| To Bounce or Not to Bounce |
|
|
|
Written by Scott Marino March 21, 2006 Here's a new topic... We all get spammed, some worse than others. On a slow day I get 10,000, on a busy day, it hits almost 20,000. The volume comes because some spammer thought it would be a good idea to take a name list, and pair it to the @domain.com part of our name to try to get an e-mails to everybody. Now we get hundreds of the same e-mail every time they send it. I have a catch-all e-mail that captures these and sends them right to the trash. The negative effect is that they are impacting the server when the e-mails arrive, which is generally in large bunches. I know there have been threads on how to combat spam and there are some people on this list that are well versed in the subject. The questions I pose is ... Should I start bouncing these e-mails or continue accepting them and deleting them? Scott Marino Written by John Quinlan March 22, 2006 I also get thousands of pieces of garbage -- I do have the advantage however of running my own mail servers. I signed up with a website (bluesecurity.com) and I really don't know how successful they are at getting my email addresses off of the spammer's lists, given that they swap and sell to each other, but I do however now have somewhere to forward the spam to. I have a catchall email account that just forwards all messages sent to fictitious addresses to them, they then report them to the ISP of the company that employs the spammers. The spammers are professional and will not stop, but if the company pushing the products or services lose their Internet account that will hurt. Who knows this may even help to kill it off altogether. They have a league table of who is reporting the most spam, and when I signed up with them I was ranked after a week in the 800's, within six weeks I was in the 40's but I got fed up with checking because it's the only thing I know where to win, is to lose. Happy hunting John Quinlan, CEO Sioli.co.uk Written by Tom Aman March 22, 2006 1. The "From" in spam is often faked. Yes, if you can be reasonably sure that the "From" or "Reply-to: is not faked, start bouncing them. It may take some time (months) for bouncing them to have an effect, but eventually it will. By not bouncing them, you are giving the spammer the impression that maybe these are good addresses. 2. If you can figure out the email headers (sometimes hard to do) or can find someone to interpret them for you, you can find out where the email originates, then use a site like dnsstuff.com to to do a Whois lookup. This will sometimes give you email addresses of the sender's ISP so you can send complaints about the abuse to that address. Since many sites (my own included) are hosted by a hosting company, it can sometimes take a little digging to get back to the real owner of the offending IP address(es). 3. And the one thing you should do for sure is to report this spam to the FTC. Go to www.ftc.gov and click on the "File a Complaint" link. Tom Aman Aman Software cyberspyder.com Written by Kurt T. Francis March 23, 2006 Scott -- I'll say right off I'm very militant about this. I run a one-horse buggy, and when on my worst day I received over 6.400 spams in about 18 hours, I nearly had a heart attack. It took me hours to get them deleted, since I couldn't be *certain* every e-mail was spam -- about 30 weren't -- and I deeply resented being thrown behind in other work. IMHO, the spammers can watch... the... bouncing... bouncing... bouncing ball. Bounce away, with some sense of satisfaction. A few years ago I kept getting maybe 30-40 identical e-mails per day from the same spammer, obstensibly in New Zealand. I finally decided, "What to heck, I'll try writing back." I did, in the form of a cease-and-desist e-mail. I got a whiney e-mail (much to my astonishment) in reply moaning, "I'm just an honest guy trying to make a living!" Intrigued that I had received a response, I wrote him back and asked, basically, why he thought it appropriate to send a single individual 30-40 copies of the same e-mail for months on end if he were so honest. I got the same sort of self-pitying reply. So I wrote him a last time, with a complete, total, utter lie and said I was working as an expert (ha ha) for a major firm seeking to develop software that not only would bounce such e-mails to the sorry senders but would turn the "Fry-alator" loose on their machines, physically destroying their hard drives. Lie it certainly was. Equally certain is that I never heard from him again -- no more spam, no more exchanges. Oh, BTW, during our exchange, I continued to receive the Daily Dose of Crap. Kurt T. Francis, Web Master Bangkok's Voice On The Web Written by Jeré Matlock March 23, 2006
Re: Bouncing vs. deleting spam
Do not bounce them. That will put them in your
outbound mail queue, where they will sit while your server tries to
deliver them many times over the next five days. It just adds to the
problem; it will slow your mail server down considerably. The mail
server will try to send every message in the outgoing mail queue every
time it sends mail. Most of the "from" addresses on these spam emails
are bogus anyway; they can't be "bounced" because the "sender" does not
exist. You'll wind up getting more emails from the bounced messages,
saying, "No such email address on this server."
