According to a new study released today by the Federal Trade Commission, spammers continue to harvest email addresses from public areas of the Internet, but Internet Service Providers’ anti-spam technologies can block the vast majority of spam sent to these email addresses. The FTC staff report also found that consumers who must post their e-mail addresses on the Internet can prevent them from being harvested by using a technique known as “masking.”
The agency studied three aspects of spam: e-mail address harvesting – the automated collection of e-mail addresses from public areas of the Internet; the effectiveness of spam filtering by ISPs; and the effectiveness of using “masked” e-mail addresses as a technique to prevent the harvesting of e-mail addresses.
To conduct the study, FTC staff created 150 new undercover e-mail accounts – 50 at an ISP that uses no anti-spam filters and 50 each at two different ISPs that use spam filters. They then posted the e-mail addresses on 50 Internet sites, including message boards, blogs, chat rooms, and USENET groups where spammers might go to attempt to harvest the addresses.
The study concluded that spammers continue to harvest e-mail addresses posted on Web sites, but addresses posted in chat rooms, message boards, USENET groups, and blogs were unlikely to be harvested. “Indeed, some chat room operators took proactive measures to prevent the harvesting of e-mail addresses posted by the FTC staff,” the study says.
After a five week trial, e-mail addresses at the unfiltered ISP received a total of 8,885 spam messages. At the end of the same period, email addresses at one of the ISPs that uses filtering technologies received a total of 1,208 spam messages, and email addresses at the second ISP that uses filtering technologies received a total of 422 spam messages. The filter of the first ISP blocked 86.4 percent of the spam, and the filter of the second ISP blocked 95.2 percent of the spam.
The study also tested whether using “masked” e-mail addresses prevents the harvesting
of e-mail addresses and consequently reduces spam. “Masking” addresses involves altering an e-mail address to make it understandable to the recipient but confusing to automated harvesting software. For example, an e-mail address such as email@example.com could be altered to appear as john doe at FTC dot gov. The study found that masking e-mail addresses was very effective in thwarting harvesting. After five weeks, unmasked e-mail addresses had received more than 6,400 pieces of spam, while the masked e-mail addresses had received only one piece of spam.
The study concluded that consumers who must post their e-mail addresses on Web sites can reduce the risk of having their e-mail address harvested – making them a target of spammers – by masking their addresses. It also demonstrated the effectiveness of ISPs’ spam filters.
To learn more about safe surfing, visit www.OnGuardOnline.gov.
Copies of the study are available from the FTC’s Web site at http://www.ftc.gov and also from the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580. The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.