Page tree
Skip to end of metadata
Go to start of metadata

SPAM Protection is a difficult subject because everyones needs are different when it comes to what e-mail they do and do not want to receive. If you have not already installed Dynamic Spam Rejection with RBLs and SpamAssassin on your account, we highly reccomend you do this as soon as possible to help you combat SPAM.

Defining SPAM

SPAM is unsolicited e-mail. Most users of e-mail have a good idea what SPAM is and want it to stop. By January of 2005, unsolicited bulk e-mail made up over 80 percent of all Internet e-mail, up from 60 percent in the first quarter of 2004, and up from 36 percent in 2002.

E-mail advertisements (SPAM) have been around as long as e-mail has. Internet marketers have found spamming a very cost effective way of getting their advertisement sent to thousands of people. These tactics, however, put the burden on people who do not wish to receive such e-mail. SPAM blocking software is available, but in a way it has made the problem worse. Such technologies have made it harder for spammers to connect with unwilling customers, so they compensate by sending out more e-mail. This is the reason you receive the same SPAM e-mail 10+ times.

Identifying Valid SPAM

You will often receive a SPAM e-mail that looks like you sent it. This is a common tactic spammers use to hide the location they are sending the e-mail from. In order to do this, spammers forge the e-mail headers and insert your address into the "from" part of the e-mail.

It is important to understand that even though the e-mail looks like it is coming from you, it is not sent using your e-mail account. You can usually find the real address just by viewing the raw e-mail header.

Another popular trick spammers use is to forge the e-mail header with your server information. The e-mail will appear to be sent from your web hosts server such as "serverXX.yourwebhostsdomain.net" ("XX" would be the number of the server your account is on, like "32" for example").

These messages were not sent by your web host. We will never send you any mail with your server information as part of the address. Any mail that is sent with your server information as part of the address will be SPAM. This can easily be blocked or filtered. See the Protecting Against SPAM section below for more information.

Protecting Against SPAM

We recently installed Dynamic Spam Rejection with RBLs and SpamAssassin on all of the servers. Dynamic Spam Rejection with RBLs rejects any incoming mail from senders on dynamically updated black lists (because this mail is rejected before reaching your inbox, you do not have to worry about filtering it). SpamAssassin works by viewing the contents of an e-mail message and scoring it based on certain keywords found in common SPAM messages such as "get rich quick," "make money fast," and words with connotation to the adult industry. This system will tag potential SPAM messages in the subject line of the e-mail. Please visit the SpamAssassin page for more information about installing and configuring SpamAssassin on your account.

Filtering SPAM

Once you have SpamAssassin set to tag any SPAM messages sent to you, you will need to use your e-mail client to filter that e-mail. We suggest that you make a new folder specifically for this purpose, and send all e-mail tagged as SPAM to that folder. You can then check your SPAM folder periodically to make sure that no legitimate e-mail was accidentally tagged as SPAM. Once you are sure that all the e-mail in that folder is SPAM, you can delete the contents of that folder.

Below are instructions on how to filter e-mail with two common e-mail clients. If your e-mail client is not listed here, you will need to consult your help documentation for instructions on how to filter e-mail.

  • Microsoft Outlook Express 6.0
    1. Click on Tools > Message Rules
    2. Click on Mail
    3. In section 1, check the box that says Where the Subject line contains specific words
    4. In section 2, Check the box that says Move it to the specified folder
    5. In section 3, click on the blue link that says contains specific words
    6. In the Type Specific Word Box, type in the Subject Tag that you created when configuring SpamAssassin (in this example, we'll use **SPAM**).
    7. Click the Add button
    8. Click the OK button
    9. Back in section 3, click on the blue link that says specified. This will bring up a list of outlook folders.
    10. Select the Deleted Items folder
    11. Click the OK button
    12. In section 4, name the rule SpamAssassin
    13. Click OK
  • Netscape Mail 7.0
    1. Click on Tools > Message Filters
    2. Click on the New button. This will bring up the Filter Rules Box
    3. In the Filter Name: text box, type in SpamAssassin
    4. Select the Match any of the following radio button
    5. Change the options so that the Subject Contains the Subject Tag that you created when configuring SpamAssassin (in this example, we'll use **SPAM**).
    6. In the Perform this action: section, select Move this folder to trash
    7. Click OK

Tips for Reducing SPAM

It seems that these days it's impossible to prevent SPAM completely. The above mentioned programs and filters will help you cut down on SPAM you are already receiving, but by following some of the following tips, you can drastically reduce receiving new SPAM to your e-mail accounts.

