Jump to content


Photo

Protecting Yourself From Spam


  • Please log in to reply
65 replies to this topic

#1 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 26 May 2005 - 01:29 PM

Spam is a problem for everyone. Some have more than others but it affects everyone. Here are some things to help with spam.

Visibility:
If you are visible, they will spam you hard. By visible I mean that the spammers who scan the internet looking for victims can see you. The best and most reliable way to get flooded with spam is to post your email address in plain text on your website. The search engines have programs called spiders that search for information on the Internet. The spammers have similar programs that are out there looking for email addresses. Of course, there are other places you can get your email address "scraped" up from including:

Dishonorable websites - "Sign up for a free newsletter." and if the host is dishonest he could sell your email address to a spammer.

Emails - If you send email to someone who posts it on the internet then you're sunk. (see next)

Discussion groups - There are many discussion groups that post messages on websites. If the group is an email group then you will surely get your email listed. Even if it is a website group, be careful that you nor anyone you know ever put your email "out in the open."

Solution:
There is none. Seriously, there is no solution to spam. I can, however, give you some help on keeping it from being the biggest problemin your life.

1. Never put your email address where it will end up on the internet.

2. Have a reserved email address you never use to sign up for things or give to websites. I may have Jim@MyTCHDomain.com that I only give to my close personal friends, for instance. This is your last line of defense, guard it like you would your credit card number.

3. Set your "Default Address" in Cpanel to ":fail: no such address here." This will block a LOT of spam. Spammers can see a domain and they will start guessing at names to spam - webmaster, web, administrator, etc. If you set the Default Address to your reserved address then you will get all of these garbage address emails. I recommend not using webmaster as an address, even though it's a commonly used one. At the church and at the daycare websites I maintain I have created addresses of office@theirTCHdomain.com for folks to email and webmaster goes straight into the trash. If you develop for other people consider webdesign@ or designer@ or some other non-typical email address for people to contact you.

4. Create other email accounts for everyday use. It's easy to do at TCH because of the way our domains are set up. Just go into your Cpanel by following the instructions in your sign-up email, find the Email section and look for Forwarders. When you click that you can Add a new forwarder.

Let's say I'm going to sign up for automatic billing notices from my phone company. Before I sign up with them I can go to my Cpanel and add "BellSouth@MyTCHDomain.com" and have it forward to my reserved address - Jim. When I sign up I tell them my email address is BellSouth@MyTCHDomain.com and I'll get all the messages but they won't have my secret/reserved address. If I decide later to not do the online thing I just simply go back into my Cpanel and tell it to stop forwarding BellSouth@MyTCHDomain.com and it disappears.

If you go to a "Free music" site or something less legit than the phone company (I don't believe I just said that!) then you can delete the forwarder when they start spamming you.

Remember, if you never give out your reserved address to anyone but your closest and most trusted friends you can cut the spam down to .0001% in a few minutes by killing all the forwarders. Why not to 0%? Someone will always guess it eventually by trying a, aa, aaa,ab, aba, abb, etc - eventually they'll get your real address but these are so few that you'll probably never notice.

5. Create a spam-magnet account. I have spam@MyTCHDomain.com that I use for any site that I sign up on that has to send me an activation password or link. An example is a game forum I recently joined. Before going to the game site I went to Cpanel and set my spam account to forward to the reserved address. I then went to the forum, signed up, read the activation email and then reset the spam address to not forward.

6. Hide your email addresses that have to be put on your websites. There are ways to cloak yourself from these scanning programs. One is to put your email on the page as a graphic file. This is unreadable by the scanners but it also requires that someone wanting to contact you has to retype your address. They may even type it wrong so you'll never get the email.

You can also use a javascript piece of code like this one:

<script language="JavaScript">
<!-- Begin
user = "name";
domain = "YourTCHDomain.com";
document.write('<a href=\"mailto:' + user + '@' + domain + '\">');
document.write(user + '@' + domain + '</a>');
// End -->
</script>

The advantage of this is that it is not compiled into the full address of name@YourTCHDomain.com until it gets into your browser and most of these scanners are not smart enough to read Javascript yet. I suspect it's only a matter of time though.

A final way to get email feedback that is 99% safe from spammers is the Feedback Form. Using PHP or some other scripting language and HTML forms you can give the visitor boxes to enter information into and the web site server will compile it into an email to you - the visitor never sees your email address, nor does the spammer.

