Fighting the SPAM War

It is reported that 60%+ of internet traffic on mail servers are spam messages. If you run a website, you can be sure that you are (or will be over time) receiving a tremendous amount of unsolicited email messages. If you haven’t started a website yet, remember that an ounce of prevention is worth a pound of cure. There are safeguards you can use to minimize the number of unwanted messages you receive.

WHOIS data: When you register a domain name, you are required to provide contact information for the WHOIS database, which can later be harvested by spammers for e-mail addresses. To protect yourself from such unscrupulous people, I suggest using a dummy account with a free email provider such as Yahoo or Hotmail (don’t forget to check it at least once a month) - if you’ve already registered your site and have listed your primary email address in the WHOIS contact information, it is highly recommended that you update the information with a new dummy email address. Your host and registrar will have your primary email address on file - you simply need to remember to keep your information with them up to date. If this seems like too much work for you, you can always use a WHOIS privacy service such as the WhoisGuard service provided by www.namecheap.com ($4.88 - which is a great value).

Your web pages: One of the first things I do when creating a website is create a contact form with the email address embedded in the mailer script such as PHP or ASP. Why? There is a lot of software floating around out there designed solely to crawl website harvesting them for valid email addresses (some will even ignore the robots.txt file completely). Once you’ve created your forms, you can then begin to include your email addresses in your web pages for those who wish to email you directly from their email clients - you can write your email address as yourname[at]yourdomain.com and instead of using the ‘mailto:’ link - hyperlink it to your contact form. You may also include a note for your visitors to replace the [at] with the @ sign. Make sure you remember to do this with all the email addresses within your site.

Newsgroups/forums/subscriptions: It’s a hard pill to swallow, but these areas are not safe from email harvesting either and even worse, some newsletter publishers don’t even adhere to their own privacy policies (very rare, but it does happen). Be careful where you post your email address and don’t make it a habit to sign up with every forum you should come across. Make sure you find the information useful to you and that you trust the website first. For extra protection, use a an email address other than your primary one for all your subscriptions (ex: subscriptions@yourdomain.com). If you wish to post an email address in the forums for the readers to contact you, try to use the format described in the previous section with a note to replace [at] with @ and hyperlink it to the contact form on your website.

Unrouted email messages: An unrouted email message is a message addressed to an email with your domain name that does not exist - i.e. admin@yourdomain.com, only you never created an admin@yourdomain.com account. The default setting is to have these messages delivered to the root email account. Many webmasters don’t realize this and the webmail for the root account never gets checked - I came across an account with 75 pages of unrouted email messages (roughly 14,000 messages) and taking up about 15MB of their of webspace. Believe it or not, some spam software is designed to create plausible names (i.e. admin, contact, customerservice, webmaster, abuse, etc. @yourdomain.com) and just go for broke and hope the account exists.

If you are using CPanel, you can check your default email account by clicking on the “webmail” icon from your control panel home page. You can also set what your unrouted messages will do by clicking on the “mail” icon and selecting “default address", then “set default address” - you can then choose to blackhole unrouted messages (just let them disappear into cyberspace - my personal favorite), fail messages (bounce them back to sender) or you can specify an email address you want them forwarded to. If you are afraid someone simply misspelled your email address and you want to sift through the unrouted messages, set up an email account specifically for them (ex: unrouted@yourdomain.com) and remember to check it every week or so.

SPAM filters: I consider spam filters to be a final line of defense if all others fail. Currently, I use Mozilla Thunderbird as my email application and it comes with a built in spam filter which can be trained to catch unsolicited email. There are also many other SPAM filter software out there for email clients such as Outlook, Outlook Express, Eudora, etc. which are worth a look. To find out more information on the available spam filters, check out www.spamfighter.com (for Outlook and Outlook Express - free) or do a quick google search for “free anti spam software” for your platform.

A special note for AOL users: While I have nothing against AOL and they are trying very hard to combat spam, they are slowly, but surely losing the battle. I’ve had two email accounts opened with them, and before I even had a chance to sign up for anything or even tell my family about it - I received spam. I do not know why they are so prone to spam, but something tells me it has a lot to do with their member directory. My advice, get another email address - just remember to check your AOL email every once in a while to delete the messages. I’ve also noticed that a lot of other subscription services are declining to email AOL users due to their new “report spam” button being far too close to the delete button and webmasters of legitimate email lists are getting warnings from their ISPs.

In closing, I have managed to keep my current primary email spam free (literally) for over a year using these methods, and before that I kept my primary email address spam free for just over two. I will plainly admit that I have no sympathy for spammers, and I make sure to hunt down anyone who sends me spam and report them until their site is either shut down or their ISP is added to a block list.

If you want to learn more on fighting this spam war, there are many valuable resources online such as www.spamhaus.org which hosts a blacklist of known spammers and www.spamcon.org which has a wealth of information on protecting yourself against spam.