Anti-spam End-user Techniques

 Discretion

Sharing an email address only among a limited group of correspondents is one way to limit spam. This method relies on the discretion of all members of the group, as disclosing email addresses outside the group circumvents the trust relationship of the group. For this reason, forwarding messages to recipients who don't know one another should be avoided. When it is absolutely necessary to forward messages to recipients who don't know one another, it is good practice to list the recipient names all after "bcc:" instead of after "to:". This practice avoids the scenario where unscrupulous recipients might compile a list of email addresses for spamming purposes. This practice also reduces the risk of the address being distributed by computers affected with email address harvesting malware. However, once the privacy of the email address is lost by divulgence, it cannot likely be regained.

Address munging

Main article: Address munging

Posting anonymously, or with a fake name and address, is one way to avoid e-mail address harvesting, but users should ensure that the fake address is not valid. Users who want to receive legitimate email regarding their posts or Web sites can alter their addresses so humans can figure out but spammers cannot. For instance, joe@example.net might post as joeNOS@PAM.example.net.invalid. Address munging, however, can cause legitimate replies to be lost. If it's not the user's valid address, it has to be truly invalid, otherwise someone or some server will still get the spam for it.^[1] Other ways use transparent address munging to avoid this by allowing users to see the actual address but obfuscate it from automated email harvesters with methods such as displaying all or part of the e-mail address on a web page as an image, a text logo shrunken to normal size using in-line CSS, or as jumbled text with the order of characters restored using CSS.

Avoid responding to spam

See also: Boulder Pledge

Spammers often regard responses to their messages—even responses like "Don't spam me"—as confirmation that an email address is valid. Likewise, many spam messages contain Web links or addresses which the user is directed to follow to be removed from the spammer's mailing list. In several cases, spam-fighters have tested these links, confirming they do not lead to the recipient address's removal—if anything, they lead to more spam.^{[citation needed]}
Sender addresses are often forged in spam messages, including using the recipient's own address as the forged sender address, so that responding to spam may result in failed deliveries or may reach innocent e-mail users whose addresses have been abused.
In Usenet, it is widely considered even more important to avoid responding to spam. Many ISPs have software that seek and destroy duplicate messages. Someone may see a spam and respond to it before it is cancelled by their server, which can have the effect of reposting the spam for them; since it is not a duplicate, the reposted copy will last longer.

Contact forms

Contact forms allow users to send email by filling out forms in a web browser. The web server takes the form data, forwarding it to an email address. The user never sees the email address. Contact forms have the drawback that they require a website that supports server side scripts. They are also inconvenient to the message sender as they are not able to use their preferred e-mail client. Finally if the software used to run the contact forms is badly designed they can become spam tools in their own right. Additionally many spammers have taken to using contact forms to send spam to the intended recipient.

Disable HTML in e-mail

Main article: HTML e-mail

Many modern mail programs incorporate Web browser functionality, such as the display of HTML, URLs, and images. This can easily expose the user to offensive images in spam. In addition, spam written in HTML can contain web bugs which allows spammers to see that the e-mail address is valid and that the message has not been caught in spam filters. JavaScript programs can be used to direct the user's Web browser to an advertised page, or to make the spam message difficult to close or delete. Spam messages have contained attacks upon security vulnerabilities in the HTML renderer, using these holes to install spyware. (Some computer viruses are borne by the same mechanisms.)
Mail clients which do not automatically download and display HTML, images or attachments, have fewer risks, as do clients who have been configured to not display these by default.

Disposable e-mail addresses

Main article: Disposable e-mail address

Many email users sometimes need to give an address to a site without complete assurance that the site owner will not send out spam. One way to mitigate the risk is to provide a disposable email address—a temporary address which forwards email to a real account, which the user can disable or abandon. A number of services provide disposable address forwarding. Addresses can be manually disabled, can expire after a given time interval, or can expire after a certain number of messages have been forwarded. Site owners that fail to appropriately treat addresses they have gathered have found themselves in legal jeopardy due to the ability of disposable email address users to trace back which website passed on their email without permission.^[2]

Ham passwords

Systems that use ham passwords ask unrecognised senders to include in their email a password that demonstrates that the email message is a "ham" (not spam) message. Typically the email address and ham password would be described on a web page, and the ham password would be included in the "subject" line of an email address. Ham passwords are often combined with filtering systems, to counter the risk that a filtering system will accidentally identify a ham message as a spam message.
The "plus addressing" technique appends a password to the "username" part of the email address.

Reporting spam

Tracking down a spammer's ISP and reporting the offense can lead to the spammer's service being terminated. Unfortunately, it can be difficult to track down the spammer—and while there are some online tools to assist, they are not always accurate. Occasionally, spammers employ their own netblocks. In this case, the abuse contact for the netblock can be the spammer itself and can confirm your address.
Examples of these online tools are SpamCop and Network Abuse Clearinghouse. They provide automated or semi-automated means to report spam to ISPs. Some spam-fighters regard them as inaccurate compared to what an expert in the email system can do; however, most email users are not experts.
A useful free tool that may be used in the reporting of spam is also available (Complainterator). The Complainterator will send an automatically-generated complaint to the registrar of the spamming domain and the registrar of its name servers.
Historically, reporting spam in this way has not seriously abated spam, since the spammers simply move their operation to another URL, ISP or network of IP addresses.
Consumers may also forward "unwanted or deceptive spam" to an email address (spam@uce.gov) maintained by the FTC. The database collected is used to prosecute perpetrators of scam or deceptive advertising.
An alternative to contacting ISPs is to contact the registrar of a domain name that has used in spam e-mail. Registrars, as ICANN-accredited administrative organizations, are obliged to uphold certain rules and regulations, and have the resources necessary for dealing with abuse complaints.

Responding to spam

This section's tone or style may not be appropriate for Wikipedia. Specific concerns may be found on the talk page. See Wikipedia's guide to writing better articles for suggestions. (March 2009)

Some advocate responding aggressively to spam—in other words, "spamming the spammer".
The basic idea is to make spamming less attractive to the spammer, by increasing the spammer's overhead. There are several ways to reach a spammer, but besides the caveats mentioned above, it may lead to retaliations by the spammer.

1. Replying directly to the spammer's email address^[3]
   
   

   Just clicking "reply" will not work in the vast majority of cases, since most of the sender addresses are forged or made up. In some cases, however, spammers do provide valid addresses, as in the case of Nigerian scams.^[4]

   
   
   
   


2. Targeting the computers used to send out spam
   
   

   In 2005, IBM announced a service to bounce spam directly to the computers that send out spam.^[5] Because the IP addresses are identified in the headers of every message, it would be possible to target those computers directly, sidestepping the problem of forged email addresses. In most cases, however, those computers do not belong to the real spammer, but to unsuspecting users with unsecured or outdated systems, hijacked through malware and controlled at distance by the spammer; these are known as zombie computers.

   
   
   
   


3. Leaving messages on the spamvertised site
   
   

   Spammers selling their wares need a tangible point of contact so that customers can reach them. Sometimes it is a telephone number, but most often is a web site containing web forms through which customers can fill out orders or inquiries, or even "unsubscribe" requests. Since positive response to spam is probably much less than 1/10,000,^{[original research?]} if just a tiny percentage of users visit spam sites just to leave negative messages, the negative messages could easily outnumber positive ones, incurring costs for spammers to sort them out, not mentioning the cost in bandwidth.

   source:

   www.wikipedia.com