Symantec Virus Center

CWWis Router Traffic

Spam FAQ

1. Why am I getting e-mail that wasn't addressed to me?
2. Where did the spammer get my e-mail address?
3. How do I keep my e-mail address away from spammers?
4. What should I do if I need to give an e-mail address, but want to keep my TRIVER e-mail address private?
5. Does TRIVER sell my e-mail address?
6. Why am I getting spam even though I don't advertise my e-mail address?
7. Is there a security problem with your mail server?
8. Is there a security problem with my Web browser?
9. Do cookies have something to do with this?
10. Why can't you filter this stuff?
11. Are there ways I can filter this stuff from my mailbox myself?
12. Can you block all e-mail messages not addressed to me?
13. I got spam that says it "complies with federal requirements." Is spamming illegal?
14. Isn't it illegal to send to Washington state residents?
15. I've been spammed, now what?
16. I've followed all of your suggestions, but I keep getting spam every day. What can I do?
17. Where can I find out more information about spam?

Spammers use lists of e-mail addresses. Specialized programs used to send spam, will take an email list and use the BCC: (Blind Carbon Copy) feature to send to all the addresses on the list, without any of the recipients seeing the addresses, including their own. It's important to remember that the To:, From:, and other fields of the e-mail that are usually visible when you read a message DO NOT contain the addressing information that is used to deliver e-mail to your mailbox. The address information is contained in the Envelope of the e-mail that is discarded when it arrives at the mail server which then places the message in your mailbox. If it was in your mailbox, it was addressed to you. TRIVER does not place unsolicited e-mail in any mailbox for any fee, nor do we condone the abuse of our customers in any way relating to spam.

• They run programs that collect e-mail addresses out of Usenet posting headers.
• They cull them from subscriber lists (such as AOL's Member Profile list).
• They use web-crawling programs that look for e-mail addresses on web pages.
• They take them out of online directories.
• They buy databases of addresses.
• They take them from you without your knowledge when you visit a web site.
• They collect member names from online "chat" rooms.

The best way to reduce your chance of being spammed is to keep your e-mail address private. If you trust your address only to close friends and family, you're less likely to be added to spammer's lists. Don't put your e-mail address in "Address Areas" of Internet programs, online submission forms, or anywhere in a public forum such as newsgroups. Even disguised or "munged" addresses that appear to be immune from automated address collecting software are added to lists manually by spammers.

Web e-mail directories are convenient, but also mined by spammers for the lists they create. You can, however, write these directories and ask that they remove your name, e-mail address, and other information from their databases. Each of these sites has an e-mail address where you can request removal of your personal information. Directories to check include: Yahoo's People Search, WhoWhere, Bigfoot, and Switchboard.

Setting up a public address from one of the free e-mail services such as, Hotmail is often your best option. In this way you can post an e-mail address when you need to do so without revealing your TRIVER e-mail address.

In order to ensure your privacy, TRIVER does not in any way publicize your e-mail address or any other subscriber information -- all such data is kept strictly confidential. This policy is a requirement of federal law.

There is a variety of software that allows a bulk e-mailer to send messages to a large number of recipients at a particular Internet service provider whether or not they know their specific addresses. This software attempts to send a message to every address at that domain (often using common usernames), not caring about the number of undeliverable (or bounced) messages that will be generated from incorrect addresses. It is believed that some spammers may then trace which addresses came back as undeliverable and remove those addresses from their lists. These mailing lists are then sold to other spammers. This may explain why sometimes you see spam which appears to be targeted at an alphabetical list of customers or why you receive spam at an address you may not have publicized.

TRIVER does have systems in place to catch a great deal of these attempts as they arrive, before the messages reach valid addresses, however, no system such as this is 100% effective and we are constantly working on improving these methods.

No. The security problem extends, unfortunately, to the e-mail protocol itself. Mail administrators are required to return as undeliverable any messages addressed to an invalid address on their network. This opens up the possibility for abuse by spammers running software that attempts to send e-mail to as many different addresses as possible.

There have been some security issues identified in the two most popular web browsers, Netscape and Internet Explorer. For instance, a problem with javascript was identified as potentially allowing web sites to capture a visitor's e-mail address without their knowledge. Visit these links for more security information about:

• Java and Javascript
• Microsoft Internet Explorer
• Netscape Communicator/Navigator

Cookies are short pieces of text, stored on your computer, which are placed there by web sites that you have visited so that those web sites can remember who you are (or preferences you may have selected) the next time you visit. Although this is convenient if you make frequent trips to the same site, there are also well-known concerns regarding their use.

