Spamproof Your Site

by Dan Thies

Anyone who operates their own Website knows that you need to provide a way for visitors to contact you by email. The big challenge is to provide easy email access to your visitors, without letting junk mail flood your inbox. The techniques described in this article have enabled me to dramatically reduce the amount of junk mail I receive through all my sites.

Preparing and Preempting

You need a couple things before you can really take effective action against spam. Your email software must be capable of filtering incoming email -- all the major email applications (such as Eudora, Outlook, and Pegasus) support this functionality. We'll use multiple email addresses to allow us to filter out spam and identify the source -- you can't combat spam effectively without filtering.

You'll also need to use a Web host that provides unlimited email aliases or addresses, and/or a catch-all email address. An "alias" is an email address that forwards to some other address (for example, webmaster@domain.com forwarding to your real email address). A "catch-all" email address will forward any emails sent to unknown addresses in your domain.

For my own Websites I use the catch-all, so that every message goes to my real email address. If you have more than a one-person operation, however, multiple email accounts and aliases are pretty much a necessity.

Fighting Back

The first step in fighting back against spammers is to understand where they found your email address. You must diligently protect your email address if you ever hope to stop them. Once your email address falls into the wrong hands, it will be sold on CD-ROM (via junk mail, of course) to thousands of spammers. And once that happens, you've lost the fight.

Spam Source #1: Domain Name Registrations

When you register a domain name, you must provide a contact email address. If you give them your real email address, you've just given it to everyone, including the spammers. Instead, use a portable email address (like Hotmail) to set up your domain.

If you have multiple domains, you can also use an alias (domains@yourdomain.com) on your primary domain for all registrations. With an alias, you can use your email software to filter out and save any emails that come to that address from your registrar's domain.

Spam Source #2: Web Forms & Email Newsletters

If you give your real email address on any Web form, or use it to subscribe to an email newsletter, you're asking for trouble. Instead, create a unique email address for each Website or newsletter. I just use the Website's domain name for this.

For example, if you subscribe to the SitePoint Tribune as "sitepoint.com@yourdomain.com" and let your catch-all address route it to you, you will always know where the email came from. If that address ever starts receiving junk mail, you can filter it out using your email software.

If you submit to search engines or free-for-all links pages (FFA's), use a unique email address every time. FFAs, in particular, are famous for flooding the world with junk mail. Once you've given an email address to an FFA, you may as well forget about ever using it again.

Spam Source #3: Your Website

The biggest source of email addresses used by spammers is your Website. Most sites list multiple contact addresses -- any time an email address appears on your Website in plain text, even if it's hidden in a form field, you're opening yourself up to having that email address captured.

To combat this menace, I've developed a set of JavaScript snippets that will meet almost every need you have to display your email address to the public, without allowing spambots to see it.

The Big Battle: Secure Your Website From Spambots

Almost every Website operator wants search engine spiders to visit. After all, search engines are the best source of free traffic on the Web. In the event that you don't want them to visit, they are easily kept at bay with a properly formatted "robots.txt" file.

Unfortunately, there's another group of spiders out there crawling the Web with an entirey different purpose. These are the spiders that visit site after site to collect email addresses. You may know them as spambots, email harvesters, or any number of other unpublishable names.

When it comes to controlling these rogue spiders, a robots.txt file simply won't get the job done. In fact, most spam robots ignore robots.txt. But that doesn't mean you have to give up and just let them have their way. Here are a few techniques that'll stop these spiders in their tracks!