Added 6/21 after suggestion by Surefire:
Once an account gets flooded with emails is there anything you can do? Early on I saw that when you remove an email address from public view then it takes a few weeks but the spam drops off. Today, however, with so much selling and reselling of address lists it is pretty much impossible to salvage that address as a usable one... thus the reason of having a "cloaked" address that public ones forward to. You can throw away a compromised account and still have your main one. It does get complicated, however, when your email is part of your corporate branding - you almost have to rely on filters at that point.
"A winner is simply willing to do what a loser won't."

#2 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 26 May 2005 - 01:55 PM

Nice :)

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#3 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 26 May 2005 - 03:23 PM

Well done Jim,
good info :thumbup1:

#4 cajunman4life

cajunman4life

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,137 posts

Posted 26 May 2005 - 03:40 PM

Thanks Jim! I just set my default addresses. Although I do have a "webmaster@" which gets spam... but I've only gotten 3 spam messages in 7 months... not bad. I do however follow the "non-visible" rule. You'll notice by looking around at my site that my email is no where to be found... (except maybe in the forums).
Aaron J. Graves

#5 abinidi

abinidi

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,420 posts

Posted 26 May 2005 - 04:00 PM

Do spiders convert "munged" addresses?

For example, if you instert the following into your HTML code:
<a mailto="paul&#64;&#100;&#111;omain.net">
users will see the following in their browsers:

paul@mydomain.net

And if they click on it, the email will be sent to the correct address, because the browser interprets the HTML character codes
&#64; as @
&#100; as d
&#111; as o

Anyway, this is a way I have hidden my address in the HTML code when I wanted/needed to show it on a webpage. I'm sure it isn't foolproof, and it takes a little work, but it seems to have worked for me! :thumbup1:

If this sounds interesting to you, you can find the HTML character codes at the following site: h*tp://www.lookuptables.com/

(PS: It is tricky to even inlcude this in the post, because as soon as I save it, the forum is converting the HTML characters to regular text, so I have to double-change it; but that won't need to happen in your HTML code!)
Paul Pehrson
Herriman, UT

Posted Image Posted ImagePosted ImagePosted ImagePosted Image



#6 abinidi

abinidi

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,420 posts

Posted 26 May 2005 - 04:08 PM

There are some freeware email cloakers on the internet; you can google search "email munge converter" for a list.

I downloaded and like the HTML Email Cloaker that is located at: http://notepad.com/web-tools.htm. You type in your address and it provides the HTML or JavaScript code on the clipboard that you can paste directly into your HTML code.

Hope these links help.
Paul Pehrson
Herriman, UT

Posted Image Posted ImagePosted ImagePosted ImagePosted Image



#7 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 26 May 2005 - 05:24 PM

(PS: It is tricky to even inlcude this in the post, because as soon as I save it, the forum is converting the HTML characters to regular text, so I have to double-change it; but that won't need to happen in your HTML code!)

<{POST_SNAPBACK}>

The spiders do the exact same thing so to answer your question, yes they will cull it.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#8 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 26 May 2005 - 06:15 PM

Spambots have gotten smarter over the years
and now they can see the various methods of hiding your e-mail
including chacter substitution and the various java scripts that try to hide the addy.

Graphic images and forms that hide the addy are all thats safe anymore.

#9 TweezerMan

TweezerMan

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,763 posts

Posted 26 May 2005 - 06:32 PM

Graphic images and forms that hide the addy are all thats safe anymore.

<{POST_SNAPBACK}>

Graphic images aren't that safe either. :thumbup1:
David Phillips (TweezerMan)
The Tweezer's Edge v3

#10 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 27 May 2005 - 04:07 PM

Graphic images aren't that safe either.  :)

Holy cow, now that's scary stuff!!!

I guess the only truly safe one is the form in which the end user never knows your email address - the server handles it and never tells anyone where the post is going.

Sheesh, now if the spammers would just focus on curing cancer or something!
"A winner is simply willing to do what a loser won't."

#11 skeptismo

skeptismo

    Family Friend

  • Members
  • PipPip
  • 33 posts

Posted 08 June 2005 - 03:02 PM

Great advise for spam, thank you for the post Jim,

one thing I can tell you (and I'm grateful to all of TCH people) is the way they treat spam.
Although I have quite few other email accounts (and especially from greek ISP's,where I live) I got a LOT of spam.
From TCH account I recieve very very little amount of spam, and due to the reasons that Jim mentioned !

Thank you for the support guys,

Skeptismo,

#12 IsaacSchlueter

IsaacSchlueter

    New To The Neighborhood

  • Members
  • Pip
  • 24 posts

Posted 17 June 2005 - 02:28 PM

Munging the email address with HTML entities or JavaScript won't work.

Why not?

