This is actually a wide topic and we could discuss it for days. Primarily, these are the main sources: Webmaster address on Site Instead of an email link I recommend you use a form (but be careful. See below) where people can email you from a form on your site. Form Mailers If you use one of those cute little bots in Microsoft Front Page or one of the bazillion free PHP or Perl form mailer scripts out there, chances are you are no better off than if you had simply put your email address in caps on your website like so: MY EMAIL ADDRESS IS ME@MYDOMAIN.COM PLEASE SEND ME SPAM! You see, most of these bots and scripts actually keep your email in a hidden field embedded in the HTML document. It may not be visible to the Browser, but it sure is to the spam-bot that will come snooping around your site. If you use a form, make sure, your email address is not stored in the form itself - hidden or otherwise - but in a directory on your web server that is not accessible from the outside world. WARNING ON USING FREE FORM MAIL SCRIPTS: You download a badly written Perl or PHP script from some unknown source. Unbeknown to you, this script is not secure. This means that any spammer with a little knowledge can hijack the script on your server to send spam to others! Ouch!! Thousands or even millions of spam emails (often porn) can be sent out FROM YOUR SITE IP ADDRESS before you realize what's happened. (BTW, your first hint that something is horribly wrong is usually when the FBI come knocking at your door with handcuffs to take you away. No kidding, you can get into very serious trouble). Bottom line: Never, but never use server-side scripts or software from sources you don't know or trust. Registrar records Here's a good solution that works. When you register your domain name, give an email that is not your primary address and only use it for your domain name. After 6 months, discontinue that email address and get another one to use for the registrar. In most cases this will fix the problem and you won't get spam again. (If your hosting company wants to charge you to change your email address at the registrar drop them immediately because this should be a free service). Common email addresses Catch all and aliases Auto responders/ Vacation messages
The best advice here is DON'T DO IT. Don't put your email address on your site as a clickable link. Spammers use automated software to spider your whole website looking for these. It's a dead give away. It is a sure way to get tons of spam chop-chop! If you absolutely must do this, change the site email address regularly when the spam gets too much.
These are a mixed blessing because they can be just as useless as having your email address on your site for the whole world to see. Here's why:
While on the subject lets just touch on this. Under NO CIRCUMSTANCES should you download and install a free mailer script from just any site you find. You could be getting yourself into a whole heap of trouble. (We have a free one that is secure in the Downloads section - link on top of page - although it is not the easiest one to set up) This is how it happens:
Every domain registrar requires you give a valid email address when you register a domain. Whether you register it yourself or a Web Hosting company like us does it for you, it will be your email address in the registrant field. Yes, you guessed it, spammers regularly check the new domain registrations to pick up fresh email addresses. (Actually the love the ones from the registrars because the know they must work).
When you have your own site, don't use email addresses like WebMaster, WebServant, admin, postmaster, Mdaemon, MailerDaemon, root etc. What spammers do is to send email to these and see if the bounce. If they don't you have been made and will be spammed. Always choose email addresses that are less conspicuous. For example john-jones instead of john, WebmasterX instead of Webmaster and so on.
In your site Administrator Control Panel (you should have one of these if you have a website) you should be able to set up email aliases. Normally there is a predefined "catch-all" email alias already defined. Delete it! What catch-all does is to forward Anything@yourdomain.com to you. it was handy in the early days of Internet but nowadays it's a liability.
Whatever you do do not put autoresponders on your email addresses. Not only is it annoying for people who send you legitimate mail to get a "Thanks for your email. We'll get back to you" message it's a sure way to get SPAM! When the spammer gets a message back he automatically knows he has a valid email address.
SOURCES OF SPAM - PEOPLE WITH WEBSITES
