Web Design from DRS Design

anti-spam advice

21 April 2018

Recommended anti-spam, anti-virus and firewall programs

Web Design from DRS Design

Kaspersky internet security software has received high marks in several PC magazine reviews. You can browse the range currently available from Amazon UK here.

About spam

Some of the advice on how to avoid spam given on this page is specific to website owners, but even if you do not have a website you will still find good general advice here on avoiding spam.

Spam is commonly defined as unsolicited commercial email.

One of the issues you should consider if you are thinking of having your own website is how to avoid receiving spam.

Measures you can take against being spammed

There are ways in which you can protect yourself from being spammed yet still allow legitimate emails to be sent to you through your website. These vary in complexity and cost and include disguising the email address you display on your site, using a contact page, ideally protected by a password, and using spam filtering software on your computer.

The most common way for an email address to fall into the hands of those who send spam is because it has been found by an automated script. Those who send spam use such automated scripts to collect email addresses from the Internet. The script will crawl around the Net, following links from one website to the next, and crawling through newsgroups too, looking for email addresses that are displayed in the format yourname@whatever-your-site-is-called.com. Whenever such a script finds an email address it harvests it, and the address starts to receive spam.

Another point to be aware of is that when you choose your email address you should think carefully about whether it might be easy to guess. If your email address is at your domain name, say exampledomainname.com, then if you choose the address of 'sales@exampledomainname.com', you might receive spam as a result of the address being guessed. 'Sales@' is one of a number of very commonly used phrases, sometimes those who send spam will try taking a large number of domain names they already have, then try sending spam to different guessed addresses to see if any actually work.

For website owners: Using a contact page with a password

The best way of enabling people to contact you through your website by email without running the risk of getting spam is to have your web designer use a contact page and put the send message function behind a password, with the password displayed as a graphic.

Some email harvesting scripts look for open guestbooks and contact pages on websites, and have been set up to auto-complete the form with the spam message and then submit it. Adding the requirement of entering a password means that the script is prevented from sending you the spam as it will not be able to read the password (because the password is displayed as an image of text, not as text).

For website owners: Mangling your email address

This is a very simple option but one that can sometimes work, although it perhaps doesn't look as professional as using a contact page.

You display your email address on your website in a format that anyone reading your web page will recognise as an email address, but which an email harvesting script will not (hopefully). The address is disguised by appearing in a different form, such as:

  • yourname USE AT SIGN HERE whatever-your-site-is-called.com, or
  • yourname@NO-SPAMwhatever-your-site-is-called.com (remove NO-SPAM to email me)

Visitors to your site must un-mangle the email address before they can use it. A disadvantage of this approach is that if you attempt to mangle the address in a very common way (for example by inserting the words 'NO SPAM'), the mangling may fail. 'NO SPAM' is such an obvious phrase to put into the mangled address that the script attempting to harvest addresses may well be set up to automatically remove that phrase.

For website owners: Embedding your email address in a graphic

This is another kind of disguise for your email address in that the address is displayed on your web page, but as a picture of text and not as text. The more basic scripts used by those who send spam will not be aware of the text in the picture, they can only 'read' actual text characters.

As with mangling your address, this isn't an entirely safe approach, as if your site were to be actually looked at by anyone who sends spam then they have discovered your address. But most harvesting of email addresses by those who send spam is automatic.

So there is some risk of getting spam in displaying your address this way, but the risk has to be balanced against the ease with which your genuine enquirers can contact you.

Displaying your email address as a graphic without a 'mailto:' link has the disadvantage that people will have to open a new message window manually and then type the address, they cannot simply click on the address and have a new email message window automatically open. But using 'mailto:' links is the surest way of getting spam.

For all internet users: Using spam filtering software

Another option, perhaps in addition to the above measures, might be to use spam filtering and anti-virus software on your computer.

Never 'unsubscribe'

Spammers often invite you to 'unsubscribe' from their mailing list by emailing them back with a request that your address be removed. You should never do this - the 'unsubscribe' option is not there to allow you to unsubscribe from their list. The spammers are simply hoping that this tactic will entice you into replying to the spam so that they know that your address is active.

