We can't figure out why people
spend so much time and money attempting to get rid of spam, when the answer
is so simple. We have used this system successfully since 2002, and we
are running an on line internet business. Individuals will find it extremely
simple to put into operation.
|
Special Note *** Have a look at the newsgroup http://groups.google.com/group/alt.spam/topics or news:alt.spam I have been visiting there for years. You will see the same good guys in white hats, fighting some old, and many new bad guys in black hats. I don't understand most of the local techo lingo, and even the guys in white hats have many disagreements amongst themselves. But they do go about trying to make things
better for genuine internet users, and I would never want to discourage
them from doing so. Helping out anyone who asks in a civil fashion, reporting
spam, and offering advise on spam reporting and prevention, however they
seem to spend a fair percentage of their lives trying to combat spam. But,
please keep up the good work guys. I could start to name you, but it would
be very unfair if I missed anyone.
|
The total cost of this spam prevention system annually, is the price of a web host ($83.40USD Hostgator), and a domain name at around $8.95USD. This can be for one individual user, or hundreds if you join into a group, or syndicate.
Do you own a domain? You don't have
to, but it helps if you do.
You can reduce spam by 98% to 100%,
no fees, no drama.
This is a simple low cost method of getting rid of most of the spam that is being delivered to email in-boxes today. Most of what we propose isn't new.
It is the combination of all of these rules
that make the system successful, and we have been using this system since
2002.
| 1-Jan-2004 Ash Roll - Digitalnemesis.com Hi Don :) Yep - thanks for the info on your web site - works a treat. I still have to change over my sales account at PayPal yet and organise all that side of things, but I've gone from 200+ SPAM a day to about 10 a week! |
Domain name registration is cheap. Web hosts are cheap. Small groups of people should consider joining ranks and setting up these Spam prevention techniques. After all, 20 users could throw in $5USD each, and you could run your own domain for a year, and still have change. Elect a webmaster to manage your email addresses. OK, 20 of your closest friends may be a bit of a nightmare, how about 10 at $10USD each? That's very workable.
This tutorial was written with a business in mind, but the same rules apply for individuals.
The simplest way to stop spam and viruses is to keep your email address hidden from spammers, but not from contacts and associates.
Of course, you must have an email address in order to operate a web site, or be contactable by email. We protect the email addresses we give out, and we organize them in such a way that they can be altered without losing any business or personal contacts. On January 1st every year, the email addresses are updated so that any potential spam is dropped off.
You must start from the
ground floor, and sweep with a clean broom.
Basic Requirements.
OK, How do we go about
it?
Auto-Responder
Protecting your email
addresses from spammers
Your ISP may be generating
Spam on your behalf
Spam Through Yahoo Mailing
List
Spam Through Paypal
Email addresses
Spam Through Your Domain
Registration Details.
Your Web Host Billing
Email address.
The required PHP and
HTML
Code
http://www.youtube.com/watch?v=uqcSWI6Ppks
You must start from the
ground floor, and sweep with a clean broom:
To combat Spam today, you must have an
Email system that is squeaky clean, and leave no cracks or crevices that
Spam can crawl through. If it does, you need a means of blocking it very
quickly.
You don't need to use filters.
You don't need to bounce email.
You don't need to sort or delete any email.
You don't need to use black and white
lists.
You don't need to buy sophisticated software.
You don't need to block IP's, countries,
or domains.
You don't need to have Challenge-Response
systems.
You don't need to spend hours maintaining
a spam-less inbox.
You don't need to mistakenly erase email
from customers or friends.
You don't need to use any bandwidth, as
all spam is rejected. (Read on)
You do need to use a little common
sense, and be able take on some good advice.
As you can get a suitable basic web host for $6.95USD per month, we would suggest that even private users take advantage of this. Isn't it worth it?
http://www.hostgator.com/shared.shtml
is just one of many. This will provide you with the ability to run one
domain.
And $9.95USD a month will give
you an unlimited number of domains.
BlueHost, Lunarpages, and HostGator are 3 good spots to start looking for web hosts.
You must also register at least one domain.
Make it a US dot com domain, as these are cheap. From $8.88USD+
http://www.namecheap.com/
http://www.godaddy.com/
Example of typical email addresses and
domains that can be registered for groups of people:
bill_gates2007@billionaires-club.com
bill_clinton2007@presidents-retirement-group.com
bill_clinton2007@first-ladies-chat-group.com
We were getting 200+ spams to our web based business every day. We would imagine it would be 2000+ today.
