Jump to content

Cre8asiteforums Internet Marketing
and Conversion Web Design


Photo

Spam and Bounty Hunters


  • Please log in to reply
35 replies to this topic

#1 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 29 September 2002 - 11:02 AM

An article came out a couple of weeks ago suggesting an idea for handling spam that sounds like it just might work.

It's an opinion article called A Bounty on Spammers. The basic plan is as follows:

Imagine a law that had two parts—a labeling part and a bounty part. Part A says that any unsolicited commercial e-mail must include in its subject line the tag "ADV:". Part B says that the first person to track down a spammer violating the labeling requirement will, upon providing proof to the Federal Trade Commission, be entitled to $10,000 to be paid by the spammer.



The first part would make it easy to filter unwanted emails.

The second part would allow people who are good at identifying the source of spam to make a profit at it. A lot of these people are working on setting up blocklists and filtering systems that every once in a while cause more harm than good. It may just also make the first part actually work.

Good idea? Bad idea?

#2 Guest_Phil_*

Guest_Phil_*
  • Guests

Posted 29 September 2002 - 11:19 AM

Good idea - but I have an axe to grind.

My axe is that many people think that unsolicited email is spam and, therefore, wrong. But it isn't. It may be called spam but some of it isn't wrong in any sense.

Suppose I am a business in a town, and I come up with a new service that some businesses in my town would want if they knew about it. The service is such that some businesses would definitely want to know about it and would not like to be left in the dark.

So I use whatever means I can to make a list of the local businesses that are the most likely to be interested in my service. There are a number of ways by which I can inform them of the new service:- post, phone calls, cold calling, fax and email.

I can post flyers, make phone calls and turn up to introduce myself (cold calling) and nobody would scream about spam or wasting their time. Fax is different in that it uses their resources which they have to pay for. If it weren't abused already, then contacting them by fax would be ok.

That leaves email. So what's so different about email that makes it wrong for me to announce my service to businesses that are likely to be interested, and who would want to know that it exists anyway? Nothing at all. Nothing whatsoever. It takes more time to read and bin a flyer, see a cold caller to say no and answer the phone than it does to read an email and hit the delete button.

I reject out of hand that unsolicited email is intrisically wrong. There are businesses who want to know about the service and who would not be happy at all if I didn't tell them somehow, even though they didn't intially invite me to tell them. If it's good for them, they want to know. If it applies to their business, they want to be kept informed even if they don't want to use the service.

That was hypothetical but it makes my point that unsolicited email is not wrong. Having said that, some unsolicited email is wrong but for different reasons. I had this discussion in another forum some time ago. One person there was outraged that he received about 20 spam emails a day. WOW!!! Is his time so valuable that 20 presses of the delete key costs too much?

I agree that, if left unfettered, unsolicited email could/would become overwhelming, and for some people, it may be overwhelming now. So the idea of labelling unsolicited email is a good one. It can be filtered. My axe is that unsolicited email is not wrong in any way. The way that some spammers do it is wrong.

Phil.

#3 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 29 September 2002 - 12:09 PM

I wonder sometimes where that fine line between spam and not-spam is. The definition I often see is "unsolicited commercial email."

But, if I were to spend time at someone's web site and read over their site, and consider doing some type of business with the owners of the site that wasn't directly related to their business, I would consider sending them an email.

It would be personalized. It would be one email. But it would still be an "unsolicited commercial email."

Does the personalization make a difference? Does the volume?

Our best definition of spam is still "I know it when I see it."

I would love to see the ADV subject header. I would probably filter those out or even try to have my ISP stop them before they ever got to me.

But, would I have to use an "ADV" for my example above? If I did, would the intended recipient ever see it? If I didn't, would I be contacted by a government agency after being reported by spam vigilantes?

There are some things that we can look at when determining that something is more likely to be an indication of bad behavior in people sending emails such as fake return addresses and no contact reply information. But even those aren't always going to be definitive indications that some communications should be considered bad.

