Anti-spam strategies: Difference between revisions
(added "Include a subject line") |
mNo edit summary |
||
(5 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
[[Main Page]] > [[Websters]] | |||
Putting email addresses on web pages is sure to result in spam being sent to the address, since many robots harvest them for spammers. Currently, most of the robots can be thwarted by these simple methods. | Putting email addresses on web pages is sure to result in spam being sent to the address, since many robots harvest them for spammers. Currently, most of the robots can be thwarted by these simple methods. | ||
But they will probably get smarter over time. | But they will probably get smarter over time. | ||
==Use a image of an email address== | ==Use a image of an email address== | ||
[http://www.digitalcolony.com/02/maskemail/genEmailMask.asp Email Image Generator] | [http://www.digitalcolony.com/02/maskemail/genEmailMask.asp Email Image Generator] | ||
Line 11: | Line 14: | ||
==Text email addresses== | ==Text email addresses== | ||
You can create text for the email address with "at" replacing "@" and have spaces on either side of the word as is done in the Mailman list archives and subscribers' lists for UUA email lists (accessible only by list subscribers). For instance, dmuuc at dmuuc.org. One would have to view it and reform it into an email address. Most spammers wouldn't be bothered. | You can create text for the email address with "at" replacing "@" and have spaces on either side of the word as is done in the Mailman list archives and subscribers' lists for UUA email lists (accessible only by list subscribers). For instance, dmuuc at dmuuc.org. One would have to view it and reform it into an email address. Most spammers wouldn't be bothered. | ||
Line 20: | Line 22: | ||
name at email.org name at email.org | name at email.org name at email.org | ||
name&nbsp;@&nbsp;email.org name @ email.org</pre> | name&nbsp;@&nbsp;email.org name @ email.org</pre> | ||
==Mundge your addresses== | |||
This is a better way to disguise address since 1) the links still work for humans, and 2) spammers are soon gonna figure out about Mailman-style obfuscation. See [http://www.brettglass.com/spam/paper.html#WebPageHarvesting Stopping Spam and Malware with Open Source] by Brett Glass for complete details. | |||
==Invisible HTML== | ==Invisible HTML== | ||
Line 25: | Line 32: | ||
If you insert meaningless html into an e-mail address then the Spambots will not recognize the e-mail address pattern, but when it is rendered for the end user it will be in the correct format. For example "<NoSpam>Username@</NoSpam>domain.tld" will render to the end user as "Username@domain.tld" with the meaningless tags dropping out. The advantage over images being the ability for the user to cut and paste the address. | If you insert meaningless html into an e-mail address then the Spambots will not recognize the e-mail address pattern, but when it is rendered for the end user it will be in the correct format. For example "<NoSpam>Username@</NoSpam>domain.tld" will render to the end user as "Username@domain.tld" with the meaningless tags dropping out. The advantage over images being the ability for the user to cut and paste the address. | ||
==Server Side | ==Server Side Form instead of an Email Address== | ||
Spambots can not collect information that is never displayed. If you have the ability to use server side scripting then you can create an " | |||
Spambots can not collect information that is never displayed. If you have the ability to use server side scripting then you can create an "Contact Us" form for users to fill out. | |||
This could further be beneficial by setting up standard subject lines or body content (subject "E-mail from online form"). That way if you are running spam filters on your e-mail account you can make sure that e-mail submitted from online forms are not filtered. | This could further be beneficial by setting up standard subject lines or body content (subject "E-mail from online form"). That way if you are running spam filters on your e-mail account you can make sure that e-mail submitted from online forms are not filtered. | ||
Forms can take user input and email it to a list, sort it, stuff it into a log or database, or perform any desired operation including any combination of the above. One disadvatage: if the vistor does not enter their email address correctly, you won't be able to respond to them with email. | |||
==Include a subject line== | ==Include a subject line== | ||
With all the spam we're getting, it's best to write your own subject line so that you can catch the message when it comes into your In Box or accidentally sorts into your Spam Box. This can be done on standard mailto links, javascript links, as above, and server side email forms. | With all the spam we're getting, it's best to write your own subject line so that you can catch the message when it comes into your In Box or accidentally sorts into your Spam Box. This can be done on standard mailto links, javascript links, as above, and server side email forms. | ||
== Run a Baysian Filter== | |||
Rather than write endless rules, you *teach* Baysian Filters with actualy samples of spam and "ham." The filter calculates a "spamminess" score | |||
for each subsequent email based on content. Since each person has different criteria, | |||
bulk emailers cannot easily defeat with forged headers, intentional misspelling, | |||
hash busing dictionary attacks, etc. And since they are adaptive, Bayesian filters | |||
[http://email.about.com/cs/bayesianfilters/a/bayesian_filter.htm get better and better with time]. | |||
There's free software from http://spambayes.sourceforge.net/ | |||
If you are running Outlook (not Outlook Express), there's | |||
a [http://spambayes.sourceforge.net/windows.html free binary plugin] - I've used it and it works great! | |||
<pre> | |||
Installation & Configuration | |||
1. Quit Outlook. | |||
2. Run installer | |||
3. Launch Outlook | |||
4. Config wizard starts: accept all defaults. | |||
</pre> | |||
SpamBayes works with 3 sets of folders: Inbox(es), Junk, and | |||
Unsure (I renamed the from the default "Junk-Suspects" and it was created for me). | |||
Messages with > 90% spamminess are moved to the Junk folder. Message < 20% spammy | |||
aren't touched. Message between the thresholds are moved to the Unsure folder. | |||
These thresholds are adjustable, but the defaults work well. When I first installed | |||
SpamBayes, I thought Outlook had hung. However, because the filter had not yet been | |||
trained, it was simply busy moving everything to the Unsure folder. I forced-quit | |||
(End Task) a couple of times with no ill effect. | |||
Training | |||
The plugin adds a pair of "smiley/frowny" buttons to Outlook. These are labeled | |||
"Recover from Spam" and "Delete as Spam" respectively. Simply marking messages | |||
appropriately trains the filter. I found it's helpful to initially sort by subject | |||
as this puts related messages together so you can easily select and mark many at once. | |||
Ironically, while I was training on old mail, I found a couple of unread message from | |||
by boss, a potentially career-limiting mistake! |
Latest revision as of 04:49, 24 February 2008
Putting email addresses on web pages is sure to result in spam being sent to the address, since many robots harvest them for spammers. Currently, most of the robots can be thwarted by these simple methods. But they will probably get smarter over time.
