How Can I Stop Getting Spam?
by Sean Proske
Are you getting too much spam? We all are, but if you're a webmaster the word spam takes on a whole new meaning.
It’s not uncommon for the luckiest of email users to receive a dozen or so spam messages each day, while those of us who aren’t so fortunate receive hundreds.
The casual home user tends to be more fortunate, so this article is devoted to those of us with one or more website because webmasters are getting hit by spam … and hit hard.
The reason … a website doesn’t do you much good if you don’t give potential customers a way to contact you, and that normally means posting an email address on your website, where it is vulnerable to email address harvesting tools used by spammers. Domain registration records are also a common source used by spammers.
In order to conduct business online you now need to sift through the endless barrage of offers for herbal viagra, pornography, pyramid schemes, and so on.
With such a large volume of spam to contend with, it’s likely you’ve lost sales due to missing important emails that simply floated away in this sea of spam. And there's no way to really calculate the cost of that lost business. If you've missed email then how can you ever know how much business you've lost?
If you want to solve the problem, you need to be proactive because the sad reality is that if you do nothing, it will only get worse until finally it reaches the point where your email account has become totally and completely unmanageable. Fortunately there are a few options available to you.
Securing Your Domain Registration Against Spammers
First let's address the whois database, which is a publicly accessible database in which your domain registration record is listed … and that includes your email address. It's not uncommon now for people to be spammed at a brand new email address within hours of registering a new domain.
Go Daddy http://www.godaddy.com is a domain registrar that now offers private domain registrations. At the time of writing this article, they are the only registrar who currently offers this service. Hopefully in time, other registrars will pick up on this idea and offer the service too.
With a private domain registration, which costs only a few dollars more than a regular registration, your contact information including your email address will not be publicly accessible in the whois database.
That’s guaranteed to cut down on spam quite significantly as this very important source of addresses that spammers use, will no longer provide your address to them.
If you don’t wish to obtain a private domain registration, then there is another option that will be equally effective. Set up a new email address that you use only for the purpose of providing registration information for your domain name. You can easily scan email sent to that address for messages from your registrar, and delete the rest without having to read it.
Securing Your Website Against Spammers
The other major source, and by far the biggest source of email addresses for spammers is of course the mailto links on your own website. Email address harvesting or extraction software as it’s known is cheap, easy to use, and readily available … and it’s very effective. That means there are a lot of spammers out there with easy access to your email address.
Chances are hundreds or even thousands of spammers using such software have already harvested your address. And what can you do about this? You need to provide a way for your customers to reach you by email, or you'll lose business. There are steps you can take to prevent your email address from being harvested and used by spammers though, while still providing legitimate visitors to your site with a way to email you.
One solution is to make all the mailto links on your site point to a form instead, which will still provide a means for people to send you email. Provided you use a CGI script that doesn’t require the address to be embedded within the form itself, you can shield your address from email address extractors.
If you don’t want to require people to fill out a form to email you from your website, then you can get a little more creative. It is possible to put a mailto link on your site that when clicked will still launch the sender’s email program, and start a new message with your address in the To field … but without having to embed your email address in the mailto link where spam software can snatch it. Click below to see an example of how it works.
http://thewebhostcompany.com/cgi-local/email.cgi
It looks like a normal URL, and there's clearly no email address anywhere in the link, but when clicked, instead of loading a web page in your browser as you may have expected, your email program opens up.
How’s that possible you might ask? Simple. A little magic with CGI using Perl or PHP will do the trick. A free copy of a script that does this is bundled with Postmaster Pro, available at http://www.postmasterpro.com which is discussed below.
What About Spammers Who Already Have My Address?
So far we’ve discussed a few fairly simple techniques designed to prevent spammers from obtaining your email address in the first place. But, how do you deal with the spam you’re already getting? Your address is already out there. The solution is to either block or filter.
For either, you'll need software. For blocking, I recommend Postmaster Pro. If you prefer to filter then Spam Assassin is highly recommended. Both run on the server, so there is no need to download spam before filtering it out. That's a huge time saver if you're not yet on a high-speed connection. It also makes it a bit less likely you'll end up downloading a virus since email from untrusted senders, i.e. spammers will be significantly reduced.
Spam Blocking Software
Postmaster Pro which is available at http://www.postmasterpro.com takes a novel approach to blocking spam. It only allows email to be delivered after people who’ve sent you email have been placed on an approved sender list. But the interesting thing is that people who send you email can put themselves on your approved list. This is done simply by clicking a link in an email that automatically gets sent to them the first time they send email to you, which is perfect for those of us who don’t know in advance whom we should put on the approved list, i.e. if you’re running a business online. It also makes building and maintaining such a list very simple.
Given the fact that spammers normally use invalid return addresses, and those who do use valid return addresses seldom read email that's sent there, let alone respond to it (they receive thousands of failed delivery notifications, complaints, remove requests, and autoresponder messages every time they do a mailing) … it’s a very effective technique with no chance of blocking legitimate email, as is the case with filtering.
