Want to say good-bye to spam?

The law against unsolicited commercial email (UCE) — otherwise known as "spam" — is a mess. You are unlikely to ever be fully protected from it.

In the UK, we do actually have an anti-spam law — but it is so weak, we have never actually prosecuted anyone under it. According to the Spamhaus watchdog organisation, it even includes a loophole in British law allowing spam to be sent to business addresses!

In a similarly hopeless situation, European law bans spam emails — but only if they are sent from EU countries. As last month's figures from CipherTrust showed that 57 per cent of spam originates in the US and 16 per cent in Korea, this law does not help us much.

And the problem continues to grow. Recent statements from AOL suggest that of the estimated 30 million email messages sent and received each day, about 30 per cent are unsolicited commercial email — another industry player says the true figure is double that.

Last month, Lord Harris of Haringey gave a speech warning that cyber–terrorists now have the capability of bringing down the electronic systems that run parts of the UK's national infrastructure. "There is a clear danger of an electronic 9/11," he said. On almost the same day, the MessageLabs IT company reported that 57 per cent of companies have no processes in place for measuring their current email security policy.

So it's up to all of us to play our part in individual security. And your two duties are — to stop spam coming in, and to make sure you don't send any out.

E-Fraudsters

Spam is mass email sent by people who wish to sell something, usually cures for sexual problems or cheap loans, but occasionally the classic Nigerian "please help me get my inheritance" con trick.

A spammer will typically send out millions of messages in a day. CAUCE (Campaign Against Unsolicited Commercial Email) says that if only a fraction of a per cent of recipients respond, the spammer is in profit. "The spammers count on this — if they steal only a tiny bit from millions of people, very few will bother to fight back. And they only need to steal a penny from each of four million people to buy a brand new Mercedes."

Just for a moment, look at that again — "a spammer will send out millions a day". Does that sound exaggerated? It isn't — we won't explain it here, but five minutes in your email address book, with some use of cutting and pasting and folders, would give you the power to mail–bomb any one person at the rate of 10,000 messages every ten minutes. The point is that email is like a car — a great benefit if you're careful, and a killer if you're not.

So, what do you do?

Never, ever, give out your main email address to a forum, a newsgroup, or online shopping, or even what might appear a legitimate business website — particularly if you are required to register with your email address, and if it says "tick here to agree to the terms". Far better, and easy, to set up a secondary email address, using a free-service provider — and if that gets caught by spammers, you simply close the account.

When you do get spam, never, ever respond — not even to the "click here to unsubscribe" request. That simply confirms to the spammer that your address is "live".

In theory, it is possible to set up filters and blockers, but there are disadvantages — for example, filters watching for sexual terminology can play havoc with the legitimate messages of the healthcare profession. A security conference was told last month that four in ten workers reported missing deadlines because genuine incoming messages had been trapped by their company's spam filters.

You can set up your own personal filter in Outlook, Netscape, and some other email systems, by setting up a watch for certain words — you can even stop messages from anyone not already in your address book, but that will also stop any new business enquiries.

And those problems only affect incoming spam. How can you prevent yourself contributing to the problem? Don't say you've never sent any!

Are you a spammer?

To guard against careless spamming, follow simple rules, like this — never send out an email to your entire address book. It opens up the details of all the people in your address book to... well, who knows where your list might end up?

If you really have to send a bulk email, observe the courtesy of giving your addressees some privacy. This is what you do — in the 'to' line of your email message, use your own alternative email address, the one you set up for online shopping and things like that. Now, enter your bulk addresses, not in the "copy" line, but in the "blind copy" or "bcc" line. You have effectively preserved their privacy from everyone else who got the message — they won't know that, but you can feel satisfied for doing the right thing.

And who knows which of your contact addresses might, in the wrong hands, be considered valuable for mischievous use? Believe it or not, the most recently–newsworthy famous person has an email address which is available, if you know where to look... it's that of the new Pope. We know it, but we certainly aren't going to publish it. And that's just the kind of small careful step we can all take to avoid spam.