No More Damn Spam
By Don McKenzie
I felt it was about time to remind people what I did about Spam in 2002. After many years of putting up with Spam, and trying many methods of preventing Spam, including programs such as Mailwasher, I finally declared war on Spam, and have never looked back. Basically I don't get Spam, and my method is no secret. Most people I have tried to educate, think I am some sort of a nutter. So I gave up trying. Sorry, your loss.
Here I am running a business, and have zapped Spam virtually completely. In the 9 years since I have been running this system, I would doubt that I have had 25 Spams total. And when I get one, I use a simple system to make sure I never get one from the same source again.
What is the cost?
Special price today only $0 If you own a domain and have a bit of web space, the cost is zero. Don't believe me?
Don's Free Guide To Spam Reduction
The full rundown. How to get rid of spam: We can't figure out why people spend so much time and money attempting to get rid of spam, when the answer is so simple. We have used this system successfully since 2002, and we are running an on line internet business. Individuals will find it extremely simple to put into operation.
Special Note *** Have a look at the newsgroup http://groups.google.com/group/alt.spam/topics or news:alt.spam I have been visiting there for years. You will see the same good guys in white hats, fighting some old, and many new bad guys in black hats. I don't understand most of the local techo lingo, and even the guys in white hats have many disagreements amongst themselves. But they do go about trying to make things better for genuine internet users, and I would never want to discourage them from doing so. Helping out anyone who asks in a civil fashion, reporting spam, and offering advise on spam reporting and prevention, however they seem to spend a fair percentage of their lives trying to combat spam. But, please keep up the good work guys. I could start to name you, but it would be very unfair if I missed anyone.
Go Top | Go Bottom | Go Back | Go Forward
You must start from the ground floor, and sweep with a clean broom:
To combat Spam today, you must have an Email system that is squeaky clean, and leave no cracks or crevices that Spam can crawl through. If it does, you need a means of blocking it very quickly.
You don't need to use filters.
You don't need to bounce email.
You don't need to sort or delete any email.
You don't need to use black and white lists.
You don't need to buy sophisticated software.
You don't need to block IP's, countries, or domains.
You don't need to have Challenge-Response systems.
You don't need to spend hours maintaining a spam-less inbox.
You don't need to mistakenly erase email from customers or friends.
You don't need to use any bandwidth, as all spam is rejected. (Read on)
You do need to use a little common sense, and be able take on some good advice.
The total cost of this spam prevention system annually, is the price of a web host at around $50 to $70USD, and a domain name at around $8 to $12USD.
This can be for one individual user, or hundreds if you join into a group, or syndicate.
Do you own a domain? You don't have to, but it helps if you do. You can reduce spam by 98% to 100%, no fees, no drama.
This is a simple low cost method of getting rid of most of the spam that is being delivered to email in-boxes today. Most of what we propose isn't new. It is the combination of all of these rules that make the system successful, and we have been using this system since 2002.
1-Jan-2004 Ash Roll – Digitalnemesis.com Hi Don 🙂 Yep – thanks for the info on your web site – works a treat. I still have to change over my sales account at PayPal yet and organise all that side of things, but I've gone from 200+ SPAM a day to about 10 a week!
Domain name registrations are cheap. Web hosts are cheap. Small groups of people should consider joining ranks and setting up these Spam prevention techniques. After all, 20 users could throw in $5USD each, and you could run your own domain for a year, and still have change. Elect a webmaster to manage your email addresses using a single domain name. OK, 20 of your closest friends may be a bit of a nightmare, how about 10 at $10USD each? That's very workable.
This tutorial was written with a business in mind, but the same rules apply for individuals.
The simplest way to stop spam and viruses is to keep your email address hidden from spammers, but not from contacts and associates. Of course, you must have an email address in order to operate a web site, or be contactable by email. We protect the email addresses we give out, and we organize them in such a way that they can be altered without losing any business or personal contacts. On January 1st every year, the email addresses are updated so that any potential spam is dropped off.
OK, How do we go about it?