Spam Filtering Software
For those who would prefer to filter ... Spam Assassin is perhaps the best option. It is available at http://www.spamassassin.org. Once you have Spam Assassin installed, it will provide you with very powerful and flexible filtering tools. Spam Assassin is a mature product, having been around for quite some time. If you’re going to filter, Spam Assassin is about as good as it gets.
As with any filter though, you do run the risk of missing legitimate email from time to time. There really isn't a good way to tell how often this is happening unless you want to read all the email that gets filtered out, which negates the whole point of filtering. If you set your filters permissively enough though, you should be reasonably safe. For the first month or so after installing any filter, you should continue to read every single email in order to make sure it isn't set too restrictively to allow legitimate email through.
By using the techniques mentioned in this article, you can take back your mailbox, and dramatically reduce, if not eliminate spam.
About The Author
Sean Proske is the CEO and founding partner of thewebhostcompany.com which has provided reliable and affordable hosting since 1996.
http://www.thewebhostcompany.com
mailto:info@thewebhostcompany.com
sproske@thewebhostcompany.com
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Newsletter Marketing Articles
More By Developer Shed
 developerWorks - FREE Tools!
|
Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br />
FREE! Go There Now!
|
|
|
|
<a href="http://zeus.developershed.com/shonuff.php?blackbird=3853&zoneid=442&source=&dest=http%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fspaces%2Fjazz%3FS_TACT%3D105AGY31%26S_CMP%3DDEVSHED&ismap="><img src="http://images.devshed.com/corp/img/news/jazz01.gif" alt="developerWorks Jazz space" align="left"></a>You've heard the buzz about Jazz... want to know more about it from a developer's perspective? Check out the Jazz space on developerWorks. This space is an up-to-date resource for developers, including technical information about Jazz and products built on Jazz, like Rational Team Concert Express. The Jazz space includes content from a wide variety of sources, including links, feeds, and comments from experts.
FREE! Go There Now!
|
|
|
|
Learn to enable users to both rate existing animations and to combine existing animations into new snippets. This is the third in a series of three tutorials that chronicle the building of a site that enables collaborative discussion and animation building using Domino and OpenLaszlo.
FREE! Go There Now!
|
|
|
|
WebSphere Process Server delivers a unique integration framework that simplifies existing IT resources. Often, as IT assets grow to support business demand, so too does their complexity and manageability. In this webcast, we’ll discuss how WebSphere Process Server helps deliver an SOA infrastructure that provides a common model to orchestrate, mediate, connect, map, and execute the underlying IT functions. Discover how WebSphere Process Server simplifies integration of business processes by leveraging existing IT assets as reusable services without the complexities of traditional integration methodologies.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of WebSphere Extended Deployment Compute Grid, which lets you schedule, execute, and monitor batch jobs. Because online transaction processing and batch jobs execute simultaneously on the same server resources, you can avoid costly duplication of resources. Compute Grid supports job types of Java transactional batch, compute-intensive and a new type called "native execution", which enables non-Java workloads to run on distributed end points.
FREE! Go There Now!
|
|
|
|
Rational Build Forge Express Edition is an automation framework that packages the latest enterprise-grade technologies into a reliable, flexible and robust configuration designed and priced specifically for small to midsize businesses. The new Rational Build Forge Express eKit provides you with valuable resources – including a case study, podcast, demo, and articles – to help you increase staff productivity, compress development cycles and deliver better software, fast.
FREE! Go There Now!
|
|
|
|
Get a free trial download of IBM Lotus Forms V3.0 (formerly Workplace Forms), which provides a zero-footprint eForms solution to help you automate and move forms-based business processes off the desktop and onto the Web. With Lotus Forms, you can extend applications beyond the firewall by creating a single electronic form document ready for use in both thick and Web 2.0 thin client format.
FREE! Go There Now!
|
|
|
|
As businesses grow increasingly dependent upon Web applications, these complex entities grow more difficult to secure. Most companies equip their Web sites with firewalls, Secure Sockets Layer (SSL), and network and host security, but the majority of attacks are on applications themselves – and these technologies cannot prevent them. This paper explains what you can do to help protect your organization, and it discusses an approach for improving your organization’s Web application security.
FREE! Go There Now!
|
|
|
|
Whether you are creating new applications or modifying existing ones, managing integration of new components with traditional z/OS elements is a critical part of building and deploying modern applications. Listen to this webcast to see how IBM can help you optimize your development process using an IDE like Rational Developer for System z that integrates with management tools, such as ClearCase to manage your application development on mainframes.
FREE! Go There Now!
|
|
|
|
Join this webcast to learn how IBM Rational's Functional Testing solution enables you to implement automation your way, at your pace, with your existing staff. In this webcast, you’ll learn how you can eliminate redundancy of manual test scripts, reduce errors, and increase test coverage through test automation. After this presentation you will understand how IBM Rational Functional Testing solution can streamline your manual testing and make test automation easily attainable.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
