Deverill Posted May 26, 2005 Share Posted May 26, 2005 Spam is a problem for everyone. Some have more than others but it affects everyone. Here are some things to help with spam. Visibility: If you are visible, they will spam you hard. By visible I mean that the spammers who scan the internet looking for victims can see you. The best and most reliable way to get flooded with spam is to post your email address in plain text on your website. The search engines have programs called spiders that search for information on the Internet. The spammers have similar programs that are out there looking for email addresses. Of course, there are other places you can get your email address "scraped" up from including: Dishonorable websites - "Sign up for a free newsletter." and if the host is dishonest he could sell your email address to a spammer. Emails - If you send email to someone who posts it on the internet then you're sunk. (see next) Discussion groups - There are many discussion groups that post messages on websites. If the group is an email group then you will surely get your email listed. Even if it is a website group, be careful that you nor anyone you know ever put your email "out in the open." Solution: There is none. Seriously, there is no solution to spam. I can, however, give you some help on keeping it from being the biggest problemin your life. 1. Never put your email address where it will end up on the internet. 2. Have a reserved email address you never use to sign up for things or give to websites. I may have Jim@MyTCHDomain.com that I only give to my close personal friends, for instance. This is your last line of defense, guard it like you would your credit card number. 3. Set your "Default Address" in Cpanel to ":fail: no such address here." This will block a LOT of spam. Spammers can see a domain and they will start guessing at names to spam - webmaster, web, administrator, etc. If you set the Default Address to your reserved address then you will get all of these garbage address emails. I recommend not using webmaster as an address, even though it's a commonly used one. At the church and at the daycare websites I maintain I have created addresses of office@theirTCHdomain.com for folks to email and webmaster goes straight into the trash. If you develop for other people consider webdesign@ or designer@ or some other non-typical email address for people to contact you. 4. Create other email accounts for everyday use. It's easy to do at TCH because of the way our domains are set up. Just go into your Cpanel by following the instructions in your sign-up email, find the Email section and look for Forwarders. When you click that you can Add a new forwarder. Let's say I'm going to sign up for automatic billing notices from my phone company. Before I sign up with them I can go to my Cpanel and add "BellSouth@MyTCHDomain.com" and have it forward to my reserved address - Jim. When I sign up I tell them my email address is BellSouth@MyTCHDomain.com and I'll get all the messages but they won't have my secret/reserved address. If I decide later to not do the online thing I just simply go back into my Cpanel and tell it to stop forwarding BellSouth@MyTCHDomain.com and it disappears. If you go to a "Free music" site or something less legit than the phone company (I don't believe I just said that!) then you can delete the forwarder when they start spamming you. Remember, if you never give out your reserved address to anyone but your closest and most trusted friends you can cut the spam down to .0001% in a few minutes by killing all the forwarders. Why not to 0%? Someone will always guess it eventually by trying a, aa, aaa,ab, aba, abb, etc - eventually they'll get your real address but these are so few that you'll probably never notice. 5. Create a spam-magnet account. I have spam@MyTCHDomain.com that I use for any site that I sign up on that has to send me an activation password or link. An example is a game forum I recently joined. Before going to the game site I went to Cpanel and set my spam account to forward to the reserved address. I then went to the forum, signed up, read the activation email and then reset the spam address to not forward. 6. Hide your email addresses that have to be put on your websites. There are ways to cloak yourself from these scanning programs. One is to put your email on the page as a graphic file. This is unreadable by the scanners but it also requires that someone wanting to contact you has to retype your address. They may even type it wrong so you'll never get the email. You can also use a javascript piece of code like this one: <script language="JavaScript"> <!-- Begin user = "name"; domain = "YourTCHDomain.com"; document.write('<a href=\"mailto:' + user + '@' + domain + '\">'); document.write(user + '@' + domain + '</a>'); // End --> </script> The advantage of this is that it is not compiled into the full address of name@YourTCHDomain.com until it gets into your browser and most of these scanners are not smart enough to read Javascript yet. I suspect it's only a matter of time though. A final way to get email feedback that is 99% safe from spammers is the Feedback Form. Using PHP or some other scripting language and HTML forms you can give the visitor boxes to enter information into and the web site server will compile it into an email to you - the visitor never sees your email address, nor does the spammer. Added 6/21 after suggestion by Surefire: Once an account gets flooded with emails is there anything you can do? Early on I saw that when you remove an email address from public view then it takes a few weeks but the spam drops off. Today, however, with so much selling and reselling of address lists it is pretty much impossible to salvage that address as a usable one... thus the reason of having a "cloaked" address that public ones forward to. You can throw away a compromised account and still have your main one. It does get complicated, however, when your email is part of your corporate branding - you almost have to rely on filters at that point. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted May 26, 2005 Share Posted May 26, 2005 Nice Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted May 26, 2005 Share Posted May 26, 2005 Well done Jim, good info Quote Link to comment Share on other sites More sharing options...
