Here are some things I've learned about spam which may be valuable to other people who want to bend the fingers of spammers back until you hear that satisfying click sound which tells you they'll never use a keyboard again. (loosely organized)
I live in the state of Indiana (confirmed by whois), with a bunch of people who have seen fit to elect a bunch of people who made this law. The effect is that compliant unsolicited commercial email to anything at my domain must include the text "ADV:" as the first 4 bytes of the subject header. Suffice it to say, I do not receive any compliant unsolicited commercial email.
Indiana's law provides a nice remedy. If you receive non-compliant unsolicited commercial email, you are eligible to receive presumptive damages of $500 per email from the sender. The great part is, I have cause for legal action. I do not have to become a supplicant of the state's attorney general's office, I can retain my own lawyer and directly take these scumbags to court.
I have accepted that there is nothing I can do about The Ultimate Online Pharmacy, but there is another group of spammers out there. This other company is Expedite SPAM SPAM SPAM. Here's some more information about them.
They harvest emails from WHOIS databases. They send the addresses on their mailing list about 2 emails a day representing a variety of clients, mostly above-board companies you may have heard of such as BMG Columbia House. Each email takes the form of a single text/html mime segment. The segment includes image links, a main redirecter link for suckers, a postal address for the client, and an unsubscribe link. The unsubscribe link does not work (I believe their justification is that you are only unsubscribing from that particular client). They have so far used the following domain names to host their redirecter:
I am attempting to obtain $500 from one of their clients located within the state of Indiana. I have been informed that the federal CAN-SPAM law legalizes spam of this form. Hopefully it cannot interfere in an Indiana-only dispute. Illinois has almost the same spam law as Indiana does, and Expedite Media Group is in Illinois. Surely the courts can see the intention of the people?
You can contact me at:
Within weeks of getting my new email address and using it only to correspond with actual human beings, I was deluged in spam. I eventually accepted that corresponding with human beings that use Windows is basically the same thing as corresponding directly with a spam cannon. Hooray. And fuck you too, ahem.
So I have tried to compartmentalize my spam problem. I use a different address with every company. I give ebay a new address and spamhole the old one every six months because their users are spammers (particularly this one). For personal correspondence I use a new automatically-generated address every day so I can selectively spamhole them. I haven't found a good solution to the joker.com problem -- I want to receive the emails they send me to tell me my domain is about to expire, but I do not want to receive the emails that you get just for having an address listed in a public whois database. *sigh*
Today I received spam on my Ameritrade email address. A real shocker because I've never contacted a spam cannon (er, human being) at Ameritrade, their privacy policy says they won't share my info with disreputable companies (does Ameritrade want to be sued for breach of contract?), the spam didn't comply with CAN-SPAM (does Ameritrade really want FTC attention?), and the spam also was about stocks (does Ameritrade really want SEC attention?). So I called them up and they told me to install ad-aware. Clearly, they aren't yet willing to accept that they have a problem.
I did a little research and I'm not the only one to have this problem with Ameritrade. It seems pretty clear that Ameritrade has been h4x3d, either technologically or through some slimy employee. It's hard to yell at the Ameritrade guy on the phone because you know, really, the victim here is Ameritrade. No one logged into my computer and stole my data, that's something that happened to them. But it makes me wonder if I should trust them with my money when I can't even trust them with my email address. But ultimately I know they will do whatever it takes to make sure no one steals my money, and in the end the fact that Joe Hacker knows that I own 42 shares of Jones' mutual fund doesn't really bother me.
The fact of the matter is that I've given lots of companies my email addresses, and not received spam from them. More and more of my monthly bills arrive by email. The question is...if I allow Ameritrade to continue to manage my investments even though I know of this failing on their part, will I begin to live in a world where it is just accepted that every corporation hires a number of bad apples and gives them database access? I guess that's already the world we live in, but MAN this Ameritrade thing actually came back to harm me.
Capital punishment for spammers! See how many people are willing to sell out their employers when the rotting corpse of their predecessor is hanging on a cross in the town square.
Update May 11, 2010: The following two companies have been spamming me for months despite repeat unsubscribe requests: Musician's Friend, and Active.com.