PDA

View Full Version : SPAM In General



JDE
10-26-2003, 02:10 PM
Spam has two major components 1.The collection of e-mail addresses.
2. The stealth sending of bulk mail.
A few years ago I made the mistake of advertising using an FFA page and joining Globelists (Both now gone) while sales picked up so did the spam, it reached a peak of nearly 10000 e-mails a day. Needless to say I ended up having to shut down and change domains and hosts. I still have the old host and every now and then I activate the e-mail addresses that were bombarded, after years the mailboxes still fill up in minutes.

I took the “know your enemy” approach and purchased several of these packages, I found that responding or trying to clog the spiders is useless. They have no interest in errors, responses or black holes they simply (some more complex than others scan various types of WebPages for e-mail addresses, any address that contains @ or # in the address line. Most cannot get through a secure server, but who keeps all their pages in a secure server? Some of the more sophisticated packages scan entire ip's by state or country. It's only a matter of time anyway as each defense is mounted the bulk developers counter. Stopping these spiders can be done as long as you don't care that search engine spiders are excluded as well.

The more complex business is in the packages that send. One package can use almost any POP account and pump out 10M e-mails in about 15 minutes, completely changing the headers to some non-existent account and host. Most of the packages also contain a DNS feature that checks all the e-mails for valiantly prior to sending, throwing out invalid e-mails prior to sending. The DNS feature makes installing scripts that send bad e-mail addresses to the spammer a total waste of time. A newer feature is the ability to upload a professional looking remove page in an encrypted directory, this "remove page is really a sophisticated collector of addresses. Just click on the remove link in most spam and you get a page to enter your e-mail, enter ANY e-mail and it jumps to a "you have been removed" page. Then put the Remove Page URL in your browser. 99% of the time you will see the page is not found. Of course not! That is why it is called Stealth software! The page you were looking for was never there in the first place. Where is it really located? Only the spammer knows the answer to that question.

A couple new features appears to include the ability of reformatting the Spam using thousands of word lists to avoid spam detection, and the insertion of spyware that resembles innocent looking cookies (you have to open the e-mail for the "Gift" of spyware)
How to counter?
1.Never Open Spam
2.Never hit the remove link on SPAM
3.Never respond to SPAM
4.Never try to counter strike and spam a Spider or Spammer.
5.Never Setup or Post to a Free For All Page (At least not using your real e-mail address).
6.Stay away from Group Lists and News Groups.
7.SPAM PROOF Or BULLET Proof Your web pages.
8.Never make an online purchase from an Un-encrypted on line form.
(Note Spam/bullet Proofing web pages only works if you change all e-mail addresses as well, once they have you that’s it!)

Good simple places to SPAM Proof your pages
Free but uses java script (not everyone will be able to send to you) Works with your whole page:
http://www.seafield-technologies.com/spam-proof/

Another very useful free Java script from Html Help Central:
http://www.htmlhelpcentral.com/js_email_hide.html

I Love this one! PHP so works with almost any browser (also free)
http://www.bitfolge.de/index.php?l=en&s=botproof

Not free but will “bullet” Proof your pages with or without excluding search engines:
www.weblockpro.com.

My “Know your enemy arsenal”:

Web Extract Professional Email Extractor
(Puts the "S" in stealth, you name it this package does it)

Extractor 8.0, Webweasal, Address collector PRO (now defunct but still works, together can find and send millions of e-mails by country or domain search). Replaced By EXP Elite, different name same spam generator. (had a lot of fun with this one, scanned AR and got Bill and Hillary's private e-mail addresses along with 95,000 others, when I scanned GA I got all of my addresses!)

SuperSonic
Multi-Tasking Email Address Collector (not fooled by most java scripts, validates all e-mail addresses prior to send)

Email Spyder
Advanced Targeted Extraction Software (no real defense against this except Bullet proofing the page)

SafeMail Pro
Safe Email Delivery System (impossible at this time to identify the senders, produces full fake headers, uses word lists)

Platinum Corporate Mailer
Corporate Email Delivery System (millions of e-mails in minutes using almost any IP address with open ports, validates e-mails prior to sending, uses word lists, impossible to identify the sender at this time)

Group Mail pro From Infacta.com (useful for sending legitimate group mailings, but can be used for spam. Does DNS validations and can be set up to use fake addresses and headers that do not reflect the real IP address that is pumping out the spam.

