Fight Spam:
Protect the Email Addresses on Your Site

Provided by the Good News Web Designers Association

Return to Directory of Tutorials or GNWDA home page

Spammers -- unethical senders of junk email -- are going to steal email addresses from your website. No doubt about that. If your site provides access to staff or group members, it's your responsibility to protect their addresses from spammers, as best you can.

Here are a few ways to do so; you have to decide which are appropriate for your site.

1. Spammers use software that scour the Internet seeking websites with email addresses. They even look inside the source code. Hide your addresses from their "spiders" by putting them behind text and removing the @ that they look for. In the HTML code, replace @ with @ and it will still work like an actual address. Test this to see it in action: Email Us! (This is not a valid, working address, so don't send mail.) Here's the code for my example:

<a href="mailto:spamtest&#64;">Email Us</a>!

2. Spammers' software can only look for addresses that are written in text form. Turn each address into a simple .gif image, and create a link from it using Suggestion #1. Your clickable address on the page would look like this:

3. Spammers sometimes look for email links and activate them to harvest addresses. But if they can find neither text nor links, too bad for them! In our sample, if the above graphic had no link, spammers would ignore it. Legitimate visitors would have to manually type the address into their email client, however. Spammers could do this, too, but the theory is that they won't take the time, because they're too much in a hurry, seeking as many addresses as possible as quickly as possible.

4. Spammers use search engines to find webpages that have a lot of "contact us" information. To keep search engines from finding and listing the page that provides email addresses, place the following code above the </head> tag:


5. Spammers search for the word "email" and other commonly used words that indicate addresses are present. Instead of posting addresses on your "Contact Us" page, give visitors a form to fill out, which sends the information to whichever "recipient" the submitter wants to contact. Of course, use the &#64; (of Suggestion #1) in the source code.

6. Spammers think you're too stupid or lazy to report abuses of your addresses. Prove them wrong by posting a message like this:

Want to send email to our staff? Spammers not allowed!
If you are harvesting addresses for a mass mailing,
you will be reported and blacklisted as an abuser!

7. Spammers who are really bad keep changing their own addresses and servers, so that when they get blacklisted on anti-spam databases, they switch to new, still-unreported source. We have to fight back by reporting them every time. Tell your people to notify you of spam they receive at their website domain name address, and educate them on how to report the spam. Blacklisting occurs immediately after they're reported to the proper authorities.

Report spammers to SpamCop.

8. Spammers will still sometimes get past all your protection, especially if your people spread their addresses around by subscribing to mailing lists and other online services. Find out if your Web hosting company includes spam fighters for your domain name email service. For example, some include "Spam Assassin", which identifies incoming spam, removes MIME formatting and reverts it to plain text (so you don't have to see porn images) and stamps it loud and clear with a warning that it is spam; you can delete it without having to read it first.

9. Spammers sometimes clean out their mailing lists of dead addresses (and sometimes they don't). Send spammers a mailer-daemon bounce-back message that says your addresses are not valid. This can be done with a program called MailWasher Pro. For a very low price, this software also lets you preview all the mail in all your domain name mailboxes (and others you have access to) at one time, so you can weed out spam and viruses with one click of a button before you even start up your email client. It's very user-friendly, very configurable for whatever your preferences might be, and very handy.

Additional ideas from GNWDA members:
Posted by: Rich Bedard of e-Catholic 2000

I use a program called "Email Control" to pre-screen all my email right at my personal Internet service provider (ISP) server before I decide whether or not to download it via Outlook Express. It is a free download. You can delete spam right at the server without having to view it. You can place senders on a blacklist and their emails will be automatically deleted the next time. You can also send back Mailer Daemon messages to the source indicating your email addy is invalid etc. Additionally, you can configure it to include all your email addresses, both personal and webserver email alike. (Editor's note: this is very similar to MailWasher Pro.)

The only downside is that it displays a fairly small advertising banner at the top right of the screen.

Do you use any methods not listed here? Submit it at the top of this page (right column) and we'll add it!



Report spammers to SpamCop

Kill the spam! Many Web hosts include "Spam Assassin" or similar tools in their packages. Find out if yours does!

Fight back! Send spammers a mailer-daemon bounce-back message that says your addresses are not valid, with MailWasher Pro, which also lets you preview all the mail, then weed out spam and viruses with one click of a button.

Return to Directory of Tutorials or GNWDA home page