There have been attempts to write legislation against spam. Many states in the US have passed some type of statute against it. But the inability to define it in some useful way makes writing those statutes and enforcing them difficult.

#4 Guest_Phil_*

Guest_Phil_*
  • Guests

Posted 29 September 2002 - 01:09 PM

I agree that it would be very difficult to define email spam. Here's another example of so-called email spam but is not wrong by any stretch of the imagination. We are all familiar with this...

Not long ago I received an unsolicited email from a company who had spidered one of my sites looking for broken links. They'd found one, and I put it right. I appreciated their email even though it tried to sell me their monitoring services. It wasn't a big sell and I didn't hear from them again. I was pleased that they'd done it. They were looking for business by email and it was done in a perfectly pleasant way. There was nothing at all wrong with it. In fact, some sites would actually want their services and would appreciate knowing that they exist - even if they didn't ask to be told.

And here's another. A few days ago I received an email from a company who had found this site down during the virus/hack period. It was unsolicited and offered me their services to keep an eye on the site. The fact that it is a free service is irrelevant. It wasn't offensive, it offered a service that some websites would find useful and it informed me that such a service exists. It couldn't be faulted, and yet some people call both of these examples spam and, by that, they mean that it is wrong and should never happen. I couldn't disagree more.

Phil.

#5 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 30 September 2002 - 12:38 AM

Sorry I just do not agree with the hue and cry over spam email, and think the idea of bounty on spam emailers is a bad idea at worst, and more than likely an infringment of our civil liberties at best.

If you don't like what comes into your mail box, then by all means filter out that which you don't want with one of the free programs to do just that, but don't be surprised if you end up like my client could not understand why he was not hearing from me until it dawned on him that he did not have my email in his approved list.

Ask yourself why do so many companies send out so much "spam" email? The only supportable answer is because it works for them. I personally don't use it because it has a reputation I do not want to be associated with,
but that is no reason to proscribe others from using it. TV adverts are much more annoying to me, but can you imagine if I were to start a compaign to stamp out TV advertising?

My suspicion is that many spend more time discussing "spam" than it will ever cost them in time or money.

#6 Advisor

Advisor

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 1142 posts

Posted 30 September 2002 - 12:41 AM

Mel, I guess you don't get the 200+ spams AN HOUR that I currently get. No, I'm not exaggerating.

It's ridiculous, and there oughta be a law.

Jill

#7 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 30 September 2002 - 12:43 AM

Why is it that you let it come in then Jill, when you could so easily filter it?

#8 Advisor

Advisor

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 1142 posts

Posted 30 September 2002 - 12:50 AM

I filter it as best as I can, but as you said, you have to be careful of losing the real email. It's impossible to keep up also.

Right now nearly all my email gets filtered into the trash folder (as it should because it's nearly all spam). But I still have to look through the trash to make sure I'm not deleting something that's real. They do get in there by mistake.

It's simply impossible to have to deal with this amount of spam. Up until about 3 months ago, I used to get about 100 spams a day. That was somewhat manageable. But the thousands and thousands I suddenly get now is disgusting, dispicable, and should be highly illegal. Hopefully one day it will be.

Jill

added: Just got 7 more spam while typing that message.

#9 Black_Knight

Black_Knight

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 9339 posts

Posted 30 September 2002 - 02:36 AM

Ask yourself why do so many companies send out so much "spam" email? The only supportable answer is because it works for them. I personally don't use it because it has a reputation I do not want to be associated with, but that is no reason to proscribe others from using it. TV adverts are much more annoying to me, but can you imagine if I were to start a compaign to stamp out TV advertising?


The only supportable answer?

So, bad SEOs still use invisible text because it is a winning technique by that logic, rather than because they don't know better. In fact, why do more and more companies spring up online each day? The fact is that 95% of all ecommerce companies go bust without ever even recovering their hosting costs.

People often don't do things because it works reliably, they do it because it may work, and people like to play the lottery, however poor the odds of winning.

