back to article Ever had to register to buy online - and been PELTED with SPAM?

Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not …

COMMENTS

This topic is closed for new posts.
  1. Fred M

    and what's really annoying is that many of them won't accept a + in your email address. (For those who don't know, adding a "+company" to the first part of a gmail address is a good way to identify and block when your address gets passed on to third parties.)

    1. LarsG
      Meh

      The only way of getting around it with legitimate companies who think it is important to email you every week with an offer is to use a disposable address, collect the receipt when it's sent, have the item delivered and them shut the email address down.

      Simple enough.

      1. Mark 65 Silver badge

        One reason I still maintain my yahoo account is those free disposable addresses, a real godsend.

        1. Mayhem

          10 minute mail

          Someone mentioned this a few months back, damn handy site.

          Free oneshot email addresses

          http://10minutemail.com/10MinuteMail/

      2. Number6

        Same here, one advantage of owning a domain is the infinite supply of email addresses, so I can use throwaway ones for most places, and unique ones for places I might buy from again. It's also interesting to see which ones 'leak' and start attracting generic spam.

        1. BillG Silver badge
          Meh

          I also have my own domains, some I've had since 1998. I use a webhost that has greylisting. With greylisting any email from an invalid SMTP server gets deleted.

          I also run MailWasher Pro 6.5.4 (the later versions are crap) which allows whitelists, blacklists, and custom filters. Best choice I ever made.

          All in all, my spam has dropped from 500 a day to 30.

          In other news, charities can be the worst. Ten years ago I donated to a disabled veterans charity, using a different middle initial and mispelled my last name (I refused to hand over my email). Soon I was getting flooded with phone calls, letters in the mail from cancer, children's, animal, indian, etc charities. Got worse with each year and didn't stop until I moved to another state.

    2. Peter Hoare

      +1

      Completely agree - especially when the validation message appears says "This is not a valid email address"! Go and read the RFC on valid email addresses before making up your own rules as to what is and what isn't a valid address. It's not exactly hard to create a regexp or similar to validate an address.

      1. Anonymous Coward
        Anonymous Coward

        Re: +1

        I had to update an email validation regex recently to avoid being unfair to a Mr O'Reilly and his apostrophe. Well at least he volunteered to use the test version to help test it before the main one went live, and told me about the bug so I could fix it. And that system has been in use every year for the last 8.

      2. Loyal Commenter Silver badge
        Boffin

        @Peter Hoare

        As it turns out, you are quite, quite wrong in your assertion that it is trivial to validate an email address with a regular expression. The regex to validate a RFC2822 compliant email address is as follows:

        (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])

        1. Gerhard Mack

          @Loyal Commenter

          Much easier if your language of choice has a library function for it in PHP it's:

          filter_var($email, FILTER_VALIDATE_EMAIL)

        2. John Robson Silver badge
          Thumb Up

          Re: @Peter Hoare

          See easy - how much easier can you get than "someone else has already done it"?

        3. Mike Richards Silver badge

          Re: @Peter Hoare

          Cthulhu R'lyeh wgah'nagl fhtagn!

        4. RW
          Trollface

          Re: @Peter Hoare

          Does that work on Unicodized email addresses such as

          მზია_კვირიკაშვილი@rustavi2.com

          ??

      3. Yet Another Anonymous coward Silver badge

        Re: +1

        It's extra-ordinarily difficult to create a valid email regex see http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html

        And when you do it's totally useless because to allow all the bizarre edge cases you end up having to allow so many genuine mistakes that there is no point.. "Abc\@def"@abc.com is valid

    3. Anonymous Coward
      Anonymous Coward

      So don't use the plus sign; gmail will do the same with other punctuation marks - period seems a good choice (ie myname.theircompany@)

      Failing that, use a service like guerilla mail.

      1. Graham Marsden

        Fortunately I own my own domain, so any time I register with a company like Fred Bloggs and co. I put my e-mail address down as fred.bloggs.co.uk@mydomain which means that I can always tell where someone got my e-mail address from and then create a custom filter to file their stuff straight into the junk mail folder :-)

        1. Nick Ryan Silver badge

          I do the same, and these customised to each company email addresses give you a nice big fat stick to hit them with when they, inevitably, deny either selling or giving away your email address or having pathetic security.

          1. AndrueC Silver badge
            Facepalm

            > these customised to each company email addresses give you a nice big fat stick to hit them with

            Sadly they don't always believe you. The publishers of Avast! refused to accept responsibility when I started getting spam using the address I'd given for registration. They claimed it was probably a trojan on my system or else the email had been intercepted.

            Clearly a security company that knows what it's doing. Not :-/

        2. Chris007

          @Graham Marsden

          very similar to what I do plus my ISP allows me to add filters so that I can reject email from those idiots who sell my email address on to somebody else so that I never see them arrive.

          I ALWAYS click the "no email" contact on all websites and it's interesting to see which ones flagrantly disregard this.

          A few years ago I woke up one morning to an avalanche of spam to the email address I'd used on compare the market.com and not for their services either. They've been added to my filter list ever since and have never had my business again.

          (gocompare don't get my business either, but that's because of that f**king annoying opera singer - the first time I heard the advert I said I wouldn't use them until they dropped it)

          1. illiad

            Re: @Graham Marsden

            you haven't been watching the ads lately... gocompare not only 'dropped' the singer, but made a whole new range a few months ago, of various 'stars' getting various types of 'revenge' on him... keeps it amusing at least..

            BTW, you do *know* that they DO NOT SELL insurance??? the hint is in their name.... :/

            1. Kubla Cant Silver badge
              Facepalm

              Re: @Graham Marsden

              I'm glad you explained. For the past few weeks I've been perplexed by an ad that starts with some bloke* failing to switch on Christmas lights, then cuts to the opera singer being tortured. I couldn't work out how that was supposed to generate electricity.

              * The context suggests that I should know who some bloke is, but I've no idea. This adds to my perplexity.

            2. Anonymous Сoward
              FAIL

              Re: @Graham Marsden

              Go Compare always gets hated why? I find that the animated girl on those confused com ads are far more annoying.

              Thumbs up if you agree.

              1. MJI Silver badge

                Re:Go and die

                Had an old recording on TV yesterday, someone forgot to skip the adverts, I had to run across the room, (next room to TV) and I nearly kicked in my TV to shut it up.

                Power switch was first thing to hand, I know I shouldn't do but it does have a 5 year warantee.

                BTW they are on my permanent shit list along with 4 or 5 other companies.

            3. HipposRule
              FAIL

              Re: @Graham Marsden

              @illiad - someone who actually watches adverts rather than fast forwards - God forbid

            4. Chris007
              Mushroom

              Re: @illiad

              Clearly you've not watched the ads lately as that annoying f**cking opera singer is very much on them and still singing (Stephen Hawking black hole ad...).

              Plus I never said that they sold insurance - clearly you never read posts correctly either.

          2. Field Marshal Von Krakenfart
            Happy

            Re: @Graham Marsden

            Go Elsewhere

            Go Elsewhere

            If you find this ad is annoying then Go Elsewhere

            And you'll thank your stars that you went to Go Elsewhere

            1. DF118
              Thumb Up

              @Graham Marsden

              Yep, I do the theirname@mydomain thing too. It's always fun to catch a genuine evil spammer or unscrupulous etailer who has sold on your details without asking, as opposed to the (relatively) innocent marketing spam from which you can unsubscribe. Funnily enough, whenever the former has happened and I've received some real lowlife spam to a unique address, the companies concerned have always claimed it was a malware-infected email server.

              Another problem is people harvesting your paypal address. There's not much you can do about that since it pretty much needs to be static unless you're prepared to change it periodically. I get around that by having all emails which come in to my paypal address (apart from the ones coming from paypal itself) dumped in a folder of their own, from which messages over a month old are automagically purged. Each sender gets a one-time auto-response containing a generic "transaction acknowledged" message and warning that I am unlikely ever to read their email.

          3. Eddy Ito Silver badge
            Devil

            Re: @Graham Marsden

            One of my favorite tricks to use in conjunction with some.company@mydomain is to scan the incoming address to check if it is actually coming from 'some company' and if it doesn't I automatically redirect it to something like customersupport@some.company. I've gotten some very cross emails but I almost never get spam on some.company.3@mydomain unless they run to their admin who sets up a filter on that end.

        3. The Boojum
          Thumb Up

          Add in a password tracker like LastPass. Records all these hundreds of email addresses and generates and stores unique, complex passwords for each one.

        4. ScottK
          Unhappy

          I have my own domain and always use a customised address for each company. I also always click the do not share my email address tickbox in the vain hope that companies might actually honour it. The worst offender I have ever dealt with is Thomson Fly. I once flew with them about 9 years ago and have since received a huge amount of unrelated crap addressed to tfly@ my domain. If I still lived in the UK I might consider a complaint to the data protection registrar, but a kill filter is a simpler option.

          1. DF118
            Thumb Up

            @ ScottK

            ...that's if they even provide "do not contact" and/or "do not sell my details" tickboxes. SMBs are terrible for just harvesting (especially when you pay with PayPal) and expecting you to be ok with it. I've had some real idiots who refuse to acknowledge that people might get pissed off at that kind of behaviour. Even had one try to tell me her email wasn't spam ("because my shop actually exists").

        5. Anonymous Coward
          Anonymous Coward

          stop advertising your defenses

          Dude, could you please stop advertising this defense method? The only reason it works is because it's not popular. Two lines of code and the spamers can bypass this safety. The longer we can ride this train empty the farther we go. Yes I'm being selfish, but this is a war and I'm OK with not making my bunker a bigger target. Please...

    4. AndrueC Silver badge
      Thumb Up

      I have my own domain and run my own mail server. I achieve the same thing using a wildcard alias system ;)

      1. Vic

        > I achieve the same thing using a wildcard alias system ;)

        I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated. That makes dictionary attacks painful to you and valuable to the spammer.

        Far more effective IMO is to use an aliases file - allocate a fresh email address every time you give one out. If one gets abused, stub it out with a comment that it was abused. that way, the spam stops, and you've got a record of the abuse should you ever be tempted to deal with that company again.

        Vic.

