If you have your email address on the Internet, you will get spam. No doubt, no question about it, no hiding from this fact...it's only a matter of time before some spammer's harvester scours your address from wherever it appears online. Spammers employ many methods of address collection, from the bruteforce to the sophisticated--everything from bogus "enter your email address here for _____" (many sites will dangle something in front of your nose for the price of a valid email address; many more will ask for it before allowing you to download software) to programs that travel through links on your webpage, much like an AltaVista spider, but collecting email addresses as they go. The key to beating the spammers, then, is to make sure your address never appears on the 'net. All Webmasters out there should read my....
Webmasters' Guide to Outsmarting Idiot Spammers
Newsgroups: The Spammer's
For this I should probably start with a brief history. Back in the Good Old Days people posted to newsgroups. That's it. Just posted. Their return address would be in the message headers just like a regular email, and to reply you'd just hit the "Reply" key in your newsreader and send a response to either the newsgroup or the poster's inbox. The internet was an informational medium...not the interactive commercial it is today. The growth of the 'net and its increasing popularity sparked the mindgears of various starry-eyed entrepreneurs, seeing the 'net's potential as a tool for making money, and its commercialisation began. With any evolution comes aberrations, damaging mutations in the genetics of the system... Somewhere along the line, the SPAMMER was born.
The spammer eked out its living at the bottom of the food chain by programming computers to read the headers of peoples' newsgroup postings and collect the addresses into a large file. This file was the used as the recipient list of commercial emailings or sold to other spammers to fatten their own lists. Newsgroup posters, becoming aware of the harvesters, began leaving out or forging the sending address of their newsmessages (they would appear as coming from firstname.lastname@example.org, for example), and including their real address at the bottom of the message (harvesters of the time did not read the contents of a news posting). Dumb spammer software began adding the bogus @nospam addresses to the lists and diluting them, resulting in much uselessly wasted bandwidth (in the form of undeliverable mails bouncing back at them) for the spamming entity. Quoth the spammers: "Duh, they've beaten us by hiding their addresses inside the message! We shall rewrite our spammer software to harvest from the message body and disregard clearly bogified (@nospam) addys." So once again, NGers started getting spam. Quoth the posters: "Darnitall, they're reading bodies! We shall munge our addresses..."
Which brings us to modern-day cyberia. When posting to a newsgroup, most posters munge their addresses so humans can understand them but harvesters can't. Munged addresses look something like "blahblah@my_real_address_at_someplaceelse_dot_com.com", "me@myserverRemovethis.com" or "aRdEdMrOeVsEs@sCoAmPeSplace.com", etc. Programs aren't as smart as people, particularly programs written by spammers, so this safeguards inboxes from spam as well as clogs up the spammers' lists with invalid addresses. Always munge your address when posting to a newsgroup to minimise your spam intake. Two good ways to do this: 1) Most email/news programs ask you for your return email address in one of their setup menus. Enter your munged address here before newsgroup forays, and change it back when finished. (For heavy NGers it's probably a better idea to get a standalone newsreader, so you can enter your munged address once and never have to change it back.) 2) Some newsreaders/email programs (notably, Netscape Communicator) have a "send later" option that will let you write a message while offline, storing it in a file for when you decide to go online and send it out. Find the file where these unsent messages are stored, open it in the editor of your choice and change your outgoing address there. (If you're ambitious & know some computer programming, you can write a small prog. to automatically open this mailfile and change any occurrence of your address it finds.)
Enter-Address-Here scamsYou'll see it someplace or another--some box somewhere inviting you to type in your email address...to enter some sort of contest, to join a nice-sounding mailing list on a topic that interests you, to receive a Free Gift or a Special Offer (remember that on the 'net this phrase always means SPAM), to get a password to Blackbeard's w@rez server... The excuses are many, the uses are few. Singular, infact. Spam, spam, spam. When you see some form asking you for your address, DON'T TYPE IT IN. This is commonsense to some people, but even the most savvy 'netter could be enticed by a form on a reputable-looking website.
Signups for services
They're not necessarily a Definite Don't, but everyday signup forms are still an area where caution must be used lest your address fall into the wrong hands. Many sites require you to fill in a form with your name, email address and various other triviata before you can participate in a chat, access certain portions of the site, get listed on their search engine, or download software. With the proliferation of these signup forms comes the quasi-spammer: somewhere between a legit business and a spamming operation. They don't actively go out and harvest addresses, and don't technically violate any laws regarding contractual agreements or misrepresentation, but they are nevertheless very keen on the notion of profiting immensely from direct email marketing and/or the sale of your address. Essentially, they're getting you to "opt-in" by voluntarily supplying your address, then considering this free license to sign you up for 1000 of their (or their sponsors') commercial newsletters, sell your address to other quasi-spammers, etc. One of the hallmarks of a "quasi-spamming" operation is a form to fill out, asking for your email address, followed by a bunch of checkboxes: "Yes! Sign me up for DirectPromotion's weekly digest! ... Yes! Please include me in your recommended (sponsored) products and services mailing list! ...". Not only are they completely unrelated to the task at hand, they are of course all checked by default; relying on the many hasty submit-button-pushers to send the form without reading all the afterprint and deselecting these Special Offers box-by-box. Many will be very careful not to tell you what they will use your address for. The other sure signal of this kind of activity is when they want your address for clearly no purpose; a search engine listing is a good example. Most "Add URL" thingies come with a form asking for your email address. They don't need your email to index your home page. They just don't. Another biggie is software downloads. You know the drill...read the license, fill out this form, then I will give you some freeware and not before. What business does the download site have with your email address? They just need it "to improve the quality of their site." Yeah right.
Whenever someone wants your email as part of a signup, ask yourself what purpose their having your address on file serves; what business they have with it. They're going out of their way to get this information, and it costs them money to store it. They're not asking for their health; do the math. Perhaps the key question would be, "Can I still do _____ (download the software, add my URL, etc.) without them having my real address?" If the answer is yes, there's no reason they should have it; leave the field blank or supply a bogus address.
Where you *have to* give a valid email address (e.g. to receive password): there are services that give you single-use or temporary-use addresses. Some I am aware of are
SpamMotel, Sneakemail, Spamgourmet.
Try very hard not to get your address listed on one of these things; anytime your address appears in e-print is an engraved invitation to have it harvested. If your Web-based email, etc. gives you the option "List me in ___ online directory", decline. Spammers are on 'em like mosquitos on sweat.
Off your Web Page
Much like the newsgroup harvesters, spammers employ spiders to travel links on the web and vacuum addresses from peoples' HTML. The methodology of Webmasters' Guide to Outsmarting Idiot Spammers is useful in foiling these. In places with a methodical directory structure that can be easily understood by spamware (e.g. Geocities and Fortunecity /directoryname/#### URL format) or links which ultimately connect to every member's URL ("Explore this directory" features on a number of servers) this is even more important. If your account isn't linked to from the main page, harvesters will have a much harder time finding your pages.