Last week, I talked about Amazon’s email-in service, which lets you send documents to your Kindle by email. The nicest part of it for me is the PDF conversion feature, but you can, in general, sent any personal documents you like, with or without conversion to AZW.

The way it works is this:

When you buy your Kindle, it’s automatically registered to your Amazon account, so ebooks that you buy there are pushed to the Kindle for you. You also get an email address at (and also, and documents you send there are sent on to your Kindle — free if they’re sent by WiFi, and for a small fee if they’re sent over 3G (if you want to make sure you’re not charged, you can send things only to the address).

You can control who’s allowed to send stuff to your Kindle by listing the authorized email addresses at the “Manage Your Kindle” page, or through the settings on the Kindle itself, and the only address that’s authorized by default is the one you use for your Amazon account. Makes sense.

But here’s the thing: there’s no password or other security, other than the sender’s email address. You may or may not know this, but it’s trivial for anyone to send email using someone else’s email address. Anyone who knows my email address can guess that I might use that same address on Amazon, and the address to send to at defaults to the left-hand side of that address. So it would not be hard for anyone to send stuff to my Kindle, whether I want them to to or not, and whether I want what they’re sending or not.

So what? If people want to send me free ebooks, why is that a problem?

It’s a problem we’re all aware of: spam. Because it’s not just ebooks that can be sent; PDFs, MS Word documents, and plain text can all be sent, as well as pictures and other images. Imagine getting a kindle-ful of advance-fee fraud scams, Viagra ads, and pornographic images. And then imagine paying for those, if you have a 3G Kindle (I don’t, so it’s all free over WiFi).

The good thing is that Amazon’s Manage Your Kindle page lets you do three things that help here:

  1. set the maximum charge allowed for any one document sent to your Kindle,
  2. change the email addresses that can send to your Kindle, and
  3. change your Kindle’s email address.

Because I never want to accept any charges, I’ve set the maximum charge to zero. I’ve also removed the authorization for my regular email address, and authorized only an email address that no one knows. And, most importantly, I’ve changed the email address of my Kindle to something unguessable, essentially a strong password.

I recommend that everyone do the same (except perhaps for the maximum charge, if you want to be able to send things yourself that you’ll be charged for). At the least, everyone should change her Kindle’s email address to something that isn’t likely to be a target for spammers, and that means something long and relatively ugly.

I’m sure that Amazon does spam filtering on, but we all know how much gets by the spam filters, in general. I can’t wait until Kindle spam joins email spam, Facebook spam, Twitter spam, and the rest.