What can I do to avoid receiving spam email?

Spam has increasingly become a problem on the Internet. While every Internet user receives some spam, email addresses posted to web sites or in newsgroups and chat rooms attract the most spam.

To reduce the amount of spam you receive:

• Filter your email
• Don't reply to spam
• Be careful releasing your email address, and know how it will be used
• Use a secondary email account
• Be proactive

Filter your email

Indiana University utilizes enhanced email filtering services, which analyze all mail delivered to Cyrus (Webmail) and Exchange accounts. Any spam messages you receive are quarantined for five days in a Spam (Cyrus) or Junk E-mail (Exchange) folder in your account. After five days, the spam service deletes these messages automatically. For more information, see At IU, what is the spam quarantine service?

Your email client or web-based email provider may have other methods for setting up email filtering. Many offer blacklisting, which prohibits mail sent from email addresses that you list. Even more restrictive is whitelisting, which blocks mail sent from anyone except those that are on the list.

Don't reply to spam

If reply to spam, the spammer or the automated program on the other end will then know that your address is connected to a live person, and the spammer will then bombard you with even more spam, and circulate your address to other spammers. It is critical that you pause and think before replying to any spam. Consider the following guidelines:

• Setting up your email account to generate automatic responses while you are away can have the unfortunate side-effect of verifying your email address to every spammer that sends you spam.
  
  
• If the message appears to come from a legitimate company, the company may have obtained your email address from some transaction between you and the company. In fact, you may have inadvertently provided your email address (e.g., if you didn't check a box marked Don't send me product updates). In these cases, it is usually safe to reply and ask to be removed from the mailing list.
  
  
• If it is not a company you recognize, use your judgment. To be safe, copy and paste the link to their site into the browser rather than clicking on it in the email message.
  
  
• If you don't see a decent privacy policy listed on a company's site, UITS recommends that you do not reply or conduct any business with them.
  
  
• If the spam is clearly from a disreputable source, never respond. Do not follow the (probably bogus) unsubscribe directions. In most cases, if you never reply, the network of spammers will eventually decide your email address is a dud, and will stop using it as often.

Be careful releasing your email address, and know how it will be used

Every time you communicate on the Internet or browse a web site, there are opportunities for spammers to intercept your communications to obtain your email address and other personal information.

Otherwise reputable companies may sell or exchange your email address with other companies, and this information may eventually find its way to a spammer. At worst, spammers will use automated programs to bombard these lists of email addresses with spam. Consider the following guidelines:

• Subscribe only to essential discussion lists, and ensure that they are moderated.
  
  
• Think twice before offering your email address to a web site. You may wish to check the site's privacy policy first to be sure it uses secure technology, and that the company does not share your email address with others.
  
  
• If you need to list email addresses on your web site, present the addresses in a way that makes them less vulnerable to collection and abuse by spammers. To learn some techniques for protecting your pages, see How can I protect my web pages from email address harvesting?
  
  
• Every time you are asked for your email address verbally or on paper, think carefully about whether or not you want to receive any information from that company or organization. It is usually best to decline to provide your email address.
  
  
• Whenever possible, advocate that organizations you are involved in or do business with default to the opt-in option. This requires you to specifically request to be added to their email lists, rather than the opt-out model, where they add you email lists automatically, and then give you the option of asking to be removed.

Use a secondary email account

If you have your email address listed on a web page, you should also consider opening a free account. If the web site listing your contact information is for Indiana University business, you could get a departmental account and list that address rather than your personal address. For information, see At IU, how do I request a departmental or group account?

You should also consider opening a free account for performing potentially spam-inducing activities such as posting to Usenet newsgroups, bulletin boards, unmoderated LISTSERV or Majordomo discussion lists, spending time in chat rooms, or using an online service that displays your address.

You should also consider using a disposable email address service such as spamex or mailshell. For a fee, these services allow you to create a new disposable email address discreetly linked to your real address whenever you need to supply one. If spam starts coming to one of the disposable addresses, you can simply turn the address off. Because you can give out a different disposable address on every occasion, you are able to easily determine who supplied your address to spammers.

Be proactive

Adjusting the security settings in your web browser is a good preventative measure. For a higher level of security, have your browser disallow:

• Accepting cookies
• Listing your name and other personal information in your browser profile
• Filling in form fields for you

This will help reduce the amount of personal information transmitted to sites at the expense of full functionality, since many legitimate web sites require you to accept cookies. For more information about cookies and security, see What are cookies?

Do not contribute to the spam problem by producing any of it yourself! In particular, learn about chain mail and do not forward chain mail to others. Also, if you receive an email message that appears to warn of some horrible thing happening (a virus that reportedly deletes all your files, for example) or is a touching sob story (about helping to save a poor sick girl or boy, for example), be suspicious.

Nearly every instance of chain mail is a hoax. The message may even come from someone you know and respect who is simply not aware that it's a hoax. Learn about hoaxes and the sites available to verify hoaxes, and do not forward them to others. For more information, see How can I tell if a computer virus alert is a hoax?

Additional resources

For information about what IU does to help reduce the amount of spam received, see What does IU do to protect users from spam and virus-infected email?

The Center for Democracy and Technology and the Federal Trade Commission have conducted extensive studies regarding spam. You can access information regarding these studies at: http://www.cdt.org/speech/spam/030319spamreport.shtml http://www.ftc.gov/bcp/menus/consumer/tech/spam.shtm

Also see:

• At IU, what is the email postmaster?
• What is IU's policy concerning mass mailing via email?
• About chain mail
• What is spam?
• What should I know to avoid getting in trouble with email?
• How can I protect my web pages from email address harvesting?