Fact. One company has sent me the same automated spam-mail 18 times now. It is an SEO company that uses a basic web-crawler to collect email addresses from the web. It is patently obvious that it is fully automatic, and that no checking at all has been done.

Companies use email spamming because a system like the one I just described can be setup cheaply and quickly and then runs on auto forever more. As a result, if it generates just two leads from those who knew no better each year, it will probably prove worthwhile.

The success rate of email spamming is pathetic, at less than 1 click-through per 5,000 emails for most campaigns.

A couple of quick tips though:
[list]

[*]Mail Washer is a free program that can filter out a lot of spam effectively, and because it can 'bounce' emails, appearing as though your email address is invalid, it can provide the only way to get off of the majority of spam lists. It is far from perfect, but it is very good.


[*]Whenever you have to provide an email to get a password or access code for something, use a special account for it. Set a mail rule to automatically place all emails to that specific account in your deleted items folder on arrival. That way, you can scan through your deleted items when you are expecting the password or access code, and anything else sent to that account never bothers you. I use this technique myself, and it has meant that about 50% of spam is auto-deleted by that one technique alone.


[*]Most spam is automated completely, and the majority of spam is sent to email addresses that you have placed online. You can use JavaScript to create working email links that will not be detected by the crawlers they use.[list]

#10 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 30 September 2002 - 03:00 AM

So, Ammon your contention is that people use email spam, do not get any results from its use, but continue to use it anyway???

#11 Black_Knight

Black_Knight

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 9339 posts

Posted 30 September 2002 - 03:10 AM

My contention is that any level of result is generally seen as a positive result, no matter how far beneath the levels of response we'd expect from other promotional methods.

My secondary contention is that so long as anyone believes a technique might pay off big for minimal effort, it will continue to grow. MLM and Pyramid schemes spring to mind - both are still going strong decades after they were known to be mainly throwing away time and money.

Remember, the ROI is always high if the investment (in time, effort or cash) is low. Automated email address grabbing, followed by automated email spam means the only investment was in creating the automation. The longer the automation runs, the higher the returns, no matter how proportionally low the click-throughs.

There have been statistics showing that email works well for referrals, but sadly, these figures usually reflect direct email referrals from friends - viral marketing. The response rate to unsolicited commercial emails are terribly low, but with so many people using spam filtering of at least some level, the vast majority of spam (and its pitiful success) doesn't even register in the surveys because a large proportion is eliminated unseen.

#12 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 30 September 2002 - 04:04 AM

It seems to me that you are making the unwarrented assumption that anyone using spam email is harvesting all his addresses off the web.

Where do you then put the emails from the many large companies who maintain lists of millions of emails, charge thousands of dollars for a mailing, and seem to have customers satisfied with the results?

I know that for many the result of even mentioning spam results in an angry knee jerk reaction but this does not answer the question about the large email companies that seem to stay alive and even prosper.

#13 Advisor

Advisor

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 1142 posts

Posted 30 September 2002 - 07:46 AM

I think that most people that spam (the kind of spam I get) just have no clue. They think it's the way of the internet. Just like those people that think they are supposed to submit to 30,000 sites. They've been suckered into a bad proposition.

Regarding mailwasher, I tried it for a week, but found that it was mostly just a way of setting up filters, and I already have heavy filters set on my Outlook. I felt like I was just duplicating my efforts. Bouncing the mails do no good as the from addresses appear to be all spoofed. In fact, a good percentage of the spam I get now seems to use MY OWN domain in the from address. Bouncing them sends ME a bounce message. I'm guessing that the ones that don't use my address are using some other poor saps address, and I see no reason to keep sending them bounce messages also.

So I'm back to using Outlook and scanning through the delete folder before deleting permantly. I still use MailWasher in conjunction with it, however. I get these certain spams that come in a hundred or more at a time, yet Outook can only seem to download a certain percentage of them at once. MailWasher can eradicate the entire lot of them at once.

As to hiding my email addresses on my site, I'm afraid it's too late for me. My addresses have been out there for so long that I would have to totally change domains to stop it. Much of it is to email addresses of mine that don't actually exist. something at webwhiz.net. But since I have a catch all email account, they all come in. I do filter them out, but it's a huge chore.

