I've been listing a few bits and pieces on Craigslist over the last week or two, and am running into the same old problem of being bombarded with a ton of scam responses - it gets to a point where you're lucky if 1 in 10 is a legitimate inquiry.

I don't respond to them, but I'm always left scratching my head trying to figure out what they're supposed to accomplish. They fall into two categories. The first are what I call 'echo' emails, posts that contain a line of text copied directly from one of my posts, with a question mark appended to the end. The best I can figure is that the scammers are using some kind of auto-mailer that selects a passage from one of my posts and puts a question mark on the end to make it seem as if someone's making a legitimate inquiry on the item. The other emails, which I've also come across elsewhere, simply contain random words - how they're supposed to elicit a response I don't know.

I have been caught out before on Craigslist by what I thought was a real inquiry, only to discover that my responding to it apparently posted all my email contacts - the first I knew about it was when some friends informed me that their security systems were flagging the resulting emails. Is that what these other emails are attempting to do?

Even though I've started including a clause in my posts that states that I'll only respond to phone numbers (and I only use my cell phone to call, rather than the home number) there are the odd responses that don't provide a number but look legit - for those I don't hit 'reply' but copy the address from the body of the email and paste it into a new post.

All of this takes place on my Windows-based PC, but I'm thinking of switching all my Craigslist correspondence over to the Ubuntu-based PC for added security. I'm not sure if it will work though, as I don't know if these scam posts work off my own hardware to acquire data such as my email contacts, or if they tap directly into the online email account I use when/if I respond, in which case whatever PC or PS I use may be a moot point. Would I be more secure switching all related correspondence to an Ubuntu-based machine, or is there still a threat?

Thoughts anyone?