Simple but not always great

The easiest tack to take is to just create an email link. But that can open the door to an awful lot of unwanted spammy attention. If you’re going to use a simple mailto link on your site, at least consider mangling it a bit so it’s not so easily spotted.

Contact forms can carry extra weight

A secure form (be sure your web developer creates one that can’t be easily hijacked) has two key benefits:

• It keeps your email address securely hidden from the casual (and possibly nefarious) browser
• It can be configured to ask an array of targeted questions that can give you a jump-start in communicating with your prospective clients

What’s a poor form to do?

The down side of forms is that the same autobots that haunt blog comments will inevitably find their way to your contact form. Forget that fact that one person in a thousand will ever click on their nonsensical emanations; those odds sound good to them. So there’s a few options.

• You can have your form programmed to discard any posts with links. Of course, if your target audience might need to communicate this it’s not so helpful.
• You can employ some variety of CAPTCHA wherein someone wanting to communicate with you must type in a word or two before the form can be submitted. Not so onerous, but consider your demographic and if their sophistication/online-experience level might be atypically low (or their impatience level might be especially high).

Back to basics

Discarding forms altogether, you can write out your email address like “john at company dot com”. Again, you need to weigh the sophistication of your audience (will they understand?) as well as the potential annoyance (will they bother to type out the email themselves)?

Full circle

There’s no purely “right answer” here and the sand (and trends) are always shifting. Take a moment to re-read my article on how to reduce spam to see if it gives you any ideas. Some good spam filter software (or a catch-all Google Mail address) might solve some issues.

In the end you’ll need to consider your needs and your audience’s needs and reach an accommodation that strikes a happy balance.

Three times someone wrote to me — people that I know in two cases, the 3rd was a local small business I patronize — and they addressed the email to or cc to from 13 to about 88 people.

I have my own friends, plus I tweet

That email was important. And you were so thoughtful so as to include me — albeit so very visibly — in your group of people you really care about. But I don’t know them. And now they can see my own email address, out there all naked and unhidden. I know that since I like you I’d probably like your friends — but maybe not.

And I do have plenty of friends. And I use Twitter and other social media all the time. I know how to socialize. So even though I’m sure they’re all great, don’t give my email address away like that. Please?

Maybe you’ve heard of these malware and spybot computer things?

I know that you keep your computer up to date with patches and anti-virals and all the other de-germing stuff you have to do with PCs. Damn hackers and script kiddies. But maybe some of your friends are not so careful? And maybe you just slapped my email address right into the middle of your cousin Andy’s machine (he’s the one who has to call you about how to print out screenshots, remember?) and I just know he’s probably got a zillion keytrackers and address-book harvesters running rampant. So, let’s just not do that again, okay?

You’ve got to protect your own reputation, too

I mean, web servers start seeing you sending out those mass emails, gives them pause, right? They know that that’s what the bad folks do, sending out emails to 20 or 50 or 100 people. So maybe they look a little harder at what you’re up to. And maybe they put you on a list of people that could be a little “iffy”. You don’t want to even go there.

Next time: stop, check, think before you press “send”

This is what I’d love you to do. It’s not a big hassle, really. And it would make it even more obvious what a smart person you are. And you are, of course, since you’re my friend.

• If you’re sending out notices regularly, and you’re a business, check into a service that will make sure you do it right, and professionally. I love MailChimp. They have great online tools, helps, and tracking for feedback. (You don’t want to guess about these things.) Other options are Emma and ConstantContact.
• Kind of chatty? Think about a blog. That way I can subscribe to you and you don’t even have to worry about telling me when you have your next great idea or need to pass along that newsflash.

Otherwise, this is it:

• Become friends with the BCC field in your email program. Put me and all your other BFFs in the BCC field. (Stands for “blind carbon copy” — crazy antiquated term, but it works.) And in the TO field, put your own email address.

Now you’re emailing everyone the right way. And because you’re my friend, I want the best for you.

I am concerned with the security of your information — the really touchy stuff, like login information and passwords and credit card data.

So please do not send that to me in an email. Emails are not considered secure. All sorts of nefarious folks can scan them (if they wish) while they’re en route from your email program to mine.

Instead, do one of these three easy, much safer things

• Send me a letter by post. If time is not an issue, or if you’re returning your hosting sign-up form, this works fine.
• Write the information in a Word or TextEdit or Notepad document (in a nice big font size). Use some easy screenshot software to take a picture of the information and save it as a JPG or GIF or PNG and email me the graphic.
• If we’ve set up a shared DropBox folder, tuck it in there.