        1. AndrueC Silver badge
          Go

          > I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated

          No it's not quite like that. The wildcard has a specific format so it won't match just anything - there has to be a certain substring present. If you send an email to 'anyoldcrap@mydomain' it'll go straight in the bit bucket. Indeed I get several dozen attempts from spammers along those lines every day. It's basically the same set up as using '+' - you need to know the basic rule :)

          I don't think the risk from exposing my strategy is very high. The spammers would still need to work out the substring I use and I can easily use a different one. Because it's a multi-part name it makes a dictionary attack far harder. I think one of them might actually have guessed the substring a few years ago. At least I started getting spam to it and I only ever used it for reminders. However they haven't twigged that it is substring so it doesn't matter much. I just blacklisted it.

          If they twig how the wildcard works I'll just add a second substring. Or maybe a third. I bet it'd take a while for (example only) abc.321.zmd.<whatever> to be compromised :)

    5. JCitizen
      Alert

      At least give them a bad rating...

      on Web Of Trust so the rest of us will know we don't want to do business with them. I will go out of my way to avoid a business with even a yellow rating, as spam is usually the problem with registering at that site. WOT is the most effective way we have to get even with these shoddy bunch!

    6. miknik

      I send it back to them

      I've got my own domain, so when I have to sign up in this way the email address I use is company-name@mydomain.com

      If I start getting a load of spam then I just create a mail forwarding rule on my domain and point that address back at the contact email address for the relevant company.

  2. Anonymous Coward
    Anonymous Coward

    They don't even spam well

    For those of us who mostly try to avoid HTML emails, 80% of the 'proper' companies won't include plain text, or worse only put their message in some image that would have to be downloaded. Sorry. I can't read what you're saying...

    1. Adam 1 Silver badge

      Re: They don't even spam well

      The main reason that online images are used is that the sender can track when you have read the email.

      1. Kubla Cant Silver badge
        Windows

        Re: They don't even spam well

        the sender can track when you have read the email

        Only if you're dumb enough to let your email reader download images by default.

        1. Adam 1 Silver badge

          Re: They don't even spam well

          " Only if you're dumb enough to let your email reader download images by default."

          In most cases, you cannot "read" these emails without downloading the images. Which means if you don't allow the images, you are not their target audience.

        2. Anonymous Coward
          Anonymous Coward

          Re: They don't even spam well

          "the sender can track when you have read the email"

          And they seem to get quite distressed when you turn off image download and they can't. BT, British Gas and a whole load more dont seem to get that it is actually possible to open and read their mail without them knowing about it, and in some cases actually send more crap asking why you aren't reading their "newsletters". No wonder people think they're creepy.

        3. JCitizen
          Stop

          Or click anywhere on the email...

          if the images and links are not blocked. Actually I never touch anywhere on an unsolicited email. Hotmail eventually catches up to their shenanigans and blocks them all!

    2. Number6

      Re: They don't even spam well

      Unless you're in my whitelist, an attempt to send me email with an HTML part will result in it being bounced. This also takes care of an amazing amount of spam. HTML email is a security hazard, anyway.

      1. Dave Lawton

        Re: They don't even spam well

        Better still, just blackhole it, and log the sender for weekly analysis, just in case it might have been important.

    3. RW
      Boffin

      Re: They don't even spam well

      Canada Post online tracking "works" that way but with the wrinkle that the headers for a plain text version are present but no plain text.

      Thus if your email client is set up not to render HTML, you are s.o.l.

      OTOH, given the extraordinary slowness of Canada Post and their unreliability (small parcels go missing with no trace), you couldn't really expect anything else.

  3. Trygve Henriksen
    Unhappy

    Even worse; trying to change email...

    Several of the stores I shop at still send me offers on my old address, and trying to remove it from the mailing list fails as it's no longer associated with an account...

    (Yes, they also send me offers on my new address... )

    1. JohnG Silver badge

      Re: Even worse; trying to change email...

      One way to fix that is to forward all emails to the old address from that organisation to their abuse address. I find they stop when they tire of abusing themselves.

    2. Gerhard Mack

      Re: Even worse; trying to change email...

      I try to unsubscribe once if I know it is a store I signed up with and if that fails their IP gets moved to my mail server's black list with an SMTP error message explaining exactly why I added the block.

      Life is so much less annoying that way.

  4. Martin 15

    Disposable

    Trashmail.net and it's firefox plugin does it for me.

    1. Anonymous Coward
      Anonymous Coward

      Re: Disposable

      Or mailinator.com (no registration, just use any address, but anyone else can read it too if they guess the address, so don't use it for things which can send you password reset mails)

    2. Mike007
      Happy

      Re: Disposable

      posted from my account registered with the email address elreg@mydomain.net, which has received no spam - unlike lastfm@mydomain.net for example which has had 139 spam messages (yes pharmacy ad type spam, not notifications for some account) in the last 30 days, i have several such addresses auto-filtered and know exactly who to blame for the spam, almost all of it is easily identified (can't do much about addresses in whois databases and public websites, then i just use per-site addresses so i can filter it if it gets too spammy)

    3. Anonymous Coward
      Anonymous Coward

      Re: Disposable

      i own asdfasdf.co.uk which has a catchall to a dedicated inbox - you'd be surprised how many websites i don't need to register an account on because someone else has already set up asdfasdf@asdfasdf.co.uk so i can just do a password reset, i expect .com would be even better :) also gives me someone elses history to operate under to further confuse their monitoring

  5. Anonymous Coward
    Anonymous Coward

    Spam filter rules.

    If the message contains the word unsubscribe, mark it as SPAM.

    Once e a day I'll take a quick look for anything that went there by accident, or for the t shirt hell ones that can be amusing.

    1. Fred Flintstone Gold badge
      Thumb Up

      Re: Spam filter rules.

      Actually, I like that idea. I can make an exception to lists I did subscribe to, but that would pretty much scrape most of the crud into an "almost junk" folder. Time to open up Thunderbird rules..

    2. Keep Refrigerated
      Thumb Up

      Re: Spam filter rules.

      I've been doing this for years with an extra layer of custom domain email forwarding to boot. I'm training Gmail's algorithm to recognise legitimate companies that 'recommend' me products too much and treat them as spammers too.

      1. Anonymous Coward
        Anonymous Coward

        Re: Spam filter rules.

        Umm, choosing Gmail for email is swapping spam for advertising. IMHO, the only reason Google removes spam is because spammers don't pay them anything..

        1. JohnG Silver badge

          Re: Spam filter rules.

          "...choosing Gmail for email is swapping spam for advertising. IMHO, the only reason Google removes spam is because spammers don't pay them anything."

          All true but as long as Google keep the advertising within reason, I view it as a reasonable price for their services and their spam filters are quite good. If their advertising does get out of hand, there are plenty of tools to deal with that.

        2. illiad

          Re: Spam filter rules.

          "Umm, choosing Gmail for email is swapping spam for advertising"

          that maybe so, but adblock means I dont get their ads!!!... :) :) :)

        3. Anonymous Coward
          Anonymous Coward

          IMAP FTW

          Google does advertising on their email? Only if you use the web interface. Use IMAP or POP3 to get your gmail.

    3. Stoneshop Silver badge
      Holmes

      Re: @AC 09:03 Spam filter rules.

      That filter should obviously go after the various mailing list filters.

    4. Anonymous Coward
      Anonymous Coward

      Re: Spam filter rules.

      > "If the message contains the word unsubscribe, mark it as SPAM."

      +1. This was one of the first filters that went in on our company exchange server.

      The next day I received a phone call from somebody asking if the email system was down, because he usually received a hundred spam emails overnight and he hadn't had any. :/

  6. John Deeb
    Boffin

    unsubscribe

    While the article raises some valid concerns, most decent webshops let you unsubscribe right away without any hassle after seeing the first mail appearing (link often at the bottom). Deals with 95% of the problem right there so lets not blow this out of proportion. Webshops need some kind of online marketing to exist, they don't have a shopping window or paper leaflets to spam your real letterbox. Amazon is rather big and might be less interested in spamming you otherwise you would complain about them too.

    1. Anonymous Coward
      Anonymous Coward

      Re: unsubscribe

      Amazon is rather big and might be less interested in spamming you otherwise you would complain about them too."

      Amazon themselves do not spam me - their "recommendations" page when you visit their web site achieves that function unobtrusively for them.

      However - email addresses do leak from Amazon to generate unidentifiable spam. It is presumed that at some point an Amazon Partner is given the address as part of your transaction - and it is the latter's security breach which allows the address to be farmed.

      1. Robert E A Harvey
        Happy

        Re: Amazon recommendations

        The recommendations do make an amusing parlour game - "what made them think I wanted that?"

        1. Steve Davies 3 Silver badge

          Re: Amazon recommendations

          It can be a tad embarrasing when the Other people went on to buy...

          List of items contain stuff the you wouldn't want 'her indoors' to see. viz

          I was browsing books about 'Git' when there was a reccomendation for some erotic novels because someone else had bought the Git book and the other stuff in the same session/order.

        2. Anonymous Coward
          Anonymous Coward

          Re: Amazon recommendations

          yes, and whenever you are logged in as someone else, checking through a load of lesbian porn videos is a great way to improve their Amazon recommendations

        3. Sooty

          Re: Amazon recommendations

          surely the "Why are we recommending this?" link they added answers that one quite quickly

      2. AndrueC Silver badge
        Stop

        Re: unsubscribe

        > However - email addresses do leak from Amazon to generate unidentifiable spam. It is presumed that at some point an Amazon Partner is given the address as part of your transaction - and it is the latter's security breach which allows the address to be farmed.

        Er, no. For several years now Amazon has anonymised email so their partners won't get your address unless you give it them. It's all done through the Amazon Communication Manager.

        http://www.amazon.co.uk/gp/help/customer/display.html?nodeId=3149541

        "All Seller communications should be routed through the Amazon Communications Manager which will deliver the Seller's message to you. The Communications Manager will deliver the message stating the Seller's name as the sender but from a unique e-mail address generated by us that will have the ending "@marketplace.amazon.co.uk". By replying to this e-mail your response will also be directed through the Communications Manager and will be delivered to the Seller, but again, from a unique e-mail address generated by us.

        This enables Sellers to communicate with buyers without either party disclosing their private e-mail addresses and ensures Amazon has a record of all correspondence between buyers and Sellers. Please see the information on this page for full details."

        If a third party got your address it must be because you included it in the body of a message or contacted them directly. It's one of Amazon's best features. To be honest it has a lot of advantages for them as well - call it mutual self-interest :)

      3. Kubla Cant Silver badge

        Re: unsubscribe

        Amazon themselves do not spam me

        I wish I could say the same. Every day I seem to get an email from Amazon offering some kind of - usually inappropriate - cross-sell. Is there an account setting that turns these off?

