Monday, November 28, 2005

The Fine Art of Spamming - Email Form Spam

Even I’m surprised occasionally. Having worked with technology for many years, I’ve seen just about everything – or so I thought. Over the Thanksgiving holiday one of our authors reported spam that he thought came from his domain, which is hosted on our system. Since access to our servers is tightly restricted, I suspected someone was using the Contact page on his site to send spam. Upon investigation I discovered I was correct but also found something new, or at least it was to me.

One of the optional features than an author can activate on a site built with our system is an email form on their Contact page. An email form is one of those fill-in-the-boxes-and-click-to-send forms that you’ve seen on many other sites. We offer this feature in order to hide your address but still allow visitors to contact you by email. Some people don’t like these, but they serve their purpose in hiding email addresses.

What I discovered was that some spammers target email forms – not personally on a type-and-click-to-send basis, but with automated software tools (often called ‘bots’) that roam the net looking and trying any form they can find. The intent is not so much to spam the person receiving email from the form but rather to exploit any vulnerability that the form may have.

For example some forms will mail the sender a copy or allow you to enter additional “cc:” or “bcc:” addresses. If your form has these or other vulnerabilities you become an unwitting ally in spamming other people. Unfortunately, the people receiving the spam will think you sent the spam and blame you. Not good because once you get on a ‘sends spam’ list it’s difficult to get off.

Fortunately our development team custom developed our contact form, and it does not allow sending email to other addresses. However, our author was receiving annoying email when the spam bot was trying to hack his Contact form – and it was trying about once a day with a blast of between 6 and 24 email attempts at a time!

So we took a look at different strategies and came up with several ways to thwart the attacks. I won’t go into details here, since this is a matter of security. However, even though we have repelled the attacker, we know they and others will try again. So we are hard at work on a human validation feature. You have probably seen these on other sites where a graphic with letters and/or numbers are shown that you must enter. Since the graphic is only readable by a human, this prevents automated systems from sending you email though your contact form.

The point I would like to emphasize is that we implement these changes as part of our continued system improvements and feature enhancements. There is no additional charge to our subscribers. We support our authors and when we find problems we work quickly to correct and improve our system.

On a side note, we are nearing the completion of WebforAuthors Release 2 enhancements and I will post a summary when we finish. And we have defined Release 3 and are finalizing the delivery schedule for these new features. 2006 promises to be an exciting year for WebforAuthors and our subscribers!

Wednesday, November 09, 2005

Designs – Shared and Custom

One method we use to simply the author’s experience on is to eliminate the complexity of web page design and layout. We chose to provide pre-built designs (sometimes called templates) that an author would select when creating their web site.

There are two major advantages, one I have already mentioned – it eliminates the complexity of page design and layout, something that many people would struggle with. I believe it takes real design talent to put together a great web page – you need to have a good sense of color, design, and layout plus understand what makes good navigation on a web page. By using professional designers, our designs incorporate best practices and solid design to give you a great looking web site.

Second, our system lets you choose another design any time. You are not locked into a specific design. This means that as we add new designs you can freely choose to try one out. By simply clicking to select a new design, your web site is instantly changed. If you don’t like it, you can change it back with a click.

Some authors want a unique design, one that is not shared by others. We understand this desire and will create a special design just for you that no one else will have. Fees for custom design start at $750 and we work with you to finalize the price before we begin work. And like our subscriptions, we guarantee your satisfaction.

The great thing is that these custom designs work with our system. For our low annual subscription price your web site will have all our powerful and extensive features. So you are able to get a custom designed, full featured, powerful web site for substantially less than if you had the site developed.

Another benefit to joining WebforAuthors is that you can start using our system now and add a custom design as your needs and success grows. Get started for a low cost but have the option to get a custom design later.

If you have a designer, we will work with them to create your custom site. For example, they could produce the graphical elements and our developers would put them into a layout that works with our system.

The WebforAuthors system is a powerful platform designed specifically for authors and writers. We invest in advanced features that all can use but that cost you much less than if you developed them yourself. With the ability to change your design and to have a custom designed web site, we offer flexibility, power and affordability.