Host: SiteGround  

Don's Free Guide To Spam Reduction
The full rundown. How to get rid of spam:

We can't figure out why people spend so much time and money attempting to get rid of spam, when the answer is so simple. We have used this system successfully since 2002, and we are running an on line internet business. Individuals will find it extremely simple to put into operation.

Special Note ***
Have a look at the newsgroup or news:alt.spam
I have been visiting there for years. You will see the same good guys in white hats, fighting some old, and many new bad guys in black hats. I don't understand most of the local techo lingo, and even the guys in white hats have many disagreements amongst themselves. 

But they do go about trying to make things better for genuine internet users, and I would never want to discourage them from doing so. Helping out anyone who asks in a civil fashion, reporting spam, and offering advise on spam reporting and prevention, however they seem to spend a fair percentage of their lives trying to combat spam. But, please keep up the good work guys. I could start to name you, but it would be very unfair if I missed anyone. 

You must start from the ground floor, and sweep with a clean broom:
To combat Spam today, you must have an Email system that is squeaky clean, and leave no cracks or crevices that Spam can crawl through. If it does, you need a means of blocking it very quickly.

You don't need to use filters.
You don't need to bounce email.
You don't need to sort or delete any email.
You don't need to use black and white lists.
You don't need to buy sophisticated software.
You don't need to block IP's, countries, or domains.
You don't need to have Challenge-Response systems.
You don't need to spend hours maintaining a spam-less inbox.
You don't need to mistakenly erase email from customers or friends.
You don't need to use any bandwidth, as all spam is rejected. (Read on)
You do need to use a little common sense, and be able take on some good advice.

The total cost of this spam prevention system annually, is the price of a web host ($59.40USD Hostgator), and a domain name at around $8.95USD. This can be for one individual user, or hundreds if you join into a group, or syndicate.

Do you own a domain? You don't have to, but it helps if you do.
You can reduce spam by 98% to 100%, no fees, no drama.

This is a simple low cost method of getting rid of most of the spam that is being delivered to email in-boxes today. Most of what we propose isn't new.

It is the combination of all of these rules that make the system successful, and we have been using this system since 2002.

1-Jan-2004 Ash Roll -  Hi Don :) Yep - thanks for the info on your web site - works a treat. I still have to change over my sales account at PayPal yet and organise all that side of things, but I've gone from 200+ SPAM a day to about 10 a week!
Domain name registration is cheap. Web hosts are cheap. Small groups of people should consider joining ranks and setting up these Spam prevention techniques. After all, 20 users could throw in $5USD each, and you could run your own domain for a year, and still have change. Elect a webmaster to manage your email addresses. OK, 20 of your closest friends may be a bit of a nightmare, how about 10 at $10USD each? That's very workable.

This tutorial was written with a business in mind, but the same rules apply for individuals.

The simplest way to stop spam and viruses is to keep your email address hidden from spammers, but not from contacts and associates.

Of course, you must have an email address in order to operate a web site, or be contactable by email. We protect the email addresses we give out, and we organize them in such a way that they can be altered without losing any business or personal contacts. On January 1st every year, the email addresses are updated so that any potential spam is dropped off.

Basic Requirements.
OK, How do we go about it?
Protecting your email addresses from spammers
Your ISP may be generating Spam on your behalf
Spam Through Yahoo Mailing List
Spam Through Paypal Email addresses
Spam Through Your Domain Registration Details.
Your Web Host Billing Email address.
The required PHP and HTML Code

Basic Requirements:

As you can get a suitable basic web host for $4.95USD per month, we would suggest that even private users take advantage of this. Isn't it worth it? is just one of many. This will provide you with the ability to run one domain.
And $7.95USD a month will give you an unlimited number of  domains.

You must also register at least one domain. Make it a US dot com domain, as these are cheap. From $8.88USD+

CPanel Tutorials

Example of typical email addresses and domains that can be registered for groups of people:

We were getting 200+ spams to our web based business every day. We would imagine it would be 2000+ today.

Did we mention Viruses? Get rid of the Spam and the Viruses vanish also.