cajunman4life Posted May 26, 2005 Share Posted May 26, 2005 Thanks Jim! I just set my default addresses. Although I do have a "webmaster@" which gets spam... but I've only gotten 3 spam messages in 7 months... not bad. I do however follow the "non-visible" rule. You'll notice by looking around at my site that my email is no where to be found... (except maybe in the forums). Quote Link to comment Share on other sites More sharing options...
abinidi Posted May 26, 2005 Share Posted May 26, 2005 Do spiders convert "munged" addresses? For example, if you instert the following into your HTML code: ><a mailto="paul@doomain.net"> users will see the following in their browsers: paul@mydomain.net And if they click on it, the email will be sent to the correct address, because the browser interprets the HTML character codes @ as @ d as d o as o Anyway, this is a way I have hidden my address in the HTML code when I wanted/needed to show it on a webpage. I'm sure it isn't foolproof, and it takes a little work, but it seems to have worked for me! If this sounds interesting to you, you can find the HTML character codes at the following site: h*tp://www.lookuptables.com/ (PS: It is tricky to even inlcude this in the post, because as soon as I save it, the forum is converting the HTML characters to regular text, so I have to double-change it; but that won't need to happen in your HTML code!) Quote Link to comment Share on other sites More sharing options...
abinidi Posted May 26, 2005 Share Posted May 26, 2005 There are some freeware email cloakers on the internet; you can google search "email munge converter" for a list. I downloaded and like the HTML Email Cloaker that is located at: http://notepad.com/web-tools.htm. You type in your address and it provides the HTML or JavaScript code on the clipboard that you can paste directly into your HTML code. Hope these links help. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted May 26, 2005 Share Posted May 26, 2005 (PS: It is tricky to even inlcude this in the post, because as soon as I save it, the forum is converting the HTML characters to regular text, so I have to double-change it; but that won't need to happen in your HTML code!) The spiders do the exact same thing so to answer your question, yes they will cull it. Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted May 26, 2005 Share Posted May 26, 2005 Spambots have gotten smarter over the years and now they can see the various methods of hiding your e-mail including chacter substitution and the various java scripts that try to hide the addy. Graphic images and forms that hide the addy are all thats safe anymore. Quote Link to comment Share on other sites More sharing options...
TweezerMan Posted May 26, 2005 Share Posted May 26, 2005 Graphic images and forms that hide the addy are all thats safe anymore. <{POST_SNAPBACK}> Graphic images aren't that safe either. Quote Link to comment Share on other sites More sharing options...
