Aim: To check the nature and amount of spam received when email addresses are left on the public world wide web.

Ingredients: Email addresses set up with popular ISPs (Google and Hotmail), and access to a public web page.

Method:

Step 1 : Create two email addresses, one each on Google and Hotmail using the techniques listed at the following link. (Experimenters might also choose to create one email address rather than two.)

http://webcoherence.org/2009/03/17/email-experiments-starting-simply/

Step 2 : Setup all emails from these email addresses so they will be forwarded to us, so that we can periodically analyze the emails received every week, and keep you updated with our results on the blog.

Google email address should be forwarded to: coherence.experiment1@googlemail.com


Hotmail email address should be forwarded to: coherence.experiment1@hotmail.co.uk

The steps to forward emails for Google and Hotmail can be found at the following link:

http://webcoherence.org/2009/03/23/email-experiments-setting-up-forwarding/

Step 3 : Post these newly created email addresses as comments to this post. This has the effect of making these email addresses available on the public World Wide Web.

Once you post the email addresses as comments to this post, we shall start monitoring our mailboxes for the spam emails that will be forwarded from these newly created email accounts and update the results on our blog.

Step 4 : Do not use these email addresses elsewhere, or for other experiments.

Observation:

We shall be posting our observations as we analyze spam emails from your accounts.

Expected Results:

Web Crawlers will pick up live email addresses, and use them to spam mailboxes.

Conclusion:

The conclusion will be posted after sufficient observations have been made over a period of time.

Note:

Experimenters and other audiences are encouraged to discuss this experiment using the comment box below.

Social networking’s foremost aim is to achieve a self-sustaining critical mass of people joining their platform. Only then will advertisers pay them big fat sums of money to place advertisements there, with the result that the company behind the social network will be valued in millions. In order to achieve this goal, sites use various techniques to attract users, the most common being to get hold of the email credentials of all participating users on the big e-mail hosts.

It’s hardly surprising that social networking sites blatantly access the users’ contacts – they can send invites to also join the network, but on behalf of the new member; far more effective than cold calling! Now when Sam joins a social network, and ends up giving his credentials for his Gmail account during the signup process, all of Sam’s contacts will receive an invitation with the subject line – “Sam has invited you to join …”. How cosy?

Actually no! I have come across numerous stories where people like Sam have been caused deep embarrassment, when for example such emails reach contacts that are business superiors, like Company CEOs, Managing Directors, and (worse in a business sense) Clients, who may find such invitations overly familiar, and a nuisance. Sam, whose name is emblazoned across the messages, has no option other than to accept blame and offer an apology – not a good business move. Clearly it’s not just Sam (who is guilty of the sin of omission), but the social networking site (guilty of the sin of commission) that brought the trouble down on Sam’s head. 

And it can end up far worse than mere embarrassment, like in the case of Dylan Osborn, 37, from Newport Pagnell in Buckinghamshire. He joined Facebook, so naturally the site sent an automatic “friend request” to everyone on his email list – including his ex-wife. She had previously taken out a court injunction, banning him from contacting her. Although the message was sent without his knowledge, Dylan spent three days in jail.

The obvious question now arises is that can people like Sam and Dylan avoid getting into this trap? Most social networking sites target users during the sign up process, when they are in unfamiliar surroundings, and a little disoriented. The sites claim (in bold letters) that they will not store a user’s email address or password; the request is presented as beneficial, because it will be used to check who amongst the user’s email contact list is already in the network. Most users consider it safe to share their information. Result – spam mails to hundreds of contacts.

Careful observation of email invitations display a number of patterns, worthy of comment (why not set up an experiment to investigate the patterns in such ‘social’ spam?). For example, I once received multiple invitations from the same person; they reappeared at regular intervals. This clearly means that, despite their promise not store users’ email passwords, that promise did not extend to the contact lists derived from them. Hence the users’ (or should that be victims’) names being used to bombard continuously their contacts’ mailboxes!

In a recent discussion with the CEO of a popular social networking site, I was shocked to hear him proudly claim that the success rate of people joining his social networking platform from such invitations was close to 4%, and that consequently their user base is growing by thousands every day. He had no plans of discontinuing this act of spamming. After all, the bigger the user base, the more money he makes out of his company.

This obviously raises the obvious observation: maybe social networks are nothing but businesses who fool members, steal their information, bring trouble, all the while presenting themselves as helping the community to communicate, entertain, and bind with each other!

To avoid spam, ideally users must drop themselves off the mailing lists of any friend or colleague who indulges in forwarding emails to dozens of people collected together in ‘To’ lists. Every time your address is passed around, it opens the door to spammers.