Because it is extremely easy for a semi-competent programmer to create a spider that uses a VB Internet Explorer control. Here's a rough outline of how the program works, with a webbrowser control (wb), a list of URLs (list), and a list of emails (emails) *

0. Put some good starting point in LIST, such as http://www.google.com/search?q=the

1. For each ITEM in LIST:
  a. WB.navigate2 ITEM, and wait for WB to finish loading.

  b. For each LINK in WB.Document.Links
    i. If LINK.href then LIST.Add LINK.href

  c. Regex wb.document.body.InnerHTML for this pattern: /[a-zA-Z0-9\-_.]+@[a-zA-Z0-9\-_.]+\.[a-zA-Z0-9\-_.]/

  d. For each MATCH in Regex.Matches
    i. EMAILS.Add MATCH
Since wb.document.body.InnerHTML is the html of the document after processing, it will automatically resolve anything that internet explorer can resolve - that includes javascript, htmlentities, and all the rest.

Munging is a waste of time. If a webbrowser can see your email address, so can a spider.

* Of course, this is really simplified. You'd have to also handle framesets if necessary, and you'd probably run into other bugs that I haven't thought of.


Personally, I have a policy of using a different email address for each site. When I sign up with www.somesite.com, I use somesite @ MyTCHDomain.com as the email address. That way, if I start getting spam, I usually know who leaked it, and just set that address to :fail:.

Edited by IsaacSchlueter, 17 June 2005 - 02:30 PM.


#13 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 17 June 2005 - 02:33 PM

Yep the spambots have gotten very good at putting your address back together
from hex code to scripts.
The only safe way to have someone contact you from your site is a form that hides your addy in the php form handler.

#14 carbonize

carbonize

    Immediate Family

  • Members
  • PipPipPipPip
  • 828 posts

Posted 19 June 2005 - 03:51 PM

If you use POP to access your email i can recommend Spamhilator. I have been using it for about a year now with what I'd say was a 99% success rate. It has a lot of nice plugins as well to increase it's efficiency.
Carbonize
Lazarus Guestbook
A SPADE IS A SPADE - I'm here to help people not to win friends or gain popularity.

#15 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 19 June 2005 - 04:05 PM

I use K9 (keir.net) works basically the same as the one mentioned above and it's free. It's been catching 99% of all spam that Spam Assassin doesn't catch.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#16 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 20 June 2005 - 10:09 PM

It's still working for me on about 5 sites, but they are getting smarter every day.
"A winner is simply willing to do what a loser won't."

#17 surefire

surefire

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,008 posts

Posted 21 June 2005 - 08:43 AM

Excellent tutorial Jim. This is the same stuff I teach each client before I give them their email accounts.

I'd add one thing. If an email account is compromisted and it's getting flooded with spam, the chances of rescuing it are very slim. Better to burn the account and open a new one.

Also, I am a happy and loyal Thunderbird user. Their bayesian filter is excellent for sorting through spam.

#18 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 21 June 2005 - 09:35 AM

Thanks, Jack. I've added a note in the original about your point as it's very true. They are like Pit Bulls once they get your address they don't let go.
"A winner is simply willing to do what a loser won't."

#19 aaron_ginn

aaron_ginn

    Family Friend

  • Members
  • PipPip
  • 29 posts

Posted 24 June 2005 - 04:35 PM

What about challenge-response systems like Spam Arrest? These are guaranteed to eliminate 100% of spam by creating and automatically maintaining email whitelists.
Aaron Ginn

Visit my Richard Wagner page at: http://www.theginnfa....net/wagner.htm

#20 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 26 June 2005 - 10:23 PM

Personally I don't think that kind of system is practical for most businesses. The reason is that most customers won't want to be bothered with a challenge-response delay and most businesses won't want to put their customers through it. Besides, it seems like a spammer could read the challenge and auto-send a response too.

If it fits into one's business model then it would indeed be a great start. For most personal email users it may also be good but remember this - I get notices that my Bank of America is due - if I forgot to get them on the whitelist I may never see the billing notice because they will certainly not respond to my challenge.

Everyone's situation and needs are different - it's all about building your perfect toolbox and using it to the fullest. Thanks for the suggestion!
"A winner is simply willing to do what a loser won't."

#21 Tracy

Tracy

    New To The Neighborhood

  • Members
  • Pip
  • 5 posts

Posted 30 July 2005 - 03:42 PM

Hi,
I was told that a good way to protect your email was to put a word in front of it and then a note telling the people who want to mail you to remove the word....ie...
getmail@hosting.com you would take out the word "get" at the front of the address to send mail.
Thoughts on this?
Tracy

#22 TCH-Thomas

TCH-Thomas

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 14,908 posts

Posted 30 July 2005 - 03:49 PM

Welcome to the forum, Tracy. :D

I would say its both good and bad...

