|
Printer
Friendly
Local Government Webmasters Meeting Presentations
Fighting Spam, Spambots and Spyware
Table of Contents
Methods for combating spam and spambots
Francois Caen, Webmaster, city of Lakewood (open discussion)
Francois Caen demonstrated a system for filtering email before it arrived in the email boxes of recipients. Having set up a proxy server on a Linux machine, arriving email is now processed by the MailScanner application that checks for viruses and checks the email against a Spam Assassin database of recognized spammers. Once the email passes these checks it is sent back out of the proxy server and inside the firewall of the LAN. Then it is sent through the internal email server (Exchange, Groupwise, etc.) where it is stored and where end users can connect to in order to check their email. You may view a graphic that details this process. Francois gave the following details about this process:
- We started by running RedHat Linux on an old P-II
- This Linux distribution included sendmail
- The middleware that adds filtering to sendmail is MailScanner
- Read the documentation to see which anti-virus it supports. We went with F-Prot
- Mailscanner also calls SpamAssassin for the spam scoring and tagging.
- If you require more help with this setup, don't hesitate to contact me.
Getting rid of Spyware
Quinn Robinson, Municipal Research & Services Center
A number of conference attendees spoke about their efforts to fight what is commonly referred to as "spyware". There were two programs that were mentioned by conference attendees that have been helpful
These programs are designed to help remove spyware that has already been installed, either through security holes in the web browser or as a "piggyback program" during the install of another legitimate program. But it is always better to prevent these types of programs from being installed in the first place. Limiting end user software installation rights is a good idea, as many malicious programs require administrator or power user rights to install themselves fully. Also, please read carefully the disclaimers and instructions for the above programs and use them at your own risk.
Three methods for protecting email addresses
Quinn Robinson, Municipal Research & Services Center
There are many programs that have been created that crawl the web in search of email addresses. Generally referred to as email address harvesters, these programs capture email addresses on Web pages and add them to their records. Some use these email addresses to send unsolicited email to the recipients. This leads to more spam in our inboxes. We can prevent this from happening in the first place by carefully protecting our email addresses on our public Web pages. In this guide, written by Quinn Robinson of Municipal Research and Services Center, we'll discuss three ways of hiding our email addresses. In addition to this, we'll be doing a test between now and the next meeting to see how effective these methods are. We'll report on the results of the test at the next meeting. Here are the methods.
Method One: HTML Encoding of E-mail Addresses
One method of obscuring your email address is to encode the ASCII text characters of your email address into code that will be rendered by the browser. This is a method to use if you wish to be able to click on an email address and have it open in a browser. Here is one email address generated like this:
ns1@mrsc.org
The HTML code for this email address and hyperlink is the following:
To encode your own email address in this format, please visit the following page. Scroll down to the bottom of the page, paste in your email address and hit "Encode". Your encoded email address will appear in the box. Then cut and paste this output into the code of an HTML page:
- Encode your email address
If you don't want to go to the trouble of encoding all of the email addresses on your site, you can do a search for all of the "@" symbols on your site and replace them with "@", which is the , which is "@". Also, you can replace instances of the word "mailto" on your site with ""
Method Two: Using HTML Comments to Hinder Harvesters
A second method for doing this involves using HTML comments to add additional information within an email address to make it harder to harvest off of a Web page. Unfortunately, using this method will not allow you to make the email address clickable. But it is easier to add to your site:
ns2@mrsc.org
The HTML code for this method is the following:
One note on this. You need to remove the hyperlink from all email addresses if you choose to use this method.
Method Three: Using JavaScript to Render E-mail Addresses
The last method we'll look at is a simple JavaScript that makes it harder for a spambot to read and harvest email addresses. There are more complicated JavaScript tools that use a combination of this approach and other approaches we have discussed above. But this will give you an example of the mechanics behind this approach. This email address should be correctly rendered by JavaScript enabled browsers:
The JavaScript code for this method is the following:
Summary
Prevention is always easier than repair. The methods and tools we have discussed will help you reduce spam in the inboxes of your organization. They will also help stop the spread of spyware and limit the effectiveness of email harvesting programs. We'll report on the results of our email address test at the next meeting.
|
