the secure:channel

Click here to read more about SpamStopsHere, the e-mail security company that brings you this blog.

Today, I’m summarizing the E-mail address security series of blog posts. Taking these steps can help stop your spam problem from getting worse, and are best when implemented as soon as possible.

 Use a whois privacy service when registering your domain name

When you register your organization’s domain name, you’re going to be asked for contact information that will be published in the public whois database. I recommend using a whois privacy service to hide your e-mail address from the public. These work by the privacy service, which is often provided by the registrar, acting as a proxy for any contact. Of course, you have to rely on their anti-spam service not causing false positives. Using this type of privacy service can also make it seem like you have something to hide.

Don’t put your e-mail address in plain text on a Web site

Probably the best way to put your e-mail address on your Web site, while preventing spammers from writing automated Web spiders to find the e-mail address, is by using javascript to insert the e-mail address and mailto anchor tag into the page. For personal sites or sites or some businesses, a contact form works just as well if you don’t even want to give out an e-mail address.

The CAN-SPAM act of 2003 only makes it illegal for spammers to harvest e-mail addresses from your Web site if your Web site includes a notice that you don’t grant them permission to do so. The notice should read “The operator of this Web site or online service will not give, sell, or otherwise transfer addresses maintained to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages”.

Be discreet with your e-mail address

When giving out your e-mail address, don’t be liberal with it. Most people that ask you for it likely don’t need it, and many Web sites asking for it may share it or even send you spam directly. Also, ask those who you do trust with your e-mail address not to give it out to anyone. If you do give an e-mail address to someone, who is not a customer of yours, use a unique and disposable e-mail address so that you can track the source of any spam sent to the address as well as dispose of the address if desired. Finally, don’t use your work e-mail address for personal business, as your employer likely doesn’t want to pay you to read spam, or even e-mail from your friends, that results.

Use anti-harvesting methods

Make sure that your e-mail server or anti-spam service uses techniques to stop spammers from brute force finding legitimate e-mail addresses at your domain by guessing.

Common misconceptions about stopping spam

Replying to a spam message asking to be removed will not help. Instead, a complaint should be made to the Internet service provider that owns the IP address that connected to your e-mail server to deliver the spam. Although the complaint is unlikely to make any noticeable difference, it could help. Generally, it’s not worth it unless you feel like being generous. Usually it just helps the owner of the IP address find their security problem. You will still get spam from somewhere else.

If an e-mail message has a working unsubsribe Web site link, clicking on it may actually result in your being unsubscribed. However, you are more likely to find links that lead to viruses beind downloaded to your computer than an actual working unsubscribe method. If you are unsubscribed, your e-mail address is likely to be sold as a verified working e-mail address to someone else to spam you.

It was previously common that spammers would track who was reading their e-mail by using embedded images, but now this tactic is mostly just for actual bigger corporations that send commercial e-mail that you probably requested but forgot about. Most spammers don’t track who reads their e-mail any longer, but only which campaigns were most effective. Spammers are forced to use different contact methods in each e-mail campaign anyway, so it’s easy to track the effectiveness of each campaign.

When you get too much spam, use an anti-spam service

Once you have a spam problem, it will probably just keep getting worse. Taking the above steps can help slow down how fast the problem increases. Once you have a spam problem, you need an anti-spam solution.

Using an unmanaged anti-spam product is not business savy. The same way that your organization outsources many of its services such as cleaning, plumbing, or even utilities, it doesn’t make business sense to build your own infrstructure and pay salaries just so that you can do it yourself. Take advantage of economies of scale. By using a manged anti-spam service, you’ll get a better anti-spam solution and for far cheaper than paying someone a salary and buying your own hardware.

Don’t use an inaccurate anti-spam product where you have to review spam looking for mistakenly blocked legitimate e-mail. You might as well review the spam in your inbox and not use an anti-spam product.

If you get over 1000 spam messages a day to your domain, using an accurate anti-spam service such as SpamStopsHere will give you a positive return on investment in actual time, money, and bandwidth saved. Don’t just look at the price of your anti-spam product, but rather at the cost. A balanced or positive return is what you’re looking for, not the cheapest product. Not that SpamStopsHere is expensive, at only a few pennies a day per user.