Notice to spammers and advice for spammees:
Since spammers have limited attention spans I'll speak to them first. 
Spammees can click here to skip ahead:

Adding my own: Spammers don't care.
   They will destroy any resource, tell any lie, burn any bridge-- one spammer sold out his own parents-- to keep spamming.  They don't care who or what they permanently damage in the process.  To back that opinion I offer the following, originally written by William R. James, southern gentleman and webmaster of Spamreaper.org, reprinted without permission (somehow I don't think he'll mind):
 

Thank the Spammers Oddly enough, I remember a time when closing a relay was considered extremely rude. In the early days of the Internet, everyone who connected to it took some responsibility in helping to ensure that all the Internet's traffic was routed to its destination. Some places had better connections than others and some connections were unavailable at times for various reasons. So part of connecting your machine to the network was sharing the load and donating little bits of bandwidth here and there so the Internet ran smoothly for everyone. Relays were important because sometimes a user's home server was unavailable. Then came the spammers. Because they abused the relays, like they abuse everything else, the relays had to be turned off. They found that they could abuse the relays and cost others hundreds or even thousands of dollars, but it prevented them from losing the $10 dialup account or free NetZero account. It's like a thief who steals a $1000 wedding ring with priceless sentimental value just to sell it for a $20 cocaine fix. Old software which ran perfectly well had to be replaced just to close the hole which was so important to leave open before. Yeah, thank the spammers for that. But that's not the only thing the spammers have ruined. Free ISPs were growing. These services weren't perfect, they came with ads which were intentionally in the way, but that paid for the service, so it was OK. Over all, NetZero's service was actually pretty good even if it did have that open window in the way. But spammers learned that they could abuse those too, and their mind-set is "abuse it quickly before it goes away" knowing that the abuse is what will make it go away. But each spammer wants to be the one to milk it dry before the next spammer does, and all of them combined make it useless. Thanks, spammers, thanks a lot. Try querying any database which has email addresses anywhere in it. They have to either make it pay only, or make you type in something associated with an image before you can retrieve data. Why? Because spammers found out there were valid email addresses in them and started hammering the servers with automated software, grabbing the entire database, using up all the bandwidth 1000 times over, just to harvest a handful of addresses from it to abuse as well. So to defend themselves and keep their servers from crashing, database owners had to make it impossible to query automatically. Thank the spammers. And let's not forget Usenet. Munging addresses was once considered blatant abuse. Now very few people post with a valid address. If you want to discuss something off-line or off-topic with a poster, you either can't do it via email or you have to manually "decode" and type in their address. Thank spammers for that too. The spammers claim to be running legitimate businesses, but legitimate businesses who ask for email addresses when you download their product get 99.9% garbage addresses now. Sign up for anything online and you have to use an email address which you don't expect to keep. The trust is rightfully gone. Again, that's something else for which you can thank spammers. If you happen to run an authentic, legitimate business, you can't even post your own email address on your web site anymore. If you do, any addresses you publish for use by customers are instead harvested and added to thousands of spammers' lists. They become no longer usable in a very short time. So even though it may mean fewer orders, and the customer has to type more and may lose trust in your business because you can't give them an email address, you have to use contact forms and hide your address. Thanks, spammers. And what about those contact forms? They are also targets for abuse by spammers. Spammers go to a lot of trouble to find web forms with security holes they can exploit so they can send their spam through your server. You pay for the bandwidth. You get blocked. You maybe even lose your web hosting. But the spammer got a million spams through before it was knocked down, so never mind the cost. It was "free" just like the spamming ads say. Thank the spammers for that too. How about dialup pools? Many ISPs use them. You might be using BellSouth, Earthlink, NetZero, Tekplex or any one of the others and dialing into the same pool of modems. One spammer might abuse that so much that others have to deny emails from the pool just to protect their systems. But the spammer got his unsolicited and unwanted garbage sent out while it lasted, so he's happy even if everyone else is now having problems in his wake. Thank the spammers for that one as well. If you email from a server with a dialup connection, much of the world will not accept your email even if neither your server nor any other server in your network block has ever been used for spamming. But it's impossible to know in advance that it won't be, so ISPs almost never allow mail servers on dialups. So no matter how legitimate, you can't operate a mail server without a permanent connection.  Thanks, spammers. AOL announced a few days ago that they finally hit the "one billion emails rejected" mark. In one day they dumped over a billion spams  from their servers. And that doesn't include the spams which got through to their customers. AOL estimates that something like $5 per month of each user's fee goes to pay the costs of handling the bandwidth and other associated costs of handling all the spam. Gee thanks, spammers! And what of freedom? It's becoming less and less acceptable to use anything online without constant monitoring by someone, be it an ISP, a government agency, or merely a librarian. If you want to use a computer online, you have to ID yourself. Your actions have to monitored to an increasing degree. Will the day come when government reads all your email and decides your rights online? Perhaps. When that day comes, thank the spammers for it. And you wonder why I fight the spammers? I wonder why you don't. Not necessarily you specifically, but the millions of users of the Internet. If only 2% fought them hard, if only 10% of the ISPs blocked ALL traffic to and from spam friendly hosts (not just email, but web pages too, for example), the spammers would have no one willing to connect them. So why isn't that happening? Have people become such sheep that they just accept abuse and the concept that ruination is the natural path? Or are too many people just too lazy to become involved? I'm not sure. Whatever the cause, there will always be spammers and similar thieves looking for a quick buck, and unscrupulous ISPs willing to cater to them while they abuse if they can get away with it. But when email is no longer usable, when people have to go back to long distance telephone bills or carrier pigeon, thank the spammers. Then again, thank those who were willing to do business with the spammers, buy their products, sell them connectivity, and host their web pages. Also, thank those who looked the other way and continued doing business with the ISPs who harbored the spammers. Is that you? If so, thanks. Thanks a lot. I hope whatever you got from it was worth it. William R. James March 8, 2003

