Home

Services
Consulting
Network Administration
Maintenance
Web Design
Web Hosting

Resources
Books
Learning Web Design
Tips
for Webmasters
for Everyone
Avoiding Spam
Proper Bulk Mailing
Security
Tidbits

Support
Log In

Contact Us

CSC is an Apple Affiliate

© 1996-2007 Commercial Systems Corporation

How To Avoid Spam

While it is almost impossible to avoid all spam, there are a few steps you can take to eliminate most of it, and to make it hard for spammers.

Here's a rundown:

  • NEVER REPLY TO SPAM.
    If you follow their instructions to remove yourself, you've just verified that you're attentive and responsible, and that your email address is valid. They can now sell your email address to other spammers as a "verified address".
  • Join spamcop.net.
    This service allows you to report spam you receive and automates the process of notifying the spammer's ISP and having their account removed.
  • Enable your mail server to use a blacklist or sign up for a blacklist-enabled mail account. The email addresses that come with our hosting services are filtered using our own built-in blacklist combined with spamcop's RBL (Real-Time Black List).
  • Never put your email address on a web page or news group.
    Spammers use web-crawling software to read email addresses from web pages. even if you don't use a "mailto:" link, they can read the format of "name@domain.com". If you're designing a web page, use a contact form like this one. It uses a CGI script to forward the form to the appropriate person. If you have to put your email address on a page or news group, "munge" it so a person can understand it but a program can't. Like this:
    Instead of "name@domain.com" put "name 4 at 4 domain 4dot 4com, remove the 4s"".
    (Note, you could also use "name at domain dot com", but smart software could figure that out...)
  • When you're giving your email address to a web site, use a "seeded" address.
    (note: send a test message to yourself first to make sure your mail account accepts this, or sign up for one of our email forwarding accounts. :))
    "sendmail" software allows the use of a plus sign (+) in an email address. It will ignore it on delivery, but you can use it in filters, or to identify where the sender got your email address from. For example, if you're on www.excite.com and you're entering your email address ("name@domain.com") in a form, enter "name+excite.com@domain.com". Any email that excite.com sends you will appear as "To: name+excite.com@domain.com". AND, if they happen to sell your name to a spammer, you'll see that. (Note: if you know what you're doing you can bill them for violating their posted privacy notices and for violating your Acceptable Use Policy).
    Now one might think "well, a spammer could just remove anything after the plus sign". Sure, so always use the plus sign in your email address. Set your reply-to address to "name+reply@domain.com". Then if you get any mail to "name@domain.com", you can filter it into the trash.
  • TURN HTML OR DISPLAY IMAGES OFF in your mail program.
    A spammer can use a cleverly written "IMG" tag to verify your email address. The IMG tag is loaded by your mail reader when you open an HTML message. The tag specifies a server name and a file name to load. The spammer can, instead of specifying a file name, specify a CGI script with a unique code that identifies your address. When your mail reader requests this "file" from their server, their script marks your email address as "verified" in their database. You just see an image display. But how do you read email then? If your email program has the option to view HTML messages as plain text, turn it on. If you're just viewing the plain text, it won't load images. Also, if your email program has the option to not load images in HTML email, you can turn that on. (Earthlink's new Web Mail service has this option for example). As long as your program doesn't try to load the images, you're ok.
  • NEVER RUN ANY ATTACHMENT THAT ENDS IN ".EXE" - DELETE IT.
    This should be obvious, and is really more of a virus protection than a spam protection, but it's such an easy way to prevent serious problems that I had to include it here. Viruses will send themselves as an attachment named "picture.gif.exe" or similar. Users will see the "picture.gif" and assume it's a picture. The computer cares about the ".exe" though. That means it's an executable file. If you download and run it, you are running a program on your comptuer that can do ANYTHING IT WANTS. This could be anything from forwarding your address book to a spammer, loading a monitoring script onto your network, forwarding itself to everyone you know, or even sending a spam from your computer. Also watch out for ".vbs" files. Those are Visual Basic Scripts, and can do similar things.

Using these techniques, we manage to receive only a couple spams a day from really old, posted, email addresses. Newer accounts frequently get none.

Valid HTML 4.01!