Viewing Story

Webmasters, protect yourself from email spam [How To]

Posted by on 20/08/2011


One of the biggest problems for a webmaster is dealing with mail spam. While some email clients/servers do a good job at filtering spam, just the fact that you get it can become a nuisance.

As a webmaster, there are many bad things you have to deal with, including comment and mail spam. Everyday I wake up, my inbox is filled with maybe 10-50 messages notifying me of mail spam. Here are a couple tricks which can help you keep your box clean.

Use a junk email for your domain registration

Spammers have turned to looking up email addresses listed in your domain registration. If you get emails about advertisers wishing to place ads on your site, don’t get too excited. It’s most likely the result of a spammer doing a WHOIS lookup on your domain and just sending messages to the listed email address. While having proper domain information is vital (especially from a legal standpoint), you still have to protect yourself from the evil on the Intertubes. A good idea would be to create a junk email address (e.g. It is very unlikely that someone would actually do a whois to contact you, but you still need to have it active in case an important message does come through.

To step up your efforts though, you can always sign up for domain privacy protection at a small additional cost. It is becoming a fast growing service among many popular domain registrars. Just remember that a lot of your personal information is also stored on your domain records, including your telephone number, name and address.

Use comment forms with verification instead of email address links

While listing a link to your email address may have been cool back in 2005, it’s time to step up to a more secure method. Robots can easily index your email address, even if it’s in plain text format, so a comment form does a good job at hiding that. However comment forms are just as susceptible to spam as email addresses are. This is where you would need some sort of verification question or image code. While scripts like Image Verification and reCAPTCHA, but by far the best form of is having a very simple question. However it’s best advised to use a more complicated question than something like 2+4. If you want to include a mathematical question, something like “What is 2 added to 4?” would do better. There have been instances of advanced scripts trying to calculate an answer based on commonly used questions, so mixing it up a bit would help beat them at their own game. The best option though would be having a text based question and answer problem such as “What colour is the sky?”

If you use WordPress and have Contact Form 7, you can integrate Akismet into the forms to filter out emails at the server level.

If you must insist on listing your email address though, format it something like this:

youremail [at] yourdomain [dot] com

myemail [at] website [dawt] com

While it may look silly and retarded, crawlers cannot pick up on such strings being in email format.

IP Banning

Some emails sometimes slip by, mainly because humans sometimes physically go through the process of sending the mails to bypass any spam controls. The only option here is IP banning. The first course of action would be to check the IP addresses from which the spam comes. If they are either static or are within a narrow range (e.g. 192.168.XXX.XXX), then you could either block the static ip address or block the range. Usually it is safe to block a range, because email spammers have a tendency to limit themselves rather than using totally random IP addresses. While there is a potential that innocent users can be blocked (due to IP addresses changing hands when they expire), the benefits usually outweigh the losses. IP banning can be done on various levels, but you’d need to look up the specifics on how to block IP addresses and ranges.

While there are good spam filters available from web hosts and services including Gmail, they can potentially filter out good emails by accident. We live by the philosophy that spam should be stopped on the sender’s end (with the help of the server) rather than allowing it to come through and then be filtered. Hope these tips help.

More in Computing, Featured, Policies/Ethics (19 of 70 articles)