Can it really be stopped? I doubt it; obviously the Spam software producers have better programmers than the Anti Spam guys.
Johnie

FZ
10-27-2003, 11:35 AM
Extremely interesting reading - thanks for taking the time to write this. My situation isn't as bad as yours, but is still pretty bad (~100 spam e-mails a day + 20-30 of Worm/viral e-mails a day). I've used Procmail to pretty much curb this to more manageable levels. I filter all SpamAssassin spam-marked mail to a folder on the server (so I don't download it, therefore I don't open it) and take a peek at them (From: and Subject: ) before I delete permanently. For the viral e-mails, I filter by subject and by attachment. I recently did a whole site-rename (new domain, etc.). I won't make the mistake of putting my e-mail address as a mailto: on the web anymore. What I do now is just hyperlink something like username at mydomain.com - the hyperlink does nothing though, it's just to make the e-mail address appear as a link. If clicked upon, a JavaScript alert is shown saying they should type out the address themselves. Hardly foolproof, but I cannot be bothered to use JavaScript or encryption everytime anyway. Speaking of JavaScript, I wrote some of my own that looks for all mailto: links on the current page, and replaces a specified string with an @. For example, if your link is mailto:somebody(AT)somedomain.com and you have specified (in the JavaScript) that (AT) should be replaced with @, this is done onload. Then, any mailto link clicked on is a valid e-mail address. Surprisingly I got this to work in Netscape 4 too (along with Opera 5.x, IE 4.x, Netscape6/7/Mozilla). Any comments as to how effective this kind of script would be against those ******* spammers? I was thinking it might be pretty effective, since you can always change that string to be replaced to whatever you want, however often you want (with no restrictions on its length or format). Then again, if the spam harvesters are now interpreting/running JavaScript code then this is rendered null and void....

JDE
10-27-2003, 04:21 PM
FZ,
Your situation is worse than mine! 20 or 30 viral/worms a day? Mine used to be all selling junk or MLM's (worse than junk). 1 or 2 Viral/worms a month was the most I ever saw.
These Spam packages cost more than Bill Gates Top of the line products, you can bet the people that shelled out that kind of money for them expect them to perform. There is no way simple scripts are going to fool them. I believe they started reading Java a week after Sun invented it.

Most Java scripts I saw only truncated the e-mail address i.e. joe@comcast.n or +joe@comcast.n+ sometimes the @ is substituted by#,!,$,%.^,& etc.

Anyway, the e-mail address is still in the script and it does not take a complex spider package to recognize the e-mail and fill in the net part. The problem is if you can see it in the pages html or in pages that are linked to your page so can the spider. They don’t just crawl URL’s they also crawl all the links

I actually have not seen a single piece of spam in two weeks. The last of it dried up when I blocked yahoo.com. Of course this is not practical so I had to try another approach. The whole issue of spam is related to page and form security if you have none you will get spammed, keeping out 50% or even 99% of 20 million spammers and a few less hackers is not good enough.

Why try to re-invent the wheel? I put together a simple form it actually e-mailed me the data in encrypted format, not e-mailing now because the e-mail accounts don’t work, Westhosts secure links for 1.0 are malfunctioning and “Post Method” in the mail is malfunctioning for some reason. Check it out at http://jsouthern.com/test/ Nothing I have can extract the e-mail address or data once it’s submitted. In fact the pages will only function on jsouthern.com

Johnie

PontusM
10-28-2003, 02:38 AM
I had terrible problems with spam junk filling up my mailbox too a few years ago, until I learned two very basic rules. Now my mailboxes are completely 100% spam free without using any filters or anything.

The rules I follow are:

1. NEVER EVER put your email address on a website!
2. NEVER EVER register a user account with your real email address ANYWHERE!


