam laws, particularly abusive spammers have been held liable for trespass and computer crimes.

Some Quick FAQs:

Why is spam unlawful, when "junk mail" (via paper mail) is legal? When a business sends junk paper mail to you, that business pays for the paper, the printing, and the delivery of its message. But when a spammer sends spam to your WHOI email account, WHOI pays a large portion of the costs of delivery: it takes up our network bandwidth and disk space. In effect the spammer steals these resources from us, driving up costs.

Why is it called "spam"? This popular term, which has been applied to various sorts of network abuse, has a curious history. Brad Templeton of ClariNet fame has collected a history of the word "spam" and of various sorts of spamming.

Why report spam instead of deleting it? For the same reason you should report harassment or any other abuse: if you ignore it, it won't go away. Reporting spammers to ISPs isn't annoying the ISPs; it's helping them to enforce their policies and be good Internet citizens.

Where can I find out more? There are lots of resources on the Web for fighting spam. Scott Mueller's spam.abuse.net is a good start for beginners.