Protecting your email addresses from spammers
Your ISP may be generating Spam on your behalf
Spam Through Yahoo Mailing List
Spam Through Paypal Email addresses
Spam Through Your Domain Registration Details.
Your Web Host Billing Email address.
The required HTML Code
As you can get a suitable basic web host for around $4USD per month, we would suggest that even private users take advantage of this. Isn't it worth it?
Hostgator (Above) is just one of many. This will provide you with the ability to run one domain using the Hatchling Plan account. If you purchase the Baby Plan, you can have an unlimited number of domains.
Hostgator also has Cpanel pre-installed at the same price, however domain names cost a little more than some others. The few extra dollars to have it all with one company, may well be worth not having any hassles. I much prefer a host with Cpanel, as I have been using it for years, and have explained this tutorial using it.
But you mileage may vary. If you are more comfortable with something else, then fine.
You must also register at least one domain. Make it a US dot com domain, as these are cheap. Around $11USD
Godaddy (Above) seems to have a cheap rate on US Domain Registrations, and hosting packages, however Cpanel is not included at the same price, and is an extra.
My personal choice has been to get a Hostgator Baby plan with Cpanel included in the price, and a Godaddy Domain Registration. I do have many Domains registered, so it is a considerable saving when you do the maths, but for a single Domain, Hostgator is fine.
Example of typical email addresses and domains that can be registered for groups of people.
We were getting 200+ spams to our web based business every day. We would imagine it would be 2000+ today.
Did we mention Viruses? Get rid of the Spam and the Viruses vanish also.
As this spam reduction system limits the number of times our current email address appears in customers and friends address books, viruses will also be limited. Before continuing, check your prospective service provider to make sure their domain isn't hosted by a spam friendly and thus widely blocked ISP
OK, How do we go about it?
Web Host Requirements:
Our thanks to Alan Hackett of Perth West Australia for originally putting us onto the Web Page Contact operation.
You must have a web host (Preferably with a CPanel interface.) that has:
Several email address forwarders.
Set Up Your Email Addresses: Set up only the email addresses that you wish to use for your business, or personal email system. We use basically only two addresses for the main operation of our web site.
The "2011" is the current year, and is incremented every year.
Spammed Email Addresses:
Spammers will send email to any address that they feel will reach you. This can be any address at your domain. Bouncing spam email is simply using up bandwidth, as spammers don't use their own email address, and you may well be bouncing these emails to genuine users.
You will no doubt have an old email address that is picking up most of the spam. Let's call this firstname.lastname@example.org All email sent to email@example.com is directed to firstname.lastname@example.org which is an Auto-responder. This will send an email to the sender with a text message generated by you. Picture below shows the settings to get your "email@example.com" Auto-Responder working.
Setting the interval to zero hours, allows you to test your Auto Responder continuously.
If it is set to the default setting of 8, this means it will only respond to the same IP address once in every 8 hours. I suggest after testing it that you set it back to 8.
Make up your firstname.lastname@example.org addresses, and get them working.
Make sure your reply to address in your email program uses these new addresses. Delete all the old previous years (email@example.com), so that they are no longer directed to firstname.lastname@example.org.
1-Feb Each Year:
Direct all the email@example.com addresses to your spam bounce message from your auto-responder. And bounce these firstname.lastname@example.org addresses with your auto-responder for about a year until your friends/customers become familiar with your new email address, then delete them. This really means they will bounce for about 11 months, then vanish.
The Picture below shows the forwarding, or redirection of all email sent to email@example.com being directed to firstname.lastname@example.org which is an Auto-responder.
And if many people are using this disposable email address method, and the spammers eventually catch on, you simply change the rules of the yearly increment. 🙂
email@example.com change to:
You can add any special characters, such as: !#$%^&* The sky is the limit, whatever you can think up.
Special Addresses for companies you deal with: You may wish to use firstname.lastname@example.org or similar, for those special domain registrations etc., that you don't wish to change the email address every year.