    2. NightFox
      Thumb Up

      Re: unsubscribe

      I agree - I recently went through my spam folder unsubscribing to all the 'legitimate' spam using the links, and have now cut my spam by about 95% (I'm lucky that I don't get too much real spam).

      My main annoyance on the unsubscribe links are the ones that require you to log in to the retailers web site to 'change your mailing preferences' as often I can't remember my credentials for a site I bought something from 10 years ago. You know my email address - you sent me the bloody link I just clicked. Now unsubscribe me!

      1. mark 63 Silver badge

        change your mailing preferences

        very true, why make you log in.

        but even thats not as bad as the ones that make you log in and you can only set it to "more spam please"

        DealExtreme do this - you can pick any amount of spam exept none

    3. Kevin
      Thumb Up

      Re: unsubscribe

      I totally agree with this approach - I find it works for pretty much 100% of the 'soft' spam. As soon as I get an email like this, I hit the unsubscribe link and most of the time it works.

      It's annoying that you probably didn't subscribe to this list in the first place, but hopefully most companies you buy from are reputable enough to comply with current spamming regulations (otherwise why are you trusting them with your money?).

      I definitely get more spam through my letterbox than I do in my inbox...

    4. Jan 0
      Facepalm

      Re: unsubscribe

      > "Webshops need some kind of online marketing to exist"

      If they would just list their products and prices on a static web page, then we could just use a search engine to find and compare offers just like we used to in the 20th century. When I want something, then I go looking for it. If "webshops" don't want me to use search engines, then I don't care if they go bust.

      1. Don Jefe
        Alert

        Re: unsubscribe @Jan 0

        A static webpage? If you've got a very small number of products you sell and/or a tiny inventory that's sort of OK but if you're dealing with thousands of SKU's and in stock inventories of tens of thousands of items a static webpage is useless.

        Also static webpages tend not to track as well as dynamic sites on search engines.

      2. Atonnis
        Thumb Down

        Re: unsubscribe

        But then you're at the mercy of the search engines and their specific rules...

        ....which then puts you at the mercy of those people who can 'maximise your search presence by using techniques that take advantage of the latest methods used by search engine crawlers'...

        ...which also starts including search engine's search results from the search page on the sites, which then steadily gives you more and more shitty results (seriously, if I ever see another f-cking Amazon US page again it'll be too f-cking soon).

  7. Ocular Sinister
    Go

    Unique emails.

    Each web business that requests an email gets a different email address, something along the lines of companyurl@myemail.co.uk. Once the transaction is completed, the email address gets added to my junk filter.

    Problem solved!

    1. Benny

      Re: Unique emails.

      I noticed that since I have started doing this with one of my spare domains (I went back and changed emails on quite a few existing accounts as well), the amount of spam I get has dropped. Could just be a coincidence, but I have this image of a marketing bod running a "select email from customers where email not like '%mycompany%'" or some such thing

      1. Khoos
        Facepalm

        Re: Unique emails.

        Or you get a nastygram from the company that you are misrepresenting them by using their name in your e-mail address. Great way to lose customers and gain bad reviews.

        1. Ken Hagan Gold badge

          Re: nastygrams

          But surely that happens infrequently enough that you can bow to their complaint and allocate them the address "arkell-v-pressdram@yourdomain".

  8. Anonymous Coward
    Anonymous Coward

    Own your own domain name

    I own my own domain name so every company I register with gets a different sign up email address. There's one layer of redirection too: no-one gets my 'real' email address.

    If I start receiving spam from a company, I unsubscribe from their emails using their website. A bit irritating to be auto opted-in but otherwise fine, they need to know I exist as they emailed me an invoice and sent me some goods.

    However if I get spam from (say) company Y but using the email address allocated to company X, then company X never gets my business again, and I put an email rule in at the point of mail redirection (i.e. way before the email gets downloaded to any of my devices) to bounce the mail back to the sender. This happens very infrequently.

    1. Benedict

      Re: Own your own domain name

      Redirecting back to the alleged sender of the spam is moronic as the address field will almost certainly be forged, which just creates more junk (aka back-scatter).

      What you should be doing is redirecting it to the customer services department of the company who leaked/sold your email address with a message telling them why they have received it.

      1. mark 63 Silver badge
        Thumb Up

        Re: Own your own domain name

        "redirecting it to the customer services"

        haha , i like that idea

    2. Anonymous Coward
      Anonymous Coward

      Re: Own your own domain name

      My girlfriend recently attempted to sign up to a mailing list on a Dutch education website (normally they would remain unnamed but, sod it - Pearson). She used the address pearson@<her domain>. She had a response from some snooty lady saying that she is violating Pearson's trademark and that she must change her email address. She replied explaining her reasons for using their name as part of her email, but was ignored.

      1. Yet Another Anonymous coward Silver badge

        Re: Own your own domain name

        Do it again with pearson-fscks-goats@.... then they have to argue that a reasonable person would assume it was them since everyone associates pearson with fscking goats

      2. Anonymous Coward
        Anonymous Coward

        Re: Own your own domain name

        You can ignore that email about trademark violation as she is not using a domain name, or email the snooty cow back and tell her that she should read up on her trademark laws before she emails again - if I recall correctly, the Dutch have laws against false trademark claims.

        If your girlfriend would register pearsons-nl.com, for example, she would indeed be reliably on track for a trademark dispute. I would however, add to any reply that the response seemed to suggest that Pearson had an adverse reaction to tracking of Data Protection abuse, and that your girlfriend is thus considering reporting this to those who are in charge of enforcing compliance with the "wet Persoonsgegevens" (Dutch Data Protection, if I recall correctly). Could be entertaining to see what that would give as response - especially if you copy in their press liaison.

        I have no problem with a company trying to guard their trademark, but God help any setup who thinks they can {lecture me on}/{threaten or bully me with} an incorrect interpretation of law as I enjoy returning that fire with interest. There's far too much of that going on at the moment.

  9. Anonymous Coward
    Anonymous Coward

    In the UK ...

    Regulation 22 of The Privacy and Electronic Communications Regulations 2003 applies and UK companies must honour unsubscribe requests.

    I only know this because one UK company was bombarding me with marketing crap and ignoring unsubscribe requests. When I found this regulation I emailed them and threatened them with action for non compliance. It worked.

  10. AlexV

    Master of your own domain

    Get yourself a domain name (there are some really cheap ones around, if you don't care what the tld is), set it up so that anything@example.com gets forwarded to your real address. Then, whenever a website wants your email address, you give it their name: theregister@example.com for example.

    If they are well behaved and send you only emails you want, or honour unsubscribe requests for those you don't, all fine. If they prove rogue, blacklist that "to" address and never be troubled by them again.

    I find it more convenient than having to create an address before using it (like trashmail) or having to visit a site to pick up mail sent to it (like mailinator), but that's because the vast majority use-case is non-spammy. If it was mostly spammy, or I needed an address to use with someone already known to be spammy, then I'd use mailinator.

    1. Tezfair
      FAIL

      Re: Master of your own domain

      Been doing this for years, its quite good as a paper trail.

      My biggest culprit is Swinton Car insurance, I get a load of random junk to 'swinton@' email address because I once did an online quote. I have a rule now that fwds 'their' junk mail back to Swinton.

      So the more they sell my email account the more crap they will get back

      1. Tom Wood

        Re: Master of your own domain

        "So the more they sell my email account the more crap they will get back"

        Oh, I'm sure that really bothers them. All those envelopes they will have to waste their staff time opening!

        Seriously, just send them to the bit bucket - replying to spam with spam just makes you part of the problem.

      2. Fred Flintstone Gold badge

        Re: Master of your own domain

        I have a rule now that fwds 'their' junk mail back to Swinton.

        The only way that will help is if you find out the email address of the MD/CEO and send it there with an explanatory note, or another email address that is in active use. Most companies send from an "no reply" mailbox..

      3. daimun

        Re: Master of your own domain

        Swinton are also one of the pita spammers I can't shake off. Another is taxi.com Their T&C even state "You may opt out from receiving this information at any time". This is complete BS of course as I have tried many times. Fortunately my email hosting service provides the option of a blacklist and I take great delight in getting a daily spam report and reading who's been deleted at source. TAXI send at least one message *every day*, often four!

        Like lots here I also use the company@mydomain email assignment.

        1. Anonymous Coward
          Anonymous Coward

          Re: Master of your own domain

          With any UK company you do the following:

          1 - keep a record of receipt of email and a dated screendump of your unsubscribe.

          2 - as soon as you receive another email from them (must be after more than 2 weeks), file a formal complaint with the Office of the Information Commissioner (forms are on their website). You don't need to engage in conversation with the company in question as you have used the communication provided already (the "unsubscribe" and it wasn't effective. It's not your job to sort out their problem.

          3 - copy any further email you receive from them into the case number you will be given.

          1. BenR
            FAIL

            Re: Master of your own domain

            While in theory that's the 'right' thing to do, the ICO are the biggest waste of time and money going. They are a bunch of useless, toothless cretins generally, with about as much punitive power as the cup of tea slowly cooling on my desk.

            I went through them with a complaint about spam phone calls and text messages, despite being registered with TPS. I'd gone to the trouble of filling in their idiotic form, and providing them with all the information the wanted and more, including the name, registered office address, phone number, contact details and website of the company in question. They contacted me back saying there was nothing they could do as they 'couldn't identify the company making the calls'.

            Hopeless.

  11. Sean 30

    couldn't care less, you bought from them so might do again...

    Funniest one for me is a company I purchased a holiday through constantly sends me spam, this despite the fact I took them to court and won. Do they REALLY think I would ever buy anything from them ever again!

    I'm happy to get confirmation of transactions etc via email, but no need to send the spam unless I ask for it.

    1. Anonymous Coward
      Anonymous Coward

      Re: couldn't care less, you bought from them so might do again...

      was that 'Hoseasons' by any chance. The worst thing is they censor comments on their website so no bad reviews of the accommodation (I have the photos) appear, and they still have the cheek to send both soft and hard copy spam.

  12. Graphsboy

    Useful service

    Spamgourmet.com does it for me. Create on-the-fly email addresses at the time you're registering and set the number of forwardings in the the new email address itself. And because you can create as many different addresses as you want, you can tell by what you allow to subsequently get forwarded to you exactly who's been a sod and passed your details on.

  13. Peter Hoare

    Is unsubscribing really the worst possible thing to do?

