I use SpamCatcher with Outlook ... It does a good job!. I get over a 50 spam mails a day and it weeds out most but a few ..

I just have my junk mail set up on outlook and dump spam into that

Psstttt! [webmasterworld.com] Here's one way to have an impact, albiet more into the 'long-term' of the UCE/SPAM issue.

In the short-term there isn't much, other than filtering, that you can do.

UCE/SPAMers can glean addies from posting as well as a variety of spider/bot configurations like EmailSiphon that suck up addies from web pages.

Additionally, UCE/SPAMmers will do 'Alphabet Attacks' where they'll start an alpha-numeric send program which starts with 'a'@yada.com', 'a1'@yada.com all the way thru to 'zwpjroptws'@yada.com.

Or, they'll just plain spoof the 'yada.com' to appear as though it really did come from 'yada.com'. These forms of attack usually look like: 'wqurpst', ieodidjfu', 'cjehcml', etc. and the only way you might even know of the attack is the bounced 'undeliverables' returning to your mailbox.

It has been said that up to 20% of all ISP fees are to cover the costs of UCE/SPAM. That means it (UCE/SPAM) has a negative impact on each and every Internet Access Subscriber in the World.

If the long-term is more to your liking, take a longer look at the above link and see who else is working hard to stop the proliferation of UCE/SPAM on the Internet.

Pendanticist.

Up until now I have been very lucky in that the majority of spammers seamed to miss me. Over the past few weeks however it has become more and more of a problem. As an example yesterday I received 74 emails. I read 2.

The really anoying thing that seams to be happening lately is the spammer asks for a receipt. Never open one of these or send as receipt. Thats just the spammer making sure your email address is genuine. Another thing I seam to be noticing is that a lot of email titles start with "RE:" making you think it is a reply. I can see a lot of people falling for this one.

Also time to work on preventing email address harvesting from spambots.

On your webpage, you could instead of using a tag like:

<mailto:username@domain.com>

use

<mailto:username@domain.&#099;om>

CAP SMALL CAP SMALL
A &#065; &#097; U &#085; &#0117;
B &#066; &#098; V &#086; &#0118;
C &#067; &#099; W &#087; &#0119;
D &#068; &#0100; X &#088; &#0120;
E &#069; &#0101; Y &#089; &#0121;
F &#070; &#0102; Z &#090; &#0122;
G &#071; &#0103; 1 &#049;
H &#072; &#0104; 2 &#050;
I &#073; &#0105; 3 &#051;
J &#074; &#0106; 4 &#052;
K &#075; &#0107; 5 &#053;
L &#076; &#0108; 6 &#054;
M &#077; &#0109; 7 &#055;
N &#078; &#0110; 8 &#056;
O &#079; &#0111; 9 &#057;
P &#080; &#0112; 0 &#058;
Q &#081; &#0113; - &#045;
R &#082; &#0114; _ &#095;
S &#083; &#0115; . &#046;
T &#084; &#0116; @ &#064;

I do that alot on all my web pages just to prevent getting junk mails.

I have started leaving out the mailto: so my email address is not clickable on my websites. Is this likely to stop email harvesters?

The SPAMBOT harvest email addresses irregardless of the mailto: tags.

I get attempts on my mail server to send to nfo@domain.com after I change the "i" in the info@domain.com.

I have started leaving out the mailto: so my email address is not clickable on my websites. Is this likely to stop email harvesters?

<As have I.>

Yes, and so will the suggestion just before your post.

Pendanticist.

I also used to have SPAM (the digital type) for breakfast, lunch and dinner until I started to do filtering using bl.spamcop.net at the mail server level.

A bit draconic but very effective.Also filter out mails sent from open relays and proxies.People who send through it are up to no good anyway.

Instead of using the "mailto:..." I use the following javascript code so the Email harvesters cannot read it properly:

<SCRIPT language=javascript>
<!--
var username = "info";
var hostname = "widgets.com";
var linktext = username + "@" + hostname;
document.write("<A HREF=" + "mail" + "to:" + username +"@" + hostname + ">" + linktext + "</A>")
//-->
</SCRIPT>

Also, you need a plan for your domain's WHOis information since this is another notorious source of Email harvesting - find a registrar with WHOis spam protection.

They get you on the whois too. I recently registered a domain name that I'm pretty sure never existed before. No website up yet, but I did set up a catch-all email account. Within literally a couple of days I was getting 3 or 4 spams a day on that account!

Check out TMDA. It's much easier to maintain than any filter.

One of my clients was getting 200 spam mails per day (oh yeah, that's two hundred), and I finally installed TMDA for one of their boxes. In the process, I also installed it on one of my boxes and spam went down from about 30/day to 5/week.

btw, why is this message in google news?

We did a count on Monday and the result was of 183 e-mails only 15 were readable. We use the filter on our mail server with words that we have developed over the last year. We filter these e-mails into the delete box and check it 2 or 3 times a day. It's a lot easier doing 30 or 40 e-mails this way then to have to wait for them all the download on our dial-up connection. We catch about 60% of them this way. We catch a lot of viruses this way as well - we receive about 500 per month.

My own pet hate is the African 419 scam. These are the messages that usually begin with something along the following lines (delete as appropriate), 'I am a son, brother, doctor, business partner of the late person X, who left a lot of money in a bank account and we need your help to get this out of the country.'

Whenever I see a Nigerian ISP on the logs I know that it will just be a couple hours before they start flooding in. By the way, the following site gives you all the details of the scam and lets you know what to do with these messages:

[home.rica.net...]

