Dealing With Spam
If your spam levels are low or reasonable, one option is to install anti-spam software. If your spam levels are more significant, you should try to figure out where the spammers are getting your email address from, and elliminate those sources. The effect won't be immediate, but hopefully after 3 to 4 months things will die down to a more reasonable level. Here are a few tips:
Email Spam is generated by a number of means (let's call it "The 4 S's of Spam"):
Programs ("robots") which scour the web for email addresses. They hop from websiite to website looking for email addresses on the websites. Or some smart ones do a google search for a certain industry and tehn scour just those sites for email addresses, so that they have a more targeted list.
Spyware on your computer (Also called 'scumware'):
People submit their email addresses to sites, and those sites then sell their marketing databases. This could happen with quite reputable companies, such as when you submit your email address together with an order. But really prolific nuisance spam occurs when you submit your email address to "FFA" sites or other "multilevel marketing" cons. Words to watch out for are "MLM", "downline", FFA, etc. This can occur when you use an automated program or service to "submit your website to thousands of search engines".
A spammer sends out email to every combination of possible email address on your domain. e.g. firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, etc, until firstname.lastname@example.org
To prevent spam-bots from harvesting email addresses on your website, your website needs to be coded in such a way that only humans can read the email address, not spam-bots. This is something that can be fix with two options:
Note: Your email address may also be on websites that you do not control. Examples are if you post to a bulletin board with your email address in your member profile, or if your company is an exhibitor at a trade fair. You should try to get your email address removed from these sites. If they are trade directory sites, get them to display your web url instead of your email address.
- Replace the email address with a contact form. If implemented correctly, this solution is effective against the most sophisitcated spam-bots in use today, and also offers high levels of protection against more sophisticated spam bots which may be invented in the future.
Check your PCs for scumware and remove them. There are good anti-scum software available to do this, such as "Spybot - Search & Destroy". Once clean, your PCs should be kept clean with a combination of good anti virus software, good anti-scum software and good firewall protection.
Other Do's and Don't's
- Disable automatically sending read receipts. This is to ensure that you don't give the spammer any clue that you received the email, as that just ensures you stay in their database longer.
- Configure Filters on your email server. Many ISP's allow you to configure filters on the server, so it gets rejected before you even get to see it.
- Don't send a reply to "remove me from your list", unless you know that it is a very reputable company who will comply with your request. See rule above. For many spammers, replying just gives them confirmation that they have a live address, so they keep you in theri database
- Don't open the email or click on the links in it. Often the links are coded so that when you click, the spammer knows that your email is valid, so you stay in their database longer. Even worse, spam email commonly is written in html, and includes tracking images (e.g. 1 pixel x 1 pixel) which are downloaded from an external website. Opening the email triggers your email client to download the image, which allows the spammer to track that you received it and opened it (hence your a good candidate to send spam to in future). So don't even open or preview spam email.
- When you receive spam, send a message to abuse@the_spammers_ISP.com and instruct them to terminate the spammers account. Only do this if you know what you are doing and if you know how to read the smtp email headers. If you don't, be aware that email headers can be spoofed, so you may be complaining to an innocent party.
- Set up new email addresses for every on-line store you use. For example, if you are about to purchase something from Grace Bros online, set up a new account called 'email@example.com', and use it for all you correspondence with Grace Bros. Then if you start to get spam on that address, you know who sold your email address to the spammers, and you can complain / pursue the matter further.
- Install Anti-spam software. Look for software which includes the following features:
- performs heuristic based learning, so when you reject something as spam it knows the next time, and rejects it automatically. One such statistical technique which has become popular recently is based on 'bayesian' statistics.
- checks against puplicly available blacklists such as relays.ordb.org, relays.visi.com, bl.spamcop.net
- Spamassasin is a good open source option for linux or unix machines.
- For Windows machines Spamassasin's engine has been incorporated into McAfee's spamkiller, but this product is extremely poor (in the author's opinion, which may not represent the opinion of OpenSkills). A better (and free) option for Windows machines (in the author's opinion) is MailWasher.