    The article repeats the age-old saying that clicking the unsubscribe link is the worst possible thing to do. Is there actually any evidence for that being the case? That it merely confirms to the spammer that the address is valid?

    Give the ease with which spammers can throw out email (usually via botnets) I really find it hard to believe that there is any benefit to them in validating any of the email addresses. Why would they go through that bother? When they can easily acquire 10 million addresses, and can easily email each and every one of those, what do they gain by whittling that list down?

    So yes, it's a perfectly feasible scenario that spammers DO use that method to confirm the address is valid, but I'd really like to see some evidence that this is in fact the case. Personally, I put it down as being a myth. In fact I'd be more worried - given the 'morals' of the spammer - that clicking the link to unsubscribe was likely to lead to an infected webpage that made me part of the botnet used to send out the next wave of spam.

    1. Tom Wood

      Re: Is unsubscribing really the worst possible thing to do?

      Certainly it's not true for the vast majority of reputable UK online retailers (the sort you might actually buy something from in the first place). These all honour unsubscribe requests which solves the problem right away.

    2. LaeMing Silver badge
      Boffin

      Re: Is unsubscribing really the worst possible thing to do?

      The spammer's motivation may be that lists of 'known active addresses' get a far higher price than lists of untested addresses.

    3. Grikath Silver badge
      Meh

      Re: Is unsubscribing really the worst possible thing to do?

      When it comes to real spam, yes, it really is the worst possible thing to do, and you've given one of the most important reasons in your own post already.

      Whenever you hit that unsubscribe link on a true spam post , you are sending the owner of that particular list a message telling him not just that your email adress is actually live ( which ups its' value, as there's quite a lot of dead crud in those email lists), but you are also telling him that it belongs to an idiot who actually interacts with what is obviously a spam email, making you a prime mark for those nice mails with dodgy links designed to integrate your PC in a botnet.

      So by trying to unsubscribe from those mails you're upping the risk of getting deliberately targeted by malicious spam instead of the half-hearted shotgun approach by several orders of magnitude.

      1. Eddie Edwards

        Re: Is unsubscribing really the worst possible thing to do?

        I think he's aware of the conceptual principle that a signal is sent back to the spammer; what he's debating is whether or not spammers actually use that information in practice. What you're saying sounds like nothing more than the same assumptions he's questioning.

        As others have said, most reputable companies are spamming people, but you know who they are, and they have to honour unsubscribe requests by law. The rest is probably in your spam folder already. So the article's worry about "should I click unsubscribe" is probably unfounded IMO unless you're still besieged by 90s-era Viagra spam because you don't have any kind of modern spam filter.

        I think the point the article is missing (by focussing on these quasi-paranoid maybe-issues) is that we need a new generation of spam filters that can do things like show you emails from a company you're sort-of interested in, but at a rate that suits you rather than them. For some reason everyone has upped the ante and is sending stuff way more often now (judging by my inbox) but I don't want to unsubscribe from all of them because actually I do want occasional reminders about that stuff, but maybe only every month, or only 6 weeks before Christmas. And I'd quite like to filter emails from Lego so I only see the Star Wars ones. Things like that.

    4. vagabondo

      Re: Is unsubscribing really the worst possible thing to do?

      "Personally, I put it down as being a myth."

      It's not a myth, ask a mail sysadmin. You can buy lists of "unsubscribed" addresses.

      Our advice is to only unsubscribe to a list that you have subscribed to. Never try unsubscribing to spam, you will probably be donating your address (maybe all your contacts) to an address harvester.

      My personal no. 1 spam hate is bouncing spam to the (forged) "From:" or "Reply to:" address instead of rejecting it. This is the favoured behaviour of Symantec et al, who would go out of business without a sufficient supply of spam.

  14. Anonymous Coward
    Anonymous Coward

    It’s easy enough to use your DELETE key

    The other problem with the argument that "It’s easy enough to use your DELETE key" is that I get spam sent to my mobile phone - it uses up my bandwidth allowance.

    I've thought of creating a special account which is only used for online purchases which I can make sure my phone doesn't retrieve mail from - however, sometimes it is useful to know that a delivery is going to be made imminently.

  15. Anonymous Coward
    Anonymous Coward

    Odd.....

    ....but I guess this must be a US article. The only reason is that companies in the UK MUST allow the option to decline marketing mails / affiliate mails. It's those one or two tick boxes that you clearly are ignoring. I've signed up with dozens and dozens of UK sites and don't get hit with spam.

    If they don't offer these options, then don't do business with them. If they can't follow these basic rules, forget trusting with your credit card details.

    1. Shufflemoomin
      FAIL

      Re: Odd.....

      UK Companies MUST allow the option? Surely you're having a laugh? For one thing, not all companies do it and one quick look around would show you that and for another, who's going to punish them? Are you going to go around suing them like some sort of low-rent, IT Batman?

      1. Anonymous Coward
        Anonymous Coward

        Re: Odd.....

        Too right. And of those that have the option, a good half IME just ignore it. I tick the "don't send me anything" options with religious fervour. I read the text carefully "Tick box a if you don't want our email promotions. Tick box b if you do want our partner's promotions" and select accordingly.

        But the vermin still send the rubbish, and this includes major retailers. To be fair the unsubscribe requests are usually, but not always respected, but the thrust of the article still applies: Why do the pea-brains in marketing think for a single moment that anybody would want weekly or even monthly news and offers clagging up their inbox?

    2. Jon Press

      Re: Odd.....

      I think this is a "grey area". I get lots of spam promoting established UK businesses which actually originates from outside the UK and is from "affiliate" marketers who may be acting outside the terms of their agreement. The overseas (often, US) spammer is probably working within local laws and the UK business hasn't been involved in the data processing.

      Granted, this spam has mostly arisen to addresses that at one point or another have been given to US businesses or leaked on to the Internet in the very early days, but once they're out there, UK businesses are quite happy to turn a blind eye to their affiliates' behaviour.

    3. Evan Essence

      Re: Odd.....

      Never seen one of those tick boxes.

  16. Destroy All Monsters Silver badge
    Devil

    "They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not selling to us, so they have an excellent motive not to help us."

    Sounds exactly like that tax thing if you replace "selling" by "serving".

  17. hitmouse

    Security

    One problem with these companies that collect registration information is that they are either the ones with the worst security OR they're liable to getting bought and your details transferred to more serious spammers.

    I tried to get Specsavers to stop sending me physical mail (actually to someone I used to live with who was getting deluged with it) and returning the mail for two years made no difference. When I contacted their data people they actually had the hide to demand more personal details about me than they already had in order to verify who I was.

  18. NomNomNom

    maybe people should start suing companies through the civil court to recoup the cost of processing their unwanted communications

    1. frank ly Silver badge

      @NomNomNom- Great idea

      I'll process your unwanted communications, at £50 an hour; and I'll make the court applications for you, at £75 an hour. I'll also take you out for a fantastic meal every Friday lunchtime. Send me your e-mail address so we can get moving with this great idea.

    2. Anonymous Coward
      Anonymous Coward

      @NonNomNom

      For most people and companies the costs of dealing with spam would be classed as consequential losses. These are not normally admissable as part of small claims procedings, so you'd need to take them to full country court, where you've still got a good chance of the case being dismissed or lost, and then you'd be liable for the other side's legal costs.

      And if you've already deleted the spam (and thus incurred costs) then where's your evidence? If you haven't deleted them, where's the processing cost? That could be a bit of a bind.

      I've never heard of a claim for potential consequential losses, so you could make legal history if you win, and if you do then I'd like you to turn your attention to perpetual motion.

      1. Vic

        Re: @NonNomNom

        > These are not normally admissable as part of small claims procedings

        Yes, they are.

        A company failing to comply with PECR is unlawful, and I can (and have) invoiced for the clean-up associated with that failing. Wait a couple of weeks, and you can put that unpaid invoice through the Small Claims process.

        I've done this. I have to be quite annoyed to go through that rigmarole, but so far it's been pretty effective...

        Vic.

    3. JohnG Silver badge

      Suing and winning

      Someone already sued and won:

      http://www.theregister.co.uk/2006/01/06/spam_court_media_logistics/

      1. Anonymous Coward
        Anonymous Coward

        Re: Suing and winning@JohnG

        I concede your correction! But the settlement your link refers to wasn't a contested amount scrutinised by the court, as the article points out. If you can settle out of court (as in that case) you're OK, but had it gone to court and been contested, then the damages would probably have been nil or thereabouts, because the demonstrable losses would have been next to nothing.

        There's some other issues, that the linked case was specifically about a company who hadn't any commercial relationship with the claimant. In context of this thread, we're mostly talking about spam from companies with whom you do have a relationship, and the ICO states (with my emphasis) "The Privacy and Electronic Communications Regulations 2003 cover the sending of email marketing. This legislation says that organisations must only send marketing emails to individuals if you have agreed to receive them, except where there is a clearly defined customer relationship"

        Even where there is a case to answer, simply reading the article you've highlighted would give the companies whom you might sue the simple answer : Admit liability, but argue that the claimant has actually incurred no worthwhile losses.

        1. NomNomNom

          Re: Suing and winning@JohnG

          yea i was thinking along the lines of blatant blackmail. ie take the gamble that they'd settle out of court

  19. Robert E A Harvey

    Cleft stick

    The worst offender I know is spex4less. I have bought spectacles from them in the past, and may well do so again. Their prices, quality, and customer service are first-class. I've had them telephone me to confirm a prescription because it was so far different from the one I gave them the year before. Brilliant. But they do have the habit of trying to sell me another pair every day after I have bought one. They bombard with emails.

    I want to continue to shop with a reliable, trustworthy, and cheap supplier. I don't want the drifts of emails that clog up my inbox. Telling them this does not change things.

    This is what spam filters are for. I take them out of the blacklist when I place an order, and put them back after I have recieved it. They are clever enough not to send direct marketing while an order is open, so it works nicely.

  20. Rampant Spaniel

    I just have a few addresses, one for work, one for friends and family, one for buying stuff and one for registering on forums etc. Only really need to check 2 accounts then and I don't get to see spam unless I need to go hunt for an invoice or reset a forum password.

    1. Phil 54

      Same here...

      I use exactly the same system. I get almost no spam on my professional or personal addresses and I check on the other ones once a week(ish) unless I've bought something. Forums are all set up to not contact me unless someone PMs me or if I've subscribed to a particular thread. My worst spam problems are mass reply-to-alls from friends, family or acquaintances.

