Your Email

1. Take the “Boulder Pledge”: that you will never do business with any company that sends you unsolicited email.
2. Never respond to spam in any way or click on any links in spam messages; this includes “opting out”.  Never forward chain letters, petitions, “virus warnings”, etc.
3. Don’t create email addresses for yourself that use just a common first or last name or a dictionary word (john@domain.com, for example); spammers have are increasingly using “dictionary” attacks in which they, for example, send mail to domains using a huge number of different common first names as the email address, and then make note of the ones that don’t get rejected and target them for future spam (jdoe@domain.com would therefore be much safer).
4. Don’t use your main email address as your contact address when you register domain names.  Domain registration information is publicly available, and spammers “harvest” the registration database for email addresses.  Instead, use an address that you setup only for that one purpose.  (Careful, though—your registrar will sometimes send you important information at that address, so it needs to be a permanent address that you really will check for email).
5. Set the program you use to read email so that it does not automatically display remote text and graphics. Spammers can embed coded links to remote text and graphics in email messages (“web bugs”), and use them to tell which of the email addresses on their lists are getting through, so those addresses can be targeted for even more spam. (Outlook’s default configuration does the wrong thing and telegraphs your email address back to spammers; Thunderbird never does so, unless you tell it that a particular message is safe).
6. Report spam to the spammers’ network and service providers; SpamCop has a particularly easy way to do this (If you send us a full copy of any spam you receive, including headers, BroadSky will do this for you).
7. Use “throw-away” email addresses that automatically expire or that are easily cancelled for most routine internet business in which you don’t have an ongoing need to be contacted.  For example, use Jetable, Spamgourmet, or another such service to create temporary addresses.

Your Website

1. Don’t put your email address in plaintext on a website—even in discussion forums.  Always obfuscate it somehow: use a GIF image instead of text, or spell out parts of the address (for example: jdoe-at-domain-dot-com). If you're technically inclined, the best solution we've seen is to use this Javascript software to encrypt your email address, so that's it's plainly visable to humans, but very difficult for spammers to decypher. The BroadSky staff would be happy to try to help you with this, if you like.
2. Don’t allow unauthenticated users to put content on your website (for example, guestbooks, feedback sections, member information directories, etc.) , as this can lead to “link spam”. Make sure you know who they are and have contact information, such as a working email address, first. You should also consider prohibiting non-members from viewing such content: for example, we once saw a case where spammers had signed up for hundreds (seriously: hundreds) of bogus memberships on a website just so they could put links to their own websites in a space reserved for members to write their personal interests.
3. Don’t allow unauthenticated users to see website statistics; this can lead to “referral spam” whereby spammers try to improve their listing in search engines by visiting your site many times from a spam site so that the spam site will show up in the “top referrer” list on your statistics page.
4. Where users (authenticated or not) can add content to your site, be sure your software will automatically add the rel="nofollow" tag to any links in their content.
5. If you have your own domain name and website, join Project Honeypot; they will provide you with some code to embed in your website that will feed email address harvesters with trackable ficticious email addresses that can be used to help identify spammers, as well as providing a basis for taking legal action against spammers. If you would like, BroadSky will set this up for you.

Your Personal Computer

A shockingly high percentage of spam originates from average personal computers (PCs) that have become infested with “trojan” programs that turn them into “zombies” and thus allow spammers to control them and send spam from them. To prevent your PC from being taken over by spammers:

1. Be sure to keep your copy of Microsoft Windows up to date with the latest security patches from Microsoft. Windows can be set to update itself automatically; to do it manually, open Internet Explorer (Microsoft’s update software only works with IE) and, under the “Tools” menu, select “Windows Update”. Microsoft releases new updates about once per month; if you do your updates manually, be sure to run the update tool at least that often.
2. Install anti-virus software, and pay for a subscription to keep it automatically up to date.
3. Regularly scan your system for “spyware”; please see our page on spyware for a list of programs that can be used to check your system for spyware and remove it.
4. Do not use Internet Explorer. This is worth emphasizing: do not use Internet Explorer. Security holes in IE and it’s related “ActiveX” technology are the greatest single way that viruses, trojans, spyware, and malware in general get onto PCs. Instead, we recommend that people use the superior Mozilla Firefox web browser.
5. Use a personal firewall on your PC, preferably one that blocks unauthorized outbound connections, as well as inbound ones (the firewall included with Microsoft Windows XP SP2 only blocks incomming connections).