Spoofing and Bombarding Bounces: Protecting Your Email Address

Oh, isn’t THAT charming?!?! Someone spoofed my email address. In under two minutes, I had 127 bounced deliveries arrive in my inbox. All apparently originating from my own account, but they didn’t come from me. And, judging from some of the headers, they never would (I don’t make THOSE kinds of offers to people I know, much less a few hundred strangers, nor do I sell products to improve their … ahem… private — errrr, “activities” … but I digress).

I live by email. My business depends on it. I’m also a person that freaks if I have more than 25 emails in my inbox at any time, and more than three at any moment that aren’t sorted and/or handled properly.

The sheer volume of that delivery put my machine on its little knees. It was begging for mercy and refusing to let me run other programs, unless I wanted them to run at the speed of a tiny ant, crossing a sea of warm honey.

First of all, I’ll like to thank the jerk that collected my address, sales@wicked word craft.com, that was listed on a few domains I have for sale on the web. Obviously, since I’ve spelled it out here (with spaces) it’s no longer being used anywhere else. I get to go and change all those references now.

Thanks. Thanks bunches.

Second, I’d like to explain why I recommend that my clients handle their online email addresses carefully — other than the obvious reason listed above.

And third, I’ll tell you how to protect your good name — your domain name, from being blacklisted should this happen to you.I recommend that my clients not use their primary email address on the web — it’s too easy to collect. I recommend that you use a forward to address and that you only use your primary address (the place where the web addresses forward) on printed materials that require personal contact. Like a business card. Basically, if the person has never met you in person, has never been handed one of your cards, or has never received a personal email from you — they don’t have that address.

If you must post your email online (like I have to do in my own line of business), do so in the form of a hard-to-OCR graphic. This means that the person visiting your site will have to type in the address, rather than click on it, but at least they can reach you and the spiders don’t collect you.

Many people use forms with anonymous (invisible) forwarding scripts for the same reason, but I find those to be a bit cold and impersonal. When I want to email someone I don’t want to fill out a form to do it. And, I usually won’t.

My business is a service business, so I make it as easy as I can for folks to contact me. I give them an 800 number and a valid (albeit not clickable) email address on my contact page. If you are in a service business, I recommend that you don’t use a form as the only method of contact, even if it does save your email address.

Also, using a graphic isn’t enough. If you use a standard font in a straight line, the OCR programs can still collect it. I put mine in a “witchy” font and then placed that on a curvy line, instead. So far, so good.

Now, with a primary (and protected) email address, you can go nuts with the forwards. Even the one on your website should be a forward to your “private” email address (the one you keep only on your business card). So, if it get snagged, you can go in and design a new graphic, add a new forwarder and your web visitors still get through, but the spam and the spoofers don’t.

If you use forwards creatively, you can even track the effectiveness of your marketing campaigns. For instance, if you use Toby@comesellwithus.com for your brochures and TKB@comesellwithus.com as your address on materials used during a convention, and your ‘protected address’ is TBrown@comesellwithus.com, then you can get all your email by setting up forwards on all aliases to go to TBrown@.

This means you can tell that 47 of your contacts in the last month emailed you as a result of your brochure, 94 were the result of the presentation you gave at the convention and 32 were from face-to-face contacts.

It’s a great way to monitor how you spend your marketing dollar, where and how you distribute your materials and which materials are more appealing.

Now, if you have the forwarders set up as I do, and your good name is threatened by unscrupulous spoofer/spammers – all you have to do is remove the forward from your account. If the forward doesn’t go to a live address, and if you have set your hosting account to refuse any incorrectly addressed emails on your domain, then you don’t end up with a blacklisted domain. The messages will bounce back as an “unknown” address.

I spoke with my own host about this this afternoon — just to be sure that removal of the forward was enough to keep my site off the blacklists as a result of today’s situation. It is.

Hope this helps!