No, this isn't part of a Monty Python skit. Everyone gets spam, right? Well, no, not everyone. Spam is probably the most invasive and annoying part of the internet. There are plenty of ways to combat it:
Choose an email address not easily guessed, info@ or sales@ are commonly spammed
Never give your email address to questionable sites – use a free email account instead
Enable SpamAssassin (cPanel users) and set a threshold to separate spam from real messages
Use a service like Gmail, and if you have a website with your custom domain name
Use SpamAssassin to filter out spam. It is not enabled by default, so you must elect to enable it. We suggest saving the spam in a spam box, and using a high value at first to prevent having good emails being sent to your spam box. Review your email headers to find the spam score, and adjust accordingly.
cPanel also includes BoxTrapper, which requires incoming email to be white-listed. If the email doesn't appear on the whilelist, it is not delivered until the sender confirms they are indeed a real person. The issue with this is that by replying to every unrecognized email, your website can look like it is spamming as often spam contains forged email addresses. As such, using BoxTrapper is discouraged.
The Mind of a Spammer
Spam laws have successfully put spammers in the US behind bars. One such example is Edward Davidson, who for roughly 5 years had been littering the world's inboxes with 'Penny Stock' spam. His story tells alot about his character, someone that ruthlessly made a profit by force-feeding our inboxes junk. This person thought only of himself, and in the end, he showed his true self-absorbed face. This spammer was so low that after being facing nearly a million dollars in fines managed to break out of jail and tragically murdered his wife and 3 year-old daughter before killing himself.
What We Do to Combat Spammers
It everyone's duty to take steps against those that continue to ignore the laws. We create unique email addresses for each contact. What this does is when spam comes in, we can look only to the email address that received it to know exactly who is responsible for sending the spam. This may be the result of a site being hacked that didn't properly protect sensative data, or is in the business of selling email address to spammers. In the event we receive spam this way, we report it here.
Do We Spam?
We take spam very seriously here, and keep all spam received so that we can refer to it if needed for legal action. We do not send spam and monitor closely the sites that we host to ensure they are not spamming as well. If you received an email claiming to be from howdymedia.com, you can view the message source to find the real IP address of the server that sent the email which often is overseas. Spammers often use legitimate websites to spoof with and in effect spammers can appear to send mail from any domain, even whitehouse.gov.
Wall of Shame: Those That Spammed Us
Tiger Direct - TigerDirect.com
We used a new unique email address to place an order and within days after placing the order, spam began flooding in. The email address was only used to purchase from TigerDirect.com and never had any email or spam come in before. When Tiger Direct was confronted, the spam stopped coming in to that address. TigerDirect.com was responsible for spamming as they could both start and stop the flow of spam to an email address that never existed prior to the purchase on their site. This implies that TigerDirect.com must have been involved in their own shadow spamming operation.
Adobe - Adobe.com
In this case, Adobe had been hacked and due to not properly protecting sensitive information, 38 million records were stolen. To their defense, they had released a notice about the breach by emailing each user as well as posting about it on their site. We had two unique email addresses with Adobe, and both began getting flooded with spam in late 2013.
Time Warner Cable
Our email address provided for a business class account began getting spammed 2/3/2013, leading us to believe TWC was hacked and did not store sensitive data securely. No notice was given to the public concerning a security breach.
Elance / Upwork
Elance itself doesn't spam and they have since removed the feature to list contact information which lead to spam. Elance had provided developers, such as H.O.W.D.Y. Media, a way to list their contact information voluntarily on profiles. We listed a unique email address specific for incoming Elance requests and some Elance users scraped the email addresses from the site and began spamming.
Again, Elance wasn't spamming, but when this was an issue, they didn't protect the email addresses and displayed them in plain text. The following list details the spamming websites along with the email addresses that they used:
Silly Indians, don't they know that "flog" means to beat? Like "the mistress flogged the slave"?
From: guru moor email@example.com
Reply-to: guru moor firstname.lastname@example.org
Sender: guru moor email@example.com
These asses enter your business information in to their database and send you an email stating that "you have just been added as an assistant on DoMyStuff.com". This is a sad attempt to get you to use their website, and surely not received well by most. The only positive point is that only one email was received to date.
from: "DoMyStuff Team" firstname.lastname@example.org
Once again, an invite to join a new website, most likely linked to "guru moor" of MyDailyFlog.
This company was listed in an unsubscription link in a spam we received. Being smart, rather than unsubscribe with a real email address, we used a unique one that never was used before. By "unsubscribing" from their spam list, it instead put this never before emailed email address on another spamming list. We have actively been receiving emails to this address since "unsubscribing".
Zap Bang Done
This company has uses Mailworkz to send out spam. We never had any contact with this company and have received at least 5 emails starting on 9/22/2008.
Security: Has your website been hacked?
Hackers are costly. They damage your business reputation, inconvenience your users, and steal sensitive information.
Smart ones cover their tracks and hide files on your server to keep access. You may think you have gotten rid of the problem, but you keep getting hacked.
Some steal your page rank and display links that only Google can see.