Use a image of an email address
JavaScript replacing Mailto
Davies Memorial UU Church uses a no-spam javascript. You need to put it both in the header and replace each mailto link. The drawback is that browsers with javascript disabled will not be able to use the links. Also, see below for "Include a Subject Line".
Text email addresses
You can create text for the email address with "at" replacing "@" and have spaces on either side of the word as is done in the Mailman list archives and subscribers' lists for UUA email lists (accessible only by list subscribers). For instance, dmuuc at dmuuc.org. One would have to view it and reform it into an email address. Most spammers wouldn't be bothered.
To make sure your text email addresses stay together on one line, use some variation of this markup:
Source Result name at email.org name at email.org name @ email.org name @ email.org
Mundge your addresses
This is a better way to disguise address since 1) the links still work for humans, and 2) spammers are soon gonna figure out about Mailman-style obfuscation. See Stopping Spam and Malware with Open Source by Brett Glass for complete details.
Invisible HTML
If you insert meaningless html into an e-mail address then the Spambots will not recognize the e-mail address pattern, but when it is rendered for the end user it will be in the correct format. For example "<NoSpam>Username@</NoSpam>domain.tld" will render to the end user as "Username@domain.tld" with the meaningless tags dropping out. The advantage over images being the ability for the user to cut and paste the address.
Server Side Form instead of an Email Address
Spambots can not collect information that is never displayed. If you have the ability to use server side scripting then you can create an "Contact Us" form for users to fill out.
This could further be beneficial by setting up standard subject lines or body content (subject "E-mail from online form"). That way if you are running spam filters on your e-mail account you can make sure that e-mail submitted from online forms are not filtered.
Forms can take user input and email it to a list, sort it, stuff it into a log or database, or perform any desired operation including any combination of the above. One disadvatage: if the vistor does not enter their email address correctly, you won't be able to respond to them with email.
Include a subject line
With all the spam we're getting, it's best to write your own subject line so that you can catch the message when it comes into your In Box or accidentally sorts into your Spam Box. This can be done on standard mailto links, javascript links, as above, and server side email forms.
Run a Baysian Filter
Rather than write endless rules, you *teach* Baysian Filters with actualy samples of spam and "ham." The filter calculates a "spamminess" score for each subsequent email based on content. Since each person has different criteria, bulk emailers cannot easily defeat with forged headers, intentional misspelling, hash busing dictionary attacks, etc. And since they are adaptive, Bayesian filters get better and better with time.
There's free software from http://spambayes.sourceforge.net/ If you are running Outlook (not Outlook Express), there's a free binary plugin - I've used it and it works great!
Installation & Configuration 1. Quit Outlook. 2. Run installer 3. Launch Outlook 4. Config wizard starts: accept all defaults.
SpamBayes works with 3 sets of folders: Inbox(es), Junk, and Unsure (I renamed the from the default "Junk-Suspects" and it was created for me). Messages with > 90% spamminess are moved to the Junk folder. Message < 20% spammy aren't touched. Message between the thresholds are moved to the Unsure folder. These thresholds are adjustable, but the defaults work well. When I first installed SpamBayes, I thought Outlook had hung. However, because the filter had not yet been trained, it was simply busy moving everything to the Unsure folder. I forced-quit (End Task) a couple of times with no ill effect.
Training The plugin adds a pair of "smiley/frowny" buttons to Outlook. These are labeled "Recover from Spam" and "Delete as Spam" respectively. Simply marking messages appropriately trains the filter. I found it's helpful to initially sort by subject as this puts related messages together so you can easily select and mark many at once. Ironically, while I was training on old mail, I found a couple of unread message from by boss, a potentially career-limiting mistake!