Hi from DC. I'm taking a break from the FTC Spam Summit 2007 to swap laptop batteries and check email.
Just as I got back to my hotel room, I got a page from a monitoring script I had set up. One of my spamtrap mailboxes was almost full and needed housecleaning. I logged in, and with the push of a few buttons, I emptied out the account (hey, there's always more spam) and turned the monitoring back on.
For the 30-60 seconds it took to empty out the mailbox's trash folder, I received 32 new spams. Click delete all, empty it, go back to the inbox and bulk folders, and I had 6+26 new messages. Man, I get a lot of spam.
A lot of discussion surrounding harvesting is taking place this time around. I am strongly anti-harvesting and it's clearly a bad practice. So, great. But harvesters are fairly easy to catch, and Project Honeypot seems to be spending significant effort going after them, so I wonder if this is something that really needs to be discussed in so much detail. Harvesting bad, check. What's next?
That's not to say that you shouldn't still protect your email addresses when putting them out on the web. On a whim, I had set up a special email account with a tagged address that I put only on one website back in May. After a couple days it started getting spam, and from May 26th through today, that address has received 189 spams. Man, what a pain.
But, as Suresh Ramasubramanian of Outblaze, and others have pointed out, keeping your address off the web doesn't prevent you from getting spam. You mail a friend, that friend's computer gets infected with malware, and that malware scoops all the email addresses it can find out of your friend's address book, and suddenly you're getting pharma spam served via botnets.