Typical forwarded emails contain pictures, jokes, or e-mails received from others, this is particularly the case between co-workers – the latter risks the whole company e-mail address book getting into the hands of spammers: a fate suffered by many university departments.

You really shouldn’t feel guilty about not forwarding on e-mails, and it is good practice to delete all but critical messages anyway.

However, even though you don’t actively participate in these round-robins, the mere appearance of your address in a list can invite trouble.

Should you need to email a large group of people, then you should use the BCC feature wherever possible, as this prevents spammers getting access to your network of contacts.

It’s also important to delete any propagating list of contacts and email addresses that appear within the body of a received email prior to forwarding it on.

PS: Official emails may be the odd exception in some scenarios, but treat every forwarding decision with care.

I started collecting spam, studying it! Of course I make sure to use (free) e-mail accounts extraneous to my normal Internet existence to avoid disruption. Thanks to Google, Yahoo, Hotmail that’s easy. Now I intend to send e-mails consisting of one word (‘holiday,’ or ‘car,’ or ‘restaurant,’ or ‘loan’), using one unique e-mail account for each experiment (and not using that account for anything else), and wait to see what pops up – then drawing charts of the rate of incoming spam.

Some of the accounts I’ve set up are left unused by me, so I can attract in and have a control experiment of the type of spam e-mails that are out there in the white noise. Having run one experiment with Gmail for nearly a year I can report that only two welcoming e-mails have arrived, and those within two days of setting up the account. So much for the ‘urban myth’ of e-mail providers precipitating spam! You should try it out for yourself – be a scientist and don’t take my word for it.

I’ve just challenged the students on my course Global Consequences of IT (GCIT) at LSE to see who can attract the most spam – the winner gets a free lunch at a local Thai restaurant. I’m interested in the various strategies they can devise to maximize spam attraction.

Try this out for yourself. Set up your own laboratory, and learn to love spam! The Internet is truly a wondrous ecosystem composed of the most fabulous creatures – spam is just one. It’s fascinating getting to grips with their Natural History.

This all came about following a discussion over a Starbuck’s latte on these and other Internet myths, which I was having with one the GCIT students, Heemanshu Jain. We’d just come from a seminar at LSE given by the founder of a successful Social Network. The entrepreneur had described how serendipity had played a large part in his success; a survey undertaken among his smallish network had been picked up by the international press during the ‘Silly Season,’ and the membership consequently exploded.

That got us to thinking about how ideas percolating on the web generating relatively little attention can suddenly become coherent and reach a critical mass, exploding into the general consciousness. Heeman and I bounced a number of ideas around – everything from why Google, Facebook, Amazon and e-Bay should become successful, and why similar sites should fail, to the ubiquity of spam. We were only too aware of the coherent urban myths out there that have absolutely no basis in fact. Hence we decided to undertake some simple experiments, starting with the humble spam.

We soon saw the sheer scale of the problem, and recognised the potential of setting up a blog (under the name WebCoherence) to invite fellow travelers with a similar fascination in how the web works, and how various web phenomena become coherent, to join in the experimentation.

We’ve still to work out the practicalities, but if we can interest a large enough number of people, then we can focus ‘The Human Computer’ at the issue, and find out some very valuable statistical information about the reality of how the web operates.

 Come and join us!

WebCoherence has concluded from its experiments that leading Email companies including Gmail (owned by Google), Yahoo Mail (owned by Yahoo) and Hotmail (owned by Microsoft) do NOT gratuitously circulate user email addresses to potential marketeers. It is often the users themselves who invite spam into their mailboxes because of their uninformed actions. WebCoherence, therefore, has recognized the need of educating users so that they improve their internet usage in order to attract less spam.

One of the key reasons for receiving spam is because users leave their email addresses on the public world wide web. They list their email addresses on websites, blogs and fora. These public places on the internet are readily accessible by crawler programs searching for live email addresses. Some companies collect email addresses in this way, selling them on to anyone willing to buy – spawning the spam.

If you wish to avoid spam, it is advisable never to leave your email addresses on the public world wide web. Of course there are times when you need to be contacted, and in such situations it is advisable either to leave a free ‘throwaway’ email address that you discard after having received the required reply, or to use the following format:

username [at] domainname [dot] domain extension

for example: John_Doe [at] webcoherence [dot] org

Or you could use other special characters:

John_Doe +@+ webcoherence +dot+ org

John_Doe {at} webcoherence {dot} org

Recipients find these alternative formats easy to understand, whereas most crawlers will overlook them. Consequently you can expect less spam.