Ever had to register to buy online - and been PELTED with SPAM? Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not …
I also have my own domains, some I've had since 1998. I use a webhost that has greylisting. With greylisting any email from an invalid SMTP server gets deleted.
I also run MailWasher Pro 6.5.4 (the later versions are crap) which allows whitelists, blacklists, and custom filters. Best choice I ever made.
All in all, my spam has dropped from 500 a day to 30.
In other news, charities can be the worst. Ten years ago I donated to a disabled veterans charity, using a different middle initial and mispelled my last name (I refused to hand over my email). Soon I was getting flooded with phone calls, letters in the mail from cancer, children's, animal, indian, etc charities. Got worse with each year and didn't stop until I moved to another state.
Completely agree - especially when the validation message appears says "This is not a valid email address"! Go and read the RFC on valid email addresses before making up your own rules as to what is and what isn't a valid address. It's not exactly hard to create a regexp or similar to validate an address.
I had to update an email validation regex recently to avoid being unfair to a Mr O'Reilly and his apostrophe. Well at least he volunteered to use the test version to help test it before the main one went live, and told me about the bug so I could fix it. And that system has been in use every year for the last 8.
As it turns out, you are quite, quite wrong in your assertion that it is trivial to validate an email address with a regular expression. The regex to validate a RFC2822 compliant email address is as follows:
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
It's extra-ordinarily difficult to create a valid email regex see http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html
And when you do it's totally useless because to allow all the bizarre edge cases you end up having to allow so many genuine mistakes that there is no point.. "Abc\@def"@abc.com is valid
Fortunately I own my own domain, so any time I register with a company like Fred Bloggs and co. I put my e-mail address down as fred.bloggs.co.uk@mydomain which means that I can always tell where someone got my e-mail address from and then create a custom filter to file their stuff straight into the junk mail folder :-)
> these customised to each company email addresses give you a nice big fat stick to hit them with
Sadly they don't always believe you. The publishers of Avast! refused to accept responsibility when I started getting spam using the address I'd given for registration. They claimed it was probably a trojan on my system or else the email had been intercepted.
Clearly a security company that knows what it's doing. Not :-/
very similar to what I do plus my ISP allows me to add filters so that I can reject email from those idiots who sell my email address on to somebody else so that I never see them arrive.
I ALWAYS click the "no email" contact on all websites and it's interesting to see which ones flagrantly disregard this.
A few years ago I woke up one morning to an avalanche of spam to the email address I'd used on compare the market.com and not for their services either. They've been added to my filter list ever since and have never had my business again.
(gocompare don't get my business either, but that's because of that f**king annoying opera singer - the first time I heard the advert I said I wouldn't use them until they dropped it)
you haven't been watching the ads lately... gocompare not only 'dropped' the singer, but made a whole new range a few months ago, of various 'stars' getting various types of 'revenge' on him... keeps it amusing at least..
BTW, you do *know* that they DO NOT SELL insurance??? the hint is in their name.... :/
I'm glad you explained. For the past few weeks I've been perplexed by an ad that starts with some bloke* failing to switch on Christmas lights, then cuts to the opera singer being tortured. I couldn't work out how that was supposed to generate electricity.
* The context suggests that I should know who some bloke is, but I've no idea. This adds to my perplexity.
Had an old recording on TV yesterday, someone forgot to skip the adverts, I had to run across the room, (next room to TV) and I nearly kicked in my TV to shut it up.
Power switch was first thing to hand, I know I shouldn't do but it does have a 5 year warantee.
BTW they are on my permanent shit list along with 4 or 5 other companies.
Yep, I do the theirname@mydomain thing too. It's always fun to catch a genuine evil spammer or unscrupulous etailer who has sold on your details without asking, as opposed to the (relatively) innocent marketing spam from which you can unsubscribe. Funnily enough, whenever the former has happened and I've received some real lowlife spam to a unique address, the companies concerned have always claimed it was a malware-infected email server.
