One of the great things about the Internet is email - and it's also one of the worst. Literally millions of spam emails are sent each day. This article is to assist our web hosting clients in understanding what spam is, how to report it if you are being bombarded, and how to avoid sending it.

So, what is spam?

This is a tough question. Essentially, it's unsolicited junk mail. It's estimated that spam mail constitutes twenty two percent of all emails sent. It's not only annoying, it can be insulting, disgusting, predatory and it actually slows down the Internet due to the amount of processing required to transport it.

While most spam can be easily identified, if you're operating an online business and need to approach people that you have never communicated with before, it can become a very grey area. After all, any initial approach on a commercial basis could be considered spam by the more radical anti-spammers out there - so we need to approach this in a balanced way.

Not Spam

Sending an email to the webmaster of a site you've just visited to request some sort of partnership.

Spam

Sending one million emails to the webmasters of refrigeration sites you have never visited offering to sell them dead spiders.

OK, that's a little bit extreme, but you get the picture.

Ezine/newsletter spamming

One of the biggest problems facing ethical webmasters are accusations of spamming through ezines, updates and newsletters that you send out. These accusations tend to happen mostly for one of the following reasons:

 

1. Some surfers are chronic subscribers, they will subscribe to anything and then scream when it suits them.

2. You aren't using double opt-in lists and someone has accidentally or purposefully subscribed someone else's name to your list.

3. You have purchased and used spam mailing list.

4. You are involved with a co-reg setup with other sites.

5. Your competition is seeking to ruin your business.

These are all very possible scenarios, but two simple suggestions can save you a great deal of stress and perhaps your hosting account.

1. Purchasing mailing lists is a very risky business. Deal only with reputable companies and the general rule is that if a list is cheap, it's a spam list.

2. Use double opt-in for *all* subscription services.

3. Provide very clear and simple instructions for unsubscribing.

We take spam very seriously and while we do not de-activate accounts as a knee-jerk reaction unless it is a very serious complaint, we do investigate any spamming complaints very thoroughly. If we conclude that a client is spamming, the account is closed. For further information regarding our spam policies, please see our Terms of Service and contact us if you have any questions.

What is double opt-in?

Double Opt-In email marketing is where the recipients have confirmed that they wish to receive email on a particular subject. After subscribing via a traditional web based form, they also receive an email confirmation note that they then must reply to before they are added to the list. This prevents mistakes or purposeful attempts to subscribe someone other than the email address owner.

The confirmation email should always contain why the note has been sent, the purpose of the list and alert the recipient that if they did not subscribe, then someone else has attempted to and all they need to do is to ignore the note.

What do I do if I receive a spam complaint from someone?

The worst thing you can possibly do is to ignore the complaint or brush it off. You should attend to it immediately as the chances are that your hosting service has probably also been sent a copy of the complaint.

Even if the person is incorrect in their accusation and rude, always be polite in your response to them and seek to resolve the situation - ensure you keep a copy of all communications with the person in case you need evidence of your pro-active measures to supply your host should they also receive a complaint.

If you are using a double-opt-in list, proving that the accusation has no basis is a very easy task, but it is always worth raising the possibility with the complainant that perhaps a family member or someone with access to their mail account may have subscribed - it gives the person a way to honorably back down from the accusation.

Email headers can quell accusations.

Forged email addresses can also be a problem and a difficult thing to explain to a complainant who doesn't have a good knowledge of the Internet.

In the case where a complainant has received a note where your email address has been forged, the best thing you can do is to ask them to forward you the purported spam as an attachment for header examination. In the header, the path an email travelled to reach the recipient is recorded. The following is a sample spam mail header:

Return-Path:
Received: from therealaddress.com (therealmailserver.net [244.221.175.62])
by recipientsmailserver.com (8.12.9/8.12.6) with SMTP id h4C7Olf1071714
for ; Mon, 12 May 2003 03:25:01 -0400 (EDT)
(envelope-from innocentwebmaster@innocentwebmaster.com)
Message-ID:
From: "Innocent Webmaster"
To: recipient@recipientsmailserver.com
Subject: Spam is evil
Date: Mon, 12 May 2003 07:31:52 +0000
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: base64
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-UIDL: Hh!#!&2p"!Vgb"!mn$"!

For the purpose of this exercise, you can be "Innocent Webmaster". While your name and email address appears throughout the header, on one very important line it doesn't:

Received: from therealaddress.com (therealmailserver.net [244.221.175.62])

The second part of this line is the mail server of origin. Although this may be false as well, or one of a series of mail servers along the route in the case of a daisy chain spam campaign, it does show that the email did not originate from your domain. This is enough evidence to prevent legal action being taken except of course if the spam mail was an obvious advertisement for your site.

How do I view an email header?

In Microsoft Outlook, simply right mouse button click over the spam mail and select "Options". In Microsoft Outlook Express, highlight the email and then select "Properties" from the File menu. Then click the "Details" tab, then "Message source". For more recent versions of Netscape, click on the "View" menu, then "Page Source".

What if an article I wrote appeared in a spam ezine?

It is becoming a more common practice for career spammers to include another authors' articles with their own spam sales messages without the authors' permission. While this situation is not your fault, you can be proactive in tracing the origin of the spam ezine to demonstrate to the complainant that you are not happy with your name and works being abused.

While dealing with spam complaints is frustrating and time consuming, it is very necessary - your hosting account is at risk.

Why are web hosts so touchy about spam?

In the supply of Internet services, usually the host is not the "top of the food chain". Most web hosts have upstream providers. One spam email complaint not acted upon can risk their association with their upstream provider. Even if the host is the top of the heap, a spam complaint directed to relevant government authorities can initiate a formal investigation and a fine could also be imposed. There is also the danger of civil law suits etc. Spam can be a very messy and costly business.

What if I'm the victim of a spammer?

As a webmaster and with a very available email address, you'll no doubt get an increasing amount of spam over time. If you find one (or all) to be particularly annoying, you can do something about it.

Firstly, locate the mail server of origin in the header data and then pay a visit to the site itself. Most ISP's will have on their Contacts page an address you can email specifically for abuse. Even if that particular server was only the last mail server the message travelled via before hitting your inbox, in many cases they will approach the next server along, and so on. If there is no specific "abuse" address, try sending your complaint to another address shown on their site.

In your note to the company, ensure you are professional and that you include a copy of the header information. Without the header information, your complaint is destined for the Recycle bin.

How can I reduce the levels of spam I receive?

There's a couple of relatively strategies you can use. First off, always read the details of a subscription offer - never subscribe directly via the "subcribe now!" boxes. If they don't have a details page, it's not worthwhile taking the risk that you may get more than you bargained for. A reputable subscription offering will make it very clear about what will be done with your data. If the details page doesn't mention something along the lines of:

Your email address will not be distributed to any other party for any purpose

it's probably best to avoid the subscription.

In regards to your own web site, if you wish to display an email address link instead of using a form processing script, the best way to avoid ending up on a spam list is to implement code that will confuse email harvesting software.

Email harvesting software has become the best friend of every spammer. All the spammer has to do is point it at a web site and the software will pick out every email address on the site. Then it follows links to other sites and repeats the process.

Here's some sample code you can use that will reduce the effects of email harvesters:

Sample Javascript:

<script language="Javascript">
<!--
var name = "you"
var domain = "yourdomain.com"
document.write("<a href='mailto:" + name + "@" + domain + "'>")
document.write(name + "@" + domain)
document.write("</a>")
//-->
</script>