absolutely no spam in my Web mail. I use Earthlink for my ISP. Well,
that bubble has burst and lately I’ve been getting all these freaky
addresses with the dumbest subject lines and from some of the subject
lines it seems some of this spam is R-rated. I’m confused as I’m a
Senior Citizen and I DON’T surf adult sites so why, all of a sudden, am
I getting this junk? Earthlink has an option that I can click on the
name and report it as spam the only drawback is this list is limited to
500 names and the rate this is going I might reach that goal, then what
do I do??
Yes, you have been leading a charmed life. Getting no spam at all is
by far the exception, rather than the rule. The fact that you’re
getting spam now is no surprise at all. The surprise is that it took as
long as it did.
Why and How? We’ll look at some possibilities.
What to do? I’ll touch on a few options here as well. (But one hint:
the “report this address as spammer” is kinda pointless.)
Become a Patron of Ask Leo! and go ad-free!
People often wonder just how spammers get their email address in the
first place. There are many, many possibilities. Here are just a
You posted your email address in public on a web site. For example,
let’s say you mention your email address in a comment you post on
someone’s blog. Spammers regularly scour the internet looking for
anything that looks like an email address, and they start sending spam
to it. I think this is possibly the most common form of direct email
address harvesting today.
You posted your email address in public on a newsgroup or forum. I
did this years ago by mistake (with my wife’s email address, no less).
Usenet and many forum management packages still display publicly
whatever email address you give them. Many do not, so it’s important to
know the difference. (The good news is that most discussion forum
software these days is better behaved. Usenet is still a mess, though.
Fortunately it’s slowly falling out of favor.)
You joined a mailing list that keeps public archives on the web.
These archives often include the full mail header of each message,
including your email address – ripe for harvesting by spammers.
A friend of yours forwarded an email of yours without removing your
email address from it. I see this all the time with forwarded humor –
people hit forward and then fail to take the time to remove all the
email headers from the body of the message. You’ve seen it too, I
expect; email you have to page down multiple times to skip all the
email headers before you actually get to see the body. That email
frequently ends up getting forwarded (unintentionally, I might add) to
people who then scan the email body for anything that looks like an
You bought something from a less-than-reputable retailer or service.
Some companies will sell or rent the list of email addresses they’ve
collected. Once they give the list of email addresses to someone else,
all bets are off since that other person could do anything with that
list, including selling it to spammers.
You sent or received email. I know this sounds silly – of course you
sent or received email! That’s what your email address is for, after
all. The problem is that email, including the addresses it goes to and
comes from, is sent in plain text. Since email is sometimes routed from
server to server on its way to its final destination, it’s possible
that a spammer can “sniff” the traffic and harvest any email addresses
They guessed. Seriously, that’s why email names like “firstname” @
any domain name are spam targets. Spammers often simply try sending
email to every email name they’ve ever encountered at every domain
they’ve ever seen. I can tell you that “leo @ whatever” gets lots of
spam. This is an extremely common technique, as anyone who’s looked at
mail server logs can tell you.
There are probably many more ways that spammers can get your email
address; those are just a few I could think of quickly. You’ll note
that most are not in your control at all. Spam is, unfortunately,
So, what can you do?
Well, I can tell you that flagging specific email addresses that you
get email From: as spammers simply won’t work.
Spammers now regularly fake or “spoof” the email address that appears
in the “From:” field. It didn’t come from there at all. And they keep
picking new ones at random.
The bottom line is that using the “From:” field as a way to stop
spam is nearly useless in many cases. Sometimes there are specific
spammers that do send from a single address, but they’re infrequent. So
I wouldn’t bother blacklisting an email address until or unless you
specifically get multiple spam messages from them.
The real answer is that there is no answer. There is no single
solution or combination of solutions that will make spam stop without
also preventing legitimate messages from getting through.
You can sometimes reduce the amount of spam by:
Making sure your ISP and/or your email program has a spam filter,
and that the filter is enabled. (GMail is currently very popular for
their spam filtering abilities.)
Periodically changing your email address. This can be painful since
all your contacts need to update their information in order to contact
Use a challenge/response system so only people that prove they’re
human can email you. I do not recommend this solution (you
will miss email you wanted), but include it for completeness since
there are people who swear by it.
I have three spam filters in place: since I run my own mail server,
two are implemented there (and are frequently also implemented by
ISPs), and I have the spam filter in Thunderbird.
And still some spam makes it through.
My next line of defense?
The Delete key. Apply it liberally, and get on with