Not sure if somehow I've been targeted by an enemy or something, but I do find it interesting that it suddenly got out of control a few months ago. Like I got put on some special "nail her" list!

J

#14 Advisor

Advisor

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 1142 posts

Posted 30 September 2002 - 10:43 PM

Right now MailWasher is downloading 757 spams for me.

Tell me Mel that something shouldn't be done about this?

What happens to me next time I'm out of town on my laptop and a freakin' dial up. This is gonna suck big time.

Jill

#15 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 30 September 2002 - 11:05 PM

Hi Jill:

Sorry you are getting so many spam emails, but you are in effect inviting them in by using a catch all email address. Why don't you set up a dedicated address for business, another for personal use, and have your ISP reject those not addressed to either of these?

#16 Advisor

Advisor

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 1142 posts

Posted 30 September 2002 - 11:23 PM

Sorry you are getting so many spam emails, but you are in effect inviting them in by using a catch all email address.

Holy moly, Mel, are you kidding me? I'm inviting them? And I suppose if I wore a too short skirt I'd be inviting a rapist?

I know that analogy might sound harsh, but what's the difference? I have good reasons for using catchall email addresses. I should have to change my business practices so scum can't send me their crap? I don't think so.

Think about this. If I just got 757 emails...who else did? How much bandwidth is going to the spammers? How much are they essentially stealing. I see nothing wrong with making a law against stealing my bandwidth, as well as my ISP's and my email host's.

Enough is enough. Nothing will stop them but a law, and a heavy penalty. I'm really not one for government intervention. Not at all, but as I said before, this is just ridiculous and it will only get worse if we ignore it, or try and blame the users!

Jill

#17 Guest_Phil_*

Guest_Phil_*
  • Guests

Posted 01 October 2002 - 07:40 AM

That's a helluva lot of spam Jill. There's no way that anyone could argue in favour of that. But my first post still holds true - that spam email is not wrong in itself, although some practises are.

I was going to suggest the same thing as Mel - that, in the circumstances, you abandon your existing email addresses and start again with new ones that are hidden from spiders. I know you shouldn't have to do that but what's the alternative?

Phil.

#18 Advisor

Advisor

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 1142 posts

Posted 01 October 2002 - 08:01 AM

The alternative is to just keep doing what I'm doing, and basically have everything go into my delete folder, and I'll pluck out the few good things as they inadertantly end up there. :cry:

And I'll wait for someone to pass a law.

I think you'd agree, Phil, that the kind of email I'm talking about is most definitely spam.

I have no problem with someone who visited my site or saw an article somewhere of mine, emailing me! I love those emails, and get them all the time. That's not spam.

But sending bulk email, blindly to anyone and everyone (and even to people/addresses that don't exist) is spam. And something needs to be done about it quickly before the Internet collapses from the weight of it all.

Jill

#19 Guest_Phil_*

Guest_Phil_*
  • Guests

Posted 01 October 2002 - 08:21 AM

I agree completely Jill. The stuff you get is totally out of order - and it will only get worse without some sort of global laws but I can't see that happening in the foreseeable future.

For me it would be down to what constitutes "bulk" unsolicited email. I will still argue in support of the examples I gave earlier. I don't consider them to be bulk in the same way that sending stuff blindly to every email address in sight is. It's unsolicited email that I support and not blind, bulk email.

Nobody can do anything about it. Laws can be passed in certain areas of the world but there are always ways to get around things like that. E.g. many of the casinos on the web are American owned but if they were hosted in America they would fall foul of the inter-state gambling laws, so they are hosted overseas.

I think we have to learn to manage our own email accounts as best we can. The idea of hiding them from spiders is a very good start.

Phil.