I tried reporting each spam using spamcop.net for a while, but this seemed to somehow alert the spammers to the genuineness of my addresses - spam increased rather than decreased. I don't like filtering much, too much chance of missing a genuine mail, so all I do really now is try to camouflage addresses using codes as mentioned above, but also I then bung them into a javascript alert() box. This isn't so good really, either, thinking of all those visitors with js turned off.. Another ruse I've tried is just to simply say on the page, 'send email to the webmaster at our domain name' or something along those lines, but it looks like most folks either couldn't understand what to do, or couldn't be bothered - huge drop off in email enquiries..

I used to religiously place a hidden link right after the body tag on every page, to a perl cgi script which produced a contact-us page containing a selection of random fake email addresses, the idea being to pollute the spammers databases when their spambots crawled, until it occurred to me that even though the script produced such bizarre combinations as things like maybe hermionepulkerton@oehjhjytykb.com , there was always a chance of dropping some innocent bystander domain owner in the poo. Who's to say even oehjhjytykb.com might in fact not be invalid, quite apart from the hidden link probably being a touch dodgy as far as G is concerned.

So, in the end, after a number of years trying one solution or the other, I've ended up pretty much coming full circle. Let 'em all in & sift 'em manually, just viciously reporting the odd one I find truly sick, by using a combination of spamcop & manually checking through the headers.

I've found after a while, you can get pretty fast at running through the list & identifying & deleting most of the bad 'uns just by looking at the subject line. Maybe 1 out of 10 warrants more than half a seconds investigation before hitting the del key.

One thing I understand is quite effective is to turn off auto preview if you're using outlook express or similar - a lot of the spammers use image tags with a session id or similar tactics to let them know when a dictionary attack is successful. When you want to check further into a mail, use view source or equivalent, rather than letting the mail open fully.

encoding has not worked with us. We replaced all the emails on our sites with the encoded version last weekend, and deleted the old email addresses. Great for 6 days. Then just today we got a nigerian spam assault to all new email addresses that had been encoded #371;#726; etc

It looks like we will make all our emails go through our cgi form based email script. seems the best way.. cant afford to lose those who have js turned off.

Bye the way, i get over 1,000 spam emails a day and around 40 legitimate ones to 3 alias email addresses. All are tagged well by mailwasher, but you still have to delete them and wait for them to download. With that many sometimes mailwasher crashed. It was time to do something!

Dear NGU,

My suggestion to you is that if you receive 10-15 spam e-mails per day, don't admit it to anyone. Personally I get 10-15 per hour. I've learned to live with it.

Regarding the Nigeria Scam (as I call it). We started gettign that around 7 years ago, via mails and fax. At the very beginning we followed one up until teh point they started asking for cash. The produced a considerable amount of "official" documents, wit hseals and signatures and company formation papers and whatnot. All from official government offices and the like. and I'm talking 100s of pages of stuff, mail fax anyway... this was of course pre email.
Unfortunately they count on people wantign to keep things for them selves and not talking to others. A friend has only told us about this when he had already payed over 26000us$ in fees for lawyers and company registrations. When we told him abou the scams it was probably too late to get that money back.

So please watch out, I have personally not lost anything to these yet (except time) but I know people who have.

Instead of using the "mailto:..." I use the following javascript code so the Email harvesters cannot read it properly:

That javascript thing really works. I've had three email addresses on various websites for a couple of years now and two of them receive no spam at all. The third gets spam from only one source, and so I suspect that they got my address by some route other than spidering.

>Regarding the Nigeria Scam

Oh NO! Don't tell me it's a SCAM! I've sent all my money, maxed my credit cards and took out a large personal loan to help those poor Nigerians.

MeditationMan: That javascript thing really works.

Two PR6 websites I started using this Javascript Email from day one I've had only a handful of junk mails every day after almost 2 years of the sites being up.

Of course I also signed on with a domain Registrar with WHOis spam protection... since WHOis Email harvesting is wide-spread.

Another thing to avoid is if you have a Contact Email Form - having the mail-to Email address readily available in the HTML source can also cause email spam problems.

I'm referring to:

<INPUT TYPE="hidden" VALUE="info@widgets.com" NAME="recipient">

keep your address book up to date and have Outlook set to add all e-mails that you reply to your address book.

Then once a month create a rule that reads like this

if the e-mail is from someone I know move the message into a "friendly inbox"

keep your address book up to date and have Outlook set to add all e-mails that you reply to your address book.
Then once a month create a rule that reads like this

if the e-mail is from someone I know move the message into a "friendly inbox"

So what if you are a webmaster and don't know visitors e-mail addresses?

Wow...I never realized that 419 scam was so prevelant.

I have installed spam filters before guys, and had problems getting e-mail that I WANTED. Is this a normal problem, or was it just because it was a crappy hotmail filter?

This free service [alicorna.com] works a treat to hide your email address from spambots. I wish I'd know about it all those years ago as I get over 100 junk emails a day.

Cunuck

"Instead of using the "mailto:..." I use the following javascript code so the Email harvesters cannot read it properly:
<SCRIPT language=javascript>
<!--
var username = "info";
var hostname = "widgets.com";
var linktext = username + "@" + hostname;
document.write("<A HREF=" + "mail" + "to:" + username +"@" + hostname + ">" + linktext + "</A>")
//-->
</SCRIPT> "

DOES THIS WORKS?.. i have recently taken off all the email addresses from my website and am still getting junk emails

Note:
document.write("<A HREF=" + "mail" + "to:" + username +"@" + hostname + ">" + linktext + "</A>")
Does not validate as WC3.

I've changed it to this:
document.write("<A HREF=" + "mail" + "to:" + username + "@" + hostname + ">" + linktext + "</" + "A>")

(Note the breaking up of the 'off anchor' tag at the end.)

Also:
<SCRIPT language=javascript>
Doesn't validate

<SCRIPT language=javascript type="text/javascript">
Does validate

Not a huge deal, but a tip for those using this technique.