Address Munging FAQ: "Spam-Blocking" Your Email Address

From:  emailfaq@aol.com (Email Abuse FAQs)
Date:  10 Jul 2003 09:55:22 GMT
Last-modified: August 8, 1999


    Address Munging FAQ: "Spam-Blocking" Your Email Address

Version 2.01 changes
  - Fix example addresses
  - New Section:
       3b. Munging DOES NOT MEAN MAKING YOURSELF ANONYMOUS

DISCLAIMER: 
    This document reflects the opinions of the author.  This document
    is provided "as is" without any express or implied warranties.  
    While every effort has been taken to ensure the accuracy of the 
    information contained in this article, the author/maintainer 
    and/or contributors assume(s) no responsibility for errors or 
    omissions, or for damages resulting from the use of the
    information contained herein.

------------------------------

Subject: 1. Table of Contents

  1. Table of Contents

  2. Basics
   2a. Who is responsible for this FAQ?
   2b. What is the purpose of this FAQ?  
   2c. When was this FAQ last updated?
   2d. Where can I get it?
   2e. Credits & Contributors

  3. Definitions
   3a. What does 'spam-blocking' or 'address munging' mean?
   3b. Munging DOES NOT MEAN MAKING YOURSELF ANONYMOUS

  4. Actions
   4a. Why should I mung my address?
   4b. Why should I NOT mung my address?
   4c. How should I mung my address?
   4d. How should I NOT mung my address?
   4e. If I mung, when should I be sure to use my REAL address?
   4f. What else can I do besides munging to avoid junk email?

  5. Instructions for AOL members
   5a. How to do it
   5b. Suggested additions

  End of the Address Munging FAQ

------------------------------

Subject: 2. Basics

2a. Who is responsible for this FAQ?

  WD Baseley.  Use emailfaq@aol.com to contact the author regarding
  this FAQ.

2b. What is the purpose of this FAQ?  

  This FAQ is intended to be a concise discourse on "spam-blocking".
  Otherwise known as "munging", or breaking one's email address, this
  is usually done when posting to Usenet, for the purposes of avoiding
  junk email. It is very important to "mung" in ways that minimize 
  possible damage to third parties.  The author intends that this FAQ
  be understood without need of a doctorate in computer science.  
  Those desiring more depth and/or technical information should refer
  to the Email Abuse Resource List.

2c. When was this FAQ last updated?

  August 8, 1999.

2d. Where can I get it?

  The latest version is always available at:
  <http://members.aol.com/emailfaq/mungfaq.html>
  <ftp://members.aol.com/emailfaq/mungfaq.txt>
  It is also posted weekly to these newsgroups:
     news.answers
     news.newusers.questions
     news.admin.net-abuse.email

2e. Credits & Contributors

  The genesis of this FAQ was Gregory Byshenk's FAQ titled,
  "Help! I've Been Spammed! What do I do?"  Sundry other folk who
  have discussed, harangued, badgered, cajoled, and otherwise 
  assisted in bringing it to its present state, are held in 
  grateful regard by the author.

------------------------------

Subject: 3. Definitions

3a. What does 'spam-blocking' or 'address munging' mean?

  (Both terms refer to the same thing - from this point on, the author
  will use the terms 'mung' and 'munging' term to refer to the practice.)

  Address munging is the act of modifying one's email address so that 
  email sent to that address will not be delivered to the person doing
  the modifications.  Typically, this is done in posts to Usenet, in
  order to avoid receiving unsolicited commercial/bulk/boilerplate email
  (UCE/UBE).

  The Jargon File defines 'mung' as `Mash Until No Good', probably
  originating at MIT;  sometime later the recursive acronym `Mung
  Until No Good' became popular.  It means 'to make large changes to
  a file', or 'to destroy data either accidentally or maliciously'.
  It was probably derived from 'munge', which is why you will see both
  words used to describe the practice. Then of course there are the
  Chinese beans.

3b. Munging DOES NOT MEAN MAKING YOURSELF ANONYMOUS

  Trying to hide your identity by faking your email address simply
  does not work;  even an amateur detective can quickly identify the
  source of a message if the From: line is the only thing that's been
  tampered with.  It is possible to be truly anonymous when doing
  almost anything on the Internet, but it takes a lot more work than
  simply changing the From: line.

  Trying to hide from spammers by changing the "name" or "real name" portion
  of your posted address also does not work, because that part of the address
  has nothing to do with email delivery.  In fact, you should make it a point
  *not* to change your "name" if you decide to mung your address.  Many people
  on the Internet have a consistent name or handle by which they become known.
  Changing this part of your identity only makes you unidentifiable to people 
  who have come to know you on the net.

------------------------------

Subject: 4. Actions

4a. Why should I mung my address?

 - It is an effective way to avoid junk email.  

   Junk emailers "harvest" email addresses from Usenet posts.
   Most address harvesting software used by junk emailers does not 
   discriminate;  anything with an '@' sign is considered an address.
   By changing what appears in the From: and/or Reply-To: headers
   of Usenet posts, the amount of unsolicited bulk/commercial email
   (UBE/UCE) received drops considerably.

 - It is easy to do compared to other methods of avoiding UBE/UCE.

 - It lowers the percentage of good addresses harvested by the address
   thieves.

4b. Why should I NOT mung my address?

 - It breaks the automated 'reply by email' feature found in most
   newsreaders, forcing people to manually de-mung the address in
   order to email topical replies to your posts.

