Poplar ProductivityWare Articles:
Avoiding Spam Email
by Jennifer Hodgdon
Spam, or unsolicited "junk" email, is a common problem for people connected to the Internet. While it's pretty easy to delete spam, it can take a long time to sort the spam from the non-spam messages, and worse, some spammers have also started attaching viruses to their spam messages. So, it's best to avoid being spammed in the first place. Here are some tips on how to do it.
How does it happen?
The first thing to think about, when trying to avoid spam, is how the spammers get your email address in the first place -- you won't get any spam if the spammers do not have your email address. Here are a couple of methods spammers use to get email addresses:
- They guess -- there are databases available that list all registered domains, and some spammers send email to commonly-used email addresses at those domains, such as "info", "webmaster", and "sales". Some recent viruses also send email to common first names at those domains, such as "bob" and "jane".
- You give it to them, by entering it in a web site form. Examples of this include sites offering free electronic greeting cards (where you might enter your address and the address of the recipient), and any other sites where you have to register in order to receive some information.
- They use email harvesting "robots" (or "spambots") -- these are programs that visit web pages and look for text in the form address@domain, which they can then assume are email addresses. The pages they look at can be regular web pages, archives of electronic mailing lists and news groups, and electronic bulletin boards.
- They use viruses to harvest email addresses from peoples' email address books. Most of these types of viruses are macro programs for Microsoft Outlook.
- If they get your email address through one of these means, and then you give them some indication that you received the message, they'll keep sending you spam. Ways to indicate you got the message include clicking on a link in the message, replying to the message, and having image loading turned on in HTML messages (this setting in your email program will allow a spammer to put a special link to an image in their message, and when you view the HTML mail message, your email program will act like a browser and try to view the image, which will notify the spammer that you, specifically, got the message).
How can you prevent it?
Given the list of spamming methods above, here are a few suggestions on how to prevent spam from reaching your inbox.
Reading Email
- Set up your email program so that it doesn't run macros (which are usually viruses), and doesn't load images and HTML messages.
- Never reply to a spam message or click on its links, even when the links say they will let you unsubscribe.
- Use a virus-safe email program on your computer to view email (encourage others to do the same!), and don't use web-mail (which is likely to view all HTML mail automatically).
- Install reliable anti-virus software, and make sure to update its virus definitions frequently.
Avoiding Common Email Addresses
If you have control over your domain and its email addresses, set up your email account to delete all incoming mail addressed to "info", "webmaster", and "sales" at your domain, as well as any email address you currently have that have become saturated with spam. When you do that, you will probably also want to set up an email autoresponder, with a polite message explaining why the incoming mail was deleted, in case a non-spammer sends you email. And if you are going to retire an existing email address, of course you will want to notify non-spammers who regularly send you email of the change, ahead of time.
Entering Email Addresses On Web Sites
When registering an email address on a web form, or signing up for an email mailing list:
- Only enter an email address it if it's essential that you register on that site.
- Read the site's privacy policy, so you know what they plan to do with your email address.
- Never send electronic greeting cards offered by a web site.
- Never enter someone else's email address without their permission on any web site.
- If it is essential for you to enter an email address, use a free Yahoo or Hotmail email address (you can always delete the account if it gets overwhelmed by mail). If possible, set up multiple email addresses and use a different one on each site where you had to supply an email address, so you know where the spammer got your email address.
- As an alternative to using free email addresses, if you have control over your own domain and email accounts, you can set up a "catch-all" account, where you receive all incoming mail that isn't to one of your "usual" email addresses. Then, for instance, if your domain is called "mydomain.com" and you are registering on "xyzpdq.com", use the email address "xyzpdq@mydomain.com". Then, if that site turns out to be a spam harvesting site, and you start getting spam addressed to "xyzpdq@mydomain.com", you will know where it came from, and you can set up your email account to delete all incoming mail addressed to "xyzpdq@mydomain.com".