As this spam reduction system limits the number of times our current email address appears in customers and friends address books, viruses will also be limited.

Before continuing, check your prospective service provider to make sure their domain isn't hosted by a spam friendly and thus widely blocked ISP.

OK, How do we go about it?
Web Host Requirements:
Our thanks to Alan Hackett of Perth West Australia for originally putting us onto the php page operation.

You must have a web host (Preferably with a CPanel interface.) that has:

Several email address forwarders.
An Auto-responder for each user.
Support PHP code. (Optional)
Set Up Your Email Addresses:
Set up only the email addresses that you wish to use for your business, or personal email system.
We use basically only two addresses for the main operation of our web site.
The "2009" is the current year, and is incremented every year.

Spammed Email Addresses:
Spammers will send email to any address that they feel will reach you.
This can be any address at your domain.
Use the CPanel "All-Unrouted-Mail-Reject" feature to reject all email sent to all non-used domain addresses.

Bouncing spam email is simply using up bandwidth, as spammers don't use their own email address, and you may well be bouncing these emails to genuine users.

You will no doubt have an old email address that is picking up most of the spam.
Let's call this
All email sent to is directed to which is an Auto-responder. This will send an email to the sender with a text message generated by you.

1-Jan-Each Year:
Make up your addresses, and get them working. Make sure your reply to address in your email program uses these new addresses. Delete all the old previous years (, so that they are no longer directed to

1-Feb Each Year:
Direct all the addresses to your spam bounce message from your auto-responder.
And bounce these addresses with your auto-responder for about a year until your friends/customers become familiar with your new email address, then delete them. This really means they will bounce for about 11 months, then vanish. Even when they vanish, the catch-all feature will save you losing any contacts. More on this later on.

And if many people are using this method, and the spammers eventually catch up, you simply change the rules :-)
change to:

You can add any special characters, such as: !#$%^&*
The sky is the limit, whatever you can think up.

Special Addresses for companies you deal with:
You may wish to use or similar, for those special domain registrations etc., that you don't wish to change the email address every year.

If you are on a yahoo group, it would pay to use say:
If it starts to generate spam, then you only need to worry about one address.
are some examples of what you may need to set up. If you get spam, then you can throw the year in after the name if you wish, or some other simple method of changing it. Get the idea?

This in principle is what is called Disposable Email Addresses, however in this case, you aren't asking third parties to have control of your Disposable Email Addresses, as you have full control, and you aren't paying extra for them.

Another nice feature with CPanel is the dual addressing feature. Example: can be directed to
and also can be directed to

We use this for our "Fax To Email" service to two different users.
That is, the fax is received, and sent to two email addresses.

Our Auto-responder text looks like this:

yourdomain spambounce Auto-responder

Has the year changed since you last contacted us?
Then the address will simply be out of date.
Please read "Year Increment" below:

Read: for a full explanation of
our email system.

The email address you attempted to post to has been removed, and replaced
with a new one, and your message has been ignored. 

This has been done to prevent Spam and Viruses, and takes place every 
12 months. We apologize for this inconvenience.

To contact us, simply click on
and send us a message.

Your message will be answered ASAP and you will be returned a valid working 
email address that you can contact us on in future.

This working email address will only be valid for a maximum of one year, 
as the year in 'yyyy' format, will be part of the email address.

We hope you can understand the need for us to go through this procedure, and 
allow our valued customers access to us without the need for spam filters
potentially deleting your valued message to us.

"Year Increment"
You can also calculate our address by simply incrementing 
it to the correct year, if you have our old email address.

Note **** If we get spam on any new address, we may add an additional 
character, or re-arrange characters during the year. In which case, you will 
need to send an email via our contact page to reach us.

Examples of the additional, or re-arranged characters:

Your Name       E-mail:    http://www.yourdomain/yourdomain.php
                           Home Page:

Protecting your email addresses from spammers:

So, we are now allowing only the email addresses through that we have selected.
All others get rejected, or bounced with an Auto-responder message.

