Do you have mailto: links on your site?  Did you know this is the number one way that spammers harvest email addresses?  Forget about putting things like remove in the address either, spammers know that trick as well.

Setup a contact form (like the contact us on our site) instead.  Even if all the contact form does is email you directly it prevents a bot from being able to harvest your email address.  There are a number of simple contact forms for asp and php that work with almost any server.  If you are on a shared host many times the hosting company has instructions on the way they want you to handle the forms and example scripts.

Avoid common mailbox names!

Do you have a sales@, support@ and names like that for your domain?  Spammers know it.  They will hit them all.  Rather than having these boilerplate names assign names that are temporary and instruct customers to use your online forms rather than hitting reply.  There are two ways you could deploy this in your company.

Total online mode

In each email sent out from sales or support tell the user that this is a non monitored email address and set the reply to field to a bounce email address.  This is important so that if a user does reply they get a bounce message and know it didn't go through. 

Then provide a link to the proper place to reply, and hopefully with all the fields already filled out for the user.  They will not want to have to lookup an account number or trouble ticket again.  Insert it automatically using paramters in your url ?ticket=123123 is a simple example.

Mixed online and mail mode

Now lets assume that is not possible for some reason, or you just want to keep things in an email based system.

Create reply to addresses that are temporary in nature, or are based upon the account you are dealing with.  You can create a supportfeb2007 address and stop issuing it in March.  Then sometime in April you change that email account to bounce email.  No one should still be using to reply to emails.

Or you can create addresses like support-customerid that are meaningful only to that customer.  If they delete their account, you delete the email address.  And if spam starts flowing in you know where it came from.

Control your users email account names

Some email systems automatically generate alias accounts based upon user names, and some companies do it to try for a more user friendly email address.  For example if your company has a policy of first.lastname for the email address, maybe no one can remember how to spell Bob's last name, so you abbreviate it.  Then someone else wants to abbreviate their first name, etc.

Don't do it!  One large mail system vendor automatically generated SEVEN alias's per user based upon combinations of their first and last names.  On the surface this appears to be a good thing, but let me tell you why it is not.

Spammers try random combinations of words and names to domains.  If your name is Bob Smith, they will try b.smith, bob.s, bob, bsmith, etc.  You have now just exposed yourself to a seven times larger attack footprint.  Spammers are now seven times more likely to find your users, and exploit the pattern.

Set a standard, and live with it.  Bob-Smith would be a better email address, because spammers don't try dashes as often.  Eveyone uses the . and so spammers hit it more frequently.