Deverill Posted May 27, 2005 Author Share Posted May 27, 2005 Graphic images aren't that safe either. Holy cow, now that's scary stuff!!! I guess the only truly safe one is the form in which the end user never knows your email address - the server handles it and never tells anyone where the post is going. Sheesh, now if the spammers would just focus on curing cancer or something! Quote Link to comment Share on other sites More sharing options...
skeptismo Posted June 8, 2005 Share Posted June 8, 2005 Great advise for spam, thank you for the post Jim, one thing I can tell you (and I'm grateful to all of TCH people) is the way they treat spam. Although I have quite few other email accounts (and especially from greek ISP's,where I live) I got a LOT of spam. From TCH account I recieve very very little amount of spam, and due to the reasons that Jim mentioned ! Thank you for the support guys, Skeptismo, Quote Link to comment Share on other sites More sharing options...
IsaacSchlueter Posted June 17, 2005 Share Posted June 17, 2005 (edited) Munging the email address with HTML entities or JavaScript won't work. Why not? Because it is extremely easy for a semi-competent programmer to create a spider that uses a VB Internet Explorer control. Here's a rough outline of how the program works, with a webbrowser control (wb), a list of URLs (list), and a list of emails (emails) * >0. Put some good starting point in LIST, such as http://www.google.com/search?q=the 1. For each ITEM in LIST: a. WB.navigate2 ITEM, and wait for WB to finish loading. b. For each LINK in WB.Document.Links i. If LINK.href then LIST.Add LINK.href c. Regex wb.document.body.InnerHTML for this pattern: /[a-zA-Z0-9\-_.]+@[a-zA-Z0-9\-_.]+\.[a-zA-Z0-9\-_.]/ d. For each MATCH in Regex.Matches i. EMAILS.Add MATCH Since wb.document.body.InnerHTML is the html of the document after processing, it will automatically resolve anything that internet explorer can resolve - that includes javascript, htmlentities, and all the rest. Munging is a waste of time. If a webbrowser can see your email address, so can a spider. * Of course, this is really simplified. You'd have to also handle framesets if necessary, and you'd probably run into other bugs that I haven't thought of. Personally, I have a policy of using a different email address for each site. When I sign up with www.somesite.com, I use somesite @ MyTCHDomain.com as the email address. That way, if I start getting spam, I usually know who leaked it, and just set that address to :fail:. Edited June 17, 2005 by IsaacSchlueter Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted June 17, 2005 Share Posted June 17, 2005 Yep the spambots have gotten very good at putting your address back together from hex code to scripts. The only safe way to have someone contact you from your site is a form that hides your addy in the php form handler. Quote Link to comment Share on other sites More sharing options...
carbonize Posted June 19, 2005 Share Posted June 19, 2005 If you use POP to access your email i can recommend Spamhilator. I have been using it for about a year now with what I'd say was a 99% success rate. It has a lot of nice plugins as well to increase it's efficiency. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted June 19, 2005 Share Posted June 19, 2005 I use K9 (keir.net) works basically the same as the one mentioned above and it's free. It's been catching 99% of all spam that Spam Assassin doesn't catch. Quote Link to comment Share on other sites More sharing options...
Deverill Posted June 21, 2005 Author Share Posted June 21, 2005 It's still working for me on about 5 sites, but they are getting smarter every day. Quote Link to comment Share on other sites More sharing options...
surefire Posted June 21, 2005 Share Posted June 21, 2005 Excellent tutorial Jim. This is the same stuff I teach each client before I give them their email accounts. I'd add one thing. If an email account is compromisted and it's getting flooded with spam, the chances of rescuing it are very slim. Better to burn the account and open a new one. Also, I am a happy and loyal Thunderbird user. Their bayesian filter is excellent for sorting through spam. Quote Link to comment Share on other sites More sharing options...
Deverill Posted June 21, 2005 Author Share Posted June 21, 2005 Thanks, Jack. I've added a note in the original about your point as it's very true. They are like Pit Bulls once they get your address they don't let go. Quote Link to comment Share on other sites More sharing options...
aaron_ginn Posted June 24, 2005 Share Posted June 24, 2005 What about challenge-response systems like Spam Arrest? These are guaranteed to eliminate 100% of spam by creating and automatically maintaining email whitelists. Quote Link to comment Share on other sites More sharing options...
