Heal Your Church WebSite


Teaching, rebuking, correcting & training in righteous web design.

Fighting the Good Fight – against spam

Anyone who’s visited this site with any frequency already knows my deep loathing for spam. So imagine my grousing when I heard some of the great people listed on blogs4God got spammed by a similar list. This was soon outdone by an audible growl when I began receiving e-mail from members asking if this message was from b4G or if we had resold the list.

But as we are instructed by the Apostle Paul in Romans 12:21, I will instead return such evil with good. In this case, a quick lesson on dealing with spam.

That said, I am not going to try and write a comprehensive compendium how to when there are already so many great ones out there including:

What I will do is tell you are some of the measures I use to keep a good deal of spam away from both myself, and my church.

First, the hosting company. Make sure the company, which hosts your site, has strong, enforceable anti-spam and anti-network policies. Make sure your host is not listed on various notorious spam blocking lists such as the MAPS Realtime Blackhole List. This is because a pro spam host will more than likely not have any sort of spam counter measures loaded at the network or server level. If your host is a good guy, then find out if they have or are willing to install various spam-fighting mechanisms. A popular one being SpamAssassin, though I would really like to see PerlMX. More schmoozing on my part.

Second, your web site and configuration. There are some of you who post e-mail addresses in plain view. DON’T DO THIS. There are these nasty little mechanisms out there called spambots that spider through the web harvesting email addresses. This is how I suspect some of you may have received a recent spam attack. Use an online form that does NOT use an email address as a ‘hidden’ input variable. And if you must use an address, then use the patented Mean Dean Anti-Spam Email Obfuscator.

Still on the web server, turn on various tools your hosting company offers – but do read the manual first. Also, when creating email addresses, make the “real” POP email account something hard to guess or automatically generate with a dictionary program. For example shep822@ … for your pastor. Then use an alias, or forwarding email address to give out to the public. Such as Pastor@.. or Bob@… It is very easy to change the direction of these aliases, kill them off and/or create new ones once these become spam saturated. Moreover, if/when a staff member leaves, the real address stays with you.

Now here is an area that gets some Christians mad, counter measures. You don’t see this when you visit Redland Baptist, but I’ve booby-trapped some of the pages with what are known as spam chaff generators. Essentially they toss out a bunch of non-existent email addresses and a never ending queue of links to similar pages. If the spammer uses them, then he floods himself with a bunch of rejections. Better yet, if his program is designed to spider through links, my program causes the spider to recurse itself into ethernet. If nothing else, his list is now contaminated list so it’s more difficult to sell. Expect such a mechanism up on blogs4God soon.
I also seed some non-chaffed pages with some addresses designed to get spammers in trouble. abuse@[127.0.0.1] being one of my favorites. Basically, this is a boomerang – as the address in the blocks causes the message to be sent to the spammer’s system, not mine. Unless he has a dedicated server … whoops! You should have seen the irate email some guy sent my pastor after stepping on this one. Of course, my reply and defense was, “the only way you can see and use that address is with a harvesting program …” no reply to date. My pastor is pretty cool about such things. Your mileage may vary. *
WARNING * Check first with both your church, and your local authorities before deploying counter measures.
WARNING 2 * Chaff generators will also snag search engines. Unless you know how to keep them safe using robot.txt and .htaccess, don’t do this!
** UPDATE (22-aug-02) ** - read my article “hot naked under-aged teen sex” before you consider taking such actions (don’t worry mom, it is p0rn free).

Also, put a strongly worded message up on your site that copyrights your data, and indicates that information on your site is NOT for commercial use, nor use for spam, etc. I’m not a lawyer, but I know a website of someone who is who can explain it a lot better than I.

Ok, now turning towards ourselves. I have a set of hotmail and yahoo email addresses I use for registrations. Nothing gets you spammed faster than registrations. I notice many of you signed up for blogs4God using such addresses. Good going! Also, tell some of your more rabid church friends to keep you off their “distributions.” You know, these are the well-intentioned individuals who send you the infamous “FCC Bans Religious Broadcasting” legend or various prayer chains under the auspice of doing ‘His’ work. spammers harvest these lists – and quite frankly, these messages do little or nothing to change things – talk being cheap and all.

