Phone: 617-365-2412


Why Website Spam Can Hurt You. Badly.

It’s only a few minutes past noon, and there’s little doubt you’ve already received at least several spam emails. Although you have no interest in knockoff Rolex watches, Viagra by the case or helping a prince from Nigeria transfer his fortune, these annoying and frequently dangerous messages still show up in your inbox every day.

Spam has been around since the invention of email. Marketers quickly saw the potential of selling through electronic junk mail — but so did internet carpetbaggers looking for easy money by spewing fraudulent offers by the millions. Money is also what drives hackers to develop code that can be carried in messages designed to steal, destroy or ransom your data.

It’s a fact of life that if you have an email address, you will be spammed. Yet, for a business owner who has a website, spam is an even greater threat. A vulnerable website may make you not only a receiver of spam, but a sender.

One reason why is that your website and email require a domain, which must reside on a server, typically provided by your hosting company (GoDaddy, HostGator, etc.). By design, your website is publicly accessible — and thus a very easy target.

Consider that generally, our good friends the spam-mongers need three things to make them happy:

1) Access to new email contacts;

2) The ability to send massive amounts of nefarious messages at little or no cost;

3) Anonymity.

How spammers get email addresses is another story, but by hacking into your website – thus your server – they have achieved 2 out of 3. And if you’re collecting email addresses and storing them on your site, they hit the trifecta! Even if you’re not collecting addresses, emails sent to the spammers’ own list will originate from your website domain, and you have officially become a sender of spam.

Your hosting company will probably be the first to notice. They will expect you to fix the issue quickly, since the breach will eventually compromise other websites on their servers. This will be entirely your problem because it was your website, not your hosting company that was hacked.

How so? Think of your hosting company as your landlord; they supply the building and utilities, while your website and email data are the residents. And just like when you rent a house, you’re responsible for whatever happens in it, the hosting company is just renting you space.

Websites get hacked every day with increasing frequency. There are many factors that can contribute to such an event occurring, such as inadequate security, outdated systems, even the type of website CMS you have.

If you’re hacked, the consequences can be severe:

  • Spreading infections to other websites and/or causing the same issue for others
  • Potential loss of clients
  • Productivity downtime
  • Blacklisting of your email address
  • Your hosting company canceling your service, or even destroying the infected server — and your website along with it
  • Time and money (possibly a lot of money) spent resolving the problem

Your best bet is try to prevent your site from being hacked in the first place. Granted, no website is entirely hack-proof (just ask Amazon), but taking the following steps will greatly reduce your chances:

  1. Ye shall not pass. Stronger passwords are essential everywhere online, which means you really should stop using your birthday, home address or favorite sports team as options. A minimum of 8 characters is recommended, and use a combination of upper/lower case letters, numbers and symbols.
  2. Double the trouble. Instead of using just one login, utilize two factor authentication. You’ve already experienced this logging into your bank, for example, when you’re asked a secret question.
  3. Blinders are on. Contact forms are common access points for hacks, make sure you add a CAPTCHA to them. Most hack attempts are performed by bots, automated web crawlers that can read text but are incapable of reading images, which is what a CAPTCHA incorporates into the submission process. Better yet, use a reCAPTCHA.
  4. Lock it down. The CMS for your website is not secure out of the box, thus you need to put security protocols in place to protect it. There are many security plugins for WordPress, Drupal, Joomla, etc. that can automate required maintenance tasks to keep your site updated and protected.

Taking the above steps will result in your site being much less of an appealing target for spammers. On the other hand, doing nothing may possibly land you in the website spam club — and canceling that membership may be more than you bargained for.


Thanks for reading. If you have questions or aren’t sure how to go about making these changes to your site, we’re happy to help. Leave a comment below or contact us directly.