I host about 50 websites for my clients on a Unix (Linux, Apache,
mySQL, PHP, or "LAMP") server I lease. When I was debugging some slow
mail deliveries, I was shocked to discover I had about 50,000 "bounced"
emails sitting in my mail server's outgoing mail queue. The server was
trying to deliver each one every 10 minutes, and chewing up a lot of
processor time doing that. It kept trying for 5 days. That's my
understanding of it, anyway, from reading up at various forums -- I'm
not trained as a Unix tech support person.
Instead of bouncing spam, you should set your mail server to have
such spam "fail". That way the server won't try to return them back to
the sender, nor will it forward that mail to a "delete" box where you
then need to handle them again (delete them). The spam just dies right
there.
One good program to use on a Unix server is "SpamAssassin", open source software available here spamassassin.apache.org.
It uses Bayesian filters to assign "points" to an email and make a
determination based on how many points an email gets, whether or not it
is spam. (10 points for using any variant of V-ia-G-ra, etc.) You can
tweak SpamAssassin settings and to require 20 or 50 points before it
labels something as spam, or you can be very aggressive and tell
SpamAssassin only 5 spam points and it's spam. It then modifies the
headers of the email, marking it as spam, based on your settings. Then
you can either send it all to a spam box (recommended when you first
set it up so you can check the box and make sure valid emails aren't
being marked as spam) or have it "fail" such emails. Then the spam
just disappears and your server doesn't waste any more effort trying to
bounce it.
My spam problem pretty much disappeared after I set up
SpamAssassin to "fail" such spam. (I have no affiliation with them --
just a satisfied user.)
Best,
Jeré Matlock
wordsinarow.com
Written by Brian Rideout March 24, 2006 One thing that didn't get mentioned on the topic of bouncing spam back to the sender is that many spammers forge or pretend to be a legitimate user. I've been a victim of this type of forging and when the spammer sends 5,000 messages out 100's will fail because the target e-mail accounts no longer exist. I then get 100's of delivery errors because he had pretended to send the messages out using my e-mail address.
Bouncing messages would also send those back to me... not the spammer. Just deleting them is the right approach.
Other readers have commented that using a spam filtering software
is effective and the right ones truly can be, eliminating sometimes
hours of work dealing with spam.
Brian Rideout, President
BKR Studio Inc.
Written by Don Baker March 24, 2006
I used the bounce feature with McAfee SpamKiller, but I never noticed
any difference in incoming spam. I liked SK cuz it scanned all emails
on the server, and deleted any spams before they were downloaded. I
finally ditched SK, tho, due to bugginess (and disgust with how McAfee
products tend to take over your registry). I thought of using the bluesecurity.com program
someone else suggested -- it looks like a great way to lower incoming
spam while making some "blows against the empire."
However, right now I'm happily using Cloudmark, which connects
users with its worldwide community to flag all incoming spam. CM drops
ID'd spams into a "Spam" folder in Outlook Express or Outlook; I can
scan them quickly and retrieve false positives. (There's a whitelist
function, too.) When incoming spams get past the Cloudmark filter, I
highlight them and click a "Block Spam" button (added to my OE
interface). Those msgs are sent to the Spam folder, plus the CM
community gets informed as well. I quickly scan the Spam folder a
couple times a day, and then delete it.
One interesting feature, designed to defeat spammers gaming the
system, is that as users participate in the CM system, their
reliability factor is calculated -- if I quickly and accurately flag
new spams, my reliability rating goes up. But if I tell the system that
obvious spams should be "unblocked," then my reliability goes down - I
guess if it get low enough, I'll be banished, or something. I achieved
the highest reliability ranking in only a few months of using CM every
day.
(My antivirus program has caught a few malwares in incoming msgs
dumped in the Spam folder, but on the whole the incoming spam has been
free from viruses, trojans, etc, which surprised me.)
CM costs about $40/yr, and I've found it well worth it:
Cloudmark
Don Baker NSI Partners Written by Rob Bishop March 27, 2006
"... I'm happily using Cloudmark, which connects users with its worldwide community to flag all incoming spam."- Don Baker
Don mentioned Cloudmark. I would highly recommend it! I only run about
10 staff computers, so server enterprise solutions are out of our
budget. Cloudmark is worth every penny. I used it myself for a couple
of years and then insist it is on every staff members computer now.
Like Don said, it is very reliable and works great. You feel a
sense of power (small sense, but that still counts) since you are
making a difference when you click that "Block" button. You may still
see a few of the same spam for a day or two, but as the community
'votes' on what is spam and what is not, these will quickly disappear.
