The reason Ö a website
doesnít do you much good if you donít give potential customers a way to
contact you, and that normally means posting an email address on your
website, where it is vulnerable to email address harvesting tools used
by spammers. Domain registration records are also a common source used
In order to conduct
business online you now need to sift through the endless barrage of
offers for herbal viagra, pornography, pyramid schemes, and so on.
With such a large
volume of spam to contend with, itís likely youíve lost sales due to
missing important emails that simply floated away in this sea of spam.
And there's no way to really calculate the cost of that lost business.
If you've missed email then how can you ever know how much business
If you want to solve
the problem, you need to be proactive because the sad reality is that if
you do nothing, it will only get worse until finally it reaches the
point where your email account has become totally and completely
unmanageable. Fortunately there are a few options available to you.
Securing Your Domain Registration Against Spammers
First let's address the
whois database, which is a publicly accessible database in which your
domain registration record is listed Ö and that includes your email
address. It's not uncommon now for people to be spammed at a brand new
email address within hours of registering a new domain.
Go Daddy http://www.godaddy.com
is a domain registrar that now offers private domain registrations. At
the time of writing this article, they are the only registrar who
currently offers this service. Hopefully in time, other registrars will
pick up on this idea and offer the service too.
With a private domain
registration, which costs only a few dollars more than a regular
registration, your contact information including your email address will
not be publicly accessible in the whois database.
Thatís guaranteed to
cut down on spam quite significantly as this very important source of
addresses that spammers use, will no longer provide your address to
If you donít wish to
obtain a private domain registration, then there is another option that
will be equally effective. Set up a new email address that you use only
for the purpose of providing registration information for your domain
name. You can easily scan email sent to that address for messages from
your registrar, and delete the rest without having to read it.
Securing Your Website Against Spammers
The other major source,
and by far the biggest source of email addresses for spammers is of
course the mailto links on your own website. Email address harvesting or
extraction software as itís known is cheap, easy to use, and readily
available Ö and itís very effective. That means there are a lot of
spammers out there with easy access to your email address.
Chances are hundreds or
even thousands of spammers using such software have already harvested
your address. And what can you do about this? You need to provide a way
for your customers to reach you by email, or you'll lose business. There
are steps you can take to prevent your email address from being
harvested and used by spammers though, while still providing legitimate
visitors to your site with a way to email you.
One solution is to make
all the mailto links on your site point to a form instead, which will
still provide a means for people to send you email. Provided you use a
CGI script that doesnít require the address to be embedded within the
form itself, you can shield your address from email address extractors.
If you donít want to
require people to fill out a form to email you from your website, then
you can get a little more creative. It is possible to put a mailto link
on your site that when clicked will still launch the senderís email
program, and start a new message with your address in the To field Ö but
without having to embed your email address in the mailto link where spam
software can snatch it.
It looks like a normal
URL, and there's clearly no email address anywhere in the link, but when
clicked, instead of loading a web page in your browser as you may have
expected, your email program opens up.
Howís that possible you
might ask? Simple. A little magic with CGI using Perl or PHP will do the
trick. A free copy of a script that does this is bundled with Postmaster
About Spammers Who Already Have My Address?
So far weíve discussed
a few fairly simple techniques designed to prevent spammers from
obtaining your email address in the first place. But, how do you deal
with the spam youíre already getting? Your address is already out there.
The solution is to either block or filter.
For either, you'll need
software. For blocking, I recommend Postmaster Pro. If you prefer to
filter then Spam Assassin is highly recommended. Both run on the server,
so there is no need to download spam before filtering it out. That's a
huge time saver if you're not yet on a high-speed connection. It also
makes it a bit less likely you'll end up downloading a virus since email
from untrusted senders, i.e. spammers will be significantly reduced.
Postmaster Pro which is
available at http://www.postmasterpro.com takes a novel approach to
blocking spam. It only allows email to be delivered after people whoíve
sent you email have been placed on an approved sender list. But the
interesting thing is that people who send you email can put themselves
on your approved list. This is done simply by clicking a link in an
email that automatically gets sent to them the first time they send
email to you, which is perfect for those of us who donít know in advance
whom we should put on the approved list, i.e. if youíre running a
business online. It also makes building and maintaining such a list very
Given the fact that
spammers normally use invalid return addresses, and those who do use
valid return addresses seldom read email that's sent there, let alone
respond to it (they receive thousands of failed delivery notifications,
complaints, remove requests, and autoresponder messages every time they
do a mailing) Ö itís a very effective technique with no chance of
blocking legitimate email, as is the case with filtering.
As with any filter
though, you do run the risk of missing legitimate email from time to
time. There really isn't a good way to tell how often this is happening
unless you want to read all the email that gets filtered out, which
negates the whole point of filtering. If you set your filters
permissively enough though, you should be reasonably safe. For the first
month or so after installing any filter, you should continue to read
every single email in order to make sure it isn't set too restrictively
to allow legitimate email through.
By using the techniques
mentioned in this article, you can take back your mailbox, and
dramatically reduce, if not eliminate spam.