Deverill Posted June 27, 2005 Author Share Posted June 27, 2005 Personally I don't think that kind of system is practical for most businesses. The reason is that most customers won't want to be bothered with a challenge-response delay and most businesses won't want to put their customers through it. Besides, it seems like a spammer could read the challenge and auto-send a response too. If it fits into one's business model then it would indeed be a great start. For most personal email users it may also be good but remember this - I get notices that my Bank of America is due - if I forgot to get them on the whitelist I may never see the billing notice because they will certainly not respond to my challenge. Everyone's situation and needs are different - it's all about building your perfect toolbox and using it to the fullest. Thanks for the suggestion! Quote Link to comment Share on other sites More sharing options...
Tracy Posted July 30, 2005 Share Posted July 30, 2005 Hi, I was told that a good way to protect your email was to put a word in front of it and then a note telling the people who want to mail you to remove the word....ie... getmail@hosting.com you would take out the word "get" at the front of the address to send mail. Thoughts on this? Tracy Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted July 30, 2005 Share Posted July 30, 2005 Welcome to the forum, Tracy. I would say its both good and bad... If you have getmail@yourtchdomain.com and tell people to remove get before they send it to mail@yourtchdomain.com, it could work assuming you never set up a getmail address. On the other hand, if you write getmail@yourinternetserviceprovider.com and tell people same thing, remove get, then if there is someone on your internetserviceprovider.com that actually have getmail@yourinternetserviceprovider.com and people forget to remove the get or if a spamharvester picks it up, then you give that other guy some problem. Just my .2 cents. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted July 30, 2005 Share Posted July 30, 2005 Welcome to the forums Tracey Safest way to not get harvested is to use throw away email address when you sign up for things. And never use a mailto: link on your website. Quote Link to comment Share on other sites More sharing options...
marie b. Posted July 30, 2005 Share Posted July 30, 2005 You can use an encoder for your email address. I have, and it's the only one that's never received spam. Quote Link to comment Share on other sites More sharing options...
TweezerMan Posted July 30, 2005 Share Posted July 30, 2005 Welcome to the forums, Tracy! Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted July 31, 2005 Share Posted July 31, 2005 Welcome to the forums, Tracy Quote Link to comment Share on other sites More sharing options...
Deverill Posted July 31, 2005 Author Share Posted July 31, 2005 Welcome Tracy! The only problem with your suggestion I can see is that it requires human intervention and possible frustration. They can't just click on something nd get a message to you. Quote Link to comment Share on other sites More sharing options...
stevesh Posted July 31, 2005 Share Posted July 31, 2005 I used the same encoder method as marie, and have yet to receive any spam to that account. Encoders render the address in ascii. Browsers can read it, 'bots can't (not yet, anyway). Steve Quote Link to comment Share on other sites More sharing options...
carbonize Posted July 31, 2005 Share Posted July 31, 2005 I have seen some email harvesters that look for @ and &64; so converting your email address into ascii is only going to prevent some spam. The other thing is to not use info@, sales@ 1@ as spammers tend to send to these addresses regardless of whether or not they are listed anywhere. Quote Link to comment Share on other sites More sharing options...
Tracy Posted August 2, 2005 Share Posted August 2, 2005 Hey, thanks guys for the welcome. I've had my site hosted here for about 3 yrs now and just discovered these forums. (yes, I live under a rock) This whole spam thing is driving me nutzz!! I'm going to try many of the suggestions here and trash all my current email addys too. I DID have my email on my website, (poor naive me, I feel like a little lost country girl in the big city) and I now get so many unwanted emails it's just crazy. I like the idea of those forms that let people send you email but never show your addy. Any idea where I can find one of those scripts? I think that would be perfect for me because I have so many people mailing me for quotes. (I'm a graphic artist). Another thing I wanted to ask is ...... when my pop thingy checks my mail it says it's retrieving mail from "mail@myaddress.com" but I have never had an email address called "mail". It's very annoying. What's up with that? Thanks for the great tips and (hopefully) answers to my questions. Have a terrific day all!! Tracy Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted August 2, 2005 Share Posted August 2, 2005 Tracey, have a look here for the E-Mail Obfuscator. Quote Link to comment Share on other sites More sharing options...