Pro-spam bull-oney: Some of the rationalizations and outright lies spammers use to defend their anti-social activities: "Spam is just advertising, like ads in magazines or on TV!"    Ads in print media help underwrite the cost of producing the media.  What you pay for a morning newspaper essentially covers only the delivery costs, most of us probably couldn't afford what an ad-free paper would cost.  Ads in broadcast media pay the considerable costs of production and broadcasting.  Ads on commercial websites keep them free for the browsing.  Advertising in/on traditional media is symbiotic, the medium couldn't exist without it.  Spam, on the other hand, is parasitic, putting increased demands on the host without providing any sort of benefit.  The very real costs of increased bandwidth and storage that email providers need to handle the load that spam imposes are passed onto their customers.  It's estimated that 1/4 to 1/3 of what you pay for internet access is due to spam.  If you use AOL, for example, about $4 of your monthly bill is to cover the problems caused by spammers.  NEXT! "Spam is like junkmail."    Only if junkmail came postage due.  If the postal service had the same economic model as internet  email so called "junkmail" would've been outlawed centuries ago.  The postal service makes a profit on junkmail, it can be argued that this profit helps underwrite the cost of first class postage.  In addition,  junkmail has real per-copy costs to the sender- printing, postage- which serve to limit its volume.  With email, though, the opposite is true-- there's little difference in cost between sending 100 and sending 1,000,000.  The incentive then is to indiscriminately send as many as possible.  NEXT! "Spammers create jobs!"   So do drug dealers... so what?  NEXT! "Spam is cost effective advertising!"    It only looks cost effective because the brunt of the costs are borne by the recipient's email provider and ultimately by the recipient.  With a response rate of roughly 1 in 1,000 (and falling), spam is "effective" only in huge volumes.  NEXT! "What's the big deal?  Just hit delete."    ...and delete and delete and delete and delete... Email was created as a one-on-one communication medium, it simply doesn't scale as a broadcast venue.  There are some 23,000,000 commercial/ religious/ charitable entities in North America.  If 1% of them sent you one email per year it would amount to over 630 spams per day.  That's a lot of just-hit-deleting.  Look at it this way-- if each one was a conservative 5 Kbytes in size that's over 3 megabytes of spam to download... about 10 minutes  through a dialup internet connection.     Between my various email addresses I have to deal with a paltry 2 dozen spams per day.  I say paltry because one of my co-workers receives anywhere between 150 and 200 spam messages to his work inbox every day.  Since it's his work address he is obligated to open every one of them for fear of missing something business related.  Assuming that it takes 10 seconds to open and make the spam/not spam determination, that's about a half hour per day spent dealing with spam.  Over the course of a year that adds up to over 130 hours-- 3 1/4 standard work weeks-- spent "just hitting delete"... and that's just one person.  It's estimated that just hitting delete costs U.S. businesses billions of dollars per year in lost productivity.  That is indeed a "big deal".  NEXT! "It's freedom of speech!  It's my right under the First Amendment!"     Or as one spammer so memorably misspelled it, "frea speach"...  Ignoring the fact that the majority of people on the internet do not reside in the United States and are therefore not within the jurisdiction of the U.S. Constitution, anybody who thinks the Bill of Rights guarantees freedom of speech wasn't paying attention in their junior high Civics class.  Read it for yourself: "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."     Nowhere does it say or even imply that you have a "right" of free speech, only that Congress can't interfere with it.  Congress... cee-oh-en-gee-are-ee-ess-ess, Congress.  First Amendment freedoms exist only in public venues.  With a handful of very narrowly defined exceptions they exist on private property only at the whim of the property owner.  Don't get me wrong, you'll find no bigger supporter of freedom of speech or the Bill of Rights than yours truly, but I'm an even bigger supporter of "my house, my rules".    You have no freedom of speech or religion or assembly or the press or redress of grievance in my home... nor I in yours.  Never have and never will.  The only freedom you have in my home is the freedom to leave.  Maybe "Congress" can't suppress free speech but on my property Isure can.  So can internet and email providers, ISPs are not "common carriers" and the internet is not public domain.  Nor is it owned, operated, or controlled by the government of the United States or any other country.  The "information superhighway" is not a public thoroughfare, it's a conglomeration of interconnected privately owned and operated tollroads.    My computer is very much my property-- I built it from scratch.  I spent the time to learn the terminology and the technology... I agonized over compromises of bang vs. buck.  I earned the money to buy the components and spent the time shopping for them.  I assembled it, I bought the software licenses, I spent hours formatting and configuring and tweaking.  In addition, I pay for my internet service and I pay for the phone service it piggybacks on.  You have no more "right" to use them for advertising than I have to paint a sign on your house or erect a billboard in your yard.    Oh, and by the way, the "spam is free speech" argument was shot down in court years ago (Cyberpromo vs. AOL)... but you knew that didn't you?  NEXT! "This message complies with the CAN-SPAM act and therefore is not spam"    I have yet to see this appear in a spam that actually is CAN-SPAM compliant, but that's another story--  If it's [unsolicited AND (commercial OR promotional OR bulk)] then it's spam as far as I'm concerned.  CAN-SPAM was pushed through Congress at the behest of the DMA to pre-empt what would've been some truly effective anti-spam legislation in California, as such it's all but worthless in deterring spam.  I don't give a boca de raton what Congress or the DMA or anyone else has to say about it, until they give me a computer and pay for my internet access they have neither the right nor the ability to define what is spam in my inbox.  The issue is consent, not content.  