Fake Anti-Spam Site Fishes for Addresses

Feb. 12, 2004 -- We all hate unsolicited e-mails, or spam. It's time consuming, offending, and at times, dangerous.

The U.S. government has passed the CAN SPAM bill, but it is still being debated whether it really addresses the problem. So an opportunity to sign up for a national "don't spam me" list sounds pretty good, right? Wrong.

One of our readers reported finding a link to the "National Do Not Email Registry" on the bottom of an e-mail in the "opt-out" section. If you clicked on the link, you are taken to an official looking site (http://unsub.us) where you can (supposedly) sign up for the list. The site is a look alike for the real "National Do Not Call Registry" (https://www.donotcall.gov/default.aspx), maintained by the government, but is not a government site.

The site appears to be the answer to the CAN-SPAM act that became law in January, but unlike the Do Not Call site, it only refers back to itself. There is no contact information to check its validity, and the domain record at Network Solutions is private, requiring their relay of snail mail contact only. If you click on the Privacy policy link , it gives you a "Forbidden" error.

As a good example of social engineering, the site appeals to everyone's frustration with spam. It plays both on a user's naiveté and increased spam awareness.

Many users are finally getting the message NOT to click on the "Please remove me" link on many pieces of spam, which is a flag to spammers that they have a "live one". So by replacing the suspicious "remove me" link with something that looks like an official government site, the spammer still finds live ones.

Without a privacy policy, or contact information, it is best to leave this site alone. Also, as with any unsolicited e-mail, don't click on any links within the e-mail.

No Free Lunches With Online Freebies

We recently heard from a reader that had sent an E-card to their boss on the birth of her baby, and ended up getting swamped with spam. While we don't know for sure, we're assuming that she probably gave her boss a mailbox full of spam as well.

The thing to remember is that there is no free lunch. Companies put up sites to offer things like free e-cards, online games, jokes and cartoons. It costs money to build, post and maintain a Web site, so they resell your name and e-mail to spammers and advertisers to pay for it.

When you "register" for a game or as the sender as an e-card, you just gave the company another "live person" to sell. In addition, those little links that say "send this cartoon to a friend," lures you into giving up your best friend's e-mail address to an advertiser as well. Nice present.

So, if you absolutely can't resist sending a funny cartoon, joke or game, click on the address bar to select the URL, then paste it into an e-mail message so they can link to the site themselves. This avoids giving up your name, or your friend's name.

Be wary though, you are open to JavaScript and cookies that may track you when you visit and use these freebie sites.