  21. Gerphy

    I used to get lots of spam. I don't any more. I don't have a facebook account, I don't use twitter. I do post to newsgroups, and use forums, and I have my own website, and my email address is on every page. I don't have spam filtering enabled on my ISP mailbox, either. Maybe because I don't give my email address to any site that requests it - if a site wants an email address to view things, I won't bother. If a site is heavy in adverts, I close it. If I'm buying something, I read the 'if you don't want to not opt-out of receiving emails from us please don't tick the box' and tick what is hopefully the right choice - or I go somewhere else if the messages annoy me. My SpamAssassin folder shows about 20 spam messages identified in the last 30 days, plus I've deleted 2 by hand. I don't reckon that's too bad.

    I'm not sure what I'm doing that makes things better these days, but since those painful days of dial-up when every other message was spam, email's significantly more spam-free.

  22. Anonymous Coward
    Anonymous Coward

    Political parties are worst offender

    Communicating with your local councillor or MP via their website usually requires your details - including an email address - before the query is accepted.

    In my experience the Labour Party is the worst offender. They send political spam for years after to that email address - even when you were pretty sure you had ticked the "do not use" box. It Even when direct complaints appear to stop it - the list gets resurrected a few years later. The spam itself appears to offer a route to unsubscribe - but just goes in circles.

    Their worst offence was to take my general comment about a road calming measure and submit it - in severely edited form - to the County Council Highways Department's complaints page. Their submission forged my name, snailmail and email addresses. All apparently part of a vendetta between the local Labour Council and the Tory County Council.

    The local Conservatives are also now sending me political spam by misusing my email address from an MP query.

  23. jake Silver badge

    Who the fuck ...

    ... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]

    Honestly ... this whole "I saw it on teh IntraWebTubes, so it must be true" culture is starting to make me think that HomoSap has stopped evolving. Gut feeling is we are a dead-end species.

    Enjoy your PLEASEGooMyFaceYouMSTwits, kiddies ... Your great grandchildren (if you have any) are going to to revile your names.

    [1] Folks restoring antique machinery being an obvious exception ... but then, they have clues. The PLEASEGooMyFaceYouMSTwits equally obviously do not.

    1. Phil 54

      Re: Who the fuck ...

      "Who the fuck ...

      ... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]"

      Perhaps those who like to pay significantly less for things?

    2. mark 63 Silver badge
      FAIL

      What the fuck ...

      er Jake,

      what the hell are you talking about?

      "GooMyFaceYouMSTwits,"

      something about social networks? i dunno

      buying online? well i dont want to pay more and I sure as hell dont want to get off my arse to do it , not to mention taking time off work to get to the shops - which only open during the day for the unemployed. ooh the irony

    3. Stoneshop Silver badge
      FAIL

      Re: Who the fuck ...

      ... is daft enough to purchase anything online in the first place? Can't you find it within 20 miles of where you live? If not, why the hell do you think you need it?[1]

      a) because it saves money

      b) because it saves time

      c) because it saves both

      d) you can buy 40W CO2 laser tubes twenty miles from where you live? Good for you. And no, it's not an antique machine that needs restoring.

      For the record, I'm not deluged with spam. Far from it. Most is coming in via the admin address for a mailing list I manage, apparently scraped before they obfuscated the addresses on their web pages. A large part of the remainder (amounting to a few messages a day) has been scraped from Usenet some time in the past. Some is addressed to $randomstring@mydomain, and maybe a single message a day is some vendor who ignores the 'no mail' checkbox. And I've had just a single case of a vendor leaking or selling the e-mail address I gave him.

  24. Anonymous Coward
    Anonymous Coward

    A big problem is the giant BCC'ed address book hack

    A lot of companies do it this way… the one I work for was no exception. The "mailing list" exists as an entry in the secretary's email client address book. Often it is done this way because the people have never bothered to research alternatives.

    Each "UNSUBSCRIBE" note they have to process manually. Likewise with bounces.

    At my work place we recently retired an old router box running Untangle and put a Ubuntu server in its place. To this I set up Postfix and a tool called Mailman. Majordomo was the other consideration I had, but Mailman is quite user friendly.

    You set one of these up as a moderated list with a select few people allowed to send without moderation. Voila, instant newsletter alias. Bonus points by allowing people to unsubscribe themselves and having the system automatically unsubscribe bouncing addresses.

    When I explained this to them the question was asked: "Where were you 10 years ago?"

    The next step is actually having the site add their subscription in when they contact us and ask to be added. There's a check-box that's ticked by the user to indicate one wishes to subscribe and at the moment this gets picked up in our ERP system (OpenERP) and creates a lead — the "Opt In" field is taken from the site. My next task will be to export this list and feed it to Mailman periodically.

    The point being — doing it right so far has proven much easier than the dodgy hack that many still insist on. It saves gaffs like the one the Taliban made not too long back, saves time on manual searches through lists of addresses and even allows a degree of self-service for the customer.

    1. Kevin 43
      FAIL

      Re: A big problem is the giant BCC'ed address book hack

      Sometimes it is not even BCC'ed!

      I quite often get mails that are just a huge list of "TO" or "CC" addresses...

  25. hugo tyson
    FAIL

    Charities

    You're so right about charities; I always say to friends "here's a tenner, you're welcome" - no way am I giving my email address to a charity; they used to be the worst offenders for unaddressed junk (dead-tree) mail.

    But for real places that were one-offs, can you go into your account and change the email address? I know it takes time, but I do that occasionally - for those places that have no "close account completely" button. Actually, I change the email address first, then close the account - so that if they still want to email, they can't.

    1. Evan Essence

      Re: Charities

      I'm now reluctant to give to a charity I haven't given to before because of the problem of being plagued for years afterwards with dead-tree junk. This Christmas I made a donation to the Guardian's appeal (other appeals are available) to avoid this problem.

      1. Anonymous Coward
        Anonymous Coward

        Re: Charities

        "This Christmas I made a donation to the Guardian's appeal "

        What, you mean you bought a copy?

    2. Anonymous Coward
      Anonymous Coward

      Re: Charities

      The charity who keep ringing me to ask for donations are one I will no longer donate to - I gave them the money to caring for local people with life-limiting illnesses, not to annoy people during work hours.

  26. Fred Flintstone Gold badge

    An exception to the rule - with some help.

    Actually, a year ago I did something completely different when I received again UCE from Oracle - I'd already tried unsubscribing so I decided to see what else I could do. I sent a note to whatever legal department I could find that I didn't appreciate being emailed for something I would never use, and was disappointed that an organisation such as Oracle would engage in this activity.

    The result was, well, impressive. A lawyer in that department who seems to hate spam as much as I do took this email and went digging, and it emerged the company they were using for mailing lists was not updating its blacklist as directed by Oracle. Given the fairly panicky email I got from the provider to apologise I suspect they must have had their feet roasted.

    I was kept in the loop throughout this process by the lawyer, so to me that was a plus for both their legal department and for their approach to marketing - let down by a 3rd party.

    Naturally, this is a legit setup, I have no intention to do this with the BUY VIAGRA CHEAP rubbish, but sometimes it is worth just politely asking the question where you may get an answer. If you don't get an answer it's time ye olde blacklist - preferably server based.

    It is worth noting that EU Data Protection laws don't just mandate asking for permission to use data for marketing (and must make that opt IN, not opt OUT), they also require companies to keep that data up to date and relevant. The child product emails in the Reg article are thus clear evidence of a company not living up to its obligations, and they can be reported and fined for this. From the client information management strategies I have seen, by far the most important omission is registering the DATE of the entry coming into the system and each element thereof.

    However, what I miss in Data Protection rules is an obligation for companies to tell where they got your name from. This creates a problem - as soon as you have made the mistake of registering with a company that stated in a 6 point light grey font on a white background in a page footer that it would resell your data you're on a list that gets sold to all and sundry, and you're condemned to playing a game of whack-a-mole to identify the company that does the selling because only they have the ability to remove you..

    1. Acme Fixer

      Re: An exception to the rule - with some help.

      I had the same experience with my credit union. It took them a few times, but they finally got to the bottom of the problem and fixed it. I dealt by email with not some flunky, but the VP.

  27. Joe Harrison Silver badge

    Even worse are the "now give us feedback" nags

    Yes I bought a small item for 1.49 delivered. No I cannot now bother to click through several screens logging back in and rating the seller's performance.

    1. AndrueC Silver badge
      Unhappy

      Re: Even worse are the "now give us feedback" nags

      That's one bad thing about Amazon. I don't mind rating a seller but as far as I can tell you have to write some text in the text box before it'll accept the rating.

  28. MartinSullivan

    Not Quite Spam IP Blocks

    Many of the not-quite-spam e-mails I've received over the years do appear, at first glance, to come from the folk they say they're from. However they're not. Even quite large companies are apt to use specialised e-mail companies for this, for example PurePromoter (http://www.pure360.com). These can be spotted, flagged in an artificial header and ultimately sent to the appropriate low-priority folder, cough, on the IP address block that they use via procmail (http://www.procmail.org). A typical rule would be:

    :0 fW

    * ^Received: from .*\[94\.236\.20\.1(2[89]|[345][0-9])\]

    | formail -I "X-BIB: PurePromoter Ltd"

    Sadly specifying these blocks do require that you grok your Regular Expressions. Some nice CIDR-type block specification seems to be beyond procmail.

    You can also have a rule like this:

    :0 fWDB

    * emails:http:.*/unsubscribe.php\?

    | formail -I "X-BIB: Pluto PHP unsubscribe"

    As they're spotted too.

    Then it's a case of a single rule on the new X-BIB header:

    # Box all the BIB messages

    :0

    * ^X-BIB:

    not-quite-spam

    You can, like me, spend rather a lot of time on such shenanigans. My procmailrc is enormous, and beyond my simple comprehension. I think that it may be self-aware.

  29. alain williams Silver badge

    Paypal - grrrr

    I made what was effectively a charitable donation; they used paypal. I ticked the box saying that I did not want to create a paypal account (I read their nightmareish T&Cs years ago). The next thing that I knew I received email from Paypal telling me how to update my account settings. I phoned them, they lied to me; gave me an email address to complain to that did not work.

    They are an unscrupulous bunch of crooks who have no intention of operating in a truthful manner. I will now never have anything to do with any organisation that only accepts payment via that bunch of bandits.

  30. Steve the Cynic Silver badge

    Re: Spam filter rules.

    "choosing Gmail for email is swapping spam for advertising".

