HOW TO SPAM-PROOF YOUR LIFE

Thousands of small business webmasters briefly lose their domain names at expiration, due to a simple lack of understanding about the roles of three key players in the drama: domain name registrars, web hosts and internet service providers. Fortunately for most, they learn quickly how to save their web site from oblivion by using the 30 day redemption period for expired domain names enforced by ICANN. One simple solution is to extend domain registration for the maximum ten years. The other solution is to treat domain registrar data as the critical business element it is.

I Can't Remember Where I Purchased My Domain Name!

It wasn't until my third client had called asking how to regain control of her domain name that I realized that it was a common problem for small business webmasters to forget where they had registered their domains. WHOIS my registrar? Why didn't I get an email about renewal? Why did my site stop working today?

People rarely realize how important it is to keep their domain registrar notified of changes to their email address and and other contact information. The registrar will send renewal notifications to the email address last on file. For most domain owners, the only time they think about contacting a registrar is the day they reserve their domain name. If they move to a new city and get a new internet service provider, it doesn't occur to them that the old email address will change and that meeans that the registrar can no longer contact them through the previous address, or phone or fax as each of them change and we rarely notify the controller of our domain of those changes.

Sometimes the first indication a business owner will have that there is a problem is the day their web site stops working. If they failed to notify their domain registrar of changed email address, they may never have received their domain renewal notice. Since many registrars honor a 30 day "redemption period" allowing expired domains to be redeemed, it may be possible to save the registration within 30 days following expiration by contacting registrars during 30 day domain redemption periods.

The following URL leads to the Internet Corporation for Assigned Names and Numbers (AKA ICANN) discussing the grace period and redemption period rules it enforces.

http://www.icann.org/bucharest/redemption-topic.htm

1. Never publish a hard-coded mailto: A HREF tags on your web site.
   
   One of the most common ways that spammers collect (harvest) email addresses from web sites is by using spambots (called robots, spiders, crawlers) which visit your web site, hop from link to link collecting phrases which have an '@' character in them - those mailto: email addresses - your email addresses!
   
   But, there are numerous techniques that provide an alternative way of displaying your email address and, at the same time, fooling the spambots so they don't find them.
   
   Here are just a couple of those techniques:
   
   
   • Using SSI (Server-side Includes)
     
     By using SSI calls to a CGI script on your server, you eliminate the need to code a mailto: A HREF tag.
     
     Example:
     
     Contact us here: <!--#exec cgi="/cgi-bin/print_addr.pl"-->
     
     In the /CGI-BIN subdirectory of your web server, you simply include a short Perl script to display the A HREF tag:
     
     #!/usr/bin/perl
     print "Content-type: text/html\n\n";
     print "your_addr\@yourdomain.com";
     exit;
     
     When the browser processes the SSI line above, it will call the Perl script (runs on almost all web servers) which will output the A HREF tag dynamically, so that when spambots visit your web pages, they never see the '@' sign, and thus can't harvest your email addresses.
     
     
   • Using Javascript
     
     With just a smidget of Javascript code, you can provide client-side protection against roaming spambots and harvesters. Just place this code in your HTML pages wherever you want to display the email addresses:
     
     <script language="JavaScript">
     <!--
     document.write("your_addr" + "@" + "yourdomain.com");
     // -->
     </script>
     
     
   • Use a contact form on your web site, instead of an email address.
     
     When you provide an HTML form for email contact with your site visitors, not only can you manage the incoming correspondences more efficiently by having them come to one place, but you also remove the possibility of roving spambots harvesting email addresses on your web pages.
     There are many HTML form-to-email scripts out there, and most of them are FREE. Just search any search engine using the terms "formmail" or "form+mail". You should be able to find a simple script and install it in no time.
     
     If you need assistance, there are thousands of references on how to install CGI scripts, or you can even hire a web developer, who should be able to set it up in under an hour.
     
     
2. Never use your "main" email address when you subscribe to a new publication.
   
   Always use an address that you can either abandon, or filter on if you try to unsubscribe and it's not honored, or you start to receive a lot of spam after subscribing to a publication.
   
   Some server-side programs allow you to create "throw-away" alias addresses for this very purpose. See 3) c) below.
   
   
3. Utilize an anti-spam program for your POP3 mailbox.
   
   By anti-spam program, I mean a program that filters out your incoming UCE (spam) mail so you don't have to waste time doing it manually.
   
   In this area, there are currently three common methods of filtering incoming spam from your mailbox. Two of the three methods involve downloading all the UCE along with the "good" items, but filtering UCE, as it comes in. The third method involves an outsourcing solution. You decide which is best for your situation:
   
   
   
   • Email software setting modifications.
     
     This technique involves you manually setting up filtering criteria to catch incoming UCE. It also involves you manually filtering Sender addresses of those UCE that get past your filters.
     
     This technique also requires that you periodically update your filtering rules as the spammers find their way around them. Many times this is at least weekly.
     
     
   • Client workstation anti-spam software.
     
     This technique involves running a filtering program on your workstation "against" your mailbox, as you pull in the incoming mail.
     
     Again, this technique will require frequent updating of the filtering rules and blacklist databases - much like you have to update your virus database software periodically.
     
     It also requires processing time on your PC workstation. If you don't have a "large" spam problem, this may be negligible. If you do, it can take between 2 to 6 times the amount of time to pull your mail in, in order for it to interrogate each incoming item.
     
     The price is right: between free and under $100. You can find it at most software download sites.
     
     
   • Server-side anti-spam techniques.
     
     This, in my opinion, is the best practice for eliminating UCE spam BEFORE it enters your email software (InBox).
   
   
   With this technique another kind of bot (I call it an anti-spambot) will visit your mailbox periodically throughout the day and night, examine each item in your mailbox, weigh it's probability of being UCE spam, then remove it from your mailbox BEFORE you have to see it, if it is likely UCE spam.
   
   The better services of this type will not permanently delete the incoming mail, but will place it in another source, for you to review, should you ever need to recover an item that was accidentally filtered.
   
   In this kind of program or service, the administrators will take care of the ever-changing filtering criteria for you, so you save time in that area.
   
   Sounds good, huh?
   
   There is one modification that you have to make in order to utilize such a technique: If you have your email software setup to check and pull in your mail on intervals of say 5, 10, or 15 minutes, then you will have to alter those settings to something like every 20 to 60 minutes.
   
   This is because the anti-spambot will only visit your mailbox so many times a day (or per hour). So, if you're pulling mail off the server before the bot gets to examine it, it will defeat the purpose.