TRIVER does use multiple black lists to filter Spam. Although this method is somewhat effective, it eliminates only a fraction of spam. This is because many spammers set up accounts with providers such as AOL who are not blocked since there is a great deal of legitimate e-mail coming from those systems.

Yes. Depending on the e-mail program you're using, you should be able to control which messages are visible in your Inbox through the use of "filters." The most recent version of Netscape Communicator offers filtering capability, although Netscape 3.0 and earlier versions do not, so if you use this program for your e-mail you'll need to upgrade to take advantage of this feature. Other e-mail programs that offer filtering include Eudora and Microsoft Outlook. For specifics about filtering in the e-mail program you're using, check the program's help documentation.

For more information, you can also check our Outlook filters guide.

TRIVER could prevent any e-mail without a legitimate To: header from reaching our customers at all. However, the downside of this plan is the potential for much legitimate e-mail to be lost (for instance, mailing list messages addressed to "mailing list recipients" rather than a specific TRIVER address). Furthermore, programming our mail servers to scan through every incoming e-mail message and verify that its "To" header matches that of its intended recipient would significantly degrade the overall performance of the server. Our top priority is that none of our customers' lose legitimate e-mail simply because an automated process considered it to be spam. Unfortunately, this also means that illegitimate e-mail will reach our customers.

At this time there is no federal legislation either supporting or prohibiting the sending of unsolicited e-mail messages. However, you may have noticed that some spam includes the following language (or something similar):

This message complies with the proposed United States Federal requirements for commercial e-mail. For additional information see: <http://www.senate.gov/~murkowski/commercialemail/EMailAmendText.html>. Current information on the status, text, and summary of Title 3 of S. 1618 and H.R. 3888, its companion bill, can be found by using Thomas, the legislative information system run by the Library of Congress.

Although this all sounds rather intimidating, it is also misleading since it implies that the spammer has acted within federal law in sending you their message. The bill to which these spammers refer (commonly called the "Murkowski bill") would have legalized the sending of unsolicited commercial e-mail provided certain requirements were met. However, although this bill passed the Senate, it died in conference committee and never passed the House. Therefore, it never became law.

Washington State does have an anti-spam law. While it does not flatly prohibit the sending of spam, it does make it illegal in Washington to send spam using false headers, false subject lines, or a third party's e-mail address without their permission. The Washington State law has been broken when spam is sent with a false header or a misleading subject line or a third party's address issued without permission AND the e-mail is sent to a Washington e-mail address or from a computer located in Washington. The law only applies when a sender knows or has reason to know the e-mail is being sent to Washington.

In order to take advantage of the law, you must register your e-mail address as a Washington State address at the WAISP Registry Page. The Attorney General of Washington has a Web site devoted to Junk E-mail which discusses this law. Be aware, however, that this law was challenged by a judge as "unduly restrictive and burdensome" on 14 March 2000. The state announced on 6 April that it is appealing the ruling. You can follow the news of this case at Spam News of Washington State.

• Delete the spam and not give any more thought to it.
• Create email filters in your email client to remove the spam.
• Install spam filtering software on your computer.
• Find the originating network of the spam and send a complaint to the administrators of that network. If you choose to do this, be sure that the complaint is sent to the proper address.

One thing you should never do is respond to spam, either by replying to the e-mail, sending e-mail to the "Remove" e-mail address since doing so verifies to spammers that your e-mail address is a valid one. You should also refrain from retaliating against such e-mail by flaming, mail-bombing, or using other equally abusive tactics to get back at the spammer. 

If nothing seems to help, TRIVER can change your username. This will change your e-mail address and web site address (if you have one). This is a last resort since it means changing settings on your computer and informing everyone who e-mails you of the change in your address and, unfortunately, is no guarantee that you'll never receive spam again. For more information on changing your username, contact TRIVER at 824-2515.

• The Network Abuse Clearinghouse -- This is the place to go if you need to find out who to complain to about a spam since they maintain a master database of reporting addresses. You can also use them to forward your complaints by using their mail forwarding service.
• The Spam Recycling Center -- At this site you can forward your spam to the appropriate federal authorities, download a free anti-spam filter, and find other information about e-mail abuse.
• SpamCop -- A service for tracking and reporting spam.
• Sam Spade -- A collection of free spam fighting tools.
• The Coalition Against Unsolicited Commercial E-mail -- CAUCE is a volunteer organization which is advocating for a legislative solution to the problem of spam.
• Spam: Where to Complain About Frauds & Scams on the Internet