Thursday, June 17, 2004
By: Matthew Doucette
(Note: Articles such as this are not "timeless". With time, new spamming techniques may render the solutions here useless. Please contact us if you have new ways to prevent spam!)
There are various way of stopping spam emails, without using third-party email filters.
I have only tested a few spam email filters, all which deleted non-spam emails, so I can not offer any advice on what spam filters do or do not work. However, here are various ways to stop spam emails without spam filter programs:
Control Your Own Dot-Com? Use Specialized Emails:
A "specialized" email is one that you only use in one location. You create a new specialized email for each new website you signup to.
For example, if you were to signup to our Xona.com forums, and you controlled/ran the website example.com, you could create a specialized email such as xona.com@example.com under your example.com site. So, "example.com" is your website and "xona.com" is the email's name, which makes the email special to only Xona.com. You do not have to use "xona.com" as the email's name. Instead, you could call the email Xona@example.com or xonaforums@example.com or whatever you choose. I find using the website's base URL (i.e. "xona.com") the easiest format to remember. With that email, only use it for signing up to Xona.com related things.
Once you are using specialized emails, set up your server to accept only these specialized emails, and block everything else.
If you ever start to get spam to one of these specialized emails, you can easily block it, as it's not your mail email address.
A real-world example: I have two specialized emails that I use for my www.directnic.com account. I then setup a mail filter in Outlook Express to delete any emails to either of those two emails that are not from DirectNIC. Note: DirectNIC emails come from both directnic.com and intercosmos.com, so you have to incorporate both those domain names in your mail rule. If you were to block intercosmos.com emails by accident, you have just deleted non-spam email. Make sure you do not set up illogical rules that delete non-spam emails!
Gmail Plus Addressing and Filtering:
ExtremeTech explains how to use "plus addressing" and filtering to emulate the "specialized emails" we spoke of earlier:
"In a nutshell, Gmail will ignore anything in the first half of an email address after a plus sign. So ben.hammersley+chapter_three_comments@gmail.com is treated in exactly the same way as ben.hammersley@gmail.com. It is not, as you might expect, a different address." - ExtremeTech
Read Gmail Power Tips - Plus Addressing and Filtering (subpage of Gmail Power Tips article) for more info.
Use JavaScript-Encoded Emails on your Websites:
If you have an email address on your website, and your website gets any traffic at all, then more than likely your email will be picked up by a bot. (Derived from the word "robot," a bot is a software program that performs repetitive functions, such as indexing information on the Internet.) Bots are smarter than you may think. For example, encoding your email like this will not work for some bots:
Regular Non-Encoded Email:
username@domainname.topleveldomain (Will be picked up by a bot.)
Simple Encoded Email:
username AT domainname DOT topleveldomain (Will also be picked up by a bot.)
If I were to code a bot to rip email addresses, I would most definitely make it check for these simple "hidden" emails.
Another method is to replace the at sign ("@") with the HTML special character definition ("@"). I would also make "my" bot check for this. You can still use this, as it will stop some bots, but do not rely on it.
However, a difficult task would be coding a bot that parses JavaScript. So use JavaScript to encode your email address as much as possible. Do not simply do a document.write that writes out your email address, as a bot can pick that up as easily as it can if the text was in regular HTML. Suggestions are to split up your email address as much as possible, write it out in ASCII code, or even code a simple mathematical encryption scheme that modifies the text you place in your JavaScript to your actual email address.
How Do I Encrypt My Email Via JavaScript?
Use our AntiSpam Mailto freeware!
(Aug 08/2004) Update on JavaScript Encrypted Emails:
I just received two spam messages to two JavaScript encoded emails of mine. The two emails were listed one after the other, so this means it is fairly certain that a person did not grab the emails, but a bot did. Thus, it is proven that there exist some bots that will decode JavaScript properly to extract JavaScript encoded emails.
Also See:
About the Author: I am Matthew Doucette of Xona Games, an award-winning indie game studio that I founded with my twin brother. We make intensified arcade-style retro games. Our business, our games, our technology, and we as competitive gamers have won prestigious awards and received worldwide press. Our business has won $190,000 in contests. Our games have ranked from #1 in Canada to #1 in Japan, have become #1 best sellers in multiple countries, have won game contests, and have held 3 of the top 5 rated spots in Japan of all Xbox LIVE indie games. Our game engines have been awarded for technical excellence. And we, the developers, have placed #1 in competitive gaming competitions -- relating to the games we make. Read about our story, our awards, our games, and view our blog.