Folks with websites: how does automated SPAM work?

[Chris Fitzgerald]

I'm very happy with my yahoo account and the spam filters that it uses - however it filters spam, it does a great job of dumping it directly into a "bulk" folder so I don't have to see it. Strangely, most of the spam I get comes from me having my own website, so I got to wondering how the "autospam" thing actually works. Does it look for a "contact" page and then search for a link there?

The reason I'm asking is because every so often, somebody I don't know tries to contact me through the "contact" page of my site, and these emails invariably get sent to the "Bulk" folder on yahoo...and since 99.9% of these messages are trying to rip me off or trying to sell me medications I am thankfully not yet in need of, I don't check that folder very often and just let those messages time out and get deleted. However, this means that I sometimes miss actual communication attempts from people who are interested in contacting me about the actual bass-related content of my site. Are there any tricks to get around this, so that an actual human who wants to contact me can be directed to my personal yahoo address, while the spam will be forwarded to the bulk folder?

[James Hart]

I use a very specific subject line on webforms AND set up a specific address for them. I then set my mail client to filter the specific subject into a "Webform" folder. That way if the address is used by the form, it'll have the proper subject... if it doesn't it's most likely junk.

I have filters for ALL people I communicate.... everything in the right folder. I also remove the "catch all" from the mail server. If you do not have a specific address then it bounces back with 'unknown user'.

etc etc etc


ton of tricks to try.

[Wil Davis]

One trick might be to remove any e-mail addresses which look like e-mail addresses (i.e. fred@bloggs.com) from your web-pages (these are easily read by robots/web-crawlers/spiders), and replace them with graphical representations of the address (i.e. a graphic of "fred@bloggs.com"), which would be easily readable to a human, but just a graphic file to an application.

Another trick would be to replace the address with "fred (at) bloggs (dot) com".

I'm sure there are many more…

- Wil

[=^..^=]

As Wil says the spammers have spiders that automatically surf sites and look for the mailto: code and harvests the email address after it.

A quick google search showed a number of ways of hiding the email address but still allowing people to contacy you by email

Link to a google search

This one is good and can be either javascript or HTML

http://javascript.about.com/library/blemail1.htm

Here is how I do it on my site

http://www.stonechase.com/contact.html

That email address has been protected since I put the page up and the code seems to work well.

Hope this helps.

[JDT]

What ^ said about the spiders is the way they work.

If your site supports something like PHP/ASP/... you can make a contact form with that. Hides your mail adress, but unfortunatly also does not require the user to have a valid email adress. You have to think about what matters more to you here...

[westland]

The authoritative site on how (and who ... it's only about 200 groups worldwide that are responsible for almost all of your spam) is Spamhaus. They work with the CIA and FBI on investigations, and sell software.

Spam techniques are constantly evolving. As I understand it, right now, directed denial of service (DDoS) attacks and spam may be using the same infrastructure: zombie botnets of around 20,000 computers each which are for rent for perhaps $2000 an hour (I might be wrong about these figures, but I seem to remember this from somewhere).

Anyway, best to rely on others for controlling spam. Google, Microsoft, Yahoo, etc. all have invested a lot of money in controlling spam. It's of course made easier, because they know who the originators are, and some of them are going to prison. Australia has all but been put out of the Spam business by law enforcement. Hopefully the US should be next. I understand that Phoenix is a hotbed of spammers (must be where geeks retire).

[Chris Fitzgerald]

Thanks for the replies. I'm going to contact my webmaster and see if we can use one or more of these techniques to see if they work in my case. I hope so - some of the stuff I'm getting sent is pretty goofy. I can't believe anybody falls for most of that ****.

[TimoMetzemakers]

If you're feeling vindictive, you can always install a few pages from webpoison.org that will feed bogus email addresses to the spiders and poison the spammers' email databases.