If you have getmail@yourtchdomain.com and tell people to remove get before they send it to mail@yourtchdomain.com, it could work assuming you never set up a getmail address.

On the other hand, if you write getmail@yourinternetserviceprovider.com and tell people same thing, remove get, then if there is someone on your internetserviceprovider.com that actually have getmail@yourinternetserviceprovider.com and people forget to remove the get or if a spamharvester picks it up, then you give that other guy some problem.

Just my .2 cents.

Thomas Jikrantz
Forum Moderator
TotalChoice Hosting, Inc.

Any links or suggestions for third party software/sites should be used at your own risk. My opinions and recommendations are not necessary those of TCH and TCH is not responsible.

As a Forum Moderator I can assist in answering many of your hosting related questions. However, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.
Web Hosting by Total Choice Web Hosting - 24/7 Help Desk


#23 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 30 July 2005 - 04:02 PM

Welcome to the forums Tracey :D

Safest way to not get harvested is to use throw away email address when you sign up for things. And never use a mailto: link on your website.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#24 marie b.

marie b.

    Immediate Family

  • Members
  • PipPipPipPip
  • 390 posts

Posted 30 July 2005 - 04:20 PM

You can use an encoder for your email address.

I have, and it's the only one that's never received spam.

#25 TweezerMan

TweezerMan

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,763 posts

Posted 30 July 2005 - 05:23 PM

Welcome to the forums, Tracy! :D
David Phillips (TweezerMan)
The Tweezer's Edge v3

#26 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 30 July 2005 - 07:00 PM

Welcome to the forums, Tracy :D

#27 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 30 July 2005 - 07:15 PM

Welcome Tracy!

The only problem with your suggestion I can see is that it requires human intervention and possible frustration. They can't just click on something nd get a message to you.
"A winner is simply willing to do what a loser won't."

#28 stevesh

stevesh

    Distant Family

  • Members
  • PipPipPip
  • 162 posts

Posted 30 July 2005 - 07:56 PM

I used the same encoder method as marie, and have yet to receive any spam to that account.

Encoders render the address in ascii. Browsers can read it, 'bots can't (not yet, anyway).

Steve

#29 carbonize

carbonize

    Immediate Family

  • Members
  • PipPipPipPip
  • 828 posts

Posted 31 July 2005 - 01:06 AM

I have seen some email harvesters that look for @ and &64; so converting your email address into ascii is only going to prevent some spam. The other thing is to not use info@, sales@ 1@ as spammers tend to send to these addresses regardless of whether or not they are listed anywhere.
Carbonize
Lazarus Guestbook
A SPADE IS A SPADE - I'm here to help people not to win friends or gain popularity.

#30 Tracy

Tracy

    New To The Neighborhood

  • Members
  • Pip
  • 5 posts

Posted 02 August 2005 - 07:29 AM

Hey, thanks guys for the welcome. :group: I've had my site hosted here for about 3 yrs now and just discovered these forums. (yes, I live under a rock) :P
This whole spam thing is driving me nutzz!! :( I'm going to try many of the suggestions here and trash all my current email addys too. I DID have my email on my website, (poor naive me, I feel like a little lost country girl in the big city) and I now get so many unwanted emails it's just crazy.
I like the idea of those forms that let people send you email but never show your addy. Any idea where I can find one of those scripts? I think that would be perfect for me because I have so many people mailing me for quotes. (I'm a graphic artist).

Another thing I wanted to ask is ...... when my pop thingy checks my mail it says it's retrieving mail from "mail@myaddress.com" but I have never had an email address called "mail". It's very annoying. What's up with that?
Thanks for the great tips and (hopefully) answers to my questions.
Have a terrific day all!! :lol:
Tracy

#31 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 02 August 2005 - 07:34 AM

Tracey, have a look here for the E-Mail Obfuscator.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#32 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 02 August 2005 - 09:55 PM

Tracy, I think in this case a form would be the best for you for a couple of reasons. First is that a well written form can not be used to get your email address. The second is that you can customize it for your special needs - ask them what kind of artwork they need or what the application would be. It gets you better information than just "How much do you charge for a picture?" ;)
"A winner is simply willing to do what a loser won't."

#33 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 02 August 2005 - 09:59 PM

I have seen some email harvesters that look for @ and &64; so converting your email address into ascii is only going to prevent some spam.


Here is one site about this: www.bestprac.org/articles/spam_bots.htm

It says

It bears repeating, though, that although ASCII or JavaScript Encoding increases the level of protection an email address on your website has against spam bots, neither type can guarantee complete immunity against the increasingly sophisticated programming of the most modern spam bots to decode these techniques.