#20 cjstorm

cjstorm

    New To Community

  • Members
  • 1 posts

Posted 14 January 2003 - 01:06 PM

I think that Spam is just wrong. I live way out in the boonies, and I have a long distance dial up connection. When I get spam it COSTS ME MONEY, I see it as a theft of service to be honest, and the spammers don't know and don't CARE how much money it is costing me or anyone else for that matter.

Like others on this site, I get a lot of spam, and I feel that I shouldn't HAVE to set up elaborate filters. I make a point of tracking and reporting these spammers to their up stream service providers, and once in a while I get the satisfaction of knowing that SOMEONE got kicked off!   :P  

I think that spam is NOT needed, and if you have a good product or service, you can ADVERTISE a LOT less invasively! If I am looking for a good deal on widgets, I will go LOOK for them on the net, but I'll make a point of NOT doing business with a widget spammer.

And don't get me STARTED on the PORN SPAM.... geez!  I like the bounty hunter bill, but if more ISPs (commercial, as well as personal) would have no spam policies, and ENFORCE them, we probably wouldn't need a new law...   anyway that is my rant, thanks for reading, and have a wonderful day!!!!!  

C.J.

#21 apeuro

apeuro

    Ready To Fly Member

  • Members
  • 29 posts

Posted 16 January 2003 - 06:16 PM

Sorry you are getting so many spam emails, but you are in effect inviting them in by using a catch all email address.

Blaming the victim is dispicable and pathetic.

#22 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 16 January 2003 - 07:18 PM

Hi apeuro and cjstorm,

I don't think I've had the chance to welcome either of you to the forums. Good to have you both here. :wave:

Sometimes I think there are instances where people aren't always aware of the impact of their statements or actions. Spam is one of those. The Wall Street Journal ran an interview with a woman in Florida who runs an "email advertising business." She makes good money at it too. Seems like a nice lady. Doesn't quite get that most recipients of her emails believe that there is a special place reserved for her in the afterlife, somewhere very very warm.

An alleged spammer in Illinois recently had enough information about his address revealed after an interview with a reporter that only a little investigation uncovered the whole thing, and he was deluged with truckloads of snail mail. Doesn't understand why. Made a promise to his wife that he wouldn't send out x-rated emails because that "would be immoral."

Of course, it makes you wonder a little that neither of these people gets it.

The author of the original article about bounties on people who send out spam without labeling it as an advertisement (ADV) has made some other statements about the plan on his blog, even going so far as to state that if his plan is adopted and fails, he will give up his job. I believe he is referring to his position as a law school professor. The person he picked as a judge of whether or not it works, if passed into law, has a post about the bet here:

http://www.politechb...om/p-04286.html

The potential judge also points out a fairly interesting link to an article on anti-spam blacklists, which I've seen some people agree with, and others criticize.

I'm not fond of the idea of vigilanteism as a means of pursuing positive social outcomes. There's a lot of risk that people will over reach, and create more harm than good regardless of their good intentions. There are other means that may prove more effective, and less harmful.

We need to learn to be more kind to each other.

That's true regardless of whether we're talking about pressing a mouse button that will launch millions of unwanted emails, or making statements on a forum. :D

I agree with C.J.'s rant about ISP's getting more involved. I'd like to see people start exploring digital ID's when it comes to email, so that folks can't hide behind a fake return address, and name. The anonymous nature of forums and of email, and the distance between speakers and listeners or senders and recipients can lead to people saying things to people at a distance in a manner that they wouldn't use face to face. The solution to spam:


We need to learn to be more kind to each other.

<edit> to fix typo's and add a little more clarity </edit>

#23 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 16 January 2003 - 07:56 PM

HI Apeuro:
We all have a responsibility to help stamp out spam mail, and NOT using a catch-all email address is one way to help do that, since the use of catchall email addresses means they do not even have to spider your site for email addresses they only have to know your domain name and the catch all system will dutifully forward the email to you, and they will know that they have found yet another valid email to add to their database when it doesn't bounce.

If instead you set your system to only deliver mail to specified and valid addresses, and to bounce anything else, they will either have to go to the trouble to spider your domain for email addresses ( and you can code them so that they won't find them) or forget about adding you to their spam list.

