Posted: Fri, 16th Jul 2004, 6:46am
Post 1 of 40
Spammers now have bots that routinely search pages for email addresses. You can use my Email Obfuscator to generate a disguised version of your email address that you can post on your web page.
Email Obfuscator converts it to decimal code that you can copy-and-paste into your HTML where you want to place your email address. I have tested the Email Obfuscator on both IE6 and Mozilla Firefox 0.9.2.
Posted: Fri, 16th Jul 2004, 1:22pm
Post 2 of 40
Posted: Fri, 16th Jul 2004, 1:36pm
Post 3 of 40
The internet is doomed now...
It will be impossible to stop spam.
They're going to have to invent some sort of code-based email service, where you need a unique code for the reciptent to send an email.
It's out of control...
Posted: Fri, 16th Jul 2004, 1:39pm
Post 4 of 40
At the company I work for, we've already done tests using this technique. Unfortunately it still results in spam, proof that email harvesters already know how to decrypt emails 'hidden' in this way.
Fun, but useless, sorry.
You could have also done it in about a zillion less lines of code
Last edited Fri, 16th Jul 2004, 2:14pm; edited 1 times in total.
Posted: Fri, 16th Jul 2004, 1:58pm
Post 5 of 40
Spam is part of the internet. Just delete it.
Posted: Fri, 16th Jul 2004, 2:08pm
Post 6 of 40
I've seen harvesters that will actually render a page then OCR it to parse all the addresses from it. This even defeats people who add their address as an image (like we do
). Basically if a human can read it off the page then its likely a spam bot will be able to as well.
One thing I hope to do in the future is build a bot trap. Basically have a link to a page that only a bot will find. Then when it accesses that page its IP will be blocked from the site for a while (or maybe redirected to a fake site with fake addresses to collect).
That might cut down on spam a little, but the best way is just to setup filtering when spam is received, something like SpamAssassin
does a good job at that.
Posted: Fri, 16th Jul 2004, 3:37pm
Post 7 of 40
Malone, do you happen to know why this happens...
I get hundreds of spam mails from my friends' email addresses.
It's not them - but bots have emailed spam disguised under their email address'
How does the whole email sending thing work anyway?
Are you saying it's possible to just make a programme that could send 10,000 emails from any disguised address to one address, or do you NEED an email provider to send emails?
Posted: Fri, 16th Jul 2004, 3:43pm
Post 8 of 40
All email has to go through an SMTP (simple mail transfer protocol) server.
Obviously if it can be detected that a particular computer is being used to send spam, then it can be closed down, but spammers operate on the fly. They either rely on deliberately hacked machines: giving them access to send email from someone elses server (getting the server owner in trouble, not them) or they rely on poorly configured servers which have been allowed to run as an open relay ie: not checking that the email being routed is being sent from the same box.
As soon as they are discovered, they move to another host.
Its further complicated by the fact that they also use questionnable hosts, who are either inept, or on the take. The result being that the machines spamming everyone never get shut down.
Email providors, such as your own ISP or hotmail etc...are administered well enough to not be an open relay, and usually only allow email to be sent by users on the same network ie. its subscribers. Sending spam doesn't need an email *providor* since almost any server machine comes with an smtp agent.
Posted: Fri, 16th Jul 2004, 3:48pm
Post 9 of 40
From working with Perl, I know it is possible to send email without having an email provider. They can probably disguise the email address however they want also.
I knew there were more advanced spam bots that would cut through my script like butter, but I thought it may keep away all but the most diligent.
Posted: Fri, 16th Jul 2004, 3:54pm
Post 10 of 40
Yeah, its quite easy to send spoofed mail from any machine. You can even open up a raw connection to the mail server and type the commands directly. One of the commands lets you set the FROM header, and you can pretty much type anything you want and the mail server will believe you. Which is why spammers and viruses can use any address they want.
