Whither Unsolicted Commercial E-mail (aka Spam)
This FAQ tries to explain various UCE related questions and
especially focuses on common misconceptions regarding how to deal
with UCE from the victim's perspective.
(It was originally written back in 1998, and I was quite suprised
to see how timeless the comments have proven, when I resurrected and
published it in May 2004.)
- Filtering UCE is easy. Simply junk messages where you
do not appear in the To: resp. Cc: headers.
This is definitely not a good idea. This will junk blind
carbon copies (BCCs) and most mailing lists. Clearly you can add
filters for mailing lists as well, but this means additional work on
your side and still breaks if one of the headers you use
for filtering changes for whatever reason.
Besides spammers continuously adjust their techniques, and these days
it is getting increasingly common to find your name and/or address in
the To: or Cc: headers.
- Okay, so I quickly scan over the subjects of
incoming mails and quickly delete spam.
For average users this is not that easy, especially if they do
not speak English very well, but even for advanced users it does
consume time and it's only a question of time until they
erroneously "kill" some personal e-mail.
Plus, why should one take that additional burden at all? It does not
- How about using a separate address for Usenet, which
is valid but never read?
This is not a good idea, either. Usenet and e-mail have been
designed to complement one another. In most hierarchies (at.*, de.*,
the Big-8,...) it considered polite to move personal issues to e-mail,
for example. In general, it is considered extremely unpolite to use an
e-mail address that is not actually read.
- Well, but if I never post on Usenet I won't
receive spam, will I?
No. There are many further sources where spammers can obtain
e-mail addresses: InterNIC and RIPE databases, web pages,...
- How about the following: I block all messages, unless
they contain some magic token in the subject?
This puts an additional burden on those who want to contact you.
Of course, you can add exceptions for your friend, but that will mean
additional work for you.
- So how can I block spam?
The Spamhaus Project and
maintain lists of servers that have been or easily can be (ab)used for
These can be used on a personal basis or on your mail server to block mail
from these servers.
- MAPS and ORBS are bad, for they block entire
This is not true. MAPS and ORBS block abusive
resp. incorrectly configured mail servers, not domains nor e-mail
addresses. These are completely different concepts.