They also recommend that if you do use this method that you encode the mailto tag also, not just the email address.

These guys stand to lose a great deal of money like this so they make smarter bots to get our email addresses.
"A winner is simply willing to do what a loser won't."

#34 WeBrain

WeBrain

    New To The Neighborhood

  • Members
  • Pip
  • 8 posts

Posted 14 August 2005 - 03:49 PM

another thing that works is to put email in swf and not on a image.
just do a button in flash and your done.
"I haven't failed, I've found 10,000 ways that won't work."
- Thomas Edison

#35 carbonize

carbonize

    Immediate Family

  • Members
  • PipPipPipPip
  • 828 posts

Posted 01 September 2005 - 10:31 AM

Ok I found this method on the net last night and have now incorported it into Lazarus Guestbook. Basically I reverse the email address (ie spam@microsoft.com becomes moc.tfosorcim@maps) then put it in a span like so:
<span style="unicode-bidi: bidi-override;direction: rtl;">moc.tfosorcim@maps</span>

I also convert the email address into ascii but thats just an extra level.
Carbonize
Lazarus Guestbook
A SPADE IS A SPADE - I'm here to help people not to win friends or gain popularity.

#36 likoma

likoma

    Family Friend

  • Members
  • PipPip
  • 48 posts

Posted 16 November 2005 - 07:15 PM

Any chance TCH will offer something like Spam Arrest (challenge/response) in the future? I'm a reseller and Spam Arrest is what I suggest to them after they've (1) had their email address listed publicly on a site for a long time and is certainly on the spammer's lists, (2) tried Spam Assassin with success, but still just not quite good enough, (4) can't/won't ditch that address for a new one, and (4) they're ready for drastic measures.

I send them over to Spam Arrest where they pay $5 a month or so. I'd be much happier being able to offer that through my own reseller account (TCH) for free or for a small fee (if I/we had to pay an extra fee to TCH to set it up).

Just my two cents.

Best regards,

- Bradley

#37 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 16 November 2005 - 07:38 PM

Don't know if your customers are business accounts or individual users but I will tell you from a business standpoint I would not do business that had me jump through hoops to get a message to them.

There are ways to deal with SPAM if you are willing to put forth the effort to battle it. I have virtually eliminated all my SPAM using SpamAssassin on the server and K9 and Thunderbird on my desktop.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#38 Samrc

Samrc

    Immediate Family

  • Members
  • PipPipPipPip
  • 1,336 posts

Posted 16 November 2005 - 07:44 PM

I have had a family/close friend only email address for years. Worked like a charm.

But recently, one of my non-tech family members put my address into a FREE greeting card site for my birthday. Now I am getting 20-30 spam on that account daily that get through my spamkiller program.
Samantha
SamiSite.com CSB and WYSIWYG program tutorials
Feel free to right click the silly little forum images I use and save them to your own website space.
Then link to your own site. Please don't hotlink to my website to use the images. Thanks!

#39 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 17 November 2005 - 01:27 PM

That is one unfortunate fact of Internet life, Samantha, and one that our family and friends don't seem to get. These sites that send free greeting cards and stuff aren't doing it out of the goodness of their hearts (99.999% of the time) and are harvesting everyone's friend's email to spam to.

The ideal world would have no spammers - not gonna happen
A better world would have our friends understand about spam - not always gonna happen.
The world as it is today requires us to have the best spam filters we can find and just live with it... which stinks. Such a useful tool as e-mail, and one that can be a major distraction is made even more so by ****, mortgage, and small-cap stock junk that most of us don't even care about! I am 40, healthy, have a mortgage broker and a 401-K for investments - why do I want any of this!?!

It's like a female coworker kept getting emails directed at guys to "enlarge your _____" (censored - it's a family forum) and about every day I'd hear her say "I don't even have one!" and would know what she got in her inbox.
"A winner is simply willing to do what a loser won't."

#40 likoma

likoma

    Family Friend

  • Members
  • PipPip
  • 48 posts

Posted 18 November 2005 - 02:02 AM

Don't know if your customers are business accounts or individual users but I will tell you from a business standpoint I would not do business that had me jump through hoops to get a message to them.

There are ways to deal with SPAM if you are willing to put forth the effort to battle it. I have virtually eliminated all my SPAM using SpamAssassin on the server and K9 and Thunderbird on my desktop.