This is quite a big problem and theres a new thing called SPF which tries to fix it. It lets you say where mail should be coming from. So I could say fxhome.com mail only comes from the fxhome server, then if a spammer tries to send fxhome mail from a different machine it will be rejected. Unfortunatly all the mail servers have to support this before it'll work 100%, but more people are starting to use it.
Posted: Fri, 16th Jul 2004, 8:13pm
Post 11 of 40
Malone you seem to be an expert on this subject...
Do you think that we will eventually be able to entirely prevent spam in the near future?
I'm sure that intelligent filter bots will come into play soon that will be able to detect spam emails correctly.
Posted: Fri, 16th Jul 2004, 9:37pm
Post 12 of 40
Sender policy framework seems to me to be the only likely 'solution' to spam, but thats still a while off and in the meantime bayesian filtering of emails will never have a 100% success rate. I'd suggest the only alternative for the time being is using ISPs/email clients with built-in spam filters: at least it'll cut down the amount you receive.
Posted: Sat, 17th Jul 2004, 3:34am
Post 13 of 40
Find and download "Spambayes". It's a free outlook express plugin. Takes a month or so to train it. I'm recieving far less spam now.
Posted: Sat, 17th Jul 2004, 9:17am
Post 14 of 40
You only receive spam if you sign up for things. E.g. wow! there's this site offering free pr0n if you give your email address which they will send their secret password to.
I have 5 email accounts now, & none of them receive spam. One of my accounts receives those annoying emails with attachments that I delete whenever I get them, but that's due to the inadequacies of an organisation's network. Feck, even my Hotmail account doesn't receive any spam - although you may count those Official Michael Douglas emails that I signed up for when I was a drunk as spam.
Posted: Sat, 17th Jul 2004, 9:36am
Post 15 of 40
I have a BT Broadband email, and everytime I START to receive new spam emails they stop coming within a week. I think BT have been taking spam email VERY seriously, because I hardly get it at all.
I have to say I think BTyahoo email is without a doubt the best email service I've ever used. The biggest mistake hotmail have made is that 'Bulk Mail,' contributes to your crappy 10MB limit.
My BT Broadband Email lets me have 20GB of inbox emails.
Posted: Sat, 17th Jul 2004, 10:18am
Post 16 of 40
Being carefull who you give your address to is a good way to not get spam like Mel says. I never put my address into random forms (I usually use a free mailinator
address instead). Having said that, I still get over 200 spam mails a day. The biggest problem is that we have to make our email addresses available on the fxhome site so people can contact us, and that unfortunatly lets spammers contact us as well.
The other problem is that we send and recieve lots of mail so we end up in lots of peoples address books. Then these people get viruses which read through the address book and send our address all over the net.
Even if I kept my email address secret from everyone, I would still get spam. We get spam bots that connect to our mail server and try hundreds of different random names. Eventually they hit upon "malone" and the spam flows through.
I dont think there will ever be a technical solution that will stop spam 100% without making the email system worse. The only time the spamming will stop is when the cost of spamming outweighs the gains for the spammer. Basically we have to stop idiots actually buying the spammers products.
Posted: Sat, 17th Jul 2004, 10:32am
Post 17 of 40
Are there any programmes you can download that act as search bots, which scan the net for spam bots?
Posted: Sat, 17th Jul 2004, 11:01am
Post 18 of 40
Well aside from the fact that "crawling" is totally legitimate and essential for search engines, if you could hypothetically tell that a particular bot had visited a page with the express intention of taking your email address (which you can't)...what exactly would you do when you'd found it? Report it? Thats as useless as reporting the spamming servers themselves - they just move on. Harvester bots can be run from even more machines than the bulk mailers themselves.
Posted: Sat, 17th Jul 2004, 11:54am
Post 19 of 40
I know you guys are going to hate me for saying this but, Hotmail actually has some nifty spam prevention technologies. My dad, who uses Yahoo! Mail, gets at least ~30 spam letters each week with very little use, whereas I get close to no spam. On average, within 6 months, I've only been able to see 1 spam letter in my mailbox (and this is the junk mail box I use to sign up for any subscription I see on the net).
