Beware social engineering

Be wary of certain types of sites (for instance greeting card sites etc.) - most require both your email address and the email address of the intended recipient.

This may sound like paranoia but the problem is on a less-than-reputable site you could have just handed over 2 good email addresses.

This is certainly not to say that all (or even many) sites are like this - but better to be wary that this can happen!

If you run a mailing list...

If you or your company run a mailing list on your web site - ensure you validate each signup.

This is a simple and secure process whereby each signup request is automatically sent a confirmation email - they then either reply to that email or click a web link to actually be subscribed to the list.

Far too many web sites will accept a signup just by putting an email address in the box and clicking 'go' - the problem is people can easily abuse email addresses by signing up other people's email addresses.

The problem for you (as mailing list owner) is that this will leave you much more open to people accusing you of sending spam because after all they never did ask to be signed up.

Use anti-spam software

There is a wide range of anti-spam software available and we hope to have time to review several packages soon!

These generally fall into:

1. Server based systems - usually installed by your ISP on their incoming mail servers.

2. Client based - these can either scan your mailbox trying to identify spam before you download it or download it and then use various methods to try and determine if it is spam or not.

These work by 'scoring' the incoming emails - certain words and phrases will score more negatively than others - but the idea is to set a threshold where messages scoring under this will be allowed through and others (hopefully spam) removed. They may also have the feature to whitelist or blacklist certain email addresses to improve their accuracy.

The problem with all anti-spam software solutions is that there will still be a proportion of spam that gets through but worse still some legitimate email caught as spam.

Some of the accuracy figures looks impressive at first sight but if a spam filter was 98% accurate - for every 100 messages received you could have either 2 spam messages getting through - or 2 legitimate emails being incorrectly identified as spam! For personal use this could be annoying but for a business receiving just 50 messages a day - you could potentially be losing 300+ customer emails per year.

To make matters worse some anti-spam solutions are rather heavy handed and will just delete mail detected as spam without the opportunity to check / retrieve messages.

One other problem with this is that spammers are now designing their emails to get through spam filters - often they quote short blocks of random passages from books. Plus they will often download popular server and client anti-spam software and run their messages through to try and ensure they score low enough to get through to as many people as possible!

Avoid generic email addresses

If you have your own domain name - avoid using:

• single name email addresses - i.e. firstname@your-domain-name.com
• generic email addresses - i.e. sales@your-domain-name.com, support@your-domain-name.com, webmaster@your-domain-name.com

Spammers frequently use dictionary attacks to try and 'guess' these addresses!

FTP sites

Many FTP sites allow anonymous logins - but historically it was courtesy to login with your email address. Obviously this data could easily be logged and re-used!

We would recommend you use either:

1. Enter an invalid email address - something like: me@anonym.ous

2. Use a secondary email address