including domain name


Tips on Minimizing Spam Email

(and we can help you more at


The Sending & Receiving of Spam

We all hate spam. Here's how to minimize it:

  1. Protect your address: Stop/minimize your email address from getting in spam address list databases in the first place
  2. Filter these pesky emails when you do receive them. New: "Postini" is available
  3. Appendix: Migration strategy for new/virgin email address: Get-Well Steps if your email has already gotten "published"


Spam happens because someone/computers get your email address. The primary sources of email addresses are:

  • Putting your email address on web pages as live text (there are various ways to try to hide this, yet let humans see your address). Spam harvesters these days even parse the English word "AT" and then look for a plausible username and domain name, as in
                        username [at]
    It's of no consequence for the spam harvesters to guess wrong - it's just one more wrong address out of millions that are rejected (at no cost).  SherwoodPhoto web design has several ways that we can help spam-cloak your email address yet still make it functional.

    Pros & Cons of Email Address Listing Techniques
    on web pages
    "Live text" (clickable or not!) Convenient for humans
    to see & click
    Not live text, not clickable Protected,
    but not click-convenient (but read on...)
    Clickable (whether cloaked or not) Only convenient/useful for installed-applications;
    clickables aggravate people with web-based email applications because clicking brings up an uninitialized default mail application

  • (a.k.a. "dictionary" addresses): Spam senders fabricate common account name combinations of email addresses based on examples like: info, sales, orders, webmaster, office, help, etc. (not to mention common names: Joe, Jose, Mary, Maria, etc.) Thus even if you do not have a mailbox with one of those names (e.g.,, spam senders will still find your domain name and then add all sorts of names like this as well as common first names (hoping to hit a real mailbox). It does not "cost" spam senders anything to send millions and millions of attempts. [Note: in the text descriptions 3 lines above, a live text email address was used (and will surely be harvested)— but we don't care because we intentionally don't use that address!]

        Make sure you have your "default" mail address forwarding disabled
        (set it to :fail: No such use here (or something similar))
        Disabling will reject all "random" guesses for mailbox names for your domain name.

  • Posting newsgroup/discussion/bulletin board/chatroom notes where your email address is accessible for anyone to see and harvesters to capture.
  • Forwarding jokes, political info, etc. to distribution lists (your email address is listed along with many others when these are forwarded around) [Solution: use BCC (blind-carbon-copy) so the distribution lists are not displayed; ask the receiver to erase your address if they forward your message further]  Although this may affect virus propagation more than spam, it's still an important preventative measure since there are silent viruses that scan your email folders for addresses and transmit them back to someone's spam-central for collection.
  • A sure-fire way of getting your address on spam lists is to sign up for "free" search engine registration. It's free because most likely they sell unsuspecting email submitters' email addresses to spam lists.
  • Unfortunately, the domain registry database is getting harvested more and more for the email address of all listed in the registry WHOIS record. ICANN claims this is illegal, but what can anyone do?!  Registrars now offer "private" registrations which hide all personal information for your WHOIS domain name entry, however these are unnecessarily expensive. SherwoodHosting can recommend easier ways that are free.
  • Authoring tools such as Dreamweaver, Contribute, and others may inadvertently include your email address in logistical/history/lock files that are uploaded to your site. Use a robots.txt file to instruct search engines not to catalogue these directories. Fortunately we've not heard of any harvesters that proactively look for these file types unless they are catalogued and listed in search engines.
    file placed in your top-level www directory, a sample
    User-agent: *
    Disallow: /Library/
    Disallow: /images/
    Disallow: /_notes/

You have to be vigilant to minimize "leakage" of all of the above sources. And the remedy strategy is different for each.

First off, try google-searching for your email address ""
See who has listed your address on their web pages and ask them to remove it, or point to your web site's Contact Us page where you should have it appropriately "protected" (cloaked).

We are avoiding telling you specific technical details, because these techniques are our specialties that we offer with our web design services.

Tip: If you must give out your email address, use a throw-away(changeable) address. A throw-away (expendable) address is one that you can use temporarily and then delete it and use another. It would be different from your main mail address. For instance, if your name is Bob and your main address was, then create bob1 that forwards to, then after using it (or a few weeks later), delete bob1 forwarder and create bob2. Some credit card companies provide one-time-use-only credit card numbers for internet purchasing usage—it charges that purchase to your account but the credit card number (that for one usage "connected" to your account) cannot be used again, although your main account is still in tact.

2.  FILTERING SPAM once you're on their lists

Warning: There is risk with any spam email filter that you will prevent a legitimate email from reaching you:

  • Your filter is too pessimistic to label a message as spam (perhaps it has a URL or picture in it) when ithe message is not spam but an important customer email;
  • a permission-based system (also called "challenge" like earthlink's or TMDA or we offer SpamBT Boxtrapper) - (a) we strongly discourage usage of BT due to the trouble it can get you into (YOU being reported as a spammer because your automated email replies respond to various unintended recipients)- (b) it requires your potential customer to actively respond even when they thought their email to you would have gone through.


Categories of Methods for Filtering Spam:

  • Server-side methods:
    • Filters (and there are lots of them) based on blacklists, keywords, or other criteria that try to discern spam.
      Now Available: Postini filter
      Please inquire. $2.50/month and well worth it
    • Challenge methods where an email is sent to the sender if not recognized/pre-approved by you, and the sender acknowledges that s/he is a human-- NOT recommended - we will be disallowing this tool soon
    • Queue method- server queues messages from strangers and sends you an email that a message is waiting from person x
    • (Combinations/hybrids of the above)
  • Client-side methods (on your computer):
    • Similar to the above three methods, but these would be installed on your own computer, and you have to download all the spam into a holding area where a program evaluates it and then if it's okay it "sends" it along to your mail reader. So this prevents you the human from seeing them and wasting your time, but does not prevent your computer and network connection from dealing with them. A downside is that when you are reading mail away from your computer (where the anti-spam software is installed), the filtering mechanism is not present.