Nr 1 is easy to follow. If you want people to be able to get in touch with you, let them fill in a contact form. This contact form posts the message to you without ever displaying where the message is sent. I would never put out my address on a page, not even scrambled or "protected" by some Javascript or whatever. If people can click on a link or in some way open up their email program with your address in it, they can read your email address and so can the spiders!

Nr 2 is also easy to follow. Instead of giving out your real, valued email address when registering on a website, use a "trash" email at Hotmail or Yahoo or whatever. This should be an address that you can afford to close down if needed. If the site is of dubious nature, they CAN and WILL sell your email address. Once it's sold you will end up on thousands of spam lists and the junk will come to you. If you have a "trash" email account you can simply switch to a new one if the spam starts to pour in.


I also think "catch all" accounts are kind of nice, but at the same time they welcome spam since a spammer can simply send to a bogus address at your domain and you will get it. I don't use catch all addresses for this reason.

Those simple rules keep my primary email accounts completely clean, and they have been clean for several years now!

JDE
10-28-2003, 03:33 PM
That works fine unless the e-mail address is necessary to your business. I would not buy anything from a website with no e-mail link where I could complain about the crummy product I just bought or just ask where it is. 99% of the sites that sell products have no interest in selling your e-mail address, 99% of the sites that sell your address can be found in Yahoo , Anglefire, biz.com and Geocities stores. There is no real problem putting your e-mail on a form that is secured, the problem is the website owner having to put his/her e-mail on the webpage. The spiders I tested bleed web pages; none of them were capable of collecting an e-mail as it was being entered on a form.
I'd say offhand that you are just lucky to date. The spider that I tested 2 years ago on the State of GA. found 152,000 addresses including my address at bellsouth.net and Home.com (now Comcast)

I did notice something new in spam recently, I got some spam that was addressed to the primary address with envelop to all the other address on the account (three of them). I think this is a new feature to reduce the amount of time in transmission. This is going to work to my advantage by filtering out all mail that is to one of the addresses I don't use. No one enters four e-mail addresses on a form.
Johnie

rufus
04-25-2004, 10:20 AM
I've been using an e-mail address encoder (http://www.hiveware.com/enkoder_form.php) and it's been working great. It uses Java so some people may not be able to view your e-mail address, but it should give Spambots a hard time. The tradeoff is worth it for me.

Example:

<a href="mailto:user@example.com" title="test">testing 1 2 3</a>

becomes

<script type="text/javascript">
//<![CDATA[
function hiveware_enkoder(){var i,j,x,y,x=
"x=\"783d22322525407b5c225c5c3d65363336657864574b4c363c 3535356f66363447395c" +
"223d783f6c3e333938396739406c2b7572383a363969693e2a 2a4039373935327c3e35357c" +
"7e2c35403839373a3c2e6c3e6b7739353a3a3a6a71686f3168 35373a687b3939382e2a282a" +
"2b39353a3b3968736466763335343966687178402e3635353b 39373a66393e2c2c352f3c39" +
"3439676c2b7577763935356638657876317b67366538393337 356e753d783b3a3839363a27" +
"273d793b383a6436695c225c5c7c3232253b303d3968353839 6928726f666639333a673b29" +
"7828653934393b3a706163736a7b292b2b3c39373a33693b68 746735353566386e656c2e78" +
"67396939363c693a38692874416539373a3535646f43726166 3867363868632e783d396639" +
"373a373a363a3d2b6a29323839373a68333c6a286636353566 38693b332d29373a366f3335" +
"35363372662e676e3534363335697274533d3a3968393c2b79 3b3439396c6176653d6a3b5c" +
"22797d296a28683634396965646f437235663636366168436d 27273d793b29312872747362" +
"75732e783d783b292930287441726168632e78282e783d2b79 7b2930313d2b693b6874676e" +
"656c2e783c693b303d6928726f663b3b6874676e656c2e783c 693b353d6928726f667d3b29" +
"352c69287274736275736275732e793d797d3b29352c692872 74736275732e783d2b797b29" +
"30313d2b693b296a28727473223b793d27273b666f7228693d 303b693c782e6c656e677468" +
"3b692b3d3332297b666f72286a3d4d6174682e6d696e28782e 6c656e6774682c692b333229" +
"3b2d2d6a3e3d693b297b792b3d782e636861724174286a293b 7d7d793b\";y='';for(i=0;" +
"i<x.length;i+=2){y+=unescape('%'+x.substr(i,2));} y";
while(x=eval(x));}hiveware_enkoder();
//]]>
</script>

