Need Some Advice on a Spam Problem

[ArielHost]

Hello - I need some suggestions from the gurus in this forum.

I recently terminated a hosting customers account because of terms of service violations... now, I believe (but can't prove) that the former customer is using exploited machines to send me a large volume of spam. I block mail on my servers using a number of RBL's, but a lot of it is still getting through. I've used SpamCop's filtered email in the past, and I've signed up again for my personal email accounts (makes the whole reporting process easier as well as filtering, IMO).

Now here is the issue I need help with - the spam is also going to my help desk system. The help desk allows users to mail a specific email address to open a ticket. I could remove automatic ticket creation, but unfortunately a lot of my customers like to submit their tickets that way, rather than log in to the helpdesk software manually each time. The help desk software does have filtering, and it works pretty well, however, I still have to manually sort through the items that its marking as spam to make sure that no legit tickets are getting thrown in there.

Any suggestions on how I can stop the flow of spam to my help desk? I suppose I could change the email address used for support, but that just causes confusion for my customers, plus there is nothing to stop the spammer from changing the target.

[turetzsr]

<snip>

Any suggestions on how I can stop the flow of spam to my help desk? I suppose I could change the email address used for support, but that just causes confusion for my customers, plus there is nothing to stop the spammer from changing the target.

...My knowledge of this is woefully inadequate and I probably should not even be chiming in but you've waited long enough (> 12 hours) without an answer, so here goes! <g>

...Must your users log in to your Help Desk system? If not, I would change that so they do. Once my Help Desk system was secure, I would change the e-mail address and publish it on the appropriate Help Desk page in a form not readily retrievable by a bot (for example, using an image file). Having done that, I'd inform all my Help Desk users to use the new e-mail address. I might, if technically feasible, set up a process whereby I would autoreply once to each e-mail address source of a Help Desk ticket submitted (only from that point in time forward) to the old e-mail account to ask the submitter to send tickets to the new e-mail address. I would try to avoid sending such autoreplies to any e-mail address I knew was used by a spammer.

...Hope this helps (although I somehow doubt it) and that someone more knowledgeable comes along in due course to give you more useful advice.

...Good luck!

...Additional administrative (Moderator) note: since this post does not seem to have to do with the SpamCop Email System, I have moved it to the "SpamCop Lounge" forum.

[ArielHost]

Well you have the right idea, and it is one I was considering barring any really nifty suggestions. I hate to force people to create an account to submit a ticket, but it's probably the only way to stop wasting my techs' time cleaning the spam out of the helpdesk ten times a day. ****ing spammers...!!!

[Farelf]

... Any suggestions on how I can stop the flow of spam to my help desk? ...

I don't hold out much hope but having observed the difference made when an email address is withdrawn from a webpage (even though "stealthed" within the page and even though the page was not really popular), have you checked to see if someone might have posted the address around the internet? There was a time not long ago when some idiot was posting pages for people to "update" and incorporate in their own websites as spider bait, supposedly containing spammer addresses (yeah) to get them to spam each other - but including postmaster and abuse address and all sorts of things that should never be there. Could still be going on for all I know. Anyway, if it were out in public and you could get it removed you might be surprised at how quickly and how much the load drops.

Hope it helps though Uri Raz notes at least 19 methods by which addresses end up being spammed http://www.private.org.il/harvest.html and that doesn't include the personal attention of the vengeful spammer which you may suspect.

[Added - hmm ... looks like the spiderbait is still out there - link I first noted in http://forum.spamcop.net/forums/index.php?...ost&p=31455 is still there and there were a heap of copies. BUT all the postmaster addresses have gone and only one abuse address so maybe I and (hopefully) other haranguers did some good with that particular page. There were lots more, very similar down to the words and phrases used.]

[Wazoo]

I hate to force people to create an account to submit a ticket, but it's probably the only way to stop wasting my techs' time cleaning the spam out of the helpdesk ten times a day. ****ing spammers...!!!

Heh! Even that doesn't seem to help at times. I had an idiot sign up here, go through the Validation ptocess, then arrive and start sending spam via PM ..... In the past, the general 'hacker' mode was to get an account, then try to run a scri_pt that took advantage of an exploit via the PM mechanism ... so I'm stil in the mode of checking "new" users that jump right into the Control Panel ... I stopped this last spammer after 6 PMs had been cranked out, but .....

[petzl]

Well you have the right idea, and it is one I was considering barring any really nifty suggestions. I hate to force people to create an account to submit a ticket, but it's probably the only way to stop wasting my techs' time cleaning the spam out of the helpdesk ten times a day. ****ing spammers...!!!

The best way to deter spammers is to attack! SpamCop's email system accurately sorts email from spam and allows, through an automated process (using SpamCop) for you to very easily go through all of sorted spam in your "held" folder and "Very Easily Report (VER)" all spam. You can also easily forward any (unlikely) false positives to what ever email address you wish (this only costs US$30 a year and you have two weeks to find if it's not your cup of tea and get a refund )

Spammers are now being targeted by the law with appropriate convictions. If you are just deleting spam you are not effective in dealing with problem. SpamCop when reporting often sends extra reports to investigators. When spam passes through certain IP's I note in one example Hotmail get a copy of that spam, as well as the abuse desk of the source IP address (the actual computer that sent the spam), while not sent from their mailing host the spam has passed through it and SpamCop is watching that IP for hotmail

SpamCop usually just tracks spam to IP source. Many big companies have "honeypots" and need evidence to go after these spammers, who are now not safe in any country. There are already a number of abuse desks signed up wth SpamCop email and or SpamCop Reporting for this purpose

By the way I'm in Sydney Australia and have no connections with SpamCop other than being a impressed user with a bullet proof email address since before last century

[ArielHost]

Yeah, I am using SpamCop's email system for my other email addresses. I had used it a couple of years ago and just signed up again the other day. It works well, and it makes it easy to report the spam.