How Can I Stop Getting Spam?
A Tutorial for Webmasters
by Sean
Proske
Are you getting too much spam? We all are, but if you're a webmaster
the word spam takes on a whole new meaning.
It's not uncommon for the luckiest of email users to receive a dozen or
so spam messages each day, while those of us who aren't so fortunate
receive hundreds.
The casual home user tends to be more fortunate, so this article is
devoted to those of us with one or more website because webmasters are
getting hit by spam ... and hit hard.
The reason... a website doesn't do you much good if you don't give
potential customers a way to contact you, and that normally means posting
an email address on your website, where it is vulnerable to email address
harvesting tools used by spammers. Domain registration records are also a
common source used by spammers.
In order to conduct business online you now need to sift through the
endless barrage of offers for herbal Viagra, pornography, pyramid schemes,
and so on.
With such a large volume of spam to contend with, it's likely you've
lost sales due to missing important emails that simply floated away in
this sea of spam. And there's no way to really calculate the cost of that
lost business. If you've missed email then how can you ever know how much
business you've lost?
If you want to solve the problem, you need to be proactive because the
sad reality is that if you do nothing, it will only get worse until
finally it reaches the point where your email account has become totally
and completely unmanageable. Fortunately there are a few options available
to you.
►Securing Your Domain Registration Against Spammers
First let's address the whois database, which is a publicly accessible
database in which your domain registration record is listed ... and that
includes your email address. It's not uncommon now for people to be
spammed at a brand new email address within hours of registering a new
domain.
Go Daddy http://www.godaddy.com is a domain registrar that now offers
private domain registrations. At the time of writing this article, they
are the only registrar who currently offers this service. Hopefully in
time, other registrars will pick up on this idea and offer the service
too.
With a private domain registration, which costs only a few dollars more
than a regular registration, your contact information including your email
address will not be publicly accessible in the whois database.
That's guaranteed to cut down on spam quite significantly as this very
important source of addresses that spammers use, will no longer provide
your address to them.
If you don't wish to obtain a private domain registration, then there
is another option that will be equally effective. Set up a new email
address that you use only for the purpose of providing registration
information for your domain name. You can easily scan email sent to that
address for messages from your registrar, and delete the rest without
having to read it.
►Securing Your Website Against Spammers
The other major source, and by far the biggest source of email
addresses for spammers is of course the mailto links on your own website.
Email address harvesting or extraction software as it's known is cheap,
easy to use, and readily available ... and it's very effective. That means
there are a lot of spammers out there with easy access to your email
address.
Chances are hundreds or even thousands of spammers using such software
have already harvested your address. And what can you do about this? You
need to provide a way for your customers to reach you by email, or you'll
lose business. There are steps you can take to prevent your email address
from being harvested and used by spammers though, while still providing
legitimate visitors to your site with a way to email you.
One solution is to make all the mailto links on your site point to a
form instead, which will still provide a means for people to send you
email. Provided you use a CGI script that doesn't require the address to
be embedded within the form itself, you can shield your address from email
address extractors.
If you don't want to require people to fill out a form to email you
from your website, then you can get a little more creative. It is possible
to put a mailto link on your site that when clicked will still launch the
sender's email program, and start a new message with your address in the
To field ... but without having to embed your email address in the mailto
link where spam software can snatch it. Click below to see an example of
how it works.
http://thewebhostcompany.com/cgi-local/email.cgi
It looks like a normal URL, and there's clearly no email address
anywhere in the link, but when clicked, instead of loading a web page in
your browser as you may have expected, your email program opens up.
How's that possible you might ask? Simple. A little magic with CGI
using Perl or PHP will do the trick. A free copy of a script that does
this is bundled with Postmaster Pro, available at
http://www.postmasterpro.com
which is discussed below.
►What About Spammers Who Already Have My Address?
So far we've discussed a few fairly simple techniques designed to
prevent spammers from obtaining your email address in the first place.
But, how do you deal with the spam you're already getting? Your address is
already out there. The solution is to either block or filter.
For either, you'll need software. For blocking, I recommend Postmaster
Pro. If you prefer to filter then Spam Assassin is highly recommended.
Both run on the server, so there is no need to download spam before
filtering it out. That's a huge time saver if you're not yet on a
high-speed connection. It also makes it a bit less likely you'll end up
downloading a virus since email from untrusted senders, i.e. spammers will
be significantly reduced.
►Spam Blocking Software
Postmaster Pro which is available at
http://www.postmasterpro.com takes
a novel approach to blocking spam. It only allows email to be delivered
after people who've sent you email have been placed on an approved sender
list. But the interesting thing is that people who send you email can put
themselves on your approved list. This is done simply by clicking a link
in an email that automatically gets sent to them the first time they send
email to you, which is perfect for those of us who don't know in advance
whom we should put on the approved list, i.e. if you're running a business
online. It also makes building and maintaining such a list very simple.
Given the fact that spammers normally use invalid return addresses, and
those who do use valid return addresses seldom read email that's sent
there, let alone respond to it (they receive thousands of failed delivery
notifications, complaints, remove requests, and autoresponder messages
every time they do a mailing) ... it's a very effective technique with no
chance of blocking legitimate email, as is the case with filtering.
►Spam Filtering Software
For those who would prefer to filter ... Spam Assassin is perhaps the
best option. It is available at
http://www.spamassassin.org. Once you have
Spam Assassin installed, it will provide you with very powerful and
flexible filtering tools. Spam Assassin is a mature product, having been
around for quite some time. If you're going to filter, Spam Assassin is
about as good as it gets.
As with any filter though, you do run the risk of missing legitimate
email from time to time. There really isn't a good way to tell how often
this is happening unless you want to read all the email that gets filtered
out, which negates the whole point of filtering. If you set your filters
permissively enough though, you should be reasonably safe. For the first
month or so after installing any filter, you should continue to read every
single email in order to make sure it isn't set too restrictively to allow
legitimate email through.
By using the techniques mentioned in this article, you can take back
your mailbox, and dramatically reduce, if not eliminate spam.
© 2003 by Sean Proske
Sean Proske is the CEO and founding partner of
thewebhostcompany.com which has provided reliable and affordable hosting since
1996.
http://www.thewebhostcompany.com
info@thewebhostcompany.com
|