Repeat after me; "CAN-SPAM compliant spam is still spam."   NEXT! "We don't want to send email to anyone that doesn't want it!"    Don't pee on my leg and tell me the dam broke... If that were true I wouldn't have an inbox full of spam for "\/1@gr4"... I wouldn't be seeing random character strings (hasbusters) in the Subject lines or bodies of my email... If that were true spammers wouldn't spoof header information... If that were true, spammers long ago would've adopted the simple expedient of putting "ADV" as the first three characters of the Subject field... If that were true spammers wouldn't have partnered with criminal hacker gangs to create and distribute backdoor trojans... If that were true... oh, do I really need to go on?  NEXT! "AOL shows ads as soon as you log on, I'm just trying to level the playing field."    I personally don't understand why anyone would pay almost $25/month for dialup internet nowadays.  Toss in another $20/month for a dedicated phone line... ouch!  My DSL broadband access is $15/month and doesn't tie up a phone line.  But I'm not here to bash AOL. Advertising on websites, and AOL's browser homepage is just another website, is not spam nor is it parasitic and therefore irrelevant to any discussion about spam.     Anyone who is unhappy with their internet service can go to thelist.com and shop around for another provider... like the ads say, there' s only one internet.  NEXT! "Spamming is not illegal!"    False to fact... Ignoring the fact that most spam is sent through trojan-compromiised computers.  Ignoring the fact that the subject of the spam is likely to be an outright scam (phish, 419, advance fee lottery, pump & dump) or illegally hawking prescription drugs, bootleg software, or counterfeit watches, spam itself has been ruled to be theft by conversion and criminal trespass to chattel.  In one civil case that I know if it was also determined to be in violation of the Telephone Consumer's Protection Act (TCPA).  Yes, I can cite on that if necessary.  Additionally it's against the Terms of Service and Acceptable Use Policy (TOS/AUP) of virtually every internet provider.  Spammers see laws and contracts as something to pay attention to only as long as it's convenient.  They understand from the outset that they'll lose accounts, they consider it a normal cost of doing business.  If you've ever read spammer fora such as specialham.com (now a "members only" site) you've seen for yourself what low esteem spammers have for contracts and laws.  Remember that we're discussing a "profession" that depends on stolen, hijacked, or otherwise illegally obtained resources to exist.     It's not a coincidence that pump & dump spam is on the rise.  It doesn't matter what tricks and obfuscation spammers use to get their spam through blocklists and filters, nor does it matter what kind of redirect games they play to hide it's true location, if they're going to make any money they have to have a relatively static mothership site to take the orders.  It's getting harder and harder for spammers to find hosting for these that will stay up long enough for them to profit, and more and more spammers are getting sued or jailed and put out of business.     Pump and dump spam doesn't require a home site.  The idea is to buy a quantity of a penny stock, then send out "the pump" like this actual sample (company name XXXXX'd out), which was sent through a trojan compromised DSL computer in Korea: This stock is poised for a HUGE BREAK OUT, because of the low price, and  recent news. XXXXX could be one of the 1,000_%_gainers we are all talking  about later this year.Last time this was on HIGH_ALERT it went up over 120+%. We Expect More this Time!!    It's the scam/spammer's hope to create a short-lived blip in the the stock's price.  In a day or two when the price goes up the spammer sells off their shares (the "dump") and reaps a tidy profit leaving the suckers who fell for it holding the bag.     The "beauty" of this scam is that it's extremely difficult to trace and prove.  The good news is that it's gotten so blatant (I recieved 9 identical to the one above on the same day) that it's attracted the  attention of the FTC and SEC.  Government investigations move slowly but I do expect to see some high profile busts in the not too distant future.     If spam were so legal, spammers wouldn't increasingly be stooping to blatant cons... NEXT! "Spam is environmentally friendly."   Or as spammer Ronnie Scelson so articulately put it, "atleast with spam theres no trees dieing or chemicales put in the are"   Yeah, I'm sure Ronnie got into spamming to save the planet...  Actually this standing joke started as a posting to www.insidetheweb in January of 1998 allegedly by Duane Patterson, owner of Patterson Research & Recovery, stating that anti-spammers were funded by Big Lumber.  He gave "facts" and figures about how spam was cutting into direct mail advertising, which reduced the demand for paper and thus was costing lumber companies money.  He also stated that as soon as his investigation was complete he'd make the info public.  That was over 7 years ago... Read the whole thing here, it's a hoot.    If there was any indication that spam was actually replacing junk mail in any way there might actually be some credibility to this argument but the facts tell another story.  Ask yourself one simple question-- Has the amount of junk mail you receive decreased in the last 5 years or so?  Mine sure hasn't... NEXT! "Yeah... well, I make all kinds of money you looser anti!"    Note that looser is a common spammer misspelling of loser and anti is a pejorative spammers apply to anyone who doesn't like spam (99.999% of us).  Spammers love to talk about how much money they make, yet a sizable number of them have filed for bankruptcy and they all plead poverty when they lose lawsuits.  They've lost a lot of lawsuits-- I don't know of a single one they've prevailed in as plaintiff or defendant.     While we're on the subject of spammer pejoratives: -I have a job. -I have a life. -I have a girlfriend. -I've never owned a pocket protector. -I outgrew acne decades ago.    I'd much rather make a modest living performing honest labor than be a wealthy scam artist.  If that makes me a "looser" then I wear the title proudly. A page covering arguments similar to the above but written by a real IT professional (not a hobby website wannabe like me) can be found here.    I'll be more than happy to shoot down any other pro-spam argument anyone cares to bring up, just point me towards it.

