bellgamin
05-15-2004, 03:52 PM
Following is quoted from a forum I sometimes visit...
Client-
I just about had it with SPAM, even with SPAM Assasin.
I'd like to close my main email account (take it off the web site and replace it by a form with the -new- adress embedded on the secure formmail program) and be able to send an autoresponse telling the user that the address is no longer in use and that they should use the contact forms on the web site instead.
I have tried a combination of an autoresponder and :blackhole: but i have not been able to make it work.
Any ideas?
^^^^^^^^^^^^^
TechSpt
When you do that, be sure the email address is in the formmail program and not the webpage at all.
I suggest setting the To: Bcc: and CC: within the formmail script you use ( if not using either of them set to "" )
Also another good suggestion is to always rename your formmail script to something other than formmail ( typically don't put form or mail in it.. and name the name of your pet or something you like )
The above things, will help protect you from harvesters and also those that would try and find a loop hole in your scripts, so they can spam from your site.
The easiest thing would be, set the default address to :Blackhole: and then setup a autoresponder on the email address you choose.
That will send any email not specifically addressed to one of the email accounts you have setup or a forwarder setup for it, to be deleted.
Also, after a while, you should turn off the auto-responder, so that the loop will stop.. cause if you get alot of spam, it will leave lots of junk email on the server, that cannot be sent ( most of which will be returned to your default email address [ i.e. the one that is the same as you cpanel login ])
Hope that helps some.
^^^^^^^^^^^
Client-
Could you not just encode the email address on the site so that webots and the like cannot read it?
^^^^^^^^^^^
TechSpt
There is almost no way to hide it any more, without putting it into your formmail script itself... ( which is also a much safer way to do it, as then if someone tries to redirect your script to send spam, it can not, as the TO, CC: and Bcc: are hard coded into your scripts.. )
That also helps protect you, from getting your account suspended ( or terminated ) for spamming, as you are responsable for the scripts you put on your site.
^^^^^^^^^^
Client
You guys obviously know more than me but is encoding the e-mail address and mailto tag no good then?
^^^^^^^^^
TechSpt
Encoding it on a plain HTML document isn't always good enough. A lot of SPAM bots have become smart enough to detect the encoding and then decode it. Using formmail is the best way (PHP is the best here, also) as they can't crack into the source of the formmail script without having access to download the file (unparsed - requires FTP access).
^^^^^^^^^
Client
Would you enlighten me about this formmail program or point me in the right direction to find out more please.
^^^^^^^^^
TechSpt
You can find many PHP variations of it here:
http://php.resourceindex.com/Complete_Scripts/Form_Processing/
^^^^^^^^^
A different client
I read the following on another forum that I frequent: thought it may be of interest.
"What you could do to avoid your e-mail address being picked up by bots and crawlers visiting any web page with it on is split it into fragements and then write it to the page client-side using a snippet of javascript like this:
<script language="javascript" type="text/javascript">
var atsign = '\@';
var mail = 'mailto:';
document.write ('<a class=topmenu href='+mail+'info');
document.write (''+atsign+'yourdomain.co.uk');
document.write ('>info'+atsign);
document.write ('listangels.co.uk<');
document.write ('/a>');
</script>
"
------
" if I were hiding things like that, I'd perhaps be inclined to obscure the construction of the var mail='mailto:', and not use a variable whose name is readily mail-related.
var m2='lto'; var m1='mai'; var m3=':'; var m0=m1+m2+m3;
"
^^^^^^^^^
TechSpt
Even that does not fool them all... I know a few that can still pick that up. ( what they do, is actually execute the code of the script, and then pick it up ) sneaky way to do it, but it works.
Those harvesters, have gotten smarter and smarter...
As more people try to avoid getting found by them, the more they have to tweak the harvester, to get them...
There is supposed to be one that can read email addy from Flash files now ( how we hid ours for a good while )
I will stay say, a form on the site without your email address anywhere on it, and havig it within the code of the formmail is the only true safe way.
^^^^^^^^^
TechSpt guy #2
Yes, that is true. They can't read files that execute on server side so that is why formmails are so nice...all server side (PHP and CGI - though CGI sometimes has security issues and that's why we recommended PHP).
^^^^^^^^^
Client
Can you suggest a way to close an account but letting the sender know that the address has changed (i guess i will change "webmaster" to "master" or something, so i could just have a text explanation without actually showing the new email (ie. "remove the word web from the address" or something like that).
