Fight spam from day one
Today I attended a presentation/discussion on Wharton’s plan to deploy Microsoft Exchange 2007. By far the most active portion of this discussion was about spam: whether to block it or simply filter (or both), where to do so, and how. It made me realize that every time people talk about spam, they tend to forget one critical component: preventing it in the first place.
Once you start getting spam, there’s nothing to do except block and/or filter it — either way, spammers are still sending things to you. The key is to protect your email address as much as possible from the moment it is created.
I’ve been at Wharton for over six years now, and thus have had my Wharton email address that long. I get very little spam at that address. In fact, the majority of the spam I do get is from mailing lists I’m on — spam sent directly to my account is almost non-existent. The reason for this is because I’ve been pretty careful about protecting my email address.
The best way to prevent your email address from ending up on a spammer’s mailing list is to make sure that it is never posted on the public web. If it’s absolutely necessary to post your address, then you need to make sure that Javascript or another technique is used to obfuscate it from the bots that troll web pages look for email addresses. Even better, replace mailto: links with a web form that fires off an email. And if scripts start spamming that form, a CAPTCHA will pretty much stop them dead in their tracks. When you’re taking the time to post a comment on a blog, sign someone’s guestbook (if people still even use these things), or post to a message board, make sure that it’s not going to display your email address in plain sight.
Also, be careful about which sites you give your email address to. Don’t worry about the reputable ones, like Amazon.com, but be wary of those you’ve never heard of. If you need to enter an email address in order to download something, for example, first try entering a completely phoney address. If it turns out that you need a legit address in order to receive a link to the download, then establish and use a throwaway address from any number of free web email providers.
IT professionals: educate your users from day one about how to keep their email addresses at least relatively spam-free!
In terms of spam filtering, though, I do have to give props to Gmail for the best darn spam filter I’ve ever seen.
This entry was posted on Wednesday, November 28th, 2007 at 6:33 pm and is filed under Web/Tech. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.