Deverill Posted August 3, 2005 Author Share Posted August 3, 2005 Tracy, I think in this case a form would be the best for you for a couple of reasons. First is that a well written form can not be used to get your email address. The second is that you can customize it for your special needs - ask them what kind of artwork they need or what the application would be. It gets you better information than just "How much do you charge for a picture?" Quote Link to comment Share on other sites More sharing options...
Deverill Posted August 3, 2005 Author Share Posted August 3, 2005 I have seen some email harvesters that look for @ and &64; so converting your email address into ascii is only going to prevent some spam. Here is one site about this: www.bestprac.org/articles/spam_bots.htm It says It bears repeating, though, that although ASCII or JavaScript Encoding increases the level of protection an email address on your website has against spam bots, neither type can guarantee complete immunity against the increasingly sophisticated programming of the most modern spam bots to decode these techniques.They also recommend that if you do use this method that you encode the mailto tag also, not just the email address. These guys stand to lose a great deal of money like this so they make smarter bots to get our email addresses. Quote Link to comment Share on other sites More sharing options...
WeBrain Posted August 14, 2005 Share Posted August 14, 2005 another thing that works is to put email in swf and not on a image. just do a button in flash and your done. Quote Link to comment Share on other sites More sharing options...
carbonize Posted September 1, 2005 Share Posted September 1, 2005 Ok I found this method on the net last night and have now incorported it into Lazarus Guestbook. Basically I reverse the email address (ie spam@microsoft.com becomes moc.tfosorcim@maps) then put it in a span like so: ><span style="unicode-bidi: bidi-override;direction: rtl;">moc.tfosorcim@maps</span> I also convert the email address into ascii but thats just an extra level. Quote Link to comment Share on other sites More sharing options...
likoma Posted November 17, 2005 Share Posted November 17, 2005 Any chance TCH will offer something like Spam Arrest (challenge/response) in the future? I'm a reseller and Spam Arrest is what I suggest to them after they've (1) had their email address listed publicly on a site for a long time and is certainly on the spammer's lists, (2) tried Spam Assassin with success, but still just not quite good enough, (4) can't/won't ditch that address for a new one, and (4) they're ready for drastic measures. I send them over to Spam Arrest where they pay $5 a month or so. I'd be much happier being able to offer that through my own reseller account (TCH) for free or for a small fee (if I/we had to pay an extra fee to TCH to set it up). Just my two cents. Best regards, - Bradley Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted November 17, 2005 Share Posted November 17, 2005 Don't know if your customers are business accounts or individual users but I will tell you from a business standpoint I would not do business that had me jump through hoops to get a message to them. There are ways to deal with SPAM if you are willing to put forth the effort to battle it. I have virtually eliminated all my SPAM using SpamAssassin on the server and K9 and Thunderbird on my desktop. Quote Link to comment Share on other sites More sharing options...
Samrc Posted November 17, 2005 Share Posted November 17, 2005 I have had a family/close friend only email address for years. Worked like a charm. But recently, one of my non-tech family members put my address into a FREE greeting card site for my birthday. Now I am getting 20-30 spam on that account daily that get through my spamkiller program. Quote Link to comment Share on other sites More sharing options...