Your hip shot doesn't take into account, Apeuro, the facts of the modern web, and that if we don't want to get spam mail we will have to acept at least a bit of responsibility.

#24 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 16 January 2003 - 08:06 PM

That's interesting about the catch-all addresses, Mel. If you had to venture a guess as to how many people take those steps, do you think you could put a rough figure on a percentage that you think have done so?

I think that we're only beginning to brush the surface of possible solutions to spam, with this post and others. But I think there are some out there.

#25 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 16 January 2003 - 08:38 PM

I really have no concrete information on the statistics, Bragadocchio, but based on my experience, the number of persons who take the time and trouble to set up their systems so that emails to generic domain name addresses bounce is very small, most just leave it at the default settings, and the percentage of those that take the time to disguise thier online email addresses from email harvesting spiders is very small also.

You can usually hide your email address from most harvesting robots by just replacing the @ and .com portions of your online email addresses with thier unicode equavalents, since these are the most commonly used search triggers:
@=0040
.COM=002E 0043 004F 004D (note this is in capital letters, which works fine, but which is less common) You could also use a combination of small and capital letters in the .cOm portion to confuse pattern recognition.

Using this an online email address of someone@somwhere.com becomes someone0040somwhere002E 0043 004F 004D .

Another common trigger is mailto: which can be encoded as 006D 0061 0069 006C 0074 006F 003A.

I advise my clients to use this system, and most seem to report that it seems to reduce the spam load, but it takes some time to get your name off existing address lists.

#26 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 16 January 2003 - 08:49 PM

Thanks, Mel.

The unicode solution is a good idea. I've tried to use it in the past combined with javascipt to try to hide addresses from email harvestors. That doesn't work well though if people don't have their browser set up to work in conjunction with their email client.

I'd venture that a lot of people with sites aren't aware that their domain can bounce generic addresses, if set properly, instead of funneling those to them. It does sound like a good idea, though.

#27 Guest_Mel_*

Guest_Mel_*
  • Guests

Posted 16 January 2003 - 09:12 PM

The unicode solution is a good idea. I've tried to use it in the past combined with javascipt to try to hide addresses from email harvestors. That doesn't work well though if people don't have their browser set up to work in conjunction with their email client.


Not sure quite what you mean here Bill, are you referring to the unicode portion or the JS portion?

The unicode portion works in your sites html, there is no need to change your email address. An email address of someone0040somwhere002E 0043 004F 004D reads on your browser as someone@somwhere.com and if you add the mailto:(in unicode) in front of it you will send an email to someone@somwhere.com when you click the link.

#28 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 16 January 2003 - 10:54 PM

I didn't explain myself well; thanks for asking, Mel.

A lesson I learned the hard way a few months back...

Using a combination of unicode and javascript can work fine, but if you don't use the (unicoded) email address as your link text, you might run into a problem if the person visiting your site has javascript disabled, or if their browser isn't set up to call up their email program (which sometimes happens in corporate settings)

If I used "email@domain.com" as the address, and "contact me" as the link text, I might reduce spam, but I might get less visitors than I want.

<script language="JavaScript" type="text/javascript">

<!--

	var first = 'ma';

	var second = 'il';

	var third = 'to:';

	var address = 'email';

	var domain = 'domain.com';

	document.write('<a href="');

	document.write(first+second+third);

	document.write(address);

	document.write('@');

	document.write(domain);

	document.write('" title="send me mail">');

	document.write('contact</a>');

// -->

</script>

You're probably right in displaying the link text as the actual email address. In the situations I described above, at least a person can copy the address and paste it into their email.

I've also seen people recommend using a gif image of the email address as a link. Fortunately, spiders can't read those yet...

If anyone wants to try this at home, a nice little program that combines the two (which I used for the above example, rather that looking up the unicode myself) is at:

http://www.hivelogic.com/encoder/

Be warned though, it doesn't put your link text in unicode. You would have to tailor the script it produces slightly to do that.