Thanks for your post, Bruce. My clients are a mix of business accounts and individual users and I agree with you about the business accounts, but lots of individual users would like the challenge/response option as they have had their firstname@lastname.com email address for years and, as people are talking about in this thread, it's inevitable--even if you're extremely careful. Also, you say "put forth the effort to battle it" but many of my clients wouldn't know how to battle and that means I'm usually taking care of it for them (not cost effective, boring, etc.). ;-) Of course my email does pretty well against spam using Spam Assassin and using forwarding and the default email (e.g. if I send a card from Hallmark, I'll use hallmark@**** so when it gets sold/spammed, I can then stop/block it).

I post again tonight as I'm moving yet another client away from another hosting company (yippee for TCH!) because this or that little thing didn't work (in this case it was that it was running in safe mode, I couldn't turn it off, and thus couldn't run PHP List), but while I was moving things away from her host, I noticed that they run cPanel, had Spam Assassin and ALSO had an option called "BoxTrapper." This is how it described it:

BoxTrapper protects your inbox from spam by forcing all people not on your white list to reply to a verifcation email before they can send mail to you.

Aha, I spoke too soon. So I did a quick search for Box Trapper and found out that TCH has already tried it, but I guess it was too much of a load on the servers. I couldn't find much else about Box Trapper, but anyway, it'd be great if TCH had it as an option, even charged for it if it's going to be a bigger load on servers.

Best regards,

- Bradley

Edited by likoma, 18 November 2005 - 02:05 AM.


#41 carbonize

carbonize

    Immediate Family

  • Members
  • PipPipPipPip
  • 828 posts

Posted 18 November 2005 - 02:43 AM

I still highly recommend using Spamihilator to stop spam. Unfortunately people don't want to run their own spam filter and would sooner depend on serverside spam filtering. The problem I see with that is one mans spam is another mans news. A previous host did serverside spam filtering and it was blocking a lot of my legitimate emails as well. I just like the fact I can open up Spamihilator from the systray and see what it has stopped and why as well as what it has allowed.
Carbonize
Lazarus Guestbook
A SPADE IS A SPADE - I'm here to help people not to win friends or gain popularity.

#42 Mission

Mission

    Distant Family

  • Members
  • PipPipPip
  • 145 posts

Posted 21 November 2005 - 10:09 PM

Jim: Set your "Default Address" in Cpanel to ":fail: no such address here." This will block a LOT of spam.


How exactly does one make the default address ":fail: no such address here"? Is it in options where it says "Default Identity" -- is that what you put into the "E-mail Address" field? Thanks.

#43 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 21 November 2005 - 11:30 PM

In your cpanel > mail > Default Address
click on
Set default Address
and put
:fail:
as the address, thats it.

#44 Robmonster

Robmonster

    Family Friend

  • Members
  • PipPip
  • 33 posts

Posted 24 February 2006 - 09:03 AM

I use a site called www.spamgourmet.com in my fight against spam.

It allows you to instantly generate an email address that is good for a set number of emails. Any more than that and you no longer receive them.

Its incredibly useful when registering on a suspect site.

I'd advise everyone to take a look at it.

RM

#45 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 24 February 2006 - 01:00 PM

Thanks for the tip Robmonster! Every tool we can add to our arsenal against spam is a good one!
"A winner is simply willing to do what a loser won't."

#46 hapless

hapless

    New To The Neighborhood

  • Members
  • Pip
  • 8 posts

Posted 08 September 2006 - 04:51 PM

Hi Guys - just a mad thought about this subject - what about a graphic linked to a small audio file that "talks" your mail address. appreciate this would be useless if people didnt have speakers/headphones but most do - I think!!
(for displaying addys on websites)
Hapless

Edited by hapless, 08 September 2006 - 04:53 PM.


#47 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 09 September 2006 - 03:50 PM

That would certainly stop the automated spam, but how many customers/visitors would you eliminate? It may be worth it in some circumstances though.
"A winner is simply willing to do what a loser won't."

#48 carbonize

carbonize

    Immediate Family

  • Members
  • PipPipPipPip
  • 828 posts

Posted 09 September 2006 - 03:53 PM

Also you would have to spell it out to prevent them spelling things wrong. The best way would be either a contact form or use multiple images to spell out the address. I did once use bidi-override CSS so I could have the email address backwards in the HTML and have it made the right way round using CSS.
Carbonize
Lazarus Guestbook
A SPADE IS A SPADE - I'm here to help people not to win friends or gain popularity.

#49 TCH-Thomas

TCH-Thomas

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 14,908 posts

Posted 20 October 2006 - 05:49 AM

Here is another program you can download to your own computer and produce cloaked email addresses (basically the same idea as the program in Pauls post here).

I havenīt tried Pauls recommended program, but this one will generate a link for you inside the program so you can verify that the link works as it should.

