Home :: About InfoWorld :: Advertise :: Subscribe :: Contact Us :: Awards :: Events
InfoWorld HomeNewsTest CenterOpinionsTechIndex
 
 
COLUMN

 
 
E-Business Secrets
 

 
Spam-proof the contact addresses you put on your site
Tips for keeping your info out of the hands of harvesters
 

 
By  Brian Livingston February 28, 2003  
 
 

UCE (unsolicited commercial e-mail), which grew to comprise 40 percent of all e-mail last December, according to filtering service Brightmail.com, is on track to become the majority of all e-mail messages sent worldwide this year.

   ADVERTISEMENT
  
 

Thousands of words have been written on this subject, and I won't repeat them here. Instead, my object today is to help you protect the customer-service e-mail addresses you post on your site from being "harvested" by UCE professionals or "spammers."

How do spam pros get addresses from your site?

1. Inexpensive "harvesting" programs search the Web looking for anything that contains an "at" sign, as all e-mail addresses do.

2. Spammers use "dictionary attacks" to find valid addresses in large companies. On average, 30 percent of corporations' e-mail server capacity -- totaling about half of all attempted e-mail connections -- is currently being consumed by robots probing for addresses, according to spam-fighter Postini.com.

Despite this exposure, it's pretty hard for an e-business to exclude e-mail addresses from its pages:

1. E-mail is usually a far cheaper means of customer support than using toll-free numbers (although many e-commerce sites use both).

2. Input forms and "contact pages" provide some defense against harvesters, but you still need to make some addresses visible for customers who might wish to contact you at a later time.

I faced these problems myself when I was developing a "contact page" for my new Web site, BriansBuzz.com. The solution I adopted allows visitors to (a) write down an address for later use, (b) click a link to create a new message on the spot, or (c) use an input form. See: http://www.BriansBuzz.com/w/contact

1. My contact address is visible in the text, but with its punctuation spelled out: person "AT" BriansBuzz "DOT" com. While most humans can easily understand this pattern, it confuses most (but not all) of today's harvesting programs. What makes this technique foolproof is that visitors are told to add "help" or "tip" to the subject line of their message. This is an instruction no robot could ever comprehend.

2. Clicking the address starts a new message in whatever e-mail program the visitor may have. My address and the required keyword automatically appear in the To and Subject lines. To keep harvesters from simply reading my address from the page's HTML, the link is driven by a script that assembles the address without it appearing in the code. Some harvesters can read scripts, but they would never devote the time to parsing such code -- it's far faster just to move on to sites where addresses are in plain view.

3. Finally, an input form takes comments from visitors who don't wish to use their own e-mail client. They may be using an Internet cafe or a friend's PC that doesn't have their preferred program. Forms such as this are relatively safe from harvesters, because robots can't decipher the code behind the form.

I'm not completely satisfied with the security of this system, but it's far better than nothing. Since my public e-mail address has been available through InfoWorld for years, I've seen how much spam comes to addresses that are visible in plain text.

Send me the techniques you've found the most reliable to "cloak" your addresses from harvesters. I'll share the best tips in a future issue, and send a gift certificate to the readers whose comments I print. Send e-mail to mailto:Brian@BriansBuzz.com, with "tip" in the subject.