Did we mention Viruses? Get rid of the Spam and the Viruses vanish also.
As this spam reduction system limits the number of times our current email address appears in customers and friends address books, viruses will also be limited.
Before continuing, check your prospective service provider to make sure their domain isn't hosted by a spam friendly and thus widely blocked ISP.
OK, How
do we go about it?
Web Host Requirements:
Our thanks to Alan Hackett of Perth West
Australia for originally putting us onto the php page operation.
You must have a web host (Preferably with a CPanel interface.) that has:
Spammed Email Addresses:
Spammers will send email to any address
that they feel will reach you.
This can be any address at your domain.
Use the CPanel "All-Unrouted-Mail-Reject"
feature to reject all email sent to all non-used domain addresses.
Bouncing spam email is simply using up bandwidth, as spammers don't use their own email address, and you may well be bouncing these emails to genuine users.
You will no doubt have an old email address
that is picking up most of the spam.
Let's call this old@yourdomain.com
All email sent to old@yourdomain.com is
directed to spambounce@yourdomain.com which is an Auto-responder. This
will send an email to the sender with a text message generated by you.
1-Jan-Each Year:
Make up your new2007@yourdomain.com
addresses, and get them working. Make sure your reply to address
in your email program uses these new addresses. Delete all the old previous
years (old2005@yourdomain.com), so that they are no longer directed
to spambounce@yourdomain.com.
1-Feb Each Year:
Direct all the old2006@yourdomain.com
addresses to your spam bounce message from your auto-responder.
And bounce these old2006@yourdomain.com
addresses with your auto-responder for about a year until your friends/customers
become familiar with your new email address, then delete them. This really
means they will bounce for about 11 months, then vanish.
And if many people are using this method,
and the spammers eventually catch up, you simply change the rules :-)
sales2007@yourdomain.com
change to:
2007sales@yourdomain.com
07sales@yourdomain.com
sales07@yourdomain.com
7sales@yourdomain.com
sales7@yourdomain.com
sales_2007@yourdomain.com
2007_sales@yourdomain.com
07_sales@yourdomain.com
sales_07@yourdomain.com
7_sales@yourdomain.com
sales_7@yourdomain.com
sales-2007@yourdomain.com
2007-sales@yourdomain.com
07-sales@yourdomain.com
sales-07@yourdomain.com
7-sales@yourdomain.com
sales-7@yourdomain.com
You can add any special characters, such
as: !#$%^&*
The sky is the limit, whatever you
can think up.
Special Addresses for companies
you deal with:
You may wish to use admin@yourdomain.com
or similar, for those special domain registrations etc., that you don't
wish to change the email address every year.
If you are on a yahoo group, it would pay
to use say: groupname2007@yourdomain.com
If it starts to generate spam, then you
only need to worry about one address.
taxoffice@yourdomain.com
amazon@yourdomain.com
paypal@yourdomain.com
are some examples of what you may need
to set up. If you get spam, then you can throw the year in after the name
if you wish, or some other simple method of changing it. Get the idea?
This in principle is what is called Disposable Email Addresses, however in this case, you aren't asking third parties to have control of your Disposable Email Addresses, as you have full control, and you aren't paying extra for them.
Another nice feature with CPanel
is the dual addressing feature. Example:
taxoffice@yourdomain.com can be
directed to user1@yourdomain.com
and also
taxoffice@yourdomain.com can be
directed to user2@yourdomain.com
We use this for our "Fax To Email" service
to two different users.
That is, the fax is received, and sent
to two email addresses.
Our Auto-responder text
looks like this:
| yourdomain spambounce
Auto-responder
================================================
Read: http://www.wizard-of-oz.com/ for
a full explanation of
The email address you attempted to post
to has been removed, and replaced
This has been done to prevent Spam and
Viruses, and takes place every
To contact us, simply click on
Your message will be answered ASAP and
you will be returned a valid working
This working email address will only
be valid for a maximum of one year,
We hope you can understand the need
for us to go through this procedure, and
"Year Increment"
==================================================
Examples of the additional, or re-arranged
characters:
Your Name
E-mail: http://www.yourdomain/yourdomain.php
|
So, we are now allowing only the email
addresses through that we have selected.
All others get rejected, or bounced with
an Auto-responder message.
The next trick is to tell only valid customers
and associates what your email addresses are.
This is done with a little php code. This
allows you to place your real forwarding email address on the web, and
yet not display it to potential spammers.
This is done with what is called an email
contact page.
