Posts Tagged ‘Combat Spam’

Use Your Gmail Account to Filter Spam

Thursday, July 7th, 2016

Less Spam with GreylistingI have had a gmail account setup for a number of years, but really haven’t been getting much use out it since I prefer to use my personal email based on my own domain name, which is of course registered and hosted with register4less.com.  The one thing gmail does actually do quite well is filter spam with a low rate of filtering out valid email.  There are a number of reasons I recommend to use an email address based on your own domain, including branding, portability, tie-in with your website, but that’s not the focus of this post.

Gmail allows you to forward incoming messages to your gmail address to any other external address, and this is what allows you to flow your email to gmail and back to your domain based email address for filtering.  Here are the steps:

Setup on Gmail:

  • If you don’t have a gmail account, go to their website and create a free account
  • Log into your gmail account, and go to Settings page, and then to the Forwarding and Pop tab.
  • In the Forwarding option, set gmail to forward all email to your domain based email address, and keep a copy in inbox on your gmail account.

Setup on R4L:

In this example, I will use the example email address johndoe@gmail.com and john@doe.com (both not real addresses, so please don’t email them).  My apologies if Mr. Doe receives additional email as a result of this post 🙂

  • Log into your account on Register4Less.com and go to the cPanel (Paid Hosting > Manage Advanced Hosting) where you normally manage your email accounts.
  • Click on Email Filters, and then your email address (john@doe.com in this example)
  • Click the blue Create Filter button
  • Give the filter a name (gmail filtering)
  • Under rules, choose Any Header and does not contain
  • In the box below, enter in the text X-Forwarded For: followed by your gmail address and then your domain based address.   In our example, that would be  X-Forwarded For: johndoe@gmail.com john@doe.com .
  • Under Actions, choose Redirect to Email, and in the text box below enter in your gmail address.  Again in our example, you would enter in johndoe@gmail.com .
  • Click the blue Save button

That is the entire setup.  Your email will now forward to gmail (spam included), be filtered, and then forwarded back.  The filter in your R4L account checks to see if the email was forwarded from your gmail account, and only if it finds that the email did not come from there will it forward to gmail.

You may know that Register4Less.com automatically backs up all of our hosting accounts on a daily basis for one week, and on a weekly basis for four weeks.  Setting up this forward will also create an additional backup for you, as all of the email that is forwarded to your gmail account will stay in the inbox there as well.

Please give this a try and let us know how it works for you.

How to Create a SPAM Filter

Tuesday, March 15th, 2016

Less Spam with GreylistingAhh, spam. Nobody likes spam. As a hosting provider, we really don’t like spam. But there are steps you can take to help protect your inbox from spammers. That’s why we have specific tools available to you in the cPanel interface to deal with spam. Some of these like BoxTrapper we’ve written about before.

SpamAssassin

Preloaded into the cPanel dashboard, SpamAssassin is an open-source tool built to filter and classify emails while blocking spam. Through a combination of subject line and body text analysis, Bayesian filtering, and DNS blacklists, SpamAssassin drastically limits and can  prevent spam from touching your inbox.

Creating a Spam Filter

In the Mail section of your cPanel account, choose Apache SpamAssassin. By default, Apache SpamAssassin is enabled.

Now you’re ready to set up email filters and specify how powerfully you’d like SpamAssassin to gate and vet incoming messages.

First, head to the “Email” section, navigate to “Global Filters,” and select “Create New Filter.”

Then, select “Spam Bar” from the first menu in the “Rules” section and then choose “Contains”from the second menu in that same section.

In that field, enter a spam score using a series of (+++++) symbols, with 5 being an adequate number for an individual user.  Lower numbers here mean a more aggressive spam filter.  Select “Deliver to folder” from the “Actions” section and enter the name of the folder (usually Junk or Spam) to which you would like to direct spam.  We don’t recommend deleting spam with this particular filter

Finally, click “Create” to activate the spam filter and, voila, your first filter is set up! (Be sure to check to occasionally check this folder to ensure items that are NOT spam aren’t being flagged.)

If you are getting spam that has specific patterns in the subject, from or to address or other part of the header, you can filter against these patterns as well.