jim
04-26-2004, 10:38 AM
An interesting post. I wrote a program that used Javascript to encode/encrypt/hide email addresses on websites. After spending the time to write this program I began testing it with the SPAMers’ address harvesting programs and found the major programs can decode all the Javascript scrambler methods I’m aware of. I decided it amount to this, if browsers can decode it the harvester programs can decode it. Putting your email address in a GIF/JPEG is the simplest way to secure it. This requires the visitor to enter it by hand so it’s not practical for me, but it guarantees the email harvesters won’t find it.

I operate about 7 websites. Two of them sell my software and one gets A LOT of traffic. I’m not sure why but the amount of SPAM I get increased a lot last year. Today I get about 3000 SPAM messages a day, so I’m constantly trying to devise ways to combat it. At first SpamAssassin seemed to do a good job. It eliminated about 90%, but it doesn’t seem to be doing much good anymore.

Your first suggestion is to “Never open SPAM.” In many cases I can’t be sure it’s spam until I open it, so this isn’t workable for me.

I am about to try having only email forms on my websites that operate from concealed (e.g. CGI directories) and see it that works.

jim

FZ
04-26-2004, 11:13 AM
Jim,

Have you tried enabling RBLs for SpamAssassin (by installing the Net::DNS Perl module)? If not, you should definitely try that out - it helps SA catch A LOT more spam. Also, I find the latest version of SA is a lot better at catching spam than the version WestHost makes available via their Site Manager.

jim
04-26-2004, 11:38 AM
Do I understand from you post that WestHost isn't keeping SpamAssassin up to date? Gosh. We should definately appeal to them to stay updated.

FZ
04-26-2004, 11:50 AM
Unfortunately, that is the case - and it's not just with SpamAssassin. But, one cannot blame them - (I would imagine...) they have to do such thorough testing of the programs to ensure that they run flawlessly in the custom VPS environment that it is in no way feasible to keep programs at the cutting edge in terms of updates, especially not programs where new versions have minor revisions (or just a "0.1" version number change, like SpamAssassin: 2.52 in the Site Manager, 2.63 the latest [and greatest]). At least we have the freedom to update programs ourselves. If you want to update SpamAssassin, you should have a look at Jalal's excellent site (http://codeworks.gnomedia.com/westhost/).

msealey
04-26-2004, 01:35 PM
Jim,

Have you tried enabling RBLs for SpamAssassin (by installing the Net::DNS Perl module)? If not, you should definitely try that out - it helps SA catch A LOT more spam. Also, I find the latest version of SA is a lot better at catching spam than the version WestHost makes available via their Site Manager.

I can't immediately see a way to invoke RBL for SA in WestHost 2. I have Perl installed - and so, I'd guess, the Net::DNS Module. But how to activate SA RBL - TIA!

wildjokerdesign
04-26-2004, 01:39 PM
msealey,

I don't think that Net::DNS is installed by default. I belive you'll need to do it via an SSH session and cpan.

msealey
04-26-2004, 02:38 PM
msealey,

I don't think that Net::DNS is installed by default. I belive you'll need to do it via an SSH session and cpan.

Thanks - I can do that. But how do I then (re) configure SA?

FZ
04-26-2004, 02:41 PM
msealey,

wildjokerdesign is absolutely right: Net::DNS is NOT installed by default on your WestHost VPS.

To "activate" it, you need to install that module via CPAN. That's it. Really, that's all ;) I wish WestHost would do it by default because as soon as it is picked up by SpamAssassin, it immediately starts using RBLs (as per default settings, to use "network tests").

msealey
04-26-2004, 03:48 PM
msealey,

wildjokerdesign is absolutely right: Net::DNS is NOT installed by default on your WestHost VPS.

