Combatting Spam

Spam is a problem which is on the rise for both general users and businesses, but with the right tools it is pretty easy to combat spam and if you do receive spam email messages then the likelihood is that you are willing to do anything to stop them; as a web hosting user there are many measures that you can take on your half to help prevent spam email messages from reaching your email inbox. Spam email messages are sent out for a number of different reasons, although in most cases they are designed to lure money from the victim in one way or another; some spam emails will also contain viruses as file attachments which are then designed to infect the victim’s computer. The best known form of spam are fake ‘lottery’ emails which claim that you as the victim have won a large amount of money and require you to forward your personal details to an email address in order to claim your winnings; in most cases this personal information will include your bank account details and once the spammers have your details, they are more likely to steal money from you as you will never see your so called ‘winnings’ as they simply don’t exist.

If you have your own web hosting account and/or domain name then there are many more steps that you can take to combat spam than you would be able to if you were using a free email service such as Google Mail/GMail, Windows Live Mail or Yahoo email; i.e. most web hosting uk providers will allow you control panel access to your web hosting account which will allow you to setup specific email filtering rules alongside those that are specified by your web hosting provider so that you can weed the spam out from the genuine emails. When designing your website you can also take measures to ensure that any email addresses that you do need to publish publicly on your website can’t be harvested by bots looking for new email addresses to which spam can be sent; ideas would include concealing any email addresses as images since most spam bots aren’t able to read these, but the key thing to remember is that spam bots are becoming cleverer and a select few have been developed to be able to read email addresses that are concealed as images on web pages. In any case it is important to battle spam as you are going to get fed up of it after a while, but the main thing to remember is that you should never act on any email which has come out of the blue and seems too good to be true.

How can I use my web hosting package to help me combat spam?

As an individual or business you may find it beneficial to use your own web hosting package with a domain name in order to help you combat spam as by having your own web hosting account you will have full control of the email that passes in and out of your domain name. The main way of using your web hosting package to combat spam is to make sure that you have access to the configuration of SpamAssassin for your domain name as this will allow you to configure SpamAssassin to meet your requirements; for example, SpamAssassin will grade emails based on their contents with the higher the score, the higher the likelihood that the email itself is spam – you can configure SpamAssassin to delete emails which are above a certain score, and this a good way to prevent a majority of spam from reaching your inbox. You can also ensure that the ‘catchall’ email address for your domain name is disabled if you have one since if you spammers attack your domain name using a dictionary attack all emails will simply be forwarded to the catchal account for the email accounts which don’t exist; something like this could cause major problems for both you and the other web hosting accounts that are located on the same server as yours. If you are hosting a web hosting under your web hosting account then you can also make use of specialist features that are most likely part of your web hosting package to help you combat any spam that could get through; for example, you could make use of PHP GD to install a Captha module for your forms so that you can verify that any submissions made through your website are being done so by a human. You will find that you can use your web hosting account to help you to combat spam in the following ways:

  • SpamAssassin – this is a standard feature of most Windows hosting and Linux hosting packages and when used correctly can be incredibly useful in stopping spam from reaching any mailboxes that you have setup under your web hosting account – most web hosting providers will allow you control panel access for your web hosting account which should then allow you to setup SpamAssassin for your domain accordingly – SpamAssassin ‘rates’ emails as they arrive at your server based on their content in relation to the spam rules that you have setup, you can then make use of the assigned rating to decide what you are going to do – an email with a higher rating is more likely to be spam, so for example you may wish to setup a filter that will delete emails that are rated above a certain score
  • Disable ‘catchall’ - one feature of a web hosting account or domain name that can cause stability problems and spam email problems is ‘catchall’ email addresses that are setup to receive the email of mailboxes that don’t exist under your domain name – if a spammer was to undertake a dictionary attack on your domain then you would most certainly notice as spam emails intended for mailboxes that don’t exist will simply be forwarded to the catchall address, and due to the size of some dictionairy attacks this could cause huge problems for you and can affect the stability of the server that your account is hosted on – in some cases you are likely to find that with a shared web hosting package your web hosting provider is likely to have disabled catchall accounts for all domains hosted as it is
  • Web form submission – there are also specialist features included with your web hosting account that you should be able to use to your advantage to ensure that spammers aren’t able to submit spam to any mailboxes through any forms that you have on your website – PHP is another standard feature of most web hosting packages and you are likely to have developed your website using PHP, and if so then you can make use of the GD component to create a CAPTCHA form imagine system for your website – by using CAPTCHA you are able to ensure that any submissions that are made through forms on your website are done by a genuine human since most spambots are unable to read CAPTCHA images, although worryingly these spambots are becoming more clever.