    Hmm. Is there advertising on my gmail page? Oh, yes all the way over there on the right, where I don't look because the actual email is all the way over there on the left. Get a wide screen, and keep the browser window maximised. Or read it on your shinyslab (of whatever flavour) where the IMAP transfer (yes, we all know about goggle's broken IMAP...) doesn't include ads.

  31. Evan Essence
    Thumb Up

    Spamgourmet

    Others have mentioned throwaway addresses. I've happily used spamgourmet.com for years, and sometimes update the cutoff limit for an address, so it's not really a "throwaway" address: there's that flexibility. It's a bit geeky, but deliberately so to put off Joe Sixpack types: nothing to faze any Reg reader.

  32. Anonymous Coward
    Mushroom

    johnlewis.com

    Don't do it. Got multiple spams per week from waitrose, some insurance place as well as jl. unsubscribe didn't work, all their emails now go straight to a black hole somewhere, will not use them again.

    1. Juan Inamillion

      Re: johnlewis.com

      Hmm.. that's the first complaint of John Lewis I've ever seen. Their customer service is generally reckoned to be well above average. Did you trying contacting their customer service?

      (No I'm not associated with JL in any way, just curious as I know an awful lot of people who use them.)

  33. Shannon Jacobs
    Holmes

    How to confirm that an unsubscribe mechanism works?

    Answer: You can't, but the email providers (such as Gmail) could if they cared that much. In essence, they need to test the unsubscribe mechanisms with honeypot addresses and see whether or not they work or just result in more spam. In cases where they do work, the email should be annotated to that effect, and in cases where they don't work, the email provider should make extra efforts to put the spammers' out of business.

    This should actually be part of comprehensive anti-spammer tools that the "sincerely anti-spammer" email services should provide. Imagine something like SpamCop, but on steroids. Rather than a meek shot at the spammer's ISP and webhost, there should be several iterations of increasingly refined analysis and targeting to break ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and help and protect ALL of the spammers' victims.

    The spammers are in effect holding up signs saying "I'm a criminal and I will rob you." Doesn't it seem bizarre that their business models are still working so well?

    1. Anonymous Coward
      Anonymous Coward

      Re: How to confirm that an unsubscribe mechanism works?

      The Bankers and Pension Fund managers in effect holding up signs saying "I'm a criminal and I will rob you." Doesn't it seem bizarre that their business models are still working so well? Not when you consider they have the balls of the Government in their hands. TFIFY.

      Spammed from a 'reputable' company, forward it with covering complaint to the CEO (Google is your friend).

      Make a note of CEO's name.

      If the problem is fixed then all is hunky dory

      else

      Never buy any product from any business that employs that person (LinkedIn is your friend) and if asked, say why.

  34. Bgfreeman

    If there's no valid reason for the company to have my email address, they don't get it.

    So, if they're not going to send me an email confirmation for a product, or shipping notes etc, they get fake@email.com as the address, or x@y.com both of which usually pass whatever sad excuse they've got for checking.

    Otherwise, yes, use a throwaway.

  35. Joe Montana
    Go

    Unique emails

    I do the unique email thing with a slight twist relative to what everyone else seems to be doing...

    Instead of company@mydomain, i do whatever@company.mydomain by using a wildcard subdomain. This serves two purposes:

    1, i can junk the address with dns which causes less load on my mailserver (and i can create mx records which point back at whoever is the source of the spam).

    2, Some spammers will take a given list of domains and try random common names @ the domain, so you can still identify the troublesome domain.

    While i primarily use the unique email address setup to identify companies which have sold me out to spammers, i have found that several are starting to be sneaky about this - if the email address contains their own company name they won't give it out, so companyname@yourdomain wont get sold to spammers but blah@yourdomain will.

  36. AndrueC Silver badge
    Stop

    Everyone I contact gets a unique address to use for me and if they abuse it I block it and they don't hear from me again. It takes zero effort to hand out new addresses and only a little effort to block them if they go bad. What annoys me is that I am always careful to tick 'No, don't send me marketing crap' but half of them do anyway. I doubt it's a bug in the entry form so most likely they just ignore the checkbox.

    Thankfully my email system means I don't actually get spam (or only once for each contact) but the best solution I've found when it comes to online shopping is to only buy stuff from Amazon. It's the smaller, independent retailers who generate the spam so I stopped using them a long time ago.

  37. jrd
    Thumb Up

    gmail works

    I've had 1 email address for 10 years which I use for everything, and I do a lot of shopping online, I'm on mailing lists etc and I must say almost no spam gets past gmail's excellent filters. Those that do always seem to respond to unsubscribe requests, so I would recommend this extremely simple and low-overhead combination if you have spam problems.

  38. A J Stiles

    My personal solution

    My personal solution to this is to use my own domain with a "catch-all" e-mail address (anything before the @ sign goes to my user). I give every company with which I deal a slightly different version of my e-mail address (usually blatantly obvious, like reg_resp@mydomain.co.uk). From that point on, all it takes is careful use of procmail (it obviously helps that my ISP explicitly support uploading a .procmailrc file -- all halfway-decent ones do). If a company sells "my" e-mail address on, I can quickly spot e-mails not originating from the rightful sender; that one address variant simply gets devnulled, leaving all the others alone.

    It's been working for over 14 years now and counting.

    The worst offender was actually a private mailing list. Some Windows user managed to get infected with some malware which picked up on my e-mail address from a posting I made to the list, uploaded it to some list somewhere, and a deluge of spam ensued. After posting an e-mail to the list saying "SOMEONE ON THIS LIST HAS A VIRUS!", contacting the list moderators and changing my e-mail address, everything fixed itself.

  39. jke
    Paris Hilton

    Always Register with Charities

    There is a good reason to register as a donor if you give to a charity. They can claim "gift aid" from the Revenue which adds, I think, an additional 28% to your donation. Paris, because she has been out of favour lately and is well known to give willingly

  40. heyrick Silver badge

    Semi-related whinge

    Those sites that require you to create a profile before they'll tell you how much they're going to hit you for postage. That's the point where I close the tab and instruct Firefox to "forget about this site". All they need to know is the postage method (SAL, EMS, courier, etc) and the country...

  41. Gaz Jay

    It's all about Opens and Clicks

    I used to work for a marketing company - we handled mailing lists for some pretty big UK retailers.

    One of the things we used to do was sanitize our mailing lists. The reason for this was to keep costs down for the company we were mailing for, to try to keep good relations with it's customers/former customers and also to stop our own email dispatch servers from being black listed.

    We used to keep track of which email addresses were being "opened" and "clicked". If we sent an email to a particular customer and it wasn't opened (but was received OK), we would note this in our mailing list. If we sent out a further 2 emails that were not opened by this address, the email address would automatically be removed from further mailings.

    I don't know if any other marketing companies were doing this. But it made sense to us. The companies were were mailing for consistently got >95% successful delivery rates and high open and click rates as a result.

    1. Evan Essence

      Re: It's all about Opens and Clicks

      I read plain text email by default, and only enable HTML and Javascript if the email is interesting and from a source I trust. Glad I do.

  42. Hollerith 1

    I try not to buy from sites that force me to register

    When I'm looking to buy something online, and find the shop I'm dealing with is forcing me to register in order to buy, I see if a competitor will sell without the registration process. I then stick with that one and blacklist the forced-to-register site, and if I am feeling in the mood, I email the latter to say 'this is why you did not get my business'. I like to use vendor websites rather than Amazon if i can, sort of like supporting the independent little shops, but if I have to register, I figure I have no reason to add to my pain and go back to Amazon or a similar site I have had to register with. Of course, that's why they like you to register.

    I also make a point of deleting any special offers that come from a forced-to-register site. It just encourages them.

    Finally, I often take the grmpy pleasure of registering each and every time on certain sites, such as ticket sales sites. I have one concert hall that now sends me about 12 advanced programmes via snailmail. Thir money down the drain, and I never have to worry about remembering my login.

    1. Anonymous Coward
      Unhappy

      Re: I try not to buy from sites that force me to register

      Ahhh Hollerith, so do I... but some are sneaky!

      They create a profile for you anyway with a random password and then notify you that you can log into their site when you return.

      Dixon/PCWorld/Curry's, I'm looking at you!

  43. Anonymous Coward
    Anonymous Coward

    In the UK we have the TPS, MPS, FPS, e-MPS and the Baby MPS. All supposed to reduce the amount of shite hitting your telephone, post box, fax and email. All schemes operated by the Direct Marketing Association (iirc).

    It's not ideal as it's really no more than just a little self-regulation by the marketers. But, in my experience, the TPS and MPS have a noticeable impact upon phone calls and direct mails from within the UK.

    The problem is, as I recall, even if you are on one or multiple lists, those companies who operate a default opt in at registration (and there appear to be a growing number of these in the UK) then that very act of enforced consent at registration (with opt out post-registration) opens up the floodgates once again, as it may be deemed that you have given your consent to all and sundry thereby rendering any prior TPS, MPS etc registration null and void.

    Ultimately trusting all marketing scumbags to self-regulate is like asking an alcoholic to work in a bar without taking a drink - some may, others won't.

    But hey, if you are in the UK and there are some larg(er) UK organisations not following the rules of self-regulation to the letter then why not organise a PITA protest and get say 1,000,000 people to flood the data controller(s) with highly detailed, lengthy and watertight DPA requests? I'm sure they'd love that. After all, the most they can charge for a DPA SAR is a tenner. Get enough people to simultaneously submit a watertight and highly detailed DPA SAR and I'm quite sure it case some considerable grief. I'd pay a tenner for the chuckles!

    1. Anonymous Coward
      Anonymous Coward

      "and I'm quite sure it case some considerable grief"

      ...and I'm quite sure it'd cause some considerable grief. (Like the hangover causing my typos)

    2. Derichleau
      Happy

      Section 11 of the DPA

      To stop receiving any and all marketing from a UK-based company you should opt-out under section 11. But you have to make sure that the data controller is a UK-based data controller, which rules out Amazon for example as their data controller is based in the EU so they don't have to comply with the DPA.

  44. technohead95

    Desperate need to control spam

    I think there needs to be a system in place to control spam. The reason why email spam is so common is because it is so affordable to do so. It costs next to nothing to send out mass emails.

    One method I read a while back was to charge for every email sent. The charge would be something very small like 0.001p and thus would be almost nothing for home users and would only be a minor charge for larger businesses. However, for spam companies, it would cost huge amounts as they send millions upon millions of emails every day. It would make it simply unaffordable to spam via email. Each ISP and webmail provider would need a way to invoice the email address owner.

