Spam: How To Deal With It
As I've talked about before, I receive a large amount of spam. Not as much as I used to -- at its peak, I received about 200 spam messages a day -- but still too much. One would hope that after years of having to deal with spam, I would have some advice to pass to people, and I do.
The first, and most important, thing to do in order to deal with spam is to never, ever, put your email address on the web in plain text. Frequently people make websites and want to be able to receive feedback, so they give their email address. But, this is exactly how spammers make their email address lists. They have programs that crawl the web, just looking for email addresses to spam. Even putting it in a "mailto:" link makes it available to them. If you really want people to be able to send you mail from your site, find out if your hosting provider has some sort of formmail solution for you to use. For example, at Dreamhost, I can make a page that has a form that a user can fill out, the form gets submitted to a program, and the program is configured to send the message to me. My email address is not visible at all on the form page. Most hosting providers have something similar.
Crawling the web is one way that spammers get your address. Another way is when you give your email address out to companies online, who then go on to sell your address to spammers. To combat this, I use a free service called SpamGourmet. The way this works is that I set up an account with SpamGoumet. Let's say my account name is GregLeedberg (it isn't). You tell SpamGourmet what your real address is (so you do have to trust SpamGourmet itself). Then, whenever you need to give an email address to a company, you can, on the fly, make up a forwarding address through SpamGourmet that will forward through to your real address, but only will forward a certain number of emails. You don't even have to go to SpamGourmet to make the new address. All you have to is give the company an address in the form [some unique identifier].[maximum number of messages you want forwarded].[account name]@spamgourmet.org. So if EvilCorporation wanted my address, I could give them an address such as evilcorporation.20.gregleedberg@spamgourmet.org. The first 20 messages would be forwarded to me, in case they are legimitate, and after that the address is no longer valid. So if EvilCorporation sells that address and it gets spammed, it will quickly stop forwarding me the messages. For each company you need to give an address to, you can come up with a new unique identifier, which will have its own message counter. I use this whenever I need to give an email address to someone I don't automatically trust.
So, the above two methods try to reduce the amount of spammers that have my email address. But inevitably, you will end up on some spam lists. What to do then?
Well, my first line of defense if I get spam, is to use a free service called SpamCop. Usually, when you get a spam, the "from" line is obfuscated, as are any links within the email. You can send your spam to SpamCop, who has tools that are able to figure out where a spam is really coming from, and where the links are really going, and can then send complaints to the ISPs involved. And it seems that, on the whole, ISPs really do listen to SpamCop reports that they get. By using SpamCop, you can effectively shut down a spammer's current account. Of course, in time they will just open a new account somewhere else. But if we keep them moving and continually make it hard for them to send their spam, hopefully eventually they will give up, or less people will want to spam.
Lastly, even with all of these tactics, I still get spam. So as a last layer of protection, I just use Mozilla Thunderbird as my email client, which has excellent spam filtering algorithms which can learn to detect the spam that you get. This at least makes it so that I don't have to explicitly look at every single spam message I receive. Sure, some messages get past the Thunderbird filter, but it still significantly cuts down on what I have to see.
So that is how I have dealt with my huge spam problem over the past few years. It works okay, but I still wish that spammers would realize that what they do is really not an effective way of marketing. Annoying your potential customers doesn't win sales, it just causes backlash.
The first, and most important, thing to do in order to deal with spam is to never, ever, put your email address on the web in plain text. Frequently people make websites and want to be able to receive feedback, so they give their email address. But, this is exactly how spammers make their email address lists. They have programs that crawl the web, just looking for email addresses to spam. Even putting it in a "mailto:" link makes it available to them. If you really want people to be able to send you mail from your site, find out if your hosting provider has some sort of formmail solution for you to use. For example, at Dreamhost, I can make a page that has a form that a user can fill out, the form gets submitted to a program, and the program is configured to send the message to me. My email address is not visible at all on the form page. Most hosting providers have something similar.
Crawling the web is one way that spammers get your address. Another way is when you give your email address out to companies online, who then go on to sell your address to spammers. To combat this, I use a free service called SpamGourmet. The way this works is that I set up an account with SpamGoumet. Let's say my account name is GregLeedberg (it isn't). You tell SpamGourmet what your real address is (so you do have to trust SpamGourmet itself). Then, whenever you need to give an email address to a company, you can, on the fly, make up a forwarding address through SpamGourmet that will forward through to your real address, but only will forward a certain number of emails. You don't even have to go to SpamGourmet to make the new address. All you have to is give the company an address in the form [some unique identifier].[maximum number of messages you want forwarded].[account name]@spamgourmet.org. So if EvilCorporation wanted my address, I could give them an address such as evilcorporation.20.gregleedberg@spamgourmet.org. The first 20 messages would be forwarded to me, in case they are legimitate, and after that the address is no longer valid. So if EvilCorporation sells that address and it gets spammed, it will quickly stop forwarding me the messages. For each company you need to give an address to, you can come up with a new unique identifier, which will have its own message counter. I use this whenever I need to give an email address to someone I don't automatically trust.
So, the above two methods try to reduce the amount of spammers that have my email address. But inevitably, you will end up on some spam lists. What to do then?
Well, my first line of defense if I get spam, is to use a free service called SpamCop. Usually, when you get a spam, the "from" line is obfuscated, as are any links within the email. You can send your spam to SpamCop, who has tools that are able to figure out where a spam is really coming from, and where the links are really going, and can then send complaints to the ISPs involved. And it seems that, on the whole, ISPs really do listen to SpamCop reports that they get. By using SpamCop, you can effectively shut down a spammer's current account. Of course, in time they will just open a new account somewhere else. But if we keep them moving and continually make it hard for them to send their spam, hopefully eventually they will give up, or less people will want to spam.
Lastly, even with all of these tactics, I still get spam. So as a last layer of protection, I just use Mozilla Thunderbird as my email client, which has excellent spam filtering algorithms which can learn to detect the spam that you get. This at least makes it so that I don't have to explicitly look at every single spam message I receive. Sure, some messages get past the Thunderbird filter, but it still significantly cuts down on what I have to see.
So that is how I have dealt with my huge spam problem over the past few years. It works okay, but I still wish that spammers would realize that what they do is really not an effective way of marketing. Annoying your potential customers doesn't win sales, it just causes backlash.
Labels: spam, technology