Fed up with spam

[Avium]

Hello all,

 

Recently, the amount of spam that I've been receiving has been increasing, and there are days when the spam mail exceeds the amount of order emails. This is causing me a lot of lost time deleting and reporting them to SpamCop (yes, I am anti-spam - I report all my spam to Spamcop).

 

I noticed thaat 95% of the spam comes in through my store email address, and since this email address I don't make available elsewhere, I assume that there must be someone spidering it directly from my website.

 

If I may ask, has anyone written any mods to block off these email harvesting bots? I've looked at the contribution 'SpamFighter', but somehow I can't get it to work.

 

My OSC version is V2.2, MS2.

 

Any advice or help will be appreciated!

[♥Vger]

It's too late now to encrypt your email addresses, as they're already on some spammers database. And if you elect via the admin panel to 'block spiders' then that'll block google and dmoz also - not good! The best thing is to install something like Spam Assassin, so that the spam gets tagged on the way in. You can then either elect for Spam Assassin to delete everything it tags with (?Spam), or you can set your computers e-mail program to delete anything with that in the subject line.

 

Another alternative is to drop new .htaccess files into your web, and list all those good spiders that you do want to allow in, which, by default, will block all of the bad spiders you don't want to get in. But be careful, this will be a long list because you'll also have to include all search engines that you're happy to send people to you, which wil exclude any you don't list.

 

Vger

[wizardsandwars]

There are a couple of things we've been doing to try to cut down on the spam we receive.

 

First, never, ever put your email address directly on your website, or anywhere else for that matter. Instead, always put a link to your contact us page.

 

Second, set up a special email address especially for outside your store use. And when the spam becomes unbearable, change it.

 

Third, always use an email address that would be impossible to guess. don't sue "sales@yourdomain" or "support@yourdomain" or "webmaster@yourdomain" as these email addresses are often randomly spammed.

[Jack_mcs]

If I may ask, has anyone written any mods to block off these email harvesting bots? I've looked at the contribution 'SpamFighter', but somehow I can't get it to work.

Here's an easy to install contribution I added -> Email Encoder. It should prevent harvesting since they do not currently try to decode such strings.

 

Jack

[stevel]

The simple thing I do is to replace @ in the address with & #64; (no space after the & - I can't get it to appear properly in this message.) This seems to stop the spam spiders cold. Sure, they COULD look for it, but they don't bother to, according to a study I read which compared various ways of hiding addresses.

[Guest]

if you receive mail via your server, then install spamassassin, it works well

[AlanR]

I've just become resigned to the spam. As much as you try to beat it these guys will come up with something else.

 

I just delete it now and I never use pop accounts, only webmail so I don't download all the junk.

 

I'm more bothered by the people who send spam using my domains for fake addresses. It comes and goes, they seem to work lists. They'll grab a domain name, use it for a while then go on to the next. In one case I'd hardly had a name registered for a week and I was getting bounce messages and I never even set up a mail account for the name, just a forwarder! In that case it hardly mattered to me, it was a hyphen version that I bought to stop anyone else from getting it. I did set up a "catch" page telling anyone who visited to blame the spammers, not me.

 

I do own some interesting domain names, I can see why they glom them. :P

 

I'm more worried that mail from my domains will end up on spam lists through no fault of my own.

[wvmlt]

I'm more worried that mail from my domains will end up on spam lists through no fault of my own.

 

Exactly because then you'll be listed as a spammer and spam blocker programs will start catching what you send. I had a similar situation where I was getting bounced emails that I never sent.

[Avium]

First, never, ever put your email address directly on your website, or anywhere else for that matter. Instead, always put a link to your contact us page.

 

Second, set up a special email address especially for outside your store use. And when the spam becomes unbearable, change it.

 

Third, always use an email address that would be impossible to guess. don't sue "sales@yourdomain" or "support@yourdomain" or "webmaster@yourdomain" as these email addresses are often randomly spammed.

I don't list my email anywhere on the website, in fact, the only place where you can possibly find my email is through the 'contact us' page (and even then it's hidden - it's not visible on the page per se). I'm suspecting that the spiders got it from there because that is the only place where it can possibly be found.

 

I'm quite careful with giving out that email - it is a strictly store email, so it doesn't travel much in cyberspace because I don't even hand it out voluntarily. But I do use it on namecards, but I don't think this is an issue since I've been getting spam from the same guys even before I started handing them out.

 

What I find terribly annoying is the fact that I keep getting spam about the exact same thing - some stupid offer of predesigned logos. Each time I report it to Spamcop, it clears off for a while, then it starts back up again. It's plain awful. I don't really get new spam much - usually once I report them they are gone. Just a few that never seem to die off.

 

Jack - thanks for the link. I'm going to check out that mod right now!

[Harald Ponce de Leon]

The contact us page can be improved with the following contribution:

 

http://www.oscommerce.com/community/contributions,859

 

It keeps track of email communication in the database, where a customer can start the initial communication through a web based form instead of directly via email (where an email address would normally be shown).

[AlanR]

What I find terribly annoying is the fact that I keep getting spam about the exact same thing - some stupid offer of predesigned logos. Each time I report it to Spamcop, it clears off for a while, then it starts back up again. It's plain awful. I don't really get new spam much - usually once I report them they are gone. Just a few that never seem to die off.

I've gotten hundreds of those. I've probably got some waiting for deletion right now. I own 20+ names and any of them that I've set up email on forward to one general purpose email account. It's like a funnel for spam.

[sam6]

Read this it may help