Keeping Spam off your WordPress site/blog

Tuesday, February 9th, 2016

Less Spam with GreylistingThis is part 1 of a 2 part post.

If you’re hosting a WordPress site/blog, chances are, you’re going to have to deal with spam comments being posted to your site.  WordPress is the most popular CMS (Content Management System) environment in use by developers, with over 25% of websites globally now running WordPress.  While it’s undeniably a powerful and flexible platform with which to build your site, it’s also the number 1 targeted platform for spammers.

Can’t I Just Ignore Spam?

Some people new to hosting sites will leave spam comments on their websites, thinking the appearance of comments & ping backs will look like their website is getting increased traffic and interest.  Reasons you don’t want to do this include:

  • Bad links will hurt your search engine placement.  Google and other search engines are cracking down on bad links.  If your site is linking to known unrepeatable sources, you will likely see your SEO rankings decline.
  • Spam on your website tells your visitors you’re not paying attention to your website.  Generally visitors to  your site will see spam comments for what they are.  This essentially tells your site visitors that you’re not keeping up with the management of your site’s content.
  • Spam will slow down your website.  Spam creates unnecessary additional content for your website to load, and can grow quite quickly if not managed.  This will add time for every page to load on your website, and encourages visitors to abandon the page load and go elsewhere.
  • Most Spam comments and trackbacks contain links.  More bad news for your site’s visitors.  Many of these links go back to virus/malware, which if followed, could lead to your visitor’s computer becoming infected, and possibly their computer/email account becoming compromised.

Now that you understand why it’s important to keep up maintenance of your website and keep comments & ping backs free from spam, let’s look at some approaches to help you accomplish this.

Automatically Filter Spam Using an Anti-Spam Plugin

By default, the anti-spam filter Akismet is installed and waiting for you to activate it.  To do so, simply log into your WordPress dashboard, click on Plugins, and activate for Akismet.  You will need to register with them to get the plugin running.  Akismet will trap spam and notify you by email when new comments are awaiting moderation.

Regularly Check and Approve/Decline Comments

A continuation of the first point, Akismet will trap comments posted to your site, and allow you to Approve, Trash, or mark comments as Spam.  Letting Akismet know a comment is spam also will help train its filter.  No spam filter is perfect, so sometimes Akismet will place a legitimate comment or pingback into the spam folder.  You should not just delete everything thats been tagged as spam, but go through to make sure legitimate comments get approved.

Disable Comments After a Period of Time

If you’re writing posts to your site, consider disabling comments to the posts after real comment traffic has settled down.  What this period will be will depend on your site and how active comments are given a post you’ve put up.

More coming next week.

We’ll post part two of this next week.  Until then….

Why Whois Privacy Matters

Monday, January 11th, 2016

Privacy button. White enter key and white keyboard.

Would you post your full address, email & phone number on your facebook wall?  Of course not.  So why would anyone want that information readily available in your domain’s Whois record?

When a domain name is registered, we are required by ICANN’s policy to collect personal/company contact information for the domain. This consists of the owner’s first & last name, company name (if applicable), postal address, email address, phone number and optional fax number. Without Whois privacy, this information would immediately be published in the domain’s Whois record.  The Whois database is an important part of the structure of how domains are registered, but more often than not, they are scanned using computer programs to put together a database of email addresses to be used by marketers, to send spammers, scammers, even identity thieves.

Without Whois privacy, a domain’s Whois record will look like (of course, not actual contact information):

ExampleDomain.com
John Doe, Doe’s Widget Company Inc.
123 Maplewood Drive, Los Angeles, CA, USA
+1.3105551234

With Whois privacy enabled, this same domain would appear:

ExampleDomain.com
Register4Less Privacy Advocate, 3501256 Canada Inc.
5802 Bob Bullock C1 Unit 328C-195, Laredo, TX, USA
+1.5143941150

Why not just have fake contact info?

Some will ask, why not just provide fake information with the domain registration?  There are a number of reasons why that’s not a good idea.

