How Can I Stop Getting Spam? A Tutorial for ... Sean ... you getting too much spam? We all are, but ifyou're a ... the word spam takes on a who
How Can I Stop Getting Spam?
A Tutorial for Webmasters
By Sean Proske
mailto:sproske@thewebhostcompany.com
Are you getting too much spam? We all are, but if
you're a webmaster the word spam takes on a whole
new meaning.
It's not uncommon for the luckiest of email
users to receive a dozen or so spam messages each
day, while those of us who aren't so fortunate
receive hundreds.
The casual home user tends to be more fortunate,
so this article is devoted to those of us with one
or more website because webmasters are getting hit
by spam ... and hit hard.
The reason ... a website doesn't do you much
good if you don't give potential customers a way
to contact you, and that normally means posting an
email address on your website, where it is
vulnerable to email address harvesting tools used
by spammers. Domain registration records are also
a common source used by spammers.
In order to conduct business online you now need
to sift through the endless barrage of offers for
herbal viagra, pornography, pyramid schemes, and
so on.
With such a large volume of spam to contend with,
it's likely you've lost sales due to missing
important emails that simply floated away in this
sea of spam. And there's no way to really
calculate the cost of that lost business. If
you've missed email then how can you ever know how
much business you've lost?
If you want to solve the problem, you need to be
proactive because the sad reality is that if you
do nothing, it will only get worse until finally
it reaches the point where your email account has
become totally and completely unmanageable.
Fortunately there are a few options available to
you.
--------------------------------------------------
Securing Your Domain Registration Against Spammers
--------------------------------------------------
First let's address the whois database, which is a
publicly accessible database in which your domain
registration record is listed ... and that
includes your email address. It's not uncommon
now for people to be spammed at a brand new email
address within hours of registering a new domain.
Go Daddy http://www.godaddy.com is a domain
registrar that now offers private domain
registrations. At the time of writing this
article, they are the only registrar who currently
offers this service. Hopefully in time, other
registrars will pick up on this idea and offer the
service too.
With a private domain registration, which costs
only a few dollars more than a regular
registration, your contact information including
your email address will not be publicly accessible
in the whois database.
That's guaranteed to cut down on spam quite
significantly as this very important source of
addresses that spammers use, will no longer
provide your address to them.
If you don't wish to obtain a private domain
registration, then there is another option that
will be equally effective. Set up a new email
address that you use only for the purpose of
providing registration information for your domain
name. You can easily scan email sent to that
address for messages from your registrar, and
delete the rest without having to read it.
--------------------------------------------------
Securing Your Website Against Spammers
--------------------------------------------------
The other major source, and by far the biggest
source of email addresses for spammers is of
course the mailto links on your own website.
Email address harvesting or extraction software as
it's known is cheap, easy to use, and readily
available ... and it's very effective. That
means there are a lot of spammers out there with
easy access to your email address.
Chances are hundreds or even thousands of spammers
using such software have already harvested your
address. And what can you do about this? You
need to provide a way for your customers to reach
you by email, or you'll lose business. There are
steps you can take to prevent your email address
from being harvested and used by spammers though,
while still providing legitimate visitors to your
site with a way to email you.
One solution is to make all the mailto links on
your site point to a form instead, which will
still provide a means for people to send you
email. Provided you use a CGI script that
doesn't require the address to be embedded
within the form itself, you can shield your
address from email address extractors.
If you don't want to require people to fill out
a form to email you from your website, then you
can get a little more creative. It is possible to
put a mailto link on your site that when clicked
will still launch the sender's email program,
and start a new message with your address in the
To field ... but without having to embed your
email address in the mailto link where spam
software can snatch it. Click below to see an
example of how it works.
http:/ hewebhostcompany.com/cgi-local/email.cgi
It looks like a normal URL, and there's clearly no
email address anywhere in the link, but when
clicked, instead of loading a web page in your
browser as you may have expected, your email
program opens up.
How's that possible you might ask? Simple. A
little magic with CGI using Perl or PHP will do
the trick. A free copy of a script that does this
is bundled with Postmaster Pro, available at
http://www.postmasterpro.com which is discussed
below.
--------------------------------------------------
What About Spammers Who Already Have My Address?
--------------------------------------------------
So far we've discussed a few fairly simple
techniques designed to prevent spammers from
obtaining your email address in the first place.
But, how do you deal with the spam you're
already getting? Your address is already out
there. The solution is to either block or filter.
For either, you'll need software. For blocking, I
recommend Postmaster Pro. If you prefer to filter
then Spam Assassin is highly recommended. Both
run on the server, so there is no need to download
spam before filtering it out. That's a huge time
saver if you're not yet on a high-speed
connection. It also makes it a bit less likely
you'll end up downloading a virus since email from
untrusted senders, i.e. spammers will be
significantly reduced.
------------------------------------------------
Spam Blocking Software
------------------------------------------------
Postmaster Pro which is available at
http://www.postmasterpro.com takes a novel
approach to blocking spam. It only allows email
to be delivered after people who've sent you
email have been placed on an approved sender list.
But the interesting thing is that people who send
you email can put themselves on your approved
list. This is done simply by clicking a link in
an email that automatically gets sent to them the
first time they send email to you, which is
perfect for those of us who don't know in
advance whom we should put on the approved list,
i.e. if you're running a business online. It
also makes building and maintaining such a list
very simple.
Given the fact that spammers normally use invalid
return addresses, and those who do use valid
return addresses seldom read email that's sent
there, let alone respond to it (they receive
thousands of failed delivery notifications,
complaints, remove requests, and autoresponder
messages every time they do a mailing) ... it's
a very effective technique with no chance of
blocking legitimate email, as is the case with
filtering.
--------------------------------------------------
Spam Filtering Software
--------------------------------------------------
For those who would prefer to filter ... Spam
Assassin is perhaps the best option. It is
available at http://www.spamassassin.org. Once
you have Spam Assassin installed, it will provide
you with very powerful and flexible filtering
tools. Spam Assassin is a mature product, having
been around for quite some time. If you're
going to filter, Spam Assassin is about as good as
it gets.
As with any filter though, you do run the risk of
missing legitimate email from time to time. There
really isn't a good way to tell how often this is
happening unless you want to read all the email
that gets filtered out, which negates the whole
point of filtering. If you set your filters
permissively enough though, you should be
reasonably safe. For the first month or so after
installing any filter, you should continue to read
every single email in order to make sure it isn't
set too restrictively to allow legitimate email
through.
By using the techniques mentioned in this article,
you can take back your mailbox, and dramatically
reduce, if not eliminate spam.
--------------------------------------------------
Sean Proske is the CEO and founding partner of
thewebhostcompany.com which has provided reliable
and affordable hosting since 1996.
http://www.thewebhostcompany.com
mailto:info@thewebhostcompany.com
--------------------------------------------------
© 2003 by Sean Proske
You have permission to publish this article
electronically or in print, in your Newsletter, on
your website, or in your E-Book, as long as the
author's Resource Box is included with the
article.