As soon as you publish an email address on your website to receive customers’ inquiries, it is inevitable that you will very shortly begin to receive spam messages mixed with real support requests.
Are there effective ways to protect oneself against unsolicited advertising and to receive only messages from website visitors and registered customers? The answer is “yes”. In this article, we present the experience of a genuine company’s Help Desk which provides email-based customer and technical support.
This company has been providing customer support services for more than five years and has never changed the email addresses of its support team. During this period anyone could have added the company’s addresses to spam mailing lists, but they receive very little unsolicited mail.
The first line of defense is the mail server, which rejects over 90% of incoming messages at the mail pre-processing stage! Mail pre-processing involves several filtering steps:
1. The sender’s IP address is checked against the spammers black list; the presence of the correct DNS record on the sender’s mail server is also verified.
2. Message headers are checked for compliance with RFC standards and an additional check is performed to find out whether the sender’s “From” address actually exists on the outgoing mail server.
3. The message contents are scanned for spam-like text.
If negative results are returned on any of these steps, the mail server rejects the message and returns the appropriate error code to the originating server.
Of course, not all incoming messages which pass this filtering system are genuine customer requests. According to the company statistics (collected during 3Q 2010), 9324 messages passed through the spam filter into the support database. Only 3056 of them (almost one third) were later confirmed by their senders, which means approximately 6000 messages remained unconfirmed.
Summary of statistics
Total number of messages received: 126456
Rejected by the mail server’s spam filter: 90676
Saved in support database: 9324
Not confirmed by senders: 5939
Manually deleted by support team: 329
Real customer inquiries: 3056
What does “Not confirmed by senders” mean? This corresponds to an additional spam filter in the customer tickets processing system. Every time it detects an incoming message sent from an email address which has not yet been registered in the customer database, it sends back an auto-response that asks the sender to click a special link to confirm the sending of his/her request. The confirmation link must be clicked only once for each email address; doing so automatically registers the sender’s address in the database. All further inquiries sent from the same address will be received directly by the support team and the confirmation link will no longer be sent to their author.
The majority of messages saved in the database (5939 of 9324, approximately 64%) were not confirmed by senders; therefore, they are categorized as spam. Additionally, 329 messages were manually deleted by the support team. Although those messages had either been confirmed by senders or were received from registered email addresses, support personnel identified these as duplicates or spam.
In addition to email, the company also receives customer inquiries from a web form completed on the website and from customers’ personal online accounts. For more information on these three support request receiving methods, see this earlier article detailing how to manage business email. Requests sent via web form or from an online account are directly saved in the Help Desk database; therefore, the mail server’s spam filter is not applied to such messages. The web form has its own means of spam protection:
1. CAPTCHA — an automatically generated image with several characters which a website visitor must type into a special text field to send a request successfully. CAPTCHA helps protect the website from spam robots trying to automatically submit messages using the web form.
2. A confirmation link is sent back to non-registered email addresses (similar tactic to that used for requests which are received by email).
The most reliable method of spam protection is the use of personal online accounts by customers. Since access to an account is provided only to registered customers and is possible only after successful authorization, the probability of spam sent by account users is negligible. For a clear summary of statistics analyzed in this article in an easy-to-read chart, please go to our customer blog.
In summary, we recommend the following steps for efficient protection against spam when receiving customer requests online:
1. Offer a protected online account for each customer from which he/she can send requests to you. This will ensure almost 100% spam protection.
2. Place a web form with CAPTCHA on your website so that non-registered visitors can send their requests to the support team.
3. If you want to receive inquiries via email, set up a spam filter on your mail server and send auto-responses with a confirmation link to each new customer.
By implementing these steps, you can efficiently manage your help desk email and protect against most spam.
