Jump to content

Spam Assassin Vs Boxtrapper


Recommended Posts

I was using BoxTrapper with good results for some time :D

 

Recently, I decided to try Spam Assassan. But tonight I found my account (dave.englund.name) suspened due to spam ;) I am still waiting for a reply to my help issue to find out the specifics - if it was related to an attack on a contact form I use on my site or my email that was supposedly being protected by Spam Assassan.

 

Frankly, I don't think I like Spam Assassan. And as soon as my account gets unlocked I'm going back to BoxTrapper where NOBODY gets through unless I LET them through.

 

The dirty dogs! :whip:

Edited by denglund1996
Link to post
Share on other sites

Spam Assassin nor Box Trapper will protect your site if you have a contact form script that can be compromised. There has been plenty of talk on the forums of insecure form scripts. If your script will allow an email header injection then people can send SPAM through it.

 

Spam Assassin will only block mail coming to your domain not mail going out.

Link to post
Share on other sites

"Spam Assassin nor Box Trapper will protect your site if you have a contact form script that can be compromised. There has been plenty of talk on the forums of insecure form scripts. If your script will allow an email header injection then people can send SPAM through it.

 

Spam Assassin will only block mail coming to your domain not mail going out."

 

 

Hello

This may be a stupid question, but what would be the remedy to this situation? Make sure you get a more secure form script? What exactly is email header injection, is that allowing the user to input the email address into the form rather than have the email script automatically start up the users email program, such as Outlook Express.

I ask about email header injection because, say I have a link for a website visitor to send me an email on my website. It now would make their Outlook program start up, I guess with Windows users anyway? I'd rather just let the user fill out the email they want the response sent to because I don't use Outlook and it kinda confused me when I'd click on a link to send an email to someone on a website and my Outlook would start up. I'd just close it and copy the email address and use my Yahoo email to send the question if I bothered with it that much.

So, having it set up to where they fill out their email address, would this be an example of an insecure script like you're referring to? Would it just be asking for alot of spam or other problems? Would it be stupid to set it up like I'd like, where the user fills in their email address they want the reply sent to. Say, with an opt in newsletter, make it double opt in to where when they would fill out their email address they'd then get an email to confirm they signed up for the newsletter in the first place.

I believe You had recommended Hotscripts.com to me as a place to get scripts in my introductory forum post, would they have as secure a script as any for this, or does the Cpanel already have something that would take care of this?

Link to post
Share on other sites

If you are using mailto: links on your website that launch a users email program to send you a message you don't have anything to worry about except that having your email address on a website will be captured by SPAM bots and you will start receiving SPAM email in your inbox.

 

If you want to set up a form to collect information that a visitor fills out and that gets sent to you then yes you need secure form processor and TCH recommends that you use Ultimate Form Mailer as it is secure.

Link to post
Share on other sites

Hello

Ok, yes I think I'd rather have it to where the visitor fills out the information for their email address because I think some visitors may not use the email program like Outlook on their computer and they might be confused and just decide not to follow through. Do you have an opinion on this? Also, I suppose Ultimate form mailer is available at Hotscripts?

Just in case I went with mailto: if the link a visitor clicked on just said something like "contact us" instead of my actual email address, would the Spam bots still pick up my email address?

Thanks again

Link to post
Share on other sites

Wow, I didn't know you were so quick to respond on here. So you recommend against mailto:? Just for how your particular website is set up or for any other reason?

Ok, I'll need to look up obfuscate, but, I guess that means it would make my email unavailable to Spam bots?

Thanks for the link for Ultimate form Mailer. I suppose your processing scripts are tailored to your particular site, eh? Do you offer one on one live chatting, say maybe as I'm doing something for the first time as I'm doing it? For a fee?

I'm going to go ahead and buy a hosting plan now and just learn on the fly.

Thanks again

Link to post
Share on other sites

Hello

Ok, to both Bruce and Steve, both of those links you provided in the last couple of posts would be used for a mailto: type of set up, correct? There's no need to mask your email address if I were to use a form to collect email addresses, correct?

Bruce, on the live chatting thing, I meant , do you or other techs sometimes offer live support, chatting or whatever WHILE a person is doing something themselves for the first time?

I don't know if I'm making too big an issue out of how information iscollected from a website visitor, it just seems that every detail matters.

Thanks again for answering my questions.

Link to post
Share on other sites
  • 10 months later...
BoxTrapper has been removed from most servers and should be removed from yours as well.

 

Box Trapper is still on server20 almost a year later. Is it really going to be removed?

Link to post
Share on other sites

It should not be on any of our servers and yes it will removed. This is the worst piece of software we have ever seen. Many cPanel customers have begged cPanel to remove it completely. It is buggy, crashes due to mail loops and generates more unwanted mail than it prevents.

Link to post
Share on other sites
  • 1 month later...
Guest John Crockford
BoxTrapper has been removed from most servers and should be removed from yours as well. BoxTrapper causes heavy loads on the server and that is the reason it's being removed.

 

Can the load on the server be sufficiently reduced to make it acceptable by reducing the number of days that logs and messages in queue are kept (say, to 3 days)?

Link to post
Share on other sites
  • 2 weeks later...
Hi John,

 

The short answer is no, it can't be easily modified to run on the servers.

 

 

That's so weird... I never had it on my cpanel before... but I saw it just the other day and was about to give it a try when I found this post.

 

Server382 still has it.

 

Spam Assassin hasn't done jack squat for me... In the last 3 weeks I've received at least 500 pieces of spam... I figured Boxtrapper would do the trick nicely since it would force accounts to confirm themselves.

 

My wife has received close to 10x the spam I've received... and that's with spam assassin on... and configured to drop anything it flags as spam.

Edited by cryptoknight
Link to post
Share on other sites
  • 4 months later...

Hi Don,

 

In reference to SpamAssasian & BoxTrapper - I have this question

 

A couple of weeks ago, I filled out a form on yellowpages.com - It had a offer for a free listing (got me). Anyway, I left my email as "info@mywebpage.com" and then redirected the "info@mywebpage.com" to my actual address.

 

Suddenly I was receiving a bunch of spam being redirected to my webpage. How can I prevent that. I really don't want to kill my info@mywebpage.com.

 

What do you suggest doing to minimize this spam?

 

Thanks

 

Mike

Link to post
Share on other sites

Welcome to the forums Mike :(

 

My recommendation is to use throw away addresses to sign up for things like this. Inevitably your email address will be culled and used to spam you or others as you.

 

When that happens you can delete the throw away address and the spam stops.

 

To create a throw away address set it up as a forward in cpanel. yellow@your-domain.ext and point it to a valid email address you will check.

Link to post
Share on other sites

Personally I still recommend using a anti spam program hosted on your own machine instead of a remotely hosted one. This gives you more control over it. I was using Spamihilator but Windows Mail, the email client on Vista, has a junk mail filter built in. Unfortunately it relies on definitions of spam from Microsoft and cannot be trained. Spamihilator was catching about 99% of all the spam I was receiving.

 

Hmm maybe someone should write a tutorial on how to make your own form mail script. All you'd need is a downloadable file containing the functions for checking email address etc and sending the actual emails. Then you just have to explain how to create the form,

 

Actually probably not that easy going off the last one I made.

Link to post
Share on other sites

It's a small consolation, but I did see a study that showed that an email address that got picked up by the spammers and then turned off, eventually dropped much lower in spam volume. In other words, if you delete your info address for 6 months to a year, some of the spammers will give up on it. It never goes back to zero-spam and may pick back up when you reactivate it - they didn't examine that - but it's maybe worth a try if you need to have that address later.

Link to post
Share on other sites
  • 2 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...