How Can I Stop Getting Spam?
A Tutorial for Webmasters
By Sean Proske
mailto:sproske@t...
Are you getting too much spam? We all are, but if you're a
webmaster the word spam takes on a whole new meaning.
It's not uncommon for the luckiest of email users to receive
a dozen or so spam messages each day, while those of us who
aren't so fortunate receive hundreds.
The casual home user tends to be more fortunate, so this
article is devoted to those of us with one or more website
because webmasters are getting hit by spam ... and hit
hard.
The reason ... a website doesn't do you much good if you
don't give potential customers a way to contact you, and
that normally means posting an email address on your
website, where it is vulnerable to email address harvesting
tools used by spammers. Domain registration records are
also a common source used by spammers.
In order to conduct business online you now need to sift
through the endless barrage of offers for herbal viagra,
pornography, pyramid schemes, and so on.
With such a large volume of spam to contend with, it's
likely you've lost sales due to missing important emails
that simply floated away in this sea of spam. And there's
no way to really calculate the cost of that lost business.
If you've missed email then how can you ever know how much
business you've lost?
If you want to solve the problem, you need to be proactive
because the sad reality is that if you do nothing, it will
only get worse until finally it reaches the point where your
email account has become totally and completely
unmanageable. Fortunately there are a few options available
to you.
------------------------------------------------------------
Securing Your Domain Registration Against Spammers
------------------------------------------------------------
First let's address the whois database, which is a publicly
accessible database in which your domain registration record
is listed ... and that includes your email address. It's
not uncommon now for people to be spammed at a brand new
email address within hours of registering a new domain.
Go Daddy http://www.godaddy.com is a domain registrar that
now offers private domain registrations. At the time of
writing this article, they are the only registrar who
currently offers this service. Hopefully in time, other
registrars will pick up on this idea and offer the service
too.
With a private domain registration, which costs only a few
dollars more than a regular registration, your contact
information including your email address will not be
publicly accessible in the whois database.
That's guaranteed to cut down on spam quite significantly as
this very important source of addresses that spammers use,
will no longer provide your address to them.
If you don't wish to obtain a private domain registration,
then there is another option that will be equally effective.
Set up a new email address that you use only for the purpose
of providing registration information for your domain name.
You can easily scan email sent to that address for messages
from your registrar, and delete the rest without having to
read it.
------------------------------------------------------------
Securing Your Website Against Spammers
------------------------------------------------------------
The other major source, and by far the biggest source of
email addresses for spammers is of course the mailto links
on your own website. Email address harvesting or extraction
software as it's known is cheap, easy to use, and readily
available ... and it's very effective. That means there
are a lot of spammers out there with easy access to your
email address.
Chances are hundreds or even thousands of spammers using
such software have already harvested your address. And what
can you do about this? You need to provide a way for your
customers to reach you by email, or you'll lose business.
There are steps you can take to prevent your email address
from being harvested and used by spammers though, while
still providing legitimate visitors to your site with a way
to email you.
One solution is to make all the mailto links on your site
point to a form instead, which will still provide a means
for people to send you email. Provided you use a CGI script
that doesn't require the address to be embedded within the
form itself, you can shield your address from email address
extractors.
If you don't want to require people to fill out a form to
email you from your website, then you can get a little more
creative. It is possible to put a mailto link on your site
that when clicked will still launch the sender's email
program, and start a new message with your address in the To
field ... but without having to embed your email address in
the mailto link where spam software can snatch it. Click
below to see an example of how it works.
http://thewebhostcompany.com/cgi-local/email.cgi
It looks like a normal URL, and there's clearly no email
address anywhere in the link, but when clicked, instead of
loading a web page in your browser as you may have expected,
your email program opens up.
How's that possible you might ask? Simple. A little magic
with CGI using Perl or PHP will do the trick. A free copy
of a script that does this is bundled with Postmaster Pro,
available at http://www.postmasterpro.com which is discussed
below.
SpamBot Buster is available for download at
http://tinyurl.com/gqsn
------------------------------------------------------------
What About Spammers Who Already Have My Address?
------------------------------------------------------------
So far we've discussed a few fairly simple techniques
designed to prevent spammers from obtaining your email
address in the first place. But, how do you deal with the
spam you're already getting? Your address is already out
there. The solution is to either block or filter.
For either, you'll need software. For blocking, I recommend
Postmaster Pro. If you prefer to filter then Spam Assassin
is highly recommended. Both run on the server, so there is
no need to download spam before filtering it out. That's a
huge time saver if you're not yet on a high-speed
connection. It also makes it a bit less likely you'll end
up downloading a virus since email from untrusted senders,
i.e. spammers will be significantly reduced.
------------------------------------------------------------
Spam Blocking Software
------------------------------------------------------------
Postmaster Pro which is available at
http://www.postmasterpro.com takes a novel approach to
blocking spam. It only allows email to be delivered after
people who've sent you email have been placed on an approved
sender list. But the interesting thing is that people who
send you email can put themselves on your approved list.
This is done simply by clicking a link in an email that
automatically gets sent to them the first time they send
email to you, which is perfect for those of us who don't
know in advance whom we should put on the approved list,
i.e. if you're running a business online. It also makes
building and maintaining such a list very simple.
Given the fact that spammers normally use invalid return
addresses, and those who do use valid return addresses
seldom read email that's sent there, let alone respond to it
(they receive thousands of failed delivery notifications,
complaints, remove requests, and autoresponder messages
every time they do a mailing) ... it's a very effective
technique with no chance of blocking legitimate email, as is
the case with filtering.
------------------------------------------------------------
Spam Filtering Software
------------------------------------------------------------
For those who would prefer to filter ... Spam Assassin is
perhaps the best option. It is available at
http://www.spamassassin.org. Once you have Spam Assassin
installed, it will provide you with very powerful and
flexible filtering tools. Spam Assassin is a mature
product, having been around for quite some time. If you're
going to filter, Spam Assassin is about as good as it gets.
As with any filter though, you do run the risk of missing
legitimate email from time to time. There really isn't a
good way to tell how often this is happening unless you want
to read all the email that gets filtered out, which negates
the whole point of filtering. If you set your filters
permissively enough though, you should be reasonably safe.
For the first month or so after installing any filter, you
should continue to read every single email in order to make
sure it isn't set too restrictively to allow legitimate
email through.
By using the techniques mentioned in this article, you can
take back your mailbox, and dramatically reduce, if not
eliminate spam.
© 2003 by Sean Proske
------------------------------------------------------------
Sean Proske is the CEO and founding partner of
thewebhostcompany.com which has provided reliable and
affordable hosting since 1996.
http://www.thewebhostcompany.com
mailto:info@t...
<<Back