In summary, your web hosting package should be able to provide you with several features that you can use to help you combat spam both directly before it reaches your mailboxes but also at the frontline on your website where spammers are most likely to have picked up the email addresses under your domain that are being targeted.

What steps can I take to prevent my domain name and/or email address from being used for spamming?

Technically spammers can use any email address or domain name for spamming regardless of whether they own that domain name or not, they needn’t even have access to the management of the domain; in order to combat this there are several recognised steps that you can take to ensure that your domain name can’t be used for the purpose of spamming. The main step that you can take to prevent your email address or domain name from being used for spamming purposes is to make sure that you have an SPF record setup for your domain as this will specify which servers are allowed to send email using your domain name; any good recipient mail server will check the SPF record against the sending server of the email concerned, and if the two don’t match then the likelihood is that the email will get rejected by the receiving server. Domain Keys can also be used if you wish to make sure that only the emails that you send using your domain name are processed by recipient servers, and again this is a format which is now standard and should be verifiable by most mail servers; Domain Keys consists of both a signing and verifying module which means that a message can be checked at both ends which can also help to ensure that an email message isn’t tampered with during delivery but also that it is a valid email from a valid source in relation to the domain name itself. It may also be a good idea to let your visitors or others know that any email which will come from your domain will be verifiable in one way or another, i.e. if you people are members of your website then you may wish to include their username with emails to them from you; such measures are taken by larger businesses anyway these days as a way to help clients or visitors to identify which emails from them are actually genuine and which ones are spam or fraudulent. In summary, the following steps can be taken to help ensure that your domain and/or email addresses aren’t used for spamming:

  • SPF Records - SPF records are DNS records that are set up in the ‘TXT’ format and are normally designed to specify the mail servers that are allowed to send out emails using domain name, and any mail server which isn’t listed is likely to have any outgoing emails rejected by the recipient mailservers – most web hosting providers now setup SPF records as default as emails are in some cases rejected outright by some mailservers simply because of a domain’s lack of SPF record which means that even for general use it is important for you to make sure that you have an SPF record setup for your domain name
  • Domain Keys – like SPF records, Domain Keys are a common feature of most web hosting packages and will be setup for your domain when you order your web hosting package so that you won’t have to worry about the configuration – any email you send through the outgoing SMTP server specified by your web hosting provider for your web hosting account will be signed with the unique Domain Key for your domain name – a DNS lookup is then performed by the mailserver that will be receiving the email to check if the Domain Key specified in the email header matches the one that is specified in the domain’s DNS records
  • Message verification – if you run a larger website then it may be a good idea to include some piece of information with any emails that you send to your visitors or customers so that they are able to make out that the message sent by you is genuine and that anything else that appears from your domain is spam – this is common practise with most larger companies these days as it is always a good idea to make it easier for your visitors or customers to weed the valid emails out from the spam so that they only act on the emails which will offer them what they want and not the spam emails that are going to cause them problems.

By taking the above measures you will make it easy for your website’s visitors or your customers to identify genuine email that has actually been sent by you and not spam that has been designed to mimic what you would actually send. As there are now many verification methods available that are supported by most MTAs, it is getting harder for spammers to falseify email headers.

In conclusion, combatting spam is something that needs to be done at the root and you can do your bit to ensure that spam doesn’t reach your own email inbox but also to make sure that your own domain name isn’t used for the purposes of spamming. Spam isn’t a problem which is going to go away easily as it is a very profitable business when done correctly, but if you try to limit the stream of spam to your own inbox and to others through the use of your domain name then you may just be able to help that little bit.