  1. Legally, all domain name owners are bound by the registration agreement between you and your domain’s registrar.  ICANN mandates that this registration agreement must include the clause that you will maintain accurate and up to date contact information for your domain.  Under the registration agreement, if you do not keep your information complete and updated, your domain is subject to suspension.
  2. With the update 2013 Registrar Registry Agreement, ICANN is now requiring registrars to confirm the email address of the domain owner.  When a domain is registered or a domain is updated with an email address that’s not already confirmed, we send an email out to that address for confirmation.  If the email bounces or is not replied to, we are required to suspend the domain.
  3. The contact information you maintain on account with us is what we use to send you reminders for your domain registration or hosting renewal.  If the address is not working, you’ll miss the reminders and may forget to renew your domain.  That can cause downtime, and the potential for a redemption renewal (much more costly due to higher fees from the registry, or worse, loss of the domain.  If that happens and a domain speculator picks it up, you’re at their mercy to buy the domain back.

Protect Your Identity

Identity theft is a crime that is on the rise.  The best way to not have your personal contact information taken is not to make publicly available.  When you register a new domain, choose to have Whois privacy enabled when you submit your order.

Avoid Unwanted Solicitations

Spammers regularly query the Whois servers of domain registrars in order to build a database of working email addresses.  If your domain is not private, you can expect to receive emails with offers to buy your domain, to congratulate you that you’ve been awarded a $15 Million, life and health insurance offers, etc.  You should also ensure never to put your email address in plain text in a website.

Upgrade Now for Free

Register4Less was one of the first registration providers to introduce Whois privacy back in 2002.  At that time, a number of registrars were sending mail to domain owners with what looked confusingly like an invoice for the renewal of their domains (at rates 3 times higher than our fees).  A number of domain owners were tricked by these solicitations, and sent off their payment to these companies.  While we helped customers cancel these transfers and get their money back, we knew we needed to come up with something to help prevent this abuse.

The Whois privacy service we developed has always been provided free of charge to our customers.  We fully intend to keep this service free of charge for our customers.  It’s part of what makes us the non-evil domain registration and web hosting company!

Your Whois Privacy May Be in Jeopardy

Thursday, June 25th, 2015

Whois PrivacyRegister4Less.com has been providing free Whois Privacy service to our customers since the we first introduced this service back in 2002.  We were one of the first domain name registration providers to introduce Whois Privacy.  We are one of the few domain name registrars who still provide this essential service at no additional cost to our customers.

MikeandtheSuspects.com (full disclosure, I am the drummer for the band), for example, is a domain name registered with us and is using our free Whois Privacy service.  If you look up the record for the registrant of the domain, you will see:

Registrant Name: Register4Less Privacy Advocate
Registrant Organization: 3501256 Canada, Inc.
Registrant Street: 5802 Bob Bullock C1 Unit 328C-195   
Registrant City: Laredo
Registrant State/Province: Texas
Registrant Postal Code: 78041-8813
Registrant Country: US
Registrant Phone: +1.5143941150
Registrant Email: admin@privacyadvocate.org

(more…)

Using BoxTrapper to Fight Spam

Wednesday, May 7th, 2014

Less Spam with GreylistingIf you’re an R4L customer using one of our combined web and email hosting packages, BoxTrapper is an aggressive spam filtering service that can help defeat spammers.

How it Works

When we receive new email for your account from an address you have not whitelisted, BoxTrapper will hold the email in a pending list.  For the email to make it to your inbox, one of two things needs to happen:

  1. The sender confirms they are a human sending email and not a spam bot.  This is done via an email that is sent back to the sender with a link to a page on your website to confirm.
  2. You review your list of “trapped” mail, select the email and click the option to Whitelist and Deliver.

(more…)

Whois Privacy and Why It Matters.

Friday, May 2nd, 2014

Every registered domain name has a Whois record which will contain contact for the registrant (owner), administrator, billing and technical contact.  For each of these contact positions (they can be the same), the Whois record will contain:

  • individual’s first and last name
  • organization’s name
  • postal address
  • phone number and optional fax number
  • email address

Additionally, the Whois record will contact contact information for the domain’s registrar, and the domain’s creation date, expiry date, name server names and IP addresses, the domain’s status and the date the record was last updated.

(more…)