How Can I Stop Getting Spam? A Tutorial for Webmasters
by Sean Proske
Are you getting too much spam? We all are, but if you're awebmaster the word spam takes on a whole new meaning.
It's not uncommon for the luckiest of email users to receivea dozen or so spam messages each day, while those of us whoaren't so fortunate receive hundreds.
The casual home user tends to be more fortunate, so thisarticle is devoted to those of us with one or more websitebecause webmasters are getting hit by spam ... and hithard.
The reason ... a website doesn't do you much good if youdon't give potential customers a way to contact you, andthat normally means posting an email address on yourwebsite, where it is vulnerable to email address harvestingtools used by spammers. Domain registration records arealso a common source used by spammers.
In order to conduct business online you now need to siftthrough the endless barrage of offers for herbal viagra,pornography, pyramid schemes, and so on.
With such a large volume of spam to contend with, it'slikely you've lost sales due to missing important emailsthat simply floated away in this sea of spam. And there'sno way to really calculate the cost of that lost business.If you've missed email then how can you ever know how muchbusiness you've lost?
If you want to solve the problem, you need to be proactivebecause the sad reality is that if you do nothing, it willonly get worse until finally it reaches the point where youremail account has become totally and completelyunmanageable. Fortunately there are a few options availableto you.
Securing Your Domain Registration Against Spammers
First let's address the whois database, which is a publiclyaccessible database in which your domain registration recordis listed ... and that includes your email address. It'snot uncommon now for people to be spammed at a brand newemail address within hours of registering a new domain.
Go Daddy http://www.godaddy.com is a domain registrar thatnow offers private domain registrations. At the time ofwriting this article, they are the only registrar whocurrently offers this service. Hopefully in time, otherregistrars will pick up on this idea and offer the servicetoo.
With a private domain registration, which costs only a fewdollars more than a regular registration, your contactinformation including your email address will not bepublicly accessible in the whois database.
That's guaranteed to cut down on spam quite significantly asthis very important source of addresses that spammers use,will no longer provide your address to them.
If you don't wish to obtain a private domain registration,then there is another option that will be equally effective.Set up a new email address that you use only for the purposeof providing registration information for your domain name.You can easily scan email sent to that address for messagesfrom your registrar, and delete the rest without having toread it.
Securing Your Website Against Spammers
The other major source, and by far the biggest source ofemail addresses for spammers is of course the mailto linkson your own website. Email address harvesting or extractionsoftware as it's known is cheap, easy to use, and readilyavailable ... and it's very effective. That means thereare a lot of spammers out there with easy access to youremail address.
Chances are hundreds or even thousands of spammers usingsuch software have already harvested your address. And whatcan you do about this? You need to provide a way for yourcustomers to reach you by email, or you'll lose business.There are steps you can take to prevent your email addressfrom being harvested and used by spammers though, whilestill providing legitimate visitors to your site with a wayto email you.
One solution is to make all the mailto links on your sitepoint to a form instead, which will still provide a meansfor people to send you email. Provided you use a CGI scriptthat doesn't require the address to be embedded within theform itself, you can shield your address from email addressextractors.
If you don't want to require people to fill out a form toemail you from your website, then you can get a little morecreative. It is possible to put a mailto link on your sitethat when clicked will still launch the sender's emailprogram, and start a new message with your address in the Tofield ... but without having to embed your email address inthe mailto link where spam software can snatch it. Clickbelow to see an example of how it works.
http://thewebhostcompany.com/cgi-local/email.cgi
It looks like a normal URL, and there's clearly no emailaddress anywhere in the link, but when clicked, instead ofloading a web page in your browser as you may have expected,your email program opens up.
How's that possible you might ask? Simple. A little magicwith CGI using Perl or PHP will do the trick. A free copyof a script that does this is bundled with Postmaster Pro,available at http://www.postmasterpro.com which is discussedbelow.
What About Spammers Who Already Have My Address?
So far we've discussed a few fairly simple techniquesdesigned to prevent spammers from obtaining your emailaddress in the first place. But, how do you deal with thespam you're already getting? Your address is already outthere. The solution is to either block or filter.
For either, you'll need software. For blocking, I recommendPostmaster Pro. If you prefer to filter then Spam Assassinis highly recommended. Both run on the server, so there isno need to download spam before filtering it out. That's ahuge time saver if you're not yet on a high-speedconnection. It also makes it a bit less likely you'll endup downloading a virus since email from untrusted senders,i.e. spammers will be significantly reduced.
Spam Blocking Software
Postmaster Pro which is available athttp://www.postmasterpro.com takes a novel approach toblocking spam. It only allows email to be delivered afterpeople who've sent you email have been placed on an approvedsender list. But the interesting thing is that people whosend you email can put themselves on your approved list.This is done simply by clicking a link in an email thatautomatically gets sent to them the first time they sendemail to you, which is perfect for those of us who don'tknow in advance whom we should put on the approved list,i.e. if you're running a business online. It also makesbuilding and maintaining such a list very simple.
