Fool spammers with multiple email addresses

The EU's anti-spam laws recently came into effect, but they are unlikely to make any difference at all because most spam comes from outside the EU. Instead, take the spam problem into your own hands and beat them at their own game
Written by Munir Kotadia, Contributor

Don't expect legislation to reduce the amount of spam you receive. The law can't stop spam from entering the country and spammers have already taken over more than half the general population's PC for their own uses. So for now, the only way to deal with spam is to manage the problem yourself, which is surprisingly simple and does not mean going out and buying some special software.

The EU has finally introduced its anti-spam laws, which mean that if a company sends commercial emails to consumers that haven't opted in to a specific mailing list, they face a £5,000 fine. However, this does not restrict companies from sending spam to current customers and does not protect businesses at all.

Additionally, the law has no control over spammers from outside the EU, even though the majority of our spam originates in the US. Incidentally, the US is considering introducing its own spam laws, but in reverse -- where users will have the right to opt out from being included in a mailing list. I'm even not going to bother trying to explain why an opt-out law would be daft, unworkable and lead to far more spam; the stupidity of the proposal just leaves me speechless.

With governments seemingly unable to deliver a sensible solution, users have to take control and manage their own spam. Unsurprisingly, there is no end of anti-spam software, but as with antivirus software, it needs constant updating as spammers find new methods to bypass ever more complex filtering algorithms.

One of the most annoying things properties of spam is an inability to trace the sender. If only it was possible to figure out exactly which Web site or service was responsible for selling on email addresses to the spammers, it would not only be possible to name and shame those companies into adopting an acceptable privacy policy, it might also be possible to prosecute.

Unfortunately, this is virtually impossible because most people generally have one or two email addresses that they use whenever subscribing to newsletters, entering competitions or subscribing to a Web site. These three actions are almost guaranteed to get your email address on somebody's spam list. If you go one step further and post your email address on a newsgroup, then there is little that will stop the avalanche of emails offering everything from Viagra to cut-price cigarettes.

It has also been suggested that when a user unsubscribes from a newsgroup or stops being a customer of a particular company, depending on privacy policy, the owner of the service has a right to sell that user's email address to a third party or send spam on behalf of "partners". This means the ex-subscriber's email account will be inundated with spam and they can do nothing about it.

But there is a solution.

I have found a way round the problem; it means being able to post your email address anywhere -- including on a Web site -- sign up to anything and always know exactly where spam is coming from and have the power to cut it out with a click of a mouse. The answer is to have hundreds of different email addresses, one for each of the services subscribed to.

At first, that solution may sound daft and complicated, but in practice, it helps keep track of spammers and organise incoming emails, and actually costs less than buying a spam-blocking software. It will, however, cost a few pounds a year.

The idea is to register a domain -- for example, lets use "fendoffspam.com" (which at the time of writing was still available) and opt for a catch-all mailbox, which means the registering company will forward all emails sent to fendoffspam.com, regardless of what is written before the "@" sign, to an email address of your choice. It is important to forward all emails from your domain to an email address that does not already receive any spam and is not known by anyone except yourself.

Once this is done, users assign different email addresses for every newsgroup, Web site registration and competition they enter. For example, when opening an account with Amazon.com, enter amazon@fendoffspam.com when asked for an email address. From that day on, whenever Amazon sends you an email, it will arrive in your inbox as usual, but if you ever receive spam sent to that email address, your can be sure that one of two things has happened. Either, you used the amazon@fendoffspam.com email address elsewhere, or Amazon sold your email address to spammers, in which case you have someone to complain to.

This also makes organising your inbox easier because it is far more reliable diverting messages sent to specific email addresses than it is using keywords. So once you start getting regular spam to a particular email address, simply set your email client to automatically delete all emails sent to the offending address. Very soon, the user will have hundreds of different email addresses, but all of them will be easy to remember because they are  named after the site or service you have visited and registered with.

It is important to ensure that the email address being used to collect messages from the domain is kept a complete secret. This should never be given out or published anywhere because that defeats the whole idea.

Companies that already own a domain will be able to use the same trick without incurring any additional costs. It might even make sense to set up a separate domain simply for the purpose of managing spam.

Although this is by no means a perfect solution, I have been using it for a number of years and find it invaluable. When my inbox is suddenly hit by a tidal wave of spam, I can easily find the rogue address and ignore any further emails sent to it.

So instead of waiting for governments to fix the spam problem with toothless legislation or spending money on anti-spam products, think in another dimension and stop using just one email address.

Editorial standards