ABQweb Blog (ABQweBlog?)

One of the biggest problems we face is dealing with the daily deluge of email messages. Some of these messages are obviously from spammers, phishers and other “bad guys,” but many of them are from people we know (or at least they “look legitimate”). After many years in the computer industry, I’ve become a real skeptic and I’d like to share a few tips that I think can help you avoid some common problems. Here are my four basic email rules for messages that have links or attachments:

1. If you don’t know who sent it, don’t follow links or open attachments – just hit DELETE. I know, this is pretty obvious, but you’d be amazed at how often I hear from someone who “forgot” about this rule.

2. If it seems to be from someone you know, but the message is really generic – just hit DELETE. “Here is the file we discussed” sounds official, but have you ever really sent someone a message with only that text and nothing else? No greeting, no salutation, no “how’s the kids?” The only time I have EVER violated this is when I’m actually on the phone with someone and I send them a message while we are talking, then wait to make sure they receive it while we are still on the phone!

3. If it seems to be from someone you know but you weren’t expecting it – VERIFY it before clicking any links or opening any attachments. Send a message back to them (but type their address in manually) or call them on the phone and make sure this is really something they sent to you. If something is really time sensitive, chances are you already knew about it before the message arrived (see Rule #4 below). If it isn’t time sensitive, the delay while you verify it won’t matter.

4. If it seems to be from someone you know, it is personalized, and you were expecting it, GO FOR IT! To me, you’ve taken every reasonable precaution and it is probably exactly what it seems to be.

Of course, none of these rules will matter if you aren’t protected with an up-to-date browser and good anti-virus software. The “bad guys” are getting smarter all the time and will probably find a way to get around even these precautions.

But for now, at least, if you follow these rules, you will be much less likely to follow the wrong link or open the wrong attachment. If this works for you (or even if it doesn’t), please let me know.

Copyright 2009 ABQweb, a division of L&S Marketing, Inc. Feel free to link to this post, but you can’t use all or part of this content without permission.

As a web designer, web host and businessperson, I have A LOT of email addresses. I have EVEN MORE web pages that list one or more of my email addresses, including domain registries that list me as the owner of dozens of domain names. Lately, I’ve been wondering if there’s any way to protect my addresses from spammers, scammers, and robots.

I already encode the email addresses on the sites I create, which is SUPPOSED to stop the robots. I’ve even taught some of my customers how to do it, although I’m not sure how much good it does if you try to change it after posting pages with “mailto” in them. Once the spammers have you, they definitely don’t let go.

I also use a version of “formmail” on the sites I host that encodes the “recipient” field so  it doesn’t contain an email address. Of course, some spammers just try to “break” the forms by submitting them hundreds of times with garbage information. Not fun, but if it doesn’t break, I can almost live with that.

In some extreme cases, I’ve encoded the actual header for the form so the word “formmail” doesn’t even appear on any pages. It also seems to help, but the downside is that it becomes more difficult to identify (and update) pages with forms. Nothing is easy.

Finally, I’ve signed up many of my addresses (and quite a few of my customers’ addresses) to run through Postini for additional spam filtering. When I first signed up for Postini, I saw an amazing decrease in the number of spams I received. Instead of seeing 2000+ messages every Monday morning, I only saw 100. No wonder Google bought them!

I’ve been doing this for over 10 years and it seemed to be working pretty well, but something has changed in the past six months or so. Postini is grabbing thousands of messages every few days and hundreds are getting through each day. The “froms” are random, the subjects change slightly with every message, and no spam “campaign” seems to last more than a few days.

Just when Postini seems to learn how to stop it, it changes. White lists are practically worthless, as messages appear to come from people you know or even from yourself! I’ve stopped adding people to my white lists because it just means that all the spam pretending to be from them gets through automatically.

Is there anything that can be done short of changing your email address every month or two? I’m finding it hard to be optimistic, but I’m open to suggestions. If you’ve tried something and it’s working, let me (and everyone else who reads this blog) know about it. The spammers are working hard to beat us, but maybe we can work together to beat them. At least I hope so.