Deverill Posted November 17, 2005 Author Share Posted November 17, 2005 That is one unfortunate fact of Internet life, Samantha, and one that our family and friends don't seem to get. These sites that send free greeting cards and stuff aren't doing it out of the goodness of their hearts (99.999% of the time) and are harvesting everyone's friend's email to spam to. The ideal world would have no spammers - not gonna happen A better world would have our friends understand about spam - not always gonna happen. The world as it is today requires us to have the best spam filters we can find and just live with it... which stinks. Such a useful tool as e-mail, and one that can be a major distraction is made even more so by ****, mortgage, and small-cap stock junk that most of us don't even care about! I am 40, healthy, have a mortgage broker and a 401-K for investments - why do I want any of this!?! It's like a female coworker kept getting emails directed at guys to "enlarge your _____" (censored - it's a family forum) and about every day I'd hear her say "I don't even have one!" and would know what she got in her inbox. Quote Link to comment Share on other sites More sharing options...
likoma Posted November 18, 2005 Share Posted November 18, 2005 (edited) Don't know if your customers are business accounts or individual users but I will tell you from a business standpoint I would not do business that had me jump through hoops to get a message to them. There are ways to deal with SPAM if you are willing to put forth the effort to battle it. I have virtually eliminated all my SPAM using SpamAssassin on the server and K9 and Thunderbird on my desktop. Thanks for your post, Bruce. My clients are a mix of business accounts and individual users and I agree with you about the business accounts, but lots of individual users would like the challenge/response option as they have had their firstname@lastname.com email address for years and, as people are talking about in this thread, it's inevitable--even if you're extremely careful. Also, you say "put forth the effort to battle it" but many of my clients wouldn't know how to battle and that means I'm usually taking care of it for them (not cost effective, boring, etc.). ;-) Of course my email does pretty well against spam using Spam Assassin and using forwarding and the default email (e.g. if I send a card from Hallmark, I'll use hallmark@**** so when it gets sold/spammed, I can then stop/block it). I post again tonight as I'm moving yet another client away from another hosting company (yippee for TCH!) because this or that little thing didn't work (in this case it was that it was running in safe mode, I couldn't turn it off, and thus couldn't run PHP List), but while I was moving things away from her host, I noticed that they run cPanel, had Spam Assassin and ALSO had an option called "BoxTrapper." This is how it described it: BoxTrapper protects your inbox from spam by forcing all people not on your white list to reply to a verifcation email before they can send mail to you. Aha, I spoke too soon. So I did a quick search for Box Trapper and found out that TCH has already tried it, but I guess it was too much of a load on the servers. I couldn't find much else about Box Trapper, but anyway, it'd be great if TCH had it as an option, even charged for it if it's going to be a bigger load on servers. Best regards, - Bradley Edited November 18, 2005 by likoma Quote Link to comment Share on other sites More sharing options...
carbonize Posted November 18, 2005 Share Posted November 18, 2005 I still highly recommend using Spamihilator to stop spam. Unfortunately people don't want to run their own spam filter and would sooner depend on serverside spam filtering. The problem I see with that is one mans spam is another mans news. A previous host did serverside spam filtering and it was blocking a lot of my legitimate emails as well. I just like the fact I can open up Spamihilator from the systray and see what it has stopped and why as well as what it has allowed. Quote Link to comment Share on other sites More sharing options...
Mission Posted November 22, 2005 Share Posted November 22, 2005 Jim: Set your "Default Address" in Cpanel to ":fail: no such address here." This will block a LOT of spam. How exactly does one make the default address ":fail: no such address here"? Is it in options where it says "Default Identity" -- is that what you put into the "E-mail Address" field? Thanks. Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted November 22, 2005 Share Posted November 22, 2005 In your cpanel > mail > Default Address click on Set default Address and put :fail: as the address, thats it. Quote Link to comment Share on other sites More sharing options...
Robmonster Posted February 24, 2006 Share Posted February 24, 2006 I use a site called www.spamgourmet.com in my fight against spam. It allows you to instantly generate an email address that is good for a set number of emails. Any more than that and you no longer receive them. Its incredibly useful when registering on a suspect site. I'd advise everyone to take a look at it. RM Quote Link to comment Share on other sites More sharing options...