The Players (know your enemy):
  So just exactly who are these people flooding your inbox?  The worst of the worst, the cream of the crap, so to speak, can be found profiled at Spamhaus.org's Registry of Known Spam Operations.  Note how many of them have criminal records for such things as fraud, theft, drug trafficking, insider trading, money laundering, forgery, identity theft...  Others have flatly stated that they will not conform to the law because doing so would effectively put them out of business.  Still another has lost several lawsuits yet claims that he will continue to spam and never pay a dime of the several million dollars in judgments against him.
   If you have a really strong stomach take a look at these slimebags (don't say I didn't warn you).  If 
you effectively fight them or run an anti-spam resource, spammers will use juvenile and/or illegal revenge tactics-- Listbombing (signing your address up on as many email lists as they can find), forging your email address or domain on a spam run ("joe-job"), leaving you to deal with thousands of bounced messages and hate mail.  Distributed denial of service (DDoS) attacks, SLAPP lawsuits.  Then there's this plum (cut & paste from an email received by an anti-spammer colleague):
"I saw your complaints talking about me in usenet. You and your friends are pathetics. Now I will move my site to another hosting and you never will receive a message from me, I filtered your e-mail address so you will not have any evidence to complaint. Go to work, have a life and don't disturb people who work hard.  If you insist in get me in troubles I will send you everyday a very big mailbomb to your mailbox. Think about it. And again [gratuitous profanity deleted] YOU!"
   The above (which was accompanied with a joe-job against the recipient) was relatively tame, go here for a somewhat more colorful example of spammer wit and wisdom.  Criminals, thugs, scofflaws, kooks,
fugititives.  Do not mistake spammers for honest business people, they're ethics-impaired sociopaths.  Not the kind of people you want to trust with your credit card information.  Oh, I'm sure there are truly honest "bulkers" (that's what spammers like to call themselves) out there, but I have yet to deal with one.  Ethical businesspeople do not steal.  Ethical businesspeople do not threaten physical violence or illegal revenge tactics. 
   My first exposure to spammer revenge tactics occurred in 1997 when my account was mailbombed (flooded with megabytes of email) a few hours after making a polite request to Gulf Coast Marketing to please remove me from their mailing list.  Coincidence?  I doubt it.
   This site's email was almost miraculously spam-free for about 2 years and then all at once the floodgates opened. What was especially telling about the kind of people spammers are is that spam and phishing (identity theft) emails began arriving literally within minutes of each other.  The only logical conclusion I can come to is that the same people are behind them both. 
   Here's a quick breakdown of the spam in my inbox on Aug. 20, 2005:

