Spam Assassin Vs Boxtrapper

[denglund1996]

I was using BoxTrapper with good results for some time

 

Recently, I decided to try Spam Assassan. But tonight I found my account (dave.englund.name) suspened due to spam I am still waiting for a reply to my help issue to find out the specifics - if it was related to an attack on a contact form I use on my site or my email that was supposedly being protected by Spam Assassan.

 

Frankly, I don't think I like Spam Assassan. And as soon as my account gets unlocked I'm going back to BoxTrapper where NOBODY gets through unless I LET them through.

 

The dirty dogs!

Edited November 22, 2005 by denglund1996

[TCH-Bruce]

Spam Assassin nor Box Trapper will protect your site if you have a contact form script that can be compromised. There has been plenty of talk on the forums of insecure form scripts. If your script will allow an email header injection then people can send SPAM through it.

 

Spam Assassin will only block mail coming to your domain not mail going out.

[TCH-Bruce]

BoxTrapper has been removed from most servers and should be removed from yours as well. BoxTrapper causes heavy loads on the server and that is the reason it's being removed.

[questionmark]

"Spam Assassin nor Box Trapper will protect your site if you have a contact form script that can be compromised. There has been plenty of talk on the forums of insecure form scripts. If your script will allow an email header injection then people can send SPAM through it.

 

Spam Assassin will only block mail coming to your domain not mail going out."

 

 

Hello

This may be a stupid question, but what would be the remedy to this situation? Make sure you get a more secure form script? What exactly is email header injection, is that allowing the user to input the email address into the form rather than have the email script automatically start up the users email program, such as Outlook Express.

I ask about email header injection because, say I have a link for a website visitor to send me an email on my website. It now would make their Outlook program start up, I guess with Windows users anyway? I'd rather just let the user fill out the email they want the response sent to because I don't use Outlook and it kinda confused me when I'd click on a link to send an email to someone on a website and my Outlook would start up. I'd just close it and copy the email address and use my Yahoo email to send the question if I bothered with it that much.

So, having it set up to where they fill out their email address, would this be an example of an insecure script like you're referring to? Would it just be asking for alot of spam or other problems? Would it be stupid to set it up like I'd like, where the user fills in their email address they want the reply sent to. Say, with an opt in newsletter, make it double opt in to where when they would fill out their email address they'd then get an email to confirm they signed up for the newsletter in the first place.

I believe You had recommended Hotscripts.com to me as a place to get scripts in my introductory forum post, would they have as secure a script as any for this, or does the Cpanel already have something that would take care of this?

[TCH-Bruce]

If you are using mailto: links on your website that launch a users email program to send you a message you don't have anything to worry about except that having your email address on a website will be captured by SPAM bots and you will start receiving SPAM email in your inbox.

 

If you want to set up a form to collect information that a visitor fills out and that gets sent to you then yes you need secure form processor and TCH recommends that you use Ultimate Form Mailer as it is secure.

[questionmark]

Hello

Ok, yes I think I'd rather have it to where the visitor fills out the information for their email address because I think some visitors may not use the email program like Outlook on their computer and they might be confused and just decide not to follow through. Do you have an opinion on this? Also, I suppose Ultimate form mailer is available at Hotscripts?

Just in case I went with mailto: if the link a visitor clicked on just said something like "contact us" instead of my actual email address, would the Spam bots still pick up my email address?

Thanks again

[TCH-Bruce]

I never use mailto: links. I use forms to collect information. I don't use Ultimate Form Mailer because I wrote my own form processing scripts.

 

Yes, putting your email address on your site will be collected by spam bots. If you use a mailto: link you should obfuscate your email address.

[questionmark]

Wow, I didn't know you were so quick to respond on here. So you recommend against mailto:? Just for how your particular website is set up or for any other reason?

Ok, I'll need to look up obfuscate, but, I guess that means it would make my email unavailable to Spam bots?

Thanks for the link for Ultimate form Mailer. I suppose your processing scripts are tailored to your particular site, eh? Do you offer one on one live chatting, say maybe as I'm doing something for the first time as I'm doing it? For a fee?

I'm going to go ahead and buy a hosting plan now and just learn on the fly.

Thanks again

[TCH-Bruce]

I don't recommend mailto links for anyone but there are people that still insist on using them.

 

You can read how to mask your email address.

 

Yes, my scripts are site specific but I could have easily just used UFM.

[TCH-Bruce]

Oh, and no I don't have a chat script on any of my sites.

[stevevan]

There are sites that will encode your email address into encrypted JavaScript code. The one I use is found here. The sites that I've used this one haven't gotten one spam message yet (knock on wood).

