Spam is getting worse as time goes on. The subjects are getting more vulgar, the quantity is increasing and now there are Internet worms or self propagating viruses sending out spam messages. In fact the problem of spam is worse than end users are aware of. I see it from an ISP’s perspective. Not only do we deal with customer complaints about spam but we constantly wrestle with the massive resource consumption caused not only by the spam messages directly but also by large numbers of email address harvesting exploits. The address harvesters connect to SMTP servers by the hundreds each usually opening multiple concurrent SMTP sessions while they run brute force cracking schemes testing millions of bogus addresses to finally guess one right address. This cracking activity ties up both CPU and network bandwidth which is ultimately paid for by the ISP’s customers both in terms of possible degraded performance and Internet access fees. Because the spammer is not paying for the resources he is consuming, it doesn’t bother him if his cracking program must run for days or weeks to harvest a single valid address. But given enough time over enough SMTP servers he will gradually harvest valid email addresses. This same idea carries over to the spam messages themselves. Specifically, he doesn’t mind sending out tens or hundreds of millions of messages because sooner or later some unaware person will respond and make it all worth while.

What not to do

Most importantly, never respond to any spammer no matter how tempting it may be. Responding rewards the spammer and is his incentive to continue spamming. He figures that if after sending three million messages he gets a response from you that if he sends three hundred million messages he will get three hundred responses. Also, please never respond by clicking the remove me from the list link or any other links for that matter. Spams have a two fold purpose, first to advertise the scam and second to harvest valid email addresses. If you click anything you have just potentially signed up to receive millions more spams because you have just validated your email address which is then sold to other spammers.

What to do

Spread the word. The folks who respond to spammers help keep them in business. If everyone simply stopped responding to spammers they would have no reason to continue. Use SpamCop (www.SpamCop.net). Its an on-line utility that calculates the actual source of the spam and automatically sends reports to all network administrators for the email servers involved. Use Spamnet (www.CloudMark.com). Its an add-in for Outlook that recognizes spam messages and moves them into a spam folder to be deleted by you later. The more people use it, the more accurate it gets at recognizing spams.