If you are on a yahoo group, it would pay to use say: email@example.com If it starts to generate spam, then you only need to worry about one address.
are some examples of what you may need to set up. If you get spam, then you can throw the year in after the name if you wish, or some other simple method of changing it. Get the idea?
This in principle is what is called Disposable Email Addresses, however in this case, you aren't asking third parties to have control of your Disposable Email Addresses, as you have full control, and you aren't paying extra for them.
Another nice feature with CPanel is the dual addressing feature. Example: firstname.lastname@example.org can be directed to email@example.com and also firstname.lastname@example.org can be directed to email@example.com We use this for our "Fax To Email" service to two different users. That is, the fax is received, and sent to two email addresses.
Your Auto-responder text should look something like this:
yourdomain spambounce Auto-responder
Has the year changed since you last contacted us?
Then the address will simply be out of date.
Please read "Year Increment" below:
Read: http://www.yourdomain.com/email.html for a full explanation of our email system.
The email address you attempted to post to has been removed, and replaced with a new one, and your message has been ignored.
This has been done to prevent Spam and Viruses, and takes place every 12 months.
We apologize for this inconvenience.
To contact us, simply click on http://www.yourdomain/email.html and send us a message.
Your message will be answered ASAP and you will be returned a valid working email address that you can contact us on in future.
This working email address will only be valid for a maximum of one year, as the year in 'yyyy' format, will be part of the email address. We hope you can understand the need for us to go through this procedure, and allow our valued customers access to us without the need for spam filters potentially deleting your valued message to us.
"Year Increment" You can also calculate our address by simply incrementing it to the correct year, if you have our old email address. ==================================================
Note **** If we get spam on any new address, we may add an additional character, or re-arrange characters during the year.
In which case, you will need to send an email via our contact page to reach us.
Examples of the additional, or re-arranged characters: 2011user@ user2011a@
Your Name Here E-mail: http://www.yourdomain.com/email.html
Home Page: http://www.yourdomain.com
Protecting your email addresses from spammers:
So, we are now allowing only the email addresses through that we have selected. All others get rejected, or bounced with an Auto-responder message.
The next trick is to tell only valid customers and associates what your email addresses are. This is done with a little HTML and java-script code.
This allows you to place your real forwarding email address on the web, and yet not display it to potential spammers. This is done with what is called an email contact page. If you examine email contact pages, you will see that the customer must first contact you via this page, then once he has made initial contact, and you respond, he/she will have your new email address.
This also prevents large email attachments from customers, without initial contact to you.
You can change the email address every year and get rid of any spammers that made it this far, and not lose your customer data base. Result is 95% to 100% reduction in spam.
We do have spammers actually filling out our email contact page, however I know when I see this, that they have reached the bottom of the barrel. If they generate scripts to do this task for them, you simply change the order of the information, so that an input error will occur. But not worth worrying about, we get about 1 every 3 to 6 months.
We also have instructions on our Email Contact Page, on how to calculate the current email address, so that genuine users can email us directly. We had product review pages, and Guest Books, and have had to close these because of spammers.
Your ISP may be generating Spam on your behalf
We have been collecting spam from the same email address since 1995, and had to do something very aggressively about removing it.
If you have been running a business, you should know that your personal "real email address" should never be given out to anyone, as you should be using your domain email system.
If you are getting spam through your "real email address", then get your local ISP to change your account name. We have done this several times since 1995, however much of it has taken place because of moving to new ISPs as the internet has grown.
Never post a real email address to a newsgroup. We use something like "firstname.lastname@example.org", and in the the sig of our message, we place the web contact page details, so we are readily contactable with a click of the mouse.
If you use a program like Thunderbird, it allows for special email ID's when posting to newsgroups. If you change your business email addresses every year to increment to the new year, and you change your local ISP account name if required, then spam should be down to a level that is very close to zero.
