Fight Spam by Hiding Your Email…two more things

Posted by Nicolette Tallmadge on August 27th, 2008

Hi there! It looks like you're new here! If so, take the time to subscribe to my newsletter and get free weekly articles on how to use the Internet to promote and sell your artwork. Subscribe now and get a free audio download on "Effective Ways to Market Your Website Offline"

* First Name: * Last Name: * Email address:

Here’s a couple more tips on how to avoid spam from your website. Some spammers will do what’s called a “directory harvest attack” (DHA). That is they’ll send spam by “guessing” at common versions or usernames combined with your domain name, such as jane@janepotmaker.com, jane.doe@janepotmaker.com, janedoe@janepotmaker.com, info@janepotmaker.com, or support@janepotmaker.com. When the spammer finally hits on an a valid email address, that is when an email address is not rejected because it doesn’t exist, they’ll add it to their list of spam email addresses.

So how do you avoid this version of spam harvesting?

1. Create a unique email address- If you can, try to stay away from some of the more common versions of email addresses such as:

  • firstname.lastname@yourdomain
  • firstinital.lastname@yourdomain
  • firstname_lastname@yourdomain
  • firstnamelastname@yourdomain
  • firstnamelastinital@yourdomain
  • info@yourdomain
  • support@yourdomain
  • sales@yourdomain

Try to create a email address that’s harder to guess…like an email address that contains a combination of letters and numbers, such as jdp081999@janepotmaker.com.

2. Turn off your “catch-all” email feature- If your hosting service offers what’s called a “catch-all” mail feature, which means that that email that’s addressed to anything ending with your domain name…make sure that it’s turned off. Since anything that’s addressed to your domain will be seen as valid, that means that leaving that feature on is just going to bring an avalanche of spam from spammers using the DHA technique. Turn it off!

Security and Fraud 2 Comments »

Fight Spam by Hiding Your Email

Posted by Nicolette Tallmadge on August 26th, 2008

I’ve been hip deep in code for the past few weeks. I am in full web design mode now as I’m trying to finish up the mass overhaul of my jewelry website. It’s a big job, I’ve outlined what’s wrong with my old site and how I plan to fix it in this video and this video. I’ll be releasing a couple more makeover videos as the launch date gets closer.

One minor update I’m doing to my website is that I’m changing the way that I display my email on my websites. On my old site, I simply have the web address out there with a simple “mailto:” link so that when someone clicks on my email address, they can send me an email straight from my website.

While it was quick and convienient for my visitors, the downside was that I now regularly get anywhere from 50 to 200 pieces of spam email a day at this address. Why? Because email spammers use these really evil little automated programs called “harvesting bots” that do nothing but crawl through web pages, forums, and other public pages on the Internet and gather email addresses that appear on those pages.

So if you post your email address as janepotmaker@janepotmakerdesigns.com on your website, one of those harvesting bots can visit your site, scoop up your email address and boom! Suddenly you’re a target for spammers.

Fortunately, there are several ways to fight this:

1. Replace the “@” and the “.” symbols- a common way the harvesting bots find email addresses is that they look for the typical email address pattern on your web site (youremail@yourdomain.TLD). To avoid this, you can spell out your email address like this: janepotmaker [at] janepotmakerdesigns [dot] com. Plus, don’t make the email address clickable so that the email address doesn’t show up in the HTML code. The downside of this method is that it’s not very user friendly for your visitors as they have to manually replace the dot and the “@” symbols when they are emailing you.

2. Use a web form- another way people get around the spam bots is by putting a contact form on their websites instead of an email address. While very effective, I’ve always found it annoying when I ran across a website that uses them. In many cases your customers want an email address that they can keep and store in their address books. A web form doesn’t give them that.

3. Make your email address into an image- with the teenest bit of image editing skills, you can make your email address into an image…or you can create a screen capture of your email address like the image below:

This hides your email address from the evil spam bots completely…however your visitors have to manually type in your email address. If you don’t have an image editor like Photoshop or Photoshop Elements, there are some free online image editors you can use to make that image. Check out my previous posts on Splashup, Picnik, and Photoshop Express.

4. Use an online email obfuscator- what these nifty online tools will do is convert your email address into special codes and symbols that look completely normal on a web page but can be undetectable to many of the spam bots. So in the HTML code of your web page, instead of your email address looking like this:

janepotmaker@janepotmakerdesigns.com

it will look something like this:

%6A%61%6E%65%70%6F%74%6D%61%6B%65%72%40%6A%61%6E

But it will appear on your website like this:

janepotmaker@janepotmakerdesigns.com

The only downside to this method is that some harvest bots are getting wise to this trick…so it won’t fool the more sophisticated ones.

