Jump to content
PC Security Forum

How to avoid getting spam through a website?

Recommended Posts

I have a lot of experience stopping spam. In fact, I used to speak with GFI and shared some of my filter techniques with them.

You can stop spam with near 100% effectiveness with a few simple steps. This does not negate the need for an anti-spam filter or mean that you will never get spam, however, just a couple of things will almost stop spam cold. It is actually extremely easy.

A little background:

I probably hate spam more than most. I ran a list server with several e-mail lists years ago for well over a decade. When I started the list servers, I knew that spam would be a problem so I created my own e-mail filter and not one spam e-mail ever made it through with zero false positives. I ran my personal e-mails through the list server. Simple.

But that is not what I am suggesting.

When I shut down my list servers, I had to find other highly effective ways to stop spam and I figured out that if you can stop the e-mail address scrapers from lifting your e-mail address from any website, then that is 99% of the task. But you do not always have control over all of this of course. So I used another old technique as a one-two punch (steps 1 and 2).

Step 1: Create an e-mail alias for each and every time you provide an e-mail address. This is often an extremely easy thing to do especially if you run your own e-mail server. Even if you don't run your own e-mail servers most e-mail service providers and web hosts allow for aliases to be created. So when I register for an online account, I create an alias for that account. Every time I provide an e-mail to anyone, I create an alias. No exceptions. I do warn you not to make the alias the other sites domain name, but something similar so you know where your e-mail address was compromised and where to change any e-mail address if you need to. Do not get lazy on this one. Creating a unique alias for each person, site, entity, really saves you a lot work and pain later. This is especially important for family members and some less technical friends who for some reason, never seem to keep their anti-spam up to date.

Step 2: Munge your e-mail address. I created my own e-mail munge tool over a decade ago. But here is some of the background you need to know before getting into munging.

E-mail addresses can be scraped from websites using a variety of tools that range in sophistication. Most are still limited in a particular way, but you will find that many of the munge techniques such as using [at], putting in spaces, putting in text to be modified such as [remove this], and so on can still be scraped. In fact, many JavaScript techniques can be scraped simply because they are easily recognized and written into he code as a pattern match. As well, many image munges can also be scraped simply because code can be written to recognize text within an image regardless of what you do including applying an image filter against the text object before rendering. Scrapers have become rather sophisticated for sure.

But what they cannot handle is randomness.

I wrote a munge tool that is completely anonymous and has been 100% effective for over a decade. Here it is: http://www.closetnoc.org/mungemaster/ Please use it. It is free to use and I created it because I hate spam that much. Every time you use this munge tool, it creates a very new munge. Is solves the pattern match problem I described earlier. One option is to munge the e-mail address several times for as many times as you post it on your site. Because randomness is important, this technique increases the likelihood of success. But you really do not need to do this if you do not want to. It is still remarkably effective and allows an e-mail link to reside on your site just the way people expect.

Step 3: Use an anti-spam filter. There are several that either work at the server level, as a gateway before your e-mail server, between the server and client, or within the client. Whichever one you chose depends upon your scenario. I used GFI as a gateway when I was a web host. I also used my own filtering mechanism mentioned before. I now use SpamAssassin. Both are highly effective, but not completely fool proof.

Step 4: This only applies for those who run their own e-mail server but it is a highly effective, little known, and simple technique. Create a list server and use Majordomo. Majordomo uses it's own highly effective anti-spam/ security filters. While I do not remember how I used to do this, it is something that does not take much time to figure out. It is highly recommended if you do not mind adding another layer.

Step 5: Quarantine spam e-mails. Most server based and client based spam filters can read header tags and segregate your spam into a folder. Most of us are used to seeing this, but it may surprise you how many people do not use this feature.

The idea is to stop the harvesters from getting your e-mail address in the first place. But if somehow this is compromised, then you have not provided a real e-mail address but an alias that you can delete and recreate as a completely new e-mail alias if required. And last, let the anti-spam filter do it's work and place the spam into a safe location that can be recovered if required.

As as side note:

The only time I have received spam is when a computer was compromised, when someone clicked on a link and manually captured the address, or when a website code/object was compromised. I can count these on my fingers in the past 12 years.

Regarding forms, I do not have much experience with spam in this regard mostly because I do not use forms on my system, so I am not sure I can help you as much as the answers above.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...