Most of us have received unsolicited email at one time or another. Most of the time we just delete the message and get on with our lives. However, there may be times when some of the content of this email is so offensive or obviously an illegal scam that we ask ourselves, "How do these people get my address, and what can I do to stop this?" Let's first examine how spammers may get your address.
How do spammers and marketers get my address?
- Usenet groups (also known as newsgroups, bulletin boards, or discussion groups): When you post to these discussion groups, your email address is included. This information is readily available and collected by advertisers.
- Web sites: If your email is listed on a web site, advertisers will use scanners, also known as harvesters to collect these addresses.
- Download sites: Often, when you download a piece of software from a legitimate business, they ask for your personal information, including your email address. Sometimes these sites will share their mailing lists with other companies or sell it to other businesses.
- Your friends: How many times have you read a joke and forwarded to a group of friends? If the joke really is funny (or more often, if it's a bad joke), those friends probably share it with others. Eventually, an advertiser may get in the loop and grab all those legitimate addresses for its database.
So what can I do?
- Never give out your legitimate email address.
- Use a bogus email address when asked for an email address by a discussion group or vendor
- If a vendor will not allow you to download a piece of software without first submitting an email address, again, give a bogus address.
- If you are required to post an email address on a website, use a different email address. You may have one specifically created for that site. You can also use a free email address provided by third party services such as Yahoo or Hotmail.
- If a vendor you do business with provides you with the option of being removed from their mailing list. Usually you will be instructed to put "Remove" in the subject header of a reply email.
- If you do not know the vendor, never reply! This is usually a ruse, even if they include remove instructions on their solicitation, it's usually a ruse. They want to find out if you are a legitimate respondent, and you will simply receive more solicitations if you respond. Often, the reply to address is bogus anyway. If you really want to find out where the email originates, you need to analyze the email header. The page published at, http://www.arclab.com/en/amlc/how-to-read-and-analyze-the-email-header-fields-spf-dkim.html, can help explain the message header, or you can use this tool from MXToolbox to analyze your message header. Then you can find out the domain name and contact the ISP and notify them of any scams or abuse by their customers. However, be warned, many of these ISP's originate from overseas, and could care less.
So why can't the email administrator filter out these spammers?
The answer is yes, we can. There are many products and programming tools that allow us to edit for content and to blacklist known spammers. However, we are both an institute of higher education and public health. As such, it is not up to email administrators to determine what is legitimate content or not. For example, if an oncologist is doing research on tumors and breast cancer, these filters may block legitimate correspondence. The University of California Office of the President (UCOP) has an offiicial Electronics Communication Policy. This policy precludes screening of email for content and details UC policies regarding privacy issues, freedom of speech, and academic freedom. A link to this policy can be found at http://isecurity.ucsf.edu. Please go to the policies, procedures and guidelines page from the menu on the left side of the page.
Contact your CSC if you have any other questions.