 - If you use the same software for Usenet and email, you will have
   to change the address regularly, to avoid sending regular email
   with a munged address.

 - It violates RFCs, the rules upon which Usenet is built.

   (It should also be noted that munging does not automatically cause
   messages to bounce back to junk emailers;  if you are considering
   munging for this reason, you would not accomplish your goal.  Also,
   depending on what and where you post, a junkster *may* take the
   time to manually de-mung your address, just for spite.)

4c. How should I mung my address?
   (AOLers! Be sure to read Section 5, "Instructions for AOL members")

 - IMPORTANT!  Make sure that modifications to your email address do
   not violate any of the policies of your service provider!

 - Be creative with your mung, and change it often as well.  
   These steps will prevent harvesters from picking up on patterns,
   and possibly changing their software to defeat them.

 - Make it obvious to humans.
        DO: yourname(AT)example(DOT)com
        DO: yournamZ@ZxamplZ.nZt (Replace Z with E)
        DO: yourname@example.invalid 
             (use ONLY .invalid to do this!)
        DO: see_my_sig@for.my.real.address
     DON'T: yourname@foo.example.com

 - If you decide to add a "spamblock" to your existing address, put
   it on the right-hand side of the @ sign.  This avoids making your
   provider's email server handle undeliverable mail.  Also, you want
   your mung to affect the rightmost portion of the domain name;  if 
   you add something after the @ sign, many times the email will be 
   delivered anyway.
        DO: yourname@example-REMOVE_THIS-.com
             (be sure to read Section 4d!)
        DO: yourname@example.invalid
             (use ONLY .invalid to do this!)
     DON'T: yourname-SPAMBLOCK-@example.com

 - Tell folks how to de-mung your address somewhere in your message.
   The signature (sig) that gets added to the end of each message is
   a good place to do this.  
     DO: "To reply via email, remove '-REMOVE-THIS-' from my address."
     DO: "Real address is myrealname AT example DOT com"
     DO: "Replace all the Z's with E's to reply"
     DO: "Replace 'invalid' with 'net' to reply"

   NOTE: DO NOT put a directly usable address in your sig, because
   many harvesters collect everything with an @ sign in it.
       DO: "Send email to myrealname; ISP is example DOT com"
    DON'T: "Real address is myrealname@example.com"

4d. How should I NOT mung my address?
   (AOLers! Be sure to read Section 5, "Instructions for AOL members")

 - IMPORTANT!  Do not make up domain names!  Most of them actually
   exist, and your fakery could cause them a lot of woe.  Certain
   domains are already virtually useless because of folks using them
   in mungs and forgeries.  Plus, new domain names are being added all
   the time, and you never know if someone might want to use your mung;
   your actions today -do- have an effect on the future!
   It is almost as harmful to add something directly after the @ sign, 
   and doing so may not prevent the delivery of messages anyway.
     DON'T: yourname@NOSPAM.your-isp.com
     DON'T: yourname@REMOVE-THIS.com
     DON'T: yourname@your-isp.ORG (instead of COM)
        DO: yourname@your-isp.INVALID 
            (Use -only- .INVALID to do this!)

 - Do not use a totally faked address, especially one that looks real.
     DON'T: not-your-real-name@some-other-isp.com

 - Do not make it *too* obvious by using a 'standard' mung.  Invent
   your own, or choose an unusual one of those you have seen.  If
   everyone uses the same mung, it becomes easier for junk emailers
   to strip them out.
     DON'T: yourname@example-NOSPAM-.com
        DO: yourname@exampleDO-DO-DO.comDAH-DAH-DAH

4e. If I mung, when should I be sure to use my REAL address?

 - When sending email.

 - When subscribing to a mailing list.

4f. What else can I do besides munging to avoid junk email?

 - Ask your provider to give you the option of having the most
   egregious junk emailers blocked by them.

 - If your ISP/domain offers one, you can use a "spam sink" address;  
   all email to this address should be deleted, unread, by your ISP.
     EX: devnull@example.com

   NOTE: Usenet conventions allow topical replies to posts, so if
   you choose this you should include a usable address somewhere in
   the message.

 - Use filters to sort email either at the server or after it has been
   downloaded to your machine.  Most standalone email software
   includes filters, and some of them (notably Pegasus Mail) are free.

   Those who have shell accounts, or server access, can use a Unix
   tool called procmail to handle messages as they arrive at the
   server.  Filtering rules can be VERY simple and still be effective.

------------------------------

Subject: 5. Instructions for AOL members

  AOL members can add characters to the end of their address as it 
  appears in Usenet posts.  Here's a before-and-after example:
   BEFORE: emailfaq@aol.com
    AFTER: emailfaq@aol.com.if.you.spam.me.you.suck.rocks

5a. How to do it

  - Go to keyword "newsgroups" (no quotes)
  - Click on "Set Preferences"
  - In the box labeled "Junk block", add the text you would like
    to append to the end of your address
  - In the box labeled "Signature, be sure to tell people how to
    fix your address, or what your replyable address is. (You can
    also add other stuff to your signature, but you should keep it
    to 5 lines or less in length.)
    EX: "My real address is emailfaq(AT)aol(DOT)com" 
        "Remove 'p.mil' from my address to reply"

5b. Suggested additions

 (be sure to include the periods!)
  - .oops!.invalid
  - p.mil
  - monly.anti.spam
  - .take.a.hike.spammer

------------------------------

Subject:  End of the Address Munging FAQ

------------------------------