HostMonster Web Hosting Help
Spam Prevention
Spam is an ongoing issue that costs businesses and individuals billions of dollars worth of lost time and resources. Spam includes unsolicited commercial email (UCE) and other unwanted bulk emails.
In this article, we cover:
- How do I prevent spam?
- How do I stop the spam?
- How did they get my email address?
- But I only gave my email address to HostMonster
How do I prevent spam?
There is no way to totally prevent spam, but here are some things you can do to reduce the likelihood of spammers getting your email address:
- Be careful who you give your email address to. This includes websites and anyone you might email.
- Make sure your computer and computers on your network are virus and malware free.
- Make sure your website is free of malware and security vulnerabilities. If you are using a third party script or code on your site, this usually means running the latest secure version.
- Use secure passwords for your email and hosting account to prevent hackers from guessing and logging in.
- If your friends are sending you emails sent to a large recipient list, request that they use BCC instead of TO or CC, so that other recipients cannot see your email address. Or request they stop including you, if you do not want to receive it.
- Don't list your email address on your website or anywhere the public can access it.
How do I stop the spam?
Unfortunately once spammers figure out your email address, it is hard to prevent them from sending you spam. However, there are many options for filtering your email to reduce the spam that reaches your inbox.
HostMonster has tools like Spam Assassin and SpamExperts to help assist your filtering our spam. Many email clients, such as Outlook, have additional spam filtering built in.
How did they get my email address?
Unfortunately there are many ways spammers can harvest (or find out about) your email address(es) and then send spam to you.
Here are some of the ways they can get your email address without you giving it to them directly:
- If you are not utilizing WHOIS Privacy Protection then spammers can harvest your WHOIS contact information.
- Your computer could have a virus or malware on it that records keystrokes (i.e. everything you type) or sniffs packets (i.e. reads everything going over your internet connection). They would be able to obtain your email addresses, passwords and other confidential information this way.
- Another computer or workstation on your network or workgroup could have a virus or malware that collects email addresses and other information passing through the network.
- A script on your website could have a security vulnerability that allows a hacker to access information on your hosting account, including your email addresses.
- Since emails are relayed from server to server until they reach their destination, one of the servers your email passed through could have packet sniffing software installed, which would allow someone to collect email addresses and any information passing through the server. Emails are typically relayed through several companies' servers before arriving at its destination, similar to how physical postal mail would be relayed between more than one mail carrier until it reached you.
- Your Internet Server Provider (ISP) could be gathering emails and selling them. Unlikely at reputable ISPs, but it has been known to occur.
- You have an easy to guess email address. Some spammers simply try to guess valid email addresses (by prefixing common names and common addresses to your domain name). Some spammers have a huge database of prefixes and domain names they will try, including not-so-common names.
- A hacker could have guessed or obtained hosting control panel login information, and retrieved your email addresses that way.
Additionally, spammers can find out your email address other ways:
- You provided your email address to a website (such as when you signed up or commented on a post), and they gave your email address to spammers (intentionally or unintentionally). Their website could also have been hacked through a security exploit..
- You signed up for a mailing list and forgot you signed up.
- You signed up for a mailing list and they gave your email address (intentionally or unintentionally) to spammers.
- You sent an email to someone, and they forwarded it to someone else who harvested your email.
- Someone sent you an email also addressed to other recipients, and they used TO or CC instead of BCC, making your email address visible to anyone who received the email (or who was forwarded the emailed thereafter). Any of the recipients could have made your email available to spammers.
- You used your email on a discussion list that reveals your email address to other users. Any of the other users could have harvested your email address.
- Your email address is on your business card (or posted elsewhere people can find), and someone decided to add you to their mailing list without your permission.
And these are just some of the ways a spammer could get your email address.
But I only gave my email address to HostMonster
We value our customer's security and privacy and we hate spam as much as you do.
Beyond the moral stand we have against spam, we also have a financial incentive to reduce spam on our network, since spam takes up resources that cost money, such as bandwidth, disk space and security administrators' time. The more spam passing through our system, the higher our costs. From a business standpoint, doing anything that increases spam makes no sense.
Even though you only gave your email address to HostMonster and we do not disclose email addresses, spammers could still use methods 1 through 7 listed above to get your email address, all of which are out of our control.