Jump to content
Sign in to follow this  
emanmb

Preventing Spam or..

Recommended Posts

I have 4 important-to-me email addresses. From those 4, since Oct. '07 I have reported over 4000 spams.

I'm pretty sure I know why I get the spam I do in most of those email addys. Especially for 2 of them which are on 2 of my websites as an email link in images. It was the only way I could think of to attempt to mask my email address without making it difficult for potential clients to contact me. Obviously it didn't work and they read the HTML. :angry:

So 2 of my addresses have been harvested from those 2 sites generating the majority of my spam. 99% of spam goes into the Yahoo bulk mail folder which is a good thing.

So I could be happy, I guess, that Yahoo blocks 99% of the spam from reaching my email client. But most of us here I bet, know the feeling when you see 100 spams a day showing up in the bulk folder. You want to go after them, report them, beat them w/sticks, and so forth.

Well I did that till last month but reporting all that spam generates carpal tunnel before I've even get any work done not to mention the time involved. I'm tired of reporting and have done it for years, (member since 04) and since the amount of spam going into the bulk folder keeps increasing, I just don't have the time or patience for it. Those spams that get into my inbox get reported still since that amount is so small.

From past articles in the forums I've read, my "contribution" of reports to SC is for the greater good and not aimed at specifically preventing me personally from getting spam. I knew that, yet still hoped I might stem the tide of spam flowing into my bulk folder.

I still need to have my email address on my sites, despite the fact they are probably the source of most of my spam.

I'd like to ask what is the best way to show my email addresses on my web sites without having it harvested? I did a search of the forums for preventing/spam with no luck, so apologies if this has been covered previously.

Thanks!

Eric

Edited by emanmb

Share this post


Link to post
Share on other sites
I'd like to ask what is the best way to show my email addresses on my web sites without having it harvested? I did a search of the forums for preventing/spam with no luck, so apologies if this has been covered previously.
You might be interested in reading this page from my own website where I describe several methods. The best, to me, is the Java scri_pt mailto; I have used it for several years now and I don't get much spam to the addresses it protects (the only spam I get is probably due to "human" harvesting by 419 scammers and others).

-- rick

Share this post


Link to post
Share on other sites

I still need to have my email address on my sites, despite the fact they are probably the source of most of my spam.

I'd like to ask what is the best way to show my email addresses on my web sites without having it harvested? I did a search of the forums for preventing/spam with no luck, so apologies if this has been covered previously.

Thanks!

Eric

Use Java Java is often disable because of security fears

Use web forms Careful talking to strangers do not know this link so use a throwaway email address like Hotmail

Edited by petzl

Share this post


Link to post
Share on other sites

Thanks guys! These look interesting.

One note, my free yahoo acct. (not published on my web sites) is nearly spam free now.

I've reported over 1400 spams from that acct. alone since Dec. '07 and it has slowed down to 5 or so a day..(knock on wood it stays that way!)

Also the email lists I belong to have FINALLY learned to munge the email addresses in their archives which seems to have had a positive effect.

Share this post


Link to post
Share on other sites

You may also want to try placing a link to http://www.spampoison.com/ on your website.

(No need to break this link - bots are welcome to digest it. :D )

To quote from their website (which generates new, random links offered for use to each visitor); "These links will redirect email harvesting bots to trap sites that will feed it with an almost infinite loop of dynamically generated fake email addresses, mostly on known spammer owned domains! This will render their harvested lists practically useless and of no commercial value."

I've got one of those websites that offer literally hundreds of legitimate email links, and despite the negative opinions that abound about this method's long term effectiveness, it continues to work in my experience.

It also stopped the abused web forms I and many others on our server were receiving. Sometimes we still get spam via web form, but only once per instance...

I went as far as generating my own random list of 10000 nonsense email addresses too. My partner then added some known spammers' addresses, as well as naming the links to such webpage "...poison.htm". All this appears to have helped further, either poisoning the lists or causing the bots to abort and 'flee'.

But talking of shooting ourselves in the collective foot, we also inadvertantly help educate up and coming spammers by offering such solutions publicly. Such is the cycle.

[Edited for accuracy and extra info]

Edited by washmail

Share this post


Link to post
Share on other sites
Use Java Java is often disable because of security fears

I think you meant java scri_pt, not java, and that URL goes to some silly little page about something entirely different.

DT

Share this post


Link to post
Share on other sites
I think you meant java scri_pt, not java, and that URL goes to some silly little page about something entirely different.

The web page changed? I have just pointed to rick's page

Share this post


Link to post
Share on other sites
The web page changed? I have just pointed to rick's page

Assuming in my egotism that you meant my page, no it hasn't changed (it is linked in my reply above). The one in your post went to mackraz.com, it looks to be something like a test for web-bug vulnerability.

-- rick

Share this post


Link to post
Share on other sites
Assuming in my egotism that you meant my page, no it hasn't changed (it is linked in my reply above). The one in your post went to mackraz.com, it looks to be something like a test for web-bug vulnerability.

mackraz.com had a java example for email it since changed?

Your site has the java scri_pt for email addresses and have pointed it to your site

Share this post


Link to post
Share on other sites
mackraz.com had a java example for email it since changed?

No...I went back in the "archive.org" system and that site has always been a "one-trick pony" and the trick has always been the warning about "email bugs" or "web bugs" (he called them "read receipts") that used to be embedded in spam a long time ago.

DT

Edited by DavidT

Share this post


Link to post
Share on other sites
...and the trick has always been the warning about "email bugs" or "web bugs" (he called them "read receipts") that used to be embedded in spam a long time ago.
Just as an aside, don't be sure that little trick is entirely dead and buried. I'm a little suspicious of the HTML in (some/all of) the "February 78% off" type spam I have seen ("//track.msadcenter..." and "You are receiving this e-mail because you subscribed to MSN Featured Offers." etc. - that one, I have no tracker). Pointless we might think but there it is - I guess there might be spamster traditionalists.

Share this post


Link to post
Share on other sites
Just as an aside, don't be sure that little trick is entirely dead and buried.
Hear, hear. I still get web-bugged spam, usually from old-school non-botnet spam operations that seem to rise and fall with some regularity (mainly they appear in my work in-box). I don't think our modern botnet spammers are well-equipped to use web bugging because of vast load it would put on their already not very stable web operations. They might wind up DDOSing themselves.

-- rick

Share this post


Link to post
Share on other sites

True...the web bugs aren't extinct, but the vast majority of the spam emails I've received in recent years don't contain them. I see them used more frequently in borderline "mainsleaze" stuff, in which someone has given up their address at some point (or someone did it for them). Back in the day when many spammers didn't care about being traced and reported, they were used much more frequently.

DT

Share this post


Link to post
Share on other sites
I'm a little suspicious of the HTML in (some/all of) the "February 78% off" type spam I have seen

I just grabbed one of those ("RE: February 82% OFF") out of one of my spam folders and analyzed the code....no web bugs found...just conventional HTML email techniques, none of them designed to "phone home" if and when the recipient opens the message. YMMV

DT

Share this post


Link to post
Share on other sites
I just grabbed one of those ("RE: February 82% OFF") out of one of my spam folders and analyzed the code....no web bugs found...just conventional HTML email techniques, none of them designed to "phone home" if and when the recipient opens the message. YMMV
Or maybe I'm paranoid - I certainly don't know enough to know exactly what it is I'm looking at, but consider one I've resurrected from a text file for inspection:

http://www.spamcop.net/sc?id=z1694335788z0...;action=display

Now there are remote images (from different sources, not all of which might still be active) that want to be loaded and which would have to represent a vulnerability - what's at the other end determines just what that vulnerability might be (and how locked down the browser I use determines the extent of any exploit that might be realized). So, I re-created an .HTML using the code and my (fairly locked-down) browser had a conniption fit - grumbling "To help protect your security, Internet Explorer has restricted this webpaqe From running scripts or ActiveX controls that could access your computer. Click here for options." Maybe it's more paranoid than I am. Anyway, I don't think I would be opening the original spam, especially while it was fresh, but truly I just don't know.

Opinions please ... webbugs or not?

Share this post


Link to post
Share on other sites
Opinions please ... webbugs or not?
Looks like a duck, walks like a duck...

I was at first fooled by the "msadcenter" business but quickly figured out that these were actually part of the msadcenter domain, so looks like a clear case of wilful obfuscation. The very first IMG link calls a file with an argument, I consider that to be pretty suspect (along with the random-looking file name).

I wouldn't touch these links.

-- rick

Share this post


Link to post
Share on other sites
Looks like a duck, walks like a duck...
Thanks Rick. Oh for 12 ga and an ounce and a quarter of No 4 (our shot sizes are slightly different to yours). Actually you're not supposed to shoot them "on the deck". But what the heck, I could make an exception ...

Share this post


Link to post
Share on other sites

Farelf, your "78%" message does indeed seem to contain "web bugs," and mine clearly did not. I'm just saying that of the many spam messages I've analyzed in recent years, the vast majority don't contain them.

DT

Share this post


Link to post
Share on other sites
...I'm just saying that of the many spam messages I've analyzed in recent years, the vast majority don't contain them.
That's pretty much what I see too David, when I look - I seldom look at the things but I think your previous observation about them mostly being borderline mainsleaze is probably [nibbling around]/[close enough to] the facts of it.

In comparison with the overwhelming bulk of spam these days something which contains (maybe) personalized bugs does seem a bit of a novelty and at odds with the increasing volumes and scattergunning of the evident "standard model". The whys and the wherefores of a spammer bucking the trend being something locked in the unfathomable mind of that spammer but it would be unwise to get too blase about it I think. I'm too sure of my own insignificance to entertain any thought of "targeted spam" (and it's the wrong "sort" of spam) but this is certainly/supposedly a growing threat to the few percent who might represent a worthwhile target.

In any event, the rule "don't open them!" is as valid as ever, as an opinion.

Something not totally apparent is that example had my own address spoofed as the sender which is why it is munged - manually because SC has never munged the From: address (or Reply-to:, I think). Consequently this is yet another potential tracking element for spammers who might craft their spam. We assume these cases (own address spoofing) are just "luck of the draw". Yet when it's just the occasional one - not a common part of a mass mail-out (which still seem to draw sufficient NDN/NDRs to the spoofed address to be a significant nuisance or at least noticed) then there is a definite possibility of other explanations. Defeating filters being one1 and I still prefer the "this penguin's turn at the perimiter" model but who knows for sure?

Steve

1Certainly seems effective in doing that with standard/default Outlook filtering at the LAN level.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×