Or: “Be better in bed,” “If you help me move this money I’ll give you some,” and “If you don’t send this to 10 people God won’t love you, bring you luck, or help you win the lottery.” How and Why Spammers Spam.

I’ve had a couple of questions lately about spam and how one gets such offensive spam if you don’t go to “those” kinds of web sites. Unfortunately it doesn’t matter where you’ve surfed while online, your email is not transmitted to websites when you visit them. Spam works the other way around. There are many ways spammers get your email address; They will buy email lists from “brick and mortar” retailers, online retailers, people who get you to fill out slips of paper to win a cruise, or anyone else that loves having money more than they care about what’s in your in-box. Or, Programmers build software (“bots” short for ‘robots’) that scour the web looking for strings of words that look like email addresses. someone@domain.com (even now someone@domain.com is getting collected and will get unsolicited email).

“E-mail addresses are collected from [among other places] chatrooms, websites, newsgroups, and viruses which harvest users’ address books, and are sold to other spammers. Much of spam is sent to invalid e-mail addresses.” –wikipedia

As for these bots that are actively, constantly searching the internet, it means that if your email address is posted on a website in plain text it can be collected by one spammer and sold to thousands of others. You should instead use a contact form so people can contact you without “seeing” your email address. Your email can also be intercepted, or if your ISP hasn’t properly secured its SMTP (outgoing) mail server then it is vulnerable to hacking. Or if someone else has responded to a piece of spam while also forwarding it to you at your email address. Or if you ever responded to a piece of spam by telling them NOT to send to you again Then you’ve just told that spammer that they have proof that your email is a “live” account and will then sell the list to other spammers… I could go on. The main point is that the average email address is only live for 6 minutes before it begins to get spam, and there is nothing you can do to stop it, only slow it down.

We have a client, a Women’s Hospital, run by women, with a staff of women nurses, and all women patients. They were being overrun by spam of the worst sort. Male Enhancement, Nigerian money schemes, little blue, red, or white pills, etc. They invested in a device called the “Spam Firewall” by Barracuda as soon as we turned it on 90% of their email was blocked, none of that blocked email was their business correspondence. Imagine that, 90% of their incoming email was trash. Unfortunately the spam firewall costs about 1500 bucks with a 500 a year renewal. I’m trying to find a way to let customers route their email through a company spam firewall and then back to them to combat this issue without having to spend an arm and a leg for it. The way I combat it is with rules set up in my email client. When a new wave comes in I build a rule to try and block it. But as soon as I do I they change the wording and get it past so I have to edit or build a new rule.

And as for the content, lets face it, if you want to be profitable but you don’t know your audience then you should prey on the most base characteristics of humans, sex, greed, and fear.

“Be better in bed,” “If you help me move this money I’ll give you some,” and “If you don’t send this to 10 people God won’t love you.”

If you are one of the folks trying to connect spam with online activity you’re looking in the wrong place. I have many many clients that have never visited a questionable site that get flooded with inappropriate spam. Clean out your junk mail box daily and leverage all the rules you can with your email software. Once an email is on the list, no matter how it got there, your doomed to get spam. And Internet filters don’t have anything to do with your email. Services like K9, OpenDNS, and others only stop your internet browser. This is only helpful when clicking on a link inside the email, which is possibly the dumbest thing you can do with your computer. K9 keeps a password protected history of websites visited which will tell you exactly where someone has been surfing.

Some Services:

JunkEmailFilter.com – I’ve heard this one highly praised by the guy quoted on the site.

AVG - Love the Virus protection but I’m not sure about how in-depth the spam blocker is. Worth a call to support to find out.

Kaspersky Labs Internet Security – Highly configurable Internet protection suite with spam guards

SpamHelp.org – Software list, please don’t use the challenge/response software its highly annoying to your friends.

SpamHelp.org – Managed/Hosted Anti-Spam Service

BTW Here’s a sample of my Junk mail folder. Notice the repeat of subjects, these would have been sent by the same spammer from multiple hijacked PCs or servers.