Daily Archive 28 February 2021

AvatarByJames Golding

SPAM: The Final Frontier

In a previous instalment, we looked at the different types of SPAM that your website could fall victim to, from comment SPAM to email SPAM and everything in between. We even covered different ways of helping to prevent it, which included using Google ReCAPTCHA on your contact forms and installing an anti-SPAM plugin. Now, whilst those are very useful tools, you may find yourself in the situation where you are still receiving SPAM emails. That’s obviously something you’ll want to avoid, which is why in this blog, we will look at some key ways to identify these SPAM emails (if you’re not too familiar), why you’re still receiving them and what you can do to prevent them.

How to identify SPAM emails

You may find that some of these emails are automatically caught by your email client and are either added straight to the Junk folder or are at least marked as SPAM. This often doesn’t happen, so it is important to know what to look for, to prevent you from accidentally replaying to these emails, or clicking on any links they contain. Take a look at this email below that I received.

Example of an unsolicited SPAM email, advertising app design services

Here are quite a few things wrong with this email, which will give you an important indication that the email is SPAM and should be deleted quickly.

#1: The email is entirely unsolicited

SPAM emails will always be sent out of the blue. Essentially, you never asked for them, but you got them anyway. I’m not actually sure I could imagine a credible scenario where someone would ask to be spammed. They usually advertise services or products, of which you have no interest. In this case, the spammer is advertising app design services, but it could just as easily be web design services, guest blogging, sunglasses or anything in between.

#2: The email is not addressed to you, or anyone else you know

Here, you can see the email is addressed generically and doesn’t use yours or your business’ name. In this example, the emailer just says ‘hi’ to start with.

#3: There are (multiple) naming discrepancies

In the image, you can see there are discrepancies with the supposed name of the sender and the email address. In this case, the sender is supposedly called ‘Jason Wells’, but the email address has the name ‘Andrew Loniem’ and the name that appears in the sender area is ‘Lisa Wloch’, none of which are consistent.

#4: The email address is personal

You can see that the sender’s email address isn’t a company-branded one. In this case, as is often the case, it appears to be a personal email address. When you’re advertising your services as a business, claiming you have done lots of apps for people, wouldn’t you want to have a branded, traceable email address, to show off to potential clients?

#5: The company or brand information is absent

There is no mention in the email text of the sender’s company or brand name. A reputable agency, as they claim to be, would want to advertise this to potential clients, who could then go and take a look at their portfolio and testimonials etc.

#6: The email isn’t well written

Anyone who knows branding and marketing knows that first impressions are extremely important. If this email is the first contact you have with that company, they should want it to be perfectly written, to give off a good first impression. Here, the grammar, punctuation and spelling are all exceptionally poor. Now, people of course do have different standards when it comes to grammar, so this isn’t necessarily an indicator of SPAM. In addition, if English isn’t the person’s first language, you can make an exception. However, if a company is advertising their amazing services (in this case app design services) then you would expect to see a good command of the language. If not, you can rightly assume that their product, if they even do have a product, is of low quality and is riddled with errors.

#7: (Lots of) clickable links in the email

Now, this example doesn’t have clickable links, which is a positive thing. However, you will often see many of these in an email. These unsolicited emails tend to include them, in the hope that people will click on the links. In the best case, these links are just there to direct more traffic to the sender’s websites. In the worst case, these links would cause malware to be downloaded, or the user’s details to be stolen. The more genuine emails wouldn’t send you any links unless they knew you were open to receiving them.

You may find that an email you receive has all of these. You may find that it only has one or two. The main message is, don’t interact with them. If you’re not sure, it is best to just get rid of the email. It’s better to be safe than sorry. Now, let’s take a look at why you are receiving these emails, even after you have installed anti-SPAM services.

Why are they still getting through?

Any sophisticated anti-SPAM software will be able to block SPAM information being sent through a contact form, SPAM comments on blog posts, non-human visitors to your website and more. However, SPAM attacks are constantly evolving and you may be finding that despite your best efforts, you are still receiving these unsolicited emails. If you are, there’s a key reason why.

There’s an all-too-common practice called ‘email address harvesting’, which is essentially where harvesting bots (special pieces of software) scan websites, looking for email addresses present on websites. Once they’re found, they are extracted (harvested) and stored in various lists. Spammers can then purchase these lists in order to send everyone on the list their SPAM emails. That’s one of the reasons why these emails often are addressed generically, since the spammer only has your email address.

Now, it is possible that your email address has been extracted from an account you signed up for, although this isn’t anything you can sort. It would be down to the security of the website you’re subscribed to. However, more often than not, you’ve innocently put your email address on your contact page, in your website’s footer, or even in a header bar. This is fantastic for user friendliness, since some people would prefer to send you an email directly, rather than using your contact form. It is unfortunately most likely to be the reason why you are receiving SPAM emails.

There could, of course, be other reasons why you are receiving these emails, such as posting your email address on forums, online articles, or anything in between, although this is a very common reason, linked to your own website. Let’s now take a look at how you can stop it from happening.

How can I do more to prevent SPAM emails through my website?

As we have seen, you could be receiving SPAM emails due to email harvesting. When you post your email address on a website, it could easily happen. The best way to ensure this doesn’t happen is to effectively mask your email address. Now, I know what you may be thinking – you don’t want to do this, since you need your visitors to actually see your email address, so they can get in touch with you. Well, don’t worry. Masking your emails doesn’t mean making them invisible, or illegible to the human eye. It is actually to do with the website code, but not the visual result.

The easiest way to mask your email addresses, if you’re using WordPress, is through an email encoder plugin. Once installed and activated, this plugin would do the rest, without you having to lift a finger. A few of the best ones are:

These plugins do something very simple. They look through all of your web pages for any email links and then mask them from any email harvester. Take a look at the examples below, to get an idea of how they work.

Email address before and after being encoded on a website, to prevent email SPAM

The first example is what your email address will look like inside a website’s code, if you have made it clickable and it is not encoded. When you click on a ‘mailto’ link, it essentially just opens up the default email programme you’re using. This makes it an easy target for any email harvester.

The second example is what your email address looks like, once it has been encoded. Whilst the email link is still perfectly usable, as it was before, the ‘mailto’ link is no longer there. That means your email address cannot be harvested like it used to, successfully closing off another avenue to you falling victim to email SPAM. Of course, different plugins will work slightly differently, but the outcome is the same.

The upshot

We know that there are many reasons why you might fall victim to SPAM. One of those is through the email address(es) you have on your website, to help your visitors to get in touch with you, which means your emails could be harvested and sold to spammers.

You need to prevent this from happening. Of course, the simplest way would be to not post your email addresses on your website. You could also add your email addresses to your website as images. However, you shouldn’t do that. It is terrible for the user experience, since people want to be able to click on an email link, or at least copy it. They can do neither when you have an image there instead.

That’s why you should use an email encoder plugin, to mask the email addresses you have on your website, to prevent them being harvested and sold to spammers. The examples provided in this blog work on the WordPress platform. Although different website platforms work slightly differently, they should all have similar same functionality. Of course, there’s nothing to stop a human visiting your website, clicking on an email link and sending you an unsolicited email. However, in conjunction with an anti-SPAM plugin, you’re now giving yourself the best chance of preventing SPAM.

How will Digital Lychee help you?

At Digital Lychee, I make sure that all my clients have the perfect website for their needs. Whether you are looking for a brand new website or just help upgrading your current website, I will help you create a great-looking, functional and ultimately secure website, that prevents as much SPAM as is possible. If you are interested in my services, or you want to find out more about my blog, I would love to hear from you. You can get in touch with me here.