Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can’t We Just Spam the Spammers to Death?

Oh so tempting, but ultimately ineffective, or worse

Unfortunately, that turns you into, yes... a spammer! There are many, many problems with this idea. I'll explain a few.
A digital battle scene symbolizing the ineffective and illegal attempts to fight spam with spam. Include visual metaphors such as email icons clashing like swords, a figure representing a regular email user transformed into a spammer wearing a villainous mask, and digital debris to illustrate the chaos and negative impact of such actions. The scene should convey the message that while the idea of retaliating against spammers is tempting, it ultimately backfires and turns the well-intentioned user into part of the problem.
(Image: DALL-E 3)

I received a rather lengthy question mentioning a specific service claiming to turn the tables on spammers either by spamming them back or by somehow using the content of their messages in an attempt to harm them in some way… or at least annoy the heck out of them.

Now as much as spam angers us, besides ultimately being ineffective, vigilante justice just isn’t the answer.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Spamming the spammers?

Retaliating against spammers is both ineffective and illegal. Spammers don’t care about incoming emails. Since they frequently using fake or hijacked email addresses, your actions could harm innocent parties, get your own account shut down, or result in legal trouble. The best approach is to use  spam filters correctly and never, ever, otherwise engage with spam.

Spamming the spammers

One common idea is to take incoming spam email and reply to it with thousands of messages in return.

There are so many problems with this idea that it’s hard to know where to begin. Here’s just a few:

  • Spammers don’t pay attention to returned email.
  • The “From” address is often spoofed and any reply actually goes to an innocent bystander.
  • The “From” address is often completely fake, in which case you might just find yourself the recipient of thousands upon thousands of bounce messages.
  • If the spammer does notice your reply, they’re likely to respond by sending you more spam, not less.

Regardless, what’s happened here is you have become a spammer.

The fact is spam is spam, whether or it comes from a spammer, or from you, or from a service. You are causing thousands of unsolicited email messages to be sent, which makes you a spammer.

You run the risk of losing your email account, or your email provider being placed on blacklists, and your legitimate email not being able to make it out. You even run the risk of running afoul of the law since what you would be doing is, as I understand it, quite illegal.

So it’s illegal, it’s ineffective, and the only person negatively impacted by your actions is you.

Don’t do it.

Using the spam’s content to spam or annoy someone

The other approach, of course is to take the link in the spam and somehow spam it.

You can’t send email to a link. A link goes to a page on a website which is quite different than an email address. In a spam message the two are often completely unrelated. Even though you might know the domain that the link goes to (the “whatever.com”), you simply can’t know the email address at that domain at which to target your attack.

But it gets much worse. Once again, the link in the spam is rarely the actual website of the spammer. These links actually fall into two buckets:

  • hidden pages on websites that have been hacked
  • and temporary websites on temporary domains

The first one is little understood and actually so very common that it’s worth explaining.

What spammers like to do is this: they actually hack a legitimate site. For example, they’d love to hack askleo.com. In a folder on the hacked site they then place their own malicious code. Perhaps simple HTML, perhaps JavaScript, perhaps a redirect, perhaps something else entirely.

The spam emails then contain a link to that page on the hacked site. So, if it were on askleo.com for example, it might be something very random like AskLeo.com/wp-content/uploads/something-or-other. Ideally (for the spammer) something I as the site owner might never even notice, or at least not notice for a very long time.

Since it’s a link going to a legitimate site, the email is not flagged by spam filters. When you click on that link, the malicious code that has been placed there by a hacker does something to redirect you to some other site that then has the real content, or perhaps even some other intermediary site, to further obscure the final destination.

Maybe DDOS em?

While you can’t send email to those kind of links, you could, I suppose, try to mount a distributed denial-of-service (DDOS) attack on them. Instead of sending thousands of emails, you would attempt to make thousands and thousands of requests of that URL with the intent of crippling the spammer’s server, or just annoying the heck out of them.

The problem is that as I’ve explained, it’s not the spammer’s server at all! If you succeed, you’ve only succeeded in taking down some innocent third party whose site happened to get hacked.

Oh, and once again, I’m pretty sure you’ve broken the law.

Do this

Fighting spam just isn’t that simple.

Yes, authorities often do follow the complex trail of obfuscated and hacked email addresses and links, and they often do manage to stop large scale spammers and their networks. Or at they at least slow them down. But it’s not nearly as simple as some kind of individual “fighting back” service would make it out to be.

The single best thing you can do to avoid spam is to use the “this is spam” button in your email program appropriately. Only flag true spam — unsolicited commercial email — as spam. Use the “not spam” button on any email you find that was mistakenly placed into your spam folder.

And never, ever, buy anything that comes to you as spam. It’s the fact that just enough people do this that makes spam the industry that it is.

No spam here! Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

3 comments on “Can’t We Just Spam the Spammers to Death?”

  1. I send spammers a a reply with “thank you for signing up for daily SHIT pictures” Enjoy!
    I then send photos of dog crap.

    Funny as heck

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.