eBusiness & eCommerce
Protect your email address from the Spambots
by Mike Banks Valentine
There have been a flurry of anxious discussions among email
list and newsletter owners recently about spammers stealing
their email identity by spoofing the "from" field of spam
mailings. They know they are being spoofed because they are
suddenly getting an avalanche of bounce notices returned to
their email when they didn't send the email that bounced!
Those webmasters and list owners that have their email
identity stolen in this way are most often those that have
the most to lose if their business is reported for spamming.
List owners whose income is dependent on advertising that
runs in their newsletter or ezine cannot afford to be shut
down by a host that responds to spam complaints without any
serious investigation. Automated reporting systems often
list the domain, or worse, sometimes entire IP blocks, of
accused spammers - whether or not those accusations have any
SPAMMERS DISLIKE ANTI-SPAM ADVOCATES
I've been the victim of these faked addresses for a couple
of years because I have an anti-spam tutorial at Website101
and it must attract spammers looking for something. It's
pretty well ranked in the search engines for several spam
terms and gets a lot of traffic for Website101. They lift
my email address and use it in their spam campaigns.
When I started getting those bounced emails from sources I
hadn't sent to, I was so alarmed at the implications for the
integrity of my online businesses that I quickly sent a copy
of the bounces to my host to let them know that it *WAS NOT
ME* sending those emails that were creating the bounces.
They took a look at the headers and could see that it was
spoofed and not really from me, since they host my site, I
guess they can tell easily. I was relieved, but continued
to send those bounces to them whenever I got them to let
them know I was not the source of the spam causing those
bounces and that they may get spam complaints about them.
Eventually, one of my host "abuse" techs sent me an email
letting me know that they could tell I wasn't doing it and
that I needn't be concerned about being shut down since I
had pointed out my anti-spam tutorial and my own articles
about the issue in my tutorial.
LIST OWNERS AND WEBMASTERS ARE SPAM SPOOF TARGETS
If you suddenly start receiving multiple bounce notices
with quoted spam emails bearing your email "from" address,
send them, including headers, to your host "abuse" address
and proactively protect yourself from false claims. I've
even had email discussion with anti-spam Gestapos about the
problem and made certain they know my stance on spam and
that I am not the source of those bounces when they got
complaints through their reporting & automated blacklisting
A NEW SOLUTION TO SPAM HARVESTING BOTS
Many of us have heard about William Bontrager's CGI Script,
SpamBot Buster and what it can do to help you protect your
email address from harvesters. I encourage webmasters and
list owners to read about it, then download a free copy of
the script here.
Install it and follow directions to post email links that
cannot be harvested on your site. The script will also
generate a web URL that allows you to post in discussion
lists where spambots regularly trawl for participant emails.
The URL sends a command to your server and seems magically
to open your email program and offers up a preaddressed
email window for use in your ezine, in articles and in
postings to forums when you need to post an email address
in any public online places accessible to spambot crawlers.
BAD NEWS FOR OLD PREVENTATIVE TECHNIQUES
Those of you that have heard of the so-called email address
cloaking tools that display characters in "unicode" to help
prevent email harvesting by the spambots may be dismayed to
discover that it no longer works all of the time. The bad
boys of spam are fully aware that many of this use that now
old technique and have written new software to harvest those
addresses displayed in unicode characters. If you haven't
yet seen this technique used, I invite you to read another
article on the unicode email address cloaking method.
An additional recommendation for hiding email addresses has
been to use a form on your site for public contact instead
of posting a mailto: link. Once again, bad boy spammers
have worked out this technique too, and adapted harvesting
software to gather the address from the form field in your
The dramatic and secure feature of this new technique of
hiding your email is that the address doesn't reside any-
fields in your contact form. When it's not on the page or
anywhere in the code, the spambots can't get your email.
This new technique will, by no means, solve the spam problem
but does go a long way toward reducing the sometimes almost
maddening hide-and-seek game we all play with spammers. That
anti spam tutorial is the first place I'll implement this
Here's my new unharvestable email link :-)
This article may be reproduced freely if the following
information is included and links made live when used online
Mike Banks Valentine is a personal privacy advocate.
Learn about TIA, GLB, HIPAA, COPPA, RFID, Identity Theft,
Surveillance, Auto Black-boxes, Spyware, Do Not Call Lists
Privacy News and protecting your personal privacy online.