Hiding Email Addresses on Your Web Site
On your web site, do not put your email address in plain text. What's important here is that the spambots cannot find your email address; so essentially, you want to make sure that if you use the "View Source" command in your browser, on any of your web pages, you will not see your email address in the HTML source text of the page. Since it is likely that you will want to provide your email address so that people can contact you from your web page, here are some alternatives:
- Use JavaScript to print your email address on the page,
instead of typing it in directly. Here is one example of how
to do this, assuming the email address you want to display
is "myname@mydomain.com". (The details of how to put this
into your web page are omitted -- if you are unfamiliar
with HTML and JavaScript, you can
contact Poplar ProductivityWare,
and we will be happy to help you fix your web site.) This
example is free for you to use, though it comes with no warranty:
<script type="text/javascript">
Not all browsers support JavaScript, so if you are concerned about web site accessibility, you will also want to provide some way for users who do not have JavaScript to find your email address. I suggest text such as this:
<!--
var username = "myname";
var hostname = "mydomain.com";
var linktext = username + "@" + hostname;
document.write("<a href=" + "mail" + "to:" + linktext + ">" + linktext + "<" + "/a>");
// -->
</script>
Note: The email address just before this note was added to this web page using JavaScript. If you can't see it (because your browser does not support JavaScript), the address is at "mydomain.com", and the email address is "myname".
- If you are using the standard FormMail script from
Matt's Script Archive, Inc.
(for a contact form)
on your site, it requires you to put your email address
in the HTML text for your site. However,
if you have the ability to run Perl-based CGI scripts of
your own on your site, you can download your own copy of
the FormMail script, and modify it. As a software developer,
I respect Matt's copyright on the software, so I will not provide
my modified version here as a download. Instead, I am providing
instructions on how to modify it yourself (warning -- somewhat technical,
assumes a lot of background knowledge, and short on details!).
You can also contact Poplar ProductivityWare,
and we will be happy to help you fix your web site.
These directions and code lines are
free for you to use, though they come with no warrantee.
- Download the FormMail script from Matt's Script Archive, Inc., and open it up in a plain text editor (such as Notepad on Windows).
- Search for "sub parse_form" (around line 125), and insert this
line somewhere in the %Config definition (it should go between two
lines that look very similar to this line):
'recipname', '', 'recipdomain', '',
- Search for "sub check_required", and go up a couple of lines,
just before the closing "}" curly bracket, and insert these three lines:
if( $Config{'recipname'}) {
$Config{'recipient'} = $Config{'recipname'} . '@' . $Config{'recipdomain'};
}
- In your HTML page, instead of using the "recipient" field
to specify who to send the email to, use the new "recipname"
and "recipdomain" fields, to split your email address up. For
instance, if the email address you want the contact form to
send email to is myname@mydomain.com:
<input type=hidden name="recipname" value="myname">
<input type=hidden name="recipdomain" value="mydomain.com"> - Upload the new HTML page and new CGI script to the appropriate directories on your web server, using "plain text" file transfer rather than "binary", if possible (some web servers will not run CGI files if they were uploaded from Windows to Unix in binary mode).
On a related note, if you are using your own copy of Matt's FormMail Script (as opposed to one that your web host provides), make sure you have version 1.91 or later, and that you have set it up so that it can only send email to places you intended (i.e., yourself). The earlier versions allowed spammers to co-opt your script to send spam email. Read more about this, and download the latest version, at Matt's Script Archive, Inc.
How can you report it?
Most email and internet service providers have a policy that states their subscribers cannot use their services to send spam. So, if you get spam, you can report it to the service provider -- check out SpamAbuse.org for more information.
Poplar ProductivityWare: your Seattle-area source for web databases, web programming, Drupal modules and sites, and WordPress plugins
Home | Services | Experience | Articles | Downloads | News | About | Contact UsPoplar ProductivityWare® is a trademark registered in the U.S. Patent and Trademark Office
Copyright (C) 2003-2009 Poplar ProductivityWare LLC
RSS Feed: