11 Ways End Users can Help Reduce Spam

Written by Ed Fisher on October 14, 2010

October is National CyberSecurity Awareness month in the United States, and today’s blog post works right into that…by raising users’ awareness of how their actions contribute to systems security, you are also helping your users help you to reduce SPAM. While not all SPAM originates with user actions, a significant portion of it does. By educating our users on the actions that they take which can lead to spam, and by providing them with alternatives where appropriate, we can have a positive impact on our mail servers (and those hosting their personal mailboxes,) and everyone wins. Well, everyone except those darned spammers.

And since this is National CyberSecurity Awareness Month, we’re going to cover these activities while keeping the geek speak to a minimum, so that you can copy most of the content from this post and paste it into an email you can send to your end users.

  1. Using corporate email for personal use
    Have a policy that clearly defines whether or not users may use their corporate email account for personal use. If you are going to allow this, make it clear what is permissible and what is not, and consider limiting this to a ‘receive only’ policy so that there is no chance an external party could confuse personal communications for corporate communications. Do not allow users to use their corporate email to subscribe to distribution lists or other high volume sources. Many times, a user will subscribe to a school or sporting group’s emails, only to have that group CC the many dozen or even hundreds of subscribers, which then places their address in everyone else’s inbox where a virus can harvest it.
  2. Posting email address on web pages
    Ensure that any email addresses placed on corporate webpages are shielded from harvesting by automatic processes using JavaScript or other obfuscation methods.
  3. Sending email to several external recipients
    Never CC a large number of users unless they all work for the same company or are working together on the same project and should be replying to all regularly. Use blind carbon copies or create a distribution list to protect recipients’ privacy.
  4. Mailing lists
    Often, sports teams, school clubs, church groups, or other activities like to email their memberships. Help these organisations out by introducing them to the free mailing lists available from Google Groups, Yahoo Groups, and others. These distribution lists are opt-in, provide anti-spam and anti-virus scanning, and protect their users’ privacy by using BCC.
  5. Do not automatically download images unless you trust the sender
    Configure your email client so that it will not automatically download pictures in HTML messages. Many spammers use these images as Web beacons to identify ‘live’ email addresses.
  6. Turn off read and delivery receipts and automatic processing of meeting requests    
    Delivery and read receipts and automatically accepting meeting requests are all ways that spammers can determine if an address is ‘live.’ Systems admins will control delivery receipts, but users can set the way their email clients process read requests and meeting requests.
  7. Be careful where you post your e-mail address
    Public web sites, newsgroups, chat rooms, and support forums are all good sources for spammers to harvest email addresses. Since this is often an automated process, add something to your email address or format it so that a person can figure out how to email you, without posting your exact address. For example, you can use yournameREMOVE@example.com or yourname[at]example[dot]com to render an address that a human can follow but a bot can’t harvest.
  8. Review privacy policies of all sites you use
    Look for a link to the privacy policy of any site you might register on, and ensure they have a clear statement about what they do and don’t do with your personal information. If they do not have a privacy policy, don’t register. Also keep a close eye on checkboxes that are checked by default to ensure that you are not automatically registering for more unwanted email, or agreeing to things you wouldn’t want to.
  9. Never reply to spam
    Never reply to an e-mail message unless you know and trust the sender. Replying to a spammer asking them to stop just confirms to them your email address is live.
  10. Never forward chain e-mail messages
    Forwarding these messages also forwards all the email addresses of anyone who received it before you. Eventually that email will land in the inbox of someone who’s computer is infected with malware that will harvest all of these addresses.
  11. Use antivirus software
    Make sure to install keep your anti-virus software up to date. Many malware infections scan the inbox of mail clients for email addresses to send spam or propagate the virus.

Links to obfuscation sources

A good one for admins and end users…and my personal favourite.

One even and end user can follow

A good source for webmasters

Links to free distribution groups

Google Groups

Yahoo Groups

  • (required)
  • (required)