Most spam is fairly harmless, but it can contain viruses or spyware. And on the whole, spam clogs Internet servers and causes downtime. No matter what, it’s annoying. So, when spam blockers fail to catch all that junk email before it appears on your desktop, you may have to take a different approach: Go on the offensive!
There are actually three levels of the spam issue:
1. There are things an individual can do to avoid getting spammed.
2. There are some things developers for corporate networks and websites can do to prevent spam from infiltrating their email base.
3. The problem with spam blockers is that legitimate emails can be tagged as spam and never reach their intended recipient.
We’ll focus on item number one in this article.
First, never use your “real” email address for on-line shopping. Though retailers are careful with their lists, hackers can get into their databases and start spamming. Even if you have a special email address set up for shopping, if it has your “@yourwebsite.com” included, spam bots (utilities that scan websites for email addresses) will pick that up and start sending to all kinds of variations on that address. Pick up a Yahoo or Gmail account.
Second, never reply to spam. Even if you’re telling them what they can do with their spam, it tells them that the spam bot has hit a real person. That information can then be shared with other spammers. In fact, even opening the spam, or clicking on any links in it, can trigger action from the spammer. Using your email client’s preview window to view emails before you open them will help you avoid inadvertently corresponding with a spammer. The same goes for attempting to “remove from the mailing list” links. It may seem legitimate, but it’s one more way to verify that the address is active to begin with.
If you have a website, don’t put your email address on it, even in a “mailto:” tag. Spam bots will see this. What you can do is use a graphic for your email address. Or, if you’re developmentally savvy, you can use a PERL script to hide the address. There’s more on that at http://www.bestprac.org/articles/spam_bots/htm.
This may sound cold, but despite how sweet they sound, or much you trust the friend that sent it, don’t engage in on-line chain mailing. These “forward to 20 of your best friends” emails are a tool used by spammers to collect email addresses.
Don’t use your real email address for screen names on chat sites. It’s a sitting duck for spam bots. In fact, avoid giving your email address on any kind of message board, newsgroup, or guest book. The owner of the site may not intend any foul play, but spam bots may obtain your email address from such sites.
As a completely untested, anecdotal effort, try “unsubscribing” to all those legitimate newsletters and retail offers. I did this purely on a whim, and found that my spam dwindled to almost nothing. Further, when a new, previously requested newsletter appeared, it seemed to come with a batch of spam. There may be no correlation, but if you can live without all those emailed newsletters and sale notices, see if it helps reduce the spam that appears in your inbox.
At last, but not least, despite the resignation that spam blockers don’t protect you completely, do make the most of your email client’s spam protection. It may offer blocking and a blacklist. Be sure to use this in conjunction with all the preventive measures discussed above.
We looked at measures email users can take to reduce the amount of spam that comes into that inbox. Because spam bots, which collect target addresses, frequently get their lists from existing website databases, it’s important to safeguard them.
Neil Gunton provides a three-part approach to stopping spam bots from getting into your website:
Eliminate email addresses from your site.
Use a spam bot blocker, such as BlockAgent.pm module from the O'Reilly mod_perl book or Web Form Anti-Spam Protection. You can also try an email scrambler like the one from Blog Flux.
Set a trap. Gunton goes into this in great detail on his website, http://www.neilgunton.com/doc/spambot_trap#90.
Let’s talk more about step number 2. Even though your website may not list email addresses on a viewable page, the forms that collect the email addresses may deposit them in the code itself. For example, if you register people under a user name to protect their identity, somewhere that username is indexed to an email address for communication purposes. Spam bot programmers know this, and they look for certain keywords in a database that indicate email addresses might be left: “newsletter,” “journal,” “message board,” “post,” “thread,” “reply,” “chat” etc. So regardless of whether your website contains visible email addresses, you must take steps to protect those who visit your site and leave the address somewhere.
When your website collects email addresses, do not store them in the HTML code of the site. Instead, store them in the script or outside database. Alternatively, encode the email addresses via ASCII or JavaScript encoding. Another method is to redirect your mailto: tags so the spam bot gets lost.
For more details about these methods, and other ideas, go to http://www.bestprac.org/articles/spam_bots.htm.
Other references:
http://www.neilgunton.com/doc/spambot_trap - 90
http://www.bestprac.org/articles/spam_bots_3.shtml
| 
