Janice Pottle and Ted Stuchberry
main blog page //  comments //  add your comments //  archives
<< Previous entry: Busy Weekend Next entry: Is Summer Over? >>

08.27.2003 11:43am - The Spam War Continues

Comments (4)

I just thought I'd write an update on my fight against spam here on brindleweb. I posted an entry a few months ago about my new contact form that I created so that people can e-mail me without me having to post my e-mail address explicitly. I've been continuing to take more and more steps to fight spam, here they are.

For myself:

1. As stated above, I replaced anywhere I posted my e-mail address on these pages with the contact form.
2. I stopped accepting emails to any random address for my domain, and only accept the one or two I want to use. Others will get bounced.
3. I changed most of the addresses I do use that I currently get spam at. For example, I used to use webmaster@... for website-related e-mail and rescue@... for e-mail about my rescue site. Both of those were getting tons of spam, so I stopped using them and deleted their inboxes, thus reassigning those as simply "random addresses for this domain" (which I now bounce as per item #2).
4. I use Mailwasher to filter, delete, and bounce any remaining spam that I get. Unfortunately it doesn't do this automatically, but it is just a one-button press to process all the new mail at once.
5. I no longer give out my e-mail to ANYONE. I don't fill it in on any forms, or give it out when ordering from anywhere. To get around doing this I use a great new service called Sneakemail. It creates sort of random addresses for you that forward to your real address. You can create as many of these as you want and "tag" them with the purpose you created them. That way you can use them for online ordering, joining forums, and all that. If you start getting spam at one of them, you can just delete it. In addition, if you make a unique one everytime and label it with why you created it, you can even tell WHO gave out your address to the spammers! This is a great idea and I highly recommend it!
6. To help stop spam overall and get spammers in trouble, I report the spam I get through SpamCop. This site parses spam to figure out who to complain to about it, plus keeps records of spam senders and ISPs.

For YOU, my readers/users:

1. For the blog readers, I have installed a MovableType plugin called MTObfuscate. This uses javascript to encode the e-mail addresses that people post in the comments and such, so that it cannot be easily harvested by spammers.
2. For my bbs users, I have enabled a "blind e-mail" feature so that their e-mail addresses do not get posted on the board. Instead if somebody wants to e-mail them there is a form to do it.

Whew! So, there is a lot of action on the spam-fighting front here on brindleweb. I HATE spam!!!! I do have a few questions though, if anyone reading has any suggestions, let me know!

My questions:

1. In spite of all the actions I took above, I still do get spam to one of my accounts (one that existed before I became so spam-wary, and that I really don't want to give up). So for these e-mails I am bouncing them and reporting them through SpamCop... is there anything else I can do? Will I ever be able to purge this account of Spam, or once the e-mail is out there is it doomed forever?
2. I'd like to protect other e-mails on my site (people who post in the Guestbook, for instance), with something similar to the MTObfuscate mechanism. Maybe with a PHP function that I can just call whenever I do need to display an e-mail address. Does anyone have any ideas?

That's all for now, folks.


Posted by in category General , Site News

Comments

Posted by on 08.27.2003 02:33pm CST

Wow, thought I should post THIS spam I just got! "Tomahawk missiles, serious enquiries only"??? This is the worst, most corrupted spam I have ever received. So deviant that it seems it must be a joke? Here it is, URL removed:

---------CUT & PASTE OF SPAM---------
Now we extended our offerings, here is a list:

1. Heroin, in liquid and crystal form.

2. Rocket fuel and Tomohawk rockets (serious enquiries only).

3. Other rockets (Air-to-Air), orders in batches of 10.

4. New shipment of cocaine has arrived, buy 9 grams and get 10th for free.

5. We also offer gay-slaves for sale, we offer only such service on the NET, you can choose the one you like, then get straight to business.

6. Fake currencies, such as Euros and US dollars, prices would match competition.

7. Also, as always, we offer widest range of child pornography and exclusive lolita galleries, to keep out clients busy.

Everyone is welcome, be it in States or any other place worldwide.

ATTENTION. Clearance offer. Buy 30 grams of heroin, get 5 free. Prepay your batch of rockets (air-to-air) and recieve a portable rocket-lacuncher for free.

****(URL REMOVED)****

This offer won't last! Only until 20th of August all our clients will also recieve a pack of 2 CDs, with best selection of child pornography.

------END OF CUT & PASTE-----

I definitely sent this one on to SpamCop. Yikes.


 Posted by on 08.28.2003 11:07am CST

Sorry to hear about your spam troubles Janice. I did wonder why you started posting with a sneakemail address!! I have been using sneakemail for over a year now...what a great service.

As for a encoder, have you seen Hiveware's Enkoder? Maybe you could use something like this to help you?


 Posted by on 08.28.2003 11:07am CST

D'oh, the preview showed the URL correctly.

http://www.hiveware.com/enkode_tool.php


 Posted by on 08.28.2003 01:36pm CST

Hi emd. Thanks for the link.

All my pages are PHP now, so I was thinking I'd like a PHP function that I could call, passing in the email address, and it would do this for me. So that in my php page (or the output of a script like the Guestbook), I would have something like:

$encoded_email = encode($email_address);
echo("$encoded_email");

But what should be in the encode function? I found the following somewhere, haven't tried it yet to see if it would work:

function encode($s,$type="html") {
for($i=0; $i < strlen($s); $i++) {
$encoded = sprintf("%02s",dechex(ord($s{$i})));
$hexscii .= '%'.$encoded;
$hexents .= '&#x'.$encoded.';';
}
return ($type=="html"?$hexents:$hexscii);
}

My big problem is that I don't understand what is machine-decodable by the SPAM harvesters and what is not. Would this kind of a function be enough to fool them?
Post a Comment






Note: Spam Protect is ON.      (?)







Note: HTML tags will be stripped (ignored). Plain-text URLS will be auto-linked. Line breaks will be preserved.


Spambot confusion provided by Junkeater. (?)







contact
Copyright 2003 Janice Pottle and Ted Stuchberry.