Now, spam is not just a pain in the proverbial processor – it’s a real live and kicking threat. Apart from having to constantly clean up the garbage, one careless click could introduce your network to Locky ransomware or something just as bad. With spam as a business-for-hire being used to distribute malware, in these times it is vital to get it under control.
Spam has actually declined since 2014 from 71% to 54% at the close of last year (according to statistica.com). Though it has become more dangerous: Trojan-Spy.HTML.Fraud.gen is the malware most widely sent by ‘mail. Spam comes from every direction, though figures from securelist.com show that the top generators of garbage are the U.S, closely followed by Vietnam and China take third position. Canada are lucky that only 1.2% is pointed their way. The top three targets: Germany receives 18.4%; Brazil 11% and Russia has a 7.5% share.
Scraping the bottom of the barrel
E-mail gets a place on a spam list as a result of website scraping. If an address can be seen, then it will probably end on one of these directories. Scraping tools work at such a phenomenal speed, they can search thousands of sites per minute. These tools are legal, even though they constitute a breach of privacy. Here’s an example of scrapeware as described by the developer:
“ScrapeJerks has a powerful multi-threaded email scraper which can harvest email addresses from webpages, it also has proxy support so each request is randomly assigned a proxy from from your list to keep your identity hidden or prevent sites blocking your by IP address due to too many queries“.
The malvertising goes on to say that the scraper can even be used on Facebook… so now the problem is becoming clearer.
Work from home
The Email Grabber application has a multi-thread functionality, so it can operate on a number of connections, and is enabled on a powerful commercial server – or a plain ol’ home connection. Spamming for the people! If your looking for URLs to trawl for addresses, then use one of thirty search engines including Google and Yahoo. It will also log internal/external links and search sitemaps. The levels of links to be scraped can also specified – links of links of links and ad infinitum – if this is carried to the nth degree – eventually, a spammer would scrape their own address – unless they were protected…
Are you exposed?
Instances of exposed addresses by doing a ‘site search with the prefix, ‘mailto’ then the webpage. The convenience of creating an e-mail link on sites such as WordPress is also the most convenient (manual) way for hackers to scrape addresses – simply type ‘mailto’ in the link box. By clicking the created link, user e-mail clients are shown and an e-mail is addressed and ready to fill with malware.
How to keep an address from scrapers and spam lists:
The long way
The first and most simple is to spell your address in full on site – for example email@example.com would be joe(at)gmail(dot)com. This works against scrapers, though it isn’t too convenient and can be prone to error.
Using Contact forms
Contact forms can hide addresses from spambots using Captcha code. This can also incorporate the option to have a copy of the message generated for the sender’s records (‘mailed back to them). If your website has a Contact page where there are many ‘mailto’ links that point at the URL’s address, it is worth tracing these and changing the links to the Contact page -this is easily done with a tool like Search and Replace:
For example, you use the tool to search for ‘mailto:firstname.lastname@example.org’ and replace it with ‘http://yoururl.com/contact/’. When this is done and ‘mailto’ is clicked on, users will be redirected to the Contact page and the scrapers will not detect the address.
The Obfuscate Email plugin
If you have many e-mail links on a Contact page that are ‘mailto’ linked, these are at risk from scraping. In this case, there are plugins that will obfuscate these links with code. An easy-to-use tool is Obfuscate Email which has full instructions. This replaces all addresses with scrambled text on the end, retaining a functional link while evading the scrapers.
Protect your e-mail now, before it’s scraped and arrives on a dark list!