To "activate" it, you need to install that module via CPAN. That's it. Really, that's all ;) I wish WestHost would do it by default because as soon as it is picked up by SpamAssassin, it immediately starts using RBLs (as per default settings, to use "network tests").

Fayez,

Thanks for that - the mere act of installing (and giving the right permissions to) Net::DNS allows SA to use it without any further configuration of SA?! Great. Both your help much appreciated :-)

FZ
04-26-2004, 03:59 PM
Mark,

I don't think you even need to play with permissions - if it installs successfuly via CPAN, it should be in working order automatically. Let us know if you have any problems (and/or get it working).

msealey
04-26-2004, 04:19 PM
Mark,

I don't think you even need to play with permissions - if it installs successfuly via CPAN, it should be in working order automatically. Let us know if you have any problems (and/or get it working).

Thanks, Fayez - that's very kind of you :-)

I downloaded it and opened the tar. It's a while since I did this - as I don't usually have root on the servers I work on:-)

So where do I put it on my WH tree?

Then I presume, looking at the pod, all I have to do is run:

perl Makefile.PL
make
make test
make install

when I come in via ssh as usual? But from where?

I just went to some SA sites but couldn't immediately find anywhere that explained how SA picks up on the presence of Net::DNS. Would I be right in thinking that the SA source tries for an Include or Require methods in Net::DNS?

How, then, just out of curiosity, does it do what it does as a result for RBL? (I get over a hundred pharmacy spam a day to two of my WH accounts - so would really like to rid myself of them.)

FZ
04-26-2004, 04:40 PM
Hmm, sorry to dodge all your questions like this, but I have always just recommended installing Net::DNS via CPAN (least painful method):

1. Start an SSH session.

2. Type cpan and press enter - if it starts asking you questions (i.e. if this is your first time using it) just press enter at each unless you know what needs to be typed.

3. Type install Net::DNS and press enter. That should do it...

(more detail: http://forums.westhost.com/phpBB2/viewtopic.php?p=9218#9218)

As for the answers to your more technical questions, I can only hazard guesses (I'm no expert on Perl and Perl modules). I don't think it would use a require or include method, since those imply that the script would fail if they are not found. I guess it just tests to see if the module is available, and if it is, it will check to see if network tests (which are, by default, on) have been disabled. If not, it proceeds to check the RBLs that were "built into it". Of course, you can add/edit/remove which ones it uses. I'm not sure exactly how the rest of the process goes, I guess for the rest of it, the code is either included or uses modules that are available on our VPS already.

As for your "medication" spam, you should look into using custom rulesets: http://forums.westhost.com/phpBB2/viewtopic.php?p=9302#9302 (specifically, try out the "drugs" one).

Good luck.

msealey
04-27-2004, 09:21 AM
Hmm, sorry to dodge all your questions like this, but I have always just recommended installing Net::DNS via CPAN (least painful method):

== snip ==

Thanks so much, Fayez: you didn't (dodge) - really grateful for all your help here!

I did all of that and I suppose it's all installed as I got just a few errors for missing files in various @INC arrays along the way.

Am I right that the cpan> session put everything in the .cpan directory?

And that now SA will be better at learning?

And that it makes sense to have both learning settings checked simultaneously?

> As for your "medication" spam, you should look into using custom
> rulesets: http://forums.westhost.com/phpBB2/
> viewtopic.php?p=9302#9302 (specifically, try out the "drugs" one).

OK. Will look at that next. Thanks again. Reading that thread there seem to be one or two pitfalls with SA and a possible command line command to turn on learning. I may well stick with the standard WH SA installation for the moment.

jalal
04-27-2004, 09:46 AM
I did all of that and I suppose it's all installed as I got just a few errors for missing files in various @INC arrays along the way.
After installing you should be able (in an SSH shell) to type '/spamassassin --lint -D' and the output will tell you exactly what is what in the installation.


Am I right that the cpan> session put everything in the .cpan directory?
No, it unpacks everything into the ~/.cpan directory and then installs it into the perl libraries location (/usr/local/perl)


And that now SA will be better at learning?
Net::DNS does not really effect the Bayesian learning part of SpamAssassin, although it may (I'm not sure) use the rejected emails as part of its learning process.


And that it makes sense to have both learning settings checked simultaneously?
Yes.


> As for your "medication" spam, you should look into using custom
> rulesets: http://forums.westhost.com/phpBB2/
> viewtopic.php?p=9302#9302 (specifically, try out the "drugs" one).
There is a file called 'bigevil.cf' (search with Google for it) which contains a mass of rules, including the pharmacy ones. I use it and its really good.


OK. Will look at that next. Thanks again. Reading that thread there seem to be one or two pitfalls with SA and a possible command line command to turn on learning. I may well stick with the standard WH SA installation for the moment.
Check out the site in my .sig for more information on killing spam. I get hundreds a day, and rarely more than half a dozen get through to my Inbox.

HTH


8)

msealey
04-27-2004, 10:26 AM
Thanks, Jalal!

The /spamassassin --lint 'created' a new (=overwrote: but I have them to re-upload) user.prefs file.

I could not get the -d option to work.

Will certainly look at the BigEvil .cf files. I can have as many .cf s there as I want, can I?

What I really want is to have SA actually delete (after some testing) marked SPAM right off the server.

I can't see any way to do that.

I use Mailsmith 2 on Mac OS 10.3.3 with SpamSieve - it's extraordinarily good at detecting SPAM but I really don't want to see it - getting on for 200 messages a day.

Will certainly look at your site for more weapons. Your help very much appreciated. What a responsive and friendly BBS this is :-)

Take care...

jalal
04-27-2004, 11:11 AM
I could not get the -d option to work.
That should be a 'big D' not a 'little d'.


Will certainly look at the BigEvil .cf files. I can have as many .cf s there as I want, can I?
Yes. But the files have to live in /etc/mail/spamassassin (they won't work in ~/.spamassassin) so that means that they are site wide, not per user.


What I really want is to have SA actually delete (after some testing) marked SPAM right off the server.

You need to get procmail to deliver it to the bit bucket /dev/null. Procmail passes it to SpamAssassin, which then examines it and then assigns a score which it writes in the header. Procmail can then examine the returned header and decide what to do with it.


Will certainly look at your site for more weapons. Your help very much appreciated. What a responsive and friendly BBS this is :-)

Take care...

We try to please...
:)

msealey
04-27-2004, 11:35 AM
Jalal,

Yes the two .cf files you guys have recommended + local.cf are all in:

/etc/mail/spamassassin

I ran /spamassassin -D --lint

and got (hoping it isn't too antisocial to paste it here):

debug: Score set 0 chosen.
debug: ignore: using a test message to lint rules
debug: using "/usr/local/perl/share/spamassassin" for default rules dir
debug: using "/etc/mail/spamassassin" for site rules dir
debug: using "/home/markworks/.spamassassin" for user state dir
debug: using "/home/markworks/.spamassassin/user_prefs" for user prefs file
debug: using "/home/markworks/.spamassassin" for user state dir
debug: bayes: no dbs present, cannot scan: /home/markworks/.spamassassin/bayes_toks
debug: Score set 1 chosen.
debug: Initialising learner
debug: debug: Only 0 spam(s) in Bayes DB < 200
debug: bayes: 24395 untie-ing
debug: bayes: 24395 untie-ing db_toks
debug: is Net::DNS::Resolver available? yes
debug: trying (3) slashdot.org...
debug: looking up MX for 'slashdot.org'
debug: MX for 'slashdot.org' exists? 1
debug: MX lookup of slashdot.org succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: running header regexp tests; score so far=0
debug: running body-text per-line regexp tests; score so far=1.7
debug: running raw-body-text per-line regexp tests; score so far=1.7
debug: running uri tests; score so far=1.7
debug: uri tests: Done uriRE
debug: running full-text regexp tests; score so far=1.7
debug: Razor2 is not available
debug: running in taint mode? no
debug: Current PATH is: /bin:/usr/local/bin:/usr/bin:.:/usr/local/apache/bin
debug: DCC is not available: dccproc not found
debug: Pyzor is not available: pyzor not found
debug: all '*To' addrs:
debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org
debug: running meta tests; score so far=1.8
debug: is spam? score=1.8 required=4.5 tests=DATE_MISSING,MISSING_HEADERS,NO_REAL_NAME
debug: bayes: 24395 untie-ing

Is this what I would expect?

