My PC is my castle

he barbarians are at the castle walls. So how do you prevent the breach? Because once the spammers get past your defenses they'll never leave you in peace. Building spam defenses is hard work so if you need to grab a snack, go for it. I'll be waiting here.

Obviously, protecting your email address is the key to frustrating the spammers. Without it they are nothing. So how do they get your email address in the first place? That's the rub. It is Spammeister's opinion that nobody, other than the spammers themselves, know for sure. Realize that most people think Spammeister is full of beans on this one. But it is my humble opinion that spam fighters are on the outside looking in. What we know of the spammer's methods is based largely upon anecdotal evidence. But here are the most widely held theories.

• Newsgroups. Many people think this is the number one way spammers get your email address. Spammers use software called harvesters to grab the email addresses of newsgroup posters. I recently read an estimate that 70% of the email addresses on spam mailing lists were gleaned from newsgroups. I'm not too sure about that but I do know one thing. Post on a newsgroup using your real email address and you'll soon get spam.
  
  The counter measure to pretect yourself is to munge your email address. What's the heck's munging? Me@myisp.com becomes me@nospam.com. This frustrates the spammers but it also frustrates any real poster who'd like to send you email. Some people include their real email address in the "Reply-to" field. Some include it in the body of their email. Some people think spam harvesters ignore the "Reply-to" or the message body. Some like Spammeister are skeptical of these assumptions. But why take a chance? Use some munging convention like me@deletethistomailmemyisp.com. It'll frustrate the spammers' automated harvesters but be obvious to real people how to un-munge your email address to send you personal mail.



• Chat rooms. AOL is a particular target of spammers because of the newbie reputation. Spammers are reported to have software that grabs screen names from AOL chat rooms. Internet Relay Chat (IRC) rooms are just as vulnerable.
  
  The counter measure is to use throw away email addresses. Take AOL. You can create up to 7 screen names. Set up one as your spam magnet. You'll probably want it set up in AOL's mail controls so it can't receive any email. Then use it exclusively for chatting. For IRC use a throw away email address. Pick one up on Hotmail or some other web mail service. Spammeister likes using Sneakemail, a nice email forwarding service designed for this sort of thing.



• Dictionary attacks. Devious little spammers are clever buggers. They know that a domain like aol.com exists. It's safe to assume someone at AOL is named Joe Doaks and probably is using a screen name like JoeDoaks or JDoaks. So spammers will send spam to both jdoaks@aol.com and joedoaks@aol.com to see if it's valid. This is a controversial topic. Some people say they don't exist. Spammeister and some others claim to have actually received spam that is hard to otherwise explain. Be your own judge.
  
  Finding a counter measure for this one is a real tough one. You could fiddle with your email ID to make it something less than obvious. But isn't that inconvenient? Spammeister doesn't like being a prisoner to spammers. One thing Spammeister does -- and this is very unpopular with many other spam fighters -- is he bounces spam. It's the only way to deny a spammer of the validation he seeks that he's found another sucker to abuse.
  
  How do you bounce email? Spammeister uses MailWasher. It works with any POP email account.
  
  Why is bouncing so unpopular? Bounced messages eat up bandwidth -- theoretically. Worse, sometimes the return addresses spammers use belong to innocents. Finally, do spammers really check the email accounts they set up? Nobody can answer that one. But if dictionary attacks are real then bouncing email is the only way to defeat them. And, in the long run, will lower the amount of spam, thus saving bandwidth. We can but hope.



• Web pages. Do you have a home page? Bet you list your email address on it. You guessed it. Spammers have software to snag email address from web pages.
  
  Counter measures range from the geeky to simple. Spammeister, being a geek, coded some dynamic JavaScript on his web site to mask his email account. Most people wouldn't find this practical. A much easier solution is to use an email forwarding service like Sneakemail. Sneakemail includes some spam filter tools. If one Sneakemail account gets continually flooded by spam despite your best filtering attempts simply throw it away, create another one, and update your web page with the new Sneakemail address.



• Odds and ends. I switched over to broadband from a dial-up connection. Broadband exposes users to increased risks so I installed Norton Personal Firewall software. Guess what? From time to time I'd open up a piece of spam and my firewall software would flag me that the spam was trying to send out my email address. So it seems clever little spammers have developed spam to call back to 'daddy' to confirm they've got a real live sucker. Let me assure you I don't own any Symantec stock. Spammeister is still reeling from betting the farm on Enron. So, I get no kickback for recommending Norton's products. They aren't cheap. There may be better alternatives if you care to do your own research. But you might want to ask Santa for a copy of it or some other competitive product. And, while you're putting together your Christmas wish list, include some anti-virus software because spam has been reported to carry nasty viruses. Nice guys these spammers.
  
  Finally, be careful configuring your email software. Not only will this protect you from spam it'll protect you from nasty viruses. As I mentioned, HTML spam can sometimes send a reponse back to the spammer to confirm your email address. Some software packages, like Microsoft Outlook can be set up to display a message when you click on it. Reconfigure your software to turn this feature off. That way you can delete spam without risking opening it up. Also, some products, like Outlook, will notify you when a new email message comes in with a dialog box asking you if you want to read the new message sight unseen. Get in the habit of clicking no. Point being don't open an email until you confirm it's from a source you trust.