  • Turn off your catch all e-mail alias - A Catch All alias will capture and forward e-mail sent to addresses that are misspelled or non-existent. For example, if someone sent an e-mail to jondoe@yourdomain.com instead of johndoe@yourdomain.com, the Catch All account would make sure that the misspelled receiver didn't bounce. spammers will often take advantage of this by adding common names to your domain to beef up their e-mail list. You can make sure your catch all is turned off through your Aliases page of the E-mail/FTP section of your Site Manager. For more details, please see our Aliases Documentation.
  • Don't publish your personal e-mail address on your Web site - In a recent study conducted by The Center for Democracy and Technology, 260 test e-mail addresses were created as bait for spammers, and used in various ways known to attract SPAM. The study found that posting an e-mail address on a public site attracted the most unwanted e-mail � five times as much as for any other reason. Automated systems 'crawl' websites looking for e-mail addresses, adding them to lists without your permission. If you do want to publish a personal e-mail address disguise it using javascript or as an image (unfortunately, these can stop some valid viewers from e-mailing you), or even better, replace the email address with a contact form allowing you to pre-qualify enquiries by asking detailed questions or giving a choice of specific variables. To learn more about creating a contact form on your account, please see our MSA FormMail Documentation.
  • Don't give your e-mail address out to just anyone - It may sound simple, but the best way to reduce SPAM is to not give your e-mail address out to just anyone. E-mail addresses have become so common these days that people give almost no thought to adding it to contact forms, contest entries, customer feedback forms, comment cards, etc. It seems harmless, but the truth is many of the companies that collect this information will store your e-mail address in a database (along with your other submitted information). These databases can be sold or shared with other companies/individuals, and suddenly you will be receiving e-mail that you did not request.
  • Never forward or reply to SPAM e-mail - Every time you forward or reply to SPAM e-mail, you are validating your e-mail address to the spammer and will most likely be added to more SPAM lists.
  • Never click any links in SPAM messages - This includes the unsubscribe links found at the bottom of many SPAM messages. By clicking these links you will often validate your e-mail address to the spammer and again, will most likely be added to more SPAM lists.
  • Don't use single names for your e-mail address - Single names addresses (e.g. bob@ or susan@ yourdomain.com), can be easily guessed by spammers. A popular alternative is to use both your first and last name seperated by a period (e.g. jon.smith@yourdomain.com). This will usually guarantee that your contacts really know who you are.
  • Don't use sales@, support@, or any other generic address - Using these generic e-mail addresses poses the same problem as discussed in the above tip, they are too easy for spammers to guess. Again, adding a more descriptive name along with a period can help reduce SPAM (e.g. online.sales@yourdomain.com).
  • Review the privacy policies of Web sites - It's always a good idea to review the privacy policies, privacy statement, terms of use, or terms and conditions on Web sites. Even reputable sites that you trust that require login or registration with your e-mail address (e.g. shopping, banks, newsletter, etc.) should be checked. If there is not a clear explanation on how your personal information will be used and protected, you may wish to consider not using the services of that Web site.
  • Watch out for checkboxes that are already checked - When filling out online forms with your personal information, many Web sites will have checkboxes (which are already checked by default) which gives them permission to send you future updates/info etc... In some cases, leaving this box checked means that you are giving the company permission to share your personal information with other businesses/individuals, and once again you are suddenly receiving e-mail that you did not request. Make sure and uncheck the checkbox so that your e-mail address is not shared.
  • Create a generic SPAM e-mail address - By setting up a generic e-mail address you can use in the high-risk SPAM situations (e.g. forums, registration pages, newsletters, etc.), you can keep alot of the SPAM seperate from your main e-mail box. The address can be anything you like, but it would probably be a good idea to make sure it's not too similar to your real e-mail address. It is important that you actually set this e-mail user up through your Users page of your E-mail/FTP section of your Site Manager as many of the registration sites will need a functioning e-mail address so you can reply and verify your e-mail account to activate your registration etc. For more details about setting up additional e-mail users, please see our E-mail User Documentation.
  • Disable the automatic downloading of graphics in HTML mail - Some e-mail clients will allow you to disable the automatic downloading of graphics in HTML. Many spammers send HTML mail with a linked graphic file that is then used to track who opens the mail message�when your mail client downloads the graphic from their web server, they know you've opened the message. Disabling HTML mail entirely and viewing messages in plain text also prevents this problem.
  • Don't forward chain e-mail messages - Besides increasing the overall e-mail volume, by forwarding a chain e-mail message you might be furthering a hoax. You will also lose control over who has access to your e-mail address as others may forward the chain letter (with your e-mail address included in the header) to countless others.