Spammers send emails to many addresses which, whilst the address may still exist, are no longer being used. The emails sent to those addresses simply collect in an inbox somewhere but are never read. When you respond by asking to opt out of a mailing list (which you never opted into in the first place) all you are doing is telling the spammers that there is a person at the other end of that email address who is reading the emails sent to it. That will move your email address onto a list of email addresses which are known to be active, and the result is that you will receive even more spam.

Never click on a link in a spam email

People who send spam often try to get you to click on a link in the spam email. The link may well direct you to a website being run by the spammer, or some equally dubious third party. If your security settings on your computer are not secure enough then it is possible for a malicious website to infect your pc with a virus or perform other unwelcome operations. Your best protection against this sort of malicious activity is by a combination of the following:

  • make sure that you have good firewall and anti-virus software installed on your computer... and keep it up to date
  • make sure that you regularly check for security updates to your operating system and web browser - if you are using Windows then visit the Microsoft Windows update site
  • never click on any link displayed in a spam email
  • you could also raise your web browser's security settings, but this option may also cause some safe features of legitimate websites to not function correctly

Use 'blind carbon copy'

Web Design from DRS Design

If you need to send an email to lots of different addresses and many of the recipients of the email do not already know each other's address, then it is good practice to respect the privacy of your contacts' email addresses by sending your email 'bcc' and not 'cc'. If you look at the fields into which you enter email addresses in your email program, you will see that 'bcc' and 'cc' appear as two separate options.

BCC means 'blind carbon copy' and it helps protect against getting spam as it conceals the recipients' addresses. Each of your recipients will receive the email, but they will not know who else the email has been sent to. By contrast, an email sent to multiple addresses as a 'cc' (carbon copy) will display every one of the other addresses that it has been sent to.

This is an especially bad idea when an email is a forward that has a request in it that everyone who receives it should forward it on to everyone they know. When the email gets forwarded on it multiplies exponentially and all of those email addresses eventually end up getting harvested by spammers. If you send an email to only 10 people, and each of them send it to 10, that's 100, and each of them send it to 10, that's 1,000... It doesn't take long before an email forward has been sent to literally millions of people. It only takes one of those people to be a spammer and all the addresses which are still shown in their copy are then on a spam list.

The other danger is that if any of the recipient's computers are infected with a virus, any email addresses on that computer may well be targetted by the virus as it attempts to spread itself.

Using 'bcc' for bulk emails is much safer as it protects the email addresses of everyone you know.

Be aware that chain emails are often junk

Web Design from DRS Design

Most of the emails which request that you forward them on are quite simply hoaxes or junk. There are exceptions but the exceptions are rare.

Common sense will often tell you that a chain email is a hoax, but if you are not sure, it is a good idea to check out the genuineness of an email forward such as a supposed 'virus warning' or chain letter before you forward it on. A good way of checking out whether a 'virus warning' or other chain-letter email is genuine is to do a Google search for the subject line of the email.

There's an email virus hoax doing the rounds which was discussed by David Harley on the eset.com website. His analysis of the hoax is useful to read, because he takes the reader through the supposed virus warning line by line, pointing out how the particular hoax he is discussing is so typical of all the rest. Armed with this kind of knowledge, you will be better equiped to spot hoaxes next time you receive them.

If you do decide that the email forward is genuine and you want to forward it on, then good practice would be to forward it 'bcc' as explained above. If you are feeling particularly public spirited then you might also edit out any email addresses that others further up the chain have included. Many internet users do not appreciate the negative effects of using 'cc' for bulk forwarded emails and the forwarded emails you receive may well already contain lots of other email addresses due to the sender not understanding the importance of using 'bcc' instead.

Be careful when giving out your email address

Web Design from DRS Design

If you want to avoid being spammed then you should avoid giving out your main or personal email address to all and sundry.

If a website requires you to sign up by giving an email address, then if you want to sign up with that site and are not sure whether they will respect your email address it is a good idea to create a new email address and give the site that one. There are many sources of free web based email available, such as Hotmail. If you create a new email address with such a site then you can give out that address; if the address starts getting spammed you can easily close it down or abandon it.

If you ever post to newsgroups or other areas of the internet where your email address is going to be visible to all then it is a good idea to either 'mangle' the address as described above, or use an email address created specifically for the purpose and not your main or personal address.

back to top

Web Design from DRS Design

© DRS Design 2004-2015. All rights reserved.