Probing Question: Spam, spam everywhere -- How can we control it?

According to Phillip Laplante, associate professor of software engineering at Penn State Great Valley, the answer as to why unsolicited email is omnipresent is two-fold: it's easy to create and distribute, and it's economically advantageous for those who send it.

"Spammers get email addresses from a variety of sources. 'Robot' harvesters traverse the Web and collect email addresses posted on Web sites. Spammers share email lists with each other and obtain legitimate lists under false pretenses. Spammers can randomly generate email addresses too—all they need to know is the domain name, e.g. 'anywhere.com,' and they can create random combinations of user ids until they hit real users. Anytime you give your email address in exchange for free information posted to the Web it becomes fair game for the spammers. Finally, even when you give your email address to a legitimate correspondent or business partner, it might inadvertently end up in the hands of a spammer.

hitchin' a ride

"Even though spammers know that most recipients delete the email without reading it, and that spam filters and bad addresses keep many of their emails from reaching their intended targets, spamming can still be very profitable. Sending spam isn't free—there are costs involved in obtaining the addresses, preparing the lists, sending the emails, supporting the spam site, etc.—but the cost of doing so is quite low, probably around 1/100 of a cent per email sent. If only one email in 100,000 yields a successful business transaction, depending on the product, the profit can be significant.

"So, how do you stop getting so much spam? Well, there is no way to prevent spam completely. This is an 'arms race' and the spammers develop counter-measures for every new technique developed to stop them. But you can reduce spam by taking a number of precautions. First, use and aggressively maintain whatever spam-blocking feature your mail client provides. Microsoft Outlook has a pretty good spam filter if you maintain the rules database faithfully. There are commercial spam-blocking products too, and some freebies, but this is not the place for an analysis of these. Also, stop giving away your email address so freely. If you don't have to give your email address in exchange for 'product updates,' don't do it.

"Be careful how you post your email address to your Web site. If it is posted in text format, a harvester will eventually grab it. You can embed your email address in an image—this makes it nearly impossible for a harvester to find it.

"Finally don't ever buy a product introduced to you via spam. If the economics didn't work out for the spammer, they would stop doing it. Unfortunately, there are always suckers out there who can't resist a 'bargain.'"

Phillip Laplante, associate professor of software engineering, can be reached via email at plaplante@psu.edu.

Last Updated May 25, 2005