Email spam is quite a popular topic at the moment. Not only are there a few mentions in my feed reader, but just this week I decided to route all of email for my main client hosting server through a dedicated email filtering appliance which is basically a dedicated mail server kitted out with a Bayesian filter. It’s quite an advanced piece kit which is not only very accurate when it comes to identifying true spam, but also has a nice user interface to allow easy access to the quarantine and white/black lists.
As well as more accurate email filtering, it means that the web server doesn’t have to process the thousands of emails it would otherwise have to every day and can get on with serving websites. So for my web hosting clients, it’s a big plus. For me, it’s a little extra cost, but the web server is more stable and there are more resources available.
Personal Spam
Moving on to spam that I receive personally, well, I don’t really get any or at least hardly any ever gets through to me and I personally use dozens of different email addresses. I can’t even remember the last time I saw an email flagged as spam in my copy of Mailwasher Pro – a truly excellent piece of software which I use to monitor all of my active email addresses.
How’s this possible? I used to get spam, like most people do, but then I spent a lot of time researching the subject and coming up with practical ways in which to avoid it. The key to avoiding spam is prevention. Keep your email addresses as secret as possible by using CAPTCHA’d contact forms and if you really have to show an email address then take some measures to prevent it from being harvested.
After advising friends and family on how to avoid spam and them seeing a drastic reduction in the amount of spam they got, I decided to put down what I’d found into a guide…
How to Avoid Spam
How to Avoid Spam is a 40+ page PDF ebook on the topic of spam; what it is, why you get it, how to spot it and importantly how to avoid it. It also comes with an email encoder desktop application to make your email safer to publish online.
The ebook bundle is just $7 and you can promote it to others and claim 100% of each sale. The email encoder application displays a brandable link back to the sales page so you can give that away to people to use for free. If they should click on the link and make a purchase you’ll receive the proceeds of the sale!
How to Avoid Spam Contents
Here’s the table of contents from the ebook:
Introduction 5
Chapter 1: Spam - What is it? 6
Chapter 2: How Spammers Get Your Email Address 8
Harvesters 8
Good Spam 8
Not Hiding Your Email Address Properly 9
Reporting spam 10
Chapter 3: Email harvesting techniques 11
Dictionary or Brute Force 11
Web harvesting 11
Usenet newsgroup harvesting 12
Email lists 13
Web browser leaks 13
Chapter 4: Once They Have Your Email Address 14
How to beat spammers 14
Why you shouldn't open or even preview suspected email 14
Chapter 5: Prevention - Tactics to Avoid Being Spammed 16
Don't publish your email address in plain text 16
Encode your mailto link with JavaScript 16
Encode your mailto link with Character Entity encoding 17
Display your email address as an image 18
Display your email address as a flash animation 18
Display your email address so only a human reader will understand 18
Use a server-based contact form. 18
Be careful with who you give your email address to 23
Use a free email account if you absolutely must provide a real email address 23
Use email forwarding (redirection) 24
Domain registration details 25
Screen Your Email 26
Educate Your Friends and Colleagues 26
Challenge-Response 26
Chapter 6: Cure - How to Rescue An Email Address From Spam Hell 29
Server-based spam filtering 30
PC-based spam filtering 30
Bayesian filtering 32
Using a Desktop Based Email Filter 34
What's The Best Type of Filtering? 34
Chapter 7: Why Do Spammers Spam? 36
Scams 36
Chapter 8: Don't Get Classed As a Spammer 39
Final words 40
Appendix A – Anti-Spam Resources 41
Anti-Spam Information 41
Internet Tools 41
PC-based Spam Filtering Applications 42
Server-based Spam Filtering 42
Bayesian Filtering 42
Challenge-Response Systems 42
Encoders 43
Obfuscation 43
Contact Forms 43
Spam Statistics 43
Email Harvester Poison 43
Email Clients 43
Glossary 45
Get your copy of How to Avoid Spam today and get ready to say goodbye to spam!
Despite the best efforts being made to avoid spam, I find that I still have to cope with it on a daily basis. i do not believe that there is one single product that can eliminate spam completely. The best spammers must be the webmasters of adult sites. I find that they employ a number of techniques to bypass filters and appear to be quite good at it. Does anyone have an answer to them?
I think you’re right; there isn’t a single product that can filter out spam completely, but by combining several layers of defences I’ve found that spam just isn’t something that bothers me any more.
What form of filtering do you have in place?
Unfortunately as a Ltd company or VAT registered business (in the UK) you need to display a plain text email address, so that will always be picked up by spammers. I’ve also yet to find a fully accessible captcha, and to be honest have problems with them myself if I’m not wearing glasses!
Mailwasher is however a fantastic program. I’ve been using it for about 4-5 years now and you can’t fault it. Whilst I may still suffer from spam, at least it never actually reaches my computer!
Sarah, there are ways to encode an email address and still have it display properly in a web browser in plain text although as I understood it, the requirement is only to display an email address, but not in any particular format.
One of the things I like to use in contact forms is a hidden (using CSS), empty field. Most spambots will simply fill in every field in a form including hidden ones so when it comes to processing the form contents you’ll know to discard any that have the empty field populated.
Also, I find simple questions such as “2 + 2 = ?” or “what is the third letter in the word ‘blue’?” work quite well.
My forms are usually pretty much spam free (well the modern ones are, the older ones still need updating with spam prevention methods!). Various checking for spam words, checks on input and ensuring that’s what is received is what is expected etc. I usually use the sum method if a client asks for a security question to be added to their form, of course it’s still not deemed 100% accessible but it’s about the best solution around at present.
As for displaying an email address on a page. It needs to still be accessible. I have had an email as an image and the alt text just ‘reads’ the email address out (sales at wherever dot com) but of course this method is still probably picked up by spam bots as it’s so widely used it’s most likely coded into them by now!
Have you ever looked at ‘Bad Behaviour’? I have it running as a WP plugin to stop the known bots from hitting my blog, however I do believe you can download a standalone version to run on any site.
Well, the hidden form field is accessible, but needs some meaningful text to prevent people just filling it in randomly if they happen to be accessing the form without CSS e.g. by screen reader.
I’ve had success with using character entity encoding email addresses so they’re obfuscated within the source code, but rendered just as usual in a web browser (works in Lynx too).
Technically, it’s possible that email harvesters could decode them, but so far the addresses I’ve encoded haven’t been spammed and even if they were, that’s only the first layer of defence!
I’ve just taken a quick look at Bad Behaviour and it looks interesting. How have you found using it so far?
For WordPress, Spam Karma 2 deals with virtually all of my comment spam, but recently a few trackbacks from splogs have been popping up so I’ve blocked their IPs.
I’ve put Bad Behaviour on 3 blogs and not seen a problem yet. My bandwidth did drop on my main domain by about 40%, whether it was tied in with that or just one of those strange occurances I don’t know!
WP spam is dealt with by Akismet fine, however I prefer to try and stop the bots submitting their spam in the first place so I also rename my comments file and run BB to help. Comparing my server to external stats shows about 50% of my ‘visitors’ are not loading graphics so I’d imagine a good portion of these are bots, eating away at my bandwidth!
Will have to try your hidden input field out and see how it fares
That sounds pretty good! I’d be quite happy to see some bandwidth and load saving. I’m still getting spammy pingbacks so I’ll definitely take a closer look at BB.