    You could argue that most spam companies use zombie PCs to send out spam and thus wouldn't incur the cost. Each email address owner can set a maximum cap on email addresses sent per month and thus protect them from getting stung with a massive bill if their PC has been infected with a spam bot. The ability to control the maximum cap should be easy for the user/business so it does not affect their legitimate day to day use.

  45. Jez Lawrence

    yes. Spam sucks.

    I sympathise with the author of the article though I'm struggling to see the point of it - this is not a new problem, nor is it news that opt out lists are no such thing. You're not even venturing an opinion as to what should be done about it. But if you just wanted to have a moan though, mission accomplished and fair enough - one of the perks of being an interwebz scumba-er, journalist I suppose. Moaning to nerds that spam is annoying is however a bit like calling up the westboro baptist church to tell them God Hates Fags - you're guaranteed a good reception but you're not exactly challenging their world view...

    Me, I just use my very first ever webmail address, which was created back in the mid nineties before spam filters and things were truly available/functional. The spam became totally overwhelming by the end of the decade and I stopped using it for communicating with actual people. Instead I hit on the idea of just using for signing up to websites, games and forums. I have another email address which is only given to actual friends.

    Result: no spam for me at all. Ever. Management required on my part: zero.

    I more or less completely ignore my original email address except for just after making a purchase to ensure the receipt came through. And best of all because it's a hotmail address, Microsoft are paying for all the spam handling software, storage of the several GB worth of Spam collected over 15 years and of course the processor time. Until last year I was considering trying to get an apple webmail address to use for spam, because honestly I'd rather the Jobsien form-over-function hipster brigade suffered ...but then microsoft brought out windows 8 and have actually tried to claim with a straight face that it is an improvement, so I guess I'll stick with punishing Redmond instead.

    Where was I? Oh yes. Spam. It is bad. The solution? Well, as the great Dennis Leary once said: life sucks - get a helmet.

  46. sisk Silver badge

    In answer to the headline....

    Not really, no. I have an email account that I keep specifically to catch such irritating emails. It only gets about 500 messages a day.

  47. Anonymous Coward
    Anonymous Coward

    Just because I buy your product/service doesn't mean I want to get spammed.

    Some good spamfighting tips, especially with the custom email address at your domain. It's interesting to see how an email address gets sold on to other providers and who buys the mailing lists....

    There used to be an hosting/domain company (who shares the same name as that radio station that plays 'more music variety') that wrote into its terms and conditions of sale that the customer would agree to receive marketing communications from the company with no option to opt out (as I found out after I'd joined them).

    Needless to say, a few angry emails later (from me and I would guess the rest of their customers) they've put an option to unsubscribe from all marketing emails.

    All very sneaky to bury it in the T&Cs - when time comes for renewal, it's likely I'll be moving away from them regardless, on principle. Marketing material should always be opt in...

  48. Tralala

    Right on but didn't you forget about apps?

    a despairing voice of reason [sadly, a bit of a rarity on register these days]

    I also hide at Amazon or ebay to escape this info grab..

    If you factor in motley 'verified by mastercard' schemes then sites are not attracting customers but actually driving them away. Sites trading in info need to ask themselves what business they are really in..

    I would add that the same is happening with 'apps'

    As an example I've been looking for a RSS reader/scraper for some Samsung Nexus iPaid Appple thingies

    I can't get one - free or paid - that does not force me to hand over my details.

    There is no benign or practical reason for this.

    App makers should pay me to permit them to track my reading habits so they may profit from it.

    It's unclear if this trade in 'soft-spam' is sustainable in the long term but if personal information is being monetised by companies to mine it, exploit it and trade in it then they must pay consumers to get it.

    Currently we are happy to give it away for free....

    That's got to change.

  49. This post has been deleted by a moderator

  50. Seanmon
    Go

    But on the plus side...

    Feeling brave one year , I bought the missus a birthday present from Agent Provocateur. Haven't quite got around to unsubscribing from that one yet.

  51. bag o' spanners

    I'd hazard a guess that a huge percentage of bandwidth clogging spam consists of socmedia notifications. Too lazy to visit the site? Read 400 likes, comments, and recommendation emails a day instead.

    I noticed that blanket notifications are an opt out item on most socmedia platforms. So I opt out. I also opt out of stuff that "friends" have co-opted me into. Validation junkies may love to bask in the warm glow of a daily spam blizzard, but I'd rather be doing something useful. Like drinking beer.

  52. Arbstop

    data gathering

    By the very nature of online insurance sellers (and I guess the comparison websites as well) the data that you have to submit to them to get an insurance quote is probably the highest value information on you of all the possible online purchasing experiences.

    You have to give them - name, address, occupation, age, health issues and all sorts of data about your lifestyle. Now that info itself must be so valuable that they don't need to actually sell you any insurance and they can make a mint from you.

    When I last thought about getting a car a number of years ago I duly filled in all the online forms, using a disposable email address, and have been receiving some very well targetted spam emails about once a week ever since.

    If you want to setup a website to gather such high quality data on real people then I can't think of a better business than insurance.

    It would be really interesting to see what the various revenue streams are for gocomparethemeerkat.coms are ...

  53. Acme Fixer

    I went to Office Depot and as I checked out, the cashier asked, "Do you want your receipt as paper or by email?" BINGO!!! As soon as they get your email address, the spam starts rolling in!! Of course, I told her, I'll take paper, 'cause if I give you my email address, you will spam me! And I already have enough of that.

  54. David 45

    Spam or not spam?

    Depends on your definition I suppose. I use Mailwasher Pro and find very little to "wash" these days, thank goodness, even though I have several accounts. I have to visit my Hotmail web pages every now and again to check the junk folder in case something legit has slipped in there and, again, there isn't a lot there either apart from the odd 414 scam! G.Mail is much the same. Effective filters can be created to send spam straight to the trash if needs be. I use Spamgourmet to create disposable addresses containing a company's name if I'm suspicious, so it's obvious if it's been passed on, although some sites throw up an invalid address error, or similar, sometimes and I can't use it. My biggest current annoyance is actually Amazon. Their persistent marketing mails are really OTT, with their "recommendations" based on previous purchases but whether that could be defined as spam is probably debatable. Most times, I just delete their stuff on sight, as it gets a tad tiresome.

  55. Bucky 2
    Pint

    Mostly just clueless

    "How would you feel about “registering” with every bricks-and-mortar shop you buy something from?"

    It used to be the case (okay, years ago), that whenever you purchased anything from Radio Shack, they'd write out a receipt by hand, asking for your mailing address so they could send you junk flyers in the mail. Sometimes the sales people would be particularly belligerent about demanding your information.

    It isn't just merchants, either. I recently had an extended stay in the hospital, during which an organization made occasional visits with dogs. It was very nice. I wrote to thank them. Big mistake. Had to write an email filter against them in the end.

    Ultimately, though, I'm still of the opinion that many organizations are simply clueless, rather than mean-spirited. Radio Shack stopped demanding personal information some time ago. The animal folks I still believe are more stricken with overzealousness than with any kind of evil mercenary attitude.

  56. Herby Silver badge

    My own domain...

    I got one as well. Yes, I make up unique addresses for various functions. Yes, I can tell where they got the address. This is all well and good, and I found out that someone harvested my address from a Tektronix mailing list, and I now get all sorts of "ticket generated" spam using that address.

    The downside of this is that with your own domain, you get all sorts of spam that points to "users" that have never existed. Hundreds of them. On each email. So I now have a wonderful pre-processor that trashes all of these. In addition, you get people signing up for hotmail accounts with names on your domain (in my case many in Spanish) and I try to click on the link that says "no I didn't want this" while putting the address in my trash list.

    It is a never ending battle, as the problem with Spam email is that (unfortunately) IT WORKS. So what if you generate zillions of spam emails, if just 10 or so net you some sort of $$$ they they have succeeded in their task. Since the spamming operation is "free" ANY click, virus infection, or silly "enhancement" advertisement is money in their pocket. Simple economics unfortunately. If it cost just 1/10 (maybe less?) of a cent for each email (how much email do you send on a personal basis) it would drive up the costs for the spammers to make it non-economical for them to continue. The reason there isn't (that) much junk snail mail is that it has a definite cost associated with each piece that goes out the door.

    As for such things as mailing lists, I suggest a small "one time" fee to setup these on a server, and allow them to be audited for "spam compliance" (subscription procedures, etc.).

    No solution is "perfect", but when the majority of email can be classified as "spam" something needs to be done. I would like to track down the spammers and greet them with some sort of weapon of mass destruction, but that might be a bit extreme (joke), or then again it might not be, who knows. (*SIGH*)

  57. Peter74447
    Facepalm

    Unsubscribe

    I spent some time over the past 2 weeks going through all my spam and advertising emails and using the Unsubscribe link. Most of them instantly took the hint and claimed that i was removed from the list. A few of the sites did require me to log in to unsubscribe. What got me in this wonderful age of technology is the few sites that informed me that it "May take up to 10 days to process your request". 10 DAYS!!! WTF kind of system are you running if it takes that long to remove an email address from a database?

    You can create an account, validate a credit card payment, transfer funds from one financial institution to another and ship an item half way around the world in 5 days, but to remove an email address from a database "may take up to 10 days"

  58. Wardy01
    Thumb Up

    The side of the coin

    I work for a marketing company that sends about 1 million emails an hour (through each server we use to send).

    The system we employ requires that our subscribers have to make 3 separate "i want this email" confirmations.

    This is a real pain in the ass (tracking who's in what state) but it's a side of effect of the internet being in the state it's currently in.

    I like to think that we are very good at what we do and always respect peoples right to cancel as a result we are very careful to ensure that un-subscribes are honoured (we've gone to the extreme of giving each email sent an individual unique id to ensure we have complete audit trails on them).

    As a result of current thinking we consider a bounce an un-subscribe request in the same way as if someone clicked the un-subscribe link on the email, i personally spent hours spamming our bounce proccessing software (that I wrote to handle this) to ensure it was bulletproof ... something i'm proud of.

    I agree with the message being conveyed here though ... not enough companies do this.

    For my personal email, like many on here I have my own domain but my mail is routed through google, this basically means google filter all my mail and at any time i can do something like "company+my.address@mydomain.com" to use the afformentioned filtering tricks.

    The beauty with gmail is that soo many people use it that it doesn't take long before any new spam is quickly added to googles "learning filter".

