UCE (unsolicited commercial e-mail), which grew to comprise 40 percent of all e-mail last December, according to filtering service Brightmail.com, is on track to become the majority of all e-mail messages sent worldwide this year.

	ADVERTISEMENT

Thousands of words have been written on this subject, and I won't repeat them here. Instead, my object today is to help you protect the customer-service e-mail addresses you post on your site from being "harvested" by UCE professionals or "spammers."

How do spam pros get addresses from your site?

1. Inexpensive "harvesting" programs search the Web looking for anything that contains an "at" sign, as all e-mail addresses do.

2. Spammers use "dictionary attacks" to find valid addresses in large companies. On average, 30 percent of corporations' e-mail server capacity -- totaling about half of all attempted e-mail connections -- is currently being consumed by robots probing for addresses, according to spam-fighter Postini.com.

Despite this exposure, it's pretty hard for an e-business to exclude e-mail addresses from its pages:

1. E-mail is usually a far cheaper means of customer support than using toll-free numbers (although many e-commerce sites use both).

2. Input forms and "contact pages" provide some defense against harvesters, but you still need to make some addresses visible for customers who might wish to contact you at a later time.

I faced these problems myself when I was developing a "contact page" for my new Web site, BriansBuzz.com. The solution I adopted allows visitors to (a) write down an address for later use, (b) click a link to create a new message on the spot, or (c) use an input form. See: http://www.BriansBuzz.com/w/contact

1. My contact address is visible in the text, but with its punctuation spelled out: person "AT" BriansBuzz "DOT" com. While most humans can easily understand this pattern, it confuses most (but not all) of today's harvesting programs. What makes this technique foolproof is that visitors are told to add "help" or "tip" to the subject line of their message. This is an instruction no robot could ever comprehend.

2. Clicking the address starts a new message in whatever e-mail program the visitor may have. My address and the required keyword automatically appear in the To and Subject lines. To keep harvesters from simply reading my address from the page's HTML, the link is driven by a script that assembles the address without it appearing in the code. Some harvesters can read scripts, but they would never devote the time to parsing such code -- it's far faster just to move on to sites where addresses are in plain view.

3. Finally, an input form takes comments from visitors who don't wish to use their own e-mail client. They may be using an Internet cafe or a friend's PC that doesn't have their preferred program. Forms such as this are relatively safe from harvesters, because robots can't decipher the code behind the form.

I'm not completely satisfied with the security of this system, but it's far better than nothing. Since my public e-mail address has been available through InfoWorld for years, I've seen how much spam comes to addresses that are visible in plain text.

Send me the techniques you've found the most reliable to "cloak" your addresses from harvesters. I'll share the best tips in a future issue, and send a gift certificate to the readers whose comments I print. Send e-mail to mailto:Brian@BriansBuzz.com, with "tip" in the subject.

- - - - - - - - - - - - - - - - - - - - - - - - - - -

LIVINGSTON'S TOP 10 NEWS PICKS O' THE WEEK

1. E-businesses indicted for selling roach clips and paraphernalia: http://www.internetnews.com http://bri.li/449

2. Companies experience 30 Internet attacks a week on average: http://www.datamonitor.com http://bri.li/831

3. New directories help you find Internet cafes as you travel: http://www.searchenginewatch.com http://bri.li/c19

4. Salon.com and its 53,000 subscribers aren't going away without a fight: http://www.salon.com http://bri.li/1001

5. Diplomat allegedly slain by victim of the Nigerian e-mail scam: http://www.wired.com http://bri.li/13e9

6. Low-cost content management systems for Web sites reviewed: http://www.imagingmagazine.com http://bri.li/17d1

7. XML authoring tools to handle your content are compared: http://www.imagingmagazine.com http://bri.li/1bb9

8. The pros and cons of building your data exchange on SOAP vs. .Net: http://www.builder.com http://bri.li/1fa1

9. Wow! Some HTML tricks your mother never taught you: http://www.webdevelopersjournal.com http://bri.li/2389

10. Can't find kitty? Push this button and your cat beeps: http://curtiselectro.homestead.com http://bri.li/2771

- - - - - - - - - - - - - - - - - - - - - - - - - - -

WACKY WEB WEEK: SIGNS OF PREPAREDNESS

I hope you've been paying careful attention to those in charge of America 's homeland security, who've done their best to inform everyone how duct tape can protect you from a biological-weapon attack.

Now the Internet has been employed in this educational effort, with an entire Ready.gov site full of informative, Euro-style signage to help you remember important safety tips. I especially like the official placard that means, "If you're driving when you see a nuclear explosion, pull over to the side of the road." Additional and enhanced information is contributed by Yayhooray.com, which has developed fresh commentary to go with each sign. I laughed until I cried. See: http://www.yayhooray.com http://bri.li/c3b1

- - - - - - - - - - - - - - - - - - - - - - - - - - -

ABOUT THE AUTHOR: Brian Livingston is publisher of http://www.BriansBuzz.com. Research Director is Vickie Stevens. Brian has published 10 books, including:

Windows Me Secrets: http://www.amazon.com http://bri.li/0764534939

Windows 2000 Secrets: http://www.amazon.com http://bri.li/0764534130

You'll receive a gift certificate good for a book, CD, or DVD of your choice if you're the first to send Brian a Top Story or Wacky Web Week he prints. Send tips to mailto:Brian@BriansBuzz.com with "tip" in the subject line.