Deverill Posted February 24, 2006 Author Share Posted February 24, 2006 Thanks for the tip Robmonster! Every tool we can add to our arsenal against spam is a good one! Quote Link to comment Share on other sites More sharing options...
hapless Posted September 8, 2006 Share Posted September 8, 2006 (edited) Hi Guys - just a mad thought about this subject - what about a graphic linked to a small audio file that "talks" your mail address. appreciate this would be useless if people didnt have speakers/headphones but most do - I think!! (for displaying addys on websites) Hapless Edited September 8, 2006 by hapless Quote Link to comment Share on other sites More sharing options...
Deverill Posted September 9, 2006 Author Share Posted September 9, 2006 That would certainly stop the automated spam, but how many customers/visitors would you eliminate? It may be worth it in some circumstances though. Quote Link to comment Share on other sites More sharing options...
carbonize Posted September 9, 2006 Share Posted September 9, 2006 Also you would have to spell it out to prevent them spelling things wrong. The best way would be either a contact form or use multiple images to spell out the address. I did once use bidi-override CSS so I could have the email address backwards in the HTML and have it made the right way round using CSS. Quote Link to comment Share on other sites More sharing options...
TCH-Thomas Posted October 20, 2006 Share Posted October 20, 2006 Here is another program you can download to your own computer and produce cloaked email addresses (basically the same idea as the program in Pauls post here). I haven´t tried Pauls recommended program, but this one will generate a link for you inside the program so you can verify that the link works as it should. E_Cloaker Quote Link to comment Share on other sites More sharing options...
charlesleo Posted November 2, 2006 Share Posted November 2, 2006 @Bruce - can I install spamassasin on my TCH server? The spam on my website is getting out of control. Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted November 2, 2006 Share Posted November 2, 2006 Spam Assassin is on all the TCH servers. In you cPanel you need to enable it. Select the mail icon, then select Spam Assassin from the menu that appears. Then select Enable Spam Assassin to turn it on. Quote Link to comment Share on other sites More sharing options...
Head Guru Posted November 2, 2006 Share Posted November 2, 2006 greylisting is getting more popular. Quote Link to comment Share on other sites More sharing options...
charlesleo Posted November 2, 2006 Share Posted November 2, 2006 Ah... now it's enabled enabled as Bruce posted in another thread. Duh - for some reason I thought it was third-party. As for 'grey-listing', that's new term but I've manually set it up to flag emails for stuff such as '****', 'Cialis', 'Stock Market', etc. It would be handy if we could compile a list of these type of terms somewhere. Quote Link to comment Share on other sites More sharing options...
TCH-Don Posted November 2, 2006 Share Posted November 2, 2006 Displaying your email address on your site will guarantee you more spam. Quote Link to comment Share on other sites More sharing options...
Deverill Posted November 3, 2006 Author Share Posted November 3, 2006 Greylisting involves the receiving server, for example TCH, telling the server sending us email, for example AOL, that we're too busy right now and try again shortly. Most spammers currently do not use well behaved servers so when they get the "try again" error they just move on to the next victim. Servers that follow the standard are required to try to send the email again. In addition, the extra time that it takes to get the 2nd attempted delivery also gives the spam blockers the opportunity to blacklist that site/email as spam so even if a spammer sends a retry it will, by then, be blacklisted. If you don't mind the slight delay then it sounds like a great tool to add to an anti-spam arsenol. Quote Link to comment Share on other sites More sharing options...
carbonize Posted November 3, 2006 Share Posted November 3, 2006 It does also increase the workload on the receiving server as it has to keep a list of what emails it has sent the busy message for. Given that most spam seems to be sent from infected machines you'd think ISPs would be more proactive in stopping it. When Code Red was out ISPs were disconnecting customers who were infected and sending them an anti virus via snail mail. Quote Link to comment Share on other sites More sharing options...
charlesleo Posted December 7, 2006 Share Posted December 7, 2006 Is there a possibility of adding SpamFighter to the mail servers? http://www.spamfighter.com/ Quote Link to comment Share on other sites More sharing options...
