How to avoid spam
So, you’re living in the Internet age and spam is driving you crazy. It’s only natural. I’ve found the cure for spam, incidentally, as far as the user is concerned. It has a bit of guerilla tactics in it. Unfortunately, it requires you to pay quite a high price: give up all the accounts you already have.
No, protecting accounts you already get spam on is not going to work, not with the current technological specification for email. Bayesian filtering, pattern recognition, black lists, white lists, auto-responders, did I miss anything? Doesn’t matter. If they had worked you wouldn’t be reading this.
It’s a simple trick, really, once you understand a fundamental fact: that once an email address gets found out, it’s doomed. Someday, somehow, somewhere, a professional spammer, a bot or a mean ex-boyfriend will sell your address down the river. So the trick is to never let anybody know your real address.
Never means never and under no circumstances. Do not use it to subscribe to mailing lists, to create accounts of any kind, to sign code contributions, do not post it anywhere (not even obfuscated in a manner you feel it’s clever). Mailing lists will publish it on the Web, version control will do too, Web services will sell it, and bots will find it and decode it anywhere.
So far it may seem you have to give up email altogether and turn to IM. That’s not what I’m saying. I said don’t give out your real address.
What you do is always use aliases. Here’s the think, in easy to follow steps:
- Buy yourself a domain or several and make sure you hold on to them.
- Host it at a hosting service that allows unlimited aliases and lets you create and destroy them quickly and painlessly. If they have a feature that creates aliases for you based on certain patterns (ie. JohnDoeInsertLargeNumberHere@mydomain.net) all the better.
- Create your real addresses, however you like. Make sure to pick rather obscure usernames. Definitely don’t use contact, office, support and the likes of. Picking up domain names from DNS records and blindly spamming such common usernames is probably part of the spammer’s ABC…
- Do not activate the catch all function! See the above point. You’d be doing a favor to all those spammers shooting in the dark.
- Create aliases and always use aliases. For everything. A good email client will let you create alternate accounts based entirely on aliases, that look and act just like “real” accounts.
- Whenever an alias starts bothering you too much with spam, kill it and get another.
- Finally, never give out the real addresses. Never. Not even to your puppy-eyed girlfriend or your poor old mother.
As long as nobody knows your address, and as long as they can’t guess it, they can’t spam it.
It’s as simple as that. But this whole idea has one fatal flaw: we can’t give up the addresses we’ve used for so long, because they are our link to the Internet, they are part of our identity. But at least I hope it may help some young bright thing who’s only now taking her first steps out in the jungle.
Well, to be truthful, there are a few other weak points in the theory.
What do you do if you’re a company and you have to give out email? I say, don’t. Give phone numbers, give a snail-mail address, give IM accounts, but don’t give email. Instead, offer a Web form which will forward the message to an email account. Ask the people to include their email address and get back to them. Problem solved, and no spam.
Secondly, what if you’re a programmer involved in open-source projects and you need to give people a way to contact you? Same thing, don’t give email. You may not want to give out IM, phone or where you live, but you can leave a website. And on the website you can put the good old form that gets transferred to email. Same trick.