Well-guarded e-mail address, filters are best spam defense

THE FEDERAL Can-Spam law took effect New Year's Day, but the people who send me junk mail aren't paying attention.

When I opened my inbox at work Monday after the holiday, I found the usual 50 or 60 pitches for prescription painkillers, sexual aids, mortgage refinancing deals and porn sites, along with four variations on the venerable Nigerian bank scam.


As usual, I spent a few minutes deleting the junk and saving the Nigerian scam offers, which I collect because I love the wondrous liberties they take with the English language. But that's the subject of another column. This one is about how to protect yourself from spam, because the new federal law isn't likely to do it, at least not any time soon.

Can-Spam, as I mentioned last time, doesn't ban unsolicited commercial e-mail. It merely requires a legitimate return address and an opt-out provision that's supposed to make it easy for you to remove yourself from the sender's mailing list. It's also based on the ludicrous supposition that spam creeps operating out of trailer parks who bombard the world with junk mail through servers in Romania, phony relays in Tonga or a 14-year-old's hijacked PC in Kalamazoo are actually going to obey the law.


No, stopping spam is still up to you. And the best ways to defend yourself are to (a) present the smallest possible target to the enemy and (b) figure out how to duck the bullets that head your way.

Rule number one: Don't give your e-mail address to everyone who asks for it. If you're not already being bombarded with spam, consider yourself lucky and guard your privacy.

Don't enter online contests that require your e-mail address. Don't fill out questionnaires or take online surveys that ask for e-mail addresses, even if the Web site offers a coupon for a free six-pack of Jolt Cola. Most of these are come-ons for marketers who want personal information about you.

If you do business online, even with reputable companies, look carefully before you complete your order. Somewhere you're likely to find a check-box next to a paragraph that says, "Please send me notices of valuable future offers from you and your business partners," or some such gobbledygook.

A "business partner" is anyone willing to buy your address. If you don't want your mailbox bombarded with ads, make sure those little boxes are all unchecked. Legitimate outfits will respect your wishes, but you have to make it perfectly clear that you're opting out.

Reserve your main e-mail address for people you really care about. If you post to newsgroups or listservs, hang around chat rooms or even order from a legitimate retailer who wants an e-mail address, sign up for a free mail account with Yahoo, Hotmail, Netscape or one of the other portal services. Post that address online and let it collect the spam that's sure to result. When it starts to get out of hand, just kill off the account and start another.

Alternatively, if your ISP provides multiple e-mail accounts and you haven't assigned all of them to family members, use one to create an address for online transactions. If that mailbox fills up with spam, you can delete the account and replace it with another name.

Also, consider "renting" throwaway addresses. For example, as part of its enhanced, fee-based mail service (starting at $30 a year), Yahoo provides up to 500 temporary e-mail addresses specifically for use in online transactions.


Now for a tricky decision: Spam fighters have long advised against replying to any spam message - even to internal links that offer to remove you from the sender's mailing list. That's because real spammers use that ploy to verify your address, which they can use again or sell to another spammer.

The Can-Spam act requires commercial senders to include an opt-out address or link to a Web site that will remove you from their mailing lists.

In a perfect world, that would make it safe to respond. The question is whether any real spammer will honor that request. I doubt it.

If you're receiving unwanted mail from a legitimate company you've dealt with before, it's probably safe to use the "unsubscribe" link. On the other hand, if the message looks like spam, or it's from someone you've never done business with - no matter how legitimate it looks - you're better off just deleting it or putting the sender on your spam filter's blocking list.

That brings us to the last line of defense - a spam filter. This is a program running on your computer or your ISP's mail server that analyzes incoming messages and flags mail that appears to be spam - either from the return address or the content ("Get cheap Viagra" is a giveaway).

Even a modestly successful spam filter will flag most of the incoming junk. The question is how many false positives does the filter generate. You don't want to ignore real e-mail that's been flagged as spam.


The big ISPs and Web mail outfits have improved their internal spam filters considerably over the past year. For example, Yahoo's filters captured about 75 percent of the garbage in my mailbox over the last month without a single false positive.

If you use one of these ISPs or e-mail gateways, check to see what filtering is available and what options are open to you. Some don't turn filtering on until you authorize it (usually by checking a preferences box).

If you're using standard e-mail, look for a third-party spam filter. Some, like Norton Internet Security and SpamNet are linked to your e-mail program, and use a built-in database of spam "signatures" to filter mail as it comes in. SpamNet's database is constantly augmented by submissions from its members. The company claims its algorithms can remove 95 percent of spam from users' mailboxes at a cost of $4 per month.

Other spam-fighters, such as SpamCop ($30 a year, www. filter mail on their servers, which means you'll have to redirect your mail there first, even if you use your regular e-mail program to retrieve it.

I haven't tried them all, but Consumer Reports recently tried out a bunch and gave its highest ratings to SAProxy (, SpamCatcher Universal (www.mail, SpamSleuth (www. and Norton ( WebWasher Classic, a free download (, also has an enthusiastic following.

If you're inundated by spam, any of these is likely to be better than none. Just make sure the program you buy is compatible with your e-mail software. And do the world a favor - don't buy one from someone who advertises by sending spam. It just encourages them to send more.