The Anti Spam Hub

Spam. Everyone hates it, and it’s become a fact of life for personal and business users alike. Many accounts come with anti-spam programs that run the risk of cutting out genuine emails using overzealous filters; and many more sift through mountains of spam in search for genuine emails (sound familiar?!). There has to be a better way – and guess what, there is.

Submitting your email address online can lead to a lot of spam (signing up to newsletters or updates, for instance), but the main (and in many cases, the only) cause of spam arriving in your email box is having your email address on your website, or on other websites on the Internet – try searching for your address in Google to find the obvious culprits! The email address is then crawled by Spam Bots* and will be the less than happy recipient of 10 Viagra emails a day for the rest of its existence. If your address is already out on the net, the chances are that the horse has already bolted regarding receiving spam to the address. So read on for a tried and tested strategy that will allow you to move to a more enjoyable, spam free email setup, without having to use any filtering. This has worked for us, as well as the clients we have who have asked us to stop their spam.

A brand-new-email-address@yourdomain.com is unlikely to ever receive spam – unless it is put on the Internet somewhere, or it is used to sign up to sites. It doesn’t matter if enquiries@yourdomain.com is receiving 1000 spam messages a day – brand-new-email-address@yourdomain.com will stay clean, providing it is not on the Internet, or used as a signup email address.

So, you’re having problems with enquiries@yourdomain.com (it is seeing more spam than the British in World War 2). The first thing to do is to start to move towards phasing this email address out of your usual business life. Don’t remove this email address entirely – it will stay in service as your public/signup email address (you usually need one address like that!). Create a new email address, for instance business.enquiries@yourdomain.com – and DO NOT PUT THIS ON THE INTERNET, ANYWHERE (yet).

Next, make sure that there are no visible email addresses on your site. Instead you want people to use forms to contact you, if they are not doing so already. Assuming you already have a contact form, you’ll want to check if your address is visible to Spam Bots. Navigate to your contact page, and then view the page source (to do this in Mozilla Firefox, click on ‘View’ and then ‘Page Source’). Once you can view the source, press Ctrl + F to search through the code, and search for your email address. If you can view your email address, then the address is open to be targeted by spam. So you will want to encrypt your email address to prevent this from happening.

The rather clever people at Dynamic Drive have created this handy tool for encrypting your email address using Javascript – make sure you don’t put your email address in the ‘Email Text Shown’ field though! Once you have your code, you’ll need to add this to your form in place of your standard email address – and hey presto! A working contact form that doesn’t expose your inbox to the attentions of spammers!

*In case you’re not familiar with the terms – the Internet is constantly ‘crawled’ by ‘bots’. Google crawls the net with its bots to check the quality of web pages and make sure it can find pages when you search for a term. And, sadly, spammers crawl the net with bots, designed specifically to find email addresses for spamming. A spam bot is just a program or a script that crawls or travels around the net, looking at the source code of sites and searching for those precious spam-me-please@yourdomain.com addresses (unlike the Google spam bots, that crawl the net looking for reasons to put you higher up in their Search Engine Rankings). They start with a few web addresses and then spread out to any pages linked to in those addresses, and so on, and on, and on, and on…

Spam attacks where the text is replaced with images aimed at lightly protected email systems are growing in popularity. With the variety of anti-spam filters that analyze the message content to weed out unsolicited emails, spammers continue to increasingly adopt image spam. Businesses, organizations and everyday computer users might have noted an increase of image-based spam, text e-mails that arrive in your in-box as image files. Image spam can contain a picture of words, a screenshot, a photographic image, or a combination of these. By sending emails that contain no text, only pictures, spammers found that they can fool even the most advanced anti-spam software like SpamAssassin, G-Lock SpamCombat.

Most anti-spam programs detect text-based spam very well, but they totally fail when a spam message has no text to analyze. Thus, the rapid rise of the image spams. These spam messages often include image files that have a screen shot offering the same types of information advertised in more traditional text spam. Image spam can also include unique trackers which work when a recipient opens the message and let the sender know it’s a valid email address, ripe for future mailings. Image spam is probably the best technique that spammers have today to get past the anti-spam filters. Together with the image spam that uses one attached image to deliver its message, the spammers are known to send spam that contains multiple images that act like pieces in a puzzle. The recipient’s email client then reassembles the pieces in the right order and displays them as one image again. In addition to the usual annoyance, image-based spam eats up more bandwidth than regular spam because each image spam message is more than seven times larger than regular spam email – what’s costing users, especially business, money.

The majority of image spam is used in stock scam messages, in which the senders encourage the victims to buy a certain stock to raise its value, then quickly turn around and sell the stock themselves to make a profit.

Nevertheless, anti-spam software and service providers are able to cut down image spam, as well as HTML-based and text spam. The organizations and individual computer users having sophisticated anti-spam filters—those that focus on both the content and origin of the messages—have little to worry about, other than to make sure they’re on the latest version of their vendor’s products and receiving regular updates. They can then analyze and create rules in their software to block it. Many anti-spam software use combinations of techniques, including keywords, blacklists (of offending spam mailers), and something called “honey pots,” in which they have traps set up on the Internet to collect spam messages. There are a number of approaches to protect against image spam. In current versions of Outlook, for example, images are not automatically downloaded into messages unless the user has specified that messages from the source can be trusted. G-Lock SpamCombat allows preview all the messages in a safe mode - no pictures or tracking codes are downloaded nor executed.