Stop your e-mail address being stolen and used for spamming you

If you own a Web site there is a good chance that you want to have a means by which potential customers can contact you. One of the best ways of doing this is by adding your e-mail address to the site. The only problem is, as soon as your e-mail address is displayed on your site you will start receiving SPAM e-mail.

How do spammers get my e-mail address?

The obvious way that unwanted e-mailers can get your e-mail is by visiting your site and jotting it down on a piece of paper. You can't really stop this - and if you do, the people you really want to send your e-mails won't be able to either!

Most spammers need a way of capturing many thousands or millions of e-mail addresses. They have several ways of doing this.

One such way is to take popular domains names (e.g. cox.net) and then add every letter permutation in front of the domain (a@cox.net; b@cox.net; c@cox.net; ab@cox.net; ac@cox.net etc.). This can be easily achieved using a computer program. Once the spam list is created the spammer will send e-mails to the list to see which ones are returned as 'invalid recipients'. The ones that are not are most probably valid recipients.

One way that you can reduce the affect of this sort of e-mail activity is to remove the 'catch-all' e-mail address. This will mean that, unless an e-mail is sent to a real address, your server will send an invalid e-mail type response.

Another way in which illegal e-mailer gather information is by using a Web 'crawler' to search the Web for e-mail addresses. It works similarly to the sort of crawler that search engines use, going from one Internet page to another. However the major difference is that instead of searching and indexing words and phrases on the page - it single mindedly looks for e-mail addresses. It does this by looking for HTML on your page with the following format:




<a href="mailto:yourname@yourdomain.com">Your name</a>

One approach to making life slightly more difficult for the spammer is to obfuscate the e-mail address using a simple Javascript script. The following splits up the component parts of the e-mail address and then adds them back together for the human visitor to the site. On the other hand all the 'spam crawler' sees is the Javascript. The following is the equivalent to the address above.

<script type="text/javascript">
<!--
var usrname = "yourname";
var hstname = "yourdomain.com";
var linktxt = "Your name";
document.write("<a href=" + "mail" + "to:" + usrname + "@" + hstname + "?subject=Message%20From%20Billy%20Fire" + ">" + linktxt + "</a>")
//-->
</script>

Which will look like the following on your site:



Other approaches to stopping spam



The approach detailed above will probably help but not entirely stop spammers getting hold of your e-mail address and using it. Of course, you need to be careful as to who you give your address but another way of reducing the problem is to install Mozilla Thunderbird. This e-mail program as a 'junk' mail feature. You can 'train it' to recognize spam and to place it is a special folder or delete it automatically. It is not a foolproof solution (sometimes it thinks an e-mail is spam or junk mail when it is not), but, in my experience, it is very good - and it is free.

You can download Thunderbird here.