These are some things that are really bad ideas:

• Use your pet’s or family members’ names or nicknames.
• Use a word in the dictionary.
• Use less than 8 characters.
• Use anything that makes sense as you look at it.
• Use only one or two passwords for everything.

These are much better ideas:

• Use a combination of upper and lower case letters and numbers and even some other characters.
• Use more than 8 characters.
• Change your passwords regularly.
• Hide any reminders in a safe, secure place and share critical information with your executor.

How are you handling your passwords now? Think of all the decisions that could be made by others should access fall into the wrong hands. Never be too friendly when your safety and identity and security are at risk.

Password generator

#1 — Who am I?

Look in the mirror. That’s you. Now look at your web site. Consistent? Does your site reflect your style, your essence? Or were you trying too hard to copy others so what is unique about you got lost in the process?

You know how you get a first impression when you meet someone and shake their hand? What vibe does someone get when they’re first viewing your site? How does it (you) present itself? Are you genuine?

#2 — Who am I talking to?

Think about someone you always listen to. They speak, and they have your ear. Do those that visit your site feel that way? Do they feel confident in your authority in your field of speciality? The days of “build a web site and they will come” passed with the old millennium. Choices abound. Do I know the people I want to speak to — do I have them clearly in mind — and does my site express that I understand?

#3 — Have I put up barriers?

Is my site sending subtle messages? Were you dragged into putting up a site so it’s the bare minimum and your visitors feel the cold shoulder? Did you try to do the site yourself so you don’t understand why people (on other types of computers) are getting error messages? Are the interactive areas of your site giving cues and feedback to help people? Does your site hide information or make it a puzzle to get from Point A to Point B?

#4 — Am I stale?

Picture a movie theatre that always plays “Jaws” (the original, of course; the sequels were horrible). Great movie. But how many times can a person see the same thing? Ticket sales would be pretty sad. Why would you do that to your website? Are you planning on never having repeat visitors? So why do they want to see the same thing each time? What are you doing to keep your site content from being old and stale?

And if you’ve got an established site, check out if your visual presentation and user interface (ack, sorry, techy term) and even the back end programming are holding you back from giving your visitors the right idea about you or your organization.

#5 — Where am I going?

Where do I expect to be in 1 year, 3 years, 5 years? My web site is a part of the body of my organization, a tool in my toolbelt, a key element. Have I asked myself how I can best utilize its strengths to help me get there — things I can implement now? And do I have a flexible structure that will allow me to integrate and expand where I see and/or want growth?

These are things I asked myself the first part of this year. It was (and continues to be) a useful exercise. I hope you find it helpful as well. And please let me know if I can be of any assistance.

First, I want to distinguish what I mean by “spam” as opposed to “another annoying email.” If you have an account at Macy’s or buy from Amazon.com or got some software from XYZDevelopers, and you checked (or didn’t uncheck) a box at some point that said “it’s okay to send me your newsletter and/or important news blasts,” that is not spam. All responsible emailers from responsible businesses have an “unsubscribe” link in their messages. Use it.

What to do if you’re getting it

So now we’re left with the cheap jewelry and the personal enhancers and wildly frisky people longing to meet you. Clearly spam. In this case the rule is quite different: never never never click “unsubscribe” in any of these emails. If you do, you’ve just done them a favor by confirming that there’s a real live pair of eyes at the other end and your email address will be even more deluged.

Mac people: If you’re using Apple Mail, consider turning off the “Display remote images..” setting in Viewing preferences. (Or choose a similar setting in whatever email you use.) And check into SpamSieve, which is a brilliant software. Simple, focused, almost entirely self-monitoring, and to-the-point.

How to avoid getting spam in the first place

The A number one bit of advice is never never never never put your email on your website. Have your web developer install a contact form. If you must display your email, have your web developer encode or otherwise obfuscate your email address. I would wager that about 100% of the spam received is received by people who put their bare naked email address on the web. Spambots are waiting to pounce.

I know this from personal experience because I’d adhered carefully to best practices with one of my email addresses but unbeknownst to me, it was put in a PDF that was posted to a web site (a business group I belonged to), and from there on out the jig was up.

Get a general-contact email address from GoogleMail

There are a lot of times when you need to sign up for a forum or a service and you’re not quite sure of their privacy rules. For example, I have an email I use for my accounting activities, and one or more of the services I’ve used decided to spread the joy by selling or sharing that email address. I’ve learned from that and now use a free Google Mail address for all sign-ups, registrations, services, etc. Not only do I have tons of space (very easily searchable, as you might expect from Google), but their email has very accurate spam-spotting algorithms and so I never have to have any of that download to my computer.