Learn how to use the “rules” tools on your email client, such as Outlook Express or Eudora. Remember SpamAssassin? It marks up the subject line, so I can easily identify incoming spam, which my rules tools sees and throws into the trash as soon at it arrives. You can also use it to block certain people or subject lines.

Learn how to extract the message headers/source. If you do this, then you can use tools such SpamCop to complain. That said, never, ever, NEVER reply directly to a spammer. This merely indicates to them that they have a valid email address. The nice thing about a tool like SpamCop is that it also gives you opportunity to complain upstream. This is very useful if you get spammed from a dedicated server, like the one spam I mentioned at the beginning of this article. BTW, if you’re going to use the “free version” SpamCop, make sure you use one of those throw-away email addresses I talked about.

Finally, if you really need to know who’s bugging you, use tools like SamSpade.org. I use a combination of both his online and offline tools. Yes, I do get spammed, but not that often and when I do I make them pay dearly. Usually they go onto easier marks.

On a personal note, spam from Christians is inexcusable. Those who do are advertising on the backs of the people they burden. They consume bandwidth and disk space from people that they are not entitled or invited to consume. Meaning, they’re not only being a pain, but they are stealing. And while I have grace and forgiveness towards all, it doesn’t mean you can continue to abuse me and my systems. That my friends would be a dysfunctional disservice that would enable the errant to sin again.

If you’ve been around church for any length of time, you know what I mean by that.

4 Comments

  1. I was inspired by your email obfuscator, so I wrote a similar bit of PHP code that people can use (especially when pulling addresses out of a database as in a directory application).

    http://www.zend.com/codex.php?id=975&single=1

  2. Very encouraging words, Dean. I, too, often get negative feedback from the brethren on counter-measures, but what should we expect from a bunch of milk-fed sucklings? They have not the stomach for this fight.

    I believe that there is only one thing that will stop spam: making the endeavour so expensive that it become unattractive to these slimeballs. Legislation won’t do it; here in Delaware we have in place an anti-spam law. You just have to spend a bunch of cash in order to defend against it in court, and such laws, as they are written now, won’t be any resort for users.

    Recently at work I blocked an entire range of IP addresses (mostly Korea and China). I informed the pointy-haired people that people living in those countries may have difficulty contacting us ;-) They had no problem with that because we don’t do business there, but I think once law-abiding SE Asian users get outraged enough, things may change.

  3. Hmmmm. I get it! I get it! This is definative. So this is what you were trying to say in your emails when I was setting up Bene Diction Blogs On!. Gee. Why didn’t you just say so! Blog oN!

  4. subject: Domain Now Links To You

    Dear webmasters,

    I have visited your site http://www.healyourchurchwebsite.com and I think that content like
    Anyone who’s visited this site with any frequency already knows my deep loathing for spam. So imagine my grousing when I heard some of the great people listed on blogs4God got spammed by a similar list. This was soon outdone by an audible growl when I began receiving e-mail from members asking if this message was from b4G or if we had resold the list.
    could be of interest to the visitors of our website.

    So I have already placed a link to your site along with a description at
    http://www.smashspamnow.com/r/index.php?search=Heal+your+church+website+
    If you want the description of your site modified or if you have any other cross-promotion
    ideas, let me know.

    I would appreciate if you placed a link back to my site:

    http://www.smashspamnow.com/r/index.html

    Tips on how to get rid of the annoyances of email spam.

    http://www.smashspamnow.com/r/user.php

    Awaiting reply
    Warm regards,

    Dee Robinet

    smash spam now

    http://www.smashspamnow.com/r/index.htmltutis13@tutisbpo.com
    802, Sterling Center, City: Baroda , GUJ

    NOTE: This e-mail is only a request mail to link back to us for mutual benefits. Please do let us
    know once you have linked back to us. This is not a Spam.