Head Guru Posted December 7, 2006 Share Posted December 7, 2006 We do not run Windows servers, and that solution is for windows. Quote Link to comment Share on other sites More sharing options...
jacobh Posted January 8, 2007 Share Posted January 8, 2007 Spam Assassin works pretty well if you train it! I finally figured out how to set up easy training with Spam Assasin, using a script small script. If you're interested in seeing how, take a look at my post in this thread: http://www.totalchoicehosting.com/forums/i...st&p=198226 Maybe someday Cpanel will come with this type of functionality already installed... Quote Link to comment Share on other sites More sharing options...
joats Posted October 3, 2007 Share Posted October 3, 2007 Thank you for that info, Deverill ~ noted and plan on implementing some. What brought me to your topic, though, was that I have yet to complete my site and in the meantime some 'bad people' have taken advantage of the pending blog pages and put porno URLs on them. Very upsetting. I am not certain where to look in the forums for how to avoid this. I have lowered all permissions to 700 as possible, but that was in haste LOL because I just wanted to block any further use, and i'm not certain what effect that is actually going to have. I am going to look for 'permissions definitions' next and see if there is an explanation of what changing these to the diff numbers does. (I found the 'how to change permissions' topic. I need to know what/how these actions actually affect my site.) Now I am wondering about the usage of memory allotted to me. How do I get rid of any files that might have been deposited by these 'bad people' and how do I locate them -- the files -- to get rid of them? Thanks jaci Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted October 3, 2007 Share Posted October 3, 2007 What blogging software are you using? And are they loading the links into your comments? Quote Link to comment Share on other sites More sharing options...
Deverill Posted October 5, 2007 Author Share Posted October 5, 2007 You're welcome Jaci. Get back with the blog software you are using and the folks here can definitely help. I'm not used so much to blogging software but there are plenty here who are. Best wishes. Quote Link to comment Share on other sites More sharing options...
joats Posted October 7, 2007 Share Posted October 7, 2007 (edited) What blogging software are you using? And are they loading the links into your comments? Hi Bruce, thank you: I believe I installed WordPress (not moving very quickly on this site, lol, there is SO much to learn...at this point in time, i have to start from the beginning...) and then went on to other avenues re: studying since I didn't know exactly what/how I was doing this. I went back to this section back in May/April? and found 1200 + pages !!! of 'comments' that included links to I AM A SPAMMER sites... egad. So, I did what I could at that time re: the permissions. I only came back recently to find, the same day that I did, someone was looking into the site as well with what seemed to be I AM A SPAMMER as well. I blocked the IP with the IP Deny Mgr: 65.55.212.29... Then I saw other IP's, but they all appear to be TCH's re: work they are doing ... yay, the pages are working correctly. now i just have to get the info on them. I could move this to the 'blogging' forums... Now I am wondering if those 1200+ comments and the recent ones are taking up mem that i don't want there as well is it possible for these posts to have lodged cookies that will just continue to radar my site for these types of 'comments'. If so: how do I remove unwanted files from the mem, where would I look for these? How can I remove any cookies, if there, and how would I look for them since they're not on my own computer? thanks again! j Edited October 7, 2007 by joats Quote Link to comment Share on other sites More sharing options...
TCH-Bruce Posted October 7, 2007 Share Posted October 7, 2007 If you are running WordPress the first thing to do is make sure it's current. The next thing to do is install the Spam Karma 2 plugin and say goodbye to comment spam. Quote Link to comment Share on other sites More sharing options...
joats Posted October 8, 2007 Share Posted October 8, 2007 If you are running WordPress the first thing to do is make sure it's current. The next thing to do is install the Spam Karma 2 plugin and say goodbye to comment spam. Thank you, Bruce! Quote Link to comment Share on other sites More sharing options...
stardotstar Posted July 14, 2008 Share Posted July 14, 2008 The system that requires a validation or response by the sender was working for me on another host, but then they decided to ignore that setting and send all emails thru anyway. It works so long as the Host filters thru that setting first, then the spam settings. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.