If you examine email contact pages, you will see that the customer must first contact you via this page, then once he has made initial contact, and you respond, he/she will have your new email address.
This also prevents large email attachments from customers, without initial contact to you.
You can change the email address every year and get rid of any spammers that made it this far, and not lose your customer data base. Result is 95% to 100% reduction in spam.
We do have spammers actually filling out our email contact page, however I know when I see this, that they have reached the bottom of the barrel. If they generate scripts to do this task for them, you simply change the order of the information, so that an input will error. But not worth worrying about, we get about 1 every 3 months.
We had product review pages, and guestbooks, and have had to close these because of spammers.
Your ISP may be generating
Spam on your behalf
We have been collecting spam from the same email address since 1995, and had to do something very aggressively about removing it.
If you have been running a business, you should know that your personal "real email address" should never be given out to anyone, as you should be using your domain email system.
If you are getting spam through your "real email address", then get your local ISP to change your account name. We have done this several times since 1995, however much of it has taken place because of moving to new ISPs as the internet has grown.
Never post a real email address to a newsgroup.
We use "look@my.sig" and in the the sig
of our message, we place the web contact page details, so we are readily
contactable with a click of the mouse.
If you use a program like Thunderbird,
it allows for special email ID's when posting to newsgroups.
If you change your business email addresses every year to increment to the new year, and you change your local ISP account name if required, then spam should be down to a level that is very close to zero.
We found our Australian Optus ISP was actually
generating a mountain of spam for us, as we were listed as:
username@optusnet.com.au (our actual domain
name)
username@optushome.com.au
username@optus.net
username@mpx.com.au
username@microplex.com.au
We got our primary account name changed, used one of four secondary addresses as our new contact address, and have never got an email of any description directed to any of the other domains since doing so. ISP's seem to want to generate and charge for additional bandwidth.
Make sure you allow about a month overlap between 'yyyy' increments. The previous 'yyyy' can always be sent to your "spambounce" feature for a month, then it can be sent to "All-Unrouted-Mail-Reject" by simply deleting the email address from your valid email addresses after 12 months.
Spam Through Yahoo Mailing
List:
We were moderating a yahoo group mailing
list for our business. We found 10 to 20 spams everyday being posted to
the group moderator. It's a no win situation. If you moderate your membership,
and leave your moderator email address valid, you get spam.
If you block your moderator address, and allow anybody to join, everyone gets spam. We had to shut the group down. We now run it spam and ad free from our new web host at no additional charge. Sending support messages to Yahoo is about as useful as a milking bucket for a bull. Keep away from Yahoo Mailing lists if you can.
Spam Through Paypal Email
Addresses:
You may also have to change your Paypal
email accounts and get them squeaky clean also.
We no longer advertise an email address
for Paypal Payments, and we had to use http://www.tinyurl.com
to link to our payment page.
Our current shopping cart doesn't even
need this, as it has a direct link into Paypal for simple payment.
We picked the domain we feel will always be there, our bread and butter domain, and used spam_domain_rego@yourdomain.com as the forwarding email address. We included the word spam in the hope that this may deter manual and automatic collection of data from using an address with spam in it, but there are no guarantees of course.
A big word of caution. If you use an address from one your domains, you must make sure that domain is always registered. We always extend the registation 12 months in advance, not when it is due. In fact, ours is registered 3 years in advance.
If this address is spammed, then it is a simple matter to change one address that you have full control over. Just add "yyyy", or whatever is easy. It doesn't matter, as long as you enable it in your email forwards, and disable the old one. Just don't let the domain expire, else you will never get admin email to tell you it has expired.
Some registration companies offer I.D. protection, so that your registration details are never seen, however as this protection costs more than the yearly registration, forget it. Just use the simple and effective system we have outlined above.
If there is a problem with billing, or your web site goes down, then you need a channel for them to contact you that doesn't rely on a registered domain. This email address should also be one that your local ISP can change if requested to do so for any reason.
Our local ISP has given us a primary, and 4 disposable secondary email addresses. Never give the primary email address to anyone, and if for any reason, a secondary starts to get spam, then you can drop it, and start with another.
The only contact that should have your local ISP email address is your Domain Web Host. If your domain fails for any reason, you may have to give out a local ISP email address in an emergency, but it should always be a disposable one anyway. So make sure you sign with a local company that has at least one disposable email address.
Don McKenzie
Do you pay for bandwidth
for the CPanel "All-Unrouted-Mail-Reject" feature?