Another problem is people harvesting your paypal address. There's not much you can do about that since it pretty much needs to be static unless you're prepared to change it periodically. I get around that by having all emails which come in to my paypal address (apart from the ones coming from paypal itself) dumped in a folder of their own, from which messages over a month old are automagically purged. Each sender gets a one-time auto-response containing a generic "transaction acknowledged" message and warning that I am unlikely ever to read their email.
One of my favorite tricks to use in conjunction with some.company@mydomain is to scan the incoming address to check if it is actually coming from 'some company' and if it doesn't I automatically redirect it to something like customersupport@some.company. I've gotten some very cross emails but I almost never get spam on some.company.3@mydomain unless they run to their admin who sets up a filter on that end.
I have my own domain and always use a customised address for each company. I also always click the do not share my email address tickbox in the vain hope that companies might actually honour it. The worst offender I have ever dealt with is Thomson Fly. I once flew with them about 9 years ago and have since received a huge amount of unrelated crap addressed to tfly@ my domain. If I still lived in the UK I might consider a complaint to the data protection registrar, but a kill filter is a simpler option.
...that's if they even provide "do not contact" and/or "do not sell my details" tickboxes. SMBs are terrible for just harvesting (especially when you pay with PayPal) and expecting you to be ok with it. I've had some real idiots who refuse to acknowledge that people might get pissed off at that kind of behaviour. Even had one try to tell me her email wasn't spam ("because my shop actually exists").
Dude, could you please stop advertising this defense method? The only reason it works is because it's not popular. Two lines of code and the spamers can bypass this safety. The longer we can ride this train empty the farther we go. Yes I'm being selfish, but this is a war and I'm OK with not making my bunker a bigger target. Please...
> I achieve the same thing using a wildcard alias system ;)
I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated. That makes dictionary attacks painful to you and valuable to the spammer.
Far more effective IMO is to use an aliases file - allocate a fresh email address every time you give one out. If one gets abused, stub it out with a comment that it was abused. that way, the spam stops, and you've got a record of the abuse should you ever be tempted to deal with that company again.
Vic.
> I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated
No it's not quite like that. The wildcard has a specific format so it won't match just anything - there has to be a certain substring present. If you send an email to 'anyoldcrap@mydomain' it'll go straight in the bit bucket. Indeed I get several dozen attempts from spammers along those lines every day. It's basically the same set up as using '+' - you need to know the basic rule :)
I don't think the risk from exposing my strategy is very high. The spammers would still need to work out the substring I use and I can easily use a different one. Because it's a multi-part name it makes a dictionary attack far harder. I think one of them might actually have guessed the substring a few years ago. At least I started getting spam to it and I only ever used it for reminders. However they haven't twigged that it is substring so it doesn't matter much. I just blacklisted it.
If they twig how the wildcard works I'll just add a second substring. Or maybe a third. I bet it'd take a while for (example only) abc.321.zmd.<whatever> to be compromised :)
on Web Of Trust so the rest of us will know we don't want to do business with them. I will go out of my way to avoid a business with even a yellow rating, as spam is usually the problem with registering at that site. WOT is the most effective way we have to get even with these shoddy bunch!
I've got my own domain, so when I have to sign up in this way the email address I use is company-name@mydomain.com
If I start getting a load of spam then I just create a mail forwarding rule on my domain and point that address back at the contact email address for the relevant company.
"the sender can track when you have read the email"
And they seem to get quite distressed when you turn off image download and they can't. BT, British Gas and a whole load more dont seem to get that it is actually possible to open and read their mail without them knowing about it, and in some cases actually send more crap asking why you aren't reading their "newsletters". No wonder people think they're creepy.
Canada Post online tracking "works" that way but with the wrinkle that the headers for a plain text version are present but no plain text.
Thus if your email client is set up not to render HTML, you are s.o.l.
OTOH, given the extraordinary slowness of Canada Post and their unreliability (small parcels go missing with no trace), you couldn't really expect anything else.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
