Your Name Could Determine Your Spam Load

Sept. 4, 2008— -- Those of us with unusual names tend to draw more chuckles and raised eyebrows than our more commonly named counterparts.

But it turns out that there is at least one thing that the Johns and Janes of the world seem to attract more of than we do.

Spam.

A recent study shows that the amount of spam you receive could depend not only how common your first name is but how common the first letter of your e-mail address is.

Interested in discovering why some people receive more spam than others, Richard Clayton, a computer security researcher at the University of Cambridge, analyzed more than 550 million e-mails sent to a large U.K. Internet service provider.

He found that for e-mail addresses starting with heavily used letters like J, M, R and P, 40 percent of the e-mail received was spam, while addresses beginning with less frequently used letters, such as Q, X and Z, attracted about 20 percent -- or less -- spam.

The discrepancies have to do with the way that spammers compile their lists of e-mail addresses, Clayton said. One common method is called the dictionary attack. Spammers go through the alphabet and if, for example, they know that a john@example.com exists, they'll try sending an e-mail to john@another.com.

Initially, Clayton said he thought he would find that e-mail addresses closer to the beginning of the alphabet would get spammed more than e-mail addresses closer to the end of the alphabet. (Often, computer systems will detect an attack and shut down before a spammer reaches the end of the alphabet, he said.)

Although he did find that, on average, addresses starting with the letter A got more spam than addresses starting with Z, he said that wasn't the primary pattern he observed.

"What seems to be important is whether or not others share the same e-mail address as yours," Clayton told ABCNews.com. "If you're John and lots of people have that in their e-mail address, [spammers] will try that at all other domains."

It means that if you have an unusual name, your name is much less likely to be guessed," he said.

However, Clayton emphasized, several other factors can also determine the amount of spam someone receives.If your name is on several Web sites, or if you've used it for a long time, it wouldn't matter how unusual your name, he said.

The longer the e-mail address has been around and the more visible it is on the Internet, the easier it is for a spammer to find and use it.

He also noted that his findings included some anomalies. For example, few names start with the letter U, but he found that e-mail addresses beginning with that letter attracted 50 percent junk mail. Although he said the matter needs more inquiry, his suggested explanation is that many e-mail addresses start with user1 or user 2@example.com.

Doug Bowers, an anti-spam expert for security software firm Symantec, told ABCNews.com that Clayton's findings are consistent with his own research.

When spammers build e-mail lists, they usually take one of two tacks, he said. They'll either buy a list of actual e-mail addresses on the black market or they'll guess.

When they guess, Bowers said, they'll start at the beginning of the alphabet and keep on going until they find addresses that work.

His research also finds that there is a hierarchy in the characters used for creating e-mail user names. Over the last year, Symantec's spam-tracking program shows that user names starting with the letter A have averaged 10 percent of spam monitored, followed by B with 8 percent and J with 7.5 percent.

However, Bowers cautions, "spam in general is very much a cat and mouse game."

While it's tempting to craft e-mail addresses that will be more difficult for spammers to guess, he said it's important to take other precautions, such as using anti-spam software and being careful about where you give out your address.

He also said that it's important to be aware of spamming trends. Spammers are a creative bunch, he said, and frequently change their tactics.

In August, for example, Symantec's monthly State of Spam report said that the major trend was spam e-mails with subject lines that mirrored news headlines.

According to the report, spam e-mails bearing headlines about the Russia/Georgia conflict -- and more improbable ones such as Breaking news ... McCain Chooses Paris Hilton to be Running Mate -- contained links to malware designed to infect computers with viruses.

This month, Bower said, headline spam appears to be down, while attachment spam -- e-mails that arrive with infected attachments -- appears to be on the rise.

While experts say that it is nearly impossible to spamproof your inbox, they do agree on some tips to reduce your spam load regardless of what your name is. Here a few suggestions they provided ABCNews.com.

Don't Drop Hints Anytime you use a Web site -- to participate in online discussions or post comments -- make sure your user name is nothing like your e-mail address.

Humans are creatures of habit, and that works against them online, said Aaron Higbee, chief technology officer for New York-based security research firm Intrepidus Group and a former network abuse administrator for Earthlink.

"I might have a user ID for Facebook and Myspace … and [spammers] can scour these forums and then just try the user name @ hotmail," he said.

Don't Use Auto-Complete. If you do use the feature, turn it off monthly.

Higbee said if you click on a link and reach an undesirable Web site the auto-complete feature would allow spammers to harvest personal information.

Business vs. Personal Use different accounts to keep business and finance-related e-mail separate from personal e-mail.

By using different accounts for personal and business use, experts say you stand a better chance of protecting sensitive personal information.

Don't Give It Away

You can't monitor your friends' Internet activity. But to the extent that you can, make sure they take precautions to avoid viruses that could search their files and harvest your address. Clayton said some spam comes as e-mail that looks like it comes from familiar names.

Change Your E-mail Address

Higbee suggests changing your e-mail address yearly. For example, if your name is John, use John2008@example.com one year and John2009@example.com the next.