.
mc1soft.com HOMEmanage your accountFrequently Asked Questions - Help & SupportSign Up Now!next article 

Spam Robots, Address Scavenging & How Contact-Link Works...

How did they get my address?

Do your friends complain about the junk mail they get at work, meaning mostly jokes from their co-workers?  Do you meanwhile get tons of bona-fide UCE (Unsolicited Commercial Email, aka "SPAM") at your private addresses?

Do you have a web site, right?  Are you listed as a contact on a club or group website?  Do you shop on the web or sign up for free services?  Then you likely with have excessive, often offensive, and sometimes dangerous junk mail building up shortly!

SPAM Robots or Human Scavengers?

Maybe the search engines haven't found your web site yet, but the SPAM Robots probably have.

SPAM Robots work just like search engine spiders.  They follow links from page to page looking for anything remotely resembling an email address.  You can spell it with extra spaces or stray characters like this:

m y a d d r e s s @ m y p l a c e . c o m

and they may still find it.  You can hide it from the robots by putting it in a graphical image, but we've found there are an amazing number of human scavengers actually looking at websites and copying the addresses!

Finding addresses using domain records

Do you get spam/UCE at an address not listed on your site?  Maybe that address is listed under your domain name registration?  If so, even robots can find it there, along with your street address!  You can minimize the impact of this with the bait & switch technique.

Do you use common addresses like "webmaster," "support" or "sales"?

Either humans or robots will try these usual addresses with your domain name, and if it doesn't bounce they will add it to their list and sell it to other spammers.

Try using more customized email addresses, and setting your default forwarder to an address that will bounce, but that will "clue in" a legitimate inquirer, by using an illegal domain, like below.  The extra _ causes mail to bounce:

please_use_contact_form@_mydomain.com

Your return address & addressbook viruses...

The return address you use when writing to people or responding to inquiries is obviously visible to the recipient.

Even if this address is not deliberately stolen, many people set up their mail reader to automatically put addresses they reply to in their address book.  When they are eventually infected with a virus that sends itself to everyone in their addressbook, you get sent a virus!

You can maintain a separate email address for writing strangers and change it often.  See also additional tips in next column.

next column 
 One of the worst things you can do...

... is sign up for a "personals" service using a valuable email address.  Even at sites like Yahoo and Match.com, 30% or more of the people are fake creations of address scavengers or adult site operators.  But this is not the single worst offender, for that see next article.

How do I protect my address?

Mail-To Forms are Not a Solution

You create mail-to forms with a link tag like this:
<a href=mailto:me@myplace.com>send me email</a>

Seems simple enough.  Only "send me email" appears.  But the robots are looking at the HTML source, and so is a savvy human scavenger.  And as soon as anyone clicks the link, a mail window pops up with their address in it.

The script-driven CONTACT FORM - A Good Solution

A contact form, like on big corporate web sites, and like the ones we provide, does not contain even a hidden email address, or any other information from which the recipient can be identified.  It sends email using server scripts.

Your user name, which can be as cryptic as a password, or as colorful (and as irrelevant) as a chat room screen name, is used by a script that runs on our webserver to look up your account and send the mail.  This information is never physically available to the human or robot address scavenger!

A human can, of course, still spam you by manually filling out the contact form.  But the number of these will be limited, and there won't be any long attachments.

The only way they can get your address is if you REPLY to them.  Don't reply to spammers!

Plugging the Return Address Leak...

Of course, you may not know that a spammer is posing as a customer, and if legitimate customers you write to add your address to their addressbook (see previous column) you could get on a virus attack list! 

If you write to many people, or have an email used in an automated response or order filling system, and if you have a website that allows you to configure email addresses, you can take additional steps to protect the return address:

  • use a return address that points to an autoresponder
  • explain that the address is unmonitored
  • refer respondents to your contact form!


For more information on how to protect yourself from address harvesting, dictionary spamming, and even how to report spammers, see the JunkBusters web site.
next article 
Copyright © 2002 Copyright © 2002 - MC1Soft.com - click to visit our home site