The next trick is to tell only valid customers and associates what your email addresses are.
This is done with a little php code. This allows you to place your real forwarding email address on the web, and yet not display it to potential spammers.
This is done with what is called an email contact page.

If you examine email contact pages, you will see that the customer must first contact you via this page, then once he has made initial contact, and you respond, he/she will have your new email address.

This also prevents large email attachments from customers, without initial contact to you.

You can change the email address every year and get rid of any spammers that made it this far, and not lose your customer data base. Result is 95% to 100% reduction in spam.

We do have spammers actually filling out our email contact page, however I know when I see this, that they have reached the bottom of the barrel. If they generate scripts to do this task for them, you simply change the order of the information, so that an input will error. But not worth worrying about, we get about 1 every 3 months.

We had product review pages, and guestbooks, and have had to close these because of spammers.

Your ISP may be generating Spam on your behalf

We have been collecting spam from the same email address since 1995, and had to do something very aggressively about removing it.

If you have been running a business, you should know that your personal "real email address" should never be given out to anyone, as you should be using your domain email system.

If you are getting spam through your "real email address", then get your local ISP to change your account name. We have done this several times since 1995, however much of it has taken place because of moving to new ISPs as the internet has grown.

Never post a real email address to a newsgroup.
We use "look@my.sig" and in the the sig of our message, we place the web contact page details, so we are readily contactable with a click of the mouse.
If you use a program like Thunderbird, it allows for special email ID's when posting to newsgroups.

If you change your business email addresses every year to increment to the new year, and you change your local ISP account name if required, then spam should be down to a level that is very close to zero.

We found our Australian Optus ISP was actually generating a mountain of spam for us, as we were listed as: (our actual domain name)

We got our primary account name changed, used one of four secondary addresses as our new contact address, and have never got an email of any description directed to any of the other domains since doing so. ISP's seem to want to generate and charge for additional bandwidth.

Make sure you allow about a month overlap between 'yyyy' increments. The previous 'yyyy' can always be sent to your "spambounce" feature for a month, then it can be sent to "All-Unrouted-Mail-Reject" by simply deleting the email address from your valid email addresses after 12 months.

Spam Through Yahoo Mailing List:
We were moderating a yahoo group mailing list for our business. We found 10 to 20 spams everyday being posted to the group moderator. It's a no win situation. If you moderate your membership, and leave your moderator email address valid, you get spam.

If you block your moderator address, and allow anybody to join, everyone gets spam. We had to shut the group down. We now run it spam and ad free from our new web host at no additional charge. Sending support messages to Yahoo is about as useful as a milking bucket for a bull. Keep away from Yahoo Mailing lists if you can.

Spam Through Paypal Email Addresses:
You may also have to change your Paypal email accounts and get them squeaky clean also.
We no longer advertise an email address for Paypal Payments, and we had to use to link to our payment page.
Our current shopping cart doesn't even need this, as it has a direct link into Paypal for simple payment.

Spam Through Your Domain Registration Details.
Spammers are now going through these details to get your email address. We have several domains registered, however we have them all registered with the one company, so they all use a single email address.

We picked the domain we feel will always be there, our bread and butter domain, and used as the forwarding email address. We included the word spam in the hope that this may deter manual and automatic collection of data from using an address with spam in it, but there are no guarantees of course.

A big word of caution. If you use an address from one your domains, you must make sure that domain is always registered. We always extend the registation 12 months in advance, not when it is due. In fact, ours is registered 3 years in advance.

If this address is spammed, then it is a simple matter to change one address that you have full control over. Just add "yyyy", or whatever is easy. It doesn't matter, as long as you enable it in your email forwards, and disable the old one. Just don't let the domain expire, else you will never get admin email to tell you it has expired.

Some registration companies offer I.D. protection, so that your registration details are never seen, however as this protection costs more than the yearly registration, forget it. Just use the simple and effective system we have outlined above.

Your Web Host Billing Email address.
There should only ever be one single contact that has your real, local, email address, and that is your web host billing address and contact.

If there is a problem with billing, or your web site goes down, then you need a channel for them to contact you that doesn't rely on a registered domain. This email address should also be one that your local ISP can change if requested to do so for any reason.

