War against spam continues!
by Jerry Kapron, NYCT.NET

  Spam Prevention Tips  •  eXspaminator

Status Quo?

It's the time of the year when many of us are about to go on a well-deserved vacation. For two weeks, you won't touch a keyboard, look at a screen, or put a phone to your ear. And when you come basck - it's payback time! It's your first morning back in the office and you can't put it off any longer. You've got to check your e-mail.
Your first glance at the e-mail status bar confirms your fears. There are 1,780 messages waiting to be picked up. You groan. You know that means about 1,700 spams. Well, it's nice to know someone cares. Hold my calls for the next hour. I'm deleting spam.

Unfortunately, most of us can relate to the scene described above very closely. The question is: What can you do about it?
Perhaps, you've been forced to accept spam as an inevitable annoyance. Maybe you've grown used to hovering over the delete key while reading e-mail. Maybe you've given up.


There is hope. Spam may seem like a big problem, and it is, but you can do something about it. In fact, you've got to. You don't have a choice. If you're one of those people who receive 50 or 100 or more spams every day, you've simply got to fight it. Running away from spam by frequently changing ISP accounts or e-mail addresses may seem like a solution, but it's not. How long can you run and annoy your friends, family and co-workers by handing them a new e-mail address every couple of months. Spam will get you wherever you go sooner or later if you don't take steps to fight it. Stop running. Stay where you are. New York Connect has the tools and the expertise to help you fight spam. In fact, we've declared a war on spam a while ago, so you won't be fighting alone.
Unlike other ISP's, who simply roll their eyes whenever they hear their users complain about spam, we care!

Many of you are already familiar with eXspaminator, our homegrown anti-spam system. It has a very user-friendly web based interface to manage your custom spam filters. You may logon to eXspaminator by using your regular NYCT.NET username and password by pointing your browser to http://spam.nyct.net/. eXspaminator's user interface is very self-explanatory, but don't hesitate to call our technical support team at 212-293-2620 should you need any assistance using it.
For your convenience, all mail classified as spam, based on the filters you define in eXspaminator, is forwarded to your personal SpamBox. You may logon to your SpamBox by using your regular NYCT.NET username and password by pointing your browser to http://spambox.nyct.net/. It's a convenient way to making sure that no valid e-mail messages were caught by your filters. Every e-mail message caught by eXspaminator is kept in your SpamBox for a week. In case a valid (non-spam) message gets placed in your SpamBox, there is a simple two-click function to move it to your regular Inbox.

Protect Yourself
Note: The tips in this section may be technically too advanced for some users.
They are mainly intended for our web hosting customers, users maintaining their personal web pages, as well as other users with at least basic knowledge of HTML.
If you do not fall into any of the above categories, you may skip to the next section.

eXspaminator is a great way to block the spam you already receive, but is there anything you can do to prevent new spam?

Let's have a peek at the ways of the "dark side".
In order to send spam, spammers need e-mail addresses. To date, the most common way for spammers to obtain valid e-mail addresses has been Web page harvesting--the use of specialized automation software called "spambots" to scan thousands of Web pages and save all the e-mail addresses that can be found. Spammers continue to develop nasty new ways to get your address, but publishing your e-mail address on a Web page is still the easiest way to get attention from spammers.

Anytime you publish an e-mail address on a Web page, you should take steps to protect it from being harvested by spammers. There are several ways you can protect your e-mail address, ranging from the totally useless to the reasonably effective.

  1. Try to obfuscate the characters of your e-mail address. Some people paraphrase their e-mail address--spelling out "at" and "dot com"--or insert extraneous characters intended to trip up spambots. Not only do such techniques look unprofessional, they provide very little protection. Any decent spambot can decode them and get your actual e-mail address.

  2. Create a robots.txt file to keep spambots away. The robots.txt file is a file you can place the root directory of your web site to specify how automated software should be allowed to access your pages. But adherence to robots.txt guidelines is wholly voluntary. Legitimate Web crawlers will honor a robots.txt file, but spambots don't care. Simply posting a "No mosquitoes allowed" sign on your patio will not guarantee a pleasant barbecue. Many spammers use commercial web crawling/mirroring programs, which adhere to this "rule" and obey the robot.txt files. Therefore creating a robot.txt file on your web site may be worth the effort.

  3. Encode your e-mail address with HTML entity codes. Every keyboard character has an ASCII number equivalent that can be specified on a Web page in lieu of the actual character. Browsers automatically convert the code to the required character, but spambots, it was assumed, do not. In fact, spambots figured out this trick a long time ago, so changing only the @ character into @ doesn't offer any protection.

    The encoder tool at fantoMail.com allows you to uni-encode the entire e-mail address as well as your mailto: link. Simply enter your e-mail address in the form. Click the [Uni-encode address!] button. Copy the uni-encoded address text and use it to replace the UNI-ENCODED_ADDRESS in the HTML code shown below:
    Your mail link should appear as: john_doe@nyct.net
  4. Render the text of your e-mail address in an image file. Don't type your e-mail address into your Web page or link to a graphic file that is an image of your e-mail address. Spambots are unlikely ever to implement graphics-to-text converters, so this method is a pretty sure-fire way to prevent harvesting while still making your address readable by most users. But the graphical approach has disadvantages. Your e-mail address won't be readable by visually impaired users or users with certain browsers, including some wireless devices. It is not possible to create a clickable e-mail address link with this tactic since the HTML code for the e-mail link would be vulnerable to harvesting. And a graphically rendered e-mail address may be more difficult to maintain, especially when many e-mail addresses are involved. You might be able to alleviate some of the maintenance problems by creating a single graphic of an @ symbol and using that, in combination with text, to produce a readable e-mail address.

  5. Render your e-mail address with a JavaScript. You can create a very simple JavaScript that any modern browser program can effortlessly convert into an e-mail address but which looks like gibberish to most spambots. In its simplest form, your JavaScript might look something like the following:
    <script language="JavaScript">
    document.write( "john_doe" );
    document.write( "@" );
    document.write( "nyct.net" );
    When interpreted by a JavaScript-enabled Web browser or e-mail clients, that script looks like this:
    The main disadvantage to JavaScript rendering is that the resulting e-mail address and/or link is readable only by JavaScript-enabled browsers. Many wireless devices do not support JavaScript, and many desktop users disable JavaScript. Compatibility can be improved through the use of <noscript> tags, which allow you to display special content to non-JavaScript browsers. A graphically-rendered e-mail address is a good choice for the <noscript> tag. It allows you to provide a text-based, clickable link to JavaScript users, along with a decent substitute for non-JavaScript users.

© 2003, New York Connect, Inc.