Article printed from SiteProNews: http://www.sitepronews.com
  HTML version available at: http://www.sitepronews.com/archives.html

Spam-Proofing Your Website
by Dan Thies ©Copyright 2002-2003

Anyone who operates their own website knows that you need to
provide a way for visitors to contact you by email. The big
challenge is providing easy email access to your visitors,
without letting junk mail (SPAM) flood your email inbox. The
techniques described in this article have enabled me to
dramatically reduce the amount of junk mail I receive on all of
my websites.

Preparing and Pre-Empting
You need a couple things before you can really take effective
action against SPAM. Your email software must be capable of
filtering incoming email. All of the major email applications
(such as Eudora, Outlook, and Pegasus) support filtering. We
will use multiple email addresses to allow us to filter out SPAM
and identify the source - you can't combat SPAM effectively
without them.

You need to use a website hosting provider that allows unlimited
email aliases or addresses, and/or a catch-all email address. An
"alias" is an email address that forwards to some other address
(for example, webmaster@domain.com forwarding to your real email
address). A "catch-all" email address will forward any emails
sent to unknown addresses in your domain. I just use the catch-
all, so that every message goes to my real email address. If you
have more than a one-person operation, however, multiple
accounts and aliases are pretty much a necessity.

Fighting Back
The first step in fighting back against the spammers is
understanding where they get your email address. You must
diligently protect your email address, if you ever hope to stop
them. Once your email address gets into the wrong hands, it will
be sold on CD-ROM (via junk mail, of course) to thousands of
spammers. Once that happens, you've lost the fight.

Spam Source #1: Domain Name Registrations
When you register a domain name, you must provide a contact
email address. If you give them your real email address, you've
just given it to everyone, including the spammers. Instead, use
a portable email address (like Hotmail) to set up your domain.
If you have multiple domains, you can also use an alias
(domains@yourdomain.com) on your primary domain for all
registrations. With an alias, you can use your email software to
filter out and save any emails that come to that address from
your registrar's domain.

Spam Source #2: Web Forms & Email Newsletters
If you give your real email address on any web form, or use it
to subscribe to an email newsletter, you are asking for trouble.
Instead, create a unique email address for each website or
newsletter. I just use the website's domain name for this. For
example, if you subscribe to SiteProNews as
"sitepronews.com@yourdomain.com" and let your catch-all address
route it to you, you will always know where the email came from.
If that address ever starts receiving junk mail, you can filter
it out using your email software. If you submit to search
engines or free-for-all links pages (FFA's), use a unique email
address. 

Spam Source #3: Your Website
The biggest source of email addresses used by spammers is your
website. Most websites list multiple contact addresses, etc. Any
time an email address appears on your website in plain text,
even if it's hidden in a JavaScript or form field, you're
opening yourself up to having that email address captured.

The Big Battle: Securing Your Website From Spambots
Almost every website operator wants search engine spiders to
visit. After all, search engines are the best source of free
traffic on the web. In the event that you don't want them to
visit, they are easily kept at bay with a properly formatted
"robots.txt" file.

Unfortunately, there's another group of spiders out there
crawling the web, with an entirely different purpose. These are
the spiders that visit site after site, collecting email
addresses. You may know them as spambots, email harvesters, or
any number of unpublishable names.

When it comes to controlling these rogue spiders, a robots.txt
file simply won't get the job done. In fact, most spam robots
ignore robots.txt. That doesn't mean you have to give up, and
just let them have their way. The following techniques will stop
these spiders in their tracks.

Technique #1: Use JavaScript To Mask Email Addresses

One of the weaknesses that spiders of all kinds suffer from is
an inability to process scripts. Adding a small snippet of
JavaScript in place of an email address effectively renders the
address invisible to spiders, while leaving it accessible to
your visitors with all but the most primitive web browsers.

In the three examples below, simply substitute your username
(the first half of your email address, everything before the @
symbol) and your hostname (everything after the @ symbol). To
use the scripts, just insert them into your page's HTML wherever
you need them to be displayed.

Example 1: Creating A Spam-Proof Mailto Link
This snippet of JavaScript code creates a clickable link that
launches the visitor's email application, assuming that their
system is configured to work with "mailto:" hyperlinks. You can
replace the link text with your own message, but see example 2
if you want to display your email address as the link text.

<script language=javascript>
<!--
var username = "username";
var hostname = "yourdomain.com";
var linktext = "Click Here To Send Me Email";
document.write("<a href=" + "mail" + "to:" + username +
"@" + hostname + ">" + linktext + "</a>")
//-->
</script>

Example 2: A Spam-Proof Mailto Link With Your Email Address Showing
Some visitors won't be able to use a mailto link. This snippet
shows your email address in the link so they can copy and paste,
or type it by hand:

<script language=javascript>
<!--
var username = "username";
var hostname = "yourdomain.com";
var linktext = username + "@" + hostname;
document.write("<a href=" + "mail" + "to:" + username +
"@" + hostname + ">" + linktext + "</a>")
//-->
</script>

Example 3: Display Your Email Address Without A Mailto Link
Here's a snippet that displays your email address a clickable
link:

<script language=javascript>
<!--
var username = "username";
var hostname = "yourdomain.com";
var linktext = username + "@" + hostname;
document.write(username + "@" + hostname)
//-->
</script>

Technique #2: Use A Contact Form
Sometimes, the sheer volume of legitimate email from real
visitors can become a burden. In this case, a simple solution is
to remove your email address from your site entirely, and use a
contact form. There are dozens of free ASP, Perl, and PHP
scripts available online that will allow your users to fill in a
form, and send you an email. Most hosting providers now offer
this service for free to their customers.

A contact form can enable you to deal with a higher volume of
mail, by allowing you to pre-sort different types of message.
This is easily accomplished by creating a drop-down menu with
different options (e.g. customer service, billing, tech support,
etc.) that will populate the subject line of the email message,
and/or change the email address to which the form is sent.

Since many spambots simply read the entire HTML source of the
page, looking for anything that looks like an email address,
your contact form may not protect you, if you include your email
address in the HTML for your contact form (for example, as a
hidden field). You can use JavaScript, as in the example below,
to mask the address, or if you have the skill, you can embed the
email address in your form processing script, where nobody can
find it.

Example 4: Masking The Email Address In A Form Field
Instead of simply listing your email address in a form field,
use the snippet below to replace the form field that contains
your email address.

<script language=javascript>
<!--
var username = "username";
var hostname = "yourdomain.com";
var linktext = username + "@" + hostname;
document.write("<input type=hidden name=email value=" +username
+ "@" + hostname" + ">";
document.write(username + "@" + hostname);
//-->
</script>

Thanks for reading...
I hope that this tutorial has given you a clear understanding
of how to protect your website, and your email address, from
spammers and spambots. If you have any questions about this
article, feel free to contact me through my website. The (spam-
proof) email link can be found at the bottom of my home page.

================================================================
Dan Thies has been helping his clients (and friends) promote
their websites since 1996. His latest book, "Search Engine 
Optimization Fast Start" (http://www.cannedbooks.com), offers 
a simple, step by step plan to increase your website's search 
engine traffic.
================================================================

Copyright © 2002 Jayde Online, Inc.  All Rights Reserved.

SiteProNews is a registered service mark of Jayde Online, Inc.