MS has some neat technologies and I really don't care what anyone else has to say about it. Hotmail's really neat!
Posted: Sat, 17th Jul 2004, 12:21pm
Post 20 of 40
I never get ANY spam mail to my hotmail INBOX(s)
It all goes into the Bulk Mail, which them clogs up my space allowance as these spanish spammers send me attachments of 500kb each.
Posted: Sat, 17th Jul 2004, 1:48pm
Post 21 of 40
Well Hotmail is introducing more free storage space and larger attachment file sizes so it doesn't seem to be much of a problem anymore.
Posted: Sat, 17th Jul 2004, 2:00pm
Post 22 of 40
There isn't any 'neat MS technology' in hotmail, otherwise whatever tech there is would be bundled with outlook / outlook express by default. This isn't an anti-hotmail thing, this is just how it works.
MS use their own version of a spam assassin-like software, rating email and scoring it on its content, then giving it a spam/not-spam status as appropriate. This is how most bayesian filters work.
The important difference between hotmail and any other email providor is, i'd say, that hotmail users outnumber practically all other email services by at least 10:1.
As a result, the filtering process - which is usually done by setting threasholds on certain email attributes such as subject content, body presentation, header info - will be mind bogglingly quick to do. With so many millions of guinea-pig accounts at MS's disposal, when it comes to training filter software, its no surprise they manage to get rid of so much.
And for the record, Hotmail itself doesn't suck, so don't worry. Its technologically brilliant. Its more the reputation of its users being naive little children thats the problem.
Posted: Sat, 17th Jul 2004, 2:05pm
Post 23 of 40
Of all the e-mail providers I've tried in the past, Hotmail is still my favorite! Whether it's security of friendly user interface, MS (you have to admit) did a good job with their provider.
I kinda feel bad for AOL and at the same time don't for the recent news report of the disloyal employee and the new wave of spammers. AOL was my first e-mail provider. I still remember when my mailbox would be full of spam each day and I would always have trouble figuring out which e-mails are actually "wanted" emails.
But now I have Comcast!
Posted: Sat, 17th Jul 2004, 4:11pm
Post 24 of 40
Yeah, hotmail does a fairly decent job of blocking spam ([url=http://yro.slashdot.org/yro/04/05/05/1237245.shtml?tid=109&tid=111&tid=126&tid=187]
unless the spammers slip MS some cash[/url]). Although sometimes they do too good of a job;http://news.com.com/Hotmail+incinerates+customer+files/2100-1038_3-5226090.html
Personally I think its worth setting up your own mail server and sorting it out yourself. A personally tailored system with wipe the floor with any generic system. Obviously this isnt practical for everyone and can be a bit of a chore to maintain, but it depends how important your data is to you.
Posted: Sat, 17th Jul 2004, 4:35pm
Post 25 of 40
Still, however, people shouldn't be counting on the internet, much less technology, for everything. A life and death situtation should not be contingent upon digital means. But, if you do happen to constantly rely on technology, you should always create backups of your files. Whenever someone e-mails me, I always make sure that that e-mail is forwarded to at least 3 or 4 service providers in case of accidental deletion. Whenever I send files to my account at school, I make sure to bring those same files on a disk just in case.
There are many ways to protect your data so blaming it on a provider which YOU trust doesn't cut it, mostly for the fact that they are offering you FREE service. Of course that fee that was mentioned in the story about that other provider doesn't seem fair and at most possibly illegal.
Posted: Sat, 17th Jul 2004, 4:52pm
Post 26 of 40
thank you for that tangentialy-generic obvious information.
Posted: Sat, 17th Jul 2004, 4:53pm
Post 27 of 40
Posted: Sat, 17th Jul 2004, 4:53pm
Post 28 of 40
The problem with hotmail is that IF you FORGET your PASSWORD...
That's it... If you can't answer your secret question then you're stuck.
I spent weeks looking for some sort of contact number when I forgot the password to my origional hotmail account, and there's no support whatsoever.
