A challenge-response system can be very helpful when you try to keep automatic submission software off of web forms.

A challenge-response system on an e-mail account is extremely annoying to people who want to legitimately communicate with you. Over the last ten years, I have comfirmed my sending addresses with such a system exactly once, because a good friend had protected his inbox that way. But a business forcing me to jump through hoops like this will immediately lose me as a customer.

The only short term remedy to e-mail spam is smart filtering. That's not what AOL or hotmail are doing, but a system where each user can teach the software which of his incoming messages are spam or ham. I use spambayes myself, and it works very reliably with reasonably low maintenance.

In the long term, a system that verifies the sender's host against his domain will probably be the solution. There are several such systems proposed, SPF [pobox.com] looks like the most promising to me.

I get shed loads of spam, last year I purchased Norton Anti Spam, it sort of learns and does a good job, its saved me hours of time deleteing rubbish so it was worth the cost.

I swear I could spend 24 hours a day trying to fight spam, there is nothing that is more annoying. So far, I have used a combination of the following:

-Server-side filter (spamassassin)
-Local spam catcher
-Message rules (i.e. delete anything with viagra in the body)
-IP blocks in my .htaccess file for known spam harvesters (whole countries like Nigeria in some cases)
-Blocked senders list (which is pretty much useless as spammers never seem to use the same address twice)
-Daily reports to SpamCop

And even with all of these in place, some crap still gets by. The US Government has managed to stop telemarketers cold, now let's see how they do with spam....

Thanks everyone. Its just so depressing. Both of my business e:mail addresses have been spammed to death.

I get 300 to 500 a day for each address. I have a mail washer programme which does a great job of stopping 90% of the garbage but it also manages to catch some customer inquiries as well ... which means I still have to look at every single subject line before deleting the blasted things.

It takes about an hour (or more) out of my life every day of the week! I have adsl but it may as well be dial up ... very slow. What can I say, I live in the Caribbean and our server is on "island time"! :)

I am becoming homicidal on this particular topic. I want to squeeze the life out of these jerks. :( 7 to 8 hours a week is a lot of time I will never get back!

I want them all to live in a pit of snakes and spiders for eternity.

I got a SpamCop e-mail account. Cut inbox spam from about 400 a day to maybe 30, ymmv.

I've taken the drastic step of removing all email addresses from public web pages.

As a result:

- I get much less spam.
- I don't get the latest batch of cache sniffing viruses.

Instead I put a custom written contact form (to stop spambots) and where appropriate phone numbers.

I estimate that this has cut my junk mail by 80%. The remainder I guess are from historical lists.

Downside - I am very probably losing business, but I have enough to do at the moment so its OK for now.

A smart idea that I saw was to show the email address as an image... downside - "you have to retype the email to contact" message.

You can use an external javascript to write out your email address for you. I don't know of any bots that can execute javascript so it should be safe there.

And you could also supply a 'contact us' form on the page so that people without javascript can still get in touch.

Javascript Solution

Here is an example of using the javascript technique I mentioned above..

HTML:

...usual stuff.. 
<script type="text/javascript" src="email.js"></script> 
</head> 
  
<body onload="addEmailAddress();"> 
<p> 
  blah blah blah.. 
</p> 
  
<span id="email"></span> 

..then you would create another file called say email.js that contains..

email.js:

function addEmailAddress() { 
    var emailAddress = 'yourname' + '@' + 'example.com'; 
    var linkText = 'Contact us for more information'; 
  
    if ( document.getElementById ) { 
        var elem = document.getElementById('email'); 
        if ( elem ) { 
            elem.innerHTML = '<a href="mailto:' + emailAddress + '">' + linkText + '</a>'; 
        } 
    } 
} 

That should do the trick, just change the emailAddress and linkText to whatever you require. The script just looks for an element with the id of "email" and inserts the link into that element.

It should fail silently if..

an element with id="email" doesn't exist

if javascript isn't supported or is turned off

if the version of javascript doesn't support getElementById

..so that is why it is a good idea to also supply a 'contact us' form (which should not require the email address to appear in the html).

Hi,

really like the script - sorry to sound really thick - but how would you adapt it to have more than 1 email address in your email.js file?

Cheers!

Well the bit that does the real work is the

elem.innerHTML = 

line.
That line controls what HTML gets inserted into the span so you coud just change that to whatever you require.

Do you want one link that sends to two different email addresses or do you want one link for each address?

Liane I was a diehard MailWasher user until it started taking too much time to maintain. I hacked it to add the use of a free Bayesian filter called POPfile and that worked for me for a while. (the MailWasher folk are working on a new version now with Bayesian filtering.) However, I tried SpamBayes and have never turned back. While MailWasher used to save me time dealing with spam, SpamBayes saves me time even over MailWasher. I have been using it for more than 6 months and have not had even one real mail classified as spam.

Oh...and for the e-mail on your website try the Hiveware Enkoder. It will make short work of your e-mail address encoding and give you a cut & paste code to drop into your page.

Is it reasonable to assume that some spammers test their spam against widely-used spam filters?

If so, it would partially exlain why Mailwasher may be less effective than the lesser-known SpamBayes.

Similarly, I've been using Cerebrus with excellent results for the last few months:
[compkarori.com...]

Is it reasonable to assume that some spammers test their spam against widely-used spam filters?

If so, it would partially exlain why Mailwasher may be less effective than the lesser-known SpamBayes.

The advantage of spambayes (or other similarly advanced bayesian filters) isn't that it's less known.
The advantage is that each user will train it exactly to the types of ham and spam that they personally receive. In other words, each installation is absolutely unique. There's no way for a spammer to test their garbage against my personal filter (or yours).

Well, to make matters a little more difficult ... I am on Mac 9.2. using Outlook Express 5.0. It appears that SpamBayes will not work for me.

Aside from buying a new computer which might happen in a few months time if I can scrounge up the funds ... any other suggestions?

Is it reasonable to assume that some spammers test their spam against widely-used spam filters?

It may be, but that's where DNS blacklists come in :)