1) "IMPORTANT INFORMATION ABOUT YOUR EBAY INC ACCOUNT" 
   Phishing (identity theft) attempt, complete with Ebay graphics, received from 201.1.140.90 (telesp.net.br).  Brazilian ISPs are so notoriously spammer friendly that many administrators have blocked all email coming from Brazil. The link to the phisher's page (where they collect the information) is at 210.75.207.62, which belongs to capinfo.com.cn, a Chinese ISP.  China and Korea are also widely blocked because of their affinity for criminal money. 

2) "We cure any desease!"
   Pharmaceutical spammer pushing "V1@GRA" and "C1al1s"  The creative spellings are to get around content-based spam filters.  I've never understood why spammers think that if I'm filtering on "viagra" I might be interested in buying "V1@GR4", but spammers, as a class, aren't noted for their intellect.  The spam came through 62.195.38.233, which is probably a trojan-compromised computer belonging to someone who uses chello.nl (Netherlands) as an ISP.  The domain, ACARCHFORMDC.INFO shows as belonging to a Jeff Westbury of 77 Beek Street, 118, London.  Jeff's registration email address of [email protected] is hinky-- using a Yahoo address for domain registration is against Yahoo TOS/AUP. A Google search on "Jeff Westbury" gives some interesting results, Jeffy's a prolific drug spammer. 

3) "Primary source of OEM Macromedia software Look no further !" 
   Probably bootleg software seller.  Spam also came through chello.nl... Chello's either spammy or clueless, probably the latter.  "Mothership" webpage is also at acarchformdc.info.  Looks like Jeffy's into bootleg software, too. 

4) "Best love dr@gs at best store!"
  More drug spam with filter evading misspellings.  Supposedly "BBB approved and VISA verified", whatever that means... Spam came through chello.nl again but the mothership domain is registered to Petko Petkov of Yambol, Bulgaria.  Googling on Mr. Petkov is inconclusive.

5) "Any med for your girl to be happy!"
   The body of the spam and M.O. of the spammer is identical to #4 above. 