Your account includes free (built-in) features called Boxtrapper and "Spam Assassin."  

  • Boxtrapper is a server-side tool that challenges that the sender is a human. This will be discontinued in the near future.
  • Spam Assassin is a server-side spam-flagging tool (marks the subject line) that works together with a filtering feature in Outlook (or your equivalent mail-reader application), you can automatically delete spam email and not have it appear in your INBOX.   Spam Assassin is a two-step method. Like all filters, this is not perfect. In addition, we offer BoxTrapper technology, although it may not be right for you.
    Spam Assassin can also move suspected spam directly into its "spam box" (an inbox for spam) on the server for you to peruse as you like.

In reality the Spam Assassin feature is a marking (tagging) mechanism in our mail server that, when enabled, adds a line of text in the email body for spam email it finds. (Some options had added a phrase in the Subject Line.)

1. First go to your Cpanel> Mail Menu> Spam Assassin> Enable Spam Assassin
(Click here to see screen shot)
(Also note from this page you can fine-tune the algorithm's weightings and other parameters; if you just want the standard settings, then ONLY click on the Enable Spam Assassin button.)

After you set up your SpamAssassin settings above, go to
Cpanel> Mail> E-mailFiltering> AddFilter
choose "SpamAssassin Spam Header", "begins with", and then enter "Yes" in the box,
followed by Activate. Always test sending yourself mail for messages that fail and those that are not supposed to. This method should not fill up your email box while you're on vacation.

In Outlook, you can set up a "rule" to delete messages that include the body text
"Spam detection software"
by going to Outlook> Tools> Rules Wizard> New>
Start creating a Rule from a template
Move messages based on content
Specific words
> Spam detection software (etc.)

There are hundreds of customizations that you can do to fine tune this to suit your needs. An important point: Identifying spam email is not 100% accurate all the time—you may find that 1 in 100 messages are incorrectly earmarked.  So, we recommend that if you use your Outlook rule to remove these messages, have it move the message to a folder so that you can retrieve the message if a false accusation for spam is made. An example of a mistaken spam identification like this would be if you were to create a rule to move all messages with the word "Viagra" in the body of the message to the deleted message folder. Then if someone you know is sending you an email that has a URL link in it and a picture in the message body itself, and mentions Viagra, then that message may be moved to the deleted message folder without your even seeing it. This is easy to modify because Outlook provides an exclusion list feature where you can exclude the rule from being applied to messages from people in your address book, or on a separate list. But having a way to find a message at a later date may be quite important. That is why it's always best to have the Outlook Rule to move the spam email it "finds" to a labeled (separate) spam folder, so that in the case that a real message inadvertently got placed there, you can retrieve it.

We unfortunately cannot support application of these features, but hope that the above information lets you be aware of features that are available to you to try.

3.  Appendix:  
     Steps to take if your email address has already gotten out

Okay, so unfortunately you're at the point of reading this page after your email address has been poisoned.  It's too late to follow the tips listed above for your current mailbox.  Here's a get-well plan for creating a new mailbox (Yes this will be painful to have everyone change their pointers to you) and then switching everything/everybody over. It's a few steps, but they aren't too bad. They all involve simple clicks in the MAIL portion (first icon) of your Cpanel.

  1. Create a new mailbox - Pick a name, perhaps similar (JohnD instead of John) (capitalization is irrelevant, it just helps humans parse(read) the name)
  2. Create a Forwarder from old to new - At this point, change your mail reader to read only the new emailbox. Because of this new forwarder, you'll be getting mail addressed to both addresses (for a while).
  3. Announce and post the new address - Send to your friends & colleagues your new address, and ask them to help protect (see next bullet) your new address.
  4. BE VIGILANT IN PROTECTING YOUR NEW ADDRESS - Re-read the Protection Tips. Then re-read them again and memorize! You don't want to have to go thru this again! Especially in forums, newsgroups, dating systems, etc., use an expendable email address that forwards to your new address (then you can change/delete that expendable address if it starts receiving spam — visit the message header to see how the message got forwarded).
  5. Create an Autoresponder for the old - Do this after a few days to give people a chance to change of their own accord based on your notification.  Be kind and tell people still sending to your old address that you have a new address.  We've never heard of a spam system "reading" replies and taking note of a change of address. (Spam systems receive millions of noise replies (bad address, out of office, etc.), and they're not going to waste time finding 1 or 2 address corrections, when it has billions more addresses left to send.)

    -OR- Use your account's SET DEFAULT ADDRESS to respond with a failure but display the new address also, example:

       :fail:   to contact sherwoodhosting please address emails to
  6. Change old Forwarder to point to :BLACKHOLE: - After a sufficient time (a few weeks?), no longer receive email from the old address — those messages go unread from this point on. The AutoResponder will inform people to RESEND the email.
  7. Delete old mailbox and associated forwarder/responder - After a much longer time, completely delete the old mailbox. Since this is no longer bothering you (nor accumulating messages anywhere), it's still polite to those who haven't written in a year to tell them you've moved. Especially if you're a business, you don't want to lose a returning client. If the old mailbox was a "standard" address like "sales" or "info" (or your first name) you may still want to leave the responder as a courtesy — it's no cost to you to leave it.
  8. Comfort your new mailbox in its loneliness from spam! - You'll now be wondering: "Is the server working? I haven't gotten email all morning!"  Sip your tea in the new calmness.

©2008 Sherwood Hosting LLC



©2011 SherwoodHosting LLC