Pointers I: Email gotchas

This is your Web space to serve the members of your interest group or division. There are things you can do in your Web site that can impact the lives of your members. Other things you do can affect the lives of others who share space on the AEJMC Division Network server. This document addresses some issues with e-mail.

Spam bots thank you

You want to give members of your group easy access to your officers. Good idea. So you provide a list of officers in your site. Great. And then with each officer's name, title and affiliation, you provide an e-mail hotlink so that all people have to do is click, and an e-mail to the officer in question is started. Convenient.

It's convenient not only for your members but also for the "bots" used by the spam masters of the world. These software programs have one purpose in life. They scour pages on the World Wide Web looking for any readable e-mail address. When they find one – either in the page that humans see or the markup code underneath – they harvest the address and add it to whatever database(s) they serve. These databases of e-mail addresses then may be sold to would-be spammers.

So instead of presenting an officer's e-mail address as "officer@myschool.edu" some people have presented e-mail addresses like this: "officer at myschool.edu" or "officer(at)myschool.edu." While these are steps in the right direction, you should be able to see that the people who program these bots to look for "@" can just as easily program them to look for " at " or "(at)" or any number of variations.

The solution is to just not list e-mail addreses in a static Web page. Either protect them in a database, or sanitize all communications through a secure server-side e-mail form. Gramps can help.

Spam hackers thank you

So you used a form that you created. And it uses server-side scripting that you got out of a "how-to" book. Problem. The people that program the spam-bots are much smarter than those books. Unless you take measures to secure your mail form, they can use your mail form to send out spam from your server. The end result at aejmc.net is that the aejmc.net domain gets blacklisted as a spammer, and everyone in the network pays for it. If you want to use a mail form, ask Gramps to help.

Or you use FrontPage. Be aware that FrontPage places little files on the server as a short cut so that FrontPage can quickly and easily publish your Web site edits. These little files represent a security risk that could give hackers access to the entire aejmc.net site. With that access, they can place their own mail scripts on your server and send spam from your address. If you use FrontPage, please be sure that you have automatic updates turned on so that the program you use is kept current.

• Home
• Members only
• Services
• FAQs
• Pointers
• Contact Gramps

March 16, 2010