Our local ISP has given us a primary, and 4 disposable secondary email addresses. Never give the primary email address to anyone, and if for any reason, a secondary starts to get spam, then you can drop it, and start with another.

The only contact that should have your local ISP email address is your Domain Web Host. If your domain fails for any reason, you may have to give out a local ISP email address in an emergency, but it should always be a disposable one anyway. So make sure you sign with a local company that has at least one disposable email address.

All comments and feed back very welcome.

Don McKenzie

Do you pay for bandwidth for the CPanel "All-Unrouted-Mail-Reject" feature?
Hostgator  use a Cpanel front end for their hosting accounts. When you get into the Default Address Maintenance Menu, it gives you provision to set the default address for any individual domain hosted by them.

You can enter :blackhole: to discard all incoming unrouted mail or :fail: no such address here to reject it.

From Tina Peters, Ex-Owner The user will not have to pay for non-routed email, because we will reject that email before it even gets to their account. Blackhole simply trashcans it. Fail causes it to actually reject back to the sender. Both are done before they ever reach your actual account.

And further to this, from DaveC Ex-Affordablehost Support: If you do use this, be sure to enter the keywords with the colon both at the beginning and at the end (eg :fail: ) Don't use They are now about the worst company on the web these days.

:fail: - causes our server to respond to a remote server trying to send mail to that address with a 5xx failure code and our server does not accept the message. Any text you enter after " :fail: " is placed on the same line. :fail: No such user here might be appropriate. A legitimate user trying to send mail there *should* get a bounce from his own ISP, usually (but not always) with the "550 no such user here" message included.

:blackhole: - causes our server to 'accept' the message from the remote server, and then just drop it on the floor. It does use some of *our* bandwidth (Im not sure if it counts against accounts bandwidth or not). No bounce message will be sent. This can be a dangerous setting, especially for the default/wildcard address, as someone sending legitimate email with a typoe-d address never gets notified that their mail didnt get thru.

The besy way of controlling the catch-all email feature:
:fail:no such address here. Contact us via

This returns the following message back to the user when there is no recipient listed:
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

reason: 550 no such address here. Contact us via

It uses no bandwidth to tell the sender that there is no valid email recipient at this domain, and you inform them how to easily contact us via a valid email address.

Try sending an email to an address at, but use any recipient name that you won't be using, and check the results.

Your email is rejected, and you are informed as to how to contact us by email, if you choose to do so. If your web host offers this feature, you don't even need an Auto-responder, however we have included it just in case your host can't handle this type of reject message.

You can also use: Catch-All to
You simply put the email address you wish to direct all email addresses that haven't beed defined to. If you make it, then you should get two emails returned to you. One to tell you there is no such user, and another from the auto-responder that gives you the contents of that responder, including your web contact page URL. Nifty huh?

PHP Code:
(HTML Code below is even  simpler)

I used to have it all mapped out on this page, but these days have found things a lot easier by using one of the many free email contact php script generators found on the web with google. It allows many variants that will suit your needs more readily.

You will find everything you need there.

Here is an example of how to generate a simple Contact Page using PHP code:

And the resulting page:

HTML Code:

This method is simpler than PHP code, uses HTML code and Javascript, however it will disclose your email address when the link is clicked. As only humans, not robots, will need to do the clicking, theechances of this email address joining the spam lists is very remote.

Final result will look like this:

For Further Information Please Email Me
and when you click on the Email Me link, your default email program will be launched with the email address ready to go.

Create the two files email.html and mailto.js as shown below:
user = "username2009";
site = "";
subject = "Your Domain Email Contact Page";
set these above three parameters to suit the email address, and subject  you wish to use.
Upload to your site and test.


For Further Information Please <script type="text/javascript" src="/mailto.js"></script>
user = "username2009";
site = "";
subject = "Your Domain Email Contact Page";
document.write('<a href=\"mailto:' + user + '@' + site + '?subject=' + subject + '\">');
document.write('Email Me'+'</a>');
See: for full details.