Email Spam

Legacy_user

You probably all get spam from various places on occasions. Quite alot of the time, they come from real web addresses, but are in fact either relayed emails, or are fake/pseudo email addresses.

Recently, there have been a number of spam emails from moneysavingexpert.com email addresses, with various content from "Mail System Violations" to "Returned Mail" with attachments. If you receive such emails, please treat them with caution.

We are unlikely to send anything with attachments. The following are the most common types emails we do officially send:

• Subscription/Unsubscription confirmations
• Abuse/forum related messages, answering questions/queries, etc
• Emails from Martin's Money Tips

Unforunately there is nothing we can do about these messages and we wanted to make you all aware of the potential danger.



~ MSE Team

Pat__3

Thanks William for the info.:)

loafer_2

This is a virus faking the sender domain or the whole sender address. Basicaly someone you know had the virus and the virus read their address book. Their are a ton of viruses that do this, and some even try and phone the addresses home by mail or other means.
Many these days also produce mail that looks like a bounce (called a fake bounce) or that is designed to bounce (they send them to addresses that don't exist and fake the from address so you get the bounce).

Free anti-spam tool (requires training but offers simple UI for it) : http://spambayes.sourceforge.net/windows.html

System

Indeed, however a lot of them these days crawl sites for email addresses. If you take a look at http://www.projecthoneypot.org the IPs there are from sites running the Honey Pot software, which catches spam harvesters crawling the sites

Tis a nice little tool

BaritoneUK

If anyone has to have their email address listed on a website then it is always best 'masking' it using javascript. You don't need to anything about javascript though- this website - http://innerpeace.org/escrambler.shtml scrammbles it for you. Neat I think!

sra

BaritoneUK wrote:

If anyone has to have their email address listed on a website then it is always best 'masking' it using javascript. You don't need to anything about javascript though- this website - http://innerpeace.org/escrambler.shtml scrammbles it for you. Neat I think!

There's another way to mask email addresses here.

But the more advanced version they mention puts a whole lot of extra code in the link to make an advert for themselves in the status bar - the basic one I've linked to doesn't

student100

It's quite likely that the methods that mask email addresses using character entities, javascript etc. can still be got around by clever spambots.

Two "nearly guaranteed to work but not as user friendly" methods include writing your email address as an image in the page (no link) - means the user has to write the address down/remember it then write it into their email program, or better, use a form-to-email script but one where the email address is stored in the server-side script rather than on the web page itself.

gromituk

Related to this is the advice in the email:

IMPORTANT FINAL NOTE. As always my final plea, if you like the site and it's saved you cash (remember it's free to us and free of ads). Please recommend friends and family join this tip's distribution list. Why not send a mass mailing to them? I'll smile and they'll save.

I think this should have a health warning attached, because it is a very bad idea to send out mass emails in the conventional way of putting everyone in the To: or Cc: field. It only requires ONE of the recipients to have some malware running on their machine for EVERYONE'S email address to be handed to the spammers. What you should do, instead, is address it to yourself only (it is a good idea to put something in the To: field to avoid confusing some systems) and put everyone else's address in the Bcc: (Blind Carbon Copy) field. (Some badly-designed email programs require you to fiddle about to enable this.) Then, everyone will get a copy of the email which was apparently sent to you, and will contain no-one else's address. This is also courteous for privacy reasons - you won't necessarily want your email address passed on to all the contacts of some friend of yours, virus or no.

What do you think?

(PS The first quoted sentence isn't a sentence and should have a comma at the end. :-)

Binxy

Sorry if this is innapropriate, or if I'm being cheeky/thick, but I thought this site might be of interest:

Anti Spam

Rather than me trying to explain something I barely grasp, this is from the home page:

The purpose of this page is to make it so that spammers who attempt to collect email addresses off the web through programs will not have real email addresses in their database, causing them trouble because they will have to clean out their list. This page has one hundred randomly generated email addresses (reload and new ones will appear). At the bottom of the page is a link to this page again, essentially reloading it for programs to collect more fake email addresses. Email collecting programs will be sent in an infinite loop by following the link at the bottom of the page and will get more and more fake email addresses stuck in their databases. This helps to place many invalid email addresses that won't help spammers (they will get more returned email ) and is our effort to FIGHT SPAM.

I Want To Help Out!

Want to help with the effort? When a spammer's program visits your web page, they will check all the pages that you link to for email addresses. So all you have to do is link to this page so that whenever a spammer's program scans your page, they will be sucked into this one.

Can someone inteligent/in charge tell me if it's OK for me to link to that site in my signature, and even if that's helpful or not? Thanks.......

tigermatt

I use a PHP script for e-mail forms - obviously the email address is now un-available to the spammers as they have no access to the scripts.

However, if this isn't an option, you can replace, for example, the @ (at), . (dot) and - (hyphen) etc. with their ASCII equivilent. Take a look over at http://ascii.cl/htmlcodes.htm - just do a simple page search for the character you are looking for and then replace this in the HTML code with the ASCII HTML. e.g. for @, use ampersand (&), then hash/square (#), then 64 then semi-colon (;) etc. This way, it makes it compatible with non-Javascript enabled browsers, although not entirely secure from the spam bots.

I consider the best option is to use PHP. In PHP use the [php]mail()[/php] function. See the PHP Manual here http://www.php.net/manual/en/function.mail.php for useful info on using this function.

----
Useful Links

PHP
PHP Manual (English) Home Page: http://www.php.net/manual/en/
PHP mail() function Manual (English) Page: http://www.php.net/manual/en/function.mail.php

ASCII
More information on ASCII: http://en.wikipedia.org/wiki/ASCII
ASCII HTML code lookup table: http://ascii.cl/htmlcodes.htm
Other ASCII Lookup Tables: http://www.ascii.cl/

Javascript Alternative
No-Spam-E-mail Script (Javascript Source): http://javascript.internet.com/miscellaneous/no-spam-e-mail.html Please note: You should change the three parts in the script you paste into the BODY to your email address

Please note: I am not responsible for any technical damage my help might cause - you use the information provided at your own risk. Neither myself or MoneySavingExpert.com are responsible for the content of external sites.