The E-mail Conundrum

Observant visitors to the beta for Nuketown’s redesign site will note that I’ve removed all of the e-mail addresses from the site. You can still contact me via Nuketown, but you’ll need to do it via a Web-based form. Even fiction and non-fiction queries will be handled through a form rather than by an e-mail address.

Why? Spam and viruses.

For the last year, Nuketown has been inundated with them, and at this point upwards of 75% of the e-mail I receive is spam, viruses, or virus-inspired bounce-back messages. In the course of just four hours yesterday afternoon, my main “knewquist” account received 36 legitimate e-mails while simultaneously receiving two viruses, 41 virus-inspired bounce backs and 87 spams. Between all of my Nuketown e-mail accounts, I received 34,483 viruses/spams between June 1 and June 24. Hell, my “root” account — the one that gets all the spillover e-mail from Nuketown accounts that don’t exist — got 996 spams between June 20 and 24. Unbelievable.

Why do I get all this crap? Well, there are a couple of reasons.

  1. I haven’t taken many anti-spam measures on Nuketown, and no doubt the spammers have done a damn good job of scooping up my addresses from those Web pages.
  2. I haven’t done much to hide my e-mail addresses from spam harvesters on sites outside of Nuketown — it’s my account for public message boards as well as the one I list on my freelance articles.
  3. The current generation of viruses propagate (in part at least) by e-mailing themselves to everyone in a person’s address book, while simultaneously harvesting e-mail addresses from their browser caches of their victims and then using those addresses as well. This is where #2 proves to be an even bigger liability — quite a lot of people visit Nuketown, and far more visit, where I’m a frequent contributor. My “knewquist” account is all over both of those sites, and as a result, making them easy targets for cache culling by the viruses. I’m not sure, but I think that the viruses that turn machines into spam zombies use a similar technique.

I have an excellent spam filter in the form of Apple’s program, but the volume of crap is starting to overwhelm it. Worse yet, when these virus/spam zombies spread they forge the “from” fielding the messages they generate. I’ve received dozens of e-mails allegedly from my own account, and I hate to think of how many people out there have received similar messages with my e-mail in the from field.

Clearly, the time has come to take evasive maneuvers.

Engage Cloaking Device

I am not so naive as to think that I could possible rescue my e-mail addresses form the spammer horde. Given the cross-pollination between spammers, even if I could suddenly wipe my e-mail addresses from the Web, my addresses would still be in circulation. However, it’s my hope that by taking the addresses off of Nuketown, I may be able to make a dent in the virus e-mails I receive.

Further, by moving to forms-based communications, I can build in keywords to the subjects of the messages those forms generate, and then flag them accordingly when they arrive in my e-mail client. That step alone should reduce the chance that I’ll miss a message from a reader. Correspondence with writers will still take place via e-mail, but they’ll only get access to Nuketown‘s e-mail addresses once they’ve queried.

Of course, my e-mail addresses are still out there on, SF Site, the UseNet and myriad bulletin boards, but hopefully scaling back on my Nuketown exposure will at least make a dent in the amount of crap I receive.

My other strategy for dealing with this is even more radical: relegating my current addresses to “public” status, and then creating new e-mail addresses specifically for correspondence. So I’d have a “knewquist” account that I used whenever I was required to register for something, but then use a second personal account that wasn’t widely circulated for conversing with editors, friends, and people I know. Ditto that for the various public “Nuketown” accounts (i.e. “editor” and “fiction”, which are the ones that get hammered most). The problem with doing that, however, is that it could create confusion between the accounts, with friends sending messages to the old account or (worse yet) editors mistakenly posting the “private” address instead of the “home” address. With the former, I can create e-mail rules to make sure that messages from people I know get dumped into the proper folder. With the later, well, it’s probably inevitable that these private addresses will get hijacked, but hopefully that’ll take a while.

Incidentally, spammers/script kiddies are on of the reasons you won’t find comments on the new Nuketown. I’ve seriously thought about adding them, and still hope to, but it’s something that needs careful consideration and implementation.


The other thing I’d like to do — though I don’t know if I’ll have the time — is to launch a counterattack against the generators of all this net flotsam. I’ve taken a few cracks at this by looking at the raw source of the message to try and puzzle out the true origin of the e-mail and then contacting its host domain.

That technique has yielded results — I was able to get at least one virus machine shut down by doing that — but it’s time consuming. There are anti-spam organizations out there as well, and I’m considering joining up with them and reporting the worst of the spam to them.

Of course, neither technique will have any great impact on the amount of spam I receive, but it’d be nice to at least try and land the occasional blow for the forces of good.