Infected friends

The recommendations above cover a lot of ground, but recognize that sometimes it’s out of your hands. You could have a friend or colleague with an infected PC and by virtue of being in their address book, your email address became compromised. The best thing you can do is to encourage your friends and associates to keep their patches and virus protection up to date (if they’re on Windows OS, especially) and to follow the simple recommendations listed above.

Spam is here to stay but there are ways to get above it!

I recommend it for all clients who use Internet Explorer as a safer substitute or alternative browser.

I strongly recommend Dotster. They are not the cheapest (sometimes you get what you pay for), but they have a clear web site, a good frequent questions area, and are responsive whenever I’ve contacted them for personal assistance. They also have an excellent reminder service and that is worth everything to me. If your registration expires your domain name is gone and all the work on your site (search engine listings, advertisement, email, etc.) is down the drain. I also have heard good things about GoDaddy and would expect you’d be happy with them as a second choice.

Now let’s get down to the nitty-gritty: the settings.

Name servers

If your site is hosted with CFDS, we will provide you a pair of name servers to enter at your domain registrar. It will look something like this:
ns1.cflinnxxxxx.com
ns2.cflinnxxxxx.com

If you are handling your own hosting, you’ll need to contact your host or look through their frequent questions area to determine which (typically 2 or 3) servers they want you to designate.

If you are using Dotster as your registrar, select your domain name and under “Name Servers” look for “Update Name Servers” and enter the information on that page. If you are using another registrar, search their help area to find where you should enter this information. Search for “name servers” or “domain name servers” or “DNS.”

Contact information

There are four categories of contact information for a domain. It is drop-dead important that this information be kept up to date and be correct. There are ICANN requirements that demand accuracy, but even more important from a practical point of view, you need to be able to be contacted for reminders and other time-sensitive domain name registration business.

• Owner. This is the person who is viewed by the registrar as having the right to make decisions about the domain name. This must be you.
• Administrative. This should be you as well.
• Billing. This should be you or can be a designee who handles your payments.
• Technical. This could be you, or it could be your web developer, or it could be your host.

Please note that all four items of contact information are public information (ie: they will come up in any WHOIS search on the Internet). It is strongly suggested that you not indicate your home address or home phone number or personal email address. Use a PO Box. Use an email address (perhaps a Googlemail, Yahoo, etc.) address that you regularly check but which can sift through the spam you will get from having a published email address online. Do note, though, that most registrars will offer to “shield” either all of your information or portions of it (ie: email) for a small yearly add-on fee. This is recommended.

If we initially helped you with your domain name purchase and later transferred the domain(s) to your own account at Dotster or another registrar, please update your Contact Information to reflect your own name, address, etc. CFDS cannot be responsible for updating your account information to which we have no access. Please do this at your first opportunity.

This was driven home as I watched this news broadcast (in English) from DW-TV [YouTube]. It’s only five minutes long and well worth the time. You’ll be introduced to a Romanian internet criminal who was sent to prison by a grossly undermanned police force for scamming people in western Europe and the US who thought they were buying BMWs for a fifth the usual price via eBay.

And here on the “cutting edge,” a report (BBC) that baddies are promising a naughty file via their Twitter account. The most common bogus, malware, and/or spam links are those that are appealing to the pocketbook or the libido. What’s the common lesson? We’ve heard it a hundred times and it’s still valid: If something looks too good to be true, it probably is.

So what are a few other smart things to keep in mind?

• Especially if you’re on a Windows OS computer, use protection. Most mentioned by the Windows users I know: ZoneAlarm and AVG.
• Set up an account on your computer that’s not rated as an administrative account and run your day-to-day operations it. This holds true for both Windows and Mac users. That way you won’t “accidentally” install something you shouldn’t while busy with a dozen daily tasks.
• Reduce your median annoyance level, do yourself a favor, and get some good spam protection. On a Mac, I recommend SpamSieve.
• Whatever you do, if (when) you get spam, don’t click on the “remove me” link. (I’m not talking about a legitimate emailing here — like if you signed up for Macy’s or Outdoor Life emailings and now you’re tired of them. I’m talking about real spam.) If you click that link, your request goes nowhere, but you’ve just done the spammers a huge favor by telling them that they reached a real live person. Guess what. You’re going to get a lot more spam now.