I received a suspicious email yesterday. It had all the earmarks of spyware / malware / spam: cryptic subject ("Electrician in your area"), no message text, Microsoft Word document attached, and a cute picture of a cartoon pig. Normally I delete these immediately. But I noticed the distribution was only to a few email addresses, all of which I recognized as neighbors.

So I opened it...carefully. The email attachment was a legitimate, though amateurish promotion for a local small business. I assume the author, whose name I did not recognize, is someone I know or have had contact with. So, foolishly being the helpful person I am, I tried to explain to them the multiple mistakes they made that potentially did more to damage the business they were promoting:

Can I make a suggestion?

Don't send promotional emails with pointless graphics in them. It looks like SPAM, it smells like SPAM, and it tastes like SPAM. Only after scanning the attached file for viruses and spyware would I open it to look at it. I typically don't take the time to do this. I only looked at it because I recognized other email addresses on its distribution.

Don't send promotional information in Word documents. They are notoriously dangerous for things like macros viruses.

Don't send emails to people who don't know you without some introduction, especially if the email includes graphics and attachments.

Don't send unsolicited commercial email (SPAM) to people with whom you do not have an established business relationship. In general it's a bad idea and typically violates the Acceptable Use Policy with your Internet Provider - you could lose your ISP account if enough people complain.

Bottom line: your email made me highly suspicious. You're not doing NAMEWITHHELD any favors with this approach.

Now, that may not seem to be the most friendly response in the world, but understand that I filter out several hundred spam emails a day from people like this. The only difference between the latest SPAM email for porn, male enhancement, or prescription drugs and this one is the number of recipients and the product.

But like I said, this was probably from someone I knew, so I decided to help them be more effective next time and avoid losing their email account for violation of their Acceptable Use Policy.

What I got in return:

Just delete it, you don't have to be an A-Hole.

WTF? Let's see: they sent me SPAM. But rather than report it to their ISP I tried to coach them. OK, the message wasn't all goodness and light, but the sender is a spammer, and spammer's are one evolutionary step above the slime that calls you during dinner. There is little difference between them sending me an ad in email and calling me on the phone. Their attitude implies that I should simply hit DELETE 400+ times a day for every SPAM email that would arrive in my inbox, had I not taken extensive steps to filter them out.

At this point I'm fuming. They wasted my time by sending me spam, I wasted more time trying to "help" them, only to be called an "A-Hole". Now I report them to the abuse address at their ISP, having met with resistance taking the "nice" route.

Every internet domain should have an abuse mailbox. It's generally considered good form and some ISPs will block email from your domain if you don't have one. The format of the address is " This e-mail address is being protected from spambots. You need JavaScript enabled to view it ". Another good email address to use in times like this is " This e-mail address is being protected from spambots. You need JavaScript enabled to view it ". I emailed both.

I also checked out the web site and discovered that it belongs to a business that has nothing to do with the business being promoted, promoting businesses, or providing internet services. In other words, this person, exercising extremely poor judgment, used their business email account to send unsolicited commercial email (SPAM) for an unrelated business. That is one of the fastest routes to a pink slip. At the very least, use of a business email account for personal email is misuse of company assets. Using it to send SPAM is an egregious breach of IT policies for the vast majority of employers. Not only is it a misuse of company assets, the act of sending SPAM from the employer's domain could cause the employer's email server to be blacklisted, resulting in a loss of business.

The lessons in this:

- Don't use your corporate email account for personal email

- Be aware of corporate policies with regard to the use of email

- Never, ever send unsolicited commercial email

- If you do something stupid and someone corrects you, don't read hostility into the response. Consider your actions and their impact on others, then apologize and move on.

Update

Since about 2PM on the day this occurred, my "throw-away" email address, which was used by this person to email me, has been getting subscribed to various email marketing lists. Proof that this is someone who knows me doing this is that they used my name and address (unheard of with any automated SPAM methods). Unfortunately, this childish person, who first sought to SPAM people they knew to help out some small business, is now facing having their ISP account revoked (I have the IP address used and it belongs to a small local ISP and have contacted their ISP), legal action for harassment, and the loss of her job.

Do not make the mistake of assuming that the Internet provides anonymity - it does not. Everything you do is traced or logged somewhere...it's simply a matter of connecting the dots.