Given the fact that spammers normally use invalid returnaddresses, and those who do use valid return addressesseldom read email that's sent there, let alone respond to it(they receive thousands of failed delivery notifications,complaints, remove requests, and autoresponder messagesevery time they do a mailing) ... it's a very effectivetechnique with no chance of blocking legitimate email, as isthe case with filtering.
Spam Filtering Software
For those who would prefer to filter ... Spam Assassin isperhaps the best option. It is available athttp://www.spamassassin.org. Once you have Spam Assassininstalled, it will provide you with very powerful andflexible filtering tools. Spam Assassin is a matureproduct, having been around for quite some time. If you'regoing to filter, Spam Assassin is about as good as it gets.
As with any filter though, you do run the risk of missinglegitimate email from time to time. There really isn't agood way to tell how often this is happening unless you wantto read all the email that gets filtered out, which negatesthe whole point of filtering. If you set your filterspermissively enough though, you should be reasonably safe.For the first month or so after installing any filter, youshould continue to read every single email in order to makesure it isn't set too restrictively to allow legitimateemail through.
By using the techniques mentioned in this article, you cantake back your mailbox, and dramatically reduce, if noteliminate spam.
© 2003 by Sean ProskeSean Proske is the CEO and founding partner of thewebhostcompany.com which has provided reliable and affordable hosting since 1996.
http://www.thewebhostcompany.com
info@thewebhostcompany.com
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More How To Articles
More By Developer Shed
 developerWorks - FREE Tools!
|
Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br />
FREE! Go There Now!
|
|
|
|
As businesses grow increasingly dependent upon Web applications to provide services to customers, employees and partners, these complex applications become more difficult to secure. Although traditional security solutions protect Internet infrastructure layers, they do not guard against HTTP and HTML attacks. Many organizations that conduct security testing still deploy applications that allow attackers to manipulate their logic and wreak havoc on their business. To mitigate this risk, development and delivery teams must address Web application security throughout the lifecycle, addressing the many layers detailed in this paper.
FREE! Go There Now!
|
|
|
|
Attend this launch webcast with Scott Hebner, Vice President of IBM Rational Marketing and Strategy, for an overview of Rational’s new software offerings and resources to help modernize and accelerate software innovation on i on Power Systems – while ensuring past application investments are protected and continue to grow. Learn how these solutions are helping customers extend their core i5/OS solutions toward modern architectures such as SOA and web technologies to deliver business improvements that stand the test of time.
FREE! Go There Now!
|
|
|
|
Effective governance for lean development isn’t about command and control. Instead, the focus is on enabling the right behaviors and practices through collaborative and supportive techniques. Hear from Scott Ambler on how it is far more effective to motivate people to do the right thing than it is to force them to do so. Learn how to form a lightweight, collaboration-based framework that reflects the realities of modern IT organizations.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial of the Rational Host Access Transformation Services (HATS) Toolkit. The HATS toolkit provides a set of plug-ins for the IBM Rational Software Delivery Platform to help you easily extend your legacy applications. HATS makes your 3270 and 5250 applications available as HTML through the most popular Web browsers, while converting your host screens to a Web look and feel and it also enables you to develop new Web, portal, and rich-client applications.
FREE! Go There Now!
|
|
|
|
Learn how Rational Build Forge can extend a simple compile and package build process by adding customization and deployment capability. Go from a manual method to automating: checking for code changes; getting the latest source; compiling and packaging; customizing; copying to and restarting a deployment server; and sending e-mail notification that a new version is available.
FREE! Go There Now!
|
|
|
|
This whitepaper provides areas to consider when evaluating any software configuration management solution. It addresses how the IBM solutions (Rational ClearCase and Rational ClearQuest) meet the needs and requirements of both project leaders and developers to provide successful Software Change and Configuration Management.
FREE! Go There Now!
|
|
|
|
Try the latest version of IBM Rational Manual Tester V7.0.1 by downloading a free trial from IBM developerWorks. This manual test authoring and execution tool promotes test step reuse to reduce the impact of software change on testers and business analysts and addresses the needs of teams performing at least a portion of their testing manually.
FREE! Go There Now!
|
|
|
|
Join this Rational Talks to You teleconference, to hear how Enterprise Generation Language (EGL) eliminates the need for tedious and error-prone low level coding, so developers can focus on business requirements. EGL extends the Rational software development platform with a simplified programming language that enables developers who have little or no experience with Java, Web technologies or Service Oriented Architecture, to create enterprise-class applications and services quickly and easily. It also allows developers who may have little or no mainframe programming experience to quickly create traditional mainframe components.
FREE! Go There Now!
|
|
|
|
Join this webcast to learn how IBM Rational's Functional Testing solution enables you to implement automation your way, at your pace, with your existing staff. In this webcast, you’ll learn how you can eliminate redundancy of manual test scripts, reduce errors, and increase test coverage through test automation. After this presentation you will understand how IBM Rational Functional Testing solution can streamline your manual testing and make test automation easily attainable.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
