May 25 2007
The war on spam
In 2004 Microsoft proudly announced that they would wipe out spam in two years. Well as I write this we are nearly mid way through 2007 and I think we can all agree that this has not been achieved. The recent rise in spam is partly due to image spam, which bypasses conventional junk mail filters.
In my work I am constantly asked about how to avoid getting spammed. The simple answer is that this is near impossible. Sure, you could register an email address and keep it totally private, but what’s the point? So unless you’re planning to lock yourself in the basement in the hope that the spammers wont get you, read on.
Here are my top tips for dealing with spam mail
1. Use junk mail filters
You’re most probably using this already, but if not then how on earth do you cope? Nearly all email clients have junk mail filters built in, I won’t cover this here, but follow the link to your mail client to find out more:
2. Use a separate address to sign up to websites
When you sign up to a website they usually operate on a ‘double opt in’ basis. In simple terms, once you have signed up on the website, the site will send you an email containing a link which you must follow to complete the sign up process. This keeps spammers and ‘bots’ from creating bogus accounts. For this purpose, you could use a temporary email address from sites such as TrashMail, Contactify or Mailinator. However, be aware that this will stop the company from communicating with you and will most likely break their terms. Instead, you could chose to open up a separate email account for mailing lists / online accounts and one for friends and family. This way you can set your junk mail filters on your personal account to only accept messages from senders in your address book
3. Switch to Google Mail
Google mail has very efficient junk mail filters that usually keep up with the spammers. I believe that the effectiveness of Google blocking spam is down to the power of the collective online community. If you report spam to Google, it will log this (most likely on a centralised database). I believe that the more people who flag a particular message as junk, the higher the spam rating that message will receive. Messages with higher spam ratings will either be directed straight to your ’spam’ folder, or deleted by Google before it can reach your inbox. So by harnessing ‘the power of the collective’, the Google junk mail filters can stay ahead of the game.
If you’re used to using POP3 email, don’t worry because Google mail offers free POP3 and SMTP access, so you can setup your Google account on a desktop email client.
If you’re running your own domain name:
4. Never publish your email!
Do you remember that scene from the film Minority Report, where the spider-bots are sent into a building to scan each person’s eyes and check their identity. Well on the web there are similar (if slightly less sinister) spiders. They crawl the Internet, searching web pages for the desirable ‘mailto’ link (usually found on a contact page), these are harvested to create a database of email addresses which can then be sold to [viagra] companies. If you must publish an email address on a website, either use an image without a mailto link, or JavaScript or CSS to display the link (although even this isn’t totally watertight). Alternatively you could create a contact form, which generates an email, although you will then have to determine whether the form filler is a human, either through a CAPTCHA, or by removing HTML tags from the message body and rejecting the message if you’re not expecting HTML (most spammers want to include a link, so the message will contain an “a href” tag.
You wont find any ‘mailto’ links on my websites.
5. Set up an SPF record
The Sender Policy Framework is a system that aims to prevent someone else forging your domain to send unsolicited mail. The onus is on the receiver of the email to look up the DNS records for the domain and check for an SPF record. This record tells the receiver which IP addresses are allowed to send mail for a particular domain. Based on this information from the SPF record, the receiving mail server can then either issue a warning to the receiver or reject the email outright.
6. Use Greylisting
Read all about Greylisting on the official website
7. Use server side spam detection
One way to block spam mail before it gets to your mailbox is to use server side spam detection. Most systems require training in the same way you would train a junk mail filter in your mail client. SpamAssasin is a great module for the Apache server and often comes integrated to Plesk. Ask your domain host if they can set this up for you, most hosting providers now offer some level of server side spam protection.
