waiting for Total Commander key

[norfie]

[ghisler(Author)]

I am already using bayesian, white list, black list, and server blacklist (rbl) filtering, using the excellent tool MailWasher. But I still need to check all mails manually after filtering to make sure that I don't miss any mails (there are some rare false positives).

Web forms aren't really an alternative - people tend to write their mail address wrong on such forms...

[r2mahara]

Might I suggest some form of encryption on any addresses you post on-site?

See for example http://shellcity.net (the address near the top -> view source).

Or a simple bit of javascript and document.write can get around most spambots today. I could provide some appropriate code for this.

Changing the address monthly might work if you set your server up to bounce old addresses informing of the new address when someone uses an old one. Bit of a nuisance for the sender. (Similar to challenge-response systems).

I'm trying to find a good workaround for my site as well - so far I don't have anything that I'm totally happy with.

[r2mahara]

I forgot to mention one more option - you can create links that, when clicked, opens the sender's email program as usual - but that doesn't contain the address in the page's source (encrypted or otherwise).

This can be done if your host supports server-side scripting (PHP, etc.) - it's the solution I like the most so far.

There's another that I like second-most (since it requires javascript to be turned on). You have to set the "mouse hover" action to make the link clickable. That way even javascript enabled bots can't easily grab the address.

[Boah]

I was told about a new (?) mail spam/junk system that put all mails "on hold" (so to speak) and sent a confirmation mail back to the sender telling him that it is an automated mail and to reply to it (perhaps with a keyword? or to another e-mail?) If the user is a real human the reply is sent and the mail system "releases" the mail (lets it through.) Unfortunately I don't know anything about this system at all (if it exists..) but it sounds like a good plan (the only question is how long before spam software cottons on.)

Christian seem to be running all sorts of filters and lists, but as he says, the problem is that you can never fully trust any filter because occasionally even the best filter gets it wrong. If Christian is worried about missing out on these few messages (I wouldn't start guessing the numbers/percentage) then he has to check them just to be sure. The fact that he does worry about this is a good sign

A partly working alternative could be a less obvious support mail address. As has been mentioned, most worms and spam software both guesses and uses random e-mails. "Support" is very easy to guess, unfortunately...

Cheers,
Svein.

[r2mahara]

I was told about a new (?) mail spam/junk system that put all mails "on hold" (so to speak) and sent a confirmation mail back to the sender telling him that it is an automated mail and to reply to it (perhaps with a keyword? or to another e-mail?) If the user is a real human the reply is sent and the mail system "releases" the mail (lets it through.) Unfortunately I don't know anything about this system at all (if it exists..) but it sounds like a good plan (the only question is how long before spam software cottons on.)

Those are the "challenge-response" systems that I mentioned. Not the way to go IMHO.

What happens if the sender never gets the challenge? (filters etc.)

They're also a bit annoying for the sender. I doubt that Christian wants to make it difficult for potential customers to contact him.

IMHO, the sender shouldn't have to "pay" for the choices of the recipient --> that's the main problem with challenge-response systems. But that's just my opinion.

[Sir_SiLvA]

2Sir_SiLvA
Hi !

Sorry, but there are mail-web-forms were you can attach pics

• Never saw anywhere on any usual web-page… Maybe the webmasters fear to receive viruses as fake pics ?

So, you never used any webmailer? there you can attach anything and as any1 good into php, html, etc can tell you can restrict the attachments
(size, kind, etc) so it would work very well....
fortune -> all emails would be plain text - no danger of anykind of viri
(and I personally dont think that chris would open anytining like >viri.jpg.exe<, do you? )

[Hacker]

r2mahara,

Might I suggest some form of encryption on any addresses you post on-site?
[...]
Or a simple bit of javascript and document.write can get around most spambots today. I could provide some appropriate code for this.

Might I suggest you check the site?

Roman

[r2mahara]

Might I suggest you check the site?

I did before I posted - and I didn't find any posted addresses. However that doesn't mean there aren't any.

[Hacker]

http://www.ghisler.com/faq.htm

Code: Select all

<script language="javascript"
                type="text/javascript">
<!--
  var hostname1 = "ghisl"; 
  var username2 = "port";
  var username1 = "sup";
  var hostname2 = "er.com"; 
  document.write(username1 + username2 + "@" + hostname1 + hostname2);
// -->
</script>

Roman

[r2mahara]

Odd that he still gets so much spam then.

For people who use this type of method - the next wave of spambots will probably be javascript-enabled, getting around most methods of this type.