^^^^^^^^^
TechSpt
Delete the account and setup an auto-responder on the email address.
Client-
I just about had it with SPAM, even with SPAM Assasin.
I'd like to close my main email account (take it off the web site and replace it by a form with the -new- adress embedded on the secure formmail program) and be able to send an autoresponse telling the user that the address is no longer in use and that they should use the contact forms on the web site instead.
I have tried a combination of an autoresponder and :blackhole: but i have not been able to make it work.
Any ideas?
^^^^^^^^^^^^^
TechSpt
When you do that, be sure the email address is in the formmail program and not the webpage at all.
I suggest setting the To: Bcc: and CC: within the formmail script you use ( if not using either of them set to "" )
Also another good suggestion is to always rename your formmail script to something other than formmail ( typically don't put form or mail in it.. and name the name of your pet or something you like )
The above things, will help protect you from harvesters and also those that would try and find a loop hole in your scripts, so they can spam from your site.
The easiest thing would be, set the default address to :Blackhole: and then setup a autoresponder on the email address you choose.
That will send any email not specifically addressed to one of the email accounts you have setup or a forwarder setup for it, to be deleted.
Also, after a while, you should turn off the auto-responder, so that the loop will stop.. cause if you get alot of spam, it will leave lots of junk email on the server, that cannot be sent ( most of which will be returned to your default email address [ i.e. the one that is the same as you cpanel login ])
Hope that helps some.
^^^^^^^^^^^
Client-
Could you not just encode the email address on the site so that webots and the like cannot read it?
^^^^^^^^^^^
TechSpt
There is almost no way to hide it any more, without putting it into your formmail script itself... ( which is also a much safer way to do it, as then if someone tries to redirect your script to send spam, it can not, as the TO, CC: and Bcc: are hard coded into your scripts.. )
That also helps protect you, from getting your account suspended ( or terminated ) for spamming, as you are responsable for the scripts you put on your site.
^^^^^^^^^^
Client
You guys obviously know more than me but is encoding the e-mail address and mailto tag no good then?
^^^^^^^^^
TechSpt
Encoding it on a plain HTML document isn't always good enough. A lot of SPAM bots have become smart enough to detect the encoding and then decode it. Using formmail is the best way (PHP is the best here, also) as they can't crack into the source of the formmail script without having access to download the file (unparsed - requires FTP access).
^^^^^^^^^
Client
Would you enlighten me about this formmail program or point me in the right direction to find out more please.
^^^^^^^^^
TechSpt
You can find many PHP variations of it here:
http://php.resourceindex.com/Complete_Scripts/Form_Processing/
^^^^^^^^^
A different client
I read the following on another forum that I frequent: thought it may be of interest.
"What you could do to avoid your e-mail address being picked up by bots and crawlers visiting any web page with it on is split it into fragements and then write it to the page client-side using a snippet of javascript like this:
<script language="javascript" type="text/javascript">
var atsign = '\@';
var mail = 'mailto:';
document.write ('<a class=topmenu href='+mail+'info');
document.write (''+atsign+'yourdomain.co.uk');
document.write ('>info'+atsign);
document.write ('listangels.co.uk<');
document.write ('/a>');
</script>
"
------
" if I were hiding things like that, I'd perhaps be inclined to obscure the construction of the var mail='mailto:', and not use a variable whose name is readily mail-related.
var m2='lto'; var m1='mai'; var m3=':'; var m0=m1+m2+m3;
"
^^^^^^^^^
TechSpt
Even that does not fool them all... I know a few that can still pick that up. ( what they do, is actually execute the code of the script, and then pick it up ) sneaky way to do it, but it works.
Those harvesters, have gotten smarter and smarter...
As more people try to avoid getting found by them, the more they have to tweak the harvester, to get them...
There is supposed to be one that can read email addy from Flash files now ( how we hid ours for a good while )
I will stay say, a form on the site without your email address anywhere on it, and havig it within the code of the formmail is the only true safe way.
^^^^^^^^^
TechSpt guy #2
Yes, that is true. They can't read files that execute on server side so that is why formmails are so nice...all server side (PHP and CGI - though CGI sometimes has security issues and that's why we recommended PHP).
^^^^^^^^^
Client
Can you suggest a way to close an account but letting the sender know that the address has changed (i guess i will change "webmaster" to "master" or something, so i could just have a text explanation without actually showing the new email (ie. "remove the word web from the address" or something like that).
^^^^^^^^^
TechSpt
Delete the account and setup an auto-responder on the email address.