6) "note"
   Bogus diploma spam sent through a compromised DSL account in Tampa, Florida.  The only contact info in the spam is a phone number in the 206 area code (Washington state).

   Not one of these even makes a pretense at CAN-SPAM compliance.... #6 is an example of why spammers are also behind a sizable number of viruses/trojans being circulated nowadays.  If you mistakenly open one it installs what amounts to a spamming engine in your computer, allowing spammers to use it to relay spam and to attack other machines (DDoS).  Anyone trying to track down the source of the abuse dead ends at your machine.  It's estimated that a third to a half of all spam passes through compromised computers.  Do legitimate merchants steal resources? 

1) The first step in securing your machine is to install a good firewall.  A firewall is a program, essentially a filter, which sits between your computer and the internet.  Sort of a cyber doorman for your browser.  I personally recommend ZoneAlarm by Zone Labs, which is available for free download here.  The "pro" version of ZoneAlarm has the exact same firewall along with bells and whistles like an excellent pop-up blocker.  IMO it's well worth the $30 or so it costs.
2) Because of their general insecurity, tendency to autoexecute attachments and macros, vulnerability to drive-by downloads through Active-X components, susceptibility to buffer overrun exploits, and unwanted behavior from browser helper objects, I highly recommend that you dump Internet Explorer and Outlook Express.  Go to mozilla.org and download the latest version of Firefox (browser) and Thunderbird (email and usenet reader).  Both are free... You'll be glad you did.  If you're used to IE/OE there is a very shallow learning curve involved.  If you absolutely must run IE then please read & heed the recommendations here.
3) Next you need to scan your machine for spyware/adware.  If you've been surfing the net with an unprotected version of IE I'm willing to bet serious money that your machine is infested with these bad actors.  Go here and download the latest version of AdAware, then install and run it.  Then go here and download Spybot Search & Destroy and do the same.  Now boot your system into safe mode and run them again.  --There are other anti-spyware scanners and cleaners available but there are also spyware loaders masquerading as cleaners.  Google is your friend, before adding any software (including the ones I've recommended, how do you know I'm not lying?) to your system do a Google search and see what others say about it.  Update and run your spyware scanners at least weekly and especially after adding new software.  Peer-to-peer file sharing programs are notorious for being sources of malware,  I personally discourage people from using them. 
4) A good anti-virus (AV) program is important but I put it last on the list because it's your last line of defense.  AV programs are only as good as the latest update and hundreds of pieces of new malware hit 
the internet every month.  A freeware virus scanner can be downloaded from grisoft.com.  As I have no personal experience with this particular product I can't vouch for it. 
5) Once your machine is firewalled and clean of spyware, go to grc.com and take the Shield's Up test to make sure you've got it locked down properly.  Steve Gibson, the author of grc.com, may have his demons but his site is an excellent and eye-opening resource and a good place to start on the road to being a savvy computer user. 
6) A quick note on "cookies"...  It's unfortunate that internet marketeers have perverted these handy little tags into tracking devices.  I have mixed emotions about them-- they aren't the bugaboo they were once made out to be but they're still intrusive as far as I'm concerned.  I have software to control who I accept them from, I added lines to the autoexec.bat file on my machine that deletes them on startup and I have an icon on my desktop that executes a batchfile to delete them on the fly (anyone remember batchfiles?).  Am I paranoid?  A bit... but this begs the question, am I paranoid ENOUGH?  My personal level of paranoia is such that I do own a tinfoil hat but I don it only when the black helicopters are in sight... 

A final note on spyware/adware/malware:
   Spyware is getting more insidious by the day, one purveyor of it has a crew of programmers working full time to figure out new ways past your defenses.  Some of their nastiness-- blocking (via your HOSTS file) access to anti-spyware resources, and attempting to turn off your firewall (won't work on ZoneAlarm, btw, the only way to disable ZA is to uninstall it).  Once in your system some of it is next to impossible to remove-- It puts a copy of itself into RAM on bootup (even in Safe Mode) and if you delete the copy on your hard drive it simply reinstalls itself as soon as you're done.  Take a look at this experience with spyware.  When you encounter one of these your only choice is to locate it with your normal spyware scanner and write down the filename and location.  Now shut down your computer by pulling the plug (do NOT do a normal Windows shutdown).  Reboot the machine using a boot disk, navigate to the proper folder/subfolder and manually delete the file.  Then reboot normally and let your spyware scanner remove any residue.  If the spyware came bundled with other software this may disable that software.  No loss-- The inclusion of spyware overshadows any utility the software may have and any software maker that bundles spyware with their product does not deserve my business, or yours either. 

