Way OT: Dealing with SPAM

It's not off topic as far as I'm concerned, you have to protect your Land Rover sites and email addresses from scum sucking robots.

Copy the following MUNGed email (it is your address) address and paste it into your HTML webpage so that web bots can't pick it up.

webmaster@lrproject.com

Steve.

In article , Stephen Hull writes

The web bots are onto that sort of thing, and have been for a while.

Going back to Lee's question, try feeding the "bounce" part of the header into spam cop (spamcop.net) and that will work out the ISP that the mail originated from. I've been getting 50-200 bounces a day for two months, and even though the messages are essentially the same, the ISPs have been all over the world. Until people start to protect their computers by using firewalls and stop opening attachments on emails, this will continue to happen.

Adrian

Try

and scroll down looking for "Spam Spoiler" It's free, but it seems to work for me so I made a donation via PayPal to his children's charity. It all seems to be above board. It may take a while before your current spams die out. It may be of no use if you didn't use FrontPage for your web site. Joskin.

What has a firewall, or opening attachments got to do with people sending spam in your name? If I wanted I could send a million e-mails pretending to be from The President of the United States - I'm sure he has a firewall, and I doubt he opens attachments! The problem is that the SMTP e-mail system as it is requires absolutely no authentication to verify that the person sending the e-mail from the address they are using is actually authorised to use that e-mail address. What is required is an entirely new Internet e-mail system. I believe several systems have been/are being developed. I haven't kept up with the latest developments, but no doubt the reason it hasn't been deployed is that no-one can agree a standard.

Matt

Unless an IP address can be closely linked with a mail address, there is no way of authenticating it - many people use the same address from many machines, so it never can be. It's possible that "authenticated" adresses could be handed out, but then the hackers will just find a way round it.

Richard

I suspect it's a reference to the number of 'owned' personal workstations.

The From: field in an email is useless for authenticating where an email has come from, however the headers of an email also contain path information that at least you can use to track down which IP address it came from. It's practically impossible to fake an IP address for TCP connections or even UDP if it requires two-way traffic to establish and run the session, which is why spammers hack people's machines to send email addresses from them. To help stop that, blocks of IP addresses used for joe public are often labelled as "dialup" ranges and published in tables that anti-spam services use as lists of ranges not to accept mail from. Spam would be much worse without these measures.

I get very little spam into my inbox, because even Thunderbird's anti-spam engine is pretty good at getting shot of it. I do check the trash can regularly though (which is packed with spam) as I found that my electricity bills were being spam-blocked!

At any rate, linking an email address to an IP address would work less well than legitimate people using message digests to authenticate the posts, but that would require a large public-key infrastructure that worked, and mail clients that stuck to standards properly, none of which will ever happen.

[snip]

Frontpage? what an abysmal piece of software that is, last time I used Frontpage it altered all my neat HTML code unnecessarily and added additional meaningless HTML.

Steve.

[snip]

Probably does now, but its better than not having any form of email protection,

Steve.

Not as bad as using MS Word. Dreamweaver has a special tool to remove the crap left in web pages built with it!

Stuart

I run a bunch of domains from this location and my mail killfile has nearly 5000 regular expression entries in it and I still get a dozen a so a day sneaking through.

The dozen isn't had compared with the 4000+ a month that go in the bin.

It was 6000 a day before I removed the catch-all address. There are clearly just lists of daft_name@mydomain out there.

nigelH

I believe Dreamweaver is pretty good, Word is crap, trying to type a simple letter in Word is like cracking a nut with a sledgehammer, It is far too complicated and when you do something important it always seems to crash at the most inappropriate time.

Steve.

IME, you can replace "MS Word" with "MS anything" in the above statements (except their games, which are pretty good)

Stuart

Stephen Hull uttered summat worrerz funny about:

I have to agree , however I get to use the software because it's part of Mrs D's work. I.e. Free for my use.

I like the user interface but fully agree that the code it generates is ott. I've done quite a bit of raw HTML on pages at work for specific users of the works intranet, if I didn't we wouldn't get it. When I was on leave someone at H.Q. edited the code with frontpage which made it three times longer to do the same thing, I was a bit fed up with that but hey lifes too short which is why for my site I use Frontpage until I get something cheaper with a similar front end.

Lee

Not familar with FP at all but when I was doing stuff in HTML I found that the Composer part of Mozilla was fairly good. Didn't produce bloated code and was reasonably standards compliant. It has WYSIWYG, "outline" and HTML views that you can switch between at will and changes in one are instantly reflected in the others.

A slightly better option is to use:

Indeed. Lee, if you're getting a lot of addressed to: some_random_name@your_lr_project.domain think about only accepting mail for specified_name@ - this will kill most of the spam.

In article , Matthew Maddock writes

Opening attachments can allow trojans onto your machine, allowing it to become part of a bot net (controlled via ICQ). Firewalls should limit what comes in and out of your machine, so with a decent firewall set up, a trojan shouldn't be able to communicate with its owner.

Sure, we call all send millions of mails as POTUS, just as we could as Matthew Maddock, however anyone looking at the headers would be able to trace them back to your ISP, who should be able to tie them down to the customer in question. By using an unwitting third party to originate the mail, you throw the scent off yourself as the spammer. If (when) that machine is discovered, well, it was good whilst it lasted, there are plenty more machines out there to use. A while back I heard that a new machine going on line could be compromised in as little as 20 minutes.

Adrian