Spam-proof Email

I've never seen a spam message that wasn't a scam of some sort as well. Spam likely carries malware as well. Besides that it's rude. So, I set up my email system so that it is immune to spam.

Key Objectives:

1. Get zero spam on a day-to-day basis.
2. Keep trouble for my contacts to a bare minimum.
3. Be able to plug any spam leaks quickly and easily, no matter who I give addresses to.
4. Be able to change my master email address without requiring my contacts to make changes.

What won't work?

• Spam filters/blockers: You can come close with an excellent filter, but some spam will always slip through, and some valid messages will be rejected.
• Blacklists: These used to work great, but spammers never use the same address twice these days.
• Whitelists: Various versions of this strategy can be quite effective, but they can frustrate the very people whose messages are important to you. They can be high-maintenance too.
• Secrecy: Another method that used to be effective. If you only gave your email address to people you trusted, you were safe. No longer. If an Internet worm infects even one of the computers your contacts use it can "scrape" your email address from their address book or an email that you've sent them.

So, what's a person to do?

Agent 007 would know what to do: First, never reveal the real you, or in this case your real email address. Next, make everything else expendable.

Rules:

1. Start with a new, unsullied master email account. It's nearly impossible to clean up an address that is already attracting spam.
2. Never, ever give that address for that account anyone. Be careful -- it is easy to slip up. Agent 007 never would though, would he? ;-)
3. Give virtual addresses to all your contacts. There are several ways to do this, but remember, these are expendable (throw-away) addresses.
4. Never, ever send anyone a message except via a virtual address. If you use your master address, it ends up on your contact's computer. That means, sooner or later, some miscreant will find it.

Things will go wrong:

• Your trust can be misplaced, and a virtual address is sold or rented to a spammer.
• There are many ways for virtual addresses to leak out, and you have little or no control of them.
• Spammers can guess a virtual address. This rarely happens if they are obscure, like brass-tacks@virtual.com instead of bob23@obvious.com.

These things happen, that's why the plan looks ahead. You have several ways to respond, depending on circumstances. Continue below:

What you can do when things go wrong:

These actions are listed in order of increasing inconvenience for your valid contacts.

1. Blacklist the spam sender(s), i.e., block their address(es) as they intrude. This seldom works today, as spammers use a different address for each message.
2. Change the contact list to a whitelist. Only addresses that are whitelisted can get through. Any of your contacts who change their own address will not get through to you unless they inform you first.
3. Turn the address off. You'll have to give a new address to everyone who was using it.

Wondering how you're going to get all this set up? It's not real simple, but most everything you need is provided by Spamex or Sneakemail. [see links below]

Assigning virtual email addresses:

Remember Rule #2: Never give your real email address to anyone (except your virtual email address provider). :-) Here are some ways to assign them:

• Use one virtual address for your critical business contacts, another for trusted contacts, and a third for everyone else. This is the weakest strategy. You'll end up changing the third address frequently, and maybe even the second.
• Give everyone a different address. It's hard to keep track of them this way, particularly because of the rule to never send anyone a message from your real address.
• Use three addresses, but change the third one frequently so that only a few contacts have each third level address. That way, fewer contacts will affected when one of them gets spammed

And don't forget Rule #4: It depends on which service you use, but with Spamex, you need to add your contact to a virtual address before you send them a message (if they have never used it before). When you add their address, Spamex gives you a "contact address". Use that address to send the message. The message appears to originate from the virtual address. Say what? Well, that's probably the hardest part of this whole scheme to understand. Spamex explains it fairly well, but I'd be happy to help too.

Links

1. http://cybercoyote.org/internet/spam-proof-examples.shtml -- examples of virtual addresses
2. http://www.spamex.com/ -- /whitelist/blacklist/turn-off/add-contact/
3. Top 9 disposable address services [About.com]
4. http://www.yahoo.com/ and http://gmail.google.com are two email providers that I know work well with Spamex. Others leak your hidden email address by including a message ID that points to your master address.

Last modified 03/08/08