[questionmark]

Hello

Ok, to both Bruce and Steve, both of those links you provided in the last couple of posts would be used for a mailto: type of set up, correct? There's no need to mask your email address if I were to use a form to collect email addresses, correct?

Bruce, on the live chatting thing, I meant , do you or other techs sometimes offer live support, chatting or whatever WHILE a person is doing something themselves for the first time?

I don't know if I'm making too big an issue out of how information iscollected from a website visitor, it just seems that every detail matters.

Thanks again for answering my questions.

[stevevan]

From what I understand, that particular script doesn't require use of a database to send email. For specific answers on this script, go to this page.

[idallen]

BoxTrapper has been removed from most servers and should be removed from yours as well.

 

Box Trapper is still on server20 almost a year later. Is it really going to be removed?

[TCH-Dick]

It should not be on any of our servers and yes it will removed. This is the worst piece of software we have ever seen. Many cPanel customers have begged cPanel to remove it completely. It is buggy, crashes due to mail loops and generates more unwanted mail than it prevents.

[Guest John Crockford]

BoxTrapper has been removed from most servers and should be removed from yours as well. BoxTrapper causes heavy loads on the server and that is the reason it's being removed.

 

Can the load on the server be sufficiently reduced to make it acceptable by reducing the number of days that logs and messages in queue are kept (say, to 3 days)?

[TCH-Andy]

Hi John,

 

The short answer is no, it can't be easily modified to run on the servers.

[cryptoknight]

Hi John,

 

The short answer is no, it can't be easily modified to run on the servers.

 

 

That's so weird... I never had it on my cpanel before... but I saw it just the other day and was about to give it a try when I found this post.

 

Server382 still has it.

 

Spam Assassin hasn't done jack squat for me... In the last 3 weeks I've received at least 500 pieces of spam... I figured Boxtrapper would do the trick nicely since it would force accounts to confirm themselves.

 

My wife has received close to 10x the spam I've received... and that's with spam assassin on... and configured to drop anything it flags as spam.

Edited December 6, 2006 by cryptoknight

[cryptoknight]

Oh and btw your forums are busted when it comes to useing the quote bbcode.

[TCH-Don]

Because the pre-sale forum does not require registration

it has become a spammers favorite hangout,

so some forum features are disabled here.

 

In the other forums it works.

[MichaelJ]

Hi Don,

 

In reference to SpamAssasian & BoxTrapper - I have this question

 

A couple of weeks ago, I filled out a form on yellowpages.com - It had a offer for a free listing (got me). Anyway, I left my email as "info@mywebpage.com" and then redirected the "info@mywebpage.com" to my actual address.

 

Suddenly I was receiving a bunch of spam being redirected to my webpage. How can I prevent that. I really don't want to kill my info@mywebpage.com.

 

What do you suggest doing to minimize this spam?

 

Thanks

 

Mike

[TCH-Bruce]

Welcome to the forums Mike

 

My recommendation is to use throw away addresses to sign up for things like this. Inevitably your email address will be culled and used to spam you or others as you.

 

When that happens you can delete the throw away address and the spam stops.

 

To create a throw away address set it up as a forward in cpanel. yellow@your-domain.ext and point it to a valid email address you will check.

[TCH-Thomas]

Welcome to the forum Mike.

[TCH-Don]

Welcome to the forums Mike

You can try to change spam assassin to a lower number

but it looks like that address is a spammers friend now.

 

The forwards are the way to go.

[TCH-Andy]

Welcome to the forums Mike

 

As has been said, you can either throw away the info@ address or you can configure spam assassin to delete a larger proportion of the emails it thinks are spam.

[carbonize]

Personally I still recommend using a anti spam program hosted on your own machine instead of a remotely hosted one. This gives you more control over it. I was using Spamihilator but Windows Mail, the email client on Vista, has a junk mail filter built in. Unfortunately it relies on definitions of spam from Microsoft and cannot be trained. Spamihilator was catching about 99% of all the spam I was receiving.

 

Hmm maybe someone should write a tutorial on how to make your own form mail script. All you'd need is a downloadable file containing the functions for checking email address etc and sending the actual emails. Then you just have to explain how to create the form,

 

Actually probably not that easy going off the last one I made.

[Deverill]

It's a small consolation, but I did see a study that showed that an email address that got picked up by the spammers and then turned off, eventually dropped much lower in spam volume. In other words, if you delete your info address for 6 months to a year, some of the spammers will give up on it. It never goes back to zero-spam and may pick back up when you reactivate it - they didn't examine that - but it's maybe worth a try if you need to have that address later.

[Guest Lei]

Good Day!

 

I would like to ask if there is any plugins/3rd party scripts that has the same function as Box Trapper.

 

 

Thank you so much.

[TCH-Bruce]

Check hotscripts.com for scripts.