If it happens with my BT... I can just ring them up and sort it out almost instantly.
Posted: Sat, 17th Jul 2004, 5:00pm
Post 29 of 40
How's that a problem? You forget your password and Hotmail gives you a second chance at signing in. They're certainly not going to waste their time with people constantly calling in, asking to reset their password. If it was something urgent, then you wouldn't sign up with hotmail in the first place much less forget the important credentials needed to sign in.
What would you want them to do, have them sent your password in e-mail?
Posted: Sat, 17th Jul 2004, 5:06pm
Post 30 of 40
I've just come up with the most genious solution to spam bots.
Create your email address as an IMAGE FILE, then just write
'you will need to manually enter the email address'
I use Msn Messenger mainly.
If I lost my password then I'd lose all my contacts for msn and it'd be tricky getting them back.
Posted: Sat, 17th Jul 2004, 5:10pm
Post 31 of 40
TAP2 wrote:I've just come up with the most genious solution to spam bots.
Create your email address as an IMAGE FILE, then just write
'you will need to manually enter the email address'
Like we do on our contacts page
? Doesnt work
I mentioned earlier that the advanced spam bots use OCR (Optical Character Recognition) so they can read a page as easily as a human can. You could make the font particually differcult to read with OCR but then your real viewers will start having trouble reading it as well.
Posted: Sat, 17th Jul 2004, 5:13pm
Post 32 of 40
(raises white flag)
Posted: Sat, 17th Jul 2004, 5:28pm
Post 33 of 40
If you really, really cared, you could create images that have blank hyperlinks, and have external scripts PASS the hyperlink value to that image via a RollOver function and reset the hyperlink on a MouseOut function. Then, all that's left would be to lockout the script file making it so that only the webpage would be able to open the file.
- OCR won't work because the e-mail addresses aren't loaded at first view of the page. They are loaded after and at the individual user's request
- Likewise, the addresses aren't listed anywhere in the html file so a bot would still not be able to pick out the address.
- (If done) Bot wouldn't be able to get into the file that contains the addresses
- If spyware is loaded on a client's machine, there would be no way to safeguard the addresses against it
Also, you could do what mostly every company does and create webforms that send the client's messages to a serverside script or server program which then e-mails the messages to the right people.
But, of course, the easiest thing would be to do Malone's idea and run your own e-mail server.
Posted: Sun, 18th Jul 2004, 12:54am
Post 34 of 40
On the topic of email providers, I use MyWay
, and I really like the service they provide.
Posted: Sun, 18th Jul 2004, 1:46pm
Post 35 of 40
Why does this look like Yahoo! Mail and GMAIL so much?
Posted: Sun, 18th Jul 2004, 1:53pm
Post 36 of 40
They meant for it to look like Yahoo! Mail so people would have a familiar interface to work with. Any similarities with GMAIL mean GMAIL copied the look of Yahoo!/MyWay. MyWay was providing its service long before GMAIL was released.
Posted: Sun, 18th Jul 2004, 10:32pm
Post 37 of 40
Yeah I now GMAIL definitely copied Yahoo mail's UI but what's the sudden obsession with it?
Posted: Mon, 26th Jul 2004, 3:58pm
Post 38 of 40
MS released an article about ways to fighting spam. The "munge" way seems like a neat way. Check it out here:http://www.microsoft.com/athome/security/spam/fightspam.mspx
Posted: Mon, 26th Jul 2004, 4:03pm
Post 39 of 40
pfft. If a spam harvester can turn hexidecimal character codes into decimal and can OCR a screenshot of a page just to get image-emails...it can sure as hell try a few permutations of numbers substituted for characters!
The ol' w4r3z talk has been around for over a decade and as far as 'munging' goes, thats probably the single-most obvious way of doing it.
Posted: Mon, 26th Jul 2004, 4:17pm
Post 40 of 40
Well, it's already been mentioned that spam cannot be prevented totally. Though, you can take precautionary measures against spam. These are just a few.