I personally found no false positives, so now each computer puts the
spam straight to the delete folder. I haven't sifted through for
possible errors in years, and have not had one client say "Did you get
my email ?" When I had not...
Bear Hugs
Rob Bishop
Binkley Custom Products
Written by Peter D'Aprix March 28, 2006 "... many spammers forge or pretend to be a legitimate user." - Brian Rideout
Brian,
I had the same problem for several years. Several of my email addresses
that use my domain names had been highjacked for this purpose and I too
have been getting hundreds of bounce back emails a day. I was about to
flag them as spam until I realized that I would be blocking legitimate
emails since I would be blocking all email from the domain in the
"from" field, which in these cases, was my own.
I finally had to start using the Earthlink spam
filter set on high which uses my own address book to allow only those
emails whose addresses are in the address book to pass through. But I
still had hundreds of bounced emails a day in the Suspect Folder to paw
through. Suddenly about a week or so ago, these stopped coming. I still
received some delivery errors, but they are usually my own and usually
my own fault for making a typo in the address. And I need to know when
I have made a mistake so I can correct it and make sure my email is
received at the other end.
Wasn't there a time when we could set our email program to require a "receipt of delivery"? Can we still? I can't find it. Before, my own mistakes got lost with the hundreds of bounced spam emails and I could go a long time before someone told me my email had never arrived.
Does anyone know if Earthlink has actually refined their filters
to ID emails that were not sent from the person's ISP thus rejecting
the fake ones and allowing the valid ones to be received? God bless
them if they have! Of course now I have to figure out what to do with
all the time I have free each day. Perhaps make more posts to LED?
Peter D'Aprix, Executive Editor
GourmetVoyageurs
Written by Michael Linehan March 29, 2006
Brian,
I had the same problem for several years. Two possibly useful steps to preventing spam.
1. Disguise your email address so it isn't picked up by spam robots.
You can get software to do this at (for example) versiontracker.com. So
instead of having something like <.a
xhref="mailto:
This email address is being protected from spam bots, you need Javascript enabled to view it
"> in the code, you'll
have a bunch of gobbledygook that means nothing to the robot - but that
behaves just the same as a plain email link for a human.
2. Now that you have a encoded email that is protected, set your
email program filters to automatically trash all others such as
This email address is being protected from spam bots, you need Javascript enabled to view it
,
This email address is being protected from spam bots, you need Javascript enabled to view it
, etc. --- in other
words addresses that a spammer is just guessing at.
Any legitimate user will have used your email link or phoned you.
Other addresses can be trashed. Yes - you may filter out one or two
users per ten thousand emails who just guessed your address - but
better that than spending an hour a day filtering through 3,000 spam.
And - sorry - once again we're having a spam discussion with
contributors whose emails addresses are completely exposed in their
text or in the HTML code. If you take the step of encoding your email
addresses, or using a contact form that doesn't store your address in
the code, I think you'll be pleased with the results.
Michael Linehan
Marketing Alchemy Written by Lee Roberts March 30, 2006
Many people have chimed in on the subject of spam and how it affects
business functions, but still the question looms regarding whether to
bounce or not.
I've seen too many times where clients have set
up failed attempts to bounce back to the send in hopes that the sender
will realize that sending an email to a particular non-existent email
address is futile. The sad fact is the spammer doesn't care. They
could be using someone else's email address or domain which in turn
only swamps an innocent party with bounces from your server responses.
Then if the innocent party has their email set to autorespond you begin
to play ping pong.
As the two email servers bounce back responses the situation
doesn't cease until someone stops the bouncing and lets all the
responses come through. Unfortunately, this can cause a server to get
into extremely high loads requiring rebooting. If the bouncing isn't
stopped before the server is rebooted the situation will only continue
to worsen.
So, is it better to bounce or not?
Technology says it's better to not bounce. Respect of the other
sites on your shared server demands that you not bounce because you
affect their business as well as yours when the server goes down.
While some may disagree, I have found obfuscating the email address using any method referenced by that page very helpful. I prefer to not use the JavaScript solutions and merely use the simpler method. In all the years of using that option, the obfuscated email addresses have never been harvested.
If you wish to use a form you can have someone build one for you,
but using any of the open source applications leads to professional
spammers finding ways to use them without your knowledge. The only
formmail script we allow clients to use is NMS Formmail which aids in
hiding the email address, preventing spam relays and a few other nice
little helpers.