E_Cloaker

Thomas Jikrantz
Forum Moderator
TotalChoice Hosting, Inc.

Any links or suggestions for third party software/sites should be used at your own risk. My opinions and recommendations are not necessary those of TCH and TCH is not responsible.

As a Forum Moderator I can assist in answering many of your hosting related questions. However, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.
Web Hosting by Total Choice Web Hosting - 24/7 Help Desk


#50 charlesleo

charlesleo

    Family Friend

  • Members
  • PipPip
  • 54 posts

Posted 02 November 2006 - 11:31 AM

@Bruce - can I install spamassasin on my TCH server? The spam on my website is getting out of control.

#51 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 02 November 2006 - 12:23 PM

Spam Assassin is on all the TCH servers. In you cPanel you need to enable it.

Select the mail icon, then select Spam Assassin from the menu that appears. Then select Enable Spam Assassin to turn it on.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#52 Head Guru

Head Guru

    Bill Kish Head Guru

  • Admins
  • PipPipPipPip
  • 6,798 posts

Posted 02 November 2006 - 01:32 PM

greylisting is getting more popular.

Bill Kish

Head Cook and Bottle Washer

If you need help with your account or have any questions, please feel free to contact me using any of the contact methods below.  I can be reached 24 hours a day seven days per week.

Office :: 800-930-0485 x211
Mobile :: 248-632-3243

email: bill(at)totalchoicehosting.com

Instant Messenger -
AOL Instant Messenger: tchgurubill
Yahoo Messenger : tchgurubill
MSN Messenger : tchgurubill@hotmail.com

Thank you for your support and continued business


#53 charlesleo

charlesleo

    Family Friend

  • Members
  • PipPip
  • 54 posts

Posted 02 November 2006 - 04:12 PM

Ah... now it's enabled enabled as Bruce posted in another thread. Duh - for some reason I thought it was third-party. As for 'grey-listing', that's new term but I've manually set it up to flag emails for stuff such as '****', 'Cialis', 'Stock Market', etc.

It would be handy if we could compile a list of these type of terms somewhere.

#54 TCH-Don

TCH-Don

    Immediate Family

  • Members
  • PipPipPipPip
  • 11,642 posts

Posted 02 November 2006 - 05:36 PM

Displaying your email address on your site will guarantee you more spam.

#55 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 02 November 2006 - 08:21 PM

Greylisting involves the receiving server, for example TCH, telling the server sending us email, for example AOL, that we're too busy right now and try again shortly. Most spammers currently do not use well behaved servers so when they get the "try again" error they just move on to the next victim. Servers that follow the standard are required to try to send the email again.

In addition, the extra time that it takes to get the 2nd attempted delivery also gives the spam blockers the opportunity to blacklist that site/email as spam so even if a spammer sends a retry it will, by then, be blacklisted.

If you don't mind the slight delay then it sounds like a great tool to add to an anti-spam arsenol.
"A winner is simply willing to do what a loser won't."

#56 carbonize

carbonize

    Immediate Family

  • Members
  • PipPipPipPip
  • 828 posts

Posted 02 November 2006 - 08:28 PM

It does also increase the workload on the receiving server as it has to keep a list of what emails it has sent the busy message for.

Given that most spam seems to be sent from infected machines you'd think ISPs would be more proactive in stopping it. When Code Red was out ISPs were disconnecting customers who were infected and sending them an anti virus via snail mail.
Carbonize
Lazarus Guestbook
A SPADE IS A SPADE - I'm here to help people not to win friends or gain popularity.

#57 charlesleo

charlesleo

    Family Friend

  • Members
  • PipPip
  • 54 posts

Posted 06 December 2006 - 08:52 PM

Is there a possibility of adding SpamFighter to the mail servers?

http://www.spamfighter.com/

#58 Head Guru

Head Guru

    Bill Kish Head Guru

  • Admins
  • PipPipPipPip
  • 6,798 posts

Posted 06 December 2006 - 09:40 PM

We do not run Windows servers, and that solution is for windows.

Bill Kish

Head Cook and Bottle Washer

If you need help with your account or have any questions, please feel free to contact me using any of the contact methods below.  I can be reached 24 hours a day seven days per week.