Here are the unicode equivalents for upper and lower case letters and some symbols:

@ @ 

. . 

- - 

A A 

B B 

C C 

D D 

E E 

F F 

G G 

H H 

I I 

J J 

K K 

L L 

M M 

N N 

O O 

P P 

Q Q 

R R 

S S 

T T 

U U 

V V 

W W 

X X 

Y Y 

Z Z 

a a 

b b 

c c 

d d 

e e 

f f 

g g 

h h 

i i 

j j 

k k 

l l 

m m 

n n 

o o 

p p 

q q 

r r 

s s 

t t 

u u 

v v 

w w 

x x 

y y 

z z


#29 DianeV

DianeV

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 7216 posts

Posted 16 January 2003 - 11:42 PM

Actually, I agree with that the term "spam" can encompass not only multi-million email address UCE blasts, but more serious approaches from other businesses. Unfortunately, that is where we stand today.

And, yikes, Jill! That is a ridiculous amount of email; I cannot imagine having to pour through hundreds of emails to find the "real" ones.

A few comments.

I use MailWasher; aside from being able to filter, we've been getting 3-5 viruses per day, which I catch before they're ever downloaded. We also have a few websites, so with MailWasher, I'm able to monitor them for email without opening and closing email program(s) (as if one wants to do that all day!).

Although I love catchall email addresses, I removed all of ours a few months ago, and the spam lessened considerably. Jill, I think the intent of the "catchall" comment is that many of these bulk mailers use info@, webmaster@, etc. ... so if you have a catchall, you'll get these and anythingelse@yourdomain.com -- so it's a way of helping yourself.

I even changed the webmaster email addresses, so email to webmaster@anyofourdomains.com bounces. I figure if anyone wants to contact the webmaster that badly, they'll look at the site and find the email form. And, for our clients for whom we serve as webmaster (i.e., their webmaster@ email comes to us), I replaced the webmaster email address with email forms. This too cut down on the spam considerably.

But I do understand that your email address has been out there so long that there's not much you can do about it without jumping through some hoops, or asking clients (and potential clients) to do so. Mine (the info@) has too, and still is.

We also run a server, so I am able to block email from some domains, although, as was mentioned earlier, you can't assume that the "From" email address is the real one. Truthfully, I was more or less browbeat into moving from shared retail web hosting accounts to a server (or, actually, part of one), and the learning curve (what is this code? Unix? Apache?) was a bit stiff, but the hosting company keeps it all updated and has terrific techs; if I can learn it, anyone can. Now I could never go back. If this option were no longer open to me, I would go to a dedicated server.

Also, one of our clients asked that we convert all seven email addresses on his site to a form, which we were able to make look elegant. He now advises that (a) he gets less email but (B) that which he does get is more to the point and beneficial to him. Interesting, and quite the opposite of what I expected.

I am nearly ready to roll out our latest project (site), and am seriously considering going to email forms, or forms plus an image of the email address. Before it's too late.

#30 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 27 April 2003 - 09:30 PM

An update on this bounty for spam story.

It's getting closer to reality.

See the Mercury News article:

New weapon for spam: bounty
By Michael Bazeley
http://www.bayarea.c...ews/5722718.htm


One reason that I entered this here at the end of this thread was because I'm also interested in hearing an update from Diane, about her efforts documented above.

Do the forms seem to be working more effectively?

#31 DianeV

DianeV

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 7216 posts

Posted 27 April 2003 - 09:54 PM

We're still in production on that one.

However, I note that, even with DianeV.com, which has a couple of public email addresses, I would say that most email comes from people using our forms. With some of our clients, people use the webmaster email form rather than the company email address displayed on the pages.

On another note, I see in the logs for various sites that spammers attempt to access formmail.cgi or formmail.pl ... seemingly to test whether the formmail script is there at all. For those of you unfamiliar with formmail, (as far as I know) it's a .cgi script for use with online forms that allows you to email the user's input to an email address ... form mail.

Sometimes the spammer entries (in the logs) append his/her email address and ad copy (pretty gross stuff).

