In a fashion, the battle against spam is a lopsided and unfair one; all it takes is for one’s email address to be harvested and stored into a spammer’s database once, where it literally translates into a lifetime – of the email address at least – of having to combat an unending influx of digital trash.
While system and email administrators around the world dream of the ultimate anti-spam appliance capable of eradicating all spam with absolute accuracy, the truth is that such a device does not exist. The vast profit that awaits successful spammers means that they are continuously conniving to conjure up new methods of overcoming various antispam defenses. As you can imagine, it is usually a matter of time before the first unsolicited email makes it through the best filters.
Dealing with this state of affairs does require adhering to a number of long term strategies and approaches that I shall explore in the next few weeks. The first and most important of these however, is this: protect your email address. Put plainly; it is far better that email addresses not get harvested in the first place than trying to protect them from spam. So what are some methods that the system administrator or IT manager can adopt to better protect the email addresses in your organization?
Avoid publishing email addresses on the Web
One of the biggest mistakes I’ve seen made by organizations is the placing of their email addresses in plain text format on their websites. While I acknowledge that certain situations and job positions do necessitate being easily contactable – such as in Public Relations for example – doing so in most cases only serves to facilitate the ability of spammers to harvest your digital address.
Unfortunately, this is a situation that I’ve witnessed time and again, even in larger institutions that should know better. For example, it is fairly common for education institutions to have a “Staff” page where biographies, which includes contact numbers and email addresses, are published for viewing by the public. While most do attempt to limit the ease of extraction by limiting the number of profiles per page, it is a laughably easy matter for spammers to quickly harvest email addresses exposed this way using an automated tool.
Use alternative means of communicating
While companies should be careful about publishing their email addresses in text format, the use of image elements can be used to protect staff contact details from automated tools. Of course, the use of advanced OCR (optical character recognition) or paying workers from third-world countries to manually read them means that the effectiveness of this technique has declined over the years. Still, this is far better than not having any barriers in place at all.
Another solution would be to make use of web forms that will submit customer feedback to the correct email accounts. These should obviously be protected by the use of CAPTCHA and other antispam measures.
Train employees not to give out their email addresses
Protecting one’s email address is a shared responsibility, and it should be emphasized to staffers that they should not carelessly give out their email addresses on any web form that asks. Likewise, sites that offer “lucky draw” giveaways and other freebies are probably turning a profit from the reselling of the furnished information.
Discourage chain emails, excessive forwarding
Have you ever received one of those annoying chain emails that exhort you to forward it to 10 other friends? Or do certain colleagues constantly forward you emails containing jokes or various general knowledge trivia? The danger of such behavior resides in how these forwarded mails end up containing a long list of valid email addresses. An infected or hijacked computer along the chain could see your email address harvested – this applies even if you do not participate in propagating such mails, but are merely one of the recipients!
Administrators and IT managers can play an important part here by actively discouraging such activities within the company. And where there are good reasons to forward emails to a group of colleagues or friends, employees should be taught to do so in a defensive manner where possible. For example, to first strip out the pertinent email information before hitting the “Send” button, or to make use of the BCC (Blind Carbon Copy) feature found in all email clients.
I hope the above tips were of help to you. I shall be exploring more evergreen methods of reducing spam next week.