Hostgator use a Cpanel front end
for their hosting accounts. When you get into the Default Address Maintenance
Menu, it gives you provision to set the default address for any individual
domain hosted by them.
You can enter :blackhole: to discard all incoming unrouted mail or :fail: no such address here to reject it.
From Tina Peters, Ex-Owner AffordableHOST.com The user will not have to pay for non-routed email, because we will reject that email before it even gets to their account. Blackhole simply trashcans it. Fail causes it to actually reject back to the sender. Both are done before they ever reach your actual account.
And further to this, from DaveC Ex-Affordablehost Support: If you do use this, be sure to enter the keywords with the colon both at the beginning and at the end (eg :fail: ) Don't use Affordablehost.com. They are now about the worst company on the web these days.
:fail: - causes our server to respond to a remote server trying to send mail to that address with a 5xx failure code and our server does not accept the message. Any text you enter after " :fail: " is placed on the same line. :fail: No such user here might be appropriate. A legitimate user trying to send mail there *should* get a bounce from his own ISP, usually (but not always) with the "550 no such user here" message included.
:blackhole: - causes our server
to 'accept' the message from the remote server, and then just drop it on
the floor. It does use some of *our* bandwidth (Im not sure if it counts
against accounts bandwidth or not). No bounce message will be sent. This
can be a dangerous setting, especially for the default/wildcard address,
as someone sending legitimate email with a typoe-d address never gets notified
that their mail didnt get thru.
The besy way of controlling
the catch-all email feature:
:fail:no such address here. See http://www.yourdomain.com/email.php
This returns the following message back
to the user when there is no recipient listed:
----- The following addresses had permanent
fatal errors -----
(reason: 550 no such address here. See
http://www.yourdomain.com/email.php)
It uses no bandwidth to tell the sender that there is no valid email recipient at this domain, and you inform them how to easily contact us via a valid email address.
Try sending an email to an address at yourdomain.com, but use any recipient name that you won't be using, and check the results.
Your email is rejected, and you are informed as to how to contact us by email, if you choose to do so. If your web host offers this feature, you don't even need an Auto-responder, however we have included it just in case your host can't handle this type of reject message.
You can also use: Catch-All
to spambounce@yourdomain.com
You simply put the email address you wish
to direct all email addresses that haven't beed defined to. If you make
it spambounce@yourdomain.com, then you should get two emails returned to
you. One to tell you there is no such user, and another from the auto-responder
that gives you the contents of that responder, including your web contact
page URL. Nifty huh?
CPanel Bug:
However :fail:no such address here.
See http://www.yourdomain.com/email.php doesn't work
on many installations.
I have contacted CPanel many times over
many years, as have ISP's on my behalf, but no action has ever been taken.
You can try to get your host provider
to do the patch below. I have had several companies do it for me now, but
you can work without it. I am doing so now.
| :fail:
no such address here doesn't work
and here is the fix:
Exim mail system Currently you'll
have this in the second box of the first triplet in the Exim Configurator:
Code:
message
= "The recipient cannot be verified. Please check all recipients of this
message to verify they are valid." verify = recipient
Code:
message
= "The recipient cannot be verified. $acl_verify_message" verify = recipient
|
I used to have it all mapped out on this page, but these days have found things a lot easier by using one of the many free email contact php script generators found on the web with google. It allows many variants that will suit your needs more readily.
Goto: http://www.tele-pro.co.uk/scripts/contact_form/
You will find everything you need there.
Here is an example of how to generate a simple Contact Page using PHP code:
And the resulting page:
This method is simpler than PHP code, uses HTML code and Javascript, however it will disclose your email address when the link is clicked. As only humans, not robots, will need to do the clicking, theechances of this email address joining the spam lists is very remote.
Final result will look like this:
| For Further Information Please Email Me |
Create the two files email.html
and mailto.js as shown below:
user = "username2007";
site = "yourdomain.com";
subject = "Your
Domain Email Contact Page";
set these above three
parameters to suit the email address, and subject you
wish to use.
Upload to your site and test.
email.html
| <p>
For Further Information Please <script type="text/javascript" src="/mailto.js"></script> </p> |
mailto.js
| user = "username2007";
site = "yourdomain.com"; subject = "Your Domain Email Contact Page"; document.write('<a href=\"mailto:' + user + '@' + site + '?subject=' + subject + '\">'); document.write('Email Me'+'</a>'); |
See: http://minitutorials.com/webdesign/javascript/mailto.shtml for full details.