While I removed this script from the server (we use our own scripts), I have no idea how they are attempting to access formmail. My guess is via a browser. I am thinking of setting up a script named "formmail.cgi" that:

(a) detects the spammer's ISP and sends an abuse@isp.com email address containing the spammer's info as shown in the logs
(B) gives them a page showing their IP address and stating that it's been added to a list
© bounces them to fbi.gov

Devilish mood, I guess. I imagine I'd get a fair share of hate mail or attacks.

#32 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 27 April 2003 - 10:21 PM

It's good to hear that most of your mail is arriving via the forms.

As for responding to those looking for a formmail script, by all means, be careful.

People can sometimes elevate matters to the irrational level at the slightest provocation.

I think to some degree, that's why I'm a little apprehensive about the idea of "bounty hunters" for spam. If anything, that gives the web more of a "wild west" flavor rather than less of one.

#33 DianeV

DianeV

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 7216 posts

Posted 27 April 2003 - 10:39 PM

> irrational level.

True, and I've done nothing of the sort despite the occasional dreaming after seeing attempts to use our server to relay their, er, "marketing messages" for free. LOL

The issue here for us is that, with a number of websites on our server, using our bandwidth to check for formmail is not good for us. Doesn't benefit anyone else, either, since it's not there.

I do recall seeing a script that would add the IP address of anyone trying to access formmail directly to the list of blocked IPs. I believe it was in the viaVerio user forums. Ah, yes, here it is: http://forums.viaver...c.php?p=906#906

#34 bragadocchio

bragadocchio

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 15634 posts

Posted 27 April 2003 - 10:53 PM

That was a great post!


Following the thread, it looks like there is a limitation to the effectiveness of this approach -- if the length of the request to the formmail script is more than 400 characters.

But, it's still interesting, and worth considering.

#35 DianeV

DianeV

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 7216 posts

Posted 27 April 2003 - 10:58 PM

Yes, BigSleep is handy with the scripts, and a most helpful guy. :)

I'm sure you could strip out the stuff after formmail.pl, although I don't have the coding solution right here.

#36 DaveChild

DaveChild

    Honored One Who Served Moderator Alumni

  • Hall Of Fame
  • 3446 posts

Posted 28 April 2003 - 04:26 AM

Wow! Bounty hunters! Here comes the old problem again ... what happens if I run a mailing list? And you signed up for it (or agreed to have your address sold on to third parties, and I bought it as part of a batch, quite legally). And then you receive a mailing from me, and having forgotten that you signed up for it (or agreed to have your address sold), think it is spam.

At the moment, not much would happen. You'd delete the mailing or unsubscribe, and life would go on. But imagine if suddenly there was a way you could make a small fortune off me for my mailing? You'd hunt me down and report me as a spammer for the reward, though I have done nothing wrong - and there lies the first problem.

The second problem is that spammers are getting cleverer. They are starting (in the last six months at least) to use Trojans to send out spams, and that means that they are untracable. And tracking down a spammer may well lead you to a perfectly innocent netizen with poor security - who will then be landed with a huge fine, or at best an expensive court case trying to prove he had nothing to do with the spam. And of course, he probably won't even know a single thing about it until he gets a nasty letter demanding he pay a fine!

What I consider spam is not the same as what someone else considers spam. Sure, we can all pretty much agree that the emails offering me larger body parts or free porn are spam, but when you get into the greyer areas, people will start being seriously hurt by this kind of system, often when they have done nothing wrong - but find themselves being hunted down by a spam zealot anyway.

In principle, it's a good idea, but there are too many pitfalls. Personally, I think the future of spam prevention is in local filtering (no real other way to avoid false positives). After all, MSN, Yahoo and others are all developing Bayesian filters for their mail services. That means a huge percentage of people will no longer get the spam. And as has been said a few times before, if the return on spam goes down, it starts to become economically unviable. And that's their weakness. As soon as decent filtering becomes a widespread practice, spammers will go out of business.



RSS Feed

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users