| Author |
Message |
dad7732
RavenNuke(tm) Development Team
Joined: Mar 18, 2007
Posts: 1242
|
 Posted:
Wed Nov 03, 2010 1:45 pm |
|
Probably a fact of life but gonna post this anyway in the event that there "may" be a solution.
I use a specific unique email address for my sites for when users register they are sent an email with the registration activation link, etc. This email address is NOT used/posted anywhere else.
Recently I have had a slew of registrants from China that are registering but are not replying to the activation email.
Now I'm getting spam to this address that is originating in ... you guessed it .. China.
Disabling registration is not an option. Any ideas here other than changing the email address every week or so - which isn't a problem and "may" thwart getting on spam lists with the registration address. |
| |
|
|
|
PHrEEkie
Subject Matter Expert
Joined: Feb 23, 2004
Posts: 358
|
| Posted:
Wed Nov 03, 2010 3:43 pm |
|
Not sure there's much you can do besides the usual things like having a good email client with filters. I keep a gmail account and use it to retrieve mail from my other POP3 accounts. The spam filtering is top-notch and it's not something I really think about anymore. If you have to create and then trash a new email address every week, then you are doing a lot more work than I'd be willing to do. If you don't have a gmail address, get one and test it. There may be other viable choices, but Google tools are always state-of-the-art and up to date. Whatever you do, try to minimize your work load, not increase it = )
- Keith |
_________________
PHP - Breaking your legacy scripts one build at a time. |
|
|
|
|
dad7732
|
| Posted:
Wed Nov 03, 2010 4:29 pm |
|
Thanks, but I run my own servers - two - and both run Spamassassin. Filtering spam is not the problem, the email address being harvested and being listed on every spam list on the planet IS the problem. I've already removed the account in question and created another one for admin/registration purposes. We'll see how long it takes this time as I have unlimited email accounts available. I have methods in place to block (insert country) but unfortunately there are more IP addresses than there are blockers. 
Cheers |
| |
|
|
|
|
PHrEEkie
|
| Posted:
Wed Nov 03, 2010 10:06 pm |
|
I run my own production server too, also unlimited email addys.. not the point.
A few years back, I used to spend a considerable amount of time configuring spamassassin, boxtrapper, etc etc... and I realized that it would NEVER end, that there is never a point where you can stop for very long. You said:
>Now I'm getting spam to this address that is originating in ... you guessed it .. China
That leaves me wondering - is this spam that's getting by your spamassassin, or are you intentionally digging through it?
I'm just saying that I gave up CARING whether or not I get spam - that's a losing battle. No matter how little you use an email address, -eventually- you will end up with spam. What I realized was that I just didn't want to SEE IT anymore, and so after talking with a client of mine about it, he suggested gmail to me. It was actually many months later that I finally decided to give it a try, and I couldn't have been happier since. It literally solved the problem of me having to see the spam, and I don't have to constantly tweak filters (they do it for me, for free).
What I was pointing out is that gmail allows you to add external accounts that it will retrieve mail from, and also filter. There are of course options to leave a copy on the server or delete it. You can also send mail as those identities.
Look, for more than 10 years, I was a devoted (if not stupidly so) Outlook Express user, and faithfully added/maintained all my domain identities that way. I used the above server-side solutions, and in the end, was miserable with the outcome to labor ratio.
All that is gone, and has been gone for about 3 years now.
When you say:
>the email address being harvested and being listed on every spam list on the planet IS the problem.
nobody is going to solve that in the near future, much less probably our lifetime. You have to cull the solution from another angle.
Best,
- Keith |
| |
|
|
|
|
dad7732
|
| Posted:
Wed Nov 03, 2010 10:19 pm |
|
Thanks for the comments but my point is, even though I can deal with spam, I just don't need another batch to deal with. The spam coming in to that unique address was being flagged by SA and filtered to my spam mailbox.
Was just picking at a "maybe" solution but appears as there is none at the moment, didn't figure there was one short of a band-aid.
BTW: over the past week when this problem surfaced and after I applied a new admin address, my logs show that 500+ incoming mails to that address were rejected as "user unknown" 
Hopefully the best we can do is stay one meager step ahead. Doesn't take long for a harvested address to make it on several dozen lists.
Cheers |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Thu Nov 04, 2010 8:03 am |
|
I had a conversation with Montego about this a little while ago because it is something I was suspicious of myself and your post here adds more confirmation to my theory. Since M was working on the mailer functionality, I suggested it might be nice to have an optionally configurable 'noreply' email address - essentially a none existent email address.
This is not a case of Harvesting in the conventional sense (scanning websites for email addresses). The harvesting is being done from the registration email sent out when a user registers.
I didn't think it was a major problem because I didn't actually think very many people would go to the trouble of registering just to get your email address but clearly, over the last year, I seem to be seeing this more and more and, as you point out, once you are on one mailing list, it's only a matter of time before the flood gates open.
I actually had a medical company try to register but rejected the application and then got spam from them, so again, it seems to substantiate the type of harvesting being done.
The only thing you can do at the moment is just use account filtering to send emails to your 'admin' address to a blackhole.
NEVER use Box Trapper, there is a good chance your server will get accidentally blacklisted when Spam is sent to you from most major email providers like Gmail, Yahoo, Hotmail etc. |
| |
|
|
|
dad7732
|
| Posted:
Thu Nov 04, 2010 8:23 am |
|
Since most, if not all fraud type registrations come through Gmail, Yahoo or Hotmail, it's a simple matter to exclude those domains in the Users Administration/Limits section. Users who subscribe to those domains usually always have an valid ISP home address and if serious will use that instead. Just a tidbit to thwart those that are registering for harvest purposes. This only happens on my support site and if users are wanting to post to the forum then they'll register accordingly.
And no, I never use Box Trapper .. NEVER, like you mention.
Cheers |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Fri Nov 05, 2010 4:52 pm |
|
I had the same issue after I reported spam.Got spam from China, Russia etc. to my noreply email.
So at the end I gave up to report spam. I change my e-mails often and I also try to not use known addresse like admin@, info@, webmaster@ etc. |
| |
|
|
|
|
dad7732
|
| Posted:
Fri Nov 05, 2010 5:28 pm |
|
Since I use Sendmail, I may try it's email + feature, such as "myaddress+mysupportsite@mysite.com. Anyone harvesting that address "may" find it to be invalid and not be added and IF added to any mail lists then I know where it originated. I do this all the time on other sites where I order, participate in surveys and so on. So far I've only caught one major vendor providing my address to spam lists. I haven't tried it on any of my RN sites, it may not work, some don't with the + added feature. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
