Avoiding the Spam trap.
Email spam is an issue for business; it can take up man hours and time, which cost the company money.
One method spammers use to get your email is when you join a site you are required to submit an email address, some of these sites sell their email list to spammers.
The other method is spam bots or email harvesters. These are similar to search engine spiders in that they crawl the web looking for websites, but instead of looking for content and listing your website on a search engine, they are programmed to look for email address and send them back to the spammer’s server. This is what we will look at today.
The Catch-22 is your business needs to be easily contacted from your website; a contact page and/or email address is required. Making it hard for someone to contact you creates an unfriendly user experience and you will lose potential customers, but putting your email out there makes it a target for spammers. That's quite a catch, that Catch-22.... Read on.....
There are a few ways to combat the email harvesting bots and reduce the possibility of ending up on a spam list.
1. Use a contact form on your contact page.
Use a script that doesn’t require the recipients email address to be in the form (you may not see it, but it is there in the code for the spam bots to see).
Also, if you are using a common script such as formmail.cgi make sure it is set up to only accept requests from your server or it could be hijacked by a spammer and used to send out bulk emails using your account.
2. Confuse or block spam bots.
This can be done several ways using various script languages.
The spam bots scan the HTML code behind the page for email addresses; you can use script to hide the email address in the code but still display properly for a human.
JavaScript can be used to confuse some spam bots by breaking up the email address into parts or switching charaters and then writing it to the page (remember the spam bot will see the JavaScript code, not the result of the code)
Even better would be to not put the JavaScript directly into your page but to link to it as a .js include file. This method is independent of what platform you use to host you website.
The next method is to use server side scripts to detect the spam bots and block them. They can also be used to the same effect as the JavaScript method, a combination of both would be best just incase a new bot slips through undetected.
There are free scripts available for PHP and ASP with updated list of known spam bots and email harvesters from the links below.
You can even fight the spammers by poisoning their harvest with fake emails, just make sure you use a robot.txt on your server to block legitimate search engine spiders from crawling it.
A very good anti spam site fill of helpful links and information: http://spamlinks.net/spambots.htm
Some anti-spam measures to fight SPAM: http://www.kloth.net/internet/spam/
The Web Robots Pages: http://www.robotstxt.org/wc/robots.html
Posted by Marc Rosewarne at April 8, 2005 02:59 PM
