WizGidget

The problem is that about 1 in 20 people have a virus on their computer that collects email addresses.   When the virus finds a new email address in emails, it then targets that address with virus-infected email, trying to infect that person’s computer as well.   It also passes the address on to the virus’s author, who then sells the address to spammers.

When you send email with a bunch of addresses in the To: or Cc: fields, all those addresses are published to everyone who receives the email — including the virus.  1 in 20 means if you send the email to 20 people, you’re approaching 100% likelihood that all of those addresses will be compromised!

The same thing applies to addresses in the body of the message, or in any attachments.  They will be picked up by the virus too.

The solution is fairly simple:

1. If you need to send an email to a bunch of people, especially people who don’t necessarily know or email one another, use the Bcc: instead of To: or Cc:.  The B in Bcc means “Blind”, which means that the recipients don’t see  the list of recipents.
2. If you forward or reply to an email, be sure to strip out any email addresses in the body of the message you’ve included.
3. Be sure you have a good and up-to-date virus- and spyware-scanning software on ALL your PC’s.  You don’t want to be the unwitting stoolie for the cybercriminals!
4. When you get an email from someone who’s included zillions of people in the To: or Cc:, gently remind them that it’s a Really Bad Idea.  You may  refer them to this article by including the link http://www.wizgidget.com/typhoid.

If you think about it, this all makes good sense.  Let’s say I come across something  interesting or funny and email it to 5 of my friends.  Each of them in turn also thinks it’s worth passing on and they forward it to 100 of their friends.  500 people now have the first 6 addresses.  Then let’s say 100 of those people either like or dislike it and forward it to 100 of their friends.  Now 1500 people, mostly total strangers, have my address, along with my 5 hapless friends.  It’s about like having my email written on the walls of all the restrooms in Texas.  I don’t know about you, but I don’t want 1500 strangers to have my email address.  And the geometric progression goes on – 10% of the next round forwards it on, and 10% of the next round forwards it on.  Pretty soon everyone on the internet has my email address – including spammers, and cybercriminals.

So, don’t be the Typhoid Mary of the Internet.  Use the Bcc:, and be careful what you forward to friends, stripping out all addresses so that they don’t get propagated.  Educate your friends when they make the same mistake – it’s as easy as doing a reply-all and then move the addresses into the Bcc:, and give them the link to this article.

Update: 2010 04 09:
It’s fairly common for people to send an email to an email list such as a Yahoo! group, and copy some of their friends on the To: or Cc:.  All of the above caveats apply many times over.  For example, we participate in the Midtex Inclusive Homeschoolers Yahoo group, which has 285 members as of this posting.  The 1 in 20 rule says that there are 14 members of that group who have an email-collecting virus on their computer.  So, for a Midtex member to copy one or more of their friends on a message to the list, their friend’s email would now be compromised 14 times over, not to mention being published to 285 strangers.  Not very friendly, eh?

WizGidget