We found our Australian Optus ISP was actually generating a mountain of spam for us, as we were listed as:
email@example.com (our actual domain name)
We got our primary account name changed, used one of four secondary addresses as our new contact address, and have never got an email of any description directed to any of the other domains since doing so. ISP's seem to want to generate and charge for additional bandwidth. Make sure you allow about a month overlap between 'yyyy' (year) increments. The previous 'yyyy' can always be sent to your "spambounce" feature for a month, then it can be sent to "All-Unrouted-Mail-Reject" by simply deleting the email address from your valid email addresses after 12 months.
Spam Through Yahoo Mailing List:
We were moderating a yahoo group mailing list for our business. We found 10 to 20 spams everyday being posted to the group moderator. It's a no win situation. If you moderate your membership, and leave your moderator email address valid, you get spam. If you block your moderator address, and allow anybody to join, everyone gets spam. We had to shut the group down. We now run it spam and ad free from our new web host at no additional charge. Sending support messages to Yahoo is about as useful as a milking bucket for a bull. Keep away from Yahoo Mailing lists if you can.
Spam Through Paypal Email Addresses:
You may also have to change your Paypal email accounts and get them squeaky clean also. We no longer advertise an email address for Paypal Payments, and we had to use http://www.tinyurl.com to link to our payment page. Our current shopping cart doesn't even need this, as it has a direct link into Paypal for simple payment.
Spam Through Your Domain Registration Details.
Spammers are now going through these details to get your email address. We have several domains registered, however we have them all registered with the one company, so they all use a single email address.
We picked the domain we feel will always be there, our bread and butter domain, and used firstname.lastname@example.org as the forwarding email address. We included the word spam in the hope that this may deter manual and automatic collection of data from using an address with spam in it, but there are no guarantees of course.
A big word of caution. If you use an address from one your domains, you must make sure that domain is always registered. We always extend the registation 12 months in advance, not when it is due. In fact, ours is registered 3 years in advance. If this address is spammed, then it is a simple matter to change one address that you have full control over. Just add "yyyy", or whatever is easy. It doesn't matter, as long as you enable it in your email forwards, and disable the old one. Just don't let the domain expire, else you will never get admin email to tell you it has expired.
Some registration companies offer I.D. protection, so that your registration details are never seen, however as this protection costs more than the yearly registration, forget it. Just use the simple and effective system we have outlined above.
Your Web Host Billing Email address.
There should only ever be one single contact that has your real, local, email address, and that is your web host billing address and contact. If there is a problem with billing, or your web site goes down, then you need a channel for them to contact you that doesn't rely on a registered domain.
This email address should also be one that your local ISP can change if requested to do so for any reason. Our local ISP has given us a primary, and 4 disposable secondary email addresses. Never give the primary email address to anyone, and if for any reason, a secondary starts to get spam, then you can drop it, and start with another. The only contact that should have your local secondary ISP email address is your Domain Web Host.
If your domain fails for any reason, you may have to give out a local ISP email address in an emergency, but it should always be a disposable one anyway. So make sure you sign with a local company that has at least one disposable email address.
Use HTML code and Java-script to create your web contact page, however it will disclose your email address when the link is clicked. As only humans, not robots, will need to do the clicking, so the chances of this email address joining the spam lists is very remote. And if it does, you can dispose of it, and get a new one.
Final result will look like this: "For Further Information Please Email Me" and when you click on the Email Me link, your default email program will be launched with the email address and subject line ready to go.
Create the two files email.html and mailto.js as shown below:
user = "username2011";
site = "yourdomain.com";
subject = "Your Domain Email Contact Page";
set these above three parameters in the mailto.js file to suit the email address, and subject you wish to use. Upload the below two files to your domain root directory and test.
Contents of email.html
Contents of mailto.js
user = "username2011"; site = "yourdomain.com"; subject = "Your Domain Email Contact Page"; document.write('<a href=\"mailto:' + user + '@' + site + '?subject=' + subject + '\">');document.write('Email Me'+'</a>');
I really hope you think about introducing this simple method of controlling spam. It is low cost, low maintenance, and after initial set up, runs itself. It has saved me many hours of time since 2002.
Good luck with it.