Spamming is a numbers game. The more you send out the greater the probability that someone is going to open, read or act on the contents. It's all about arithmetic. The evil spammers are playing a numbers game. For them it's not personal, it's business. If you send out eight million emails there's a far greater chance of some "mug" opening one than if you only sent  a hundred. The more emails you send  the more successful you'll be.

The spammers use increasingly sophisticated techniques to circumvent and confuse anti virus programs and avoid detection. You've probably seen some of these in your inbox. Emails, which contain strings of random words, where the text is written on a graphic, which contain graphics and words, which seem to come from yourself. They don't care who the recipient is, so you get young kids being sent links to pictures and sites "caligulinks") which are wholly inappropriate.

Worryingly there is also a trend to hijack genuine mail domains. I've had this happen to me twice on two different domains. Every email contains header information such as the reply to address, the sender address etc. It's very easy to forge email headers so they appear to come from elsewhere, a genuine source. All of a sudden you start to receive hundreds and hundreds of mail delivery system errors in your inbox saying the mail program wasn't able to deliver your message. You become inundated with bounced email messages, in addition to your normal quota of spam. Your mail domain can also be blacklisted.

Spammers have a number of distribution channels. These include free email accounts like yahoo and hotmail, hacked servers, relaying messages, mail servers purchased with stolen credit cards, your own PC infected with a worm or Trojan virus ("zombie PC's"), even that innocuous contact form you have on your website can have alternative email headers injected into it.

Your details can be guessed at, harvested by program crawlers, be purchased, stolen, or be already included in a "marketing database" (wow..., email advertise like this to 8,000,000 people - sound familiar?). Genuine database directories can be "scratched" for your information, as it's too readily accessible.

All companies seem to view the collection of your data as an asset but fail to adequately protect it. Web sites are designed so you have to opt out from mailing lists. The opt out buttons can even appear on each page of a multi page form. I did a double take when I saw this on the application form of a major UK bank. Spam can contain illegitimate "unsubscribe" links. When you click you're added to a database, your identity reduced to currency. Instead of reducing your spam your increasing it.

A report out today by IT security firm Sophos reveals that both the US Republican and Democratic parties distributed spam in the run up to the mid-term elections. Of course, we can't call it spam, as US political parties are exempt from legislation like the CAN-SPAM Act. Is this leadership? Sophos also reveal the top twelve "dirty dozen" spam producing countries.

Can we ever hope to do anymore than stay one step ahead of the evil spammers? There are a few actions we can take to help reduce the volume, they won't eliminate the evil

• Avoid email addresses that can be guessed easily like webmaster, sales, contact, info etc.
• Avoid "catch all" email boxes, basically you're saying yes to all sorts of combinations like a1aaa1azzzz1zaaaaa@yourdomain.com
• Use your full name in your email address separated with a full stop like firstname.lastname@yourdomain.com
• Always "munge" your email address if you're including it on your website, i.e. convert it into ASCII characters so instead of "m" you will write it's web friendly ASCII equivalent "&109"
• If you have a form to email contact form be sure to adequately protect it against attacks such as injecting new mail headers..
• Use a firewall
• Don't be seduced by the numbers game. Don't use broadcast email services to email millions of people ("wow..., email advertise like this to 8,000,000 million people" or "We will email advertise your web site to 8,000,000 people for free").
• Don't open spam. If you do open it do not act on its contents.
• If you run an affiliate program don't allow members to use it with email, certainly don't pay out if they spam.
• Don't feel you have to opt in to receiving product updates or anything else from legitimate businesses or even from free services you're signing up to. Opt out. Instead use RSS or Atom feeds to keep updated.
• Use an anit-virus program and keep your virus definitions up to date.
• Be like Google, "Do no Evil".
• Keep your operating system up to to date with security updates, not necessarily the optional ones. (read my blog on Internet Explorer 7)..

When a second domain of mine was hijacked, and I had time to calm down from the "web rage" I started to wonder if Don Corleone had a website....

If Don Corleone had a website, I imagined, just a small site he put together for the family. He had links to his favourite sites, an updated news section, and he even had a contact form. This internet thingy was a breeze. Then one day, after breakfast, he opens up his email and watches as hundreds of bounced email messages are downloaded to his laptop....

What would he do next?