How to protect from spam

[kappa84]

One of the spammer’s methods to find your email is to go through thousands of websites and collect any email addresses that he finds there. For this job he uses special softs named spam bots and spam harvesters.
It’s obvious that every company that has a website with an email address will become a victim.
Besides reporting the spam you can try to fight against it using these solutions.

1. Mail Address Obfuscation:

This is a method that hides you email from spam bots but it leaves it perfectly visible to site’s visitors.
Let’s say we have this email: mymail@server.com .
If it’s on a website page, usualy it is inserted as a link like : <A HREF= "mymail@server.com" >mymail@server.com < /A> because when a visitor clicks on it it will automatically open in his email program.
The problem is that the above email will be 100% collected by spammers’ software. A very good service to camouflate your emails is here: http://alicorna.com/obfuscator.html . Every letter in this address it’s replaced with an ASCII code, so the visitors will see your email exactly how they’re supposed to see it but the spam bots will not see your email (unless they are very sopfisticated).
An extreme protection is writing the address like a small image on your website (without a link). If your email is too long and complicated it’s better not to use this way, or the visitors could mistake when they write down it.
A much simpler way is to write the address as mymail at server dot com.

2. Spam poison

Using this way your site will have links to other webpages that contains lots of fake email, randomly generated. When a spam bot visites your website it will only collect lots of fake emails (only if your real address are camouflated using method 1).
A good sollution for spam poison webpages it’s that its to be generated with dynamic scripts. Here is an excellent CGI example implemented in perl: http://downlode.org/Code/Perl/spamtrap/ .
If you don’t have access to CGI webpages, you can use this PHP script: http://www.hotscripts.com/Detailed/39589.html .
Wpoison is another good method to use: http://www.monkeys.com/wpoison/ . You might dislike it because it puts a copyright banner with a skull.
Usually spam bots ignore the exclusion directions from robots.txt. It’s recommended that “poisoned webpages” to be listed with Disallow to avoid being scanned by crawlers from searching engines. This way the spam bots will search every webpage and link on the website, ignoring the restrictions, and its will fall in your trap.
Do spammers get fooled by fake addresses generated by poison? Not really, but they’ll have to make some efforts to process fake emails. More than that, they preffer to avoid this websites whom contains poison because time is precious for them and they won’t loose it searching for fake addresses.
Use spam poison only with number 1 method. The results will come in several months.

3. Honeypot


A honeypot it’s a trap that will record :
a) spam bots visit, their type and Ips
b) how long time does it take to start spamming and what’s it source
It’s clear that between spam bots and spamming sources is a connection, and a honeypot will make this connection obvious. After a spam bot visit, usualy your emails will begin to receive spam shortly.
How to install a honeypot on your website? Visit http://www.projecthoneypot.org and you’ll find anything you need. This project is free and you can one account for more sites.
An email address used by a honeypot will not be see by website visitors, but only by spam bots. So there’s no possibility that a visitor to send emails to a honeypot, those addresses are only for receiving spam.
Using a honeypot will make a part of received spam to be thrown to those addresses that will try to identify spam sources.

According to the statistics, USA it’s no.1 in collecting emails with spam bots, followe by China, Spain, Romania and Germany. http://www.projecthoneypot.org/statistics.php

Quote:

Originally Posted by kappa84

If it’s on a website page, usualy it is inserted as a link like : <A HREF= "mymail@server.com" >mymail@server.com < /A> because when a visitor clicks on it it will automatically open in his email program.

Actually, the correct way to link to an email address is to use mailto: in front of the email address when linking to it. For example :

Code:

<a href="mailto:example@example.com">Contact Us</a>

Quote:

Originally Posted by kappa84

A very good service to camouflate your emails is here: alicorna.com/obfuscator.html . Every letter in this address it’s replaced with an ASCII code, so the visitors will see your email exactly how they’re supposed to see it but the spam bots will not see your email (unless they are very sopfisticated).

It is a pretty good service, it converts normal ascii characters to html entities.

Another way to avoid this type of spam is to use a contact us form instead of providing an email address. Using a contact form also enables you to mail the message to multiple recepients, classify it into a category, archive it and then send it to the concerned individual for example tech support or billing etc.

[kappa84]

Thanks for the additional information.
I forgot about the contact us form.

[TeamPlayer]

Great information on helping to avoid spam, though sadly nothing is foolproof. Thanks for posting.

[Bagi Zoltán]

Quote:

Originally Posted by TeamPlayer

Great information on helping to avoid spam, though sadly nothing is foolproof. Thanks for posting.

I found out a way that is absolutly safe. The html code of the mailto link need to get converted to javascript, which must be placed into external file.
I use this php code to disable the direct access to the js files

PHP Code:

<?php
$accept =$_SERVER['HTTP_ACCEPT'] ;
$file =$_SERVER['REQUEST_URI'];
if(stristr($accept, 'text') && stristr($file,'.js')){
header("HTTP/1.0 403 Forbidden");
exit;
}
?>

which is executed with the php_value auto_prepend_file .htaccess command. The solution has only one weakpoint, but it is very weak and spambots don't have possibility to have the remedy.

[Candeleena]

I heard that a good way to cheat spambots is to paste a small grpahic with "@" instead of the actual character. Spambots will not recognize it as an address, and humans should be able to guess that they need to copy, paste and REPLACE the icon with a real @ character.
However this has proven untrue for my users. I received complaints that it is impossible to mail me because the address 'doesn't work'.

Do you think it would be better to write the address like that: somebody[@]something.com? People should notice the brackets, shouldn't they? Wii spambots understand that it is an address?

[temi]

You could write the address the way you suggested, you could also write the address with graphic, but ensure its writing in a way graphic reading spambot cannot read.

Quote:

Originally Posted by Candeleena

I heard that a good way to cheat spambots is to paste a small grpahic with "@" instead of the actual character. Spambots will not recognize it as an address, and humans should be able to guess that they need to copy, paste and REPLACE the icon with a real @ character.
However this has proven untrue for my users. I received complaints that it is impossible to mail me because the address 'doesn't work'.

Do you think it would be better to write the address like that: somebody[@]something.com? People should notice the brackets, shouldn't they? Wii spambots understand that it is an address?

[Alan]

Spam is a huge problem, and there's no sure way of preventing spam, with the exception of having no email account.

One way I attempt to beat the spammers is to have a "junk" email account for suspect lists, and for submitting at SOME sites.

If using asp code don't put the action in the form to an eamil address, instead use CDONTS to process the form and send mail, similar to the php idea in a previous post.

[AppleFan]

When did spamming become such a science!? I have gotten quiet a few spam emails lately but always delete them. Is that enough? I want them to stop!

[Candeleena]

Thank you for your answers and explanations. I realize there are no 100% sure methods.