I am currently experimenting with various methods of getting spammed. In the computer class I teach, I try to give advice about how to avoid getting spam at your email address. The advice I give includes seven basic rules:

1. Never respond to a spam email
2. Do not publish your email address on any web page, BBS/Forums or chat
3. Do not use your main email address to sign up for anything; use a throwaway account
4. Whenever you give your email address, even to family and friends,
   stress that they must never sign you up for anything, or distribute
   your email address to anyone without your permission, especially to any
   commercial enterprise
5. When choosing a hotmail or yahoo address, don’t choose a short name (to avoid dictionary spam)
6. Do not use the “opt-out” link in any email you receive
7. Turn off HTML graphics in your email (they will notify the spammer that you’re viewing their email)

In order to get an idea how dangerous each of these spam-catching methods are, I decided to create some throwaway accounts and try to see how much spam I could receive. I would use each throwaway email address in a unique situation, so it would be clear which method had garnered the junk mail.

#1 I will try after establishing a junk mail stream at one of the new accounts.

#2 I decided to try by putting another throwaway email address–made invisible by matching the font color with the background color–onto the main page of my blog site. Within a few days I started getting junk mail at that address.

#3 I have not gotten around to, but #4 I suffered from already when a cousin in Spain, without my permission or knowledge, signed me up for an ancestry site, clearly highly commercial. Within weeks my spam multiplied incredibly. I also have two or three throwaway addresses I use to sign up for stuff, and they get their share of spam nowadays.

#5 I had already suffered from–I had chosen a 6-letter Yahoo email ID, and immediately received about 60 emails per day right from the beginning.

And then there’s #6, the opt-out. About four or five years ago–some months after my cousin signed me up for that spam-rich ‘service’–I made the mistake of trying to opt out from the spam–and noted a few weeks later that my spam multiplied again.

Of course, the opt-out is most likely a trick. Spammers usually do not know if the email addresses they have are genuine; the majority are usually dead or non-existent accounts. So to get you to tell them that (a) your account is active, and even better, (b) you read your junk mail, they use tactics like the opt-out to make you expose those facts. Just like with the HTML graphics (#7), the opt-out will sound alarms that they have a live one, and more spam will likely be forthcoming, not less.

My current attempt to make them show their colors is not generating any spam yet, but it has only been a week. I searched my spam, and found various opt-out links. One of the first things I noticed was the URL that the link varied from email to email. Many of them were generic URLs that led to an opt-out page everyone would share. However, some of the opt-out links in the email I looked at had URLs that included codes–for example:

http://bilkytrpnpyh@yw21ut6.com/byebye.html

I have changed some of the specific letters and numbers in there to avoid the spammer recognizing it, but you can see the concept. See the letters preceding the @ sign? That’s a code which identifies you. If you click on that link, they will know which email account the spam was sent to, no matter which address you type on their opt-out page. Not wanting to trigger even more spam at my actual email address, I decided only to use opt-outs that were generic. I’ve signed on to 26 different opt-put programs so far, and no spam has come back from them yet–though it has only been a week so far.

Another thing I noticed from skimming through the spam was the creativity in telling you that you can opt out. Most spam uses a unique message to tell you how to get off their lists. This is part of their attempt to evade your email’s spam filter. If everyone used “To opt out, click here,” for example, then the spam filters could zap every spam that comes along. So they want to avoid using recognizable text strings. Here’s a list of many of the messages in the spam I got:

c1ick here – T0 0PT 0UT
click here if you would not like to receive future mailings.
cross my name off
Discon
D-I-S-C-O-N-T-I-N-U-E
Don’t want anymore
Don’t you like it?
Future reference options:
GetOffTheList
I don’t like emails.
I don’t need this
I don’t think so
I want to say adios
If you do not w.ish to recei.ve these offers in the futu.re, rm You.rself
If you do not want to receive further mailings from —-, unsubscribe by sending an email
If you do not want to receive, please use this link
If you do not wish to receive e-mails from us in the future, Click here to unsubscribe.
no chance
NO MAILZ
No moore
No more ads
no more email’z
No More Please
No Thanks
No Thanks, Opt Me Out
Not interested? Please surf here
Please don’t ask me again
press to stop receiving
pwzleduasese remove y{ouxrsel&f, if yo4iu would li(ke to disc”ontinue further mailing
rem ve
Remove here:
remove me
rmv
Subtract yourself here please
T o b e rem ov ed cl ic k he re
Take off
This isn’t for me
To be nullified from our promotion efforts, based upon, this list please proceed forward to the following HTML based removal applicaiton for email.
to be removed click here
To be removed from further emails send email to
To modify your future contact options, please reference here
To stop future advertisement click here
ToRemoveClickHere
Unsub
We will immediatly discontinue offers… just see address below and you will not see us ever again.
You may take yourself off the l.ist he.re

Also note that some of these contain words that are broken up by spaces, hyphens, or junk characters, or replace letters with simi1@r-100king numbers or symbols.

Many have even taken the image route–not including any text at all, but instead just an image with their message on it. Most use the HTML graphics route, which has the dual advantage of getting around some spam filters as well as identifying who is reading their junk mail.

Spam really is an involved business, and I have only scratched the surface here.