   How do they get your email address? Any way they can.  (Sorry, just couldn't resist that).  You can look here or here or here for some of the methods.  Once your address gets on a spammer's list it will get spammed as long as it exists, possibly for as long as email itself exists.  It will be sold again and again to other spammers... Unpleasant as that may be it's a fact of (cyber) life, your only choice is to change your email address and hope they don't get the new one. 

1) Using "opt-out" links is an exercise in futility.  For every spammer who honors them there are 5 who use them simply to verify a "live" address... and the one that does honor it will still probably sell your address to other spammers, your email address is too valuable a commodity to simply discard.  Fox News did an experiment along those lines-- they set up two email addresses, on one they ignored the spam and on the other they used the spammer's opt-out links.  The opted out address ended up with 25% more spam.
2) If you have an HTML enabled email program (like Outlook Express), spam can "phone home" when you open it, confirming it was opened and that they hit a live address. The same is true for clicking on links within a spam, they are often tagged so that the site will know who's computer the click through came from.  If you must open a spam email, do it offline or engage your firewall's internet lock.
3) Resist the temptation to send chainletters ("Forward this to 10 friends...").  If you absolutely must send these, learn to use BCC (blind carbon copy) instead of CC.  It's proper netiquette and you won't be giving your correspondant's email addresses to people they may not want it given to.  I am convinced that many chainletters are written specifically to harvest email addresses. 
4) Never open an unexpected or unknown email attachment, even if it appears to be from someone you know and trust.  Just because their name is in the "From:" field does NOT mean they sent it. <--Reread that every time you get a file attachment.
5) Don't use email greeting card sites. The majority of these exist to harvest email addresses for spammers.  When you use one you give away your own email address along with that of a (possilbly former) friend.  The same is true for "tell a friend" links... if you don't know how to cut & paste a URL into an email it's time you learned. 
6) Whenever you deal with an entity that asks for an email address the odds are better than even that they are harvesting addresses for sale to spammers, sometimes referred to as "trusted marketing partners".  The commercial definition of trusted is "We trust them to pay us regularly and on time".  Create "throwaway" addresses to use when you must give a site an email address.  It only takes a minute to setup an email account at Yahoo.  This serves a dual purpose-- it protects your personal email address and by using tagged addresses you can quickly figure out who is selling your address.
7) Register with and report your spam to SpamCop. 
8) Read the usenet anti-spam forum news.admin.net-abuse.email ("nanae").  NOTE: Not for the thin skinned or faint of heart and if you're going to post there read this and this first.  I'll leave it to the reader to figure out who the trolls are.  Hint: The use of LOTS of CAPITALIZED words and/or the expression "BWAHAHA" are certain troll-signs.
9) Whenever you add software to your machine, particularly software you download from the 'net, read the EULA in its entirety, don't just check the "I Agree" box.  If there's anything you don't understand, do a google search on the software before installing it. 

NOTE:  If you think that dealing with a well-known or otherwise respected company is protection from malware, you need to take a look at what Sony's been up to. 

19) Read privacy policies very carefully before agreeing to anything.  Most so-called privacy policies have nothing to do with respecting your privacy, they're an outline of the ways your privacy will be violated.  Click here to see a truly laughable example of what I mean.  I love this part (quoted verbatim):
 

We may always share your information as described in this section for Service and Joint Marketing Reasons, and When Permitted or Required by Federal or State Law*, even if you ask us not to (even if you opt-out).

   In other words, they freely admit that they don't give a crap about your privacy and have zero respect for your wishes.  As long as consumers simply accept this kind of treatment they never will.  A generation ago a bank selling their customer's personal financial information would've been a huge scandal, nowadays it's routine.  But that's another topic for a another rant.

*The phrase "when permitted... by law" is entirely meaningless.  Anything not specifically prohibited by law is, by definition, permitted by it.  Lobbists for the Direct Marketing Association and other marketing entities are working hard and spending lots of $$$ to assure that privacy invasive practices remain "permitted by law".  Yet the DMA is possibly the only professional/trade organization that keeps it's membership list confidential.  Can you say "hypocrites", boys and girls?