    The upshot ...

    I rarely see or have to deal with spam.

    It costs me about £30 a year for a google apps for business account.

    I wish it was a free service but seeing stories like this pop up everywhere makes me think ... maybe i can claim that cost back somehow !!!

  59. Christopher W
    Pint

    Ah, spam.

    I used to use OtherInbox to protect myself against exactly this kind of problem -- not just spam, but that middleground "bacn" which you don't hate receiving but which does clog up inbox arteries.

    Amusingly I once had to supply an email address to download a WordPress plugin (the plugin was useful, so I caved) from MaxBlogPress. I supplied a brand new address on my OI account just for that... And within a day, I was receiving a dozen spam emails. I called out the MBP author on Twitter and emailed over with evidence of the unsolicited spamming - all of which was flatly and vehemently denied.

    Until we can hit a button to electrocute the legitimate sender of an email when they send spam to us, this problem will persist unmitigated. SPF and DK have been shown to only slightly curb the influx of spam. I run a particularly aggressive combination of multiRBL and whitelist setups paired with tuned SpamAssassin and fail2ban on my busiest mailserver and it ditches about 95% of unwanted email -- but yet it still persists. And the amount of 'bacn' is so high now with every company fully committing to their 'online marketing campaigns' that after a while, if the boss maintains his habit of sticking his primary email address into every email form he comes across, there's not much you can do to prevent the influx.

    I wish there was a unified, globally recognised mechanism for instantly unsubscribing - it would be the best elements of a good listserver combined with a protocol-defined mechanism for silently (or with confirmation message) unsubscribing from all mailing lists. It would require headers to be set defining the message as a mailing list which would then enable options in all mail clients which would need to support these parts of the spec. Never going to happen though. Oh well. Time for the pub.

  60. Alan Brown Silver badge

    Not just disposable email addresses

    I obtained a few 070 numbers (UK readers will recognise 'em) specifically to give to companies who have no business phoning me (Yes, I'm TPS registered and unlisted, etc. It doesn't stop everything) - they forward to VOIP accounts

    I've had more than a few calls come in on the numbers and I make a point of making the calls drag on as long as possible. If XYZ company wants to spend £1.50/min to call me, who am I to stop them?

  61. AngryDeveloper
    IT Angle

    Not an issue.

    News flash, Bill Gates said in 2004 that spam e-mail will soon be a thing of the past in two years' .

    We have been spam free since 2006 people!.

  62. Anonymous Coward
    Anonymous Coward

    I get loads of "offers" from places I've bought from in the past along with the usual spam. Over time I unsubscribed from some but still get loads. Then listened to a recent Guardian tech podcast where they interviewed one of the people behind (I think) the invention of MIME system for multimedia messaging and he gave a tip for dealing with email was to filter everything into blocks of related emails that could be dealt with individually. Following that I set up filters to detect "offers" emails from all the companies who send them to me and diverted their emails to a "email offers" folder when they are received. Result was last night having been away for a week visiting relatives I downloaded ~750 emails but after spam emails had been junk-ed by thunderbird and all the offers filtered I was left with only ~30! Plus I could then switch to the offers folder and identify a couple of sites to see if they had any interesting new year offers!

  63. Brother52
    Happy

    DPA Anyone?

    Until you mentioned $5 I couldn't understand why you were ignoring the opt out/opt in prompts that are required by law for websites that collect your personal data. At least here in the UK we have legislation to protect us from this sort of thing, if a site doesn't offer the option then I don't use it.

  64. Shadow Systems Silver badge

    Tailor the email to the site.

    Some email services allow you to either create an Alias, or as in the case of Gmail, utilize a (Your User Name)"+BlahBlahBlah"(at gmail dot com) addressing convention.

    If your name is John Smith, and you're registering at Amazon, then you sign up with "JohnSmith+Amazon".

    If it's Jane Doe & you're signing up at "The Sewing Supply Palace", then use "JaneDoe+TheSewingSupplyPalace".

    This now *absolutely* identifies where you used the address, and thus whom sold it to the spammers.

    From there, it's easy enough to create an email Filter to automaticly permanently delete *ANYTHING* to that Alias as spam, no matter *whom* may have sent it.

    From there, you can log in to that site, change all your personal information to garbage, & sign out for the last time.

    You've just poisoned their database's value (because it now contains a "Customer" whom isn't *really* named "YouAll SuckSpammingHell", or lives at "1234 Notgonna Tellya Lane, Nowhere, Mumbai", with a telephone number of "+1.23.456.7890", etc) and when the company tries to sell "your" customer data, they then helpfully poison all the *other* potential spammers' databases, too.

    If you can't trust them not to spam you, then don't let them keep your personal data, either.

    Use an email alias, and if they spam you, alter their copy of your personal data, add an auto-permanent-delete rule to your email client for that alias, and you never get spam to that alias again.

    You're welcome.

    =-)

  65. Anonymous Coward
    Anonymous Coward

    Re: @Graham Marsden

    @Anonymous Сoward

    Go Compare always gets hated why? I find that the animated girl on those confused com ads are far more annoying.

    Thumbs up if you agree.

    The mentally retarded marketing person that came up with that annoying as hell cartoon girl that you mention, just gave you a thumbs down for speaking truth!

  66. Derichleau
    Happy

    You can opt out of marketing from any UK company under section 11 of the DPA

    If you're being bombarded by unwanted e-mails from a particular UK company, then all you have to do is write to them and ask them to stop in accordance with your rights as a data subject. Forget all this unsubscribe malarkey, a section 11 request will stop marketing by post, text, e-mail, phone, and if you have an online account, even the advertising banners that appear in your account pages.

    www.mindmydata.co.uk.

  67. Sooty

    What I want to know

    Is why spam still exists? Who are the morons who are actually buying things from these people that make it profitable to continue?

    I accept the phishing, etc emails that mimic valid ones to some extent will trick people, but really who tries to actually buy anything from the slightly less dodgy ones? If I get an email from a company I've never had dealings with, they instantly go on my 'have nothing to do with these crooks' list! Similarly with cold callers, I don't care what you are trying to sell, what sort of idiot will give their details to a stranger phoning them. All the spam is making me less likely to have anything to do with them.

    I got an old window replaced last year, and the company called me several times a week afterwards to 'follow up' ie try and get me to replace all the others (about £4k). I finally shouted at them saying that I was getting the rest of them done ( I will eventually :) ) and would have used them, but there was absolutely no way I'd ever consider using them now due to all the calls. I may have used some 'colourful' language as well. Despite all the previous requests, that time they really did appear to take me off their lists.

    1. Wardy01

      Re: What I want to know

      @Sooty

      That's the thing, you don't have to buy anything from them for them to make money from you.

      Often "real spam" is an attempt purely for you to confirm your email / other personal details in some way.

      Doing so will result in them having confirmation of your personal details which are then sold on.

      They can get your address by doing a range of things.

      To name a few ...

      Randomly generating somename@yourdomain type email addresses and sending a tracked image in it.

      Scrape the data from web pages / forums you might have posted on.

      Hacking in to someone else' database that has your details.

      Others here are also talking about spam through sites they consider initially to be trustworthy but then ultimately do the same thing.

      THAT'S WHY SPAM EXISTS!

  68. Alan Brown Silver badge

    Spam exists because marketers feel they have a god-given right to advertise in your face - and because it's profitable to do so.

    Even when not profitable, some outfits will continue to spam, because they can't imagine any other way of advertising. In a lot of outfits the "most sucessful salesman" is regarded by clients as "the most obnoxious salesman - we only bought something to make him go away"

    1. Wardy01

      The comment is just plain dumb on so many levels I don't know where to begin.

      1. Anyone stupid enough to "buy something to get rid of a sales rep" deserves to be spammed!

      2. Not all spam comes from legitimate businesses

      3. Spam is often not a sales pitch at all

  69. Derichleau
    Happy

    It's simple to stop spam

    Mailwasher Pro and regular expressions for overseas spam, Section 11 of the DPA to stop any and all marketing from a UK-based company. I section 11 my insurance companies so that they're not able to send me an automatic renewal as I never stay with the same company twice.

    1. Wardy01

      Re: It's simple to stop spam

      Section 11 won't stop them all.

      Many will simply outsource their marketing overseas so the email is sent by a third party thus avoiding the problem of the DPA (as far as their concerned).

      If spam was that easy to stop it would be gone already.

  70. Wardy01
    Mushroom

    I love how some people think its sooo easy to stop spam ...

    Give me your email addresses so I can test your theories :)

    I have a neat app I wrote purely for testing my ability to block spam on some private domains.

    It's not as obvious as you might think.

    The most persistent of spammers for example would take to some of the following:

    1. faking the from address

    2. faking the from IP

    3. randomly generating garbage in the subject / body

    4. sending 1 pixel tracked images

    5. spoofing legit business

    6. faking / spoofing subdomains under legit domains

    7. using adressing tricks that mean some emails not sent to you end up in your mailbox

    To send an email requires little more than 1 line of code these days.

    Servers filter email based on rules that you define which are typically based on something like ...

    1. the from address

    2. a keyword

    3. a unique to address (such as the aformentioned "company+me@mydomain.com")

    My app code can randomly generate a to address @somedomain that i specify with randomised content.

    For example ...

    I can put in gmail.com and get out a near unlimited number of email addresses.

    If i then send some email content to each of these email addresses stating in the email header that it came from "notifications@facebook.com" how would your email client know it was from facebook?

    I can style the body to look just like it came from facebook and need only include a facebook logo image to confirm you read the email.

    I then know for sure what your email address is and that you read my email.

    I should point out ...

    I work for a company that sends about 1 million legit opt in only emails an hour, the app i'm talking about is to test our systems from this type of "attack".

    the point being ...

    Am i facebook? ... no

    Can you tell it came from facebook? ... no

    Can your email client tell? ... no

    Who would likely get the blame for my spam email? ... not me

    Is it spam? ... yes

    Did I gain anything from it? ... yes - an email address I could sell

    This is not an exhaustive example of tricks used but does highlight a common problem ...

    The SMTP protocol (language used by mail servers) is flawed and has been since it begin.

    There is no way round this unless the standard for the SMTP protocol is in some way changed so that emails can only originate from trusted non spamming servers that will definately honour an unsubscribe request.

  71. Chris Collins 1
    Stop

    also the same with blogs etc.

    want to reply to a blog or some other comment based site? sure but we need to know your email address for you to reply. why?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019