- - - - - - - - - - - - - - - - - - - - - - - - - - -

LIVINGSTON'S TOP 10 NEWS PICKS O' THE WEEK

1. E-businesses indicted for selling roach clips and paraphernalia: http://www.internetnews.com http://bri.li/449

2. Companies experience 30 Internet attacks a week on average: http://www.datamonitor.com http://bri.li/831

3. New directories help you find Internet cafes as you travel: http://www.searchenginewatch.com http://bri.li/c19

4. Salon.com and its 53,000 subscribers aren't going away without a fight: http://www.salon.com http://bri.li/1001

5. Diplomat allegedly slain by victim of the Nigerian e-mail scam: http://www.wired.com http://bri.li/13e9

6. Low-cost content management systems for Web sites reviewed: http://www.imagingmagazine.com http://bri.li/17d1

7. XML authoring tools to handle your content are compared: http://www.imagingmagazine.com http://bri.li/1bb9

8. The pros and cons of building your data exchange on SOAP vs. .Net: http://www.builder.com http://bri.li/1fa1

9. Wow! Some HTML tricks your mother never taught you: http://www.webdevelopersjournal.com http://bri.li/2389

10. Can't find kitty? Push this button and your cat beeps: http://curtiselectro.homestead.com http://bri.li/2771

- - - - - - - - - - - - - - - - - - - - - - - - - - -

WACKY WEB WEEK: SIGNS OF PREPAREDNESS

I hope you've been paying careful attention to those in charge of America 's homeland security, who've done their best to inform everyone how duct tape can protect you from a biological-weapon attack.

Now the Internet has been employed in this educational effort, with an entire Ready.gov site full of informative, Euro-style signage to help you remember important safety tips. I especially like the official placard that means, "If you're driving when you see a nuclear explosion, pull over to the side of the road." Additional and enhanced information is contributed by Yayhooray.com, which has developed fresh commentary to go with each sign. I laughed until I cried. See: http://www.yayhooray.com http://bri.li/c3b1

- - - - - - - - - - - - - - - - - - - - - - - - - - -

ABOUT THE AUTHOR: Brian Livingston is publisher of http://www.BriansBuzz.com. Research Director is Vickie Stevens. Brian has published 10 books, including:

Windows Me Secrets: http://www.amazon.com http://bri.li/0764534939

Windows 2000 Secrets: http://www.amazon.com http://bri.li/0764534130

You'll receive a gift certificate good for a book, CD, or DVD of your choice if you're the first to send Brian a Top Story or Wacky Web Week he prints. Send tips to mailto:Brian@BriansBuzz.com with "tip" in the subject line.




 
Brian Livingston is publisher of BriansBuzz.com. Send tips to him at brian@briansbuzz.com.

  More Brian Livingston columns
  Join a discussion on Brian Livingston's columns

 
 
LATEST BUSINESS WHITE PAPERS
Verity Ultraseek - FREE CASE STUDY on The Johns Hopkins Institutions
- Nearly a thousand internal and external websites - Hundreds of different file formats - An extended education and healthcare system with a world-renowned university, hospitals and research centers Read the FREE case study on The Johns Hopkins Institutions and find out how Verity Ultraseek brought all this together.



SPONSORED LINKS
enKoo - Web access your PC & servers. Scalable & failover appliance.
Xerox - Free Download. InfoWorld Special Report on Color Workgroup Printers
AT&T - Is your network secure? Learn about AT&T's security solutions.
Toshiba - Click her for chance to win a Toshiba(R) portable DVD player!
Cisco - Register Now: Annual Cisco User Conference
INFOWORLD MARKETPLACE


Mid-Market CRM Made Easy with Oncontact - Oncontact offers customer relationship management (CRM) systems for mid-market companies. Build stronger and more profitable relationships with your customers. Click here for more info.
Rackspace-The Managed Hosting Specialist - Rackspace offers Managed and Application Hosting with customizable and scalable solutions. 0% downtime and a hardware replacement guarantee.
Block E-Mail Spam at Server Level - Block all spam at e-mail server level with GFI MailEssentials. Also adds other tools to your mail server such as e-mail disclaimers, e-mail archiving, auto replies and more. DLD trial today.
Free unlimited online meetings for 14 days. - WebEx online meetings and web conferencing solutions: Meet colleagues online, host web events, train your staff, provide live support. Try us free for 14 days.
File replication and content synchronization - One-to-one, scheduled file replication and content synchronization for cross platform replication on Windows & UNIX.





 
 HOME  NEWS  TEST CENTER  OPINIONS  TECHINDEX   About InfoWorld :: Advertise :: Subscribe :: Contact Us :: Awards :: Events 

Copyright © 2004, Reprints, Permissions, Licensing