CS Chris Smith
CodePen Mastodon X (formerly Twitter) Feed

Fighting Spam

by Chris Smith

Junk email and blog posts are a constant problem. Here are a few ways to help spoil the spammers' fun.

Email Spam

There are a lot of anti-spam or spam filter products around these days, many included in mail software but the sad fact is that once you're getting spam you're likely to keep getting spam regardless of these filters.

Spammers are able to change the sender's email address, subject and body of an email so easily that if you block them they can still mail you just using a different mail account.

Anti-spam software like anti-virus software can only deal with what it knows to be harmful or unwanted. Anything new or unknown will slip through the net.

The way to avoid spam is never to let your email address get into the wrong hands. Once a spammer has got your email address they can not only use it to send you junk email but also sell it on to other spammers. Once you're address is out there you've no hope of keeping the spam at bay.

If we understand how the spammers get our email addresses we can avoid them.

Unscrupulous Websites This is an obvious one but when giving your email address as part of registration on a website be careful to check the terms and conditions or privacy policy as you may be agreeing to have your details passed to a third party. You just have to judge carefully how trustworthy you think the site is.

Unwanted Newsletters

At times it can be risky signing up to newsletters by email. Even though they offer you the option to unsubscribe at ay time they may also subscribe you to other similar newsletters without your express permission. You might sign up to receive newsletters from one site and start receiving them from another related site. Often where companies own several websites with subscription services they can try to cross-promote. Check the terms and conditions or privacy policy carefully.

Harvesting Web Pages

This is a common process used to gather email addresses. Robots trawl through websites looking for email addresses and feeding them back to the spammer. In short, never give an email address on a web page. Instead use a contact form which delivers the message to your inbox without ever revealing the address.

Guessing Common Recipient Names

Many spammers will not even try to find email addresses but will just try their luck at guessing them. If they know the domain name and send emails to info@ or sales@ there's a good chance some of them will get through. If you try to use email addresses that are less obvious you shouldn't get as much spam.

Email Scams

At one time or another you've probably had an email from a friend or colleague with some "too good to be true" offer or superstitious nonsense. These scams are easy to spot as they usually ask you to forward the message to a certain number of people and CC a particular email address.

The offers are never real. What is actually happeneing is the spammers are relying on people's naivety to spread the email. Each time the email is forwarded to 10 people the spammer will get an email back (the CC address) and have 10 new email addresses to add to his/her spam database.

The difficulty with this is that to a certain degree it's beyond your control. You just need to make sure that you're never taken in by these scams and do your best to make your friends and colleagues aware of this scamming technique so that you don't appear on their forwarding list.

Forms and Blogs

Contact forms, blogs and other Web 2.0 applications invite visitors to a webpage to leave comments or provide feedback. Spammers see this a an opportunity to leave spam messages usually containing links to their websites.

Comments can often be set so that they have to be moderated and manually approved by the owner before being published but even then huge amounts of spam can become a problem with moderation becoming unmanageable.

There are two answers to this - use clever scripting to fool spam robots or use a CAPTCHA control in your page.

Spam robots visit pages and look for opportunities to enter content. They cannot do things that a human user can do such as answer questions or interpret images. By forcing the page visitor to act like a human in order to leave a message we can reduce spam to only that manually left by real people.

Spam robots can easily be fooled by using fake fields in a form. Include a field for some bit of information you don't actually need and hide it using CSS. Only allow the message to be left if the field is blank. The spam robot will complete it.

You've probably come across CAPTCHA controls but may not know them by this name. You're shown a fuzzy image containing a word or letters and numbers and then asked to type the characters into a text field. Spam robots can't do this.

If you're having problems with spam coming from your website ask your web developer to use some of these measures and you should see a difference within a short time.

6 Quick Tips

  1. Never open spam emails - if in doubt, delete it
  2. Never reply to spam emails - you're just confirming delivery
  3. Never forward suspicious emails - don't spread the problem
  4. Check terms or privacy policy when giving your email address
  5. Never publish an email address on a web page
  6. Use scripting or a CAPTCHA control on web forms - don't allow spam robots to post