Sincerely,
Lee Roberts
roserockdesign.com
applepiecart.com
Written by Steven Birk March 30, 2006
"And - sorry - once again we're having a spam discussion with contributors whose emails addresses are completely exposed in their text or in the HTML code." - Michael Linehan
Michael,
This LED Digest in my opinion has some very 'cream-of-the-crop' members
that I have learned a lot from. But you correct in saying (and you
don't have to say "sorry") that those who contribute to a discussion
with spam reducing methods should NOT have their email address there
for the taking. Seems counter-productive.
I would think that the #1 PRIORITY meaning something to do right NOW
for anyone that has a web site and especially those that are doing some
sort of business with their web site is to get your email address
protected from spam-bots (at least as much as possible!). When I see
some of the per day spam numbers that other people are
getting in the range of 10,000 - 20,000 a day, that is absolutely unreal.
I have one contact page with a contact form on my site at medicalcenternews.com
that I use. It is a SiteSell SBI Site and SBI has an Anti-Spam Form
Build-It Module that automatically hides how the information is sent to
me. Absolutely zero spam and I am very satisfied... I am a SBI customer
/ user for life! I did a little searching around and I found out a few things that
may help those who are trying to eliminate spam (I guess that's pretty
much everyone :-D Some of what I found, in a nutshell...
Number 1:
http://willmaster.com/possibilities/demo/RetrieveEmails.cgi
and enter your page URL and see if a Spam-bot has the possibility to
find your address. If you have an email address on the page you search
and this finds it, for sure a Spam-bot will find it. Not saying its
100% accurate, but it's a start...
Number 2:
Look at http://www.automaticlabs.com/products/enkoderform
This looks like it has quite a robust way of encrypting your email
address and its free. It does encrypt it inside of JavaScript so there
may be some who don't want to use it for that reason. I tested it on a
page and used the url in #1 above as a test and it did not find it. Not
saying that's 100% fool proof, but it's something...
Number 3:
You can also use: http://www.golivecentral.com/pages/txttut/scramble.shtml.
This will ASCII encoded your email address, but you MUST embed it
inside JavaScript to hide it from the Spam-bots. Do not just encode the
mailto: link in ASCII and use it as an ordinary HTML link, the
Spam-bots find this.
Number 4:
Another option is at: http://accessfp.net/protect-your-email-address.htm.
Look about 1/2 way down the page under the "Solution for Stopping
Spam-Bots from Obtaining your Email Address from your Website" section.
This produces a non-clickable link, but a copy and paste-able email
address that your visitor can easily use to paste your email address
into their email program, but which is undetectable by a Spam-bot.
I have no affiliation with the above links; I just found them and included the actual links as a possible solution.
I also found that you should never put just your email address as
text on your web page as a Spam-bot will find that also. Use 'Number 4'
above if you want to produce a non-clickable text email address on your
web page. The only real way to kill these harvesters off is to starve them!
Do what ever you can TODAY to protect your email address(s) on your web
sites.
I hope this may help.
Regards,
Steven Birk
Written by Bill Davison March 30, 2006
Will Bontrager has an excellent free script (Master Spambot Buster) to disguise email addresses with a control panel: http://www.willmaster.com/master/spambotbuster/index.shtml.
Can you believe it, it's also free. Guess Will really doesn't think too
highly of email harvesters and bulk emailing spammers. Will is one of
the good guys!
Bill Davison Written by Chris Nielsen March 31, 2006 While I try to "hide" my email when I can, I've been using the same primary email address, This email address is being protected from spam bots, you need Javascript enabled to view it ever since I registered the domain in 1999. There are many places around the web where the address was listed before we thought too much about protecting it from spammers. While I admit that my spam problem did become almost unmanageable at one point, I was able to retain this same email address today and not abandon it to the spammers.
The solution that I have been using is a combination of SPAM
ASSASSIN that comes with all my many hosting accounts. While I have 30+
domains that all feed my main account or sub-accounts at NielsenTech,
SpamAssasin filters and flags most of what comes in and prepends
"SPAM_" to the subjects. I then use Outlook to filter these into a
folder. I check this during the day and can easily delete the junk
since I sort it on subject and the spam is clearly indicated. It helps
actually, that I get quite a bit because I can see repeating patterns
of subjects. I delete 99% of these unless something really nasty comes
in, then I react to it with the next line of defense.
The other part of what I do is to report anything that gets
through the filters and appears in my inbox to SPAMCOP.net. This does
take a minute per spam, but I feel it's the reason my daily servings of
spam is not too bad. And yes, I still do report business and other
emails where people include their real information if it's clear that
they have not visited my site and are sending "form letter" emails. I
think people have to take a stand to protect their personal
communication channels, email, telephone, door-to-door sales people,
etc. and not put up with intrusions where there is a "cost" to us and
not to the sender.