One concern is that on installing the Net::DNS module I did have to exit a loop which kept asking me to select 48, 16, 12 (I think) URLs. "[RETURN]" (ie the default) never let me get any further. So I tried a [1] (I think) and only got back into the same loop. I can't remember how I got past it. But I guess I did.

Do you think I have a good installation - and am set to move on to look at Procmail now? TIA again, Jalal :-)

FZ
04-27-2004, 11:42 AM
Congratulations, Net::DNS is working properly :D

As for that loop thing, I believe that is part of the CPAN configuration: it asks you for your favourite download mirrors. You need not worry about that.

Your installation "looks good". You even have Bayesian filtering working properly, and that's great. So, yeah, start delving into the magical world of Procmail :D

msealey
04-27-2004, 12:00 PM
Congratulations, Net::DNS is working properly :D

As for that loop thing, I believe that is part of the CPAN configuration: it asks you for your favourite download mirrors. You need not worry about that.

Your installation "looks good". You even have Bayesian filtering working properly, and that's great. So, yeah, start delving into the magical world of Procmail :D

Wonderful. Thanks. ProcMail here I come. Your help, both of you, greatly appreciated ;-)

FZ
04-27-2004, 02:04 PM
No problem :)

jalal
04-27-2004, 02:21 PM
Always feels good to help someone defeat the forces of darkness (aka spammers).

:)

msealey
04-27-2004, 04:42 PM
Always feels good to help someone defeat the forces of darkness (aka spammers).

:)

Fayez and Jalal,

'Helping' is one thing. Replying to almost every message of mine within hours - sometimes minutes - is another. And with clear, helpful and effective information is just plain marvelous :-)

I mentioned you to WH t/supp. when I called earlier. Thanks again, guys.

BTW It looks as though my SA has started 'learning' faster. All the best to each of you!

FZ
04-27-2004, 05:28 PM
What do you mean "almost every message"?! :D

Glad that we were able to help you out. I've said it before, but I love to do it not only because it's just plain cool to do, but because it helps me learn (and remember) in the process too (and gives me an excuse to stay away from my university work, gosh I hate studying) ;)

WestHost - MMellor
04-28-2004, 08:37 AM
Hello Everyone,

It sounds like you guys have this figured out. Please let us know if there is anything we can help with. Thanks again for helping each other out here.

rhodan
06-14-2004, 05:11 AM
Here is one I use that I didn't see on here. I have to have my email on my site, but also I am afraid of Email Bots snagging my addy. So I just encode the email address by using unicode characters in the html.

The html code to send email to the following email: tom@getsmart.com usually is:


<a href="mailto:tom@getsmart.com">tom@getsmart.com</a>

To use unicode the above example would become:


<a href="mailto:tom & # 0 6 4 ; getsmart.com">CONTACT US</a>

Please note that I had to add spaces to the above example. When coding your pages do not add spaces.

The characters & # 0 6 4 ; are turned into the normal @ sign. I also never duplicate the email in the link since that defeats the purpose. So I just use CONTACT US or EMAIL US instead.

I've found that this is one of the easiest ways to get around those email bots. Seems to work on my pages and doesn't require java or encryption of email addressess. Now a email snagging spider could be created to translate unicode back into the @, but I haven't heard of any being able to do so yet.

jalal
06-23-2004, 01:55 PM
I have come across some spambots that will translate the & # 0 6 4 into the correct code. For some reason Russion based spambots seem to be the most prolific.
I have an address that only exists on one website and it is encoded as above, except I also encode the other characters.
And slowly that has started getting a lot of Russian spam.

What does help is to also encode the 'mailto:' part, as quite often the spambots will look for that tag and then work hard to decode whatever is behind that. If they don't see the mailto: bit, then they skip the rest.