5. Hide your email address in JavaScript- another way to fool those harvest bots is to combine email obfuscation with a bit of javascript programming. Basically, embedding your email address in javascript can hide your email address…especially if you use an obfuscation tool to convert your email address in to special code first. There’s a good tool for both email obfuscation and javascript at this address:

http://members.cox.net/timandbeth/spam/index.htm.

All you’ll need to do is to put your email address in the tool and paste the code that it gives you on your web page.

Now these fixes aren’t going to completely prevent you from getting any spam. Spam appears to be a hazard of the Internet and if there was a gold metal for getting around spam blockers, spammers would win it hands down. Plus, if you are active on the Internet in any way, like participating in forums, social networks, or even signing up for an ezine, you’ll probably get a certain amount from these channels. (Which is why it’s a good idea to get a separate email address to use just for these purposes)

But, if you use some of these methods of displaying your email on your website, at least your website won’t be contributing to the problem.

So now it’s your turn! What methods have you used to combat spam? Let me know by leaving a comment.

Security and Fraud No Comments »

Postcard Virus Alert

Posted by Nicolette Tallmadge on August 28th, 2007

You Got MailMy mom passed along this tidbit to me…

Apparently there is a virus going around the Internet that’s passed along via email. The subject line of the email will say that you’ve received a postcard from a family member. It will then include a link to the fake postcard which is actually pointing to a malicious virus.

There are several variations on the subject line including:

  • You’ve received a greeting card from a school-mate
  • You’ve received a greeting card from a class-mate!
  • You’ve received a greeting card from a partner

…and so on.

Find out more about this virus on the Urban Legends Reference Pages at:
http://www.snopes.com/computer/virus/postcard.asp

Plus, if you want to brush up on email safety, read my past post Avoiding Phising Scams for some basic email security tips

Security and Fraud 1 Comment »

How to Create a Secure Password

Posted by Nicolette Tallmadge on June 21st, 2007

Blue Lock-MainSeems like every time I turn around, I have to come up with a new password for something. With using the internet to do online banking, writing blogs, creating accounts for forums and email addresses, and creating web sites, it’s likely that you have to create a number of different passwords and they all have to be something that you can remember without writing down as well as something that people won’t guess. And to add to the difficulty, some accounts require you to change your password every 30 to 60 days!

So I found this post at the Productivity501 Blog, 10 Tips for Creating Secure Passwords to be quite useful. One of my favorite password creation tips was number 6:

6. Ideas for Passwords - Sometimes coming up with a password can be pretty difficult. Keep in mind you need to choose terms that you won’t often talk about. Here are a list of ideas to help come up with words:

  1. Choose two objects from a picture that you’ll always remember. For example: a drawing at your grand parents house, the illustration from a children’s book, a painting at an art museum, etc.
  2. Choose two terms from a memorable purchase. For example: bluev6 (first car), thinibm (first computer), gold3crt (engagement ring), 7ftgrand (piano), pinedoor (first house), sunshore (honeymoon destination).
  3. Look through a catalog and choose terms based on something you see.
  4. Lookup a random article on Wikipedia and choose a word found or related to a word you find in the article.

Being an artist, this is a very effective tip for me since most artists are visual people. So check out this article here the next time you need to come up with a new password…

…Now if you’ll excuse me, my sixty days are up…gotta go change a password!

Photo of the lock in this post is a cast resin keychain from Harry Allen’s REALITY series

Security and Fraud No Comments »

WordPress Security Alert

Posted by Nicolette Tallmadge on March 6th, 2007

Wp Logo
I host all of my blogs using the WordPress blogging software, so this warning definitely caught my eye. If you have downloaded WordPress 2.1.1 within the last week or so, your version of the software may include a security exploit that can leave your web server vulnerable. According to the good folks at WordPress, someone had managed to access one of the servers that distributes copies of the WordPress software and added potentially malicious code to the WordPress download files.
While the company doesn’t think that all of the WordPress 2.1.1 download files were effected, they are assuming the worst and shutting down that version of WordPress. They’ve released a new version of WordPress, 2.1.2 that fixes this security exploit. They’ve also taken measures to lock down the affected server and investigate how this all happened. You can read the full security alert at the WordPress site.

If you have downloaded version 2.1.1, you should upgrade to the new version immediately. Also, if you know of anyone who is also running WordPress on their web server you should pass this information along to them.

Security and Fraud No Comments »
Previous Entries

Subscribe to the Weekly Newsletter

Like what you've read so far? Keep up to date! Get free exclusive weekly articles on how to build and maintain a website to promote your artwork.

* First Name: * Last Name: * Email address:

Home | About | Subscribe to Newsletter | Ask a Question |  Subscribe to RSS feed

Copyright © 2006 - 2008 The Crafted Webmaster. All rights reserved.

Wordpress Themes by Motorla Cell Phone