Postal mail is fine since the sender pays and I can review and
respond as I wish, when I wish. Email could be considered the same,
except that the sender does not pay and therefore there are no limits
which creates a problem for others. Of course direct marketers have
their viewpoints, but this is mine. I think when marketers finally get
the idea that they can pay people for their attention that some balance
will happen. Anyone that wants to pay to send me mail can do so right
away and I promise I will not report them. For the right amount I may
even open and read it...
Thanks,
Chris Nielsen
business-mailing-list-marketing.com
Written by Nancy Cardinali March 31, 2006 "And - sorry - once again we're having a spam discussion with contributors whose emails addresses are completely exposed in their text or in the HTML code." - Michael Linehan
I am confused on this point. I have a mail form using cgi:
<.form method="post" action="/cgi-sys/formmail.pl">
<.input type="hidden" name="recipient" value="hmiller @ haroldrmiller.com" />
<.input type="hidden" name="redirect" value="http://www.haroldrmiller.com/thankyou.html" />
...etc...
When I asked previously, I was told the spiders would not be able to
'read' this email address, as they only 'see' what is actually on the
page, not the code. It seems Michael is saying otherwise. Can anyone
explain what is correct?
Thanks
Nancy Cardinali
haroldrmiller.com
Written by Trevor Johnson April 3, 2006
Nancy, the opposite is the case. Spiders do not read computer monitors.
They only read code. Your email address is currently easily visible and
available to every spider & harvester out there - millions of them.
To deal with the problem, you will find our three part series
entitled "Spam Bots - and How To Avoid Them" very useful. It is freely
available at http://www.bestprac.org/articles/index.htm
Trevor Johnson, Chairman
BestPrac.org
Written by Steven Birk April 3, 2006
Nancy,
I went back through the archives to try and see exactly what your
question was and exactly what someone else said about a spider not
being able to 'see' an email address in your code. I could not find
either though. I can go out on a limb and say that it is absolutely
false... A spider / harvesting program / spam-bot or whatever else you
may call these programs CAN see an email address in your code.
Using the check link I provided in LED 2128 of http://willmaster.com/possibilities/demo/RetrieveEmails.cgi,
and keying in your contact page URL, it found your email address, which
means I would think any kind of harvesting program can also find it.
I did a little more experimenting and I found that the only way to
truly protect your email address is to have it embedded somehow inside
of JavaScript. Some people don't like to do this I know, but I provided a few examples
of how to do this in LED 2128. In your case with your form, even if you
ASCII encoded your email address that appears inside your <.form>
code, it will still find your email address.
One option for those using forms, and I use this on another site of mine at http://publicsafetyhub.com/contact.shtml,
is to use a Forms program that allows you to email a template text file
to send back to your visitor and another one you can send to yourself
with the form information. What this does is it puts your email address
in a text file associated with the form, and NOT in your source code
for all to see. I use Will Bontrager's Master Form for this: http://willmaster.com/master/formV4/
My source code looks something like this where you would normally see the email address to send the form results to:
<.input type="hidden" name="mailtemplate" value="mailtemplate_contact.txt,mailtemplate_contact_01.txt">
When a visitor clicks the submit button, the forms program takes
the email address my visitor has provided and inserts it in the email
field of the template and emails them back my 'Thank You' reply
(contact.txt). The other template is to send the form information my
visitor has entered to my email address I provide in that template
(contact_01.txt).
So your email address that the form information is sent to is protected
inside of the text file, and is not exposed inside the code of the page
for all to see. This seems to work well. Pretty neat forms program
that's well worth the money.
Hope this helps.
Regards,
Steven Birk, Editor
medicalcenternews.com
publicsafetyhub.com
Written by Abu Haider April 4, 2006
Depending on how it is programmed, a spider may act as if it 'only
sees' what is displayed to a visitor. But they always look at the code.
For example, a search engine spider like googlebot, would only
index what is displayed on your website. If you have hidden text on a
page, it will ignore that. But it will look at the HTML code to find
that out. But when a spider is designed for the purpose of grabbing
email addresses, it will always look at the HTML for something of the
format of an email address, regardless of where it is placed, and
whether it is displayed or not.
When a spider accesses a webpage, it gets the raw HTML code of the
page. From a programming standpoint, it is much easier to grab the
email addresses from the HTML than to find out what is displayed on the
screen.
Hope it helps.
Abu Haider
dojolocator.com
Comments (0)
 Write comment
|