Office :: 800-930-0485 x211
Mobile :: 248-632-3243

email: bill(at)totalchoicehosting.com

Instant Messenger -
AOL Instant Messenger: tchgurubill
Yahoo Messenger : tchgurubill
MSN Messenger : tchgurubill@hotmail.com

Thank you for your support and continued business


#59 jacobh

jacobh

    New To The Neighborhood

  • Members
  • Pip
  • 19 posts

Posted 08 January 2007 - 05:06 PM

Spam Assassin works pretty well if you train it! I finally figured out how to set up easy training with Spam Assasin, using a script small script. If you're interested in seeing how, take a look at my post in this thread:

http://www.totalchoi...i...st&p=198226

Maybe someday Cpanel will come with this type of functionality already installed... ;)

#60 joats

joats

    New To The Neighborhood

  • Members
  • Pip
  • 8 posts

Posted 03 October 2007 - 02:38 PM

Thank you for that info, Deverill ~ noted and plan on implementing some.
What brought me to your topic, though, was that I have yet to complete my site and in the meantime some 'bad people' have taken advantage of the pending blog pages and put porno URLs on them. Very upsetting.
I am not certain where to look in the forums for how to avoid this. I have lowered all permissions to 700 as possible, but that was in haste LOL because I just wanted to block any further use, and i'm not certain what effect that is actually going to have. I am going to look for 'permissions definitions' next and see if there is an explanation of what changing these to the diff numbers does. (I found the 'how to change permissions' topic. I need to know what/how these actions actually affect my site.)
Now I am wondering about the usage of memory allotted to me. How do I get rid of any files that might have been deposited by these 'bad people' and how do I locate them -- the files -- to get rid of them?
Thanks
jaci

#61 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 03 October 2007 - 02:41 PM

What blogging software are you using? And are they loading the links into your comments?

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#62 Deverill

Deverill

    Immediate Family

  • Members
  • PipPipPipPip
  • 3,307 posts

Posted 04 October 2007 - 08:51 PM

You're welcome Jaci. Get back with the blog software you are using and the folks here can definitely help. I'm not used so much to blogging software but there are plenty here who are. Best wishes.
"A winner is simply willing to do what a loser won't."

#63 joats

joats

    New To The Neighborhood

  • Members
  • Pip
  • 8 posts

Posted 07 October 2007 - 05:26 PM

What blogging software are you using? And are they loading the links into your comments?

Hi Bruce, thank you: I believe I installed WordPress (not moving very quickly on this site, lol, there is SO much to learn...at this point in time, i have to start from the beginning...) and then went on to other avenues re: studying since I didn't know exactly what/how I was doing this. I went back to this section back in May/April? and found 1200 + pages !!! of 'comments' that included links to I AM A SPAMMER sites... egad. So, I did what I could at that time re: the permissions. I only came back recently to find, the same day that I did, someone was looking into the site as well with what seemed to be I AM A SPAMMER as well. I blocked the IP with the IP Deny Mgr: 65.55.212.29...
Then I saw other IP's, but they all appear to be TCH's re: work they are doing ... yay, the pages are working correctly. now i just have to get the info on them.
I could move this to the 'blogging' forums...
Now I am wondering if those 1200+ comments and the recent ones are taking up mem that i don't want there as well is it possible for these posts to have lodged cookies that will just continue to radar my site for these types of 'comments'. If so: how do I remove unwanted files from the mem, where would I look for these? How can I remove any cookies, if there, and how would I look for them since they're not on my own computer?
thanks again!
j

Edited by joats, 07 October 2007 - 05:30 PM.


#64 TCH-Bruce

TCH-Bruce

    Volunteer Moderator

  • Members
  • PipPipPipPip
  • 19,960 posts

Posted 07 October 2007 - 05:57 PM

If you are running WordPress the first thing to do is make sure it's current. The next thing to do is install the Spam Karma 2 plugin and say goodbye to comment spam.

Bruce Richards
Forum Moderator
TotalChoice Hosting, Inc.
Webhosting by Total Choice Web Hosting - General Support Forum

I am a Forum Moderator. While I can assist in answering most of your hosting related questions, I am unable to answer questions about specifics relating to your account such as billing and server related issues. Should you need assistance in these areas, please contact our Help Desk or our many other options. Another good place to find answers is with our help pages, tutorials and movie tutorials.


#65 joats

joats

    New To The Neighborhood

  • Members
  • Pip
  • 8 posts

Posted 07 October 2007 - 07:04 PM

If you are running WordPress the first thing to do is make sure it's current. The next thing to do is install the Spam Karma 2 plugin and say goodbye to comment spam.

Thank you, Bruce!

#66 stardotstar

stardotstar

    New To The Neighborhood

  • Members
  • Pip
  • 5 posts

Posted 13 July 2008 - 10:02 PM

The system that requires a validation or response by the sender was working for me on another host, but then they decided to ignore that setting and send all emails thru anyway.

It works so long as the Host filters thru that setting first, then the spam settings.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users